From 8645c98786985bed9a04828b88dac93b5947ce9d Mon Sep 17 00:00:00 2001
From: pat-s <patrick.schratz@gmail.com>
Date: Sat, 1 Apr 2023 10:08:15 +0200
Subject: [PATCH] sign helm release

---
 .drone.yml | 159 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 83 insertions(+), 76 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 93098ca..577e51f 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,63 +1,63 @@
----
-kind: pipeline
-type: docker
-name: lint
+# ---
+# kind: pipeline
+# type: docker
+# name: lint
 
-platform:
-  os: linux
-  arch: arm64
+# platform:
+#   os: linux
+#   arch: arm64
 
-steps:
-  - name: helm lint
-    pull: always
-    image: alpine:3.17
-    commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-      - helm lint
+# steps:
+#   - name: helm lint
+#     pull: always
+#     image: alpine:3.17
+#     commands:
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
+#       - helm lint
 
-  - name: helm template
-    pull: always
-    image: alpine:3.17
-    commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-      - helm dependency update
-      - helm template --debug gitea-helm .
+#   - name: helm template
+#     pull: always
+#     image: alpine:3.17
+#     commands:
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
+#       - helm dependency update
+#       - helm template --debug gitea-helm .
 
-  - name: helm unittests
-    pull: always
-    image: alpine:3.17
-    commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash
-      - helm plugin install https://github.com/helm-unittest/helm-unittest
-      - helm dependency update
-      - make unittests
+#   - name: helm unittests
+#     pull: always
+#     image: alpine:3.17
+#     commands:
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash
+#       - helm plugin install https://github.com/helm-unittest/helm-unittest
+#       - helm dependency update
+#       - make unittests
 
-  - name: verify readme
-    pull: always
-    image: alpine:3.17
-    commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git
-      - make readme
-      - git diff --exit-code --name-only README.md
+#   - name: verify readme
+#     pull: always
+#     image: alpine:3.17
+#     commands:
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git
+#       - make readme
+#       - git diff --exit-code --name-only README.md
 
-  - name: yaml lint
-    pull: always
-    image: cytopia/yamllint:alpine-1
-    commands:
-      - yamllint -f colored .
+#   - name: yaml lint
+#     pull: always
+#     image: cytopia/yamllint:alpine-1
+#     commands:
+#       - yamllint -f colored .
 
-  - name: discord
-    pull: always
-    image: appleboy/drone-discord:1.2.4
-    environment:
-      DISCORD_WEBHOOK_ID:
-        from_secret: discord_webhook_id
-      DISCORD_WEBHOOK_TOKEN:
-        from_secret: discord_webhook_token
-    when:
-      status:
-        - changed
-        - failure
+#   - name: discord
+#     pull: always
+#     image: appleboy/drone-discord:1.2.4
+#     environment:
+#       DISCORD_WEBHOOK_ID:
+#         from_secret: discord_webhook_id
+#       DISCORD_WEBHOOK_TOKEN:
+#         from_secret: discord_webhook_token
+#     when:
+#       status:
+#         - changed
+#         - failure
 
 ---
 kind: pipeline
@@ -70,40 +70,47 @@ platform:
 
 trigger:
   event:
-    - tag
+    - push
 
 steps:
   - name: generate-chart
     pull: always
     image: alpine:3.17
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
     commands:
       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
       - apk add --no-cache curl
+      - apk add --no-cache gnupg
+      - gpg --import $GPGSIGN_KEY --passphrase $GPGSIGN_PASSPHRASE
       - helm dependency update
-      - helm package --version "${DRONE_TAG##v}" ./
+      - helm package --sign --key 'Gitea' --keyring ~/.gnupg/secring.gpg --version "${DRONE_TAG##v}" ./
       - mkdir gitea
       - mv gitea*.tgz gitea/
       - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml
       - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
 
-  - name: upload-chart
-    pull: always
-    image: plugins/s3:latest
-    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
-      access_key:
-        from_secret: aws_access_key_id
-      secret_key:
-        from_secret: aws_secret_access_key
-      source: gitea/*
-      target: /charts
-      strip_prefix: gitea/
+  # - name: upload-chart
+  #   pull: always
+  #   image: plugins/s3:latest
+  #   settings:
+  #     acl:
+  #       from_secret: aws_s3_acl
+  #     region:
+  #       from_secret: aws_s3_region
+  #     bucket:
+  #       from_secret: aws_s3_bucket
+  #     endpoint:
+  #       from_secret: aws_s3_endpoint
+  #     path_style:
+  #       from_secret: aws_s3_path_style
+  #     access_key:
+  #       from_secret: aws_access_key_id
+  #     secret_key:
+  #       from_secret: aws_secret_access_key
+  #     source: gitea/*
+  #     target: /charts
+  #     strip_prefix: gitea/