Skip to content

Merge pull request #201 from jnywong/add-validation #378

Merge pull request #201 from jnywong/add-validation

Merge pull request #201 from jnywong/add-validation #378

# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
#
name: Publish chart
# Trigger the workflow on pushed tags or commits to main branch.
on:
pull_request:
paths-ignore:
- "docs/**"
- "**.md"
- ".github/workflows/*"
- "!.github/workflows/publish-chart.yaml"
push:
paths-ignore:
- "docs/**"
- "**.md"
- ".github/workflows/*"
- "!.github/workflows/publish-chart.yaml"
branches:
- "main"
tags:
- "**"
jobs:
# Packages the Helm chart, and pushes it to 2i2c-org/frx-challenges@gh-pages.
#
publish:
runs-on: ubuntu-22.04
# Explicitly request permissions to push to this git repository's gh-pages
# branch via the the GITHUB_TOKEN we can have access to.
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
# chartpress needs git history
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Decide to publish or not
id: publishing
shell: python
run: |
import os
repo = "${{ github.repository }}"
event = "${{ github.event_name }}"
ref = "${{ github.event.ref }}"
publishing = ""
if (
repo == "2i2c-org/frx-challenges"
and event == "push"
and (
ref.startswith("refs/tags/")
or ref == "refs/heads/main"
)
):
publishing = "true"
print("Publishing chart")
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"publishing={publishing}\n")
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx (for chartpress multi-arch builds)
uses: docker/setup-buildx-action@v3
- name: Setup push rights to Quay.io
if: steps.publishing.outputs.publishing
run: |
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io
- name: Set up push rights to frx-challenges-helm-chart
# This was setup by...
# 1. Generating a private/public key pair:
# ssh-keygen -t rsa -b 4096 -C "frx-challenges-helm-chart" -f gh-pages -N ""
# 2. Registering the private key (gh-pages) as a secret for this
# repo:
# https://github.com/2i2c-org/frx-challenges/settings/secrets/actions
# 3. Registering the public key (gh-pages.pub) as a deploy key
# with push rights for the 2i2c-org/frx-challenges-helm-chart repo:
# https://github.com/2i2c-org/frx-challenges-helm-chart/settings/keys
if: steps.publishing.outputs.publishing
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
echo "${{ secrets.ACTIONS_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Install dependencies
run: |
pip install -r dev-requirements.txt
pip list
helm version
- name: Configure a git user
run: |
git config --global user.email "[email protected]"
git config --global user.name "github-actions"
- name: Build image, push if necessary
env:
PUBLISHING: ${{ steps.publishing.outputs.publishing }}
run: |
CHARTPRESS_ARGS=""
if [[ "${PUBLISHING}" == "true" ]]; then
CHARTPRESS_ARGS="--push"
fi
chartpress \
--builder docker-buildx \
--platform linux/amd64 --platform linux/arm64 \
${CHARTPRESS_ARGS}
- name: Publish chart with chartpress
if: steps.publishing.outputs.publishing
run: |
set -eux
PUBLISH_ARGS="--publish-chart --push"
if [[ $GITHUB_REF != refs/tags/* ]]; then
PR_OR_HASH=$(git log -1 --pretty=%h-%B | head -n1 | sed 's/^.*\(#[0-9]*\).*/\1/' | sed 's/^\([0-9a-f]*\)-.*/@\1/')
LATEST_COMMIT_TITLE=$(git log -1 --pretty=%B | head -n1)
EXTRA_MESSAGE="${{ github.repository }}${PR_OR_HASH} ${LATEST_COMMIT_TITLE}"
chartpress $PUBLISH_ARGS --extra-message "${EXTRA_MESSAGE}"
else
chartpress $PUBLISH_ARGS --tag "${GITHUB_REF:10}"
fi
git --no-pager diff --color