Skip to content

Publish Kubernetes Schemas #763

Publish Kubernetes Schemas

Publish Kubernetes Schemas #763

---
name: "Publish Kubernetes Schemas"
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
push:
branches: ["main"]
paths: [".github/workflows/publish-kubernetes-schemas.yaml"]
env:
IMAGE_REGISTRY: ghcr.io
jobs:
publish-kubernetes-schemas:
name: Publish Kubernetes Schemas
runs-on: ["self-hosted"]
steps:
- name: Setup Kube Tools
uses: yokawasa/action-setup-kube-tools@9e25a4277af127b60011c95b6ed2da7e3b3613b1 # v0.11.2
with:
setup-tools: |
kubectl
- name: Setup Flux
uses: fluxcd/flux2/action@5350425cdcd5fa015337e09fa502153c0275bd4b # v2.4.0
- name: Setup Python
uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0
with:
python-version: "3.11"
- name: Setup QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup crd-extractor
uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # v1.11
with:
repository: datreeio/CRDs-catalog
latest: true
fileName: crd-extractor.zip
- name: Extract crd-extractor
run: |
unzip -j $GITHUB_WORKSPACE/crd-extractor.zip -d $GITHUB_WORKSPACE
- name: Write kubeconfig
id: kubeconfig
uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2
with:
encodedString: ${{ secrets.KUBECONFIG }}
fileName: kubeconfig
- name: Run crd-extractor
env:
KUBECONFIG: ${{ steps.kubeconfig.outputs.filePath }}
run: |
bash $GITHUB_WORKSPACE/crd-extractor.sh
- name: Publish schemas as OCI
run: |
flux push artifact oci://ghcr.io/cftechwiz/kubernetes-schemas-oci:latest \
--path="/home/runner/.datree/crdSchemas" \
--source="${{ github.repositoryUrl }}" \
--revision="main"
- name: Write nginx-unprivileged Dockerfile
run: |
cat <<EOF > /home/runner/.datree/crdSchemas/Dockerfile
FROM docker.io/nginxinc/nginx-unprivileged:latest
COPY --chown=nginx:nginx --chmod=755 . /usr/share/nginx/html
USER nginx
EOF
- name: Publish schemas as web container
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: /home/runner/.datree/crdSchemas
platforms: linux/amd64,linux/arm64
file: /home/runner/.datree/crdSchemas/Dockerfile
push: true
tags: |
${{ env.IMAGE_REGISTRY }}/${{ github.repository_owner }}/kubernetes-schemas-web:latest
cache-from: type=gha
cache-to: type=gha,mode=max
labels: |
org.opencontainers.image.source="https://github.com/cftechwiz/homelab-ops"
org.opencontainers.image.authors="Colin Fallwell <[email protected]>"