Skip to content

Chart CI Push

Chart CI Push #108

name: Chart CI Push
on:
# run after the image build completes
workflow_run:
workflows:
- Image CI Build
- Hot Fix Image Release Build
types:
- completed
# allow manually triggering it as well, for existing refs
workflow_dispatch:
inputs:
checkout_ref:
description: 'Git ref to build. This needs to be a full commit SHA.'
required: true
# To test: uncomment this and update it to your branch name and push to the branch.
# push:
# branches:
# - ft/main/<your_branch>
# By specifying the access of one of the scopes, all of those that are not
# specified are set to 'none'.
permissions:
# To be able to access the repository with actions/checkout
contents: read
# To allow retrieving information from the PR API
pull-requests: read
# To be able to set commit status
statuses: write
concurrency:
group: |
${{ github.workflow }}-${{ github.event_name }}-${{
(github.event_name == 'workflow_dispatch' && inputs.checkout_ref) ||
(github.event_name == 'workflow_run' && github.event.workflow_run.head_sha)
}}
cancel-in-progress: true
jobs:
push-charts:
name: Push Charts
runs-on: ubuntu-22.04
# we also check for push events in case someone is testing the workflow by uncommenting the push trigger above.
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' || github.event_name == 'push' }}
steps:
- name: Checkout GitHub main
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false
- name: Set Environment Variables
uses: ./.github/actions/set-env-variables
- name: Get triggering event ref
id: get-ref
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo ref="${{ inputs.checkout_ref }}" >> $GITHUB_OUTPUT
echo sha="${{ inputs.checkout_ref }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "workflow_run" ]]; then
if [[ "${{ github.event.workflow_run.head_repository.fork }}" == "true" ]]; then
# use the SHA on forks since the head_branch won't exist in the upstream repository
echo ref="${{ github.event.workflow_run.head_sha }}" >> $GITHUB_OUTPUT
else
echo ref="${{ github.event.workflow_run.head_branch }}" >> $GITHUB_OUTPUT
fi
echo sha="${{ github.event.workflow_run.head_sha }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "push" ]]; then
echo ref="${{ github.ref }}" >> $GITHUB_OUTPUT
echo sha="${{ github.sha }}" >> $GITHUB_OUTPUT
else
echo "Invalid event type"
exit 1
fi
- name: Set commit status to pending
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1
with:
sha: ${{ steps.get-ref.outputs.sha }}
status: pending
description: Helm push in progress
- name: Checkout Source Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
# checkout ref not SHA so we can get useful branch names (see previous comments)
ref: ${{ steps.get-ref.outputs.ref }}
# required for git describe
fetch-depth: 0
- name: Get version
id: get-version
run: |
set -o pipefail
set -e
if [[ -f ./contrib/scripts/print-chart-version.sh ]]; then
echo "chart_version=$(./contrib/scripts/print-chart-version.sh)" | tee -a $GITHUB_OUTPUT
else
echo "./contrib/scripts/print-chart-version.sh missing. Perhaps it needs to be backported to your target branch?"
exit 1
fi
- name: Push charts
uses: cilium/reusable-workflows/.github/actions/push-helm-chart@6ae27958f2f37545bf48e44106b73df05b1f6d12 # v0.1.0
with:
name: cilium
path: install/kubernetes/cilium
version: ${{ steps.get-version.outputs.chart_version }}
values_file_changes: |
{
"image.repository": "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci",
"image.tag": "${{ steps.get-ref.outputs.sha }}",
"image.digest": "",
"image.useDigest": false,
"preflight.image.repository": "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci",
"preflight.image.tag": "${{ steps.get-ref.outputs.sha }}",
"preflight.image.digest": "",
"preflight.image.useDigest": false,
"operator.image.repository": "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/operator",
"operator.image.suffix": "-ci",
"operator.image.genericDigest": "",
"operator.image.azureDigest": "",
"operator.image.awsDigest": "",
"operator.image.alibabacloudDigest": "",
"operator.image.useDigest": false,
"operator.image.tag": "${{ steps.get-ref.outputs.sha }}",
"hubble.relay.image.repository": "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci",
"hubble.relay.image.tag": "${{ steps.get-ref.outputs.sha }}",
"hubble.relay.image.digest": "",
"hubble.relay.image.useDigest": false,
"clustermesh.apiserver.image.repository": "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/clustermesh-apiserver-ci",
"clustermesh.apiserver.image.tag": "${{ steps.get-ref.outputs.sha }}",
"clustermesh.apiserver.image.digest": "",
"clustermesh.apiserver.image.useDigest": false
}
registry: quay.io
registry_namespace: ${{ env.QUAY_CHARTS_ORGANIZATION_DEV }}
registry_username: ${{ secrets.QUAY_CHARTS_DEV_USERNAME }}
registry_password: ${{ secrets.QUAY_CHARTS_DEV_PASSWORD }}
- name: Print helm command
run: |
echo "Example commands:"
echo helm template -n kube-system oci://quay.io/${{ env.QUAY_CHARTS_ORGANIZATION_DEV }}/cilium --version ${{ steps.get-version.outputs.chart_version }}
echo helm install cilium -n kube-system oci://quay.io/${{ env.QUAY_CHARTS_ORGANIZATION_DEV }}/cilium --version ${{ steps.get-version.outputs.chart_version }}
- name: Set commit status to success
if: ${{ success() }}
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1
with:
sha: ${{ steps.get-ref.outputs.sha }}
status: success
description: Helm push successful
- name: Set commit status to failure
if: ${{ failure() }}
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1
with:
sha: ${{ steps.get-ref.outputs.sha }}
status: failure
description: Helm push failed
- name: Set commit status to cancelled
if: ${{ cancelled() }}
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1
with:
sha: ${{ steps.get-ref.outputs.sha }}
status: error
description: Helm push cancelled