Merge pull request #1895 from yuvipanda/secrets #1342
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish helm chart and docker images | |
on: | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
- "**.rst" | |
- "docs/**" | |
- "examples/**" | |
- ".github/workflows/**" | |
- "!.github/workflows/publish.yml" | |
push: | |
paths-ignore: | |
- "**.md" | |
- "**.rst" | |
- "docs/**" | |
- "examples/**" | |
- ".github/workflows/**" | |
- "!.github/workflows/publish.yml" | |
branches-ignore: | |
- "dependabot/**" | |
- "pre-commit-ci-update-config" | |
- "update-*" | |
workflow_dispatch: | |
jobs: | |
# Builds and pushes docker images to quay.io, packages the Helm chart and | |
# pushes it to jupyterhub/helm-chart@gh-pages where index.yaml represents the | |
# JupyterHub organization Helm chart repository. | |
# | |
# ref: https://github.com/jupyterhub/helm-chart | |
# ref: https://quay.io/organization/jupyterhub | |
# | |
Publish: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# chartpress requires the full history | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- uses: actions/setup-node@v4 | |
# node required to build wheel | |
with: | |
node-version: "22" | |
- name: Set up QEMU (for docker buildx) | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx (for chartpress multi-arch builds) | |
uses: docker/setup-buildx-action@v3 | |
- name: Setup helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: "v3.16.2" | |
- name: Install chart publishing dependencies (chartpress, etc) | |
run: | | |
pip install --no-cache-dir chartpress>=2.1 pyyaml build | |
- name: Build binderhub wheel | |
run: python3 -m build --wheel . | |
- name: Setup push rights to jupyterhub/helm-chart | |
# This was setup by... | |
# 1. Generating a private/public key pair: | |
# ssh-keygen -t ed25519 -C "jupyterhub/binderhub" -f /tmp/id_ed25519 | |
# 2. Registering the private key (/tmp/id_ed25519) as a secret for this | |
# repo: | |
# https://github.com/jupyterhub/binderhub/settings/secrets/actions | |
# 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key | |
# with push rights for the jupyterhub/helm chart repo: | |
# https://github.com/jupyterhub/helm-chart/settings/keys | |
# | |
run: | | |
mkdir -p ~/.ssh | |
ssh-keyscan github.com >> ~/.ssh/known_hosts | |
echo "${{ secrets.JUPYTERHUB_HELM_CHART_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
- name: Setup push rights to Quay.io | |
# This was setup by... | |
# 1. Creating a [Robot Account](https://quay.io/organization/jupyterhub?tab=robots) in the JupyterHub | |
# . quay.io org | |
# 2. Giving it enough permissions to push to the binderhub image | |
# 3. Putting the robot account's username and password in GitHub actions environment | |
run: | | |
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" docker.io | |
- name: Configure a git user | |
# Having a user.email and user.name configured with git is required to | |
# make commits, which is something chartpress does when publishing. | |
# While Travis CI had a dummy user by default, GitHub Actions doesn't | |
# and require this explicitly setup. | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "GitHub Actions user" | |
- name: Publish images and chart with chartpress | |
env: | |
GITHUB_REPOSITORY: "${{ github.repository }}" | |
run: | | |
./tools/generate-json-schema.py | |
./ci/publish | |
PyPI-testbuild: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Versioneer requires past tags | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Install pypa/build | |
run: python -mpip install build | |
- name: Build a sdist, and a binary wheel from the sdist | |
run: python -mbuild . | |
# ref: https://github.com/actions/upload-artifact#readme | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: pypi-dist | |
path: "dist/*" | |
if-no-files-found: error |