Skip to content

Commit

Permalink
Merge a666dbf into be60482
Browse files Browse the repository at this point in the history
  • Loading branch information
@fiddlermikey
fiddlermikey authored Apr 23, 2024
2 parents be60482 + a666dbf commit 45ee4ef
Show file tree
Hide file tree
Showing 4 changed files with 243 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/generate-readme.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
repository: 'Keyfactor/actions'
path: './actions/'
token: ${{ secrets.token }}
ref: 'v2' # Update this tag for testing new readme templates branches
ref: 'ab#55474-2.5' # Update this tag for testing new readme templates branches
- uses: Keyfactor/[email protected]
name: Merge template and manifest with jinja2
with:
Expand Down
238 changes: 238 additions & 0 deletions .github/workflows/helm-build-and-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,238 @@
name: Container Build

on:
workflow_call:
inputs:
release_version:
description: Condition based on release branch build
required: false
type: string
platform_list:
required: true
description: platform name from input
type: string # like linux/amd64,linux/arm64

secrets:
token:
description: 'Secret token from caller workflow to access private packages'
required: true
env:
REGISTRY: keyfactor

jobs:
setup:
runs-on: ubuntu-latest
outputs:
platform_matrix: ${{ steps.vars.outputs.platform_matrix }}
steps:
- name: Create an array from platform_list input
id: vars
run: echo "platform_matrix=$(jq 'split(",")' -Rc <(echo '${{ inputs.platform_list }}'))" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY
get-release-values:
name: Get Release Properties
runs-on: ubuntu-latest
outputs:
PUSH_IMAGE: ${{ steps.set-vars.outputs.PUSH_IMAGE }}
steps:
- name: Determine IMAGE_PUSH and VERSION
id: set-vars
run: |
if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then
echo "PUSH_IMAGE=true" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
echo "VERSION=${{ inputs.release_version }}" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
else
echo "PUSH_IMAGE=false" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
echo "VERSION=0.0.0" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
fi
run-container-build:
name: Build Containers
runs-on: ubuntu-latest
needs: [setup,get-release-values]
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.setup.outputs.platform_matrix) }}

permissions:
contents: read
packages: write

steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
# Checkout code
# https://github.com/actions/checkout
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{raw}},value=${{ inputs.release_version }}
# Set up QEMU
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

# Login to Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
# registry: ${{ env.REGISTRY }} # Remove for dockerhub
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PWD }}

# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
push: ${{ needs.get-release-values.outputs.PUSH_IMAGE == 'true' }}
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true

# Export digest
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
# Upload digest
- name: Upload digest
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: digests
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1

merge:
runs-on: ubuntu-latest
needs: [get-release-values, run-container-build]
steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
echo "PUSH_IMAGE = ${{ needs.get-release-values.outputs.PUSH_IMAGE }}"
# Download digests
# https://github.com/actions/download-artifact
- name: Download digests
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: digests
path: /tmp/digests

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{raw}},value=${{ inputs.release_version }}
# Login to Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Create manifest list and push if: needs.get-release-values.outputs.PUSH_IMAGE == true
- name: Create manifest list and push
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
- name: Inspect image
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
helm:
runs-on: ubuntu-latest
needs: [get-release-values]
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
# Checkout code
# https://github.com/actions/checkout
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

# Extract metadata (tags, labels) to use in Helm chart
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

# Set version from DOCKER_METADATA_OUTPUT_VERSION as environment variable
- name: Set Version
run: |
echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:8}.0" >> $GITHUB_ENV # Eventually will build this into Keyfactor bootstrap
# Change version and appVersion in Chart.yaml to the tag in the closed PR
- name: Update Helm App/Chart Version
shell: bash
run: |
sed -i "s/^version: .*/version: ${{ inputs.release_version }}/g" deploy/charts/${{ env.IMAGE_NAME }}/Chart.yaml
sed -i "s/^appVersion: .*/appVersion: \"v${{ inputs.release_version }}\"/g" deploy/charts/${{ env.IMAGE_NAME }}/Chart.yaml
# Setup Helm
# https://github.com/Azure/setup-helm
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
token: ${{ secrets.GITHUB_TOKEN }}

# Helm requires an ident name to be set for chart-releaser to work
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
# Build and release Helm chart to GitHub Pages
# https://github.com/helm/chart-releaser-action
- name: Run chart-releaser
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
with:
charts_dir: deploy/charts
2 changes: 1 addition & 1 deletion .github/workflows/starter.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ jobs:

call-update-catalog-workflow:
needs: call-assign-from-json-workflow
if: ${{ needs.call-assign-from-json-workflow.outputs.update_catalog }} == 'true' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
if: needs.call-assign-from-json-workflow.outputs.update_catalog == 'true' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
uses: Keyfactor/actions/.github/workflows/update-catalog.yml@v2
secrets:
token: ${{ secrets.token }}
Expand Down
3 changes: 3 additions & 0 deletions readme-templates/readme.md.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,7 @@
{% endif %}
{# the readme_source.md file should be the general README content in markdown form #}
{% include "readme_source.md" %}
{% if (integration_type == "orchestrator") %}
When creating cert store type manually, that store property names and entry parameter names are case sensitive
{% endif %}

0 comments on commit 45ee4ef

Please sign in to comment.