Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 github-actions[bot]
|
9802448e82 | ||
 Chris Farhood
|
69ed7ae3e8 | ||
|
Chris Farhood
|
9ee113e583 | ||
|
github-actions[bot]
|
de67b4dd1a |
@@ -1,69 +0,0 @@
|
||||
name: Prepare Release
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: 'Version to release (without v prefix, e.g., 0.2.5)'
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
prepare:
|
||||
runs-on: local-ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
steps:
|
||||
- name: Validate version format
|
||||
run: |
|
||||
if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
|
||||
echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Configure git
|
||||
run: |
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
|
||||
- name: Update package.json version
|
||||
working-directory: ./headlamp-sealed-secrets
|
||||
run: |
|
||||
jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
|
||||
mv package.json.tmp package.json
|
||||
|
||||
- name: Update artifacthub-pkg.yml version
|
||||
run: |
|
||||
VERSION="${{ inputs.version }}"
|
||||
RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
|
||||
|
||||
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
||||
sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
|
||||
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
|
||||
|
||||
# Set placeholder checksum - will be updated after release
|
||||
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:PLACEHOLDER_WILL_BE_UPDATED_AFTER_RELEASE|" artifacthub-pkg.yml
|
||||
|
||||
- name: Commit version bump
|
||||
run: |
|
||||
git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
|
||||
git commit -m "chore: bump version to ${{ inputs.version }}"
|
||||
git push origin main
|
||||
|
||||
- name: Create and push tag
|
||||
run: |
|
||||
git tag "v${{ inputs.version }}"
|
||||
git push origin "v${{ inputs.version }}"
|
||||
|
||||
- name: Summary
|
||||
run: |
|
||||
echo "✓ Version bumped to ${{ inputs.version }}"
|
||||
echo "✓ Tag v${{ inputs.version }} created"
|
||||
echo ""
|
||||
echo "The release workflow will now run automatically."
|
||||
echo "After it completes, the checksum will be updated on main."
|
||||
@@ -1,28 +1,48 @@
|
||||
name: Release
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: 'Version to release (without v prefix, e.g., 0.2.5)'
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
build-and-release:
|
||||
release:
|
||||
runs-on: local-ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
outputs:
|
||||
version: ${{ steps.extract_version.outputs.version }}
|
||||
checksum: ${{ steps.compute_checksum.outputs.checksum }}
|
||||
steps:
|
||||
- name: Validate version format
|
||||
run: |
|
||||
if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
|
||||
echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Extract version from tag
|
||||
id: extract_version
|
||||
- name: Configure git
|
||||
run: |
|
||||
VERSION=${GITHUB_REF_NAME#v}
|
||||
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
||||
echo "Version: ${VERSION}"
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
|
||||
- name: Update package.json version
|
||||
working-directory: ./headlamp-sealed-secrets
|
||||
run: |
|
||||
jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
|
||||
mv package.json.tmp package.json
|
||||
|
||||
- name: Update artifacthub-pkg.yml version
|
||||
run: |
|
||||
VERSION="${{ inputs.version }}"
|
||||
RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
|
||||
|
||||
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
||||
sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
|
||||
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v4
|
||||
@@ -54,8 +74,7 @@ jobs:
|
||||
- name: Move tarball to root
|
||||
working-directory: ./headlamp-sealed-secrets
|
||||
run: |
|
||||
# Get the specific tarball created by package command
|
||||
TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
||||
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||
if [ ! -f "${TARBALL}" ]; then
|
||||
echo "::error::Expected tarball ${TARBALL} not found"
|
||||
ls -la *.tar.gz
|
||||
@@ -66,7 +85,7 @@ jobs:
|
||||
|
||||
- name: Validate tarball name
|
||||
run: |
|
||||
EXPECTED="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
||||
EXPECTED="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||
ACTUAL=$(ls *.tar.gz)
|
||||
if [ "$EXPECTED" != "$ACTUAL" ]; then
|
||||
echo "::error::Tarball name mismatch! Expected: $EXPECTED, Got: $ACTUAL"
|
||||
@@ -77,14 +96,14 @@ jobs:
|
||||
- name: Compute checksum
|
||||
id: compute_checksum
|
||||
run: |
|
||||
TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
||||
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||
CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
|
||||
echo "checksum=${CHECKSUM}" >> $GITHUB_OUTPUT
|
||||
echo "Checksum: sha256:${CHECKSUM}"
|
||||
|
||||
- name: Verify tarball contents
|
||||
run: |
|
||||
TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
||||
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||
