generated from broadinstitute/golang-project-template
-
Notifications
You must be signed in to change notification settings - Fork 0
97 lines (86 loc) · 3.48 KB
/
client-get-chart-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Get Chart Release
# This workflow provides GitHub Actions native access to information about Sherlock chart releases (chart instances).
#
# The caller repository must have Workload Identity Federation configured to allow impersonation of the
# "[email protected]" service account; steps 1 and 2 of the documentation:
# https://docs.google.com/document/d/1bnhDmWQHAMat_Saoa_z28FHwXmGWw6kywjdbKf208h4/edit
#
# With that configured, here's how you can call this workflow:
# ```yaml
# jobs:
#
# get-chart-release:
# uses: broadinstitute/sherlock/.github/workflows/client-get-chart-release.yaml@main
# with:
# chart-release-name: '<the-chart-release-to-get>'
# permissions:
# id-token: 'write'
# ```
#
# For more information on using called workflow outputs, see
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-outputs-from-a-reusable-workflow
on:
workflow_call:
inputs:
##
## Required configuration:
##
chart-release-name:
required: true
type: string
description: "The name or selector of the chart release (chart instance) to get"
outputs:
name:
description: "The name of the chart release"
value: ${{ jobs.get-chart-release.outputs.name }}
environment:
description: "The environment of the chart release"
value: ${{ jobs.get-chart-release.outputs.environment }}
cluster:
description: "The cluster of the chart release"
value: ${{ jobs.get-chart-release.outputs.cluster }}
env:
SHERLOCK_PROD_URL: 'https://sherlock.dsp-devops-prod.broadinstitute.org'
BEEHIVE_PROD_URL: 'https://beehive.dsp-devops-prod.broadinsitute.org'
BEEHIVE_PROD_VANITY_URL: 'https://broad.io/beehive'
jobs:
get-chart-release:
runs-on: ubuntu-22.04
permissions:
id-token: 'write'
outputs:
name: ${{ steps.parse.outputs.name }}
environment: ${{ steps.parse.outputs.environment }}
cluster: ${{ steps.parse.outputs.cluster }}
steps:
- name: "Authenticate to GCP"
id: 'iap_auth'
uses: google-github-actions/auth@v2
with:
workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider'
service_account: '[email protected]'
token_format: 'id_token'
id_token_audience: '257801540345-1gqi6qi66bjbssbv01horu9243el2r8b.apps.googleusercontent.com'
id_token_include_email: true
create_credentials_file: false
export_environment_variables: false
- name: "Generate GHA OIDC Token"
id: 'gha_auth'
uses: actions/github-script@v7
with:
script: core.setOutput('id_token', await core.getIDToken())
- name: "Get from Sherlock"
shell: bash
run: |
set -ex
curl --fail-with-body \
"$SHERLOCK_PROD_URL/api/chart-releases/v3/${{ inputs.chart-release-name }}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ steps.iap_auth.outputs.id_token }}' \
-H 'X-GHA-OIDC-JWT: ${{ steps.gha_auth.outputs.id_token }}' \
-o "$RUNNER_TEMP/response.json"
- name: "Parse Outputs"
id: 'parse'
shell: bash
run: |
jq -r 'to_entries | map("\(.key)=\(.value|tostring)") | .[]' $RUNNER_TEMP/response.json >> $GITHUB_OUTPUT