-
Notifications
You must be signed in to change notification settings - Fork 18
130 lines (112 loc) · 5.08 KB
/
upload-artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: upload-artifacts
on:
push:
branches:
- master
paths:
- 'CHANGELOG.md'
workflow_dispatch:
jobs:
tag-and-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: parse-version-from-chart
run: |
VERSION=$(cat ./deploy/ydb-operator/Chart.yaml | sed -n 's/^version: //p' | tr -d '\"')
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: create-tag
uses: mathieudutour/github-tag-action@v6.2
with:
tag_prefix: ""
custom_tag: ${{ env.VERSION }}
github_token: ${{ github.token }}
- name: install-dependencies
run: |
HELM_PKG="helm-v3.10.3-linux-amd64.tar.gz"
curl -LO https://get.helm.sh/"${HELM_PKG}"
tar -zxvf "${HELM_PKG}"
mv ./linux-amd64/helm .
echo "$(pwd)" >> $GITHUB_PATH
- name: install-aws-cli
uses: unfor19/install-aws-cli-action@v1
with:
version: 2
- name: initialize-aws-cli
run: |
aws configure set aws_access_key_id ${{ secrets.CI_PUBLIC_HELM_S3_KEY_IDENTIFIER }}
aws configure set aws_secret_access_key ${{ secrets.CI_PUBLIC_HELM_S3_KEY_CONTENT }}
aws configure set region "ru-central1"
- name: install-yc
run: |
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash
echo "~/yandex-cloud/bin/" >> $GITHUB_PATH
- name: initialize-yc-cli
run: |
# Cloud: yc-ydbaas; catalogue: docker-images
# Cloud: ycr-public-registries; catalogue: cloud-public-images
#
# Service account has access rights in TWO clouds;
# they are synced internally through `iam-sync-configs` repo
yc config profile create private-docker-helm-public-docker
echo "$SA_KEYS_FOR_PRIVATE_DOCKER_HELM_AND_PUBLIC_DOCKER" > sa-key.json
yc config --profile private-docker-helm-public-docker set service-account-key sa-key.json
env:
SA_KEYS_FOR_PRIVATE_DOCKER_HELM_AND_PUBLIC_DOCKER: ${{ secrets.SA_KEYS_FOR_PRIVATE_DOCKER_HELM_AND_PUBLIC_DOCKER }}
- name: login-to-registries
run: |
cat sa-key.json | docker login --username json_key --password-stdin cr.yandex
yc --profile private-docker-helm-public-docker iam create-token | helm registry login cr.yandex/crpl7ipeu79oseqhcgn2/charts -u iam --password-stdin
- name: build-and-push-operator-image
run: |
# Public:
docker build -t cr.yandex/crpl7ipeu79oseqhcgn2/ydb-operator:"$VERSION" .
docker push cr.yandex/crpl7ipeu79oseqhcgn2/ydb-operator:"$VERSION"
# Private:
# no rebuild will happen, docker will fetch from cache and just retag:
docker build -t cr.yandex/crpsjg1coh47p81vh2lc/ydb-kubernetes-operator:"$VERSION" .
docker push cr.yandex/crpsjg1coh47p81vh2lc/ydb-kubernetes-operator:"$VERSION"
- name: package-and-push-helm-chart
run: |
make manifests
helm package ./deploy/ydb-operator
# Push into internal oci-based registry
helm push ./ydb-operator-"$VERSION".tgz oci://cr.yandex/crpl7ipeu79oseqhcgn2/charts
# Push into public s3-based registry
aws s3 --endpoint-url=https://storage.yandexcloud.net \
cp ./ydb-operator-"$VERSION".tgz s3://charts.ydb.tech/ydb-operator-"$VERSION".tgz
# Make sure that latest version is available in `helm repo search` later
mkdir charts
cp ./ydb-operator-"$VERSION".tgz ./charts
# Grab an old index, merge current chart into it, and upload back
aws --endpoint-url=https://storage.yandexcloud.net \
s3 cp s3://charts.ydb.tech/index.yaml ./old-index.yaml
helm repo index charts --merge ./old-index.yaml --url https://charts.ydb.tech
aws s3 --endpoint-url=https://storage.yandexcloud.net \
cp ./charts/index.yaml s3://charts.ydb.tech/index.yaml
- name: login-to-dockerhub
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
username: ydbplatform
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: retag-and-push-operator-image-to-dockerhub
run: |
docker build -t ydbplatform/ydb-kubernetes-operator:"$VERSION" .
docker push ydbplatform/ydb-kubernetes-operator:"$VERSION"
- name: append-artifacts-info-to-release-notes
run: |
echo "" >> .changes/v$VERSION.md
echo "### Docker images" >> .changes/v$VERSION.md
echo "New docker images are available from:" >> .changes/v$VERSION.md
echo "- ydbplatform/ydb-kubernetes-operator:$VERSION" >> .changes/v$VERSION.md
echo "- cr.yandex/yc/ydb-kubernetes-operator:$VERSION" >> .changes/v$VERSION.md
echo "" >> .changes/v$VERSION.md
echo "### Helm charts" >> .changes/v$VERSION.md
echo "New helm chart 'ydb-operator', version $VERSION is available from https://charts.ydb.tech" >> .changes/v$VERSION.md
- name: create-github-release
uses: softprops/action-gh-release@v1
with:
body_path: .changes/v${{ env.VERSION }}.md
tag_name: ${{ env.VERSION }}
env:
GITHUB_TOKEN: ${{ github.token }}