From a36582be705cbe56f98e323dd507e1fd2ff426ef Mon Sep 17 00:00:00 2001 From: Marc Singer Date: Sun, 15 Feb 2026 20:37:20 +0100 Subject: [PATCH 1/2] fix: remove git package install from docker image --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f826c9..d775442 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ FROM golang:1.25.7 AS build -RUN apk add --no-cache git - WORKDIR /workspace COPY . . @@ -16,4 +14,6 @@ RUN apk add --no-cache ca-certificates COPY --from=build /workspace/webhook /usr/local/bin/webhook +RUN chmod +x /usr/local/bin/webhook + ENTRYPOINT ["webhook"] From b7691ac5e973c7d42f4f26f5bb1d6683846b81ac Mon Sep 17 00:00:00 2001 From: Marc Singer Date: Sun, 15 Feb 2026 20:45:59 +0100 Subject: [PATCH 2/2] feat: add helm chart build and publish --- .../{docker.yml => publish-docker-image.yml} | 8 ++- .github/workflows/publish-helm-chart.yml | 60 +++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) rename .github/workflows/{docker.yml => publish-docker-image.yml} (92%) create mode 100644 .github/workflows/publish-helm-chart.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/publish-docker-image.yml similarity index 92% rename from .github/workflows/docker.yml rename to .github/workflows/publish-docker-image.yml index df618a6..e54859c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/publish-docker-image.yml @@ -1,9 +1,13 @@ -name: 'Build docker image' +name: Publish Docker Image to GHCR + +permissions: + contents: read + packages: write on: push: branches: - - main + - main jobs: build: diff --git a/.github/workflows/publish-helm-chart.yml b/.github/workflows/publish-helm-chart.yml new file mode 100644 index 0000000..d9f5bff --- /dev/null +++ b/.github/workflows/publish-helm-chart.yml @@ -0,0 +1,60 @@ +name: Publish Helm chart to GHCR + +permissions: + contents: read + packages: write + +on: + push: + branches: + - main + +env: + CHART_DIR: ./deploy/cert-manager-desec-webhook + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Install yq + uses: mikefarah/yq@v4 + + - name: Compute chart version + id: ver + run: | + # Version strategy for "push to main": + # Use Chart.yaml version + short SHA to avoid collisions. + BASE_VERSION="$(yq -r '.version' "${CHART_DIR}/Chart.yaml")" + SHORT_SHA="$(git rev-parse --short=8 HEAD)" + VERSION="${BASE_VERSION}-${SHORT_SHA}" + echo "chart_dir=${CHART_DIR}" >> "$GITHUB_OUTPUT" + echo "version=${VERSION}" >> "$GITHUB_OUTPUT" + + - name: Login to GHCR + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io \ + --username "${{ github.actor }}" \ + --password-stdin + + - name: Lint chart + run: helm lint "${{ steps.ver.outputs.chart_dir }}" + + - name: Package chart + run: | + helm package "${{ steps.ver.outputs.chart_dir }}" \ + --version "${{ steps.ver.outputs.version }}" \ + --destination ./dist + + - name: Push chart to GHCR (OCI) + env: + OWNER: ${{ github.repository_owner }} + run: | + helm push ./dist/*.tgz oci://ghcr.io/${OWNER}/helm \ No newline at end of file