Oge GitHub actions and reusable workflows.
Most of the projects use helm chart version as release version for docker, application version etc. This makes everything consistent (docker version matches git tag version and helm chart version - easier to debug, rollback, ...).
Because of this, most of these workflows automatically retrieve version from chartPath
argument and use it. If the
workflow has chartPath
argument, it means that they should run on chart update:
on:
push:
branches:
- main
paths:
- "<path to Chart.yaml>"
Workflows can either use main
branch as a version e.g. ori-edge/oge-github-actions/.github/workflows/tag.yml@main
if
you want to get always the latest version, or you can specify a specific tag e.g.
ori-edge/oge-github-actions/.github/workflows/[email protected]
.
GitHub workflow to create git tag, with the same name as chart version. Workflow creates two tags, one is just the
chart version the other one is the chart version, but prefixed with v
(this satisfies go dependency naming convention).
input | default | description |
---|---|---|
chartPath | N/A | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
jobs:
tag:
uses: ori-edge/oge-github-actions/.github/workflows/tag.yml@main
with:
chartPath: "charts/example-app/Chart.yaml"
GitHub workflow to build and push docker image. Workflow also passes --build-arg version=<chart-version>
argument set
to chart version. This allows dynamically inject built version to your application.
input | required | default | description |
---|---|---|---|
buildArgs | false | docker build args (See --build-arg in docker docs) | |
buildContext | false | . | docker build context |
chartPath | false | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml | |
dockerFile | false | the path to the Dockerfile to generate the image from | |
dockerImageMode | false | chart_ref | how the imageVersion should be generated (chart_ref, branch_ref, custom) |
dockerRegistry | false | quay.io | name of the docker registry |
dockerRepo | false | oriedge | name of the docker repository |
imageName | true | name of the docker image to be built | |
imageVersion | false | over-ride image version ({dockerRegistry}/{dockerRepo}/{imageName}:{imageVersion}) | |
platforms | false | linux/amd64,linux/arm64 | the list of platforms/architectures to compile the docker image against |
push | false | true | flag to indicate if the generated docker image should be pushed or not |
input | default | description |
---|---|---|
REGISTRY_USERNAME | N/A | docker registry username |
REGISTRY_PASSWORD | N/A | docker registry password |
jobs:
docker:
uses: ori-edge/oge-github-actions/.github/workflows/[email protected]
with:
dockerImageMode: branch_ref
imageName: example-app
platforms: linux/amd64
push: ${{ github.actor != 'dependabot[bot]' }}
secrets:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
GitHub workflow to scan docker image using trivy scanner. This workflow is not
dependent on Chart.yaml
version and can be run without updating chart (as part of pull request etc.).
input | default | description |
---|---|---|
buildContext | . | docker build context |
jobs:
docker-scan:
uses: ori-edge/oge-github-actions/.github/workflows/[email protected]
GitHub workflow to build helm charts and push to gcp. All helm charts are expected to live in ./charts
directory.
input | default | description |
---|---|---|
chartPath | N/A | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
gcpDestination | N/A | gcp directory where the packaged chart will be uploaded |
input | default | description |
---|---|---|
GCP_CREDENTIALS | N/A | gcp credentials |
jobs:
gcp-helm-charts:
uses: ori-edge/oge-github-actions/.github/workflows/[email protected]
with:
gcpDestination: "helm-charts"
secrets:
GCP_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
GitHub workflow to keep check deployed version (passed in url
input with combination of jq
input) until it matches
helm chart (Chart.yml
) version.
jq
is automatically quoted, do not include surrounding single quotes. For example instead of '.service.version'
use .service.version
.
input | default | description |
---|---|---|
chartPath | N/A | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
url | N/A | url to get currently deployed version |
jq | .version | jq pattern to extract deployed version |
jobs:
wait-for-deploy:
uses: ori-edge/oge-github-actions/.github/workflows/[email protected]
with:
chartPath: "charts/example-app/Chart.yaml"
url: "https://example.com/version"
GitHub workflow to run go test and upload the coverage report to codecov (optional)
input | required | default | description |
---|---|---|---|
goVersion | false | 1.19.1 | version of go to load |
unitTestCommand | false | make race | go test command with optional coverage output |
uploadToCodecov | false | true | flag to indicate if codecov upload should occur |
coverageFilePath | false | ./artifacts/coverage.txt | path to coverage report generated by go test |
jobs:
unit-test:
uses: ori-edge/oge-github-actions/.github/workflows/[email protected]
with:
uploadToCodecov: ${{ github.actor != 'dependabot[bot]' }}
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
GitHub workflow to run go integration tests (supports docker registry login if private images required).
input | required | default | description |
---|---|---|---|
skip | false | false | flag to indicate if this workflow should skip |
goVersion | false | 1.19.1 | version of go to load |
loginToDockerRegistry | false | false | flag to indicate if docker registry login is required |
dockerRegistry | false | quay.io | docker registry hostname |
setupCommand | false | make up | setup test command to run using bash |
testCommand | false | make integration | integration test command to run using bash |
buildArtifactName | false | build artifact to download before running tests |
jobs:
integration:
uses: ori-edge/oge-github-actions/.github/workflows/[email protected]
with:
skip: ${{ github.actor == 'dependabot[bot]' }}
loginToDockerRegistry: true
buildArtifactName: some-build-artifact
secrets:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}