-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
135 lines (117 loc) · 4.58 KB
/
.gitlab-ci.yml
File metadata and controls
135 lines (117 loc) · 4.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
variables:
HELM_VERSION: "3.19.0"
CHART_NAME: "devguard"
REGISTRY: "$CI_REGISTRY"
stages:
- publish
- release
# Install Helm template
.install_helm: &install_helm
- |
# Download Helm binary from GitHub releases
HELM_ARCH="linux-amd64"
HELM_URL="https://get.helm.sh/helm-v3.19.0-linux-amd64.tar.gz"
EXPECTED_CHECKSUM="a7f81ce08007091b86d8bd696eb4d86b8d0f2e1b9f6c714be62f82f96a594496"
# Download Helm binary
curl -fsSL -o helm.tar.gz "$HELM_URL"
# Verify checksum
ACTUAL_CHECKSUM=$(sha256sum helm.tar.gz | cut -d' ' -f1)
if [ "$ACTUAL_CHECKSUM" != "$EXPECTED_CHECKSUM" ]; then
echo "ERROR: Checksum verification failed!"
echo "Expected: $EXPECTED_CHECKSUM"
echo "Actual: $ACTUAL_CHECKSUM"
exit 1
fi
echo "Checksum verification passed: $ACTUAL_CHECKSUM"
# Extract and install
tar -xzf helm.tar.gz
mv ${HELM_ARCH}/helm /usr/local/bin/helm
chmod +x /usr/local/bin/helm
# Cleanup
rm -rf helm.tar.gz ${HELM_ARCH}
# Verify installation
helm version
# Helm package and publish job
helm-release:
stage: publish
image: alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
before_script:
- apk add --no-cache curl git bash
- *install_helm
- echo $CI_REGISTRY_PASSWORD | helm registry login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
script:
# Extract version from tag or use default
- |
if [ -n "$CI_COMMIT_TAG" ]; then
VERSION=${CI_COMMIT_TAG#v}
else
VERSION=$(grep '^version:' Chart.yaml | cut -d' ' -f2)
fi
echo "Releasing version: $VERSION"
# Update Chart.yaml with the version
- |
sed -i "s/^version:.*/version: $VERSION/" Chart.yaml
sed -i "s/^appVersion:.*/appVersion: \"$VERSION\"/" Chart.yaml
# Package the chart
- helm dependency update
- mkdir -p charts
- helm package . --destination ./charts/
# Push to GitLab Container Registry
- |
CHART_PACKAGE="${CHART_NAME}-$VERSION.tgz"
- 'curl --fail-with-body --request POST --user gitlab-ci-token:$CI_JOB_TOKEN --form "chart=@charts/${CHART_PACKAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts"'
- helm push "./charts/$CHART_PACKAGE" oci://$CI_REGISTRY/$CI_PROJECT_PATH
artifacts:
paths:
- charts/*.tgz
expire_in: 1 week
rules:
- if: $CI_COMMIT_TAG
# Run manually
- when: manual
allow_failure: false
# Create GitLab Release
create-release:
stage: release
image: alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
before_script:
- apk add --no-cache curl jq
script:
- |
if [ -n "$CI_COMMIT_TAG" ]; then
VERSION=${CI_COMMIT_TAG#v}
# Check if GITLAB_TOKEN is available
if [ -z "$GITLAB_TOKEN" ]; then
echo "WARNING: GITLAB_TOKEN not set. Skipping release creation."
echo "To create releases automatically, set GITLAB_TOKEN as a CI/CD variable with 'api' scope."
exit 0
fi
# Create GitLab release
printf '{
"name": "Release %s",
"tag_name": "%s",
"ref": "%s",
"description": "DevGuard Helm Chart Release %s\\n\\n## Installation\\n\\n### From GitLab Container Registry (OCI)\\n\\n```bash\\nhelm install my-devguard oci://%s/%s/devguard --version %s\\n```\\n\\n### From GitLab Package Registry\\n\\n```bash\\nhelm repo add devguard %s/projects/%s/packages/helm/stable\\nhelm install my-devguard devguard/devguard --version %s\\n```\\n\\n### Pull Chart\\n\\n```bash\\nhelm pull oci://%s/%s/devguard --version %s\\n```",
"assets": {
"links": [
{
"name": "GitLab Package Registry",
"url": "%s/-/packages",
"link_type": "package"
}
]
}
}' "$VERSION" "$CI_COMMIT_TAG" "$CI_COMMIT_SHA" "$VERSION" "$CI_REGISTRY" "$CI_PROJECT_PATH" "$VERSION" "$CI_API_V4_URL" "$CI_PROJECT_ID" "$VERSION" "$CI_REGISTRY" "$CI_PROJECT_PATH" "$VERSION" "$CI_PROJECT_URL" > release.json
curl --fail-with-body --request POST \
--header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
--header "Content-Type: application/json" \
--data @release.json \
"$CI_API_V4_URL/projects/$CI_PROJECT_ID/releases"
echo "GitLab release created successfully!"
else
echo "No tag found, skipping release creation."
fi
rules:
- if: $CI_COMMIT_TAG
dependencies:
- helm-release