Skip to content

5. Spray artifact patch build #69

5. Spray artifact patch build

5. Spray artifact patch build #69

name: 5. Spray artifact patch build
on:
workflow_dispatch:
inputs:
branch:
type: string
description: 'branch of Kubespray'
required: true
commit_SHA1:
type: string
description: 'full commit SHA1 in which the branch located'
jobs:
check-inputs:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.check_inputs.outputs.tag }}
image_repo: ${{ steps.check_inputs.outputs.image_repo }}
spray_sha1: ${{ steps.check_inputs.outputs.spray_sha1 }}
spray_sha1_short: ${{ steps.check_inputs.outputs.spray_sha1_short }}
spray_release_num: ${{ steps.check_inputs.outputs.spray_release_num }}
spray_commit_timestamp: ${{ steps.check_inputs.outputs.spray_commit_timestamp }}
steps:
- name: ensure valid branch and commit
id: check_inputs
run: |
set -x
INPUTS_SPRAY_BRANCH=${{ inputs.branch }}
INPUTS_COMMIT_SHA1=${{ inputs.commit_SHA1 }}
SPRAY_BRANCH_SHA1=`git ls-remote -h https://github.com/kubernetes-sigs/kubespray.git ${INPUTS_SPRAY_BRANCH} | awk '{print $1}'`
if [[ -z "${SPRAY_BRANCH_SHA1}" ]]; then
echo "The specified branch '${INPUTS_SPRAY_BRANCH}' is nonexistent!" && exit 1
fi
SPRAY_SHA1=${SPRAY_BRANCH_SHA1}
git clone -b ${INPUTS_SPRAY_BRANCH} https://github.com/kubernetes-sigs/kubespray.git && cd kubespray
if [[ -n "${INPUTS_COMMIT_SHA1}" ]]; then
if [[ ${#INPUTS_COMMIT_SHA1} != 40 ]]; then
echo "Please specify the full commit SHA1!" && exit 1
fi
if ! git log --pretty="%H" | grep -q ${INPUTS_COMMIT_SHA1}; then
echo "The specifired commit SHA1 '${INPUTS_COMMIT_SHA1}' is not found in branch '${INPUTS_SPRAY_BRANCH}'"
fi
SPRAY_SHA1=${INPUTS_COMMIT_SHA1}
fi
ORGANIZATION_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F "/" '{print $1}' | tr '[:upper:]' '[:lower:]')
if [[ "${INPUTS_SPRAY_BRANCH}" == release-* ]]; then
TAG=${INPUTS_SPRAY_BRANCH#release-}-${SPRAY_SHA1:0:7}
else
TAG=${SPRAY_SHA1:0:7}
fi
echo image_repo=${ORGANIZATION_NAME} >> $GITHUB_OUTPUT
echo tag=${TAG} >> $GITHUB_OUTPUT
echo spray_sha1=${SPRAY_SHA1} >> $GITHUB_OUTPUT
echo spray_sha1_short=${SPRAY_SHA1:0:7} >> $GITHUB_OUTPUT
echo spray_release_num=${INPUTS_SPRAY_BRANCH#release-} >> $GITHUB_OUTPUT
echo spray_commit_timestamp=$(git show -s --format=%ct ${SPRAY_SHA1}) >> $GITHUB_OUTPUT
build-kubespray-image:
needs: check-inputs
uses: ./.github/workflows/call-build-imgs-for-spray.yaml
secrets: inherit
permissions:
packages: write
contents: read
with:
SPRAY_REF: ${{ needs.check-inputs.outputs.spray_sha1 }}
REPO: ${{ needs.check-inputs.outputs.image_repo }}
build-sprayjob-image:
needs: [check-inputs, build-kubespray-image]
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: sprayjob image build
uses: docker/[email protected]
with:
context: ./
file: build/images/spray-job/Dockerfile
build-args: |
SPRAY_TAG=${{ needs.check-inputs.outputs.spray_sha1_short }}
REPO=${{ needs.check-inputs.outputs.image_repo }}
SPRAY_COMMIT=${{ needs.check-inputs.outputs.spray_sha1_short }}
SPRAY_RELEASE=${{ needs.check-inputs.outputs.spray_release_num }}
SPRAY_COMMIT_TIMESTAMP=${{ needs.check-inputs.outputs.spray_commit_timestamp }}
github-token: ${{ secrets.GITHUB_TOKEN }}
push: true
provenance: false
