5. Spray artifact patch build #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 5. Spray artifact patch build | |
on: | |
workflow_dispatch: | |
inputs: | |
branch: | |
type: string | |
description: 'branch of Kubespray' | |
required: true | |
commit_SHA1: | |
type: string | |
description: 'full commit SHA1 in which the branch located' | |
jobs: | |
check-inputs: | |
runs-on: ubuntu-latest | |
outputs: | |
tag: ${{ steps.check_inputs.outputs.tag }} | |
image_repo: ${{ steps.check_inputs.outputs.image_repo }} | |
spray_sha1: ${{ steps.check_inputs.outputs.spray_sha1 }} | |
spray_sha1_short: ${{ steps.check_inputs.outputs.spray_sha1_short }} | |
spray_release_num: ${{ steps.check_inputs.outputs.spray_release_num }} | |
spray_commit_timestamp: ${{ steps.check_inputs.outputs.spray_commit_timestamp }} | |
steps: | |
- name: ensure valid branch and commit | |
id: check_inputs | |
run: | | |
set -x | |
INPUTS_SPRAY_BRANCH=${{ inputs.branch }} | |
INPUTS_COMMIT_SHA1=${{ inputs.commit_SHA1 }} | |
SPRAY_BRANCH_SHA1=`git ls-remote -h https://github.com/kubernetes-sigs/kubespray.git ${INPUTS_SPRAY_BRANCH} | awk '{print $1}'` | |
if [[ -z "${SPRAY_BRANCH_SHA1}" ]]; then | |
echo "The specified branch '${INPUTS_SPRAY_BRANCH}' is nonexistent!" && exit 1 | |
fi | |
SPRAY_SHA1=${SPRAY_BRANCH_SHA1} | |
git clone -b ${INPUTS_SPRAY_BRANCH} https://github.com/kubernetes-sigs/kubespray.git && cd kubespray | |
if [[ -n "${INPUTS_COMMIT_SHA1}" ]]; then | |
if [[ ${#INPUTS_COMMIT_SHA1} != 40 ]]; then | |
echo "Please specify the full commit SHA1!" && exit 1 | |
fi | |
if ! git log --pretty="%H" | grep -q ${INPUTS_COMMIT_SHA1}; then | |
echo "The specifired commit SHA1 '${INPUTS_COMMIT_SHA1}' is not found in branch '${INPUTS_SPRAY_BRANCH}'" | |
fi | |
SPRAY_SHA1=${INPUTS_COMMIT_SHA1} | |
fi | |
ORGANIZATION_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F "/" '{print $1}' | tr '[:upper:]' '[:lower:]') | |
if [[ "${INPUTS_SPRAY_BRANCH}" == release-* ]]; then | |
TAG=${INPUTS_SPRAY_BRANCH#release-}-${SPRAY_SHA1:0:7} | |
else | |
TAG=${SPRAY_SHA1:0:7} | |
fi | |
echo image_repo=${ORGANIZATION_NAME} >> $GITHUB_OUTPUT | |
echo tag=${TAG} >> $GITHUB_OUTPUT | |
echo spray_sha1=${SPRAY_SHA1} >> $GITHUB_OUTPUT | |
echo spray_sha1_short=${SPRAY_SHA1:0:7} >> $GITHUB_OUTPUT | |
echo spray_release_num=${INPUTS_SPRAY_BRANCH#release-} >> $GITHUB_OUTPUT | |
echo spray_commit_timestamp=$(git show -s --format=%ct ${SPRAY_SHA1}) >> $GITHUB_OUTPUT | |
build-kubespray-image: | |
needs: check-inputs | |
uses: ./.github/workflows/call-build-imgs-for-spray.yaml | |
secrets: inherit | |
permissions: | |
packages: write | |
contents: read | |
with: | |
SPRAY_REF: ${{ needs.check-inputs.outputs.spray_sha1 }} | |
REPO: ${{ needs.check-inputs.outputs.image_repo }} | |
build-sprayjob-image: | |
needs: [check-inputs, build-kubespray-image] | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: sprayjob image build | |
uses: docker/[email protected] | |
with: | |
context: ./ | |
file: build/images/spray-job/Dockerfile | |
build-args: | | |
SPRAY_TAG=${{ needs.check-inputs.outputs.spray_sha1_short }} | |
REPO=${{ needs.check-inputs.outputs.image_repo }} | |
SPRAY_COMMIT=${{ needs.check-inputs.outputs.spray_sha1_short }} | |
SPRAY_RELEASE=${{ needs.check-inputs.outputs.spray_release_num }} | |
SPRAY_COMMIT_TIMESTAMP=${{ needs.check-inputs.outputs.spray_commit_timestamp }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
push: true | |
