9 lint yaml file in ci + Fix cr on immutable release.

.github/workflows/chart-ci.yml

@@ -36,13 +36,15 @@ jobs:
 
       - name: Extract and add Helm repositories
         run: |
-         yq eval -r '
+          yq eval -r '
             .dependencies[]
+            | select(.repository != "oci://*")
             | "\(.name) \(.repository)"
             ' "${{ inputs.chart-dir }}/Chart.yaml" \
           | while read -r name repo; do
               helm repo add "$name" "$repo"
-            done
+          done
+
           helm repo update
 
       - name: Install chart dependencies
@@ -274,76 +276,88 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-          # Fix for "chart-cr" action bug https://github.com/helm/chart-releaser-action/issues/171#issuecomment-2372464055
-          git fetch --tags
-          latest_tag=$(git tag --sort=-creatordate | head -n 1 || true)
-          echo "latest_tag=$latest_tag" >> "$GITHUB_OUTPUT"
-
-      - name: Download packaged Chart
-        uses: actions/download-artifact@v4
-        with:
-          name: packaged-chart
-          path: ${{ inputs.chart-dir }}
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4.3.1
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Extract and add Helm repositories
-        run: |
-          yq eval -r '
-            .dependencies[]
-            | "\(.name) \(.repository)"
-            ' "${{ inputs.chart-dir }}/Chart.yaml" \
-          | while read -r name repo; do
-              helm repo add "$name" "$repo"
-            done
-          helm repo update
-
-      ### Release steps specific to `feature` branch ###
+      # ### Release steps specific to `feature` branch ###
       - name: Add release suffix - SNAPSHOT
         if: github.ref != 'refs/heads/main' &&  github.ref != 'refs/heads/dev'
         run: |
-          VERSION_SUFFIX="-snapshot.$(git rev-parse --short ${{ github.sha }})" \
+          VERSION_SUFFIX="-snapshot-$(git rev-parse --short ${{ github.sha }})" \
           yq -i '.version |= . + env(VERSION_SUFFIX)' ${{ inputs.chart-dir }}/Chart.yaml
 
-      - name: Run chart-releaser - SNAPSHOT
-        if: github.ref != 'refs/heads/main' &&  github.ref != 'refs/heads/dev'
-        uses: helm/chart-releaser-action@v1.7.0
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: false
-
       ### Release steps specific to `dev` branch ###
       - name: Add release suffix - DEV
         if: github.ref == 'refs/heads/dev'
         run: |
-          VERSION_SUFFIX="-dev.$(git rev-parse --short ${{ github.sha }})" \
+          VERSION_SUFFIX="-dev-$(git rev-parse --short ${{ github.sha }})" \
           yq -i '.version |= . + env(VERSION_SUFFIX)' ${{ inputs.chart-dir }}/Chart.yaml
 
-      - name: Run chart-releaser - DEV
-        if: github.ref == 'refs/heads/dev'
-        uses: helm/chart-releaser-action@v1.7.0
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: false
+      - name: Package chart
+        run: |
+          helm package ${{ inputs.chart-dir }} -d .cr-release-packages/
+
+      # ### Prepare release variables ###
+      - name: Prepare release variables
+        id: prepare-release
+        run: |
+          git fetch origin gh-pages
+          name=$(git show origin/gh-pages:index.yaml | yq e '.entries | keys | .[0]' 2>/dev/null || echo " ??? ")
+
+          VERSION=$(yq '.version' ${{ inputs.chart-dir }}/Chart.yaml)
+
+          TAG_NAME="${name}-${VERSION}" 
+
+          echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
 
-      ### Release steps specific to `main` branch ###
-      - name: Run chart-releaser - MAIN
+      # ### Release steps specific to `feature` or `dev` branch ###
+      - name: Create GitHub pre-release + tag
+        if: github.ref != 'refs/heads/main'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            .cr-release-packages/*.tgz \
+            --prerelease \
+            --title "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            --target ${{ github.sha}} \
+            --notes "Version from ${{ github.ref_name }}" \
+            -F CHANGELOG.md
+
+      # ### Release steps specific to `main` branch ###
+      - name: Create GitHub release + tag
         if: github.ref == 'refs/heads/main'
-        uses: helm/chart-releaser-action@v1.7.0
         env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: true
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            .cr-release-packages/*.tgz \
+            --latest \
+            --target ${{ github.sha}} \
+            --title "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            --notes "Version from ${{ github.ref_name }}" \
+            -F CHANGELOG.md
+
+      - name: Update index.yaml on gh-pages
+        env:
+          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+          # Get gh-pages 
+          git fetch origin gh-pages
+          mkdir -p .cr-index
+          git show origin/gh-pages:index.yaml > .cr-index/index.yaml 2>/dev/null || echo "apiVersion: v1\nentries: {}" > .cr-index/index.yaml
+
+          echo "Merge index.yaml with new chart version..."
+          helm repo index .cr-index \
+            --url https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }} \
+            --merge .cr-index/index.yaml
+
+          args=(-o "${{ github.repository_owner }}" -r "${{ github.event.repository.name }}" --push)
+
+          echo "Installing chart-releaser on $install_dir..."
+          curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.8.1/chart-releaser_1.8.1_linux_amd64.tar.gz"
+          tar -xzf cr.tar.gz -C "/usr/local/bin/"
+          rm -f cr.tar.gz
+
+          cr index "${args[@]}"

.github/workflows/ci.yml

@@ -0,0 +1,36 @@
+---
+name: CI
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  push:
+    branches-ignore:
+      - "main"
+  pull_request:
+    branches: ["main", "dev"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v4
+      - name: yaml-lint
+        uses: ibiqlik/action-yamllint@v3.1.1
+        with:
+          config_data: |
+            extends: default
+            rules:
+              trailing-spaces:
+                level: warning
+              line-length: disable # don't bother me with this rule    
+              comments-indentation: disable  # don't bother me with this rule

.github/workflows/container-ci.yml

@@ -1,3 +1,4 @@
+---
 name: build
 
 on:
@@ -369,14 +370,12 @@ jobs:
           format: 'table'
           trivyignores: 'ci-trivy-ignore.txt'
 
-
   push-docker-image:
     name: Image Push to GHCR
     needs:
-    - image-audit
-    - image-scan
+      - image-audit
+      - image-scan
     runs-on: ubuntu-24.04
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4