Build and Publish Images #310

Workflow file for this run

.github/workflows/build-and-publish-images.yaml at 2af6b73

	name: Build and Publish Images

	on:
	workflow_dispatch:
	inputs:
	target_platforms:
	type: choice
	description: Platforms
	options:
	- linux/amd64
	- linux/arm64
	- linux/amd64,linux/arm64
	push:
	tags:
	- "[0-9]+.[0-9]+.[0-9]+"
	- "[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"
	- "[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"
	- "[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"

	jobs:
	publish-generic-images:
	name: Publish
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	include:
	- image: docker-registry
	- image: pause-container
	- image: session-manager
	- image: training-portal
	- image: secrets-manager
	- image: tunnel-manager
	- image: image-cache
	- image: assets-server

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate platforms
	shell: bash
	run: \|
	TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}"
	if [ -z "$TARGET_PLATFORMS" ]; then
	TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}"
	fi
	if [ -z "$TARGET_PLATFORMS" ]; then
	IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
	if [ $IS_FORK == "true" ]; then
	TARGET_PLATFORMS="linux/amd64"
	else
	TARGET_PLATFORMS="linux/amd64,linux/arm64"
	fi
	fi
	echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV}

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@v3
	# related issues for pinning buildkit
	# https://github.com/docker/build-push-action/issues/761
	# https://github.com/containerd/containerd/issues/7972
	# https://github.com/containerd/containerd/pull/6995
	with:
	driver-opts: \|
	image=moby/buildkit:v0.10.6

	- name: Restore Docker cache (amd64)
	if: ${{ (matrix.image == 'secrets-manager') \|\| (matrix.image == 'session-manager') \|\| (matrix.image == 'training-portal') \|\| (matrix.image == 'tunnel-manager') }}
	uses: actions/cache/restore@v4
	with:
	path: /tmp/.buildx-cache-amd64-new
	key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}
	restore-keys: \|
	${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-

	- name: Restore Docker cache (arm64)
	if: ${{ (matrix.image == 'secrets-manager') \|\| (matrix.image == 'session-manager') \|\| (matrix.image == 'training-portal') \|\| (matrix.image == 'tunnel-manager') }}
	uses: actions/cache/restore@v4
	with:
	path: /tmp/.buildx-cache-arm64-new
	key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}
	restore-keys: \|
	${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-

	- name: Rename cache directories
	run: \|
	test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old \|\| true
	test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old \|\| true
	du -ks /tmp/.buildx-cache-* \|\| true

	- name: Generate container image metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/${{env.REPOSITORY_OWNER}}/educates-${{matrix.image}}
	tags: \|
	type=ref,event=branch
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}

	- name: Login to GitHub container registry
	uses: docker/login-action@v3
	with:
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}
	registry: ghcr.io

	- name: Build and push ${{matrix.image}} image
	uses: docker/build-push-action@v5
	with:
	context: ${{matrix.image}}
	platforms: ${{env.TARGET_PLATFORMS}}
	tags: ${{steps.meta.outputs.tags}}
	cache-from: \|
	type=local,src=/tmp/.buildx-cache-arm64-old
	type=local,src=/tmp/.buildx-cache-amd64-old
	push: true

	- name: Cache build ${{matrix.image}} (amd64)
	if: contains(env.TARGET_PLATFORMS, 'linux/amd64')
	uses: docker/build-push-action@v5
	with:
	context: ${{matrix.image}}
	platforms: linux/amd64
	cache-from: type=local,src=/tmp/.buildx-cache-amd64-old
	cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new
	push: false

	- name: Cache build ${{matrix.image}} (arm64)
	if: contains(env.TARGET_PLATFORMS, 'linux/arm64')
	uses: docker/build-push-action@v5
	with:
	context: ${{matrix.image}}
	platforms: linux/arm64
	cache-from: type=local,src=/tmp/.buildx-cache-arm64-old
	cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new
	push: false

	- name: Dump cache directory sizes
	if: ${{ (matrix.image == 'secrets-manager') \|\| (matrix.image == 'session-manager') \|\| (matrix.image == 'training-portal') \|\| (matrix.image == 'tunnel-manager') }}
	run: \|
	du -ks /tmp/.buildx-cache-* \|\| true