echo "Tarball contents:"
|
||||
tar -tzf "${TARBALL}" | head -20
|
||||
|
||||
@@ -95,10 +114,27 @@ jobs:
|
||||
fi
|
||||
echo "✓ Tarball contents validated"
|
||||
|
||||
- name: Update checksum in metadata
|
||||
run: |
|
||||
CHECKSUM="${{ steps.compute_checksum.outputs.checksum }}"
|
||||
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
||||
|
||||
- name: Commit version bump and metadata
|
||||
run: |
|
||||
git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
|
||||
git commit -m "chore: release v${{ inputs.version }}"
|
||||
git push origin main
|
||||
|
||||
- name: Create and push tag
|
||||
run: |
|
||||
git tag "v${{ inputs.version }}"
|
||||
git push origin "v${{ inputs.version }}"
|
||||
|
||||
- name: Create GitHub Release
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
files: headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz
|
||||
tag_name: "v${{ inputs.version }}"
|
||||
files: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz
|
||||
fail_on_unmatched_files: true
|
||||
draft: false
|
||||
prerelease: false
|
||||
@@ -106,47 +142,18 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
update-metadata:
|
||||
needs: build-and-release
|
||||
runs-on: local-ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
steps:
|
||||
- name: Checkout main branch
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: main
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Configure git
|
||||
run: |
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
|
||||
- name: Update checksum in metadata
|
||||
run: |
|
||||
VERSION="${{ needs.build-and-release.outputs.version }}"
|
||||
CHECKSUM="${{ needs.build-and-release.outputs.checksum }}"
|
||||
|
||||
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
||||
|
||||
git add artifacthub-pkg.yml
|
||||
if ! git diff --cached --quiet; then
|
||||
git commit -m "ci: update checksum for v${VERSION}"
|
||||
git push origin main
|
||||
echo "✓ Checksum updated on main branch"
|
||||
else
|
||||
echo "✓ Checksum already up to date"
|
||||
fi
|
||||
|
||||
- name: Release Summary
|
||||
- name: Summary
|
||||
run: |
|
||||
echo "Release Summary:"
|
||||
echo "=================="
|
||||
echo "Version: v${{ needs.build-and-release.outputs.version }}"
|
||||
echo "Tarball: headlamp-sealed-secrets-${{ needs.build-and-release.outputs.version }}.tar.gz"
|
||||
echo "Checksum: sha256:${{ needs.build-and-release.outputs.checksum }}"
|
||||
echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ needs.build-and-release.outputs.version }}/headlamp-sealed-secrets-${{ needs.build-and-release.outputs.version }}.tar.gz"
|
||||
echo "Version: v${{ inputs.version }}"
|
||||
echo "Tarball: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||
echo "Checksum: sha256:${{ steps.compute_checksum.outputs.checksum }}"
|
||||
echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ inputs.version }}/headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||
echo ""
|
||||
echo "✓ Version bumped to ${{ inputs.version }}"
|
||||
echo "✓ Metadata updated with checksum"
|
||||
echo "✓ Tag v${{ inputs.version }} created"
|
||||
echo "✓ GitHub release published with tarball"
|
||||
echo ""
|
||||
echo "Metadata updated on main branch."
|
||||
echo "Artifact Hub will sync within 5-10 minutes."
|
||||
|
||||
+4
-4
@@ -1,13 +1,13 @@
|
||||
# Artifact Hub package metadata file
|
||||
# https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml
|
||||
version: 0.2.5
|
||||
version: 0.2.6
|
||||
name: headlamp-sealed-secrets
|
||||
displayName: Sealed Secrets Plugin for Headlamp
|
||||
createdAt: "2026-02-12T00:00:00Z"
|
||||
description: A comprehensive Headlamp plugin for managing Bitnami Sealed Secrets with client-side encryption and RBAC-aware UI
|
||||
license: Apache-2.0
|
||||
homeURL: https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin
|
||||
appVersion: 0.2.5
|
||||
appVersion: 0.2.6
|
||||
containersImages:
|
||||
- name: sealed-secrets-controller
|
||||
image: docker.io/bitnami/sealed-secrets-controller:v0.24.0
|
||||
@@ -19,8 +19,8 @@ keywords:
|
||||
- encryption
|
||||
- security
|
||||
annotations:
|
||||
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v0.2.5/headlamp-sealed-secrets-0.2.5.tar.gz"
|
||||
headlamp/plugin/archive-checksum: sha256:PLACEHOLDER_WILL_BE_UPDATED_AFTER_RELEASE
|
||||
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v0.2.6/headlamp-sealed-secrets-0.2.6.tar.gz"
|
||||
headlamp/plugin/archive-checksum: sha256:0665d221ba8e1e08d5eb8596caa4138e480c7d8b8bb0853ca25d3bd6967adee1
|
||||
headlamp/plugin/version-compat: ">=0.13.0"
|
||||
headlamp/plugin/distro-compat: "desktop,in-cluster,web,docker-desktop"
|
||||
links:
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"externals": {}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "headlamp-sealed-secrets",
|
||||
"version": "0.2.5",
|
||||
"version": "0.2.6",
|
||||
"description": "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets",
|
||||
"files": [
|
||||
"dist",
|
||||
|
||||
Reference in New Issue
Block a user