ci: publish s3proxy chart during release

.github/actions/publish_helmchart/action.yml

@@ -0,0 +1,46 @@
+name: Release Helm Chart
+description: "Creates a PR in edgelesssys/helm to publish a new Chart."
+
+inputs:
+  chartPath:
+    description: "Path to chart that should be published"
+    required: true
+  githubToken:
+    description: "GitHub token"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      with:
+        repository: edgelesssys/helm
+        ref: main
+        path: helm
+
+    - name: Update s3proxy Chart version
+      id: update-chart-version
+      shell: bash
+      run: |
+        helm package ${{ inputs.chartPath }} --destination helm/stable
+        cd helm
+        helm repo index stable --url https://helm.edgeless.systems/stable
+        echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT
+
+    - name: Create pull request
+      uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
+      with:
+        path: helm
+        branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}"
+        base: main
+        title: "s3proxy: release version ${{ steps.update-chart-version.outputs.version }}"
+        body: |
+          :robot: *This is an automated PR.* :robot:
+
+          This PR is triggered as part of the Constellation [release pipeline](https://github.com/edgelesssys/constellation/actions/runs/${{ github.run_id }}).
+          It adds a new packaged chart to the repo's stable stream.
+        commit-message: "s3proxy: release version ${{ steps.update-chart-version.outputs.version }}"
+        committer: edgelessci <edgelessci@users.noreply.github.com>
+        # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
+        token: ${{ !github.event.pull_request.head.repo.fork && inputs.githubToken || '' }}

.github/workflows/release.yml

@@ -194,6 +194,12 @@ jobs:
             git push
           fi
 
+      - name: Publish s3proxy
+        uses: ./.github/actions/publish_helmchart
+        with:
+          chartPath: ${{ github.workspace }}/s3proxy/deploy/s3proxy
+          githubToken: ${{ secrets.CI_GITHUB_REPOSITORY }}
+
   os-image:
     name: Build OS image
     needs: [verify-inputs, update-versions]

dev-docs/workflows/release.md

@@ -41,10 +41,11 @@ Releases should be performed using [the automated release pipeline](https://gith
    ```
 
 3. wait for the pipeline to finish
-4. while in editing mode for the release, clear the textbox, select the last patch release for the current release branch and click "Generate release notes".
-5. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
-6. in the GitHub release UI, set the tag to create on publish to `$ver`.
-7. publish.
+4. Check the s3proxy PR in the [helm chart repository](https://github.com/edgelesssys/helm/pull/) and approve it if things (esp. the version) look correct. Correct example for reference: https://github.com/edgelesssys/helm/pull/19/files
+5. while in editing mode for the release, clear the textbox, select the last patch release for the current release branch and click "Generate release notes".
+6. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
+7. in the GitHub release UI, set the tag to create on publish to `$ver`.
+8. publish.
 
 ### Minor release
 
@@ -71,10 +72,11 @@ Releases should be performed using [the automated release pipeline](https://gith
    ./constellation status
    ```
 
-5. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes".
-6. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
-7. in the GitHub release UI, set the tag to create on publish to `$ver`.
-8. publish.
+5. Check the s3proxy PR in the [helm chart repository](https://github.com/edgelesssys/helm/pull/) and approve it if things (esp. the version) look correct. Correct example for reference: https://github.com/edgelesssys/helm/pull/19/files
+6. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes".
+7. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
+8. in the GitHub release UI, set the tag to create on publish to `$ver`.
+9. publish.
 
 ## Post release steps
 

docs/docs/workflows/s3proxy.md

@@ -18,14 +18,15 @@ If you want to use s3proxy but these limitations stop you from doing so, conside
 ## Deployment
 
 You can add the s3proxy to your Constellation cluster as follows:
-1. Download the deployment manifest:
+1. Add the Edgeless Systems chart repository:
    ```bash
-   git clone --depth=1 git@github.com:edgelesssys/constellation.git
+   helm repo add edgeless https://helm.edgeless.systems/stable
+   helm repo update
    ```
-2. Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to valid credentials you want s3proxy to use to interact with S3. Inspect `constellation/s3proxy/deploy/s3proxy/values.yaml` to learn about available deployment options.
+2. Set ACCESS_KEY and ACCESS_SECRET to valid credentials you want s3proxy to use to interact with S3.
 3. Deploy s3proxy:
    ```bash
-   helm install s3proxy --set awsAccessKeyID="$AWS_ACCESS_KEY_ID" --set awsSecretAccessKey="$AWS_SECRET_ACCESS_KEY" ./constellation/s3proxy/deploy/s3proxy
+   helm install s3proxy edgeless/s3proxy --set awsAccessKeyID="$ACCESS_KEY" --set awsSecretAccessKey="$ACCESS_SECRET"
    ```
 
 If you want to run a demo application, check out the [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example.

docs/versioned_docs/version-2.12/workflows/s3proxy.md

@@ -18,14 +18,15 @@ If you want to use s3proxy but these limitations stop you from doing so, conside
 ## Deployment
 
 You can add the s3proxy to your Constellation cluster as follows:
-1. Download the deployment manifest:
+1. Add the Edgeless Systems chart repository:
    ```bash
-   wget https://raw.githubusercontent.com/edgelesssys/constellation/main/s3proxy/deploy/deployment-s3proxy.yaml
+   helm repo add edgeless https://helm.edgeless.systems/stable
+   helm repo update
    ```
-2. Replace the values named `replaceme` in `deployment-s3proxy.yaml` with valid AWS credentials. These credentials are used by s3proxy to access your S3 buckets.
+2. Set ACCESS_KEY and ACCESS_SECRET to valid credentials you want s3proxy to use to interact with S3.
 3. Deploy s3proxy:
    ```bash
-   kubectl apply -f deployment-s3proxy.yaml
+   helm install s3proxy edgeless/s3proxy --set awsAccessKeyID="$ACCESS_KEY" --set awsSecretAccessKey="$ACCESS_SECRET"
    ```
 
 If you want to run a demo application, check out the [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example.