diff --git a/.github/workflows/release-helm-chart.yaml b/.github/workflows/release-helm-chart.yaml index b2137e2..9858d1a 100644 --- a/.github/workflows/release-helm-chart.yaml +++ b/.github/workflows/release-helm-chart.yaml @@ -25,9 +25,14 @@ jobs: ref: ${{ github.ref }} fetch-depth: 0 + - name: Configure GPG Key + run: | + echo -n "$GPG_SIGNING_KEY" | base64 -d | gpg --import + env: + GPG_SIGNING_KEY: ${{ secrets.HELM_CHARTS_SIGNING_KEY }} + - name: Package Helm Chart run: | - GPG_KEYRING_BASE64=${{ secrets.HELM_CHARTS_SIGNING_KEY }} \ GPG_KEY_UID="Kuadrant Development Team" \ make helm-package diff --git a/make/helm.mk b/make/helm.mk index 6728785..35301ac 100644 --- a/make/helm.mk +++ b/make/helm.mk @@ -37,18 +37,18 @@ helm-upgrade: $(HELM) ## Upgrade the helm chart # Upgrade the helm chart in the cluster $(HELM) upgrade $(CHART_NAME) $(CHART_DIRECTORY) -# GPG_KEY_UID: substring of the desired key's uid, the name or email -GPG_KEY_UID ?= 'Kuadrant Development Team' -# GPG_KEYRING_BASE64: the gpg keyring base64 encoded -GPG_KEYRING_BASE64 ?= - .PHONY: helm-package -helm-package: $(HELM) ## Package the helm chart and GPG sign it - # Store the key - mkdir -p .gpg - echo $(GPG_KEYRING_BASE64) | base64 -d > .gpg/kuadrantsecring.gpg #storing base64 GPG key into keyring +helm-package: $(HELM) ## Package the helm chart # Package the helm chart - $(HELM) package --sign --key $(GPG_KEY_UID) --keyring .gpg/kuadrantsecring.gpg $(CHART_DIRECTORY) + $(HELM) package $(CHART_DIRECTORY) + +# GPG_KEY_UID: substring of the desired key's uid, the name or email +GPG_KEY_UID ?= 'Kuadrant Development Team' +# The keyring should've been imported before running this target +.PHONY: helm-package-sign +helm-package-sign: $(HELM) ## Package the helm chart and GPG sign it + # Package the helm chart and sign it + $(HELM) package --sign --key $(GPG_KEY_UID) $(CHART_DIRECTORY) # GitHub Token with permissions to upload to the release assets HELM_WORKFLOWS_TOKEN ?=