	- name: Save Docker cache (amd64)
	if: ${{ (matrix.image == 'secrets-manager') \|\| (matrix.image == 'session-manager') \|\| (matrix.image == 'training-portal') \|\| (matrix.image == 'tunnel-manager') }}
	uses: actions/cache/save@v4
	with:
	path: /tmp/.buildx-cache-amd64-new
	key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}

	- name: Save Docker cache (arm64)
	if: ${{ (matrix.image == 'secrets-manager') \|\| (matrix.image == 'session-manager') \|\| (matrix.image == 'training-portal') \|\| (matrix.image == 'tunnel-manager') }}
	uses: actions/cache/save@v4
	with:
	path: /tmp/.buildx-cache-arm64-new
	key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}

	publish-workshop-base-image:
	name: Publish (base-environment)
	runs-on: ubuntu-latest

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate platforms
	shell: bash
	run: \|
	TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}"
	if [ -z "$TARGET_PLATFORMS" ]; then
	TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}"
	fi
	if [ -z "$TARGET_PLATFORMS" ]; then
	IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
	if [ $IS_FORK == "true" ]; then
	TARGET_PLATFORMS="linux/amd64"
	else
	TARGET_PLATFORMS="linux/amd64,linux/arm64"
	fi
	fi
	echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV}

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@v3
	# related issues for pinning buildkit
	# https://github.com/docker/build-push-action/issues/761
	# https://github.com/containerd/containerd/issues/7972
	# https://github.com/containerd/containerd/pull/6995
	with:
	driver-opts: \|
	image=moby/buildkit:v0.10.6

	- name: Verify docker daemon image contents
	run: \|
	docker images

	- name: Remove unwanted images to free storage space
	run: \|
	docker rmi node:14 \|\| true
	docker rmi node:16 \|\| true
	docker rmi node:18 \|\| true
	docker rmi node:20 \|\| true
	docker images prune

	- name: Restore Docker cache (amd64)
	uses: actions/cache/restore@v4
	with:
	path: /tmp/.buildx-cache-amd64-new
	key: ${{runner.os}}-buildx-cache-amd64-base-environment-${{github.sha}}
	restore-keys: \|
	${{runner.os}}-buildx-cache-amd64-base-environment-

	- name: Restore Docker cache (arm64)
	uses: actions/cache/restore@v4
	with:
	path: /tmp/.buildx-cache-arm64-new
	key: ${{runner.os}}-buildx-cache-arm64-base-environment-${{github.sha}}
	restore-keys: \|
	${{runner.os}}-buildx-cache-arm64-base-environment-

	- name: Rename cache directories
	run: \|
	test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old \|\| true
	test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old \|\| true
	du -ks /tmp/.buildx-cache-* \|\| true

	- name: Generate container image metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/${{env.REPOSITORY_OWNER}}/educates-base-environment
	tags: \|
	type=ref,event=branch
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=sha

	- name: Login to GitHub container registry
	uses: docker/login-action@v3
	with:
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}
	registry: ghcr.io

	- name: Build and push base-environment image
	uses: docker/build-push-action@v5
	with:
	context: workshop-images/base-environment
	platforms: ${{env.TARGET_PLATFORMS}}
	tags: ${{steps.meta.outputs.tags}}
	cache-from: \|
	type=local,src=/tmp/.buildx-cache-arm64-old
	type=local,src=/tmp/.buildx-cache-amd64-old
	push: true

	- name: Cache build ${{matrix.image}} (amd64)
	if: contains(env.TARGET_PLATFORMS, 'linux/amd64')
	uses: docker/build-push-action@v5
	with:
	context: workshop-images/base-environment
	platforms: linux/amd64
	cache-from: type=local,src=/tmp/.buildx-cache-amd64-old
	cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new
	push: false

	- name: Remove old cache directories
	run: \|
	rm -rf /tmp/.buildx-cache-amd64-old

	- name: Cache build ${{matrix.image}} (arm64)
	if: contains(env.TARGET_PLATFORMS, 'linux/arm64')
	uses: docker/build-push-action@v5
	with:
	context: workshop-images/base-environment
	platforms: linux/arm64
	cache-from: type=local,src=/tmp/.buildx-cache-arm64-old
	cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new
	push: false

