add private image support #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Image and Chart # and create GitHub release if v* tag | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ "v*" ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| packages: write | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup version info | |
| id: version | |
| run: | | |
| if [[ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ]]; then | |
| echo "version=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "version=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build and Push PR - Ephemeral | |
| uses: docker/build-push-action@v5 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| context: . | |
| push: true | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: | | |
| ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h | |
| - uses: mshick/add-pr-comment@v2 | |
| if: (github.event_name == 'pull_request') && ${{ success() }} | |
| with: | |
| message: | | |
| This PR now has an image available for testing: | |
| ``` | |
| ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h | |
| ``` | |
| - name: Build and Push | |
| uses: docker/build-push-action@v5 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| context: . | |
| push: true | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} | |
| chart: | |
| name: Publish chart | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' | |
| needs: [docker] | |
| env: | |
| APP_VERSION: ${{ needs.docker.outputs.version }} | |
| CHART_REGISTRY: "ghcr.io/${{ github.repository_owner }}" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install helm | |
| uses: Azure/setup-helm@v3 | |
| with: | |
| version: v3.14.0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22.x' | |
| cache: true | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Determine chart version | |
| run: | | |
| if [[ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ]]; then | |
| # NOTE: We remove the leading 'v' to comply with helm's versioning requirements | |
| echo "CHART_VERSION=$(echo -n ${{ github.ref_name }} | sed -rn 's/(v)?(.*)/\2/p')" >> $GITHUB_ENV | |
| else | |
| # TODO: swap '0.0.0' with '$(git describe --tags --abbrev=0 | sed -rn 's/(v)?(.*)/\2/p')' when we have our first tag | |
| echo "CHART_VERSION=0.0.0-${{ env.APP_VERSION }}" >> $GITHUB_ENV | |
| fi | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build chart | |
| run: make helm-generate | |
| - name: Package chart | |
| run: make dist | |
| - name: Lint packaged chart | |
| run: | | |
| # Remove staged chart directory and lint the packaged version | |
| rm -rf _dist/spin-operator-${{ env.CHART_VERSION }} | |
| helm lint _dist/spin-operator-${{ env.CHART_VERSION }}.tgz | |
| - name: Upload chart and manifests as GitHub artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: spin-operator | |
| path: _dist | |
| - name: Publish chart | |
| run: make helm-publish | |
| release: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [chart] | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: download release assets | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: spin-operator | |
| path: _dist | |
| - name: check if pre-release | |
| shell: bash | |
| run: | | |
| if [[ ! "${{ github.ref_name }}" =~ ^v[0-9]+.[0-9]+.[0-9]+$ ]] | |
| then | |
| echo "PRERELEASE=--prerelease" >> "$GITHUB_ENV" | |
| fi | |
| - name: create GitHub release | |
| run: | | |
| gh release create ${{ github.ref_name }} _dist/* \ | |
| --title ${{ github.ref_name }} \ | |
| --generate-notes ${{ env.PRERELEASE }} |