-
Notifications
You must be signed in to change notification settings - Fork 389
128 lines (115 loc) · 4.31 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Publish helm chart and docker images
on:
pull_request:
paths-ignore:
- "**.md"
- "**.rst"
- "docs/**"
- "examples/**"
- ".github/workflows/**"
- "!.github/workflows/publish.yml"
push:
paths-ignore:
- "**.md"
- "**.rst"
- "docs/**"
- "examples/**"
- ".github/workflows/**"
- "!.github/workflows/publish.yml"
branches-ignore:
- "dependabot/**"
- "pre-commit-ci-update-config"
- "update-*"
workflow_dispatch:
jobs:
# Builds and pushes docker images to quay.io, packages the Helm chart and
# pushes it to jupyterhub/helm-chart@gh-pages where index.yaml represents the
# JupyterHub organization Helm chart repository.
#
# ref: https://github.com/jupyterhub/helm-chart
# ref: https://quay.io/organization/jupyterhub
#
Publish:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')
steps:
- uses: actions/checkout@v4
with:
# chartpress requires the full history
fetch-depth: 0
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/setup-node@v4
# node required to build wheel
with:
node-version: "16"
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx (for chartpress multi-arch builds)
uses: docker/setup-buildx-action@v3
- name: Install chart publishing dependencies (chartpress, helm)
run: |
. ./ci/common
setup_helm v3.5.4
pip install --no-cache-dir chartpress>=2.1 pyyaml build
- name: Build binderhub wheel
run: python3 -m build --wheel .
- name: Setup push rights to jupyterhub/helm-chart
# This was setup by...
# 1. Generating a private/public key pair:
# ssh-keygen -t ed25519 -C "jupyterhub/binderhub" -f /tmp/id_ed25519
# 2. Registering the private key (/tmp/id_ed25519) as a secret for this
# repo:
# https://github.com/jupyterhub/binderhub/settings/secrets/actions
# 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key
# with push rights for the jupyterhub/helm chart repo:
# https://github.com/jupyterhub/helm-chart/settings/keys
#
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
echo "${{ secrets.JUPYTERHUB_HELM_CHART_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Setup push rights to Quay.io
# This was setup by...
# 1. Creating a [Robot Account](https://quay.io/organization/jupyterhub?tab=robots) in the JupyterHub
# . quay.io org
# 2. Giving it enough permissions to push to the binderhub image
# 3. Putting the robot account's username and password in GitHub actions environment
run: |
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io
- name: Configure a git user
# Having a user.email and user.name configured with git is required to
# make commits, which is something chartpress does when publishing.
# While Travis CI had a dummy user by default, GitHub Actions doesn't
# and require this explicitly setup.
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions user"
- name: Publish images and chart with chartpress
env:
GITHUB_REPOSITORY: "${{ github.repository }}"
run: |
./tools/generate-json-schema.py
./ci/publish
PyPI-testbuild:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Versioneer requires past tags
fetch-depth: 0
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Install pypa/build
run: python -mpip install build
- name: Build a sdist, and a binary wheel from the sdist
run: python -mbuild .
# ref: https://github.com/actions/upload-artifact#readme
- uses: actions/upload-artifact@v3
with:
name: pypi-dist
path: "dist/*"
if-no-files-found: error