	- name: Dump cache directory sizes
	run: \|
	du -ks /tmp/.buildx-cache-* \|\| true

	- name: Save Docker cache (amd64)
	uses: actions/cache/save@v4
	with:
	path: /tmp/.buildx-cache-amd64-new
	key: ${{runner.os}}-buildx-cache-amd64-base-environment-${{github.sha}}

	- name: Save Docker cache (arm64)
	uses: actions/cache/save@v4
	with:
	path: /tmp/.buildx-cache-arm64-new
	key: ${{runner.os}}-buildx-cache-arm64-base-environment-${{github.sha}}

	publish-workshop-images:
	name: Publish
	runs-on: ubuntu-latest
	needs:
	- publish-workshop-base-image

	strategy:
	fail-fast: false
	matrix:
	include:
	- image: jdk8-environment
	- image: jdk11-environment
	- image: jdk17-environment
	- image: jdk21-environment
	- image: conda-environment

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate platforms
	shell: bash
	run: \|
	TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}"
	if [ -z "$TARGET_PLATFORMS" ]; then
	TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}"
	fi
	if [ -z "$TARGET_PLATFORMS" ]; then
	IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
	if [ $IS_FORK == "true" ]; then
	TARGET_PLATFORMS="linux/amd64"
	else
	TARGET_PLATFORMS="linux/amd64,linux/arm64"
	fi
	fi
	echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV}

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
	echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@v3
	# related issues for pinning buildkit
	# https://github.com/docker/build-push-action/issues/761
	# https://github.com/containerd/containerd/issues/7972
	# https://github.com/containerd/containerd/pull/6995
	with:
	driver-opts: \|
	image=moby/buildkit:v0.10.6

	- name: Verify docker daemon image contents
	run: \|
	docker images

	- name: Remove unwanted images to free storage space
	run: \|
	docker rmi node:14 \|\| true
	docker rmi node:16 \|\| true
	docker rmi node:18 \|\| true
	docker rmi node:20 \|\| true
	docker images prune

	- name: Restore Docker cache (amd64)
	if: ${{ (matrix.image == 'conda-environment') }}
	uses: actions/cache/restore@v4
	with:
	path: /tmp/.buildx-cache-amd64-new
	key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}
	restore-keys: \|
	${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-

	- name: Restore Docker cache (arm64)
	if: ${{ (matrix.image == 'conda-environment') }}
	uses: actions/cache/restore@v4
	with:
	path: /tmp/.buildx-cache-arm64-new
	key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}
	restore-keys: \|
	${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-

	- name: Rename cache directories
	run: \|
	test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old \|\| true
	test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old \|\| true
	du -ks /tmp/.buildx-cache-* \|\| true

	- name: Generate container image metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/${{env.REPOSITORY_OWNER}}/educates-${{matrix.image}}
	tags: \|
	type=ref,event=branch
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}

	- name: Login to GitHub container registry
	uses: docker/login-action@v3
	with:
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}
	registry: ghcr.io

	- name: Build and push ${{matrix.image}} image
	uses: docker/build-push-action@v5
	with:
	context: workshop-images/${{matrix.image}}
	platforms: ${{env.TARGET_PLATFORMS}}
	tags: ${{steps.meta.outputs.tags}}
	build-args: \|
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	BASE_IMAGE_NAME=educates-base-environment
	PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
	cache-from: \|
	type=local,src=/tmp/.buildx-cache-arm64-old
	type=local,src=/tmp/.buildx-cache-amd64-old
	push: true

	- name: Cache build ${{matrix.image}} (amd64)
	if: contains(env.TARGET_PLATFORMS, 'linux/amd64')
	uses: docker/build-push-action@v5
	with:
	context: workshop-images/${{matrix.image}}
	platforms: linux/amd64
	build-args: \|
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	BASE_IMAGE_NAME=educates-base-environment
	PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
	cache-from: type=local,src=/tmp/.buildx-cache-amd64-old
	cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new
	push: false

	- name: Remove old cache directories
	run: \|
	rm -rf /tmp/.buildx-cache-amd64-old

