Merge pull request #363 from vdice/ref/rm-rbac-proxy #538
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Image and Chart # and create GitHub release if v* tag | |
on: | |
push: | |
branches: [ main ] | |
tags: [ "v*" ] | |
pull_request: | |
branches: [ main ] | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
docker: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup version info | |
id: version | |
run: | | |
if [[ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ]]; then | |
echo "version=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
else | |
echo "version=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
fi | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Build and Push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
labels: ${{ steps.meta.outputs.labels }} | |
annotations: ${{ steps.meta.outputs.annotations }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
tags: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} | |
chart: | |
name: Publish chart | |
runs-on: ubuntu-latest | |
if: github.event_name != 'pull_request' | |
needs: [docker] | |
env: | |
APP_VERSION: ${{ needs.docker.outputs.version }} | |
CHART_REGISTRY: "ghcr.io/${{ github.repository_owner }}/charts" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Fetching all history as we may use the latest tag for versioning | |
# Unfortunately, just using 'fetch-tags: true' on the actions/checkout configuration | |
# above doesn't get what we need; see https://github.com/actions/checkout/issues/1471 | |
fetch-depth: 0 | |
- name: Install helm | |
uses: Azure/setup-helm@v4 | |
with: | |
version: v3.14.0 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.23.x' | |
cache: true | |
- name: Install dependencies | |
run: go mod download | |
- name: Determine chart version | |
run: | | |
if [[ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ]]; then | |
# NOTE: We remove the leading 'v' to comply with helm's versioning requirements | |
echo "CHART_VERSION=$(echo -n ${{ github.ref_name }} | sed -rn 's/(v)?(.*)/\2/p')" >> $GITHUB_ENV | |
else | |
# NOTE: 'git describe --tags --abbrev=0' always seems to return a commit; hence approach used below | |
echo "CHART_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1) | sed -rn 's/(v)?(.*)/\2/p')-${{ env.APP_VERSION }}" >> $GITHUB_ENV | |
fi | |
- name: Log into registry ${{ env.REGISTRY }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build chart | |
run: make helm-generate | |
- name: Package chart | |
run: make dist | |
- name: Lint packaged chart | |
run: | | |
# Remove staged chart directory and lint the packaged version | |
rm -rf _dist/spin-operator-${{ env.CHART_VERSION }} | |
helm lint _dist/spin-operator-${{ env.CHART_VERSION }}.tgz | |
- name: Upload chart and manifests as GitHub artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spin-operator | |
path: _dist | |
- name: Publish chart | |
run: make helm-publish | |
- name: Artifact summary - ${{ env.RELEASE_VERSION }} | |
run: | | |
echo '### Spin Operator artifacts published:' >> $GITHUB_STEP_SUMMARY | |
echo '- `Docker image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}`' >> $GITHUB_STEP_SUMMARY | |
echo '- `Helm chart reference: ${{ env.CHART_REGISTRY }}/spin-operator`' >> $GITHUB_STEP_SUMMARY | |
echo '- `Helm chart version: ${{ env.CHART_VERSION }}`' >> $GITHUB_STEP_SUMMARY | |
release: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: [chart] | |
env: | |
GH_TOKEN: ${{ github.token }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: download release assets | |
uses: actions/download-artifact@v4 | |
with: | |
name: spin-operator | |
path: _dist | |
- name: check if pre-release | |
shell: bash | |
run: | | |
if [[ ! "${{ github.ref_name }}" =~ ^v[0-9]+.[0-9]+.[0-9]+$ ]] | |
then | |
echo "PRERELEASE=--prerelease" >> "$GITHUB_ENV" | |
fi | |
- name: create GitHub release | |
run: | | |
gh release create ${{ github.ref_name }} _dist/* \ | |
--title ${{ github.ref_name }} \ | |
--generate-notes ${{ env.PRERELEASE }} |