changes #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: push | |
| jobs: | |
| test: | |
| # runs-on: registry.suse.com/bci/golang:1.23 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - uses: hadolint/[email protected] | |
| with: | |
| dockerfile: Dockerfile | |
| - uses: actions/setup-go@v1 | |
| with: | |
| go-version: '1.16' | |
| - name: go-test | |
| run: make test | |
| build: | |
| # runs-on: registry.suse.com/bci/golang:1.23 | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v2 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| # platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
| push: true | |
| tags: SUSE-Technical-Marketing/rancher-demo:${{ env.RELEASE_VERSION }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: SUSE-Technical-Marketing/rancher-demo:${{ env.RELEASE_VERSION }} | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| deploy-chart: | |
| # runs-on: registry.suse.com/bci/golang:1.23 | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Setup SSH Keys and known_hosts | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add - <<< "${{ secrets.CHART_REPO_PRIVATE_KEY }}" | |
| - uses: actions/setup-go@v1 | |
| with: | |
| go-version: '1.16' | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v1 | |
| with: | |
| version: v3.5.4 | |
| - name: Install jq | |
| run: sudo apt-get install jq | |
| - name: Bump chart | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| export PATH=${PATH}:`go env GOPATH`/bin | |
| go get github.com/davidrjonas/semver-cli | |
| git clone [email protected]:bashofmann/demo-charts.git | |
| cd demo-charts | |
| sed -i "s/appVersion:.*/appVersion: ${{ env.RELEASE_VERSION }}/g" charts/rancher-demo/Chart.yaml | |
| current_chart_version=$(cat charts/rancher-demo/Chart.yaml | grep "^version: .*" | grep -o "[0-9.]\+") | |
| next_chart_version=$(semver-cli inc minor $current_chart_version) | |
| echo "CHART_VERSION=${next_chart_version}" >> $GITHUB_ENV | |
| echo "Current chart version: $current_chart_version" | |
| echo "Next chart version: $next_chart_version" | |
| sed -i "s/version:.*/version: $next_chart_version/g" charts/rancher-demo/Chart.yaml | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git add . | |
| git commit -m "bump rancher-demo to ${{ env.RELEASE_VERSION }}" | |
| git push | |
| - uses: ifaxity/wait-on-action@v1 | |
| name: wait for helm release | |
| with: | |
| resource: https://github.com/bashofmann/demo-charts/releases/download/rancher-demo-${{ env.CHART_VERSION }}/rancher-demo-${{ env.CHART_VERSION }}.tgz | |
| interval: 10s | |
| deploy-fleet: | |
| # runs-on: registry.suse.com/bci/golang:1.23 | |
| runs-on: ubuntu-latest | |
| needs: deploy-chart | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Setup SSH Keys and known_hosts | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add - <<< "${{ secrets.FLEET_REPO_PRIVATE_KEY }}" | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v1 | |
| with: | |
| version: v3.5.4 | |
| - name: Install jq | |
| run: sudo apt-get install jq | |
| - name: Bump fleet | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| helm repo add demo-charts https://bashofmann.github.io/demo-charts | |
| next_chart_version=$(helm search repo rancher-demo -o json | jq -r '.[0].version') | |
| git clone [email protected]:bashofmann/rancher-k3s-fleet-examples.git | |
| cd rancher-k3s-fleet-examples | |
| sed -i "s/version: .*/version: $next_chart_version/g" cicd/rancher-demo/fleet.yaml | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git add . | |
| git commit -m "bump rancher-demo to $next_chart_version" | |
| git push |