diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8058c4d..5ded1b6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,6 +3,9 @@ name: Build on: workflow_call: inputs: + GO_VERSION: + required: true + type: string REGISTRY: required: true type: string @@ -26,6 +29,11 @@ on: type: string workflow_dispatch: inputs: + GO_VERSION: + description: Go version to use + required: true + type: string + default: 1.22.4 REGISTRY: description: Target registry to push images required: true @@ -42,21 +50,63 @@ on: type: string default: linux/amd64,linux/arm64 +permissions: + packages: write + contents: write + jobs: vars: name: Generate variables runs-on: ubuntu-latest outputs: - lower-branch: ${{ steps.infos.outputs.LOWER_BRANCH }} short-sha: ${{ steps.infos.outputs.SHORT_SHA }} + platforms-json: ${{ steps.infos.outputs.PLATFORMS_JSON }} steps: - name: Get variables id: infos run: | echo "SHORT_SHA=sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + echo "PLATFORMS_JSON=$(echo "$PLATFORMS"| jq -c 'split(",")')" >> $GITHUB_OUTPUT + + build-binaries: + name: Build application binaries + runs-on: ubuntu-latest + needs: + - vars + strategy: + matrix: + platforms: ${{ needs.vars.outputs.platforms-json }} + steps: + - name: Checks-out repository + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.GO_VERSION }} + + - name: Install dependencies + run: go mod download + + - name: Run vet command + run: go vet . + + - name: Run build + run: | + BUILD_OS=$(echo ${{ matrix.platforms }} | cut -d '/' -f 1) + BUILD_ARCH=$(echo ${{ matrix.platforms }} | cut -d '/' -f 2,3) + + CGO_ENABLED=0 GOOS=${BUILD_OS} GOARCH=${BUILD_ARCH} \ + go build -o ./binaries/external-dns-midaas-webhook_${BUILD_OS}-${BUILD_ARCH} . + + - name: Upload test results + uses: actions/upload-artifact@v4 + with: + name: external-dns-midaas-webhook_${BUILD_OS}-${BUILD_ARCH} + path: ./binaries/external-dns-midaas-webhook_${BUILD_OS}-${BUILD_ARCH} - build: - name: Build application + build-docker: + name: Build application image runs-on: ubuntu-latest needs: - vars diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml index cf62b52..daaaab9 100644 --- a/.github/workflows/cache.yml +++ b/.github/workflows/cache.yml @@ -15,6 +15,9 @@ on: required: false type: string +permissions: + packages: write + jobs: cleanup-cache: name: Delete gituhb cache @@ -64,6 +67,6 @@ jobs: run: | ./ci/scripts/delete-image.sh \ -o "${{ steps.image-infos.outputs.ORG_NAME }}" \ - -i "${{ steps.image-infos.outputs.REPO_NAME }}/external-dns-midaas-webhook" \ - -t "pr-${{ github.event.pull_request.number || github.event.number }}" \ + -i "${{ steps.image-infos.outputs.REPO_NAME }}" \ + -t "pr-${{ inputs.PR_NUMBER || github.event.pull_request.number || github.event.number }}" \ -g "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 346e0c1..474116d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -7,6 +7,7 @@ on: workflow_dispatch: env: + GO_VERSION: 1.22.4 REGISTRY: "ghcr.io" NAMESPACE: "${{ github.repository }}" PLATFORMS: linux/amd64,linux/arm64 @@ -15,6 +16,7 @@ jobs: expose-vars: runs-on: ubuntu-latest outputs: + GO_VERSION: ${{ env.GO_VERSION }} REGISTRY: ${{ env.REGISTRY }} NAMESPACE: ${{ env.NAMESPACE }} PLATFORMS: ${{ env.PLATFORMS }} @@ -36,7 +38,9 @@ jobs: - release permissions: packages: write + contents: write with: + GO_VERSION: ${{ needs.expose-vars.outputs.GO_VERSION }} REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }} NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }} PLATFORMS: ${{ needs.expose-vars.outputs.PLATFORMS }} @@ -44,3 +48,25 @@ jobs: MAJOR_TAG: ${{ needs.release.outputs.major-tag }} MINOR_TAG: ${{ needs.release.outputs.minor-tag }} PATCH_TAG: ${{ needs.release.outputs.patch-tag }} + + artifacts: + runs-on: ubuntu-latest + if: ${{ needs.release.outputs.release-created == 'true' }} + needs: + - expose-vars + - release + - build + permissions: + contents: write + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + pattern: external-dns-midaas-webhook_* + path: ./binaries + merge-multiple: true + + - name: Upload Release Artifact + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh release upload ${{ needs.release.outputs.tag-name }} $(ls ./binaries) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8be697..ceac713 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,10 +12,10 @@ on: workflow_dispatch: env: + GO_VERSION: 1.22.4 REGISTRY: "ghcr.io" NAMESPACE: "${{ github.repository }}" PLATFORMS: linux/amd64,linux/arm64 - GO_VERSION: 1.22.4 jobs: path-filter: @@ -43,10 +43,10 @@ jobs: runs-on: ubuntu-latest if: ${{ !github.event.pull_request.draft }} outputs: + GO_VERSION: ${{ env.GO_VERSION }} REGISTRY: ${{ env.REGISTRY }} NAMESPACE: ${{ env.NAMESPACE }} PLATFORMS: ${{ env.PLATFORMS }} - GO_VERSION: ${{ env.GO_VERSION }} steps: - name: Exposing env vars run: echo "Exposing env vars" @@ -58,7 +58,7 @@ jobs: - path-filter - expose-vars permissions: - packages: write + contents: write with: GO_VERSION: ${{ needs.expose-vars.outputs.GO_VERSION }} @@ -70,7 +70,9 @@ jobs: - expose-vars permissions: packages: write + contents: write with: + GO_VERSION: ${{ needs.expose-vars.outputs.GO_VERSION }} REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }} NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }} PLATFORMS: ${{ needs.expose-vars.outputs.PLATFORMS }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de9af40..d2c3c8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,9 @@ on: release-created: description: "Has the releease been created" value: ${{ jobs.release.outputs.release-created }} + tag-name: + description: "Release tag name" + value: ${{ jobs.release.outputs.tag-name }} major-tag: description: "Major version tag" value: ${{ jobs.release.outputs.major-tag }} @@ -22,6 +25,7 @@ jobs: runs-on: ubuntu-latest outputs: release-created: ${{ steps.release.outputs.release_created }} + tag-name: ${{ steps.release.outputs.tag_name }} major-tag: ${{ steps.release.outputs.major }} minor-tag: ${{ steps.release.outputs.minor }} patch-tag: ${{ steps.release.outputs.patch }} @@ -29,7 +33,7 @@ jobs: - name: Checks-out repository uses: actions/checkout@v4 - - name: Pre release new version + - name: Release new version uses: googleapis/release-please-action@v4 id: release with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ace2107..74c077e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,6 +14,9 @@ on: type: string default: 1.22.4 +permissions: + contents: read + jobs: test: name: Test application diff --git a/ci/scripts/delete-image.sh b/ci/scripts/delete-image.sh index 0d329b9..bb5ca19 100755 --- a/ci/scripts/delete-image.sh +++ b/ci/scripts/delete-image.sh @@ -75,19 +75,19 @@ fi IMAGE_NAME_URL_ENCODED="$(jq -rn --arg x ${IMAGE_NAME} '$x | @uri')" IMAGES=$(curl -s \ -H "Authorization: Bearer ${GITHUB_TOKEN}" \ - "https://api.github.com/orgs/${ORG}/packages/container/${IMAGE_NAME_URL_ENCODED}/versions?per_page=100") -MAIN_IMAGE_ID=$(echo "$IMAGES" | jq -r --arg t "$TAG" '.[] | select(.metadata.container.tags[] | contains($t)) | .id') + "https://api.github.com/user/${ORG}/packages/container/${IMAGE_NAME_URL_ENCODED}/versions?per_page=100") +MAIN_IMAGE_ID=$(echo "$IMAGES" | jq -r --arg t "$TAG" '.[] | select(.labels["org.opencontainers.image.version"] == $t)) | .id') # Delete subsequent images while read -r SHA; do - IMAGE_ID=$(echo "$IMAGES" | jq -r --arg s "$SHA" '.[] | select(.name==$s) | .id') + IMAGE_ID=$(echo "$IMAGES" | jq -r --arg s "$SHA" '.[] | select(.name == $s) | .id') printf "\n${red}[Delete ghcr image].${no_color} Deleting subsequent image '$ORG/$IMAGE_NAME@$SHA'\n" curl -s \ -X DELETE \ -H "Authorization: Bearer ${GITHUB_TOKEN}" \ - "https://api.github.com/orgs/${ORG}/packages/container/${IMAGE_NAME_URL_ENCODED}/versions/${IMAGE_ID}" + "https://api.github.com/user/${ORG}/packages/container/${IMAGE_NAME_URL_ENCODED}/versions/${IMAGE_ID}" done <<< "$(docker buildx imagetools inspect ghcr.io/${ORG}/${IMAGE_NAME}:${TAG} --raw | jq -r '.manifests[] | .digest')" # Delete main image @@ -96,4 +96,4 @@ printf "\n${red}[Delete ghcr image].${no_color} Deleting image '$ORG/$IMAGE_NAME curl -s \ -X DELETE \ -H "Authorization: Bearer ${GITHUB_TOKEN}" \ - "https://api.github.com/orgs/${ORG}/packages/container/${IMAGE_NAME_URL_ENCODED}/versions/${MAIN_IMAGE_ID}" + "https://api.github.com/user/${ORG}/packages/container/${IMAGE_NAME_URL_ENCODED}/versions/${MAIN_IMAGE_ID}"