This repository has been archived by the owner on Mar 29, 2024. It is now read-only.
chore: Update capabilities and tools #111
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-and-publish | |
permissions: | |
id-token: write | |
contents: read | |
packages: write | |
defaults: | |
run: | |
# We need -e -o pipefail for consistency with GitHub Actions' default behavior | |
shell: bash -e -o pipefail {0} | |
on: | |
push: | |
tags: [ "*" ] | |
workflow_dispatch: | |
jobs: | |
build-test-and-publish-bundle: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.PAT }} | |
repository: ${{ github.repository }} | |
ref: ${{ github.ref_name }} | |
# Run this step first so we can fail fast in case an invalid package name is provided | |
- name: Get latest package version | |
id: latest-package-version | |
uses: ./.github/actions/latest-package-version | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
package-name: uds-package/software-factory-demo | |
- name: Compare latest version with current | |
run: | | |
NEW_VERSION="$(cat uds-bundle.yaml | grep version | cut -d ':' -f2 | tr -d " ")" | |
CURRENT_VERSION="${{ steps.latest-package-version.outputs.latest-package-version }}" | |
CURRENT_VERSION=${CURRENT_VERSION//v/} | |
CURRENT_VERSION=${CURRENT_VERSION//-amd64/} | |
echo "Current version: ${CURRENT_VERSION}" | |
NEWER_VERSION=$(echo -e "${CURRENT_VERSION}\n${NEW_VERSION}" | sort -V | tail -n1) | |
# Fail if newer tag version is the same as upstream tag version | |
if [[ "${NEWER_VERSION}" == "${CURRENT_VERSION}" ]]; then | |
echo "Bundle version was not updated" | |
exit 1 | |
else | |
echo "Bundle version was updated" | |
exit 0 | |
fi | |
- name: Init zarf cache | |
uses: actions/cache@v3 | |
with: | |
path: "~/.zarf-cache" | |
key: zarf-cache | |
- name: Free GH runner build space | |
run: | | |
df -h | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf /usr/local/lib/android | |
sudo rm -rf /opt/ghc | |
sudo rm -rf /opt/hostedtoolcache/CodeQL | |
sudo docker image prune --all --force | |
df -h | |
- name: Install zarf | |
uses: supplypike/setup-bin@v3 | |
with: | |
# renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf | |
uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.31.4/zarf_v0.31.4_Linux_amd64' | |
name: 'zarf' | |
# renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver | |
version: 'v0.31.4' | |
- name: Install uds-cli | |
uses: supplypike/setup-bin@v3 | |
with: | |
# renovate: uds-cli-uri datasource=github-tags depName=defenseunicorns/uds-cli | |
uri: 'https://github.com/defenseunicorns/uds-cli/releases/download/v0.5.0/uds-cli_v0.5.0_Linux_amd64 ' | |
name: 'uds' | |
# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver | |
version: 'v0.5.0' | |
- name: Login to GHCR | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to registry1 | |
uses: docker/login-action@v2 | |
with: | |
registry: registry1.dso.mil | |
username: ${{ secrets.REGISTRY1_USERNAME }} | |
password: ${{ secrets.REGISTRY1_PASSWORD }} | |
- name: Build Software Factory Dependencies Packages | |
run: | | |
mkdir -p build | |
zarf package create packages/idam-dns --confirm --no-progress --output-directory build | |
zarf package create packages/idam-gitlab --confirm --no-progress --output-directory build | |
zarf package create packages/idam-sonarqube --confirm --no-progress --output-directory build | |
zarf package create packages/idam-realm --confirm --no-progress --output-directory build | |
zarf package create packages/idam-postgres --confirm --no-progress --output-directory build | |
zarf package create packages/namespaces --confirm --no-progress --output-directory build | |
- name: Build software factory bundle | |
run: uds create --confirm --no-progress | |
- name: Run clean install test on created artifact | |
uses: ./.github/actions/e2e | |
with: | |
upgrade: "no" | |
token: ${{ secrets.PAT }} | |
role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }} | |
region: ${{ vars.AWS_REGION }} | |
github-context: "test / e2e (${{github.event_name}})" | |
aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }} | |
ghcr-username: ${{ github.actor }} | |
ghcr-password: ${{ secrets.GITHUB_TOKEN }} | |
registry1-username: ${{ secrets.REGISTRY1_USERNAME }} | |
registry1-password: ${{ secrets.REGISTRY1_PASSWORD }} | |
latest-version: "" | |
copy-bundle: "yes" | |
- name: Publish software factory bundle | |
run: uds publish uds-bundle-software-factory-demo-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-package --no-progress |