-
Notifications
You must be signed in to change notification settings - Fork 0
107 lines (99 loc) · 3.95 KB
/
multi-container-test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Build multiple containers
on:
pull_request:
# Only consider PRs that change files for this asset, including ci scripts
paths:
- '.github/workflows/flake8.yaml'
- '.github/workflows/multi-container-test.yaml'
- 'containers/controller/**'
- 'containers/trino/**'
- 'charts/fizzbuzz/**'
# Make sure all workflows that are "required checks" for a given
# branch protection rule have the same paths: and branches-ignore:
# filters. Otherwise, you can end up in a deadlock waiting on a
# required check that will never be executed.
push:
# Only release off of release and maintenance branches for this asset
branches:
- 'main'
# Only consider pushes that change files for this asset, including ci scripts
paths:
- '.github/workflows/multi-container-test.yaml'
- 'containers/controller/**'
- 'containers/trino/**'
- 'charts/fizzbuzz/**'
permissions:
contents: write
pull-requests: write
actions: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Cancel early on pull requests if new commits are added,
# Don't cancel on release pushes
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
# Job name must be unique across repo to target
# branch protection rules "required checks" properly!
setup:
uses: SwanseaUniversityMedical/workflows/.github/workflows/[email protected]
with:
job-name: setup
release-tag-format: 'v${version}-bulk-release-test'
controller-container:
needs: setup
uses: SwanseaUniversityMedical/workflows/.github/workflows/[email protected]
with:
job-name: controller-container
comment-pr: "true"
comment-release: "true"
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-repo: ${{ vars.HARBOR_PROJECT }}/controller
release-info: ${{ needs.setup.outputs.release-info }}
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
build-file: containers/controller/Dockerfile
build-context: containers/controller
secrets:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}
trino-container:
needs: setup
uses: SwanseaUniversityMedical/workflows/.github/workflows/[email protected]
with:
job-name: trino-container
comment-pr: "true"
comment-release: "true"
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-repo: ${{ vars.HARBOR_PROJECT }}/trino
registry-extra-tag-command: >-
cat containers/trino/Dockerfile | grep -m 1 "ARG BASE_VERSION=" | cut -d "=" -f 2
release-info: ${{ needs.setup.outputs.release-info }}
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
build-file: containers/trino/Dockerfile
build-context: containers/trino
secrets:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}
fizzbuzz-chart:
needs: setup
uses: SwanseaUniversityMedical/workflows/.github/workflows/[email protected]
with:
job-name: fizzbuzz-chart
comment-pr: "true"
comment-release: "true"
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-project: ${{ vars.HARBOR_PROJECT }}
registry-repo: fizzbuzz
release-info: ${{ needs.setup.outputs.release-info }}
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
chart: charts/fizzbuzz
test-command: |
helm template $CHART --debug
secrets:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}