-
Notifications
You must be signed in to change notification settings - Fork 33
GitHub actions
The following Github actions are unpublished, but available directly from the registry repository.
The setup-registry action ensures registry CLI is locally installed and configured for further workflow actions. For example, a setup to access a Registry hosted on Google Cloud might look like this:
- name: Installs and configures Registry CLI
uses: apigee/registry/.github/actions/setup-registry@main
with:
name: cloud
project: ${{ env.GOOGLE_CLOUD_PROJECT }}
address: apigeeregistry.googleapis.com:443
token-source: gcloud auth print-access-token
insecure: falseOnce setup, most registry cli commands can simply be run as steps like so:
- run: registry apply -f entity.yamlAs checking a registry for conformance is more involved than simply running registry check, we provide
a registry-check
action that allows for not only running a set of rules, but also formatting and interpreting the results.
- name: Check project and fail workflow if WARNING or ERROR
uses: apigee/registry/.github/actions/registry-check@main
with:
pattern: projects/test
error-level: WARNINGHere's an example of a full-featured workflow that pulls everything together. It performs the following:
- Create a local Registry for the workflow
- Set up the CLI to access the local Registry
- Apply some yaml to the local Registry
- Run
registry checkon the local Registry - Only if
registry checksucceeds, the workflow continues... - Set up the CLI to access a cloud Registry
- Apply the yaml to the cloud Registry
Note: The following is also an example of using GCP Workload Identity Federation with Github OIDC, see Configuring OpenID Connect in Google Cloud Platform for details.
on: [push, pull_request]
jobs:
test-check-and-apply:
name: Test entity.yaml locally and conditionally apply it to the cloud.
runs-on: ubuntu-latest
env:
registry-yaml: entity.yaml
workload_identity_provider: "projects/123/locations/global/workloadIdentityPools/github/providers/github"
service_account: "[email protected]"
permissions:
id-token: write # required for requesting the JWT
contents: read # required for actions/checkout
services:
local-registry: # will use a local SQLite3 instance
image: ghcr.io/apigee/registry-server:main
env:
REGISTRY_LOGGING_LEVEL: debug
ports:
- 8080:8080
steps:
- uses: actions/checkout@v3
- name: Configure a local Registry
uses: apigee/registry/.github/actions/setup-registry@main
with:
name: local
address: localhost:8080
insecure: true
project: test
- name: Create a project on local Registry
run: registry rpc admin create-project --project_id test
- name: Apply yaml to the local Registry
run: registry apply -f ${{ env.registry-yaml }}
- name: Run check on the local Registry, stop if WARNING or above
uses: apigee/registry/.github/actions/registry-check@main
with:
pattern: projects/test
error-level: WARNING
# No WARNINGS or ERRORS on local Registry check, continuing on...
- name: Set up Google Cloud auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.workload_identity_provider }}
service_account: ${{ env.service_account }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- uses: apigee/registry/.github/actions/setup-registry@main
with:
name: cloud
project: ${{ env.GCP_PROJECT }} # set by setup-gcloud action
address: apigeeregistry.googleapis.com:443
insecure: false
token-source: gcloud auth print-access-token
- name: Apply API to cloud registry
run: registry apply -f ${{ env.registry-yaml }}