Add back the trusty rule_type and an example to profile.yaml (#1488) #633

	# Post-submit and daily build and publish of the Helm chart and Docker container
	# This is a separate workflow than image-build.yml because image-build.yml is
	# run in the PR context, and those runs aren't allowed package:write permissions if
	# the source is a fork(GitHub errors and invalidates the entire workflow if you try).
	name: Publish Helm Chart
	on:
	push:
	branches:
	- main

	schedule:
	# Weekdays at noon GMT
	- cron: '00 12 * * 1-5'

	jobs:
	check-helm:
	name: Build Helm chart
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write

	env:
	BASE_REPO: "ghcr.io/stacklok/minder"


	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Go
	uses: actions/setup-go@v4
	with:
	go-version-file: 'go.mod'

	- uses: ko-build/[email protected]

	- uses: azure/setup-helm@v3
	with:
	version: v3.12.2

	- name: Compute version number
	id: version-string
	run: \|
	DATE="$(date +%Y%m%d)"
	COMMIT="$(git rev-parse --short HEAD)"
	echo "tag=0.$DATE.$GITHUB_RUN_NUMBER+ref.$COMMIT" >> "$GITHUB_OUTPUT"

	- name: Build images and Helm Chart
	run: \|
	KO_DOCKER_REPO=$BASE_REPO make helm
	env:
	KO_PUSH_IMAGE: "true"
	HELM_PACKAGE_VERSION: "${{ steps.version-string.outputs.tag }}"

	- name: Helm Login
	# ko can pick up tokens ambiently from the GitHub Actions environment, but
	# Helm needs explicit login
	run: \|
	helm registry login $BASE_REPO --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }}

	- name: Push Helm Chart
	run: \|
	cd deployment/helm
	helm push minder-*.tgz oci://$BASE_REPO/helm

Provide feedback