-
Notifications
You must be signed in to change notification settings - Fork 3
135 lines (118 loc) · 4.45 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
name: Release
on:
pull_request:
paths-ignore:
- "docs/**"
- "**.md"
- ".github/workflows/*"
- "!.github/workflows/release.yaml"
push:
paths-ignore:
- "docs/**"
- "**.md"
- ".github/workflows/*"
- "!.github/workflows/release.yaml"
branches-ignore:
- "dependabot/**"
- "pre-commit-ci-update-config"
- "update-*"
tags:
- "**"
jobs:
# Builds and pushes docker images to quay.io and packages the Helm chart and
# publishes it at 2i2c-org/binderhub-service@gh-pages which is a Helm chart
# repository with a index.yaml file and packaged Helm charts.
#
# ref: https://2i2c.org/binderhub-service/index.yaml
#
release:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
# chartpress needs git history
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Decide to publish or not
id: publishing
shell: python
run: |
import os
repo = "${{ github.repository }}"
event = "${{ github.event_name }}"
ref = "${{ github.event.ref }}"
publishing = ""
if (
repo == "2i2c-org/binderhub-service"
and event == "push"
and (
ref.startswith("refs/tags/")
or ref == "refs/heads/main"
)
):
publishing = "true"
print("Publishing chart")
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"publishing={publishing}\n")
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx (for chartpress multi-arch builds)
uses: docker/setup-buildx-action@v3
- name: Install chart publishing dependencies (chartpress, pyyaml, helm)
run: |
# FIXME: remove this pin, and the one in dev-requirements.txt
pip install requests==2.31.0
pip install chartpress pyyaml
pip list
# helm is already installed
helm version
- name: Generate values.schema.json from values.schema.yaml
run: ./tools/generate-json-schema.py
# chartpress will make a commit when pushing to gh-pages, so we need to
# configure a git user.
- name: Configure a git user
run: |
git config --global user.email "github-actions@example.local"
git config --global user.name "GitHub Actions user"
- name: Setup push rights to Helm chart repository's git repo
# This was setup by...
#
# 1. Generating a private/public key pair:
# ssh-keygen -t ed25519 -C "2i2c-org/binderhub-service" -f /tmp/id_ed25519
#
# 2. Registering the private key (/tmp/id_ed25519) as a secret for this
# repo: https://github.com/2i2c-org/binderhub-service/settings/secrets/actions
#
# 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key
# with push rights for the Helm chart repository's git repo:
# https://github.com/2i2c-org/binderhub-service/settings/keys
#
if: steps.publishing.outputs.publishing
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
echo "${{ secrets.HELM_CHART_REPO_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Setup docker push rights to quay.io
if: steps.publishing.outputs.publishing
run: docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" quay.io
- name: Publish images and chart with chartpress
if: steps.publishing.outputs.publishing
run: ./ci/publish
env:
GITHUB_REPOSITORY: "${{ github.repository }}"
- name: Package chart for actions/upload-artifact
if: steps.publishing.outputs.publishing == ''
run: helm package binderhub-service
# ref: https://github.com/actions/upload-artifact
- uses: actions/upload-artifact@v4
if: steps.publishing.outputs.publishing == ''
with:
name: binderhub-service-${{ github.sha }}
path: "binderhub-service-*.tgz"
if-no-files-found: error