Merge pull request #34 from acend/build-tag-version

Create Image Version Tag on release
acend · Jan 5, 2022 · 3319f6e · 3319f6e
2 parents 3965e73 + 1145151
commit 3319f6e
Show file tree

Hide file tree

Showing 5 changed files with 109 additions and 67 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -1,4 +1,4 @@
-name: Build Training and Publish
+name: PR Build
 
 on:
   pull_request:
@@ -26,7 +26,7 @@ jobs:
           username: ${{ secrets.QUAYIO_USERNAME }}
           password: ${{ secrets.QUAYIO_TOKEN }}
       -
-        name: Build Latest Version
+        name: Build PR Version
         uses: docker/build-push-action@v2
         with:
           context: .

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
@@ -1,11 +1,4 @@
-# changeme 
-# Change the following parts to your current installation
-# - Helm Target Namespace
-# - Repository: you might need to change the name of your repository, depending on the choosen name
-# - Secrets
-#   - QUAYIO_API_TOKEN is needed for house keeping and removing old tagged images
-#   - KUBECONFIG_TEST content of the Kubeconfig File, Account must have access to the k8s namespace. It's used in the helm steps
-name: PRCleanup
+name: PR Cleanup
 on:
   pull_request:
     types: [closed]

diff --git a/.github/workflows/push-main.yaml b/.github/workflows/push-main.yaml
@@ -1,14 +1,4 @@
-# changeme 
-# Change the following parts to your current installation
-# - entire Docker Build steps accordingly to the amount of different versions or tags your building TRAINING_HUGO_ENV
-#   - Tags
-# - Helm Target Namespace
-# - Name of K8S Deployment to trigger and namespace
-# - Secrets
-#   - QUAYIO_USERNAME and QUAYIO_TOKEN must be set accordingly to your registry, existing users must have access to the repos
-#   - KUBECONFIG content of the Kubeconfig File, Account must have access to the k8s namespace. It's used in the helm steps
-
-name: Publish Main Version
+name: Build latest Version & release Helm Chart
 
 on:
   push:
@@ -68,14 +58,12 @@ jobs:
           context: .
           file: ./Dockerfile
           push: true
-          # changeme
           tags: |
             quay.io/acend/theia:latest
       -
         name: Run vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          # changeme
           image-ref: 'quay.io/acend/theia:latest'
           format: 'table'
           output: 'trivy-results.txt'
@@ -88,45 +76,4 @@ jobs:
         uses: actions/upload-artifact@v2
         with:
           name: trivy-results-main
-          path: trivy-results.txt
-  deploy:
-    needs: [release-helmchart, build]
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-        with:
-          submodules: recursive
-      - 
-        name: 'Install Helm'
-        uses: azure/setup-helm@v1
-        with:
-          version: v3.6.2
-      - 
-        name: Install Kubectl
-        uses: azure/setup-kubectl@v1
-        with:
-          version: v1.21.2
-      - 
-        name: Create KUBECONFIG
-        env:
-          KUBE_CONFIG: '${{ secrets.KUBECONFIG }}'
-        run: |
-          mkdir -p $HOME/.kube
-          echo "$KUBE_CONFIG" > $HOME/.kube/config
-      - 
-        name: Deploy Helm Release
-        env:
-          HELM_RELEASE: 'demo-webshell'
-          NAMESPACE: 'acend-webshell'
-          PASSWORD: '${{ secrets.WEBSHELL_TEST_PASSWORD }}'
-        run: |
-          helm upgrade $HELM_RELEASE webshell --install --wait --kubeconfig $HOME/.kube/config  --namespace=$NAMESPACE  --repo=https://acend.github.io/webshell-env/  --set password=$PASSWORD --values=helm-chart/values.yaml --atomic
-      - 
-        name: Redeploy Webshell
-        env:
-          NAMESPACE: 'acend-webshell'
-          HELM_RELEASE: 'demo-webshell'
-        run: |
-          kubectl rollout restart deployment/$HELM_RELEASE --kubeconfig $HOME/.kube/config --namespace $NAMESPACE
+          path: trivy-results.txt
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,102 @@
+name: Build & deploy Release Version
+
+on:
+  push:
+    tags:
+    - 'webshell-*' # This is created when push on main when Helm Chart version was changed
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to Quay.io Container Registry
+        uses: docker/login-action@v1 
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAYIO_USERNAME }}
+          password: ${{ secrets.QUAYIO_TOKEN }}
+
+      - 
+        name: Get the version # strip away "ref/tags/webshell-"
+        id: get_version
+        run: echo ::set-output name=VERSION::$(echo $GITHUB_REF | cut -d / -f 3 | sed 's/webshell-//g')
+
+      -
+        name: Build Release Version
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            quay.io/acend/theia:${{ steps.get_version.outputs.VERSION }}
+      -
+        name: Run vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'quay.io/acend/theia:${{ steps.get_version.outputs.VERSION }}'
+          format: 'table'
+          output: 'trivy-results.txt'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os'
+          severity: 'CRITICAL,HIGH'
+      -
+        name: Archive vulnerability scan results
+        uses: actions/upload-artifact@v2
+        with:
+          name: trivy-results-main
+          path: trivy-results.txt
+  deploy:
+    needs: [build]
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      - 
+        name: 'Install Helm'
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.6.2
+      - 
+        name: Install Kubectl
+        uses: azure/setup-kubectl@v1
+        with:
+          version: v1.21.2
+      - 
+        name: Create KUBECONFIG
+        env:
+          KUBE_CONFIG: '${{ secrets.KUBECONFIG }}'
+        run: |
+          mkdir -p $HOME/.kube
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
+      - 
+        name: Deploy Helm Release
+        env:
+          HELM_RELEASE: 'demo-webshell'
+          NAMESPACE: 'acend-webshell'
+          PASSWORD: '${{ secrets.WEBSHELL_TEST_PASSWORD }}'
+        run: |
+          helm upgrade $HELM_RELEASE webshell --install --wait --kubeconfig $HOME/.kube/config  --namespace=$NAMESPACE  --repo=https://acend.github.io/webshell-env/  --set password=$PASSWORD --values=helm-chart/values.yaml --atomic
+      - 
+        name: Redeploy Webshell
+        env:
+          NAMESPACE: 'acend-webshell'
+          HELM_RELEASE: 'demo-webshell'
+        run: |
+          kubectl rollout restart deployment/$HELM_RELEASE --kubeconfig $HOME/.kube/config --namespace $NAMESPACE
diff --git a/deploy/charts/webshell/Chart.yaml b/deploy/charts/webshell/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: webshell
 description: A Helm chart to deploy a webshell environment
 type: application
-version: 0.1.11
-appVersion: "latest"
+version: 0.1.12
+appVersion: "0.1.12"