@@ -478,214 +478,6 @@ jobs:
478478 cache-read-only : ${{ github.ref != 'refs/heads/main' }}
479479 arguments : :cosmotech-api:integrationTest -x spotlessCheck -x openApiValidate
480480
481- test_helm :
482- name : Test Helm Chart
483- runs-on : ubuntu-latest
484- needs :
485- - build
486-
487- # If the PR is coming from a fork (pull_request_target), ensure it's opened by "dependabot[bot]".
488- # Otherwise, clone it normally.
489- # This allows Dependabot PRs to have access to the repository Secrets,
490- # but using the Workflows in the context of the base branch
491- if : |
492- (github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
493- (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]')
494-
495- env :
496- CHART_RELEASE_TEST_NAMESPACE : phoenix
497-
498- permissions : read-all
499-
500- steps :
501-
502- - name : Checkout
503- if : ${{ github.event_name != 'pull_request_target' }}
504- uses : actions/checkout@v4
505-
506- - name : Checkout PR
507- if : ${{ github.event_name == 'pull_request_target' }}
508- uses : actions/checkout@v4
509- with :
510- ref : ${{ github.event.pull_request.head.sha }}
511- token : ${{ secrets.GITHUB_TOKEN }}
512-
513- - name : Set up JDK
514- uses : actions/setup-java@v3
515- with :
516- distribution : ' temurin'
517- java-version : ' 21'
518-
519- - name : Set up api version to deploy
520- run : |
521- echo "Event: ${{ github.event_name }}, Actor: ${{ github.actor }}, Ref: ${{ github.ref }}, Ref Name: ${{ github.ref_name }}, Head: ${{ github.head_ref }}, Base: ${{ github.base_ref }}"
522- if [[ "${{ github.event_name }}" == "pull_request" ]]; then
523- echo Building from PR
524- arrIN=(${GITHUB_REF_NAME//\// })
525- versionTag="pr${arrIN[0]}"
526- echo "IMAGE_TAG_FROM_REF_NAME=$versionTag" >> $GITHUB_ENV;
527- echo "API_VERSION_FROM_REF_NAME=$versionTag" >> $GITHUB_ENV;
528- echo "The current version is $versionTag";
529- else
530- export firstPart=$(echo ${{ github.ref_name }} | cut -d '.' -f1)
531- if [[ $firstPart == \"v*\" ]]; then
532- echo "IMAGE_TAG_FROM_REF_NAME=${{ github.ref_name }}" >> $GITHUB_ENV;
533- echo "API_VERSION_FROM_REF_NAME=$firstPart" >> $GITHUB_ENV;
534- echo "The current version is $firstPart";
535- elif [[ $firstPart == \"main\" ]]; then
536- echo "IMAGE_TAG_FROM_REF_NAME=latest" >> $GITHUB_ENV;
537- echo "API_VERSION_FROM_REF_NAME=latest" >> $GITHUB_ENV
538- echo "The current version is latest";
539- else
540- echo "IMAGE_TAG_FROM_REF_NAME=${{ github.ref_name }}" >> $GITHUB_ENV;
541- echo "API_VERSION_FROM_REF_NAME=v$firstPart" >> $GITHUB_ENV
542- echo "The current version is v$firstPart";
543- fi
544- fi
545-
546- name : Set up Helm
547- 548- with :
549- version : v3.6.0
550-
551- - name : Generate KinD Config
552- run : |
553- cat <<EOF > /tmp/csm-kind-config.yaml
554-
555- kind: Cluster
556- apiVersion: kind.x-k8s.io/v1alpha4
557- containerdConfigPatches:
558- - |-
559- [plugins."io.containerd.grpc.v1.cri".containerd]
560- disable_snapshot_annotations = true
561- [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
562- endpoint = ["http://kind-registry:5000"]
563- nodes:
564- - role: control-plane
565- image: kindest/node:v1.23.6
566- kubeadmConfigPatches:
567- - |
568- kind: InitConfiguration
569- nodeRegistration:
570- kubeletExtraArgs:
571- node-labels: "ingress-ready=true"
572- extraPortMappings:
573- - containerPort: 80
574- hostPort: 80
575- protocol: TCP
576- - containerPort: 443
577- hostPort: 443
578- protocol: TCP
579- - role: worker
580- image: kindest/node:v1.23.6
581- kubeadmConfigPatches:
582- - |
583- kind: JoinConfiguration
584- nodeRegistration:
585- taints:
586- - key: "vendor"
587- value: "cosmotech"
588- effect: "NoSchedule"
589- kubeletExtraArgs:
590- node-labels: "kubernetes.io/os=linux,cosmotech.com/tier=compute,cosmotech.com/size=basic"
591- - role: worker
592- image: kindest/node:v1.23.6
593- kubeadmConfigPatches:
594- - |
595- kind: JoinConfiguration
596- nodeRegistration:
597- taints:
598- - key: "vendor"
599- value: "cosmotech"
600- effect: "NoSchedule"
601- kubeletExtraArgs:
602- node-labels: "kubernetes.io/os=linux,cosmotech.com/tier=services"
603- - role: worker
604- image: kindest/node:v1.23.6
605- kubeadmConfigPatches:
606- - |
607- kind: JoinConfiguration
608- nodeRegistration:
609- taints:
