-
Notifications
You must be signed in to change notification settings - Fork 0
199 lines (167 loc) · 6.05 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
name: Java CI with Gradle
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
workflow_dispatch:
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
# This is required for requesting the JWT
id-token: write
# Push container images
packages: write
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
cancel-in-progress: false
jobs:
build:
runs-on: ubuntu-24.04
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'sapmachine'
# Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies.
# See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
- name: Setup Gradle
uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4
- name: Build with Gradle Wrapper
run: ./gradlew --no-daemon build asciidoctor
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: 'build'
container-image:
runs-on: ubuntu-24.04
needs:
- build
env:
IMAGE_NAME: gardenlinux/glvd-api
IMAGE_TAG: latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- run: mkdir -p build
- name: Download built jar
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: build
- name: Install qemu dependency for multi-arch build
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAG }}
platforms: linux/amd64, linux/arm64
containerfiles: |
./Containerfile
- name: Echo Outputs
run: |
echo "Image: ${{ steps.build_image.outputs.image }}"
echo "Tags: ${{ steps.build_image.outputs.tags }}"
echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
- name: Check images created
run: buildah images | grep '${{ env.IMAGE_NAME }}'
- name: Check manifest
run: |
set -x
buildah manifest inspect ${{ steps.build_image.outputs.image }}:${{ env.IMAGE_TAG }}
- name: Push To ghcr.io
id: push-to-ghcr
if: ${{ github.event_name != 'pull_request' }}
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to ghcr.io
uses: redhat-actions/podman-login@v1
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
- name: Build bare images
run: |
./build_bare.sh
- name: Push bare images
if: ${{ github.event_name != 'pull_request' }}
id: bare
run: |
podman push --digestfile=bare-amd64-digest ghcr.io/gardenlinux/glvd-api:latest-linuxamd64_bare
podman push ghcr.io/gardenlinux/glvd-api:latest-linuxarm64_bare
echo "bare-amd64-digest=$(cat ./bare-amd64-digest)" >> $GITHUB_OUTPUT
- name: Print image url
if: ${{ github.event_name != 'pull_request' }}
run: echo "Image pushed to ${{ steps.push-to-ghcr.outputs.registry-paths }}"
- name: Print digest
if: ${{ github.event_name != 'pull_request' }}
run: echo "Image pushed to ${{ steps.push-to-ghcr.outputs.digest }}"
- name: Get OIDC token
if: ${{ github.event_name != 'pull_request' }}
id: get-token
run: |
IDTOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=glvd" | jq -r '.value')
echo "idToken=${IDTOKEN}" >> $GITHUB_OUTPUT
- uses: azure/k8s-set-context@v4
if: ${{ github.event_name != 'pull_request' }}
with:
method: kubeconfig
kubeconfig: "${{ secrets.KUBECONFIG }}"
- name: Deploy the image
if: ${{ github.event_name != 'pull_request' }}
run: kubectl --namespace default --token "${{ steps.get-token.outputs.idToken }}" set image deploy/glvd glvd-api=ghcr.io/gardenlinux/glvd-api:latest-linuxamd64_bare@${{ steps.bare.outputs.bare-amd64-digest }}
dependency-submission:
runs-on: ubuntu-24.04
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'sapmachine'
# Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
# See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@0bdd871935719febd78681f197cd39af5b6e16a6 # v4
deploy-pages:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-24.04
needs:
- build
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Pages
uses: actions/configure-pages@v5
- uses: actions/download-artifact@v4
with:
name: build-artifacts
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: 'docs/asciidoc'
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4