From 2bb2c636449a214fa9c61d05a13d5b933bbd76be Mon Sep 17 00:00:00 2001 From: Obinna Odirionye Date: Mon, 19 May 2025 15:03:51 +0400 Subject: [PATCH 1/4] build: update Docker image tags to always use 'latest' for most recent release --- .github/workflows/build.yml | 18 +++++++++++------- README.md | 4 ++-- scripts/sbom.sh | 6 ++++++ 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7f33c812..32913b3f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,13 +39,13 @@ jobs: DOCKER_IMAGE=ghcr.io/helm/chartmuseum DOCKER_PLATFORMS=linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/386 VERSION=canary + TAGS="--tag ${DOCKER_IMAGE}:${VERSION}" if [[ $GITHUB_REF == refs/tags/* ]]; then VERSION=${GITHUB_REF#refs/tags/} + TAGS="--tag ${DOCKER_IMAGE}:${VERSION} --tag ${DOCKER_IMAGE}:latest" fi - TAGS="--tag ${DOCKER_IMAGE}:${VERSION}" - echo ::set-output name=docker_image::${DOCKER_IMAGE} echo ::set-output name=version::${VERSION} echo ::set-output name=buildx_args::--platform ${DOCKER_PLATFORMS} \ @@ -77,9 +77,7 @@ jobs: - name: Install Kubernetes SBOM Tool uses: puerco/bom-installer@aa0837e37b6965b5fc50adfad0683ec3c0a2c2c4 - name: Install sigstore cosign - uses: sigstore/cosign-installer@main - with: - cosign-version: 'v2.2.4' + uses: sigstore/cosign-installer@v3.8.1 - name: Release artifacts (includes SBOM and signatures) id: release-artifacts env: @@ -92,12 +90,18 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign --yes ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} + for TAG in ${{ steps.prepare.outputs.version }} latest; do + [[ $TAG == latest && ${{ steps.prepare.outputs.version }} == "canary" ]] && continue + cosign sign --yes ${{ steps.prepare.outputs.docker_image }}:${TAG} + done - name: Attach SBOM to published images env: COSIGN_EXPERIMENTAL: "true" run: | - cosign attach sbom --sbom _dist/chartmuseum-${{ steps.prepare.outputs.version }}.spdx ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} + for TAG in ${{ steps.prepare.outputs.version }} latest; do + [[ $TAG == latest && ${{ steps.prepare.outputs.version }} == "canary" ]] && continue + cosign attach sbom --sbom _dist/chartmuseum-${{ steps.prepare.outputs.version }}.spdx ${{ steps.prepare.outputs.docker_image }}:${TAG} + done - name: Clear if: always() run: | diff --git a/README.md b/README.md index 665a4f86..831f8cd1 100644 --- a/README.md +++ b/README.md @@ -472,7 +472,7 @@ docker run --rm -it \ -e STORAGE=local \ -e STORAGE_LOCAL_ROOTDIR=/charts \ -v $(pwd)/charts:/charts \ - ghcr.io/helm/chartmuseum:v0.16.3 + ghcr.io/helm/chartmuseum:latest # always pulls most recent release ``` Example usage (S3): @@ -485,7 +485,7 @@ docker run --rm -it \ -e STORAGE_AMAZON_PREFIX="" \ -e STORAGE_AMAZON_REGION="us-east-1" \ -v ~/.aws:/home/chartmuseum/.aws:ro \ - ghcr.io/helm/chartmuseum:v0.16.3 + ghcr.io/helm/chartmuseum:latest # always pulls most recent release ``` ### Helm Chart diff --git a/scripts/sbom.sh b/scripts/sbom.sh index ebcf532c..30b55844 100755 --- a/scripts/sbom.sh +++ b/scripts/sbom.sh @@ -29,6 +29,12 @@ echo "Adding image ghcr.io/helm/chartmuseum:${VERSION}" echo " - type: image" >> .sbom.yaml echo " source: ghcr.io/helm/chartmuseum:${VERSION}" >> .sbom.yaml +if [[ "${VERSION}" != "canary" ]]; then + echo "Adding image ghcr.io/helm/chartmuseum:latest" + echo " - type: image" >> .sbom.yaml + echo " source: ghcr.io/helm/chartmuseum:latest" >> .sbom.yaml +fi + echo "Wrote configuration file:" cat .sbom.yaml From 554c8548b321c5567842f36c27882c4f76a05b98 Mon Sep 17 00:00:00 2001 From: Obinna Odirionye Date: Mon, 19 May 2025 15:14:23 +0400 Subject: [PATCH 2/4] docs: remove redundant comment about pulling latest Docker image --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 831f8cd1..ab4494a7 100644 --- a/README.md +++ b/README.md @@ -472,7 +472,7 @@ docker run --rm -it \ -e STORAGE=local \ -e STORAGE_LOCAL_ROOTDIR=/charts \ -v $(pwd)/charts:/charts \ - ghcr.io/helm/chartmuseum:latest # always pulls most recent release + ghcr.io/helm/chartmuseum:latest ``` Example usage (S3): @@ -485,7 +485,7 @@ docker run --rm -it \ -e STORAGE_AMAZON_PREFIX="" \ -e STORAGE_AMAZON_REGION="us-east-1" \ -v ~/.aws:/home/chartmuseum/.aws:ro \ - ghcr.io/helm/chartmuseum:latest # always pulls most recent release + ghcr.io/helm/chartmuseum:latest ``` ### Helm Chart From fee4ce87524037fe8e329f2b7037ba8637151bbb Mon Sep 17 00:00:00 2001 From: Obinna Odirionye Date: Thu, 20 Nov 2025 20:14:22 +0400 Subject: [PATCH 3/4] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Obinna Odirionye --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ab4494a7..5a463e02 100644 --- a/README.md +++ b/README.md @@ -485,7 +485,7 @@ docker run --rm -it \ -e STORAGE_AMAZON_PREFIX="" \ -e STORAGE_AMAZON_REGION="us-east-1" \ -v ~/.aws:/home/chartmuseum/.aws:ro \ - ghcr.io/helm/chartmuseum:latest + ghcr.io/helm/chartmuseum:latest ``` ### Helm Chart From 1f728da93afdf5dc172513c33d7078a34bcb5afa Mon Sep 17 00:00:00 2001 From: Obinna Odirionye Date: Thu, 20 Nov 2025 20:14:37 +0400 Subject: [PATCH 4/4] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Obinna Odirionye --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5a463e02..a16c4e9c 100644 --- a/README.md +++ b/README.md @@ -472,7 +472,7 @@ docker run --rm -it \ -e STORAGE=local \ -e STORAGE_LOCAL_ROOTDIR=/charts \ -v $(pwd)/charts:/charts \ - ghcr.io/helm/chartmuseum:latest + ghcr.io/helm/chartmuseum:latest ``` Example usage (S3):