name: Release Helm Chart on: push: branches: - main paths: - "helm-charts/bifrost/**" - ".github/workflows/helm-release.yml" workflow_dispatch: permissions: contents: write jobs: release: runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 with: egress-policy: block allowed-endpoints: > api.github.com:443 get.helm.sh:443 github.com:443 maximhq.github.io:443 proxy.golang.org:443 release-assets.githubusercontent.com:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443 - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 with: version: v4.0.0 - name: Set up Go uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "1.26.2" - name: Run chart-testing (lint) run: | helm lint helm-charts/bifrost - name: Validate Helm templates run: | chmod +x .github/workflows/scripts/validate-helm-templates.sh .github/workflows/scripts/validate-helm-templates.sh - name: Validate Helm config fields run: | chmod +x .github/workflows/scripts/validate-helm-config-fields.sh .github/workflows/scripts/validate-helm-config-fields.sh - name: Validate Go ↔ config.schema.json ↔ helm-chart sync (schemasync) run: | chmod +x .github/workflows/scripts/validate-schema-sync.sh .github/workflows/scripts/validate-schema-sync.sh - name: Get chart version id: chart-version run: | VERSION=$(grep '^version:' helm-charts/bifrost/Chart.yaml | awk '{print $2}') echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Chart version: $VERSION" - name: Check if release exists id: check-release run: | if gh release view "helm-chart-v${{ steps.chart-version.outputs.version }}" &>/dev/null; then echo "exists=true" >> $GITHUB_OUTPUT else echo "exists=false" >> $GITHUB_OUTPUT fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Package Helm chart run: | cd helm-charts helm package bifrost - name: Create GitHub Release if: steps.check-release.outputs.exists == 'false' run: | cd helm-charts gh release create "helm-chart-v${{ steps.chart-version.outputs.version }}" \ bifrost-${{ steps.chart-version.outputs.version }}.tgz \ --title "Helm Chart v${{ steps.chart-version.outputs.version }}" \ --notes "Helm chart release for Bifrost v${{ steps.chart-version.outputs.version }}" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Helm repository index run: | cd helm-charts # Download existing index if it exists curl -sLO https://maximhq.github.io/bifrost/helm-charts/index.yaml || true # Merge with new chart only if index.yaml exists if [ -f index.yaml ]; then helm repo index . --url https://github.com/maximhq/bifrost/releases/download/helm-chart-v${{ steps.chart-version.outputs.version }} --merge index.yaml else helm repo index . --url https://github.com/maximhq/bifrost/releases/download/helm-chart-v${{ steps.chart-version.outputs.version }} fi - name: Deploy to GitHub Pages uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/v1.5.0' with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./helm-charts destination_dir: helm-charts keep_files: false enable_jekyll: false user_name: "github-actions[bot]" user_email: "github-actions[bot]@users.noreply.github.com"