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/spray-job:${{ needs.check-inputs.outputs.tag }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-airgap-patch-image:
needs: [check-inputs, build-kubespray-image]
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: airgap-patch image build
uses: docker/[email protected]
with:
context: ./
file: build/images/airgap-patch/Dockerfile
build-args: |
SPRAY_TAG=${{ needs.check-inputs.outputs.spray_sha1_short }}
REPO=${{ needs.check-inputs.outputs.image_repo }}
SPRAY_COMMIT=${{ needs.check-inputs.outputs.spray_sha1_short }}
SPRAY_RELEASE=${{ needs.check-inputs.outputs.spray_release_num }}
SPRAY_COMMIT_TIMESTAMP=${{ needs.check-inputs.outputs.spray_commit_timestamp }}
github-token: ${{ secrets.GITHUB_TOKEN }}
push: true
provenance: false
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/airgap-patch:${{ needs.check-inputs.outputs.tag }}
cache-from: type=gha
cache-to: type=gha,mode=max
gen-manifest:
needs: check-inputs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Git clone kubespray repo
uses: actions/checkout@v3
with:
repository: kubernetes-sigs/kubespray
ref: ${{ needs.check-inputs.outputs.spray_sha1 }}
path: ./kubespray
fetch-depth: 0
- name: Install yq tool
uses: mikefarah/[email protected]
- name: Generate Kubean manifest file
env:
SPRAY_TAG: ${{ needs.check-inputs.outputs.spray_sha1 }}
SPRAY_COMMIT: ${{ needs.check-inputs.outputs.spray_sha1_short }}
SPRAY_RELEASE: ${{ needs.check-inputs.outputs.spray_release_num }}
SPRAY_COMMIT_TIMESTAMP: ${{ needs.check-inputs.outputs.spray_commit_timestamp }}
run: |
bash artifacts/manage_version_cr.sh create_manifest
mkdir manifest && cp charts/kubean/templates/manifest.cr.yaml manifest/manifest-${{ needs.check-inputs.outputs.tag }}.yml
echo "manifest cr output:"
cat manifest/manifest-${{ needs.check-inputs.outputs.tag }}.yml
rm -rf kubespray/
- name: Push Kubean manifest to another repository
env:
REPO_OWNER: ${{ github.repository_owner }}
SSH_DEPLOY_KEY: ${{ secrets.SYNC_MANIFEST_PRIVATE_KEY }}
TAG: ${{ needs.check-inputs.outputs.tag }}
run: |
./hack/sync-manifest.sh
rm -rf manifest/
- name: Generate artifacts patch markdown doc
env:
IMAGE_REPO: ${{ needs.check-inputs.outputs.image_repo }}
run: |
python artifacts/gen_artifact_patch_md.py
mv artifacts.md docs/overrides/releases/artifacts.md
- name: Push artifact patch md
id: push_directory
uses: cpina/[email protected]
env:
SSH_DEPLOY_KEY: ${{ secrets.SYNC_RLS_PRIVATE_KEY }}
with:
source-directory: .
destination-github-username: ${{ github.repository_owner }}
destination-repository-name: kubean
user-email: kubean-robot@kubean-io
commit-message: Update artifacts.md, See ORIGIN_COMMIT from $GITHUB_REF
target-branch: main
show-artifacts:
needs: [check-inputs, build-kubespray-image, build-sprayjob-image, build-airgap-patch-image, gen-manifest]
runs-on: ubuntu-latest
steps:
- name: output artifacts
run: |
echo "ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/spray-job:${{ needs.check-inputs.outputs.tag }}"
echo "ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/airgap-patch:${{ needs.check-inputs.outputs.tag }}"
echo "https://github.com/kubean-io/kubean-manifest/blob/main/manifests/manifest-${{ needs.check-inputs.outputs.tag }}.yml"