sign helm release

.drone.yml

@@ -1,63 +1,63 @@
----
+# ---
-kind: pipeline
+# kind: pipeline
-type: docker
+# type: docker
-name: lint
+# name: lint
 
-platform:
+# platform:
-  os: linux
+#   os: linux
-  arch: arm64
+#   arch: arm64
 
-steps:
+# steps:
-  - name: helm lint
+#   - name: helm lint
-    pull: always
+#     pull: always
-    image: alpine:3.17
+#     image: alpine:3.17
-    commands:
+#     commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-      - helm lint
+#       - helm lint
 
-  - name: helm template
+#   - name: helm template
-    pull: always
+#     pull: always
-    image: alpine:3.17
+#     image: alpine:3.17
-    commands:
+#     commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-      - helm dependency update
+#       - helm dependency update
-      - helm template --debug gitea-helm .
+#       - helm template --debug gitea-helm .
 
-  - name: helm unittests
+#   - name: helm unittests
-    pull: always
+#     pull: always
-    image: alpine:3.17
+#     image: alpine:3.17
-    commands:
+#     commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash
-      - helm plugin install https://github.com/helm-unittest/helm-unittest
+#       - helm plugin install https://github.com/helm-unittest/helm-unittest
-      - helm dependency update
+#       - helm dependency update
-      - make unittests
+#       - make unittests
 
-  - name: verify readme
+#   - name: verify readme
-    pull: always
+#     pull: always
-    image: alpine:3.17
+#     image: alpine:3.17
-    commands:
+#     commands:
-      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git
+#       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git
-      - make readme
+#       - make readme
-      - git diff --exit-code --name-only README.md
+#       - git diff --exit-code --name-only README.md
 
-  - name: yaml lint
+#   - name: yaml lint
-    pull: always
+#     pull: always
-    image: cytopia/yamllint:alpine-1
+#     image: cytopia/yamllint:alpine-1
-    commands:
+#     commands:
-      - yamllint -f colored .
+#       - yamllint -f colored .
 
-  - name: discord
+#   - name: discord
-    pull: always
+#     pull: always
-    image: appleboy/drone-discord:1.2.4
+#     image: appleboy/drone-discord:1.2.4
-    environment:
+#     environment:
-      DISCORD_WEBHOOK_ID:
+#       DISCORD_WEBHOOK_ID:
-        from_secret: discord_webhook_id
+#         from_secret: discord_webhook_id
-      DISCORD_WEBHOOK_TOKEN:
+#       DISCORD_WEBHOOK_TOKEN:
-        from_secret: discord_webhook_token
+#         from_secret: discord_webhook_token
-    when:
+#     when:
-      status:
+#       status:
-        - changed
+#         - changed
-        - failure
+#         - failure
 
 ---
 kind: pipeline
@@ -70,40 +70,47 @@ platform:
 
 trigger:
   event:
-    - tag
+    - push
 
 steps:
   - name: generate-chart
     pull: always
     image: alpine:3.17
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
     commands:
       - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
       - apk add --no-cache curl
+      - apk add --no-cache gnupg
+      - gpg --import $GPGSIGN_KEY --passphrase $GPGSIGN_PASSPHRASE
       - helm dependency update
-      - helm package --version "${DRONE_TAG##v}" ./
+      - helm package --sign --key 'Gitea' --keyring ~/.gnupg/secring.gpg --version "${DRONE_TAG##v}" ./
       - mkdir gitea
       - mv gitea*.tgz gitea/
       - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml
       - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
 
-  - name: upload-chart
+  # - name: upload-chart
-    pull: always
+  #   pull: always
-    image: plugins/s3:latest
+  #   image: plugins/s3:latest
-    settings:
+  #   settings:
-      acl:
+  #     acl:
-        from_secret: aws_s3_acl
+  #       from_secret: aws_s3_acl
-      region:
+  #     region:
-        from_secret: aws_s3_region
+  #       from_secret: aws_s3_region
-      bucket:
+  #     bucket:
-        from_secret: aws_s3_bucket
+  #       from_secret: aws_s3_bucket
-      endpoint:
+  #     endpoint:
-        from_secret: aws_s3_endpoint
+  #       from_secret: aws_s3_endpoint
-      path_style:
+  #     path_style:
-        from_secret: aws_s3_path_style
+  #       from_secret: aws_s3_path_style
-      access_key:
+  #     access_key:
-        from_secret: aws_access_key_id
+  #       from_secret: aws_access_key_id
-      secret_key:
+  #     secret_key:
-        from_secret: aws_secret_access_key
+  #       from_secret: aws_secret_access_key
-      source: gitea/*
+  #     source: gitea/*
-      target: /charts
+  #     target: /charts
-      strip_prefix: gitea/
+  #     strip_prefix: gitea/