This repository has been archived by the owner on Mar 29, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (116 loc) · 4.98 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: build-and-publish
permissions:
id-token: write
contents: read
packages: write
defaults:
run:
# We need -e -o pipefail for consistency with GitHub Actions' default behavior
shell: bash -e -o pipefail {0}
on:
push:
tags: [ "*" ]
workflow_dispatch:
jobs:
build-test-and-publish-bundle:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT }}
repository: ${{ github.repository }}
ref: ${{ github.ref_name }}
# Run this step first so we can fail fast in case an invalid package name is provided
- name: Get latest package version
id: latest-package-version
uses: ./.github/actions/latest-package-version
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
package-name: uds-package/software-factory-demo
- name: Compare latest version with current
run: |
NEW_VERSION="$(cat uds-bundle.yaml | grep version | cut -d ':' -f2 | tr -d " ")"
CURRENT_VERSION="${{ steps.latest-package-version.outputs.latest-package-version }}"
CURRENT_VERSION=${CURRENT_VERSION//v/}
CURRENT_VERSION=${CURRENT_VERSION//-amd64/}
echo "Current version: ${CURRENT_VERSION}"
NEWER_VERSION=$(echo -e "${CURRENT_VERSION}\n${NEW_VERSION}" | sort -V | tail -n1)
# Fail if newer tag version is the same as upstream tag version
if [[ "${NEWER_VERSION}" == "${CURRENT_VERSION}" ]]; then
echo "Bundle version was not updated"
exit 1
else
echo "Bundle version was updated"
exit 0
fi
- name: Init zarf cache
uses: actions/cache@v3
with:
path: "~/.zarf-cache"
key: zarf-cache
- name: Free GH runner build space
run: |
df -h
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
df -h
- name: Install zarf
uses: supplypike/setup-bin@v3
with:
# renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf
uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.31.3/zarf_v0.31.3_Linux_amd64'
name: 'zarf'
# renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
version: 'v0.31.3'
- name: Install uds-cli
uses: supplypike/setup-bin@v3
with:
# renovate: uds-cli-uri datasource=github-tags depName=defenseunicorns/uds-cli
uri: 'https://github.com/defenseunicorns/uds-cli/releases/download/v0.3.1/uds-cli_v0.3.1_Linux_amd64 '
name: 'uds'
# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
version: 'v0.3.1'
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to registry1
uses: docker/login-action@v2
with:
registry: registry1.dso.mil
username: ${{ secrets.REGISTRY1_USERNAME }}
password: ${{ secrets.REGISTRY1_PASSWORD }}
- name: Build Software Factory Dependencies Packages
run: |
mkdir -p build
zarf package create packages/idam-dns --confirm --no-progress --output-directory build
zarf package create packages/idam-gitlab --confirm --no-progress --output-directory build
zarf package create packages/idam-sonarqube --confirm --no-progress --output-directory build
zarf package create packages/idam-realm --confirm --no-progress --output-directory build
zarf package create packages/idam-postgres --confirm --no-progress --output-directory build
zarf package create packages/namespaces --confirm --no-progress --output-directory build
- name: Build software factory bundle
run: uds create --confirm --no-progress
- name: Run clean install test on created artifact
uses: ./.github/actions/e2e
with:
upgrade: "no"
token: ${{ secrets.PAT }}
role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
region: ${{ vars.AWS_REGION }}
github-context: "test / e2e (${{github.event_name}})"
aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
ghcr-username: ${{ github.actor }}
ghcr-password: ${{ secrets.GITHUB_TOKEN }}
registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}
latest-version: ""
copy-bundle: "yes"
- name: Publish software factory bundle
run: uds publish uds-bundle-software-factory-demo-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-package --no-progress