	- name: Cache build ${{matrix.image}} (arm64)
	if: contains(env.TARGET_PLATFORMS, 'linux/arm64')
	uses: docker/build-push-action@v5
	with:
	context: workshop-images/${{matrix.image}}
	platforms: linux/arm64
	build-args: \|
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	BASE_IMAGE_NAME=educates-base-environment
	PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
	cache-from: type=local,src=/tmp/.buildx-cache-arm64-old
	cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new
	push: false

	- name: Dump cache directory sizes
	if: ${{ (matrix.image == 'conda-environment') }}
	run: \|
	du -ks /tmp/.buildx-cache-* \|\| true

	- name: Save Docker cache (amd64)
	if: ${{ (matrix.image == 'conda-environment') }}
	uses: actions/cache/save@v4
	with:
	path: /tmp/.buildx-cache-amd64-new
	key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}

	- name: Save Docker cache (arm64)
	if: ${{ (matrix.image == 'conda-environment') }}
	uses: actions/cache/save@v4
	with:
	path: /tmp/.buildx-cache-arm64-new
	key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}

	publish-carvel-bundles:
	name: Bundle
	runs-on: ubuntu-latest
	needs:
	- publish-generic-images
	- publish-workshop-images

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Install Carvel tools
	shell: bash
	run: curl -L https://carvel.dev/install.sh \| bash

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
	echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}
	echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV}

	- name: Publish educates-cluster-essentials bundle
	shell: bash
	run: \|
	ytt -f carvel-packages/cluster-essentials/bundle/config \| kbld -f - \
	--imgpkg-lock-output carvel-packages/cluster-essentials/bundle/.imgpkg/images.yml
	imgpkg push \
	-b ghcr.io/${{env.REPOSITORY_OWNER}}/educates-cluster-essentials:${{env.REPOSITORY_TAG}} \
	-f carvel-packages/cluster-essentials/bundle \
	--registry-username=${{github.actor}} \
	--registry-password=${{secrets.GITHUB_TOKEN}}
	ytt -f carvel-packages/cluster-essentials/bundle \
	--data-values-schema-inspect -o openapi-v3 > educates-cluster-essentials-schema-openapi.yaml
	ytt -f carvel-packages/cluster-essentials/config/package.yaml \
	-f carvel-packages/cluster-essentials/config/schema.yaml \
	-v version=${{env.REPOSITORY_TAG}} \
	-v releasedAt=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
	--data-value-file openapi=educates-cluster-essentials-schema-openapi.yaml \
	-v imageRegistry.host=ghcr.io \
	-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} > package-repository/packages/cluster-essentials.educates.dev/educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml

	- name: Save educates-cluster-essentials.yaml
	uses: actions/upload-artifact@v4
	with:
	name: educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml
	path: package-repository/packages/cluster-essentials.educates.dev/educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml

	- name: Publish educates-training-platform bundle
	shell: bash
	run: \|
	ytt -f carvel-packages/training-platform/config/images.yaml \
	-f carvel-packages/training-platform/config/schema.yaml \
	-v version=${{env.REPOSITORY_TAG}} \
	-v imageRegistry.host=ghcr.io \
	-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} \
	> carvel-packages/training-platform/bundle/kbld-images.yaml
	cat carvel-packages/training-platform/bundle/kbld-images.yaml \| kbld -f - \
	--imgpkg-lock-output carvel-packages/training-platform/bundle/.imgpkg/images.yml
	imgpkg push \
	-b ghcr.io/${{env.REPOSITORY_OWNER}}/educates-training-platform:${{env.REPOSITORY_TAG}} \
	-f carvel-packages/training-platform/bundle \
	--registry-username=${{github.actor}} \
	--registry-password=${{secrets.GITHUB_TOKEN}}
	ytt -f carvel-packages/training-platform/bundle \
	--data-values-schema-inspect -o openapi-v3 > educates-training-platform-schema-openapi.yaml
	ytt -f carvel-packages/training-platform/config/package.yaml \
	-f carvel-packages/training-platform/config/schema.yaml \
	-v version=${{env.REPOSITORY_TAG}} \
	-v releasedAt=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
	--data-value-file openapi=educates-training-platform-schema-openapi.yaml \
	-v imageRegistry.host=ghcr.io \
	-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} > package-repository/packages/training-platform.educates.dev/educates-training-platform-${{env.REPOSITORY_TAG}}.yaml

