-
Notifications
You must be signed in to change notification settings - Fork 1
111 lines (88 loc) · 3.72 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Publish ROCK
on:
push:
branches:
- main
jobs:
release_checks:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Extract branch metadata
shell: bash
run: |
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
# echo "risk=${BRANCH##*\/}" >> $GITHUB_OUTPUT
echo "risk=edge" >> $GITHUB_OUTPUT
echo "track=${BRANCH%*\/*}" >> $GITHUB_OUTPUT
id: branch_metadata
- name: Extract ROCK metadata
shell: bash
run: |
VERSION=$(yq '(.version|split("-"))[0]' rockcraft.yaml)
BASE=$(yq '(.base|split("@"))[1]' rockcraft.yaml)
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "base=${BASE}" >> $GITHUB_OUTPUT
id: rock_metadata
- name: Check consistency between metadata and release branch
run: |
MAJOR_VERSION=$(echo ${{ steps.rock_metadata.outputs.version }} | sed -n "s/\(^[0-9]*\).*/\1/p")
BASE=${{ steps.rock_metadata.outputs.base }}
if [ "${MAJOR_VERSION}-${BASE}" != "${{ steps.branch_metadata.outputs.track }}" ]; then exit 1; fi
continue-on-error: false
outputs:
branch: ${{ steps.branch_metadata.outputs.branch }}
track: ${{ steps.branch_metadata.outputs.track }}
risk: ${{ steps.branch_metadata.outputs.risk }}
base: ${{ steps.rock_metadata.outputs.base }}
version: ${{ steps.rock_metadata.outputs.version }}
build:
uses: ./.github/workflows/build.yaml
publish:
needs: [build, release_checks]
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install skopeo
run: |
sudo snap install --devmode --channel edge skopeo
- name: Install yq
run: |
sudo snap install yq
- uses: actions/download-artifact@v3
with:
name: charmed-karapace
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Import and push to GHCR
run: |
RISK=${{ needs.release_checks.outputs.risk }}
TRACK=${{ needs.release_checks.outputs.track }}
if [ ! -z "$RISK" ] && [ "${RISK}" != "no-risk" ]; then TAG=${TRACK}_${RISK}; else TAG=${TRACK}; fi
IMAGE_NAME="ghcr.io/canonical/charmed-karapace"
ROCK_FILE=${{ needs.build.outputs.rock }}
sudo skopeo --insecure-policy copy \
oci-archive:${ROCK_FILE} \
docker-daemon:${IMAGE_NAME}:${TAG}
COMMIT_ID=$(git log -1 --format=%H)
DESCRIPTION=$(yq .description rockcraft.yaml | xargs)
# Add relevant labels
echo "FROM ${IMAGE_NAME}:${TAG}" | docker build --label org.opencontainers.image.description="${DESCRIPTION}" --label org.opencontainers.image.revision="${COMMIT_ID}" --label org.opencontainers.image.source="${{ github.repositoryUrl }}" -t "${IMAGE_NAME}:${TAG}" -
echo "Publishing ${IMAGE_NAME}:${TAG}"
docker push ${IMAGE_NAME}:${TAG}
if [[ "$RISK" == "edge" ]]; then
VERSION_TAG="${{ needs.release_checks.outputs.version }}-${{ needs.release_checks.outputs.base }}_edge"
docker tag ${IMAGE_NAME}:${TAG} ${IMAGE_NAME}:${VERSION_TAG}
echo "Publishing ${IMAGE_NAME}:${VERSION_TAG}"
docker push ${IMAGE_NAME}:${VERSION_TAG}
fi