11# SPDX-License-Identifier: Apache-2.0
2- # Copyright 2024 Authors of SentryFlow
2+ # Copyright 2024 Authors of Accuknox
33
4- name : Release Helm charts
4+ name : Helm Chart Push to ECR (Reusable)
55
66on :
77 workflow_dispatch :
88 inputs :
99 tag :
10- description : " Release tag which has to be updated"
11- type : " string"
10+ description : " Release tag or version to set in Helm charts"
1211 required : true
13- ecr_repository :
14- description : " ECR repository URL for Helm charts "
15- type : " string "
16- required : false
17- default : " 956994857092.dkr.ecr.us-east-2.amazonaws.com "
12+ type : string
13+ helm_repo :
14+ description : " AWS ECR repository URL for Helm charts "
15+ required : true
16+ type : string
1817 chart_path :
19- description : " Path to Helm chart directory"
20- type : " string"
18+ description : " Path to the Helm chart directory"
2119 required : false
22- default : " deployments/sentryflow"
20+ type : string
21+ default : " deployments"
2322 registry_type :
24- description : " ECR registry type (public or private)"
25- type : " string"
23+ description : " Type of ECR registry (private or public)"
2624 required : false
27- default : " private"
28-
29- env :
30- AWS_ACCESS_KEY_ID : ${{ secrets.AWS_DEV_ACCESS_ID }}
31- AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_DEV_SECRET_ID }}
32- AWS_REGION : us-east-2
25+ type : string
26+ default : " public"
3327
3428jobs :
35- release_helm_charts :
36- if : github.repository == 'accuknox/sentryflow'
29+ push_helm_chart :
30+ runs-on : ubuntu-latest
3731 permissions :
3832 contents : read
39- runs-on : ubuntu-latest
33+
4034 steps :
41- - name : Checkout source code
35+ - name : Checkout repository
4236 uses : actions/checkout@v4
4337
44- - name : Set up AWS Credentials
38+ - name : Configure AWS credentials
4539 uses : aws-actions/configure-aws-credentials@v2
4640 with :
47- aws-access-key-id : ${{ secrets.AWS_DEV_ACCESS_ID }}
48- aws-secret-access-key : ${{ secrets.AWS_DEV_SECRET_ID }}
49- aws-region : ${{ env.AWS_REGION }}
41+ aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
42+ aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
43+ aws-region : us-east-2
5044
51- - name : Push Helm chart to ECR
52- uses : ./.github/actions/helm-push-ecr
53- with :
54- chart-path : ${{ inputs.chart_path }}
55- ecr-region : ${{ env.AWS_REGION }}
56- ecr-repo : ${{ inputs.ecr_repository }}
57- version : ${{ inputs.tag }}
58- type : ${{ inputs.registry_type }}
59- aws-access-key-id : ${{ secrets.AWS_DEV_ACCESS_ID }}
60- aws-secret-access-key : ${{ secrets.AWS_DEV_SECRET_ID }}
61- version-dir : " src"
45+ - name : Install Helm
46+ run : |
47+ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
48+ chmod 700 get_helm.sh
49+ ./get_helm.sh
50+
51+ name : Login to ECR
52+ run : |
53+ if [ "${{ inputs.registry_type }}" = "public" ]; then
54+ echo "Logging into Amazon Public ECR..."
55+ aws ecr-public get-login-password --region us-east-1 \
56+ | helm registry login -u AWS --password-stdin public.ecr.aws
57+ else
58+ echo "Logging into Amazon Private ECR..."
59+ aws ecr get-login-password --region us-east-2 \
60+ | helm registry login -u AWS --password-stdin ${{ inputs.helm_repo }}
61+ fi
62+
63+ name : Update chart versions
64+ run : |
65+ for CHART in ${{ inputs.chart_path }}/*; do
66+ if [ -d "$CHART" ] && [ -f "$CHART/Chart.yaml" ]; then
67+ echo "Updating $CHART/Chart.yaml"
68+ sed -i "s/^version:.*/version: ${{ inputs.tag }}/" "$CHART/Chart.yaml"
69+ sed -i "s/^appVersion:.*/appVersion: ${{ inputs.tag }}/" "$CHART/Chart.yaml"
70+ fi
71+ done
72+
73+ name : Package and push Helm charts to ECR
74+ run : |
75+ for CHART in ${{ inputs.chart_path }}/*; do
76+ if [ -d "$CHART" ] && [ -f "$CHART/Chart.yaml" ]; then
77+ echo "Packaging $CHART"
78+ PACKAGE_FILE=$(helm package "$CHART" --destination ${{ inputs.chart_path }} | awk -F': ' '{print $2}')
79+ echo "Pushing $PACKAGE_FILE to ${{ inputs.helm_repo }}"
80+ helm push "$PACKAGE_FILE" oci://${{ inputs.helm_repo }}
81+ fi
82+ done
0 commit comments