[refactor] Not storing the keyring locally, configuring on GH action

* One should import the keyring first for signing the package Signed-off-by: dd di cesare <[email protected]>
Kuadrant · Jan 31, 2025 · 795585a · 795585a
1 parent c41c302
commit 795585a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/.github/workflows/release-helm-chart.yaml b/.github/workflows/release-helm-chart.yaml
@@ -30,9 +30,14 @@ jobs:
         git config user.name "$GITHUB_ACTOR"
         git config user.email "[email protected]"
 
+    - name: Configure GPG Key
+      run: |
+        echo -n "$GPG_SIGNING_KEY" | base64 -d | gpg --import
+      env:
+        GPG_SIGNING_KEY: ${{ secrets.HELM_CHARTS_SIGNING_KEY }}
+
     - name: Package Helm Chart
       run: |
-        GPG_KEYRING_BASE64=${{ secrets.HELM_CHARTS_SIGNING_KEY }} \
         GPG_KEY_UID="Kuadrant Development Team" \
         make helm-package
 

diff --git a/make/helm.mk b/make/helm.mk
@@ -31,18 +31,18 @@ helm-upgrade: $(HELM) ## Upgrade the helm chart
 	# Upgrade the helm chart in the cluster
 	$(HELM) upgrade $(CHART_NAME) $(CHART_DIRECTORY)
 
-# GPG_KEY_UID: substring of the desired key's uid, the name or email
-GPG_KEY_UID ?= 'Kuadrant Development Team'
-# GPG_KEYRING_BASE64: the gpg keyring base64 encoded
-GPG_KEYRING_BASE64 ?= <KUADRANT_GPG_KEYRING_BASE64>
-
 .PHONY: helm-package
-helm-package: $(HELM) ## Package the helm chart and GPG sign it
-	# Store the key
-	mkdir -p .gpg
-	echo $(GPG_KEYRING_BASE64) | base64 -d > .gpg/kuadrantsecring.gpg  #storing base64 GPG key into keyring
+helm-package: $(HELM) ## Package the helm chart
 	# Package the helm chart
-	$(HELM) package --sign --key $(GPG_KEY_UID) --keyring .gpg/kuadrantsecring.gpg $(CHART_DIRECTORY)
+	$(HELM) package $(CHART_DIRECTORY)
+
+# GPG_KEY_UID: substring of the desired key's uid, the name or email
+GPG_KEY_UID ?= 'Kuadrant Development Team'
+# The keyring should've been imported before running this target
+.PHONY: helm-package-sign
+helm-package-sign: $(HELM) ## Package the helm chart and GPG sign it
+	# Package the helm chart and sign it
+	$(HELM) package --sign --key $(GPG_KEY_UID) $(CHART_DIRECTORY)
 
 # GitHub Token with permissions to upload to the release assets
 HELM_WORKFLOWS_TOKEN ?= <YOUR-TOKEN>