	- name: Save educates-training-platform.yaml
	uses: actions/upload-artifact@v4
	with:
	name: educates-training-platform-${{env.REPOSITORY_TAG}}.yaml
	path: package-repository/packages/training-platform.educates.dev/educates-training-platform-${{env.REPOSITORY_TAG}}.yaml

	- name: Publish educates-training-platform package repository
	shell: bash
	run: \|
	ytt -f package-repository/packages \| kbld -f - --imgpkg-lock-output package-repository/.imgpkg/images.yml
	imgpkg push --debug -b ghcr.io/${{env.REPOSITORY_OWNER}}/educates-packages:${{env.REPOSITORY_TAG}} -f package-repository --registry-username=${{github.actor}} --registry-password=${{secrets.GITHUB_TOKEN}}
	ytt -f carvel-packages/repository.yaml -v packageRepository=ghcr.io/${{env.REPOSITORY_OWNER}} -v repositoryVersion=${{env.REPOSITORY_TAG}} > educates-packagerepository.yaml

	- name: Save educates-training-platform repository.yaml
	uses: actions/upload-artifact@v4
	with:
	name: educates-packagerepository.yaml
	path: educates-packagerepository.yaml

	- name: Save educates-training-platform package repository
	uses: actions/upload-artifact@v4
	with:
	name: package-repository
	path: package-repository

	build-client-programs-linux-amd64:
	name: Build (clients) / amd64@linux
	runs-on: ubuntu-latest

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: "1.21.4"
	cache-dependency-path: \|
	client-programs/go.sum

	- name: Build educates client program
	shell: bash
	run: \|
	rm -rf client-programs/pkg/renderer/files
	mkdir client-programs/pkg/renderer/files
	cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
	cd client-programs
	REPOSITORY_TAG=${GITHUB_REF##*/}
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	go build -o educates-linux-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go

	- uses: actions/upload-artifact@v4
	with:
	name: educates-linux-amd64
	path: client-programs/educates-linux-amd64

	build-client-programs-linux-arm64:
	name: Build (clients) / arm64@linux
	runs-on: ubuntu-latest

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: "1.21.4"
	cache-dependency-path: \|
	client-programs/go.sum

	- name: Build educates client program
	shell: bash
	run: \|
	rm -rf client-programs/pkg/renderer/files
	mkdir client-programs/pkg/renderer/files
	cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
	cd client-programs
	REPOSITORY_TAG=${GITHUB_REF##*/}
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	GOOS=linux GOARCH=arm64 go build -o educates-linux-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go

	- uses: actions/upload-artifact@v4
	with:
	name: educates-linux-arm64
	path: client-programs/educates-linux-arm64

	build-client-programs-darwin-amd64:
	name: Build (clients) / amd64@darwin
	runs-on: macos-latest

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=$(echo "$REPOSITORY_OWNER" \| tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: "1.21.4"
	cache-dependency-path: \|
	client-programs/go.sum

	- name: Build educates client program
	shell: bash
	run: \|
	rm -rf client-programs/pkg/renderer/files
	mkdir client-programs/pkg/renderer/files
	cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
	cd client-programs
	REPOSITORY_TAG=${GITHUB_REF##*/}
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	# DO NOT USE GOOS/GOARCH for native build as it appears to produce a
	# binary which is different and cannot create a Kind cluster which can
	# run both AMD and ARM images. Version with GOOS/GOARCH only retained
	# here for documentation purposes.
	# GOOS=darwin GOARCH=amd64 go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go
	go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go

	- uses: actions/upload-artifact@v4
	with:
	name: educates-darwin-amd64
	path: client-programs/educates-darwin-amd64

	build-client-programs-darwin-arm64:
	name: Build (clients) / arm64@darwin
	runs-on: macos-latest

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=$(echo "$REPOSITORY_OWNER" \| tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: "1.21.4"
	cache-dependency-path: \|
	client-programs/go.sum

