From f601ac4128d4c83c03af626f5f2c852ed7477ccc Mon Sep 17 00:00:00 2001
From: 1602077 <62025739+1602077@users.noreply.github.com>
Date: Fri, 9 Aug 2024 16:14:30 +0200
Subject: [PATCH] fix: build chart signing

---
 .gitlab-ci.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6f7d912d..2a1e37b5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,8 +48,20 @@ build-chart:
     variables:
       PUSH_CHART: "true"
   - if: $CI_COMMIT_BRANCH
+  image: registry.cern.ch/kubernetes/ops:0.4.0
   stage: build-chart
-  extends: .deploy_helm
+  script: |
+    CHART_NAME=cvmfs-csi
+    helm package "deployments/helm/${CHART_NAME}"
+
+    if $PUSH_CHART; then
+      helm registry login registry.cern.ch -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
+      helm push ${CHART_NAME}-${CI_COMMIT_TAG}.tgz "oci://${REGISTRY_CHART_PATH}"
+
+      echo -n "${HARBOR_SIGNKEY}" | base64 -d > .sign.key
+      cosign login registry.cern.ch -u ${HARBOR_USER} -p ${HARBOR_TOKEN}
+      cosign sign --key .sign.key -y "${DEST}/${CHART_NAME}:${CI_COMMIT_TAG}"
+    fi
   variables:
     REGISTRY_CHART_PATH: registry.cern.ch/kubernetes/charts
     COSIGN_PRIVATE_KEY: "$HARBOR_SIGNKEY"