π Release #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tagVersion: | |
| description: "Tag Version (semver - x.x.x)" | |
| required: true | |
| jobs: | |
| check-branches: | |
| name: Check branches | |
| runs-on: self-hosted | |
| steps: | |
| - name: Check branch | |
| run: | | |
| if [[ "${{ github.ref_name }}" != "${{ github.event.repository.default_branch }}" ]]; then | |
| echo "This action can only be run on the ${{ github.event.repository.default_branch }} branch" | |
| exit 1 | |
| fi | |
| ci: | |
| needs: check-branches | |
| name: Continuous Integration | |
| uses: ./.github/workflows/__shared-ci.yml | |
| permissions: | |
| contents: read | |
| id-token: write | |
| issues: read | |
| packages: write | |
| pull-requests: read | |
| update_release_draft: | |
| # we want to publish a new tag only if ci succeeds | |
| needs: ci | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| runs-on: self-hosted | |
| steps: | |
| - id: update_release_draft | |
| uses: release-drafter/release-drafter@v6 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| publish: true | |
| disable-autolabeler: true | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: "ghcr.io" | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: "docker.io" | |
| username: ${{ secrets.DOCKERHUB_REGISTRY_USER }} | |
| password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }} | |
| - name: Push built images to Docker.io | |
| run: | | |
| APP_IMAGE="${{ fromJson(needs.ci.outputs.built-images).app.images[0] }}" | |
| docker pull "$APP_IMAGE" | |
| APP_TAG="${{ steps.update_release_draft.outputs.tag_name }}" | |
| APP_REGISTRY_PATH="docker.io/webofmars" | |
| APP_DOCKERIO_IMAGE="${APP_REGISTRY_PATH}/http-header-authenticator:$APP_TAG" | |
| docker tag "$APP_IMAGE" "$APP_DOCKERIO_IMAGE" | |
| docker push "$APP_DOCKERIO_IMAGE" | |
| helm-push: | |
| name: π·ββοΈ Run helm push | |
| needs: ci | |
| runs-on: self-hosted | |
| steps: | |
| # Get a local copy of the code | |
| - uses: actions/checkout@v4 | |
| # install tools with asdf | |
| - name: π¦ Install tools with asdf | |
| uses: asdf-vm/actions/install@v3 | |
| # login to harbor repo | |
| - name: π Login to harbor repo | |
| run: | | |
| echo "+ login to harbor OCI registry" | |
| helm registry login ${HARBOR_REGISTRY} -u "${HARBOR_REGISTRY_USER}" -p "${HARBOR_REGISTRY_PASSWORD}" | |
| env: | |
| HARBOR_REGISTRY_USER: ${{ secrets.HARBOR_REGISTRY_USER }} | |
| HARBOR_REGISTRY_PASSWORD: ${{ secrets.HARBOR_REGISTRY_PASSWORD }} | |
| HARBOR_REGISTRY: harbor.hoverkraft.cloud | |
| # Push the chart | |
| - name: β Push Helm Chart to Harbor registry | |
| uses: hoverkraft-tech/[email protected] | |
| with: | |
| useOCIRegistry: true | |
| username: ${{ secrets.HARBOR_REGISTRY_USER }} | |
| # NOTE: access-token is the password for OCI registry | |
| # cf https://github.com/bsord/helm-push/blob/5ec3320fb5720a0a5aa210d871999f2b836f2d97/entrypoint.sh#L37 | |
| access-token: ${{ secrets.HARBOR_REGISTRY_PASSWORD }} | |
| registry-url: oci://harbor.hoverkraft.cloud/public/charts | |
| chart-folder: helm/chart | |
| force: true | |
| update-dependencies: true | |
| version: ${{ github.event.inputs.tagVersion }} | |
| appVersion: ${{ github.event.inputs.tagVersion }} |