iflytek · jangrui · May 16, 2026 · May 16, 2026 · May 16, 2026 · May 16, 2026
diff --git a/.github/workflows/pr-helm-chart.yml b/.github/workflows/pr-helm-chart.yml
@@ -0,0 +1,146 @@
+name: PR Helm Chart
+
+on:
+  pull_request:
+    paths:
+      - charts/skillhub/**
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  workflow_dispatch:
+
+concurrency:
+  group: pr-helm-chart-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint Chart
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: charts/skillhub
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Lint chart
+        run: helm lint
+
+      - name: Validate chart metadata
+        run: |
+          CHART_VERSION=$(helm show chart . | grep '^version:' | awk '{print $2}')
+          APP_VERSION=$(helm show chart . | grep '^appVersion:' | awk '{print $2}')
+          echo "Chart version: $CHART_VERSION"
+          echo "App version: $APP_VERSION"
+          if [ -z "$CHART_VERSION" ]; then
+            echo "ERROR: Chart version is empty"
+            exit 1
+          fi
+
+  template:
+    name: Template Validation
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: charts/skillhub
+
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - name: internal-default
+            description: 内置 PostgreSQL + Redis
+            args: ""
+          - name: external-db-redis
+            description: 外置 PostgreSQL + Redis
+            args: >
+              --set database.mode=external
+              --set redis.mode=external
+          - name: external-sentinel
+            description: 外置 DB + Redis 哨兵模式
+            args: >
+              --set database.mode=external
+              --set redis.mode=external
+              --set redis.external.sentinel.enabled=true
+              --set redis.external.sentinel.nodes="{10.0.0.1:26379,10.0.0.2:26379}"
+          - name: ingress-tls-certmanager
+            description: Ingress + TLS + cert-manager
+            args: >
+              --set ingress.enabled=true
+              --set ingress.tls.enabled=true
+              --set ingress.certManager.enabled=true
+          - name: s3-storage
+            description: S3 存储
+            args: >
+              --set storage.provider=s3
+              --set storage.s3.bucket=test-bucket
+              --set storage.s3.endpoint=s3.amazonaws.com
+              --set storage.s3.region=us-east-1
+          - name: external-secret
+            description: 引用已有 Secret
+            args: --set existingSecret=my-custom-secret
+          - name: scanner-disabled
+            description: 禁用 Scanner
+            args: --set scanner.enabled=false
+          - name: db-cluster
+            description: PostgreSQL cluster 模式
+            args: --set database.architecture=cluster
+          - name: hpa-pdb
+            description: HPA + PDB 开启
+            args: >
+              --set server.autoscaling.enabled=true
+              --set web.autoscaling.enabled=true
+              --set scanner.autoscaling.enabled=true
+              --set server.podDisruptionBudget.enabled=true
+              --set web.podDisruptionBudget.enabled=true
+              --set scanner.podDisruptionBudget.enabled=true
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Render template - ${{ matrix.scenario.name }}
+        run: |
+          echo "## ${{ matrix.scenario.description }}"
+          helm template test-release . ${{ matrix.scenario.args }} > /dev/null
+          echo "✅ Template rendered successfully"
+
+      - name: Validate no empty resources
+        run: |
+          RESOURCES=$(helm template test-release . ${{ matrix.scenario.args }} | grep -c '^kind:')
+          echo "Rendered $RESOURCES resources for ${{ matrix.scenario.name }}"
+          if [ "$RESOURCES" -eq 0 ]; then
+            echo "ERROR: No resources rendered for ${{ matrix.scenario.name }}"
+            exit 1
+          fi
+
+      - name: Validate resource names are well-formed
+        run: |
+          helm template test-release . ${{ matrix.scenario.args }} | \
+            grep -E '^  name:' | \
+            while read -r line; do
+              if echo "$line" | grep -qP '\{\{'; then
+                echo "ERROR: Unrendered template in name: $line"
+                exit 1
+              fi
+            done
+          echo "✅ All resource names properly rendered"
diff --git a/.github/workflows/publish-helm-chart.yml b/.github/workflows/publish-helm-chart.yml
@@ -0,0 +1,81 @@
+name: Publish Helm Chart
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+concurrency:
+  group: publish-helm-chart-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  package:
+    name: Package and Publish
