-
Notifications
You must be signed in to change notification settings - Fork 24
209 lines (185 loc) · 8.64 KB
/
Release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
name: Release
run-name: 'Release - ${{ inputs.oci-image-name }} - ${{ github.ref }}'
on:
workflow_dispatch:
inputs:
oci-image-name:
description: 'OCI image to run releases for'
required: true
image-trigger-cache-key:
description: 'Cache key (to fetch image trigger from cache)'
required: false
type: string
external_ref_id: #(1)
description: 'Optional ID for unique run detection'
required: false
type: string
default: "default-id"
jobs:
validate-push-release-request:
runs-on: ubuntu-22.04
name: Validate push release request
outputs:
oci-image-name: ${{ steps.get-image-name.outputs.img-name }}
steps:
- name: ${{ inputs.external_ref_id }} #(2)
run: echo 'Started by ${{ inputs.external_ref_id }}' >> "$GITHUB_STEP_SUMMARY"
- uses: actions/checkout@v3
- name: Infer number of image triggers
uses: tj-actions/changed-files@v35
id: changed-files
with:
dir_names: "true"
separator: ","
files: |
oci/*/image.y*ml
- name: Fail if more than one image
id: get-image-name
run: |
set -ex
img_dir="${{ steps.changed-files.outputs.all_changed_files }}"
occurrences="${img_dir//[^,]}"
if [ ${#occurrences} -ne 0 ]
then
echo "ERR: can only release 1 image at a time, but trying to release ${img_dir}"
exit 1
fi
echo "img-name=$(basename ${img_dir})" >> "$GITHUB_OUTPUT"
do-releases:
runs-on: ubuntu-22.04
name: Release
needs: [validate-push-release-request]
outputs:
gh-releases-matrix: ${{ steps.release-image.outputs.gh-releases-matrix }}
env:
IS_PROD: ${{ ! startsWith(inputs.oci-image-name, 'mock-') }}
steps:
- uses: actions/checkout@v3
- uses: actions/cache/restore@v3
if: ${{ inputs.image-trigger-cache-key != '' }}
with:
path: oci/${{ inputs.oci-image-name }}/image.yaml
key: ${{ inputs.image-trigger-cache-key }}
fail-on-cache-miss: true
- uses: actions/setup-python@v4
with:
python-version: "3.x"
- env:
ROCKS_DEV_LP_SSH_PRIVATE: ${{ secrets.ROCKS_DEV_LP_SSH_PRIVATE }}
ROCKS_DEV_LP_USERNAME: ${{ secrets.ROCKS_DEV_LP_USERNAME }}
CPC_BUILD_TOOLS_REPO: git.launchpad.net/~cloudware/cloudware/+git/cpc_build_tools
# CPC_BUILD_TOOLS_REPO_REF: 9b716ed8a8ba728d036b54b1bb17a8f49dbda434
SKOPEO_BRANCH: 'v1.9.1'
SKOPEO_URL: 'https://github.com/containers/skopeo'
run: |
./src/image/requirements.sh
pip install -r src/image/requirements.txt
- name: Get all revisions per track
id: get-all-canonical-tags
env:
OS_USERNAME: ${{ secrets.SWIFT_OS_USERNAME }}
OS_TENANT_NAME: ${{ secrets.SWIFT_OS_TENANT_NAME }}
OS_PASSWORD: ${{ secrets.SWIFT_OS_PASSWORD }}
OS_REGION_NAME: ${{ secrets.SWIFT_OS_REGION_NAME }}
OS_STORAGE_URL: ${{ secrets.SWIFT_OS_STORAGE_URL }}
IMAGE_NAME: ${{ inputs.oci-image-name }}
SWIFT_CONTAINER_NAME: ${{ vars.SWIFT_CONTAINER_NAME }}
run: ./src/image/get_canonical_tags_from_swift.sh
- name: Do releases from ${{ inputs.oci-image-name }}
id: release-image
env:
# GH has issues with boolean expressions
# https://github.com/actions/runner/issues/1483
DOCKER_HUB_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.DOCKER_HUB_CREDS_PSW || secrets.DOCKER_HUB_CREDS_PSW_DEV }}
DOCKER_HUB_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.DOCKER_HUB_CREDS_USR || secrets.DOCKER_HUB_CREDS_USR_DEV }}
# ACR_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.ACR_CREDS_USR || secrets.ACR_CREDS_USR_DEV }}
# ACR_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.ACR_CREDS_PSW || secrets.ACR_CREDS_PSW_DEV }}
ECR_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.ECR_CREDS_USR || secrets.ECR_CREDS_USR_DEV }}
ECR_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.ECR_CREDS_PSW || secrets.ECR_CREDS_PSW_DEV }}
