Skip to content

chore(deps): pin workflows to release after testing (#121) #81

chore(deps): pin workflows to release after testing (#121)

chore(deps): pin workflows to release after testing (#121) #81

name: Build Fizzbuzz Chart
on:
pull_request:
# Ignore PRs on branches specifically intended for other assets
branches-ignore:
- '*/controller-container*'
- '*/trino-container*'
- '*/fizzbuzz-crds-chart*'
# Only consider PRs that change files for this asset, including ci scripts
paths:
- '.github/workflows/fizzbuzz-chart.yaml'
- 'charts/fizzbuzz/**'
# Make sure all workflows that are "required checks" for a given
# branch protection rule have the same paths: and branches-ignore:
# filters. Otherwise, you can end up in a deadlock waiting on a
# required check that will never be executed.
push:
# Only release off of release and maintenance branches for this asset
branches:
- 'maintenance/fizzbuzz-chart/[0-9]+.x.x'
- 'maintenance/fizzbuzz-chart/[0-9]+.[0-9]+.x'
- 'main'
# Only consider pushes that change files for this asset, including ci scripts
paths:
- '.github/workflows/fizzbuzz-chart.yaml'
- 'charts/fizzbuzz/**'
permissions:
contents: write
pull-requests: write
actions: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Cancel early on pull requests if new commits are added,
# Don't cancel on release pushes
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
# Job name must be unique across repo to target
# branch protection rules "required checks" properly!
fizzbuzz-chart:
uses: SwanseaUniversityMedical/workflows/.github/workflows/[email protected]
with:
job-name: fizzbuzz-chart
comment-pr: "true"
comment-release: "true"
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-project: ${{ vars.HARBOR_PROJECT }}
registry-repo: fizzbuzz
release-tag-format: 'v${version}-fizzbuzz-chart'
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
chart: charts/fizzbuzz
test-command: |
helm template $CHART --debug
secrets:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}