	- name: Build educates client program
	shell: bash
	run: \|
	rm -rf client-programs/pkg/renderer/files
	mkdir client-programs/pkg/renderer/files
	cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
	cd client-programs
	REPOSITORY_TAG=${GITHUB_REF##*/}
	IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	GOOS=darwin GOARCH=arm64 go build -o educates-darwin-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go

	- uses: actions/upload-artifact@v4
	with:
	name: educates-darwin-arm64
	path: client-programs/educates-darwin-arm64

	publish-client-programs:
	name: Programs
	runs-on: ubuntu-latest
	needs:
	- build-client-programs-linux-amd64
	- build-client-programs-linux-arm64
	- build-client-programs-darwin-amd64
	- build-client-programs-darwin-arm64

	steps:
	- name: Restore educates-linux-amd64
	uses: actions/download-artifact@v4
	with:
	name: educates-linux-amd64
	path: client-programs

	- name: Restore educates-linux-arm64
	uses: actions/download-artifact@v4
	with:
	name: educates-linux-arm64
	path: client-programs

	- name: Restore educates-darwin-amd64
	uses: actions/download-artifact@v4
	with:
	name: educates-darwin-amd64
	path: client-programs

	- name: Restore educates-darwin-arm64
	uses: actions/download-artifact@v4
	with:
	name: educates-darwin-arm64
	path: client-programs

	- name: Install Carvel tools
	shell: bash
	run: curl -L https://carvel.dev/install.sh \| bash

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
	echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}

	- name: Publish client programs
	shell: bash
	run: \|
	chmod +x client-programs/*
	imgpkg push \
	-i ghcr.io/${{env.REPOSITORY_OWNER}}/educates-client-programs:${{env.REPOSITORY_TAG}} \
	-f client-programs \
	--registry-username=${{github.actor}} \
	--registry-password=${{secrets.GITHUB_TOKEN}}

	publish-docker-extension:
	name: Extension
	runs-on: ubuntu-latest
	needs:
	- publish-client-programs

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_OWNER=${{github.repository_owner}}
	echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@v3
	# related issues for pinning buildkit
	# https://github.com/docker/build-push-action/issues/761
	# https://github.com/containerd/containerd/issues/7972
	# https://github.com/containerd/containerd/pull/6995
	with:
	driver-opts: \|
	image=moby/buildkit:v0.10.6

	- name: Generate container image metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/${{env.REPOSITORY_OWNER}}/educates-docker-extension
	tags: \|
	type=ref,event=branch
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}

	- name: Login to GitHub container registry
	uses: docker/login-action@v3
	with:
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}
	registry: ghcr.io

	- name: Calculate variables
	shell: bash
	run: \|
	echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}

	- name: Build and push docker-extension image
	uses: docker/build-push-action@v5
	with:
	context: docker-extension
	platforms: ${{env.TARGET_PLATFORMS}}
	build-args: \|
	REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
	TAG=${{env.REPOSITORY_TAG}}
	tags: ${{steps.meta.outputs.tags}}
	push: true

	release-artifacts:
	name: Release
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	needs:
	- publish-carvel-bundles
	- build-client-programs-linux-amd64
	- build-client-programs-linux-arm64
	- build-client-programs-darwin-amd64
	- build-client-programs-darwin-arm64
	- publish-docker-extension

	steps:
	- name: Calculate variables
	shell: bash
	run: \|
	REPOSITORY_TAG=${GITHUB_REF##*/}
	if [[ "$REPOSITORY_TAG" == - ]]; then
	PRERELEASE=true
	else
	PRERELEASE=false
	fi
	echo "REPOSITORY_TAG=${REPOSITORY_TAG}" >>${GITHUB_ENV}
	echo "PRERELEASE=${PRERELEASE}" >>${GITHUB_ENV}

	- name: Restore packagerepository.yaml
	uses: actions/download-artifact@v4
	with:
	name: educates-packagerepository.yaml

	- name: Restore educates-cluster-essentials.yaml
	uses: actions/download-artifact@v4
	with:
	name: educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml

	- name: Restore educates-training-platform.yaml
	uses: actions/download-artifact@v4
	with:
	name: educates-training-platform-${{env.REPOSITORY_TAG}}.yaml