provenance: false | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/spray-job:${{ needs.check-inputs.outputs.tag }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-airgap-patch-image: | |
needs: [check-inputs, build-kubespray-image] | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: airgap-patch image build | |
uses: docker/[email protected] | |
with: | |
context: ./ | |
file: build/images/airgap-patch/Dockerfile | |
build-args: | | |
SPRAY_TAG=${{ needs.check-inputs.outputs.spray_sha1_short }} | |
REPO=${{ needs.check-inputs.outputs.image_repo }} | |
SPRAY_COMMIT=${{ needs.check-inputs.outputs.spray_sha1_short }} | |
SPRAY_RELEASE=${{ needs.check-inputs.outputs.spray_release_num }} | |
SPRAY_COMMIT_TIMESTAMP=${{ needs.check-inputs.outputs.spray_commit_timestamp }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
push: true | |
provenance: false | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/airgap-patch:${{ needs.check-inputs.outputs.tag }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
gen-manifest: | |
needs: check-inputs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Git clone kubespray repo | |
uses: actions/checkout@v3 | |
with: | |
repository: kubernetes-sigs/kubespray | |
ref: ${{ needs.check-inputs.outputs.spray_sha1 }} | |
path: ./kubespray | |
fetch-depth: 0 | |
- name: Install yq tool | |
uses: mikefarah/[email protected] | |
- name: Generate Kubean manifest file | |
env: | |
SPRAY_TAG: ${{ needs.check-inputs.outputs.spray_sha1 }} | |
SPRAY_COMMIT: ${{ needs.check-inputs.outputs.spray_sha1_short }} | |
SPRAY_RELEASE: ${{ needs.check-inputs.outputs.spray_release_num }} | |
SPRAY_COMMIT_TIMESTAMP: ${{ needs.check-inputs.outputs.spray_commit_timestamp }} | |
run: | | |
bash artifacts/manage_version_cr.sh create_manifest | |
mkdir manifest && cp charts/kubean/templates/manifest.cr.yaml manifest/manifest-${{ needs.check-inputs.outputs.tag }}.yml | |
echo "manifest cr output:" | |
cat manifest/manifest-${{ needs.check-inputs.outputs.tag }}.yml | |
rm -rf kubespray/ | |
- name: Push Kubean manifest to another repository | |
env: | |
REPO_OWNER: ${{ github.repository_owner }} | |
SSH_DEPLOY_KEY: ${{ secrets.SYNC_MANIFEST_PRIVATE_KEY }} | |
TAG: ${{ needs.check-inputs.outputs.tag }} | |
run: | | |
./hack/sync-manifest.sh | |
rm -rf manifest/ | |
- name: Generate artifacts patch markdown doc | |
env: | |
IMAGE_REPO: ${{ needs.check-inputs.outputs.image_repo }} | |
run: | | |
python artifacts/gen_artifact_patch_md.py | |
mv artifacts.md docs/overrides/releases/artifacts.md | |
- name: Push artifact patch md | |
id: push_directory | |
uses: cpina/[email protected] | |
env: | |
SSH_DEPLOY_KEY: ${{ secrets.SYNC_RLS_PRIVATE_KEY }} | |
with: | |
source-directory: . | |
destination-github-username: ${{ github.repository_owner }} | |
destination-repository-name: kubean | |
user-email: kubean-robot@kubean-io | |
commit-message: Update artifacts.md, See ORIGIN_COMMIT from $GITHUB_REF | |
target-branch: main | |
show-artifacts: | |
needs: [check-inputs, build-kubespray-image, build-sprayjob-image, build-airgap-patch-image, gen-manifest] | |
runs-on: ubuntu-latest | |
steps: | |
- name: output artifacts | |
run: | | |
echo "ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/spray-job:${{ needs.check-inputs.outputs.tag }}" | |
echo "ghcr.io/${{ needs.check-inputs.outputs.image_repo }}/airgap-patch:${{ needs.check-inputs.outputs.tag }}" | |
echo "https://github.com/kubean-io/kubean-manifest/blob/main/manifests/manifest-${{ needs.check-inputs.outputs.tag }}.yml" |