-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (113 loc) · 4.51 KB
/
publish-schemas.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
name: "Publish Schemas"
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * 0"
push:
branches: ["main"]
paths: [".github/workflows/publish-schemas.yaml"]
jobs:
publish-manifests:
name: Publish Manifests
runs-on: ["arc-home-ops"]
steps:
- name: Setup Flux
uses: fluxcd/flux2/action@896e0fa46d5107a05e953dd0a5261d78a145ec8c # v2.3.0
- name: Setup Kube Tools
uses: yokawasa/action-setup-kube-tools@5fe385031665158529decddddb51d6224422836e # v0.11.1
with:
setup-tools: |
kubectl
- name: Setup Python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: 3.x
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup crd-extractor
uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # v1.11
with:
repository: datreeio/CRDs-catalog
latest: true
fileName: crd-extractor.zip
- name: Write kubeconfig
id: kubeconfig
uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2
with:
encodedString: ${{ secrets.KUBECONFIG }}
fileName: kubeconfig
- name: Run crd-extractor
env:
KUBECONFIG: ${{ steps.kubeconfig.outputs.filePath }}
run: |
unzip -j $GITHUB_WORKSPACE/crd-extractor.zip -d $GITHUB_WORKSPACE
bash $GITHUB_WORKSPACE/crd-extractor.sh
- name: Lowercase Owner Name
env:
REPO_OWNER: '${{ github.repository_owner }}'
run: |
echo "REPO_OWNER_LC=${REPO_OWNER,,}" >>${GITHUB_ENV}
- name: Generate tag
id: generate-tag
run: echo "tag=ghcr.io/${REPO_OWNER_LC}/manifests/kubernetes-schemas:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}"
- name: Publish manifests
run: |
flux push artifact oci://${{ steps.generate-tag.outputs.tag }} \
--path="/home/runner/.datree/crdSchemas" \
--source="${{ github.repositoryUrl }}" \
--revision="${{ github.ref_name }}@sha1:$(git rev-parse HEAD)"
- name: Tag manifests
run: flux tag artifact oci://${{ steps.generate-tag.outputs.tag }} --tag main
publish-web:
name: Publish Web
runs-on: ubuntu-latest
needs: ["publish-manifests"]
steps:
- name: Setup Flux
uses: fluxcd/flux2/action@896e0fa46d5107a05e953dd0a5261d78a145ec8c # v2.3.0
- name: Setup QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@3d68780484996aa9d417bb9016193885cdf1f299 # v3.6.0
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Lowercase Owner Name
env:
REPO_OWNER: '${{ github.repository_owner }}'
run: |
echo "REPO_OWNER_LC=${REPO_OWNER,,}" >>${GITHUB_ENV}
- name: Pull manifests
run: |
mkdir -p /home/runner/crdSchemas
flux pull artifact oci://ghcr.io/${REPO_OWNER_LC}/manifests/kubernetes-schemas:$(git rev-parse --short HEAD) --output /home/runner/crdSchemas
- name: Write nginx-unprivileged Dockerfile
run: |
cat <<EOF > /home/runner/crdSchemas/Dockerfile
FROM docker.io/nginxinc/nginx-unprivileged:latest
COPY --chown=nginx:nginx --chmod=755 . /usr/share/nginx/html
USER nginx
EOF
- name: Publish web container
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
with:
context: /home/runner/crdSchemas
platforms: linux/amd64,linux/arm64
file: /home/runner/crdSchemas/Dockerfile
push: true
tags: |
ghcr.io/${{ env.REPO_OWNER_LC }}/kubernetes-schemas:latest
cache-from: type=gha
cache-to: type=gha,mode=max
labels: |
org.opencontainers.image.source="${{ github.repositoryUrl }}"
org.opencontainers.image.authors="Jeff Davis <[email protected]>"