feat: Support OCI registries #261

Workflow file for this run

.github/workflows/pr_cockpit.yml at 9e933ef

	---
	name: Pull Request Cockpit

	on:
	pull_request:
	paths:
	- ".github/workflows/pr_cockpit.yml"
	- "rust/stackable-cockpitd/**"
	- "rust/stackable-cockpit/**"
	- "docs/modules/cockpit/**"
	- "docs/modules/ROOT/**"
	- "Cargo.lock"
	- "deploy/**"
	- "docker/**"
	- "go.sum"

	env:
	RUST_VERSION: 1.83.0
	GO_VERSION: '^1.22.5'
	CARGO_TERM_COLOR: always
	CARGO_INCREMENTAL: "0"
	CARGO_PROFILE_DEV_DEBUG: "0"
	RUSTFLAGS: "-D warnings"
	RUSTDOCFLAGS: "-D warnings"
	RUST_LOG: "info"
	DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev

	jobs:
	general-checks:
	name: General Pull Request Checks
	uses: ./.github/workflows/pr_general.yml

	check-charts:
	name: Helm Chart Check
	runs-on: ubuntu-latest
	needs:
	- general-checks
	steps:
	- name: Checkout Repository
	uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
	with:
	submodules: recursive

	- name: Setup Helm
	uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
	with:
	version: v3.6.2

	- name: Setup Rust
	uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
	with:
	toolchain: ${{ env.RUST_VERSION }}

	- name: Setup Rust Cache
	uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
	with:
	key: pr-stackable-cockpit-chart

	- name: Regenerate Charts
	run: make regenerate-charts

	- name: Checking that Helm Charts are up-to-date
	run: git diff --exit-code

	- name: Helm Charts not up-to-date
	if: ${{ failure() }}
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
	with:
	script: \|
	core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!')

	publish:
	name: Publish ${{ matrix.runner.arch }} Image
	permissions:
	id-token: write
	runs-on: ${{ matrix.runner.name }}
	strategy:
	matrix:
	runner:
	- {name: "ubuntu-latest", arch: "amd64"}
	- {name: "ubicloud-standard-8-arm", arch: "arm64"}
	env:
	NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
	OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
	OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
	OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
	OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
	outputs:
	IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
	needs:
	- check-charts
	steps:
	- name: Checkout Repository
	uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
	with:
	submodules: recursive
	- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # tag=v25

	- name: Setup Rust
	uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
	with:
	toolchain: ${{ env.RUST_VERSION }}

	- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Install cosign
	uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0

	- name: Install syft
	uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2

	- name: Setup Rust Cache
	uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
	with:
	key: pr-stackable-cockpit-chart

	- name: Update Version
	run: \|
	cargo install cargo-edit --version 0.11.11
	cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }}

	# Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the
	# default value in the makefile if called from this action, but not otherwise (i.e. when called locally).
	# This is needed for the HELM_REPO variable.
	- name: Build Docker Image and Helm Chart
	run: make -e build
	- name: Publish Docker Image and Helm Chart
	if: ${{ !github.event.pull_request.head.repo.fork }}
	run: make -e publish
	- id: printtag
	if: ${{ !github.event.pull_request.head.repo.fork }}
	name: Output Image Name and Tag
	run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT"

	create_manifest_list:
	name: Build and publish manifest list
	needs:
	- publish
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	env:
	NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
	OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
	OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
	OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
	OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
	steps:
	- name: Install cosign
	uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	submodules: recursive
	# This step checks if the current run was triggered by a push to a pr (or a pr being created).
	# If this is the case it changes the version of this project in all Cargo.toml files to include the suffix
	# "-pr<prnumber>" so that the published artifacts can be linked to this PR.
	- uses: stackabletech/cargo-install-action@main
	with:
	crate: cargo-edit
	bin: cargo-set-version
	- name: Update version if PR
	if: ${{ github.event_name == 'pull_request' }}
	run: cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }}
	- name: Build manifest list
	run: \|
	# Creating manifest list
	make -e docker-manifest-list-build
	# Pushing and signing manifest list
	make -e docker-manifest-list-publish

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Support OCI registries #261

Workflow file

feat: Support OCI registries #261

Jobs

Run details

Workflow file for this run