grant permissions to unit test job #139
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | ||
name: Release Prefect Operator | ||
"on": | ||
push: | ||
branches: | ||
- main | ||
tags: | ||
- '*' | ||
pull_request: | ||
branches: | ||
- main | ||
permissions: {} | ||
jobs: | ||
run_unit_tests: | ||
uses: ./.github/workflows/tests.yaml | ||
permissions: | ||
contents: read | ||
build_and_upload_manifests: | ||
if: github.ref_type == 'tag' | ||
permissions: | ||
contents: write | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v4 | ||
- name: Install tool dependencies | ||
uses: jdx/mise-action@v2 | ||
with: | ||
experimental: true | ||
- name: Package kubernetes manifests & CRDs | ||
run: | | ||
# package just CRDs | ||
cat deploy/charts/prefect-operator/crds/*.yaml > prefect-crds.yaml | ||
make helmbuild | ||
# template the helm chart including the CRDs | ||
helm template prefect-operator deploy/charts/prefect-operator \ | ||
--include-crds --set operator.image.tag=${{ github.ref_name }} \ | ||
> prefect-operator.yaml | ||
# Remove labels relevant only for Helm installs | ||
yq -i 'del(.metadata.labels."app.kubernetes.io/managed-by")' prefect-operator.yaml | ||
yq -i 'del(.metadata.labels."helm.sh/chart")' prefect-operator.yaml | ||
yq -i 'del(.spec.template.metadata.labels."app.kubernetes.io/managed-by")' prefect-operator.yaml | ||
yq -i 'del(.spec.template.metadata.labels."helm.sh/chart")' prefect-operator.yaml | ||
# Ensure all references to app version match the released version tag | ||
yq -i '(.. | select(tag == "!!str" and . == "v0.0.0")) |= "${{ github.ref_name }}"' prefect-operator.yaml | ||
- name: Upload release assets | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: gh release upload ${{ github.ref_name }} prefect-crds.yaml prefect-operator.yaml | ||
build_and_push_docker_image: | ||
runs-on: ubuntu-latest | ||
# The GitHub environments are created by Terraform and map to Docker Hub repositories: | ||
# - dev: https://hub.docker.com/r/prefecthq/prefect-operator-dev | ||
# - prod: https://hub.docker.com/r/prefecthq/prefect-operator | ||
# The environment will be 'prod' if the GitHub event is a release. Otherwise, it will be 'dev'. | ||
environment: ${{ github.ref_type == 'tag' && 'prod' || 'dev' }} | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v4 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
# These credentials are managed in Terraform. Depending on the 'environment' value above, | ||
# these will either be the credentials for 'dev' or 'prod'. | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Docker image metadata | ||
id: metadata | ||
uses: docker/metadata-action@v5 | ||
with: | ||
# For jobs on tags, push to the prod repository. | ||
# For all other situations, like pull requests and 'main', push to the dev repository. | ||
images: prefecthq/${{ github.ref_type == 'tag' && 'prefect-operator' || 'prefect-operator-dev' }} | ||
tags: | | ||
type=ref,event=pr | ||
type=ref,event=branch | ||
type=semver,pattern={{version}} | ||
labels: | | ||
org.opencontainers.image.title=prefect-operator | ||
org.opencontainers.image.description=Prefect Operator image | ||
org.opencontainers.image.vendor=Prefect | ||
- name: Build and push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.metadata.outputs.tags }} | ||
labels: ${{ steps.metadata.outputs.labels }} | ||
create_helm_release: | ||
if: github.ref_type == 'tag' | ||
needs: build_and_push_docker_image | ||
uses: ./.github/workflows/helm-release.yaml | ||
permissions: | ||
contents: write |