Netcracker · Tvion · Jun 24, 2026 · Jun 23, 2026 · Jun 23, 2026 · Jun 24, 2026
diff --git a/.github/workflows/helm-charts-release.yaml b/.github/workflows/helm-charts-release.yaml
@@ -1,4 +1,5 @@
 ---
+
 name: Helm Charts Release
 on:
   workflow_dispatch:
@@ -7,17 +8,13 @@ on:
         description: 'Release version'
         required: true
         type: string
-
 permissions:
-  contents: write
-  packages: write
+  contents: read
 
 run-name: ${{ github.repository }} Release ${{ github.event.inputs.release }}
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
-
 jobs:
   check-tag:
     runs-on: ubuntu-latest
@@ -32,20 +29,23 @@ jobs:
           check-tag: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   load-docker-build-components:
     runs-on: ubuntu-latest
     outputs:
       component: ${{ steps.load_component.outputs.components }}
       platforms: ${{ steps.load_component.outputs.platforms }}
+    env:
+      CONFIG_FILE: .github/build-config.cfg
     steps:
       - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Load Docker Configuration
         id: load_component
-        run: |
-          verify=$(cat "$GITHUB_WORKSPACE/.github/build-config.cfg" | jq '
+        run:  |
+          verify=$(cat "$GITHUB_WORKSPACE/${CONFIG_FILE}" | jq '
           def verify_structure:
           .components as $components
           | .platforms as $platforms
@@ -56,20 +56,21 @@ jobs:
           | if . then true else false end
           ')
           if [ ${verify} == 'true' ]; then
-            echo "✅ $GITHUB_WORKSPACE/.github/build-config.cfg file is valid"
-            components=$(jq -c ".components" "$GITHUB_WORKSPACE/.github/build-config.cfg")
-            platforms=$(jq -c ".platforms" "$GITHUB_WORKSPACE/.github/build-config.cfg")
+            echo "✅ $GITHUB_WORKSPACE/${CONFIG_FILE} file is valid"
+            components=$(jq -c ".components" "$GITHUB_WORKSPACE/${CONFIG_FILE}")
+            platforms=$(jq -c ".platforms" "$GITHUB_WORKSPACE/${CONFIG_FILE}")
           else
-            echo "❗ $GITHUB_WORKSPACE/.github/build-config.cfg file is invalid"
-            echo "❗ $GITHUB_WORKSPACE/.github/build-config.cfg file is invalid" >> $GITHUB_STEP_SUMMARY
+            echo "❗ $GITHUB_WORKSPACE/${CONFIG_FILE} file is invalid"
+            echo "❗ $GITHUB_WORKSPACE/${CONFIG_FILE} file is invalid" >> $GITHUB_STEP_SUMMARY
             exit 1
           fi
           echo "components=${components}" >> $GITHUB_OUTPUT
           echo "platforms=${platforms}" >> $GITHUB_OUTPUT
 
   docker-check-build:
     needs: [load-docker-build-components, check-tag]
-    runs-on: ubuntu-22.04
+    name: ${{ matrix.component.name }} dry run
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: true
       matrix:
@@ -87,45 +88,67 @@ jobs:
           dry-run: true
           component: ${{ toJson(matrix.component) }}
           platforms: ${{ needs.load-docker-build-components.outputs.platforms }}
-          build-args: PG_VERSION=${{ matrix.component.pg_version }}
           tags: "${{ env.IMAGE_VERSION }}"
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
-  chart-release-prepare:
+  chart-release:
+    permissions:
+      contents: write
+      packages: write
     needs: [check-tag, load-docker-build-components, docker-check-build]
     runs-on: ubuntu-latest
     outputs:
       images-versions: ${{ steps.update-versions.outputs.images-versions }}
+      charts-artifact: ${{ steps.update-versions.outputs.released-chart-atrifact }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
         with:
           fetch-depth: 0
-      - name: "Update versions in values"
+          persist-credentials: true
+
+      - name: "Add github.vars into github.env"
+        env:
+          VARS_JSON: '${{ toJson(vars) }}'
+        run: |
+          echo "${VARS_JSON}" | jq -r 'to_entries|map("\(.key)=\(.value)")|.[]' >> $GITHUB_ENV
+
+      - name: "Chart release"
         id: update-versions
         uses: netcracker/qubership-workflow-hub/actions/charts-values-update-action@8c6dbeb901920bae9f40d7d7b646d8d9127e1ce7 # v2.4.0
         with:
           release-version: ${{ inputs.release }}
           config-file: .github/charts-values-update-config.yaml
-        env:
-          ${{ insert }}: ${{ vars }}
+          default-tag: ${{ inputs.release }}
+          package-charts: true
+          publish-charts: true
+
       - name: "Debug"
+        env:
+          IMAGES_VERSIONS: "${{ steps.update-versions.outputs.images-versions }}"
         run: |
-          echo "Images versions: ${{ steps.update-versions.outputs.images-versions }}"
+          echo "Images versions: ${IMAGES_VERSIONS}"
+          ls -laR
 
