diff --git a/.github/workflows/generate-readme.yml b/.github/workflows/generate-readme.yml index fbff3b3..a938164 100644 --- a/.github/workflows/generate-readme.yml +++ b/.github/workflows/generate-readme.yml @@ -22,7 +22,7 @@ jobs: repository: 'Keyfactor/actions' path: './actions/' token: ${{ secrets.token }} - ref: 'v2' # Update this tag for testing new readme templates branches + ref: 'ab#55474-2.5' # Update this tag for testing new readme templates branches - uses: Keyfactor/jinja2-action@v1.2.0-multiple-data-files name: Merge template and manifest with jinja2 with: diff --git a/.github/workflows/helm-build-and-release.yml b/.github/workflows/helm-build-and-release.yml new file mode 100644 index 0000000..3d5e5aa --- /dev/null +++ b/.github/workflows/helm-build-and-release.yml @@ -0,0 +1,238 @@ +name: Container Build + +on: + workflow_call: + inputs: + release_version: + description: Condition based on release branch build + required: false + type: string + platform_list: + required: true + description: platform name from input + type: string # like linux/amd64,linux/arm64 + + secrets: + token: + description: 'Secret token from caller workflow to access private packages' + required: true +env: + REGISTRY: keyfactor + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + platform_matrix: ${{ steps.vars.outputs.platform_matrix }} + steps: + - name: Create an array from platform_list input + id: vars + run: echo "platform_matrix=$(jq 'split(",")' -Rc <(echo '${{ inputs.platform_list }}'))" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY + get-release-values: + name: Get Release Properties + runs-on: ubuntu-latest + outputs: + PUSH_IMAGE: ${{ steps.set-vars.outputs.PUSH_IMAGE }} + steps: + - name: Determine IMAGE_PUSH and VERSION + id: set-vars + run: | + if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then + echo "PUSH_IMAGE=true" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + echo "VERSION=${{ inputs.release_version }}" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + else + echo "PUSH_IMAGE=false" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + echo "VERSION=0.0.0" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + fi + + run-container-build: + name: Build Containers + runs-on: ubuntu-latest + needs: [setup,get-release-values] + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.setup.outputs.platform_matrix) }} + + permissions: + contents: read + packages: write + + steps: + - name: Set IMAGE_NAME + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + # Checkout code + # https://github.com/actions/checkout + - name: Checkout code + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{raw}},value=${{ inputs.release_version }} + + # Set up QEMU + # https://github.com/docker/setup-qemu-action + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Login to Docker registry + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + # registry: ${{ env.REGISTRY }} # Remove for dockerhub + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PWD }} + + # Build and push Docker image with Buildx + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ needs.get-release-values.outputs.PUSH_IMAGE == 'true' }} + outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true + + # Export digest + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + # Upload digest + - name: Upload digest + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: [get-release-values, run-container-build] + steps: + - name: Set IMAGE_NAME + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "PUSH_IMAGE = ${{ needs.get-release-values.outputs.PUSH_IMAGE }}" + + # Download digests + # https://github.com/actions/download-artifact + - name: Download digests + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: digests + path: /tmp/digests + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{raw}},value=${{ inputs.release_version }} + + # Login to Docker registry + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Create manifest list and push if: needs.get-release-values.outputs.PUSH_IMAGE == true + - name: Create manifest list and push + if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) + + - name: Inspect image + if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' + run: | + docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} + + helm: + runs-on: ubuntu-latest + needs: [get-release-values] + if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' + steps: + - name: Set IMAGE_NAME + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + # Checkout code + # https://github.com/actions/checkout + - name: Checkout code + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + # Extract metadata (tags, labels) to use in Helm chart + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Set version from DOCKER_METADATA_OUTPUT_VERSION as environment variable + - name: Set Version + run: | + echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:8}.0" >> $GITHUB_ENV # Eventually will build this into Keyfactor bootstrap + + # Change version and appVersion in Chart.yaml to the tag in the closed PR + - name: Update Helm App/Chart Version + shell: bash + run: | + sed -i "s/^version: .*/version: ${{ inputs.release_version }}/g" deploy/charts/${{ env.IMAGE_NAME }}/Chart.yaml + sed -i "s/^appVersion: .*/appVersion: \"v${{ inputs.release_version }}\"/g" deploy/charts/${{ env.IMAGE_NAME }}/Chart.yaml + + # Setup Helm + # https://github.com/Azure/setup-helm + - name: Install Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + # Helm requires an ident name to be set for chart-releaser to work + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + # Build and release Helm chart to GitHub Pages + # https://github.com/helm/chart-releaser-action + - name: Run chart-releaser + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + charts_dir: deploy/charts \ No newline at end of file diff --git a/.github/workflows/starter.yml b/.github/workflows/starter.yml index 7f2a776..8df7ba8 100644 --- a/.github/workflows/starter.yml +++ b/.github/workflows/starter.yml @@ -132,7 +132,7 @@ jobs: call-update-catalog-workflow: needs: call-assign-from-json-workflow - if: ${{ needs.call-assign-from-json-workflow.outputs.update_catalog }} == 'true' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') + if: needs.call-assign-from-json-workflow.outputs.update_catalog == 'true' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') uses: Keyfactor/actions/.github/workflows/update-catalog.yml@v2 secrets: token: ${{ secrets.token }} diff --git a/readme-templates/readme.md.tpl b/readme-templates/readme.md.tpl index 1c2739f..9f25dc3 100644 --- a/readme-templates/readme.md.tpl +++ b/readme-templates/readme.md.tpl @@ -34,4 +34,7 @@ {% endif %} {# the readme_source.md file should be the general README content in markdown form #} {% include "readme_source.md" %} +{% if (integration_type == "orchestrator") %} +When creating cert store type manually, that store property names and entry parameter names are case sensitive +{% endif %} diff --git a/readme-templates/readme_platform_orchestrator.md b/readme-templates/readme_platform_orchestrator.md index 12b4eb1..bca6129 100644 --- a/readme-templates/readme_platform_orchestrator.md +++ b/readme-templates/readme_platform_orchestrator.md @@ -10,7 +10,7 @@ The Keyfactor Universal Orchestrator may be installed on either Windows or Linux |Supports Management Remove|{% if about.orchestrator.win.supportsManagementRemove %}✓{% else %} {% endif %} |{% if about.orchestrator.linux.supportsManagementRemove %}✓{% else %} {% endif %} | |Supports Create Store|{% if about.orchestrator.win.supportsCreateStore %}✓{% else %} {% endif %} |{% if about.orchestrator.linux.supportsCreateStore %}✓{% else %} {% endif %} | |Supports Discovery|{% if about.orchestrator.win.supportsDiscovery %}✓{% else %} {% endif %} |{% if about.orchestrator.linux.supportsDiscovery %}✓{% else %} {% endif %} | -|Supports Renrollment|{% if about.orchestrator.win.supportsReenrollment %}✓{% else %} {% endif %} |{% if about.orchestrator.linux.supportsReenrollment %}✓{% else %} {% endif %} | +|Supports Reenrollment|{% if about.orchestrator.win.supportsReenrollment %}✓{% else %} {% endif %} |{% if about.orchestrator.linux.supportsReenrollment %}✓{% else %} {% endif %} | |Supports Inventory|{% if about.orchestrator.win.supportsInventory %}✓{% else %} {% endif %} |{% if about.orchestrator.linux.supportsInventory %}✓{% else %} {% endif %} | {% if about.orchestrator.pam_support %}