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: charts/skillhub
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Extract chart version from tag
+        id: chartver
+        run: |
+          REF="${{ github.ref_name }}"
+          # Support helm-vX.Y.Z, chart-vX.Y.Z, or just vX.Y.Z tags
+          if [[ "$REF" =~ ^(helm|chart)-v?([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
+            VERSION="${BASH_REMATCH[2]}"
+          elif [[ "$REF" =~ ^v?([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
+            VERSION="${BASH_REMATCH[1]}"
+          else
+            # Fallback: use chart.yaml version
+            VERSION=$(helm show chart . | grep '^version:' | awk '{print $2}')
+          fi
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "Packaging chart version: $VERSION"
+
+      - name: Lint chart
+        run: helm lint
+
+      - name: Package chart
+        run: |
+          helm package . --version "${{ steps.chartver.outputs.version }}" \
+            --destination /tmp/helm-charts
+          echo "Packaged:"
+          ls -la /tmp/helm-charts/
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push chart to GHCR OCI
+        run: |
+          helm push /tmp/helm-charts/skillhub-${{ steps.chartver.outputs.version }}.tgz \
+            oci://ghcr.io/${{ github.repository_owner }}/charts
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: /tmp/helm-charts/skillhub-${{ steps.chartver.outputs.version }}.tgz
+
+      - name: Upload chart artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: skillhub-${{ steps.chartver.outputs.version }}.tgz
+          path: /tmp/helm-charts/skillhub-${{ steps.chartver.outputs.version }}.tgz
+          retention-days: 90
diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml
@@ -0,0 +1,89 @@
+name: Release Helm Chart
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+concurrency:
+  group: release-helm-chart
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  release:
+    if: ${{ !startsWith(github.ref_name, 'chart-v') }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Extract version
+        id: version
+        run: |
+          REF="${{ github.ref_name }}"
+          APP="${REF#v}"
+          echo "app=$APP" >> "$GITHUB_OUTPUT"
+
+      - name: Update Chart.yaml appVersion
+        id: chart
+        working-directory: charts/skillhub
+        run: |
+          CHART_VER=$(helm show chart . | grep '^version:' | awk '{print $2}')
+          echo "chartVersion=$CHART_VER" >> "$GITHUB_OUTPUT"
+          echo "appVersion=${{ steps.version.outputs.app }}" >> "$GITHUB_OUTPUT"
+
+          sed -i "s/^appVersion:.*/appVersion: ${{ steps.version.outputs.app }}/" Chart.yaml
+
+      - name: Validate chart
+        working-directory: charts/skillhub
+        run: helm lint
+
+      - name: Commit and push to main
+        run: |
+          git config user.name "skillhub-bot"
+          git config user.email "bot@skillhub.dev"
+          git checkout -b release-tmp
+          git add charts/skillhub/Chart.yaml
+          git commit -m "chore: update appVersion to ${{ steps.version.outputs.app }}"
+          git push origin HEAD:main
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Package and publish chart
+        working-directory: charts/skillhub
+        run: |
+          helm package . --version "${{ steps.chart.outputs.chartVersion }}" \
+            --destination /tmp/helm-charts
+          helm push /tmp/helm-charts/skillhub-${{ steps.chart.outputs.chartVersion }}.tgz \
+            oci://ghcr.io/${{ github.repository_owner }}/charts
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: /tmp/helm-charts/skillhub-${{ steps.chart.outputs.chartVersion }}.tgz
+
+      - name: Upload chart artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: skillhub-${{ steps.chart.outputs.chartVersion }}.tgz
+          path: /tmp/helm-charts/skillhub-${{ steps.chart.outputs.chartVersion }}.tgz
+          retention-days: 90
+
diff --git a/charts/skillhub/.helmignore b/charts/skillhub/.helmignore
@@ -0,0 +1,24 @@
+# OS files
+.DS_Store
+Thumbs.db
+
+# Editors / IDEs
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Local tooling
+.claude/
+CLAUDE.md
+
+# Git
+.git/
+.gitignore
+.gitattributes
+
+# CI
+.github/
+
+# Template artifacts
+*.tgz
diff --git a/charts/skillhub/Chart.yaml b/charts/skillhub/Chart.yaml
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: skillhub
+description: Self-hosted, open-source agent skill registry for enterprises.
+type: application
+version: 0.1.0
+appVersion: 0.2.8
+keywords:
+  - skillhub
+  - ai
+  - skills
+home: https://github.com/iflytek/skillhub
+sources:
+  - https://github.com/iflytek/skillhub