   docker-build:
-    needs: [chart-release-prepare, load-docker-build-components]
-    runs-on: ubuntu-22.04
+    name: ${{ matrix.component.name }}
+    permissions:
+      contents: write
+      packages: write
+    needs: [chart-release, load-docker-build-components]
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: true
       matrix:
         component: ${{ fromJson(needs.load-docker-build-components.outputs.component) }}
     steps:
       - name: Get version for current component
         id: get-version
+        env:
+          IMAGE_VER: "${{ fromJson(needs.chart-release.outputs.images-versions)[matrix.component.name] || inputs.release }}"
         run: |
-          echo "IMAGE_VERSION=${{ fromJson(needs.chart-release-prepare.outputs.images-versions)[matrix.component.name] || inputs.release }}" >> $GITHUB_ENV
+          echo "IMAGE_VERSION=${IMAGE_VER}" >> $GITHUB_ENV
 
       - name: Docker build
         uses: netcracker/qubership-workflow-hub/actions/docker-action@8c6dbeb901920bae9f40d7d7b646d8d9127e1ce7 # v2.4.0
@@ -135,55 +158,49 @@ jobs:
           dry-run: false
           component: ${{ toJson(matrix.component) }}
           platforms: ${{ needs.load-docker-build-components.outputs.platforms }}
-          build-args: PG_VERSION=${{ matrix.component.pg_version }}
           tags: "${{ env.IMAGE_VERSION }},latest"
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
-  charts-release:
-    needs: [docker-build]
+  github-release:
+    permissions:
+      contents: write
+      packages: write
+    needs: [chart-release, docker-build]
     continue-on-error: false
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: "Checkout code"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
         with:
           fetch-depth: 0
           ref: release-${{ inputs.release }}
-
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-      - name: Run chart-releaser
-        uses: netcracker/chart-releaser-action@ec6582488ed05a759813cbeb6e56c33b541f56a8 # main
-        with:
-          charts_dir: operator/charts/
-          release_name_template: "{{ .Version }}"
-          skip_existing: true
-          skip_upload: true
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          persist-credentials: true
 
       - name: Wait a second for chart-releaser to finish
         run: sleep 10
 
       - name: "Release-drafter"
-        uses: netcracker/release-drafter@130c08399304912ffe90e9604e4328f2fdcd7619 # v1.0.1
+        uses: netcracker/release-drafter@v1.0.1
         with:
           config-name: release-drafter-config.yml
           publish: true
           name: ${{ inputs.release }}
           tag: ${{ inputs.release }}
           version: ${{ inputs.release }}
+          commitish: release-${{ inputs.release }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Upload Assets
+      - name: "Download released charts"
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
+        with:
+          artifact-ids: ${{ needs.chart-release.outputs.charts-artifact }}
+
+      - name: "Upload Assets"
         uses: netcracker/qubership-workflow-hub/actions/assets-action@8c6dbeb901920bae9f40d7d7b646d8d9127e1ce7 # v2.4.0
         with:
           tag: ${{ inputs.release }}
-          item-path: .cr-release-packages/*.tgz
+          item-path: "./*.tgz"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}