Merge pull request #139 from 2i2c-org/update-image-requirements #253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a GitHub workflow defining a set of jobs with a set of steps. | |
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
# | |
name: Release | |
on: | |
pull_request: | |
paths-ignore: | |
- "docs/**" | |
- "**.md" | |
- ".github/workflows/*" | |
- "!.github/workflows/release.yaml" | |
push: | |
paths-ignore: | |
- "docs/**" | |
- "**.md" | |
- ".github/workflows/*" | |
- "!.github/workflows/release.yaml" | |
branches-ignore: | |
- "dependabot/**" | |
- "pre-commit-ci-update-config" | |
- "update-*" | |
tags: | |
- "**" | |
jobs: | |
# Builds and pushes docker images to quay.io and packages the Helm chart and | |
# publishes it at 2i2c-org/binderhub-service@gh-pages which is a Helm chart | |
# repository with a index.yaml file and packaged Helm charts. | |
# | |
# ref: https://2i2c.org/binderhub-service/index.yaml | |
# | |
release: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# chartpress needs git history | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
- name: Decide to publish or not | |
id: publishing | |
shell: python | |
run: | | |
import os | |
repo = "${{ github.repository }}" | |
event = "${{ github.event_name }}" | |
ref = "${{ github.event.ref }}" | |
publishing = "" | |
if ( | |
repo == "2i2c-org/binderhub-service" | |
and event == "push" | |
and ( | |
ref.startswith("refs/tags/") | |
or ref == "refs/heads/main" | |
) | |
): | |
publishing = "true" | |
print("Publishing chart") | |
with open(os.environ["GITHUB_OUTPUT"], "a") as f: | |
f.write(f"publishing={publishing}\n") | |
- name: Set up QEMU (for docker buildx) | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx (for chartpress multi-arch builds) | |
uses: docker/setup-buildx-action@v3 | |
- name: Install chart publishing dependencies (chartpress, pyyaml, helm) | |
run: | | |
# FIXME: remove this pin, and the one in dev-requirements.txt | |
pip install requests==2.31.0 | |
pip install chartpress pyyaml | |
pip list | |
# helm is already installed | |
helm version | |
- name: Generate values.schema.json from values.schema.yaml | |
run: ./tools/generate-json-schema.py | |
# chartpress will make a commit when pushing to gh-pages, so we need to | |
# configure a git user. | |
- name: Configure a git user | |
run: | | |
git config --global user.email "github-actions@example.local" | |
git config --global user.name "GitHub Actions user" | |
- name: Setup push rights to Helm chart repository's git repo | |
# This was setup by... | |
# | |
# 1. Generating a private/public key pair: | |
# ssh-keygen -t ed25519 -C "2i2c-org/binderhub-service" -f /tmp/id_ed25519 | |
# | |
# 2. Registering the private key (/tmp/id_ed25519) as a secret for this | |
# repo: https://github.com/2i2c-org/binderhub-service/settings/secrets/actions | |
# | |
# 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key | |
# with push rights for the Helm chart repository's git repo: | |
# https://github.com/2i2c-org/binderhub-service/settings/keys | |
# | |
if: steps.publishing.outputs.publishing | |
run: | | |
mkdir -p ~/.ssh | |
ssh-keyscan github.com >> ~/.ssh/known_hosts | |
echo "${{ secrets.HELM_CHART_REPO_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
- name: Setup docker push rights to quay.io | |
if: steps.publishing.outputs.publishing | |
run: docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" quay.io | |
- name: Publish images and chart with chartpress | |
if: steps.publishing.outputs.publishing | |
run: ./ci/publish | |
env: | |
GITHUB_REPOSITORY: "${{ github.repository }}" | |
- name: Package chart for actions/upload-artifact | |
if: steps.publishing.outputs.publishing == '' | |
run: helm package binderhub-service | |
# ref: https://github.com/actions/upload-artifact | |
- uses: actions/upload-artifact@v4 | |
if: steps.publishing.outputs.publishing == '' | |
with: | |
name: binderhub-service-${{ github.sha }} | |
path: "binderhub-service-*.tgz" | |
if-no-files-found: error |