chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.19.1 #287
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Google Artifact Registry images -> Chart -> Rollout | GitHub Release | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - '.github/workflows/codeql-analysis.yml' | |
| - '.github/workflows/test-*.yaml' | |
| - 'actions/testoidc/*' | |
| - 'deploy/testdata/*' | |
| - '*.md' | |
| env: | |
| GOOGLE_REGISTRY: "europe-north1-docker.pkg.dev" | |
| jobs: | |
| build_and_push: | |
| name: Build, push and sign images | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| strategy: | |
| matrix: | |
| component: | |
| - hookd | |
| - deploy | |
| - deployd | |
| - canary-deployer | |
| - deploy-action | |
| include: | |
| - component: hookd | |
| chart: true | |
| - component: deployd | |
| chart: true | |
| steps: | |
| - uses: actions/checkout@v4 # ratchet:exclude | |
| - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # ratchet:azure/setup-helm@v3 | |
| if: matrix.chart | |
| with: | |
| version: "v3.11.1" | |
| - name: "Build and push image" | |
| uses: nais/platform-build-push-sign@main # ratchet:exclude | |
| id: build_push_sign | |
| with: | |
| dockerfile: Dockerfile.${{ matrix.component }} | |
| name: ${{ matrix.component }} | |
| google_service_account: gh-deploy | |
| workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }} | |
| push: ${{ github.actor != 'dependabot[bot]' && github.ref == 'refs/heads/master' }} | |
| - name: "Package chart" | |
| if: matrix.chart | |
| id: package_chart | |
| env: | |
| CHART_PATH: ./charts/${{ matrix.component }} | |
| run: | | |
| base_version="$(yq '.version' < "${{ env.CHART_PATH }}/Chart.yaml")" | |
| chart_version="${base_version}-${{ steps.build_push_sign.outputs.version }}" | |
| yq eval \ | |
| '.version="'"$chart_version"'"' \ | |
| "${{ env.CHART_PATH }}/Chart.yaml" --inplace | |
| yq eval \ | |
| '.image.tag="${{ steps.build_push_sign.outputs.version }}"' \ | |
| "${{ env.CHART_PATH }}/values.yaml" --inplace | |
| # helm dependency update "${{ env.CHART_PATH }}" | |
| helm package "${{ env.CHART_PATH }}" --destination . | |
| name=$(yq '.name' < "${{ env.CHART_PATH }}/Chart.yaml") | |
| echo "${{ matrix.component }}_name=$name" >> $GITHUB_OUTPUT | |
| echo "${{ matrix.component }}_version=$chart_version" >> $GITHUB_OUTPUT | |
| echo "archive=$name-$chart_version.tgz" >> $GITHUB_OUTPUT | |
| - name: "Authenticate to Google Cloud" | |
| if: matrix.chart && github.ref == 'refs/heads/master' | |
| id: "auth" | |
| uses: "google-github-actions/auth@v1" # ratchet:exclude | |
| with: | |
| workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: "[email protected]" | |
| token_format: "access_token" | |
| - name: "Log in to Google Artifact Registry" | |
| if: matrix.chart && github.ref == 'refs/heads/master' | |
| run: |- | |
| echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://${{ env.GOOGLE_REGISTRY }} | |
| - name: "Push Chart" | |
| if: matrix.chart && github.ref == 'refs/heads/master' | |
| run: |- | |
| chart="${{ steps.package_chart.outputs.archive }}" | |
| echo "Pushing: $chart" | |
| helm push "$chart" oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature | |
| outputs: | |
| hookd_chart_name: ${{ steps.package_chart.outputs.hookd_name }} | |
| hookd_chart_version: ${{ steps.package_chart.outputs.hookd_version }} | |
| deployd_chart_name: ${{ steps.package_chart.outputs.deployd_name }} | |
| deployd_chart_version: ${{ steps.package_chart.outputs.deployd_version }} | |
| rollout: | |
| runs-on: fasit-deploy | |
| if: github.ref == 'refs/heads/master' | |
| permissions: | |
| id-token: write | |
| needs: | |
| - build_and_push | |
| steps: | |
| - name: "Rollout hookd" | |
| uses: nais/fasit-deploy@v2 # ratchet:exclude | |
| with: | |
| chart: oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature/${{ needs.build_and_push.outputs.hookd_chart_name }} | |
| version: ${{ needs.build_and_push.outputs.hookd_chart_version }} | |
| - name: "Rollout deployd" | |
| uses: nais/fasit-deploy@v2 # ratchet:exclude | |
| with: | |
| chart: oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature/${{ needs.build_and_push.outputs.deployd_chart_name }} | |
| version: ${{ needs.build_and_push.outputs.deployd_chart_version }} | |
| release: | |
| name: Release GitHub Action / binaries | |
| if: github.ref == 'refs/heads/master' | |
| needs: | |
| - build_and_push | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 # ratchet:exclude | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: 'stable' | |
| - name: Force create tag | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git remote set-url origin "https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" | |
| git tag -f $(cat actions/deploy/version) | |
| git push -f --tags | |
| - name: Create deploy binaries | |
| run: | | |
| make deploy-release-linux | |
| make deploy-release-darwin | |
| make deploy-release-windows | |
| - name: Delete release if exists | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| latest=$(curl https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest) | |
| tag=$(echo $latest | jq .tag_name | xargs) # xargs strips quotes | |
| if grep -q "$tag" actions/deploy/version; then | |
| release_id=$(echo $latest | jq .id) | |
| curl -X DELETE https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@api.github.com/repos/${GITHUB_REPOSITORY}/releases/${release_id} | |
| fi | |
| - name: Create Release | |
| id: create_release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| release=$(curl -X POST \ | |
| -d '{"tag_name": "'"$(cat actions/deploy/version)"'"}' \ | |
| -H "Content-Type: application/json" \ | |
| https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@api.github.com/repos/${GITHUB_REPOSITORY}/releases) | |
| echo "release_id=$(echo $release | jq .id)" >> ${GITHUB_OUTPUT} | |
| - name: Upload Linux Asset | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BINARY: deploy-linux | |
| run: | | |
| curl -X POST \ | |
| -H 'Content-Type: application/x-executable' \ | |
| --data-binary @${BINARY} \ | |
| https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.create_release.outputs.release_id }}/assets?name=${BINARY} | |
| - name: Upload Darwin Asset | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BINARY: deploy-darwin | |
| run: | | |
| curl -X POST \ | |
| -H 'Content-Type: application/x-executable' \ | |
| --data-binary @${BINARY} \ | |
| https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.create_release.outputs.release_id }}/assets?name=${BINARY} | |
| - name: Upload Windows Asset | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BINARY: deploy-windows | |
| run: | | |
| curl -X POST \ | |
| -H 'Content-Type: application/x-executable' \ | |
| --data-binary @${BINARY} \ | |
| https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.create_release.outputs.release_id }}/assets?name=${BINARY} |