ci: update helm release to use vault

Author: yorugac

.github/workflows/helm-release.yaml

@@ -1,6 +1,9 @@
 
 name: Helm release
-permissions: {}
+# These permissions are needed to assume roles from Github's OIDC.
+permissions:
+  contents: read
+  id-token: write
 
 on:
   workflow_dispatch: {}
@@ -55,12 +58,26 @@ jobs:
   call-update-helm-repo:
     needs:
       - generate-chart-schema
-    uses: grafana/helm-charts/.github/workflows/update-helm-repo.yaml@main
-    with:
-      charts_dir: charts
-      cr_configfile: charts/cr.yaml
-      ct_configfile: charts/ct.yaml
-      helm_tag_prefix: helm
-    secrets:
-      github_app_id: ${{ secrets.K6_OPERATOR_HELM_RELEASE_APP_ID }}
-      github_app_pem: ${{ secrets.K6_OPERATOR_HELM_RELEASE_PEM_KEY }}
+    steps:
+      - id: get-secrets
+        uses: grafana/shared-workflows/actions/[email protected]
+        with:
+          repo_secrets: |
+            APP_ID=github-app:app-id
+            APP_PRIVATE_KEY=github-app:private-key
+          # Set to false to get secrets as outputs instead of environment variables
+          export_env: false
+
+      - id: publish-helm-release
+        env:
+          K6_OPERATOR_HELM_RELEASE_APP_ID: ${{ fromJSON(steps.get-secrets.outputs.secrets).APP_ID }}
+          K6_OPERATOR_HELM_RELEASE_PEM_KEY: ${{ fromJSON(steps.get-secrets.outputs.secrets).APP_PRIVATE_KEY }}
+        uses: grafana/helm-charts/.github/workflows/update-helm-repo.yaml@main
+        with:
+          charts_dir: charts
+          cr_configfile: charts/cr.yaml
+          ct_configfile: charts/ct.yaml
+          helm_tag_prefix: helm
+        secrets:
+          github_app_id: ${K6_OPERATOR_HELM_RELEASE_APP_ID}
+          github_app_pem: ${K6_OPERATOR_HELM_RELEASE_PEM_KEY}