Upload Helm chart as OCI artifact to GCHR

[jacksgt]

Hi @maelvls ,

as discussed in #41 , I'm adding the functionality to automatically update and push the Helm chart as an OCI artifact to Github's container registry.

Please give it a try since I'm not familiar with the usual release process and goreleaser - feel free to make changes as necessary.

[jacksgt]

Is the repo path ok or should we use a subpath (ghcr.io/cert-manager/cert-manager-openshift-routes/chart:{{ trimprefix .Version "v" }})?

[maelvls]

I'd suggest going with an organization-wide subpath: ghcr.io/cert-manager/charts. If we go with:

Suggested change

	- '{{if .IsSnapshot}}echo SKIPPING: {{end}}helm push ./openshift-routes-{{ trimprefix .Version "v"}}.tgz oci://ghcr.io/cert-manager/cert-manager-openshift-routes:{{ .Version }}-chart'
	- '{{if .IsSnapshot}}echo SKIPPING: {{end}}helm push ./openshift-routes-{{ trimprefix .Version "v"}}.tgz oci://ghcr.io/cert-manager/charts'

then the charts will be pushed to the following registry path:

oci://ghcr.io/cert-manager/charts/openshift-routes
                                  <-------------->
                                 added by helm push

That's because helm push uses the name of the chart (here, openshift-routes) to know where to push. Do you mind if I push a commit to test it out?

By the way, I noticed that the Helm chart is named openshift-routes in Chart.yaml, but the container image is named cert-manager-openshift-routes. Should we rename the Helm chart in Chart.yaml?

[maelvls]

I pushed a commit and tagged it with v0.4.0-alpha.0 to test it out. I was getting 403 Forbidden when helm chart was being run. I realized that's because I needed to "attach" the registry https://github.com/cert-manager/openshift-routes/pkgs/container/charts%2Fopenshift-routes to this repository, which I did via the UI by clicking "Manage Actions access" and I selected "cert-manager/openshift-routes" with "Role: Write". I detailed this problem in https://hackmd.io/@maelvls/fixing-403-forbidden-ghcr.

[maelvls]

@jacksgt It works now! The action job 19293897798 is all green. I haven't made the Helm chart OCI registry public yet since I'm not sure about the Helm chart name yet.

Should we go with

ghcr.io/cert-manager/charts/openshift-routes

or

ghcr.io/cert-manager/charts/cert-manager-openshift-routes

?

[jacksgt]

Thanks for the fix!

I'd go with ghcr.io/cert-manager/charts/openshift-routes, since the Helm chart itself is called openshift-routes: https://github.com/cert-manager/openshift-routes/blob/main/deploy/chart/Chart.yaml#L2

[maelvls]

Agreed. It makes sense to call the chart after the GitHub repository.

I hope that the inconsistence between the container image name and the Helm chart name won't be a problem 😅

[jacksgt]

@maelvls Please take a look when you get some time.

[maelvls]

It's all good to go!

/approve
/lgtm

[jetstack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maelvls

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [maelvls]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[maelvls]

I merged your changes. Thank you for doing this!!

I'll release v0.4.0 now!

Update: The Helm chart can be used like this:

helm upgrade --install openshift-routes oci://ghcr.io/cert-manager/charts/openshift-routes