public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
bitnami-containers/.github/workflows/cd-pipeline.yml

134 lines
6.4 KiB
YAML
Raw Blame History

# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
name: '[CI/CD] CD Pipeline'
run-name: "${{ format('[CI/CD] CD Publish {0}',github.event.workflow_run.display_title) }}"
on: # rebuild any PRs and main branch changes
workflow_run:
workflows:
- '\[CI/CD\] CD Prepare'
types:
- 'completed'
# Remove all permissions by default.
permissions: {}
env:
CSP_API_URL: https://console.cloud.vmware.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
jobs:
get-metadata:
runs-on: ubuntu-latest
name: Get modified containers path
permissions:
actions: read
if: ${{ github.event.workflow_run.conclusion == 'success' }}
outputs:
packages_json_url: ${{ steps.get-artifacts.outputs.packages_json_url }}
containers: ${{ steps.get-artifacts.outputs.containers }}
steps:
- id: get-artifacts
name: Get modified containers path
env:
PREPARE_WORKFLOW_ARTIFACTS_URL: ${{ github.event.workflow_run.artifacts_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -sSL -o artifacts.json -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $PREPARE_WORKFLOW_ARTIFACTS_URL
publish_metadata_url="$(jq -r '.artifacts[] | select(.name == "publish-metadata.json") | .archive_download_url' artifacts.json)"
curl -sSL -o publish-metadata.json.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $publish_metadata_url
unzip publish-metadata.json.zip
containers=$(cat publish-metadata.json | jq -c)
packages_json_url="$(jq -r '.artifacts[] | select(.name == "packages.json") | .archive_download_url' artifacts.json)"
echo "packages_json_url=${packages_json_url}" >> $GITHUB_OUTPUT
echo "containers=${containers}" >> $GITHUB_OUTPUT
vib-publish:
runs-on: ubuntu-latest
needs: get-metadata
name: VIB Publish
permissions:
contents: read
strategy:
fail-fast: false
max-parallel: 2
matrix:
container: ${{ fromJSON(needs.get-metadata.outputs.containers) }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
# Full history is not required anymore
with:
ref: ${{ matrix.container.sha }}
fetch-depth: 1
- id: get-registry-credentials
name: Get marketplace's registry credentials
run: |
csp_auth_token=$(curl -s -H 'Content-Type: application/x-www-form-urlencoded' -X POST -d "grant_type=refresh_token&api_token=${{ secrets.PROD_MARKETPLACE_API_TOKEN }}" https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize | jq -re .access_token)
repo_info=$(curl -s -X POST -H "Content-Type: application/json" -H "csp-auth-token:$csp_auth_token" -d '{"withCredentials":true, "storageType":"OCI"}' https://gtw.marketplace.cloud.vmware.com/api/v1/repositories/transient)
marketplace_user=$(echo "$repo_info" | jq -re .response.repodetails.username)
marketplace_passwd=$(echo "$repo_info" | jq -re .response.repodetails.token)
echo "::add-mask::${marketplace_user}"
echo "::add-mask::${marketplace_passwd}"
echo "marketplace_user=${marketplace_user}" >> $GITHUB_OUTPUT
echo "marketplace_passwd=${marketplace_passwd}" >> $GITHUB_OUTPUT
- uses: vmware-labs/vmware-image-builder-action@v0
name: 'Publish ${{ matrix.container.name }}: ${{ matrix.container.tag }}'
with:
pipeline: ${{ matrix.container.dsl_path }}/vib-publish.json
env:
# Path with docker resources
VIB_ENV_PATH: "${{ matrix.container.path }}"
# Container name
VIB_ENV_CONTAINER: "${{ matrix.container.name }}"
VIB_ENV_CONTAINER_URL: "${{ matrix.container.sha_url }}"
VIB_ENV_PACKAGES_JSON_URL: "${{ needs.get-metadata.outputs.packages_json_url }}"
VIB_ENV_APP_VERSION: "${{ matrix.container.app_version }}"
VIB_ENV_OS_FLAVOUR: "${{ matrix.container.os_flavour }}"
VIB_ENV_GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
VIB_ENV_TAG: "${{ matrix.container.tag }}"
VIB_ENV_ROLLING_TAGS: "${{ toJSON(matrix.container.rolling_tags) }}"
VIB_ENV_REGISTRY_URL: "${{ secrets.PROD_MARKETPLACE_REGISTRY_URL }}"
VIB_ENV_REGISTRY_USERNAME: "${{ steps.get-registry-credentials.outputs.marketplace_user }}"
VIB_ENV_REGISTRY_PASSWORD: "${{ steps.get-registry-credentials.outputs.marketplace_passwd }}"
VIB_ENV_BOSSD_RELEASE_ID: "${{ secrets.BOSSD_RELEASE_ID }}"
# If the CD Pipeline does not succeed we should notify the interested agents
slack-notif:
runs-on: ubuntu-latest
needs:
- vib-publish
if: always()
name: Notify unsuccessful CD run
steps:
- name: Notify in Slack channel
if: ${{ needs.vib-publish.result != 'success' }}
uses: slackapi/slack-github-action@v1.23.0
with:
channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }}
payload: |
{
"attachments": [
{
"color": "#CC0000",
"fallback": "Unsuccessful bitnami/containers CD pipeline",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Unsuccessful `bitnami/containers` CD pipeline*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "The CD Pipeline for <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.event.workflow_run.head_commit.id }}|${{ github.repository }}@${{ github.event.workflow_run.head_commit.id }}> and launched by its CD Prepare <${{ github.event.workflow_run.html_url }}|workflow run> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|CD Pipeline run> for more information."
}
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink