apiserver: add a CA signing endpoint. #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy | |
concurrency: qa-${{ github.ref_name }} | |
on: | |
push: | |
branches: [main, playground] | |
jobs: | |
build-images: | |
name: Build Images | |
runs-on: ubuntu-latest | |
timeout-minutes: 90 | |
environment: image-repositories | |
strategy: | |
matrix: | |
include: | |
- name: apiserver | |
tags: | | |
quay.io/nexodus/apiserver:latest | |
quay.io/nexodus/apiserver:${{ github.sha }} | |
quay.io/nexodus/apiserver:${{ github.ref_name }} | |
target: | |
- name: frontend | |
tags: | | |
quay.io/nexodus/frontend:latest | |
quay.io/nexodus/frontend:${{ github.sha }} | |
quay.io/nexodus/frontend:${{ github.ref_name }} | |
target: | |
- name: ipam | |
tags: | | |
quay.io/nexodus/go-ipam:latest | |
quay.io/nexodus/go-ipam:${{ github.sha }} | |
quay.io/nexodus/go-ipam:${{ github.ref_name }} | |
target: | |
- name: nexd | |
tags: | | |
quay.io/nexodus/nexd:latest | |
quay.io/nexodus/nexd:${{ github.sha }} | |
quay.io/nexodus/nexd:${{ github.ref_name }} | |
target: | |
- name: envsubst | |
tags: | | |
quay.io/nexodus/envsubst:latest | |
quay.io/nexodus/envsubst:${{ github.sha }} | |
quay.io/nexodus/envsubst:${{ github.ref_name }} | |
target: | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Quay.io | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_ROBOT_USERNAME }} | |
password: ${{ secrets.QUAY_ROBOT_PASSWORD }} | |
- name: Build and push ${{ matrix.name }} | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
file: ./Containerfile.${{ matrix.name }} | |
tags: ${{ matrix.tags }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
target: ${{ matrix.target }} | |
build-args: | | |
BUILD_PROFILE=prod | |
update-deployment: | |
name: Update Deployment | |
needs: ["build-images"] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Calculate Short SHA | |
id: gitsha | |
run: | | |
echo "short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
- name: Set up Kustomize | |
run: | | |
mkdir -p "$HOME/.local/bin" | |
pushd "$HOME/.local/bin" | |
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s 4.5.7 | |
popd | |
echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
- name: Update QA Images | |
run: | | |
pushd ./deploy/nexodus/overlays/released | |
kustomize edit set image "quay.io/nexodus/apiserver:${GITHUB_SHA}" | |
kustomize edit set image "quay.io/nexodus/frontend:${GITHUB_SHA}" | |
kustomize edit set image "quay.io/nexodus/go-ipam:${GITHUB_SHA}" | |
kustomize edit set image "quay.io/nexodus/envsubst:${GITHUB_SHA}" | |
yq -i kustomization.yaml | |
popd | |
- name: Check for changes | |
run: | | |
git diff --quiet || echo "COMMIT_CHANGES=1" >> "$GITHUB_ENV" | |
- name: Check for new commits in ${{ github.ref_name }} | |
run: | | |
git fetch origin | |
if [ "$(git log HEAD..origin/${{ github.ref_name }} --oneline | wc -l)" != "0" ]; then echo "COMMIT_CHANGES=0"; fi >> "$GITHUB_ENV" | |
- name: Commit and tag the release | |
id: "tag" | |
if: env.COMMIT_CHANGES == 1 | |
shell: bash | |
run: | | |
TAG="qa-${{github.ref_name}}" | |
if [ "${{github.ref_name}}" == "main" ]; then | |
TAG="qa" | |
fi | |
git config --global user.name "${GITHUB_ACTOR}" | |
git config --global user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}" | |
MESSAGE=$(git log -1 --pretty=%B) | |
MESSAGE="[deploy] Update ${TAG} images to ${{ steps.gitsha.outputs.short }}: | |
${MESSAGE}" | |
git commit -am "$MESSAGE" | |
git tag "$TAG" --force | |
git push origin "$TAG" --force | |
publish-rpms: | |
if: github.ref_name == 'main' | |
runs-on: ubuntu-latest | |
environment: copr-repo | |
strategy: | |
matrix: | |
include: | |
- mock_root: fedora-38-x86_64 | |
srpm_mock_root: fedora-38-x86_64 | |
srpm_distro: fc38 | |
- mock_root: fedora-38-aarch64 | |
srpm_mock_root: fedora-38-x86_64 | |
srpm_distro: fc38 | |
- mock_root: fedora-39-x86_64 | |
srpm_mock_root: fedora-39-x86_64 | |
srpm_distro: fc39 | |
- mock_root: fedora-39-aarch64 | |
srpm_mock_root: fedora-39-x86_64 | |
srpm_distro: fc39 | |
- mock_root: centos-stream+epel-9-x86_64 | |
srpm_mock_root: centos-stream+epel-9-x86_64 | |
srpm_distro: el9 | |
steps: | |
- uses: actions/checkout@v4 | |
# Needed for building binaries to generate manpages | |
- name: Setup Go | |
uses: ./.github/actions/setup-go-env | |
- name: Install make | |
run: | | |
sudo apt -y install make | |
- name: Build srpm | |
run: | | |
MOCK_ROOT="${{ matrix.mock_root }}" SRPM_MOCK_ROOT="${{ matrix.srpm_mock_root }}" SRPM_DISTRO="${{ matrix.srpm_distro }}" make srpm | |
find dist | |
- name: Submit srpm to copr (nexodus repo) | |
run: | | |
echo "${{ secrets.NEXODUS_COPR_CONFIG }}" > ~/.config/copr | |
docker run --name copr-cli -v "$(pwd):/nexodus" -v ~/.config:/root/.config quay.io/nexodus/mock:latest \ | |
copr-cli build nexodus -r "$(echo ${{ matrix.mock_root }} | cut -f2 -d'+')" --nowait \ | |
"/nexodus/dist/rpm/mock/nexodus-0-0.1.$(date +%Y%m%d)git$(git describe --always --abbrev=6).${{ matrix.srpm_distro }}.src.rpm" | |
- name: Submit srpm to copr (deprecated repo) | |
run: | | |
echo "${{ secrets.COPR_CONFIG }}" > ~/.config/copr | |
docker run --name copr-cli-2 -v "$(pwd):/nexodus" -v ~/.config:/root/.config quay.io/nexodus/mock:latest \ | |
copr-cli build nexodus -r "$(echo ${{ matrix.mock_root }} | cut -f2 -d'+')" --nowait \ | |
"/nexodus/dist/rpm/mock/nexodus-0-0.1.$(date +%Y%m%d)git$(git describe --always --abbrev=6).${{ matrix.srpm_distro }}.src.rpm" | |
dispatch-ppa-build: | |
name: Dispatch PPA build | |
needs: ["build-images"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Dispatch PPA Build Workflow | |
run: | | |
curl -X POST \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
"${{ github.server_url }}/repos/${{ github.repository }}/actions/workflows/ppa-build.yml/dispatches" \ | |
-d '{"ref":"main"}' |