name: '[CI/CD] CD Pipeline Run' run-name: "${{ format('[CI/CD] CD Publish {0}',github.event.workflow_run.display_title) }}" on: # rebuild any PRs and main branch changes workflow_run: workflows: - '\[CI/CD\] CD Prepare' types: - 'completed' permissions: actions: read env: CSP_API_URL: https://console.cloud.vmware.com CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} VIB_PUBLIC_URL: https://cp.bromelia.vmware.com jobs: get-metadata: runs-on: ubuntu-latest name: Get modified containers path if: ${{ github.event.workflow_run.conclusion == 'success' }} outputs: packages_json_url: ${{ steps.get-artifacts.outputs.packages_json_url }} containers: ${{ steps.get-artifacts.outputs.containers }} steps: - id: get-artifacts name: Get modified containers path env: PREPARE_WORKFLOW_ARTIFACTS_URL: ${{ github.event.workflow_run.artifacts_url }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | curl -sSL -o artifacts.json -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $PREPARE_WORKFLOW_ARTIFACTS_URL publish_metadata_url="$(jq -r '.artifacts[] | select(.name == "publish-metadata.json") | .archive_download_url' artifacts.json)" curl -sSL -o publish-metadata.json.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $publish_metadata_url unzip publish-metadata.json.zip containers=$(cat publish-metadata.json | jq -c) packages_json_url="$(jq -r '.artifacts[] | select(.name == "packages.json") | .archive_download_url' artifacts.json)" echo "packages_json_url=${packages_json_url}" >> $GITHUB_OUTPUT echo "containers=${containers}" >> $GITHUB_OUTPUT vib-publish: runs-on: ubuntu-latest needs: get-metadata name: Publish strategy: fail-fast: false max-parallel: 2 matrix: container: ${{ fromJSON(needs.get-metadata.outputs.containers) }} steps: - name: Checkout Repository uses: actions/checkout@v3 # Full history is not required anymore with: ref: ${{ matrix.container.sha }} fetch-depth: 1 - id: get-registry-credentials name: Get marketplace's registry credentials run: | csp_auth_token=$(curl -s -H 'Content-Type: application/x-www-form-urlencoded' -X POST -d "grant_type=refresh_token&api_token=${{ secrets.PROD_MARKETPLACE_API_TOKEN }}" https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize | jq -re .access_token) repo_info=$(curl -s -X POST -H "Content-Type: application/json" -H "csp-auth-token:$csp_auth_token" -d '{"withCredentials":true, "storageType":"OCI"}' https://gtw.marketplace.cloud.vmware.com/api/v1/repositories/transient) marketplace_user=$(echo "$repo_info" | jq -re .response.repodetails.username) marketplace_passwd=$(echo "$repo_info" | jq -re .response.repodetails.token) echo "::add-mask::${marketplace_user}" echo "::add-mask::${marketplace_passwd}" echo "marketplace_user=${marketplace_user}" >> $GITHUB_OUTPUT echo "marketplace_passwd=${marketplace_passwd}" >> $GITHUB_OUTPUT - uses: vmware-labs/vmware-image-builder-action@v0 name: 'Publish ${{ matrix.container.name }}: ${{ matrix.container.tag }}' with: pipeline: ${{ matrix.container.dsl_path }}/vib-publish.json env: # Path with docker resources VIB_ENV_PATH: "${{ matrix.container.path }}" # Container name VIB_ENV_CONTAINER: "${{ matrix.container.name }}" VIB_ENV_CONTAINER_URL: "${{ matrix.container.sha_url }}" VIB_ENV_PACKAGES_JSON_URL: "${{ needs.get-metadata.outputs.packages_json_url }}" VIB_ENV_APP_VERSION: "${{ matrix.container.app_version }}" VIB_ENV_OS_FLAVOUR: "${{ matrix.container.os_flavour }}" VIB_ENV_GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" VIB_ENV_TAG: "${{ matrix.container.tag }}" VIB_ENV_ROLLING_TAGS: "${{ toJSON(matrix.container.rolling_tags) }}" VIB_ENV_REGISTRY_URL: "${{ secrets.PROD_MARKETPLACE_REGISTRY_URL }}" VIB_ENV_REGISTRY_USERNAME: "${{ steps.get-registry-credentials.outputs.marketplace_user }}" VIB_ENV_REGISTRY_PASSWORD: "${{ steps.get-registry-credentials.outputs.marketplace_passwd }}" VIB_ENV_BOSSD_RELEASE_ID: "${{ secrets.BOSSD_RELEASE_ID }}"