-
Notifications
You must be signed in to change notification settings - Fork 3
172 lines (153 loc) · 6.17 KB
/
pr_cockpit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
name: Pull Request Cockpit
on:
pull_request:
paths:
- ".github/workflows/pr_cockpit.yml"
- "rust/stackable-cockpitd/**"
- "rust/stackable-cockpit/**"
- "docs/modules/cockpit/**"
- "docs/modules/ROOT/**"
- "Cargo.lock"
- "deploy/**"
- "docker/**"
- "go.sum"
env:
RUST_VERSION: 1.83.0
GO_VERSION: '^1.22.5'
CARGO_TERM_COLOR: always
CARGO_INCREMENTAL: "0"
CARGO_PROFILE_DEV_DEBUG: "0"
RUSTFLAGS: "-D warnings"
RUSTDOCFLAGS: "-D warnings"
RUST_LOG: "info"
DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev
jobs:
general-checks:
name: General Pull Request Checks
uses: ./.github/workflows/pr_general.yml
check-charts:
name: Helm Chart Check
runs-on: ubuntu-latest
needs:
- general-checks
steps:
- name: Checkout Repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
submodules: recursive
- name: Setup Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.6.2
- name: Setup Rust
uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
with:
toolchain: ${{ env.RUST_VERSION }}
- name: Setup Rust Cache
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
with:
key: pr-stackable-cockpit-chart
- name: Regenerate Charts
run: make regenerate-charts
- name: Checking that Helm Charts are up-to-date
run: git diff --exit-code
- name: Helm Charts not up-to-date
if: ${{ failure() }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!')
publish:
name: Publish ${{ matrix.runner.arch }} Image
permissions:
id-token: write
runs-on: ${{ matrix.runner.name }}
strategy:
matrix:
runner:
- {name: "ubuntu-latest", arch: "amd64"}
- {name: "ubicloud-standard-8-arm", arch: "arm64"}
env:
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
outputs:
IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
needs:
- check-charts
steps:
- name: Checkout Repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
submodules: recursive
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # tag=v25
- name: Setup Rust
uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
with:
toolchain: ${{ env.RUST_VERSION }}
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Install syft
uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
- name: Setup Rust Cache
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
with:
key: pr-stackable-cockpit-chart
- name: Update Version
run: |
cargo install cargo-edit --version 0.11.11
cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }}
# Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the
# default value in the makefile if called from this action, but not otherwise (i.e. when called locally).
# This is needed for the HELM_REPO variable.
- name: Build Docker Image and Helm Chart
run: make -e build
- name: Publish Docker Image and Helm Chart
if: ${{ !github.event.pull_request.head.repo.fork }}
run: make -e publish
- id: printtag
if: ${{ !github.event.pull_request.head.repo.fork }}
name: Output Image Name and Tag
run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT"
create_manifest_list:
name: Build and publish manifest list
needs:
- publish
runs-on: ubuntu-latest
permissions:
id-token: write
env:
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
steps:
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
# This step checks if the current run was triggered by a push to a pr (or a pr being created).
# If this is the case it changes the version of this project in all Cargo.toml files to include the suffix
# "-pr<prnumber>" so that the published artifacts can be linked to this PR.
- uses: stackabletech/cargo-install-action@main
with:
crate: cargo-edit
bin: cargo-set-version
- name: Update version if PR
if: ${{ github.event_name == 'pull_request' }}
run: cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }}
- name: Build manifest list
run: |
# Creating manifest list
make -e docker-manifest-list-build
# Pushing and signing manifest list
make -e docker-manifest-list-publish