forked from jupyterhub/zero-to-jupyterhub-k8s
-
Notifications
You must be signed in to change notification settings - Fork 0
157 lines (140 loc) · 5.83 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions
#
name: Publish
# Trigger the workflow on pushed tags or commits to main branch.
on:
pull_request:
paths-ignore:
- "doc/**"
- "**.md"
- ".github/workflows/*"
- "!.github/workflows/publish.yaml"
push:
paths-ignore:
- "doc/**"
- "**.md"
- ".github/workflows/*"
- "!.github/workflows/publish.yaml"
branches-ignore:
- "dependabot/**"
tags:
- "**"
jobs:
# Builds and pushes docker images to DockerHub and package the Helm chart and
# pushes it to jupyterhub/helm-chart@gh-pages where index.yaml represents the
# JupyterHub organization Helm chart repository.
#
# ref: https://github.com/jupyterhub/helm-chart
# ref: https://hub.docker.com/orgs/jupyterhub
publish:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
# chartpress requires the full history
fetch-depth: 0
- uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: store whether we are publishing the chart
id: publishing
shell: python
env:
REPO: ${{ github.repository }}
EVENT: ${{ github.event_name }}
REF: ${{ github.event.ref }}
run: |
import os
repo = os.environ["REPO"]
event = os.environ["EVENT"]
ref = os.environ["REF"]
publishing = ""
if (
repo == "jupyterhub/zero-to-jupyterhub-k8s"
and event == "push"
and (
# any tag
ref.startswith("refs/tags/")
# or default branch
or ref == "refs/heads/main"
)
):
publishing = "true"
print("Publishing chart")
print(f"::set-output name=publishing::{publishing}")
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # dependabot updates to latest release
- name: Set up Docker Buildx (for chartpress multi-arch builds)
uses: docker/setup-buildx-action@a1c666d855a037f439ebb7bf701ee144fcadd307 # dependabot updates to latest release
- name: Install chart publishing dependencies (chartpress, helm)
run: |
. ./ci/common
setup_helm
helm version
# FIXME: six is required by docker 5.0.0 but isn't explicitly required
# https://github.com/docker/docker-py/issues/2807
#
pip install chartpress pyyaml six
pip list
- name: Setup push rights to jupyterhub/helm-chart
# This was setup by...
# 1. Generating a private/public key pair:
# ssh-keygen -t ed25519 -C "jupyterhub/zero-to-jupyterhub-k8s" -f /tmp/id_ed25519
# 2. Registering the private key (/tmp/id_ed25519) as a secret for this
# repo:
# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/settings/secrets/actions
# 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key
# with push rights for the jupyterhub/helm chart repo:
# https://github.com/jupyterhub/helm-chart/settings/keys
if: steps.publishing.outputs.publishing
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
echo "${{ secrets.JUPYTERHUB_HELM_CHART_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Setup push rights to Docker Hub
# This was setup by...
# 1. Creating a Docker Hub service account "jupyterhubbot"
# 2. Making the account part of the "bots" team, and granting that team
# permissions to push to the relevant images:
# https://hub.docker.com/orgs/jupyterhub/teams/bots/permissions
# 3. Registering the username and password as a secret for this repo:
# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/settings/secrets/actions
if: steps.publishing.outputs.publishing
run: |
docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}"
- name: Configure a git user
# Having a user.email and user.name configured with git is required to
# make commits, which is something chartpress does when publishing.
# While Travis CI had a dummy user by default, GitHub Actions doesn't
# and require this explicitly setup.
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions user"
- name: build chart with chartpress
run: |
# Create values.schema.yaml from schema.yaml.
./tools/generate-json-schema.py
# Append annotations to Chart.yaml with current images so that
# artifacthub.io can scan and provide vulnerability reports for them.
chartpress --no-build
./tools/set-chart-yaml-annotations.py
- name: Publish images and chart with chartpress
if: steps.publishing.outputs.publishing
env:
GITHUB_REPOSITORY: "${{ github.repository }}"
run: |
# Package the Helm chart and publish it to the gh-pages branch of
# the jupyterhub/helm-chart repo.
./ci/publish
- name: Package helm chart as a CI artifact
if: steps.publishing.outputs.publishing == ''
run: helm package jupyterhub
# ref: https://github.com/actions/upload-artifact
- uses: actions/upload-artifact@v2
if: steps.publishing.outputs.publishing == ''
with:
name: jupyterhub-${{ github.sha }}
path: "jupyterhub-*.tgz"
if-no-files-found: error