[GHA] Continue switch to make-env #25

Summary
Jobs
- lint
- test
- docker
- helm
Run details
- Usage
- Workflow file

Workflow file for this run

	name: CD

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.

	on:
	workflow_dispatch: {}
	push:
	tags: [ 'v..*' ]

	env:
	REGISTRY: ghcr.io
	# github.repository as <account>/<repo>
	IMAGE_NAME: ${{ github.repository }}

	HELM_REPO: "oci://ghcr.io/${{ github.repository }}/charts"

	GOPRIVATE: 'github.com/meln5674/*'

	COSIGN_VERSION: v1.13.0

	jobs:
	lint:
	# runs-on: ubuntu-latest
	runs-on: self-hosted
	permissions:
	contents: read

	steps:
	# Checkout
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Install Dependencies
	run: \|
	./build-env.sh make -j deps all-helm-tools chart-deps

	# Run Linter
	- name: Lint standalone chart
	run: \|
	./build-env.sh make helm-hog

	test:
	# runs-on: ubuntu-latest
	runs-on: self-hosted
	permissions:
	contents: read

	steps:
	# Checkout
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	submodules: true

	# Workaround: https://github.com/docker/build-push-action/issues/461
	- name: Setup Docker buildx
	uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf

	- name: Setup Build Environment
	run: \|
	./build-env.sh echo Done

	- name: Install Dependencies
	run: \|
	./build-env.sh make -j deps all-test-tools all-e2e-tools chart-deps

	# Tests
	- name: Unit Tests
	run: \|
	./build-env.sh make test
	- name: End-to-End Tests
	run: \|
	./build-env.sh make e2e IS_CI=1


	docker:
	needs: [lint, test]
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	# This is used to complete the identity challenge
	# with sigstore/fulcio when running outside of PRs.
	id-token: write

	steps:
	# Checkout
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	submodules: true


	# Install Deps

	# Install the cosign tool except on PR
	# https://github.com/sigstore/cosign-installer
	- name: Install cosign
	if: github.event_name != 'pull_request'
	uses: sigstore/[email protected]
	with:
	cosign-release: 'v2.2.2'


	# Workaround: https://github.com/docker/build-push-action/issues/461
	- name: Setup Docker buildx
	uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf

	# Login against a Docker registry except on PR
	# https://github.com/docker/login-action
	- name: Log into registry ${{ env.REGISTRY }}
	if: github.event_name != 'pull_request'
	uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Git
	run: \|
	git config user.name "$GITHUB_ACTOR"
	git config user.email "[email protected]"

	- name: Get Tag
	id: tagName
	uses: olegtarasov/[email protected]

	# Extract metadata (tags, labels) for Docker
	# https://github.com/docker/metadata-action
	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=schedule
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long,prefix=

	# Build and push Docker image with Buildx (don't push on PR)
	# https://github.com/docker/build-push-action
	- name: Build and push Docker image
	id: build-and-push
	uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
	with:
	context: .
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	# Sign the resulting Docker image digest except on PRs.
	# This will only write to the public Rekor transparency log when the Docker
	# repository is public to avoid leaking data. If you would like to publish
	# transparency data even for private images, pass --force to cosign below.
	# https://github.com/sigstore/cosign
	- name: Sign the published Docker image
	if: ${{ github.event_name != 'pull_request' }}
	env:
	COSIGN_EXPERIMENTAL: "true"
	# This step uses the identity token to provision an ephemeral certificate
	# against the sigstore community Fulcio instance.
	run: echo "${{ steps.meta.outputs.tags }}" \| xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
	helm:
	needs: [lint, test]
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write

	steps:
	# Checkout
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	submodules: true
	fetch-depth: 0

	- name: Get Tag
	id: tagName
	uses: olegtarasov/[email protected]

	- name: Configure Git
	run: \|
	git config user.name "$GITHUB_ACTOR"
	git config user.email "[email protected]"

	- name: Setup Build Environment
	run: \|
	./build-env.sh echo Done

	- name: Install Dependencies
	run: \|
	./build-env.sh make -j all-helm-tools
	./build-env.sh helm repo add jetstack https://charts.jetstack.io
	./build-env.sh helm repo add zalando https://opensource.zalando.com/postgres-operator/charts/postgres-operator
	./build-env.sh helm repo add mino https://charts.min.io/
	./build-env.sh make -j chart-deps

	- name: Log into Registry
	env:
	GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
	run: \|
	./build-env.sh helm registry login "${REGISTRY}" -u "${GITHUB_ACTOR}" -p "${GITHUB_TOKEN}"

	- name: Package Charts
	env:
	GIT_TAG: '${{ steps.tagName.outputs.tag }}'
	run: \|
	./build-env.sh ./set-chart-versions "${HELM_REPO}" "${GIT_TAG}" "${GITHUB_SHA}"
	./build-env.sh make -j charts

	# Release charts
	- name: Push Charts
	run: \|
	for chart in bin/charts/*.tgz ; do
	./build-env.sh helm push "${chart}" "${HELM_REPO}"
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHA] Continue switch to make-env #25

Workflow file

[GHA] Continue switch to make-env #25

Jobs

Run details

Workflow file for this run