update workflow for artifacthub package signing

jaehyeon-kim · jaehyeon-kim · commit 2300e96ae16f · 2025-07-04T15:50:22.000+10:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - feature/FAC-158_update-artifacthub-status
 
 jobs:
   release:
@@ -19,31 +20,57 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
-      - name: Prepare GPG Key
+      - name: Install Helm
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5
+        with:
+          version: v3.8.1
+
+      - name: Prepare GPG key # This step is for using exported keys and make your github runner
         run: |
-          echo "# Import the GPG Key"
-          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
+          # Create a folder to store files
+          gpg_dir=.cr-gpg
+          mkdir "$gpg_dir"
+
+          # Refer keyring to private key of gpg
+          keyring="$gpg_dir/secring.gpg"
+
+          # Store base64 GPG key into keyring
+          base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" 
+          
+          # Store passphrase data into a file
+          passphrase_file="$gpg_dir/passphrase"
+          echo "$GPG_PASSPHRASE" > "$passphrase_file"
           
-          echo "Create passphrase file"
-          echo "${{ secrets.GPG_PASSPHRASE }}" > passphrase.txt
+          # Save passphrase into github-environment
+          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
           
-          echo "Store the GPG key ID to a file"
-          GPG_KEY_ID=$(gpg --list-secret-keys --with-colons | grep 'sec' | cut -d: -f5)
-          echo "$GPG_KEY_ID" > gpg_key_id.txt
+          # Save private key into github-environemnt
+          echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
         env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" # Refer secrets of github above
+          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
-      - name: Create .cr.yaml
+      - name: Add repositories
         run: |
-          cat <<EOF > .cr.yaml
-          sign: true
-          # Read the key from the file.
-          key: "$(cat gpg_key_id.txt)"
-          passphrase-file: "passphrase.txt"
-          EOF
-
-      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.7.0
+          for dir in $(ls -d charts/*/); do
+            helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done
+          done
+
+      - name: Run chart-releaser #this is used to generate new version of helm chart along with some file with extension .prov
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 #v1.6.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_KEY: "${{ secrets.CR_KEY }}" # Key name used while creating key
+          CR_SIGN: true # Set to true to sign images
+
+  linter-artifacthub:
+    runs-on: ubuntu-latest
+    container:
+      image: artifacthub/ah
+      options: --user 1001
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+      - name: Run ah lint
+        working-directory: ./charts/fission-all
+        run: ah lint
diff --git a/charts/flex-ce/Chart.yaml b/charts/flex-ce/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: flex-ce
 description: Run Flex for Apache Flink Community Edition in Kubernetes
 type: application
-version: 1.0.63
+version: 1.0.64
 appVersion: "94.2"
 keywords:
   - flink
@@ -15,3 +15,7 @@ sources:
 maintainers:
   - name: "Factor House Support"
     email: "support@factorhouse.io"
+annotations:
+  artifacthub.io/signKey: |
+      fingerprint: 9686853629F9810E63A72373BA3D0FAE1A26981F
+      url: https://keybase.io/factorhouse/pgp_keys.asc
diff --git a/charts/flex/Chart.yaml b/charts/flex/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: flex
 description: Run Flex for Apache Flink in Kubernetes
 type: application
-version: 1.0.63
+version: 1.0.64
 appVersion: "94.2"
 keywords:
   - flink
@@ -15,3 +15,7 @@ sources:
 maintainers:
   - name: "Factor House Support"
     email: "support@factorhouse.io"
+annotations:
+  artifacthub.io/signKey: |
+      fingerprint: 9686853629F9810E63A72373BA3D0FAE1A26981F
+      url: https://keybase.io/factorhouse/pgp_keys.asc
diff --git a/charts/kpow-ce/Chart.yaml b/charts/kpow-ce/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kpow-ce
 description: Run Kpow for Apache Kafka Community Edition in Kubernetes
 type: application
-version: 1.0.63
+version: 1.0.64
 appVersion: "94.2"
 keywords:
   - kafka
@@ -18,3 +18,7 @@ sources:
 maintainers:
   - name: "Factor House Support"
     email: "support@factorhouse.io"
+annotations:
+  artifacthub.io/signKey: |
+      fingerprint: 9686853629F9810E63A72373BA3D0FAE1A26981F
+      url: https://keybase.io/factorhouse/pgp_keys.asc
diff --git a/charts/kpow/Chart.yaml b/charts/kpow/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kpow
 description: Run Kpow for Apache Kafka in Kubernetes
 type: application
-version: 1.0.63
+version: 1.0.64
 appVersion: "94.2"
 keywords:
   - kafka
@@ -18,3 +18,7 @@ sources:
 maintainers:
   - name: "Factor House Support"
     email: "support@factorhouse.io"
+annotations:
+  artifacthub.io/signKey: |
+      fingerprint: 9686853629F9810E63A72373BA3D0FAE1A26981F
+      url: https://keybase.io/factorhouse/pgp_keys.asc
