-
Notifications
You must be signed in to change notification settings - Fork 2
149 lines (146 loc) · 4.94 KB
/
pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
on:
push: {}
workflow_dispatch: {}
env:
XDG_CACHE_HOME: ${{ github.workspace }}/.cache/xdg
POETRY_CACHE_DIR: ${{ github.workspace }}/.cache/poetry
jobs:
setup:
runs-on: ubuntu-latest
outputs:
image-names: ${{ steps.image-names.outputs.image_names }}
images-ci: ${{ steps.paths-filter.outputs.images }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: paths-filter
with:
base: main
list-files: json
filters: |
images:
- 'images/**'
- run: |
set -x
wget https://github.com/mikefarah/yq/releases/download/v4.25.2/yq_linux_amd64 -O ${GITHUB_WORKSPACE}/yq
chmod +x ${GITHUB_WORKSPACE}/yq
- id: image-names
shell: bash
run: |
images=$(echo ${{ steps.paths-filter.outputs.images_files }} | yq -o=json -I0 '.[] |= sub("images/([^/]+)/.*$", "${1}") | unique' -)
echo "$images"
echo "IMAGE_NAMES=${images}" >> $GITHUB_OUTPUT
- run: echo ${{ steps.image-names.outputs.image_names }}
image-ci:
runs-on: ubuntu-latest
needs: ["setup"]
if: ${{ needs.setup.outputs.images-ci == 'true' }}
concurrency:
group: ${{ github.workflow }}-${{ matrix.image }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
packages: write
contents: read
strategy:
matrix:
image: ${{ fromJSON(needs.setup.outputs.image-names) }}
steps:
- uses: actions/checkout@v4
- name: Cache xdg
uses: actions/cache@v4
with:
path: ${{ env.XDG_CACHE_HOME }}
key: xdg-v1-${{ hashFiles('**/Makefile') }}
restore-keys: |
xdg-v1-
- name: Cache poetry
uses: actions/cache@v4
with:
path: ${{ env.POETRY_CACHE_DIR }}
key: poetry-v1-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
poetry-v1-
- name: Cache python venv
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/.venv
key: pyvenv-v1-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
pyvenv-v1-
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Setup Poetry
uses: Gr1N/setup-poetry@v9
- name: Run Poetry Install
id: toolchain
shell: bash
run: |
poetry install -vvv
- uses: crazy-max/ghaction-github-runtime@v3
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: Validate python
run: |
make VERBOSE=all validate-python
- name: Build images
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: ${{ matrix.image }}
run: |
export docker_image_build_args="--cache-from type=gha --cache-to type=gha,mode=max"
make VERBOSE=all validate-static build-images
- name: Tag images
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: ${{ matrix.image }}
run: |
make tag-images oci_remote_ref_prefixes=ghcr.io/${{ github.repository }}/e0/
make tag-images oci_remote_ref_prefixes=europe-north1-docker.pkg.dev/engineering-production-af50/images/
- name: Test images
env:
IMAGE_NAMES: ${{ matrix.image }}
run: |
make VERBOSE=all -j4 test
- name: Auth to GCP
if: github.ref == 'refs/heads/main'
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/943318002566/locations/global/workloadIdentityPools/github-actions/providers/github-actions-provider
service_account: gha-docker-images@engineering-production-af50.iam.gserviceaccount.com
create_credentials_file: true
- name: Login to GCP artifact registry
if: github.ref == 'refs/heads/main'
run: |
gcloud auth configure-docker europe-north1-docker.pkg.dev
- name: Push images
if: github.ref == 'refs/heads/main'
env:
IMAGE_NAMES: ${{ matrix.image }}
run: |
echo "${{ github.token }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
make push-images oci_remote_ref_prefixes=ghcr.io/${{ github.repository }}/e0/
make push-images oci_remote_ref_prefixes=europe-north1-docker.pkg.dev/engineering-production-af50/images/
techdocs:
permissions:
contents: read
id-token: write
packages: read
pull-requests: read
name: TechDocs
uses: coopnorge/github-workflow-techdocs/.github/workflows/techdocs.yaml@v0
build:
needs:
- image-ci
- techdocs
if: always()
runs-on: ubuntu-latest
steps:
- run: exit 1
name: "Catch errors"
if: |
needs.image-ci.result == 'failure' ||
needs.techdocs.result == 'failure'