OpenSandbox/.github/workflows/publish-components.yml at main · Generalwin/OpenSandbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Publish Components Image

permissions:
  # required for bump step to push branch and create PR
  contents: write
  pull-requests: write

on:
  workflow_dispatch:
    inputs:
      component:
        description: 'Component to build'
        required: true
        type: choice
        options:
          - execd
          - code-interpreter
          - ingress
          - egress
          - controller
          - task-executor
        default: 'execd'
      image_tag:
        description: 'Docker image tag'
        required: true
        default: 'latest'
  push:
    tags:
      - 'docker/execd/**'
      - 'docker/code-interpreter/**'
      - 'docker/ingress/**'
      - 'docker/egress/**'
      - 'k8s/controller/**'
      - 'k8s/task-executor/**'

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Login to ACR
        uses: docker/login-action@v3
        with:
          registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com
          username: ${{ secrets.ACR_USERNAME }}
          password: ${{ secrets.ACR_PASSWORD }}

      - name: Parse tag and set variables
        id: parse_tag
        run: |
          if [[ "${{ github.ref }}" == refs/tags/docker/* ]]; then
            TAG_PATH="${{ github.ref }}"
            TAG_PATH="${TAG_PATH#refs/tags/}"

            COMPONENT=$(echo "$TAG_PATH" | cut -d'/' -f2)
            IMAGE_TAG=$(echo "$TAG_PATH" | cut -d'/' -f3)

            echo "component=$COMPONENT" >> $GITHUB_OUTPUT
            echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
          elif [[ "${{ github.ref }}" == refs/tags/k8s/* ]]; then
            TAG_PATH="${{ github.ref }}"
            TAG_PATH="${TAG_PATH#refs/tags/}"

            COMPONENT=$(echo "$TAG_PATH" | cut -d'/' -f2)
            IMAGE_TAG=$(echo "$TAG_PATH" | cut -d'/' -f3)

            echo "component=$COMPONENT" >> $GITHUB_OUTPUT
            echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
          else
            echo "component=${{ inputs.component }}" >> $GITHUB_OUTPUT
            echo "image_tag=${{ inputs.image_tag }}" >> $GITHUB_OUTPUT
          fi

      - name: Free disk space
        run: |
          sudo rm -rf /usr/share/dotnet /opt/ghc /opt/hostedtoolcache
          sudo apt-get clean
          sudo rm -rf /var/lib/apt/lists/*
          df -h

      - name: Build and push to registries
        run: |
          COMPONENT="${{ steps.parse_tag.outputs.component }}"
          IMAGE_TAG="${{ steps.parse_tag.outputs.image_tag }}"

          if [ "$COMPONENT" == "execd" ]; then
            cd components/execd
          elif [ "$COMPONENT" == "ingress" ]; then
            cd components/ingress
          elif [ "$COMPONENT" == "egress" ]; then
            cd components/egress
          elif [ "$COMPONENT" == "controller" ]; then
            cd kubernetes
          elif [ "$COMPONENT" == "task-executor" ]; then
            cd kubernetes
          else
            cd sandboxes/$COMPONENT
          fi

          export TAG=$IMAGE_TAG
          export COMPONENT=$COMPONENT
          chmod +x build.sh
          ./build.sh

      - name: Bump component version in repo
        if: steps.parse_tag.outputs.image_tag != 'latest' && steps.parse_tag.outputs.image_tag != ''
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          COMPONENT="${{ steps.parse_tag.outputs.component }}"
          IMAGE_TAG="${{ steps.parse_tag.outputs.image_tag }}"
          # Ensure version has 'v' prefix for bump script
          if [[ "$IMAGE_TAG" =~ ^v ]]; then
            VERSION="$IMAGE_TAG"
          else
            VERSION="v${IMAGE_TAG}"
          fi

          ./scripts/bump-component-version.sh "$COMPONENT" "$VERSION"

          BRANCH="bump/${COMPONENT}-${VERSION}"
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git checkout -b "$BRANCH"
          git add -A
          git diff --staged --quiet && echo "No changes to commit" && exit 0
          git commit -m "chore: bump $COMPONENT to $VERSION"
          git push origin "$BRANCH"

          gh pr create \
            --title "chore: bump $COMPONENT to $VERSION" \
            --body "Auto-generated by Publish Components workflow after building \`$COMPONENT:$VERSION\`." \
            --base "$(gh api repos/${{ github.repository }} --jq .default_branch)"