name: Release Charts on: push: branches: - main jobs: release: permissions: id-token: write contents: write packages: write runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm uses: azure/setup-helm@v3 with: version: v3.10.0 - name: Run chart-releaser uses: helm/chart-releaser-action@v1.6.0 with: charts_dir: charts env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Get app version from chart uses: mikefarah/yq@v4.40.5 id: app_version with: cmd: yq '.appVersion' charts/bitwarden-crd-operator/Chart.yaml - name: "GHCR Login" uses: docker/login-action@v3 with: registry: ghcr.io username: lerentis password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: "GHCR Build and Push" id: docker_build uses: docker/build-push-action@v5 with: push: true platforms: linux/amd64,linux/arm64 tags: ghcr.io/lerentis/bitwarden-crd-operator:${{ steps.app_version.outputs.result }} - name: Create SBOM uses: anchore/sbom-action@v0 with: image: ghcr.io/lerentis/bitwarden-crd-operator:${{ steps.app_version.outputs.result }} - name: Publish SBOM uses: anchore/sbom-action/publish-sbom@v0 with: sbom-artifact-match: ".*\\.spdx\\.json" - name: Get Latest Tag id: previoustag uses: WyriHaximus/github-action-get-previous-tag@v1 - name: Download SBOM from github action uses: actions/download-artifact@v4 with: name: ${{ env.ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT }} - name: Add SBOM to release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file_glob: true file: lerentis-bitwarden-crd-operator_*.spdx.json tag: ${{ steps.previoustag.outputs.tag }} overwrite: true