# ECR_LTS_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.ECR_LTS_CREDS_USR || secrets.ECR_LTS_CREDS_USR_DEV }}
# ECR_LTS_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.ECR_LTS_CREDS_PSW || secrets.ECR_LTS_CREDS_PSW_DEV }}
# ACR_NAMESPACE: ${{ env.IS_PROD == 'true' && 'ubuntu.azurecr.io' || secrets.ACR_NAMESPACE_DEV }}
DOCKER_HUB_NAMESPACE: ${{ env.IS_PROD == 'true' && 'docker.io/ubuntu' || secrets.DOCKER_HUB_NAMESPACE_DEV }}
ECR_NAMESPACE: ${{ env.IS_PROD == 'true' && 'ubuntu' || secrets.ECR_NAMESPACE_DEV }}
# ECR_LTS_NAMESPACE: ${{ env.IS_PROD == 'true' && 'lts' || secrets.ECR_LTS_NAMESPACE_DEV }}
PYTHONUNBUFFERED: 1
run: |
set -ex
echo "Running in production? ${{ env.IS_PROD == 'true' && 'YES' || 'NO' }}"
python3 -m src.image.release \
--image-trigger oci/${{ inputs.oci-image-name }}/image.yaml \
--image-name ${{ inputs.oci-image-name }} \
--all-releases oci/${{ inputs.oci-image-name }}/_releases.json \
--all-revision-tags "${{ steps.get-all-canonical-tags.outputs.canonical-tags-file }}" \
--ghcr-repo "${{ github.repository_owner }}/oci-factory"
- run: git pull --quiet
- name: Commit oci/${{ inputs.oci-image-name }}/_releases.json
uses: actions-x/commit@v6
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
message: 'ci: automatically update oci/${{ inputs.oci-image-name }}/_releases.json, from ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
files: oci/${{ inputs.oci-image-name }}/_releases.json
dispatch-documentation:
runs-on: ubuntu-22.04
name: Dispatch documentation
needs: [do-releases]
steps:
- name: Run documentation
# Using this actions cause others can have this problem:
# https://github.com/convictional/trigger-workflow-and-wait/issues/61
uses: mathze/[email protected]
id: run-documentation
with:
token: ${{ secrets.GITHUB_TOKEN }}
ref: ${{ github.ref_name }}
fail-on-error: true
workflow-name: Documentation.yaml
payload: '{ "oci-image-name": "${{ inputs.oci-image-name }}"}'
use-marker-step: true
trigger-timeout: '30m'
run-id: dummy
- name: Write step summary
run: |
url='${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ steps.run-documentation.outputs.run-id }}'
echo " - Triggered documentation updates for '${{ inputs.oci-image-name }}' at [${url}](${url})" >> "$GITHUB_STEP_SUMMARY"
- name: Enforce docs conclusion
if: ${{ steps.run-documentation.outputs.run-conclusion != 'success' }}
# The previous step doesn't always raise an error
run: |
url='${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ steps.run-documentation.outputs.run-id }}'
echo "Failed to generate docs for '${{ inputs.oci-image-name }}' at [${url}](${url})."
exit 1
do-github-release:
runs-on: ubuntu-22.04
name: Github-Release
needs: [do-releases]
strategy:
fail-fast: true
matrix: ${{ fromJSON(needs.do-releases.outputs.gh-releases-matrix) }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ matrix.canonical-tag }}
- uses: dev-drprasad/[email protected]
# We force delete an existing tag because otherwise we won't get
# an email notification and the GH release will have the date from when
# it was created the first time (i.e. force-push won't update the date)
continue-on-error: true
with:
tag_name: ${{ matrix.release-name }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Create Git tag
uses: rickstaa/action-create-tag@v1
with:
tag: "${{ matrix.release-name }}"
message: "release(${{ matrix.name }}): Release image revision ${{ matrix.revision }} to ${{ matrix.channel }}"
github_token: ${{ secrets.ROCKSBOT_TOKEN }}
commit_sha: ${{ matrix.canonical-tag }}
force_push_tag: true
- uses: "softprops/action-gh-release@v1"
with:
name: "${{ matrix.release-name }}"
tag_name: "${{ matrix.release-name }}"
token: "${{ secrets.ROCKSBOT_TOKEN }}"