-
Notifications
You must be signed in to change notification settings - Fork 6
153 lines (132 loc) · 5 KB
/
schemas.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Publish Kubernetes Schemas"
on:
# Allows manually triggering the workflow from the Github Actions UI
workflow_dispatch: {}
# Runs the workflow weekly at midnight (UTC)
schedule:
- cron: "0 0 * * 0"
push:
branches:
- "main"
paths:
- ".github/workflows/schemas.yaml"
env:
OCI_REPO: "oci://ghcr.io/szinn/kubernetes-schemas/${{ github.event.repository.name }}"
jobs:
publish-kubernetes-schemas:
name: Publish Kubernetes Schemas
runs-on: ["k8s-homelab"]
permissions:
contents: read
packages: write
steps:
- name: Setup Tools
shell: bash
run: |
sudo apt-get -qq update && \
sudo apt-get -qq install --no-install-recommends -y curl unzip git
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Kube Tools
uses: yokawasa/action-setup-kube-tools@5fe385031665158529decddddb51d6224422836e # v0.11.1
with:
setup-tools: kubectl
- name: Setup Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.11"
- name: Write kubeconfig
id: kubeconfig
uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2
with:
encodedString: ${{ secrets.KUBECONFIG }}
fileName: kubeconfig
- name: Generate Token
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1
id: app-token
with:
app-id: "${{ secrets.BOT_APP_ID }}"
private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
with:
token: "${{ steps.app-token.outputs.token }}"
- name: Download and run crd-extractor
env:
KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}"
shell: bash
run: |
curl -fsSL -o $GITHUB_WORKSPACE/crd-extractor.sh \
https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/Utilities/crd-extractor.sh
chmod +x $GITHUB_WORKSPACE/crd-extractor.sh
bash $GITHUB_WORKSPACE/crd-extractor.sh
- name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish schemas as OCI
run: |
flux push artifact $OCI_REPO:$(git rev-parse --short HEAD) \
--path="/home/runner/.datree/crdSchemas" \
--source="${{ github.repositoryUrl }}" \
--revision="main"
publish-kubernetes-schemas-web:
runs-on: ubuntu-latest
needs: ["publish-kubernetes-schemas"]
steps:
- name: Generate Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: "${{ secrets.BOT_APP_ID }}"
private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Checkout
uses: actions/checkout@v4
with:
token: "${{ steps.app-token.outputs.token }}"
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull schemas as OCI
run: |
mkdir -p /home/runner/crdSchemas
flux pull artifact $OCI_REPO:$(git rev-parse --short HEAD) --output /home/runner/crdSchemas
- name: Write nginx-unprivileged Dockerfile
run: |
cat <<EOF > /home/runner/crdSchemas/Dockerfile
FROM docker.io/nginxinc/nginx-unprivileged:latest
COPY --chown=nginx:nginx --chmod=755 . /usr/share/nginx/html
USER nginx
EOF
- name: Publish schemas as web container
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: /home/runner/crdSchemas
platforms: linux/amd64,linux/arm64
file: /home/runner/crdSchemas/Dockerfile
push: true
tags: |
ghcr.io/szinn/kubernetes-schemas-web:latest
cache-from: type=gha
cache-to: type=gha,mode=max
labels: |
org.opencontainers.image.source="${{ github.repositoryUrl }}"
org.opencontainers.image.authors="Scotte Zinn <[email protected]>"