Test signing #23

	name: Chart release

	on:
	push:
	branches:
	- main
	- sign-chart
	paths:
	- 'charts/**/Chart.yaml'
	pull_request:
	paths:
	- .github/workflows/chart-release.yml
	- ./hack/publish-chart.sh

	permissions:
	contents: write
	packages: write

	jobs:
	publish-chart:
	name: Publish chart
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4.1.4

	- name: Configure Git
	run: \|
	git config user.name "$GITHUB_ACTOR"
	git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

	- name: Set up Helm
	uses: azure/setup-helm@v4.2.0

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3.1.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up chart signing
	if: github.event_name != 'pull_request'
	run: \|
	echo "${{ secrets.CHART_SIGN_PRIVATE_KEY }}" \| gpg --dearmor --output keyring.gpg
	echo "CHART_SIGN_KEYRING=keyring.gpg" >> ${GITHUB_ENV}
	echo "CHART_SIGN_KEY_ID=Mario Valderrama (CSI Helm Package Signing)" >> ${GITHUB_ENV}

	- name: Install sigstore helm plugin
	if: github.event_name != 'pull_request'
	run: helm plugin install https://github.com/sigstore/helm-sigstore

	- name: Publish chart to GitHub Container Registry
	if: github.event_name != 'pull_request'
	run: ./hack/publish-chart.sh
	env:
	TRACE: "1"

	- name: Publish chart to GitHub Container Registry (dry-run)
	if: github.event_name == 'pull_request'
	run: DRY_RUN=1 ./hack/publish-chart.sh

Provide feedback