Skip to content

apiserver: add a CA signing endpoint. #17

apiserver: add a CA signing endpoint.

apiserver: add a CA signing endpoint. #17

Workflow file for this run

name: deploy
concurrency: qa-${{ github.ref_name }}
on:
push:
branches: [main, playground]
jobs:
build-images:
name: Build Images
runs-on: ubuntu-latest
timeout-minutes: 90
environment: image-repositories
strategy:
matrix:
include:
- name: apiserver
tags: |
quay.io/nexodus/apiserver:latest
quay.io/nexodus/apiserver:${{ github.sha }}
quay.io/nexodus/apiserver:${{ github.ref_name }}
target:
- name: frontend
tags: |
quay.io/nexodus/frontend:latest
quay.io/nexodus/frontend:${{ github.sha }}
quay.io/nexodus/frontend:${{ github.ref_name }}
target:
- name: ipam
tags: |
quay.io/nexodus/go-ipam:latest
quay.io/nexodus/go-ipam:${{ github.sha }}
quay.io/nexodus/go-ipam:${{ github.ref_name }}
target:
- name: nexd
tags: |
quay.io/nexodus/nexd:latest
quay.io/nexodus/nexd:${{ github.sha }}
quay.io/nexodus/nexd:${{ github.ref_name }}
target:
- name: envsubst
tags: |
quay.io/nexodus/envsubst:latest
quay.io/nexodus/envsubst:${{ github.sha }}
quay.io/nexodus/envsubst:${{ github.ref_name }}
target:
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Login to Quay.io
uses: redhat-actions/podman-login@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_ROBOT_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_PASSWORD }}
- name: Build and push ${{ matrix.name }}
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
push: true
file: ./Containerfile.${{ matrix.name }}
tags: ${{ matrix.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
target: ${{ matrix.target }}
build-args: |
BUILD_PROFILE=prod
update-deployment:
name: Update Deployment
needs: ["build-images"]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
- name: Calculate Short SHA
id: gitsha
run: |
echo "short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
- name: Set up Kustomize
run: |
mkdir -p "$HOME/.local/bin"
pushd "$HOME/.local/bin"
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s 4.5.7
popd
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Update QA Images
run: |
pushd ./deploy/nexodus/overlays/released
kustomize edit set image "quay.io/nexodus/apiserver:${GITHUB_SHA}"
kustomize edit set image "quay.io/nexodus/frontend:${GITHUB_SHA}"
kustomize edit set image "quay.io/nexodus/go-ipam:${GITHUB_SHA}"
kustomize edit set image "quay.io/nexodus/envsubst:${GITHUB_SHA}"
yq -i kustomization.yaml
popd
- name: Check for changes
run: |
git diff --quiet || echo "COMMIT_CHANGES=1" >> "$GITHUB_ENV"
- name: Check for new commits in ${{ github.ref_name }}
run: |
git fetch origin
if [ "$(git log HEAD..origin/${{ github.ref_name }} --oneline | wc -l)" != "0" ]; then echo "COMMIT_CHANGES=0"; fi >> "$GITHUB_ENV"
- name: Commit and tag the release
id: "tag"
if: env.COMMIT_CHANGES == 1
shell: bash
run: |
TAG="qa-${{github.ref_name}}"
if [ "${{github.ref_name}}" == "main" ]; then
TAG="qa"
fi
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}"
MESSAGE=$(git log -1 --pretty=%B)
MESSAGE="[deploy] Update ${TAG} images to ${{ steps.gitsha.outputs.short }}:
${MESSAGE}"
git commit -am "$MESSAGE"
git tag "$TAG" --force
git push origin "$TAG" --force
publish-rpms:
if: github.ref_name == 'main'
runs-on: ubuntu-latest
environment: copr-repo
strategy:
matrix:
include:
- mock_root: fedora-38-x86_64
srpm_mock_root: fedora-38-x86_64
srpm_distro: fc38
- mock_root: fedora-38-aarch64
srpm_mock_root: fedora-38-x86_64
srpm_distro: fc38
- mock_root: fedora-39-x86_64
srpm_mock_root: fedora-39-x86_64
srpm_distro: fc39
- mock_root: fedora-39-aarch64
srpm_mock_root: fedora-39-x86_64
srpm_distro: fc39
- mock_root: centos-stream+epel-9-x86_64
srpm_mock_root: centos-stream+epel-9-x86_64
srpm_distro: el9
steps:
- uses: actions/checkout@v4
# Needed for building binaries to generate manpages
- name: Setup Go
uses: ./.github/actions/setup-go-env
- name: Install make
run: |
sudo apt -y install make
- name: Build srpm
run: |
MOCK_ROOT="${{ matrix.mock_root }}" SRPM_MOCK_ROOT="${{ matrix.srpm_mock_root }}" SRPM_DISTRO="${{ matrix.srpm_distro }}" make srpm
find dist
- name: Submit srpm to copr (nexodus repo)
run: |
echo "${{ secrets.NEXODUS_COPR_CONFIG }}" > ~/.config/copr
docker run --name copr-cli -v "$(pwd):/nexodus" -v ~/.config:/root/.config quay.io/nexodus/mock:latest \
copr-cli build nexodus -r "$(echo ${{ matrix.mock_root }} | cut -f2 -d'+')" --nowait \
"/nexodus/dist/rpm/mock/nexodus-0-0.1.$(date +%Y%m%d)git$(git describe --always --abbrev=6).${{ matrix.srpm_distro }}.src.rpm"
- name: Submit srpm to copr (deprecated repo)
run: |
echo "${{ secrets.COPR_CONFIG }}" > ~/.config/copr
docker run --name copr-cli-2 -v "$(pwd):/nexodus" -v ~/.config:/root/.config quay.io/nexodus/mock:latest \
copr-cli build nexodus -r "$(echo ${{ matrix.mock_root }} | cut -f2 -d'+')" --nowait \
"/nexodus/dist/rpm/mock/nexodus-0-0.1.$(date +%Y%m%d)git$(git describe --always --abbrev=6).${{ matrix.srpm_distro }}.src.rpm"
dispatch-ppa-build:
name: Dispatch PPA build
needs: ["build-images"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Dispatch PPA Build Workflow
run: |
curl -X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"${{ github.server_url }}/repos/${{ github.repository }}/actions/workflows/ppa-build.yml/dispatches" \
-d '{"ref":"main"}'