forked from brennerm/aws-quota-checker
-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (120 loc) · 4.72 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: cd
on:
push:
branches:
- teleport
tags:
- v*
workflow_dispatch:
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: setup python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: "3.11"
- name: install
run: pip install .[dev]
- name: build package
run: python setup.py bdist_wheel
- name: build docker image
run: docker build . --tag gravitational/aws-quota-checker:test
- name: build helm chart
working-directory: helm
run: helm package . --version "1.2.3-dev" --app-version "4.5.6-dev"
build_and_push_artifacts:
runs-on: ubuntu-latest
needs: [test]
name: Build and push artifacts
env:
AWS_REGION: us-east-1
AWS_ROLE: arn:aws:iam::146628656107:role/aws-quota-checker-github-action-ecr-role
permissions:
packages: write
id-token: write
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Setup docker buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.AWS_ROLE }}
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2
with:
registry-type: public
- name: Login to GitHub Container Registry
id: login-ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare docker labels and tags
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ steps.login-ecr.outputs.registry }}/${{ github.repository }}
ghcr.io/${{ github.repository }}
flavor: |
latest=false
# Enable sha tag on branch push events and workflow dispatches.
# Enable semver tags on tag push events, but don't overwrite major/minor tags for prereleases.
tags: |
type=sha,prefix={{branch}}-,suffix=-{{date 'YYYYMMDDTHHmmss'}},format=short,enable=${{ startsWith(github.ref, 'refs/heads/') }}
type=semver,pattern={{major}},enable=${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') }}
type=semver,pattern={{major}}.{{minor}},enable=${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') }}
type=semver,pattern={{version}},enable=${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
- name: Build the Docker image and push
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: |
linux/amd64
linux/arm64
- name: Build and publish the Helm chart
working-directory: helm
env:
EVENT_TYPE: ${{ (github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') && 'tag' ) || 'commit' ) || 'dispatch'}}
IMAGE_VERSION: ${{ steps.meta.outputs.version }}
run: |
# Determine chart version to set
case "${EVENT_TYPE}" in
tag)
CHART_VERSION="${GITHUB_REF_NAME}"
;;
commit)
;&
dispatch)
CHART_VERSION="$(git describe --tags --dirty --long --match "v[[:digit:]]*.[[:digit:]]*.[[:digit:]]*")"
;;
*)
echo "Unknown event type '${EVENT_TYPE}', workflow bug?" >&2
exit 1
;;
esac
# Trim `v` prefix if exists
CHART_VERSION=${CHART_VERSION#v}
IMAGE_VERSION=${IMAGE_VERSION#v}
# Build/package the chart
echo "Setting chart version to ${CHART_VERSION} and image version to ${IMAGE_VERSION}"
helm package . --version "${CHART_VERSION}" --app-version "${IMAGE_VERSION}"
ARTIFACT_NAME=$(find . -name '*.tgz' -exec basename {} \; | head -n 1)
# Publish the chart
helm push "$ARTIFACT_NAME" "oci://ghcr.io/gravitational/charts"