610- - key: "vendor"
611- value: "cosmotech"
612- effect: "NoSchedule"
613- kubeletExtraArgs:
614- node-labels: "kubernetes.io/os=linux,cosmotech.com/tier=db"
615- - role: worker
616- image: kindest/node:v1.23.6
617- kubeadmConfigPatches:
618- - |
619- kind: JoinConfiguration
620- nodeRegistration:
621- taints:
622- - key: "vendor"
623- value: "cosmotech"
624- effect: "NoSchedule"
625- kubeletExtraArgs:
626- node-labels: "kubernetes.io/os=linux,cosmotech.com/tier=monitoring"
627-
628- networking:
629- # disable kindnet, which does not support Network Policies
630- disableDefaultCNI: true
631- # set to Calico's default subnet
632- podSubnet: 192.168.0.0/16
633- featureGates:
634- # TTL Controller for finished resources is currently an opt-in alpha feature
635- # https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
636- TTLAfterFinished: true
637-
638- EOF
639-
640- name : Provision Kubernetes KinD Cluster and local Container Registry
641- uses : container-tools/kind-action@v2
642- with :
643- version : v0.14.0
644- config : /tmp/csm-kind-config.yaml
645-
646- - name : Deploy Calico
647- run : |
648- helm repo add projectcalico https://docs.tigera.io/calico/charts
649- helm \
650- install calico \
651- projectcalico/tigera-operator \
652- --version v3.24.3 \
653- --wait \
654- --timeout 2m
655-
656- name : Make scripts executable
657- run : |
658- chmod +x .github/scripts/*.sh
659- chmod +x api/kubernetes/*.sh
660-
661- name : Build, package and push container image
662- env :
663- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
664- uses : gradle/gradle-build-action@v3
665- with :
666- cache-disabled : true
667- # Cache storage space is limited for GitHub actions
668- cache-read-only : ${{ github.ref != 'refs/heads/main' }}
669- arguments : |
670- :cosmotech-api:jib
671- -Djib.to.image=localhost:5000/cosmotech-api:${{ env.IMAGE_TAG_FROM_REF_NAME }}
672- -Djib.allowInsecureRegistries=true
673-
674- name : Install the Helm Chart (current Version)
675- env :
676- PHOENIXAKSDEV_TENANT_ID : ${{ secrets.PHOENIXAKSDEV_TENANT_ID }}
677- PHOENIXAKSDEV_CLIENT_ID : ${{ secrets.PHOENIXAKSDEV_CLIENT_ID }}
678- PHOENIXAKSDEV_CLIENT_SECRET : ${{ secrets.PHOENIXAKSDEV_CLIENT_SECRET }}
679- PHOENIXAKSDEV_STORAGE_ACCOUNT_NAME : ${{ secrets.PHOENIXAKSDEV_STORAGE_ACCOUNT_NAME }}
680- PHOENIXAKSDEV_STORAGE_ACCOUNT_KEY : ${{ secrets.PHOENIXAKSDEV_STORAGE_ACCOUNT_KEY }}
681- PHOENIXAKSDEV_ADX_BASE_URI : ${{ secrets.PHOENIXAKSDEV_ADX_BASE_URI }}
682- PHOENIXAKSDEV_ADX_INGESTION_BASE_URI : ${{ secrets.PHOENIXAKSDEV_ADX_INGESTION_BASE_URI }}
683- PHOENIXAKSDEV_EVENT_HUBS_BASE_URI : ${{ secrets.PHOENIXAKSDEV_EVENT_HUBS_BASE_URI }}
684- run : .github/scripts/install-helm-chart.sh ${{ env.API_VERSION_FROM_REF_NAME }} ${{ env.IMAGE_TAG_FROM_REF_NAME }}
685-
686- - name : Test Helm Release (current Version)
687- run : .github/scripts/test-helm-release.sh ${{ env.API_VERSION_FROM_REF_NAME }}
688-
689481 scan_and_push_container_images_to_registries :
690482 runs-on : ubuntu-latest
691483 needs :
@@ -701,7 +493,6 @@ jobs:
701493 - runner_it
702494 - run_it
703495 - homecontroller_it
704- - test_helm
705496 permissions :
706497 packages : write
707498 contents : read
@@ -823,7 +614,6 @@ jobs:
823614 - runner_it
824615 - run_it
825616 - homecontroller_it
826- - test_helm
827617 permissions :
828618 packages : write
829619 contents : read
@@ -874,28 +664,3 @@ jobs:
874664 if : ${{ always() }}
875665 run : |
876666 helm registry logout ghcr.io || true
877-
878- trigger_deployments :
879- runs-on : ubuntu-latest
880- if : ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
881- needs :
882- - scan_and_push_container_images_to_registries
883- - push_helm_charts_to_oci_registries
884-
885- steps :
886- - name : Dispatch deployments
887- env :
888- GH_PAT : ${{ secrets.OPENAPI_CLIENTS_GITHUB_PAT }}
889- run : |
890- curl --request POST \
891- --url "https://api.github.com/repos/${{ github.repository }}/dispatches" \
892- --header "Authorization: Bearer ${GH_PAT}" \
893- --header 'content-type: application/json' \
894- --data '{
895- "event_type": "ready_to_deploy",
896- "client_payload": {
897- "gh_actor": "${{ github.actor }}",
898- "gh_ref": "${{ github.ref }}",
899- "gh_sha": "${{ github.sha }}"
900- }
901- }'
0 commit comments