chore(ci): Reconcile keyfactor workflows and custom workflows

.github/workflows/release.yml → .github/workflows/helm.yml

@@ -2,7 +2,7 @@ name: Build and Release Helm Chart
 on:
   pull_request:
     branches:
-      - 'v*'
+      - 'release-*'
     types:
       # action should run when the pull request is closed
       # (regardless of whether it was merged or just closed)
@@ -36,14 +36,14 @@ jobs:
       # Set version from DOCKER_METADATA_OUTPUT_VERSION as environment variable
       - name: Set Version
         run: |
-          echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:1}" >> $GITHUB_ENV
+          echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:8}.0" >> $GITHUB_ENV # Eventually will build this into Keyfactor bootstrap
 
       # Change version and appVersion in Chart.yaml to the tag in the closed PR
       - name: Update Helm App/Chart Version
         shell: bash
         run: |
-          sed -i "s/^version: .*/version: ${{ env.VERSION }}/g" deploy/charts/ejbca-cert-manager-issuer/Chart.yaml
-          sed -i "s/^appVersion: .*/appVersion: \"${{ env.DOCKER_METADATA_OUTPUT_VERSION }}\"/g" deploy/charts/ejbca-cert-manager-issuer/Chart.yaml
+          sed -i "s/^version: .*/version: ${{ env.VERSION }}/g" deploy/charts/ejbca-k8s-csr-signer/Chart.yaml
+          sed -i "s/^appVersion: .*/appVersion: \"v${{ env.VERSION }}\"/g" deploy/charts/ejbca-k8s-csr-signer/Chart.yaml
 
       # Setup Helm
       # https://github.com/Azure/setup-helm
@@ -65,4 +65,4 @@ jobs:
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
-          charts_dir: deploy/charts
+          charts_dir: deploy/charts

.github/workflows/keyfactor-workflow.yml

@@ -0,0 +1,19 @@
+name: Keyfactor Release Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}

.github/workflows/test.yml

@@ -52,9 +52,8 @@ jobs:
           cache: true
 
       # Deploy an ephemeral EJBCA and SignServer for CI testing
-      - uses: keyfactor/EJBCA-SignServer-K8sForge@main
+      - uses: m8rmclaren/ejbca-signserver-k8s@main
         with:
-          token: ${{ secrets.V2BUILDTOKEN }}
           deploy-k8s: 'true'
           deploy-nginx-ingress: 'true'
 
@@ -68,4 +67,4 @@ jobs:
       - name: Run go test
         run: go test -v ./...
         env:
-          EJBCA_CSR_SUBJECT: "CN=ejbca_testacc"
+          EJBCA_CSR_SUBJECT: "CN=ejbca_testacc"

CHANGELOG.md

@@ -1,4 +1,4 @@
-# v1.3.3
+# v1.4.0
 
 ## Features
 * feat(ci): feat(ci): Deploy ephemeral EJBCA/SignServer server as part of CI/CD test workflow. This enables the controller to be tested against a real CA.
@@ -21,4 +21,4 @@
 * feat(helm): Create Helm chart to deploy the controller to a Kubernetes or OpenShift cluster
 
 ## Fixes
-* fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration.
+* fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration.

integration-manifest.json

@@ -4,5 +4,8 @@
     "name": "ejbca-cert-manager-issuer",
     "status": "pilot",
     "link_github":false,
-    "description": "cert-manager external issuer for EJBCA" 
+    "description": "cert-manager external issuer for EJBCA",
+    "platform_matrix": "linux/arm64,linux/amd64,linux/s390x,linux/ppc64le",
+    "support_level": "kf-community",
+    "release_dir": ""
 }