fix: kubernetes diff exclusion via annotation #426
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Release | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
semantic-release: | |
runs-on: ubuntu-latest | |
outputs: | |
release-version: ${{ steps.semantic.outputs.release-version }} | |
new-release-published: ${{ steps.semantic.outputs.new-release-published }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
- uses: codfish/semantic-release-action@cbd853afe12037afb1306caca9d6b1ab6a58cf2a # v1.10.0 | |
id: semantic | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
binary: | |
runs-on: ubuntu-latest | |
needs: semantic-release | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
- uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2 | |
with: | |
node-version: "16" | |
- name: Install Go | |
uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0 | |
with: | |
go-version: v1.22.x | |
- uses: actions/cache@8492260343ad570701412c2f464a5877dc76bace # v2 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
.bin | |
key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }} | |
restore-keys: | | |
cache- | |
- run: make release | |
env: | |
VERSION: v${{ needs.semantic-release.outputs.release-version }} | |
- name: Upload binaries to release | |
uses: svenstaro/upload-release-action@58d525808845e4c8ff229ea1d5d7c496504a79bc # v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ./.release/* | |
tag: v${{ needs.semantic-release.outputs.release-version }} | |
overwrite: true | |
file_glob: true | |
docker: | |
needs: semantic-release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
- name: Publish to DockerHub Registry | |
uses: elgohr/Publish-Docker-Github-Action@43dc228e327224b2eda11c8883232afd5b34943b # v5 | |
with: | |
name: flanksource/config-db | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
snapshot: true | |
dockerfile: build/Dockerfile | |
tags: "latest,v${{ needs.semantic-release.outputs.release-version }}" | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Publish to ECR Public | |
env: | |
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} | |
REGISTRY_ALIAS: k4y9r6y5 | |
REPOSITORY: config-db | |
IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}" | |
run: | | |
docker build -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG -f build/Dockerfile . | |
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG | |
helm: | |
runs-on: ubuntu-latest | |
needs: [semantic-release, docker] | |
if: needs.semantic-release.outputs.new-release-published == 'true' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
- name: Download yq | |
run: | | |
wget -nv -nc -O yq https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_linux_amd64 | |
chmod +x yq | |
- name: Set version | |
# Always use git tags as semantic release can fail due to rate limit | |
run: | | |
git fetch --prune --unshallow | |
echo "RELEASE_VERSION=$(git describe --abbrev=0 --tags | sed -e 's/^v//')" >> $GITHUB_ENV | |
- name: Update chart version | |
run: ./yq -i e '.version = "${{ env.RELEASE_VERSION }}"' chart/Chart.yaml | |
- name: Update app version | |
run: ./yq -i e '.appVersion = "${{ env.RELEASE_VERSION }}"' chart/Chart.yaml | |
- name: Update image tags | |
run: ./yq -i e '.image.tag = "v${{ env.RELEASE_VERSION }}"' chart/values.yaml | |
- name: Set up Helm | |
uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1 | |
with: | |
version: v3.8.0 | |
- name: Package Helm chart | |
run: | | |
helm package ./chart | |
- name: Clone charts repo | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
with: | |
repository: "${{ github.repository_owner }}/charts" | |
path: charts | |
token: "${{ secrets.FLANKBOT }}" | |
- name: Update chart repo | |
run: | | |
cd charts | |
cp ../config-db-*.tgz ./ | |
helm repo index --merge index.yaml . | |
- name: Push changes to chart repo | |
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0 | |
with: | |
commit_message: "Release ${{ needs.semantic-release.outputs.release-version }} of ${{ github.repository }}" | |
branch: gh-pages | |
repository: ./charts | |
update-incident-commander: | |
runs-on: ubuntu-latest | |
needs: [helm, semantic-release] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
with: | |
repository: "${{ github.repository_owner }}/incident-commander-chart" | |
token: ${{ secrets.FLANKBOT }} | |
path: ./incident-commander-chart | |
- name: Install yq | |
run: | | |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ | |
tar xz && sudo mv ${BINARY} /usr/bin/yq | |
env: | |
VERSION: v4.25.1 | |
BINARY: yq_linux_amd64 | |
- name: Update config-db version in Incident-commander-chart | |
run: | | |
cd incident-commander-chart | |
yq eval-all -i '(.dependencies[] | select(.name == "config-db")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml | |
yq eval-all -i '(.dependencies[] | select(.name == "config-db")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' agent-chart/Chart.yaml | |
- name: Push changes to chart repo | |
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0 | |
with: | |
commit_message: "chore: update config-db chart dependency to ${{ needs.semantic-release.outputs.release-version }}" | |
repository: ./incident-commander-chart |