docker-registry.helm icon indicating copy to clipboard operation
docker-registry.helm copied to clipboard
verified publisher icon twuni

Need to update CR_TOKEN for release pipeline

Open joshsizer opened this issue 8 months ago • 3 comments

I recently merged in the update to Chart.yaml for release 2.3.0, but unfortunately the release pipeline is failing. It looks like the CR_TOKEN is expired: https://github.com/twuni/docker-registry.helm/actions/runs/14517423384/job/40729737426#step:5:41

It is used for the helm release action: https://github.com/twuni/docker-registry.helm/blob/main/.github/workflows/helm_release.yaml#L29

@canterberry when you have a chance, could you create a new token and place it in the CR_TOKEN CI/CD variable?

joshsizer avatar Apr 19 '25 17:04 joshsizer

I've updated the token, but now the action is failing for a different reason:

Commits must have verified signatures.

canterberry avatar Jun 05 '25 16:06 canterberry

I've updated the token, but now the action is failing for a different reason:

Commits must have verified signatures.

Thank you for updating the token. I'll look into this... I assume the CR tool is creating a commit but not signing it? Will investigate more

joshsizer avatar Jun 05 '25 21:06 joshsizer

@canterberry As far as I can tell, the issue is two fold:

  1. There is no signing key for commits in the action
  2. The token itself doesn't have permissions to push directly to the gh-pages branch

I realize now we have never successfully ran this before, as it was implemented after our latest release.

We can either continue doing the release as before, where we create the helm package & update the index locally, and then create a PR here, or if we're interested in getting this to work long term (which I would be), we would need to determine whose identity to use to sign those commits from the GitHub action. We'd put the key into a secret and setup signing before running the CR tool.

joshsizer avatar Jun 05 '25 21:06 joshsizer