Use cert-manager
to issue and automatically renew certificates (#65)
#53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: Apache-2.0 | |
# Copyright 2024 Intel Corporation | |
name: Tag/Publish Release | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
# CAUTION: Other actions depend on this name "tag-github" | |
tag-github: | |
runs-on: ubuntu-latest | |
outputs: | |
changed: ${{ steps.version-change.outputs.changed }} | |
version: ${{ steps.version-change.outputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get changes | |
id: version-file | |
run: | | |
if git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | grep VERSION; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
else | |
echo "VERSION file was not changed" | |
fi | |
- name: Validate change in version file | |
id: version-change | |
if: steps.version-file.outputs.changed == 'true' | |
run: | | |
version=$(cat VERSION) | |
echo "version=$version" | |
validate="^[0-9]+\.[0-9]+\.[0-9]+$" | |
if [[ $version =~ $validate ]]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
echo "version=$version" >> $GITHUB_OUTPUT | |
else | |
echo "Version change not for release" | |
fi | |
- name: Create release using REST API | |
if: steps.version-change.outputs.changed == 'true' | |
run: | | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.GH_OMEC_PAT }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/${{ github.repository }}/releases \ | |
-d '{ | |
"tag_name": "${{ steps.version-change.outputs.version }}", | |
"target_commitish": "${{ github.event.repository.default_branch }}", | |
"name": "${{ steps.version-change.outputs.version }}", | |
"draft": false, | |
"prerelease": false, | |
"generate_release_notes": true | |
}' | |
publish: | |
runs-on: ubuntu-latest | |
needs: tag-github | |
if: github.repository_owner == 'omec-project' | |
env: | |
CHARTS_REPO_URL: https://charts.aetherproject.org | |
CHARTS_DIR: charts | |
REF_CHARTS_DIR: charts-ref | |
UMBRELLA_CHARTS: ./sdcore-helm-charts | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: latest | |
token: ${{ secrets.GH_OMEC_PAT }} | |
- name: Get current Index.yaml | |
run: | | |
rm -rf ${{ env.REF_CHARTS_DIR }} && mkdir -p ${{ env.REF_CHARTS_DIR }} | |
curl -o ${{ env.REF_CHARTS_DIR }}/index.yaml ${{ env.CHARTS_REPO_URL }}/index.yaml | |
- name: Find all Charts and Package them | |
run: | | |
rm -rf ${{ env.CHARTS_DIR }} && mkdir -p ${{ env.CHARTS_DIR }} | |
for dir in $(find . -maxdepth 1 -mindepth 1 -type d); do | |
if [[ -f "$dir/Chart.yaml" ]] && [[ "$dir" != ${{ env.UMBRELLA_CHARTS }} ]]; then | |
echo "Packaging charts for: $dir" | |
helm dependency update "$dir" | |
helm package "$dir" --destination ${{ env.CHARTS_DIR }} | |
fi | |
done | |
helm repo index ${{ env.CHARTS_DIR }} --url ${{ env.CHARTS_REPO_URL }} --merge ${{ env.REF_CHARTS_DIR }}/index.yaml | |
- name: Remove not "updated" local Charts (version has not changed) | |
working-directory: ${{ env.CHARTS_DIR }} | |
run: | | |
for file in *.tgz; do | |
if grep -q "${{ env.CHARTS_REPO_URL }}/$file" "../${{ env.REF_CHARTS_DIR }}/index.yaml"; then | |
echo "Not publishing $file because it is already in ${{ env.CHARTS_REPO_URL }}/index.yaml" | |
rm $file | |
fi | |
done | |
- name: rsync deployments | |
uses: burnett01/[email protected] | |
with: | |
switches: -avh | |
path: ${{ env.CHARTS_DIR }}/ | |
remote_path: /srv/sites/charts.aetherproject.org/ | |
remote_host: static.opennetworking.org | |
remote_user: ${{ secrets.JENKINS_USERNAME }} | |
remote_key: ${{ secrets.JENKINS_SSHKEY }} | |
remote_key_pass: ${{ secrets.JENKINS_PASSPHRASE }} | |
- name: Get current Index.yaml | |
run: | | |
rm -rf ${{ env.REF_CHARTS_DIR }} && mkdir -p ${{ env.REF_CHARTS_DIR }} | |
curl -o ${{ env.REF_CHARTS_DIR }}/index.yaml ${{ env.CHARTS_REPO_URL }}/index.yaml | |
- name: Find all Charts and Package them | |
run: | | |
rm -rf ${{ env.CHARTS_DIR }} && mkdir -p ${{ env.CHARTS_DIR }} | |
echo "Packaging charts for: ${{ env.UMBRELLA_CHARTS }}" | |
helm dependency update "${{ env.UMBRELLA_CHARTS }}" | |
helm package "${{ env.UMBRELLA_CHARTS }}" --destination ${{ env.CHARTS_DIR }} | |
helm repo index ${{ env.CHARTS_DIR }} --url ${{ env.CHARTS_REPO_URL }} --merge ${{ env.REF_CHARTS_DIR }}/index.yaml | |
- name: rsync deployments | |
uses: burnett01/[email protected] | |
with: | |
switches: -avh | |
path: ${{ env.CHARTS_DIR }}/ | |
remote_path: /srv/sites/charts.aetherproject.org/ | |
remote_host: static.opennetworking.org | |
remote_user: ${{ secrets.JENKINS_USERNAME }} | |
remote_key: ${{ secrets.JENKINS_SSHKEY }} | |
remote_key_pass: ${{ secrets.JENKINS_PASSPHRASE }} | |
update-version: | |
runs-on: ubuntu-latest | |
needs: tag-github | |
if: needs.tag-github.outputs.changed == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Increment version | |
run: | | |
version=${{ needs.tag-github.outputs.version }} | |
IFS='.' read -r major minor patch <<< "$version" | |
minor_update=$((minor+1)) | |
NEW_VERSION="$major.$minor_update.0-dev" | |
echo $NEW_VERSION > VERSION | |
echo "Updated version: $NEW_VERSION" | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
token: ${{ secrets.GH_OMEC_PAT }} | |
commit-message: Update version | |
committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | |
author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com> | |
signoff: true | |
branch: version-update | |
delete-branch: true | |
title: Update version | |
body: | | |
Update VERSION file | |
add-paths: | | |
VERSION |