Merge pull request #4 from kingdon-ci/flux #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy website on push | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| # Check out fluxcd/website .github/workflows/netlify.yml | |
| # We should emulate this fully - it has a hook from the fluxcd/community | |
| # repository's github actions that enables community to trigger a deploy | |
| repository_dispatch: | |
| types: [trigger-workflow] | |
| # (That's what a repository_dispatch workflow is meant to be doing here) | |
| jobs: | |
| fermyon-deploy: | |
| permissions: | |
| # contents: write # Required for creating the GitHub release | |
| packages: write # Required for pushing to GitHub Container Registry | |
| id-token: write # Required for Cosign | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get latest flux-docs | |
| uses: actions/checkout@v4 | |
| - name: Get fluxcd/website (test-community) | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: fluxcd/website | |
| ref: test-community | |
| path: website | |
| # Prerequisites: | |
| - name: Setup Hugo | |
| uses: peaceiris/actions-hugo@v3 | |
| with: | |
| hugo-version: '0.122.0' | |
| extended: true | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '^1.21.0' | |
| # Build: | |
| - name: Build content | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # make production-build URL=https://docs-fluxcd-website-6lrhgsuf.fermyon.app/ | |
| pushd website | |
| pip install -r requirements.txt | |
| hugo version; popd | |
| make build | |
| pushd website/public | |
| rm -r flagger blog img/logos flux/cmd flux/components | |
| rm -r flux/installation img/diagrams | |
| rm -r flux/use-cases flux/guides flux/monitoring flux/migration | |
| rm -rf flux/gitops-toolkit img/screens shortcode-gallery img/*.png | |
| rm -r flux/cheatsheets # Get us below 200 (https://github.com/spinkube/containerd-shim-spin/issues/28) | |
| popd | |
| - name: Install Spin | |
| uses: fermyon/actions/spin/setup@v1 | |
| # Push: WASM | |
| - name: Push to OCI | |
| id: push | |
| uses: fermyon/actions/spin/push@v1 | |
| with: | |
| registry: ghcr.io | |
| registry_username: ${{ github.actor }} | |
| registry_password: ${{ secrets.GITHUB_TOKEN }} | |
| registry_reference: "ghcr.io/kingdon-ci/flux-docs/build:${{ github.run_id }}-2" | |
| manifest_file: spin.toml | |
| # Push: Docker WASM (alternate while spin registry push cannot be used) | |
| # - name: Set up QEMU | |
| # uses: docker/setup-qemu-action@v3 | |
| # - name: setup buildx | |
| # uses: docker/setup-buildx-action@v3 | |
| # - name: login to GitHub container registry | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: enable containerd image store | |
| # run: | | |
| # echo '{ "features": { "containerd-snapshotter": true } }' | sudo tee /etc/docker/daemon.json | |
| # sudo systemctl restart docker | |
| # Copied from https://github.com/spinkube/containerd-shim-spin/blob/main/.github/workflows/docker-build-push.yaml | |
| # - name: build and push | |
| # uses: docker/build-push-action@v5 | |
| # with: | |
| # push: true | |
| # tags: | | |
| # ghcr.io/kingdon-ci/flux-docs/build:${{ github.run_id }}-3 | |
| # ghcr.io/kingdon-ci/flux-docs/build:latest | |
| # context: . | |
| # platforms: wasi/wasm | |
| # provenance: false | |
| # Deploy: | |
| # - name: Deploy to Fermyon Cloud | |
| # uses: fermyon/actions/spin/deploy@v1 | |
| # with: | |
| # fermyon_token: ${{ secrets.FERMYON_CLOUD_TOKEN }} | |
| # run_build: false | |
| - name: Set up Flux CLI | |
| uses: fluxcd/flux2/[email protected] | |
| # Update: Kubernetes manifests | |
| - name: Set Image (Kustomize SpinApp) | |
| run: | | |
| pushd deploy/spin-app | |
| kustomize edit set image flux-docs/build=ghcr.io/kingdon-ci/flux-docs/build:${{ github.run_id }}-2 | |
| popd | |
| # Login: GHCR | |
| #(Moved up to Docker build action while spin registry push is not viable for us) | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install cosign | |
| uses: sigstore/[email protected] | |
| - name: Cosign version | |
| run: cosign version | |
| # Push: Kubernetes (Flux App) | |
| - name: Push manifests | |
| run: | | |
| flux push artifact \ | |
| oci://ghcr.io/kingdon-ci/flux-docs/manifests:latest \ | |
| --path=deploy \ | |
| --source=${{ github.repositoryUrl }} \ | |
| --revision="${{ github.ref_name }}@sha1:${{ github.sha }}" \ | |
| --annotations='org.opencontainers.image.description=Fluxcd.io website SpinKube manifests' | |
| # Sign: Kubernetes manifests | |
| - name: Sign OCI YAML manifests | |
| run: | | |
| # keyless mode | |
| cosign sign ghcr.io/kingdon-ci/flux-docs/manifests:latest -y | |
| # Sign: Spin app OCI artifact | |
| - name: Sign OCI WASM artifact | |
| run: | | |
| # keyless mode | |
| cosign sign ghcr.io/kingdon-ci/flux-docs/build:${{ github.run_id }}-2 -y |