diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml deleted file mode 100644 index 43e75bf..0000000 --- a/.github/workflows/chart-release.yaml +++ /dev/null @@ -1,86 +0,0 @@ -############################################################### -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -name: Release Chart - -on: - workflow_dispatch: - push: - paths: - - 'charts/**' - branches: - - main - -jobs: - release: - # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions - # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update helm dependencies for policy-hub - run: | - cd charts/policy-hub - helm repo add bitnami https://charts.bitnami.com/bitnami - helm dependency update - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_SKIP_EXISTING: "true" - - - name: Get current helm chart version - id: chart-version - run: | - current=$(cat ./charts/policy-hub/Chart.yaml | grep "version:" | head -1 | cut -d ":" -d " " -f2) - echo "current=$current" >> $GITHUB_OUTPUT - echo "Exported $current helm chart version" - - - name: Check for previous version - id: version-check - run: | - exists=$(git tag -l "v${{ steps.chart-version.outputs.current }}") - if [[ -n "$exists" ]]; then - echo "exists=true" >> $GITHUB_OUTPUT - else - echo "exists=false" >> $GITHUB_OUTPUT - fi - - - name: Create and push git tag for release workflow to be triggered - run: | - git tag v${{ steps.chart-version.outputs.current }} - git push origin v${{ steps.chart-version.outputs.current }} - if: steps.version-check.outputs.exists == 'false' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b4d79c5..e9771b9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,28 +20,91 @@ name: Release on: - push: - tags: - - 'v*.*.*' workflow_dispatch: - -env: - IMAGE_NAMESPACE: "tractusx" - IMAGE_NAME_SERVICE: "policy-hub-service" - IMAGE_NAME_MIGRATIONS: "policy-hub-migrations" + push: + paths: + - 'charts/**' + branches: + - main jobs: - policy-hub-service-release: + release-helm-chart: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write runs-on: ubuntu-latest + outputs: + app-version: ${{ steps.app-version.outputs.current }} + version-check: ${{ steps.version-check.outputs.exists }} + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 + + - name: Update helm dependencies for policy-hub + run: | + cd charts/policy-hub + helm repo add bitnami https://charts.bitnami.com/bitnami + helm dependency update + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.4.1 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_SKIP_EXISTING: "true" + + - name: Get current appVersion + id: app-version + run: | + current=$(cat ./charts/policy-hub/Chart.yaml | grep "appVersion:" | head -1 | cut -d ":" -d " " -f2) + echo "current=$current" >> $GITHUB_OUTPUT + echo "Exported $current appVersion" + + - name: Check for previous version + id: version-check + run: | + exists=$(git tag -l "v${{ steps.app-version.outputs.current }}") + if [[ -n "$exists" ]]; then + echo "exists=true" >> $GITHUB_OUTPUT + else + echo "exists=false" >> $GITHUB_OUTPUT + fi + + release-images: + needs: release-helm-chart + if: needs.release-helm-chart.outputs.version-check == 'false' permissions: - packages: write - + contents: read + runs-on: ubuntu-latest + strategy: + matrix: + include: + - image: tractusx/policy-hub-service + dockerfile: ./docker/Dockerfile-policy-hub-service + dockernotice: ./docker/notice-policy-hub-service.md + - image: tractusx/policy-hub-migrations + dockerfile: ./docker/Dockerfile-policy-hub-migrations + dockernotice: ./docker/notice-policy-hub-migrations.md + outputs: + app-version: ${{ steps.app-version.outputs.current }} + version-check: ${{ steps.version-check.outputs.exists }} steps: - - name: Checkout repository + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 - name: Login to DockerHub - if: github.event_name != 'pull_request' uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: username: ${{ secrets.DOCKER_HUB_USER }} @@ -58,23 +121,22 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_SERVICE }} + images: ${{ matrix.image }} # Automatically prepare image tags; See action docs for more examples. # semver patter will generate tags like these for example :1 :1.2 :1.2.3 tags: | - type=ref,event=branch - type=ref,event=pr - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - - - name: Build and push Docker image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + type=ref,event=branch + type=ref,event=pr + type=raw,value=latest + type=semver,pattern={{version}},value=${{ needs.release-helm-chart.outputs.app-version }} + type=semver,pattern={{major}},value=${{ needs.release-helm-chart.outputs.app-version }} + type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-helm-chart.outputs.app-version }} + + - name: Build and push Docker images + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: context: . - file: docker/Dockerfile-policy-hub-service + file: {{ matrix.dockerfile }} platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -83,70 +145,26 @@ jobs: # https://github.com/peter-evans/dockerhub-description - name: Update Docker Hub description - if: github.event_name != 'pull_request' uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_SERVICE }} - readme-filepath: "./docker/notice-policy-hub-service.md" + repository: ${{ matrix.image }} + readme-filepath: ${{ matrix.dockernotice }} - policy-hub-migrations-release: - runs-on: ubuntu-latest + create-tag: + needs: [release-helm-chart, release-images] + if: needs.release-helm-chart.outputs.version-check == 'false' permissions: - contents: read - + contents: write + runs-on: ubuntu-latest steps: - - name: Checkout repository + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - # Create SemVer or ref tags dependent of trigger event - - name: Docker meta - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_MIGRATIONS }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - - - name: Build and push Docker image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: . - file: docker/Dockerfile-policy-hub-migrations - platforms: linux/amd64, linux/arm64 - pull: true - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + fetch-depth: 0 - # https://github.com/peter-evans/dockerhub-description - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 - with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_MIGRATIONS }} - readme-filepath: "./docker/notice-policy-hub-migrations.md" + - name: Create and push git tag + run: | + git tag v${{ needs.release-helm-chart.outputs.app-version }} + git push origin v${{ needs.release-helm-chart.outputs.app-version }}