Skip to content

Merge pull request #1895 from yuvipanda/secrets #1342

Merge pull request #1895 from yuvipanda/secrets

Merge pull request #1895 from yuvipanda/secrets #1342

Workflow file for this run

name: Publish helm chart and docker images
on:
pull_request:
paths-ignore:
- "**.md"
- "**.rst"
- "docs/**"
- "examples/**"
- ".github/workflows/**"
- "!.github/workflows/publish.yml"
push:
paths-ignore:
- "**.md"
- "**.rst"
- "docs/**"
- "examples/**"
- ".github/workflows/**"
- "!.github/workflows/publish.yml"
branches-ignore:
- "dependabot/**"
- "pre-commit-ci-update-config"
- "update-*"
workflow_dispatch:
jobs:
# Builds and pushes docker images to quay.io, packages the Helm chart and
# pushes it to jupyterhub/helm-chart@gh-pages where index.yaml represents the
# JupyterHub organization Helm chart repository.
#
# ref: https://github.com/jupyterhub/helm-chart
# ref: https://quay.io/organization/jupyterhub
#
Publish:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')
steps:
- uses: actions/checkout@v4
with:
# chartpress requires the full history
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- uses: actions/setup-node@v4
# node required to build wheel
with:
node-version: "22"
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx (for chartpress multi-arch builds)
uses: docker/setup-buildx-action@v3
- name: Setup helm
uses: azure/setup-helm@v4
with:
version: "v3.16.2"
- name: Install chart publishing dependencies (chartpress, etc)
run: |
pip install --no-cache-dir chartpress>=2.1 pyyaml build
- name: Build binderhub wheel
run: python3 -m build --wheel .
- name: Setup push rights to jupyterhub/helm-chart
# This was setup by...
# 1. Generating a private/public key pair:
# ssh-keygen -t ed25519 -C "jupyterhub/binderhub" -f /tmp/id_ed25519
# 2. Registering the private key (/tmp/id_ed25519) as a secret for this
# repo:
# https://github.com/jupyterhub/binderhub/settings/secrets/actions
# 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key
# with push rights for the jupyterhub/helm chart repo:
# https://github.com/jupyterhub/helm-chart/settings/keys
#
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
echo "${{ secrets.JUPYTERHUB_HELM_CHART_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Setup push rights to Quay.io
# This was setup by...
# 1. Creating a [Robot Account](https://quay.io/organization/jupyterhub?tab=robots) in the JupyterHub
# . quay.io org
# 2. Giving it enough permissions to push to the binderhub image
# 3. Putting the robot account's username and password in GitHub actions environment
run: |
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io
docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" docker.io
- name: Configure a git user
# Having a user.email and user.name configured with git is required to
# make commits, which is something chartpress does when publishing.
# While Travis CI had a dummy user by default, GitHub Actions doesn't
# and require this explicitly setup.
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions user"
- name: Publish images and chart with chartpress
env:
GITHUB_REPOSITORY: "${{ github.repository }}"
run: |
./tools/generate-json-schema.py
./ci/publish
PyPI-testbuild:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Versioneer requires past tags
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install pypa/build
run: python -mpip install build
- name: Build a sdist, and a binary wheel from the sdist
run: python -mbuild .
# ref: https://github.com/actions/upload-artifact#readme
- uses: actions/upload-artifact@v4
with:
name: pypi-dist
path: "dist/*"
if-no-files-found: error