Skip to content

upload-artifacts

upload-artifacts #152

name: upload-artifacts
on:
push:
branches:
- master
paths:
- 'CHANGELOG.md'
workflow_dispatch:
jobs:
tag-and-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: get-latest-version
uses: miniscruff/changie-action@v2
with:
version: latest
args: latest
- name: get-latest-no-v-version
uses: miniscruff/changie-action@v2
with:
version: latest
# Echoes the same version as previous step, but without "v" prefix.
# Is used as a docker image tag in the release step.
# E.g. "v0.5.31" -> "0.5.31"
args: latest --remove-prefix
- name: create-tag
uses: mathieudutour/github-tag-action@v6.2
with:
tag_prefix: ""
custom_tag: ${{ steps.get-latest-version.outputs.output }}
github_token: ${{ github.token }}
- name: install-dependencies
run: |
HELM_PKG="helm-v3.10.3-linux-amd64.tar.gz"
curl -LO https://get.helm.sh/"${HELM_PKG}"
tar -zxvf "${HELM_PKG}"
mv ./linux-amd64/helm .
echo "$(pwd)" >> $GITHUB_PATH
- name: install-aws-cli
uses: unfor19/install-aws-cli-action@v1
with:
version: 2
- name: initialize-aws-cli
run: |
aws configure set aws_access_key_id ${{ secrets.CI_PUBLIC_HELM_S3_KEY_IDENTIFIER }}
aws configure set aws_secret_access_key ${{ secrets.CI_PUBLIC_HELM_S3_KEY_CONTENT }}
aws configure set region "ru-central1"
- name: install-yc
run: |
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash
echo "~/yandex-cloud/bin/" >> $GITHUB_PATH
- name: initialize-yc-cli
run: |
# Cloud: yc-ydbaas; catalogue: docker-images
# Cloud: ycr-public-registries; catalogue: cloud-public-images
#
# Service account has access rights in TWO clouds;
# they are synced internally through `iam-sync-configs` repo
yc config profile create private-docker-helm-public-docker
echo "$SA_KEYS_FOR_PRIVATE_DOCKER_HELM_AND_PUBLIC_DOCKER" > sa-key.json
yc config --profile private-docker-helm-public-docker set service-account-key sa-key.json
env:
SA_KEYS_FOR_PRIVATE_DOCKER_HELM_AND_PUBLIC_DOCKER: ${{ secrets.SA_KEYS_FOR_PRIVATE_DOCKER_HELM_AND_PUBLIC_DOCKER }}
- name: parse-version-from-chart
run: |
VERSION=$(cat ./deploy/ydb-operator/Chart.yaml | sed -n 's/^version: //p')
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: login-to-registries
run: |
cat sa-key.json | docker login --username json_key --password-stdin cr.yandex
yc --profile private-docker-helm-public-docker iam create-token | helm registry login cr.yandex/crpl7ipeu79oseqhcgn2/charts -u iam --password-stdin
- name: build-and-push-operator-image
run: |
# Public:
docker build -t cr.yandex/crpl7ipeu79oseqhcgn2/ydb-operator:"$VERSION" .
docker push cr.yandex/crpl7ipeu79oseqhcgn2/ydb-operator:"$VERSION"
# Private:
# no rebuild will happen, docker will fetch from cache and just retag:
docker build -t cr.yandex/crpsjg1coh47p81vh2lc/ydb-kubernetes-operator:"$VERSION" .
docker push cr.yandex/crpsjg1coh47p81vh2lc/ydb-kubernetes-operator:"$VERSION"
- name: package-and-push-helm-chart
run: |
helm package ./deploy/ydb-operator
# Push into internal oci-based registry
helm push ./ydb-operator-"$VERSION".tgz oci://cr.yandex/crpl7ipeu79oseqhcgn2/charts
# Push into public s3-based registry
aws s3 --endpoint-url=https://storage.yandexcloud.net \
cp ./ydb-operator-"$VERSION".tgz s3://charts.ydb.tech/ydb-operator-"$VERSION".tgz
# Make sure that latest version is available in `helm repo search` later
mkdir charts
cp ./ydb-operator-"$VERSION".tgz ./charts
# Grab an old index, merge current chart into it, and upload back
aws --endpoint-url=https://storage.yandexcloud.net \
s3 cp s3://charts.ydb.tech/index.yaml ./old-index.yaml
helm repo index charts --merge ./old-index.yaml --url https://charts.ydb.tech
aws s3 --endpoint-url=https://storage.yandexcloud.net \
cp ./charts/index.yaml s3://charts.ydb.tech/index.yaml