	- name: Restore educates-linux-amd64
	uses: actions/download-artifact@v4
	with:
	name: educates-linux-amd64

	- name: Restore educates-linux-arm64
	uses: actions/download-artifact@v4
	with:
	name: educates-linux-arm64

	- name: Restore educates-darwin-amd64
	uses: actions/download-artifact@v4
	with:
	name: educates-darwin-amd64

	- name: Restore educates-darwin-arm64
	uses: actions/download-artifact@v4
	with:
	name: educates-darwin-arm64

	- name: Generate file checksums for CLI binaries
	shell: bash
	run: \|
	sha256sum educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml >> checksums.txt
	sha256sum educates-darwin-amd64 >> checksums.txt
	sha256sum educates-darwin-arm64 >> checksums.txt
	sha256sum educates-linux-amd64 >> checksums.txt
	sha256sum educates-linux-arm64 >> checksums.txt
	sha256sum educates-packagerepository.yaml >> checksums.txt
	sha256sum educates-training-platform-${{env.REPOSITORY_TAG}}.yaml >> checksums.txt
	echo 'File Checksums' >> release-notes.md
	echo '--------------' >> release-notes.md
	echo '```' >> release-notes.md
	cat checksums.txt >> release-notes.md
	echo '```' >> release-notes.md

	- uses: actions/upload-artifact@v4
	with:
	name: checksums.txt
	path: checksums.txt

	- uses: actions/upload-artifact@v4
	with:
	name: release-notes.md
	path: release-notes.md

	- name: Create release
	id: create_release
	uses: softprops/action-gh-release@v1
	env:
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
	with:
	tag_name: ${{env.REPOSITORY_TAG}}
	name: "educates:${{env.REPOSITORY_TAG}}"
	draft: false
	prerelease: ${{env.PRERELEASE}}
	body_path: release-notes.md
	files: \|
	checksums.txt
	educates-packagerepository.yaml
	educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml
	educates-training-platform-${{env.REPOSITORY_TAG}}.yaml
	educates-linux-amd64
	educates-linux-arm64
	educates-darwin-amd64
	educates-darwin-arm64

	commit-packages:
	name: Commit
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	needs:
	- release-artifacts

	steps:
	- name: Check out the repository
	uses: actions/checkout@v4

	- name: Calculate variables
	shell: bash
	run: \|
	IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
	REPOSITORY_TAG=${GITHUB_REF##*/}
	if [[ "$REPOSITORY_TAG" == - ]]; then
	PRERELEASE=true
	else
	PRERELEASE=false
	fi
	echo "IS_FORK=${IS_FORK}" >>${GITHUB_ENV}
	echo "PRERELEASE=${PRERELEASE}" >>${GITHUB_ENV}
	echo "REPOSITORY_TAG=${REPOSITORY_TAG}" >>${GITHUB_ENV}

	- name: Restore educates-cluster-essentials.yaml
	uses: actions/download-artifact@v4
	with:
	name: educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml
	path: package-repository/packages/cluster-essentials.educates.dev/

	- name: Restore educates-training-platform.yaml
	uses: actions/download-artifact@v4
	with:
	name: educates-training-platform-${{env.REPOSITORY_TAG}}.yaml
	path: package-repository/packages/training-platform.educates.dev/

	- name: Create pull request for package repository files
	if: ${{ (env.IS_FORK == 'false') && (env.PRERELEASE == 'false') }}
	uses: peter-evans/create-pull-request@v5
	with:
	add-paths: \|
	package-repository
	commit-message: "Add package files for version ${{env.REPOSITORY_TAG}}."
	branch: release/patch
	base: develop
	title: "Add package files for version ${{env.REPOSITORY_TAG}}."
	body: >
	This is an automated pull request to add the package files for
	version ${{env.REPOSITORY_TAG}} to the repository. If the release is
	successful and you are working in the main Educates repository, this
	needs to be merged to the `develop` branch before making a further
	release. You should avoid merging this pull request if working in a
	fork of the main Educates repository as it will result in changes to
	the `develop` branch which have details specific to your fork, which
	should never end up back in the main Educates repository.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Publish Images #310

Workflow file

Build and Publish Images #310

Jobs

Run details

Workflow file for this run