From 07aa087a1942aac79dc04ec41a25a9c2b094ac4b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 15:06:56 +0200 Subject: [PATCH 1/3] feat(github): Introduce chart signing (#2040) Signed-off-by: Marco Kilchhofer --- .github/configs/cr.yaml | 8 +++++++- .github/workflows/publish.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index 01fdbe0c..a0d425dc 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -1,2 +1,8 @@ ## Reference: https://github.com/helm/chart-releaser -index-path: "./index.yaml" \ No newline at end of file +index-path: "./index.yaml" + +# PGP signing +sign: true +key: Argo Helm maintainers +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e104fde2..58d7d22d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -38,6 +38,22 @@ jobs: run: | git checkout origin/gh-pages index.yaml + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + - name: Run chart-releaser uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 with: From 8c295d3344dd4c09ef9c8f7b7d8e32b94250ef0b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 15:49:32 +0200 Subject: [PATCH 2/3] feat(argo-cd): Introduce chart signing (#2042) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dd40f29b..12a1f5f0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.32.1 +version: 5.32.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -22,6 +22,9 @@ dependencies: repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Enable to customize Service type of applicationset-controller + description: Introduce chart signing From 887f68adb1d8ab3f2a767c99a3f46618faee112b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 16:20:51 +0200 Subject: [PATCH 3/3] feat(argo-workflows): Introduce chart signing (#2044) Signed-off-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0933c3d5..066adfa0 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.4 +version: 0.26.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -12,6 +12,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create clusterWorkflowTemplates CRD only when enabled in Helm values. + - kind: added + description: Introduce chart signing