feat: Support OCI registries #270
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Pull Request Cockpit | |
on: | |
pull_request: | |
paths: | |
- ".github/workflows/pr_cockpit.yml" | |
- "rust/stackable-cockpitd/**" | |
- "rust/stackable-cockpit/**" | |
- "docs/modules/cockpit/**" | |
- "docs/modules/ROOT/**" | |
- "Cargo.lock" | |
- "deploy/**" | |
- "docker/**" | |
- "go.sum" | |
env: | |
RUST_VERSION: 1.83.0 | |
GO_VERSION: '^1.22.5' | |
CARGO_TERM_COLOR: always | |
CARGO_INCREMENTAL: "0" | |
CARGO_PROFILE_DEV_DEBUG: "0" | |
RUSTFLAGS: "-D warnings" | |
RUSTDOCFLAGS: "-D warnings" | |
RUST_LOG: "info" | |
DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev | |
jobs: | |
general-checks: | |
name: General Pull Request Checks | |
uses: ./.github/workflows/pr_general.yml | |
check-charts: | |
name: Helm Chart Check | |
runs-on: ubuntu-latest | |
needs: | |
- general-checks | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
with: | |
submodules: recursive | |
- name: Setup Helm | |
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | |
with: | |
version: v3.6.2 | |
- name: Setup Rust | |
uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Setup Rust Cache | |
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 | |
with: | |
key: pr-stackable-cockpit-chart | |
- name: Regenerate Charts | |
run: make regenerate-charts | |
- name: Checking that Helm Charts are up-to-date | |
run: git diff --exit-code | |
- name: Helm Charts not up-to-date | |
if: ${{ failure() }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!') | |
publish: | |
name: Publish ${{ matrix.runner.arch }} Image | |
permissions: | |
id-token: write | |
runs-on: ${{ matrix.runner.name }} | |
strategy: | |
matrix: | |
runner: | |
- {name: "ubuntu-latest", arch: "amd64"} | |
- {name: "ubicloud-standard-8-arm", arch: "arm64"} | |
env: | |
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} | |
OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build" | |
OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }} | |
OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" | |
outputs: | |
IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }} | |
needs: | |
- check-charts | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
with: | |
submodules: recursive | |
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # tag=v25 | |
- name: Setup Rust | |
uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Install cosign | |
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
- name: Install syft | |
uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2 | |
- name: Setup Rust Cache | |
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 | |
with: | |
key: pr-stackable-cockpit-chart | |
- name: Update Version | |
run: | | |
cargo install cargo-edit --version 0.11.11 | |
cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }} | |
# Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the | |
# default value in the makefile if called from this action, but not otherwise (i.e. when called locally). | |
# This is needed for the HELM_REPO variable. | |
- name: Build Docker Image and Helm Chart | |
run: make -e build | |
- name: Publish Docker Image and Helm Chart | |
if: ${{ !github.event.pull_request.head.repo.fork }} | |
run: make -e publish | |
- id: printtag | |
if: ${{ !github.event.pull_request.head.repo.fork }} | |
name: Output Image Name and Tag | |
run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" | |
create_manifest_list: | |
name: Build and publish manifest list | |
needs: | |
- publish | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
env: | |
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} | |
OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build" | |
OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }} | |
OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" | |
steps: | |
- name: Install cosign | |
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
submodules: recursive | |
# This step checks if the current run was triggered by a push to a pr (or a pr being created). | |
# If this is the case it changes the version of this project in all Cargo.toml files to include the suffix | |
# "-pr<prnumber>" so that the published artifacts can be linked to this PR. | |
- uses: stackabletech/cargo-install-action@main | |
with: | |
crate: cargo-edit | |
bin: cargo-set-version | |
- name: Update version if PR | |
if: ${{ github.event_name == 'pull_request' }} | |
run: cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }} | |
- name: Build manifest list | |
run: | | |
# Creating manifest list | |
make -e docker-manifest-list-build | |
# Pushing and signing manifest list | |
make -e docker-manifest-list-publish |