ci(workflow): refine pipeline configuration and add release check

winromulus · winromulus · commit 59264410e606 · 2025-05-01T23:06:20.000+03:00
- Standardizes quotation marks for consistency across the YAML file.
- Introduces a new evaluation step to determine if a release is required based on the main branch.
- Updates jobs to accommodate changes in requirements for building and publishing.
- Adjusts Helm and Docker commands for better clarity and functionality.
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -3,27 +3,26 @@ name: Pipeline
 on:
   push:
     branches:
-      - '**'  # Matches all branches
+      - "**" # Matches all branches
   pull_request:
     branches:
-      - '**'  # Matches all branches
+      - "**" # Matches all branches
 
   workflow_dispatch:
     inputs:
       force_build:
-        description: 'Forces a build even if no changes are detected'
+        description: "Forces a build even if no changes are detected"
         required: true
-        default: 'false'
+        default: "false"
       force_publish:
-        description: 'Forces a publish even if no changes are detected'
+        description: "Forces a publish even if no changes are detected"
         required: true
-        default: 'false'
+        default: "false"
 
 concurrency:
   group: pipeline-${{ github.ref_name }}
   cancel-in-progress: true
 
-
 env:
   containerImage: "kubernetes-reflector"
   containerImageBuildContext: "src/"
@@ -33,7 +32,6 @@ env:
   helmChart: "reflector"
   helmChartDir: "src/helm/reflector"
 
-
 jobs:
   discovery:
     runs-on: ubuntu-latest
@@ -46,7 +44,7 @@ jobs:
       gitVersion_AssemblySemFileVer: ${{ steps.gitversion.outputs.GitVersion_AssemblySemFileVer }}
       requiresBuild: ${{ steps.requires_build.outputs.result }}
       requiresBuildPush: ${{ steps.requires_build_push.outputs.result }}
-
+      requires_release: ${{ steps.requires_release.outputs.result }}
     steps:
       - name: checkout
         uses: actions/checkout@v4
@@ -56,12 +54,12 @@ jobs:
       - name: tools - dotnet - install
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: '9.x'
+          dotnet-version: "9.x"
 
       - name: tools - gitversion - install
         uses: gittools/actions/gitversion/setup@v3.0.0
         with:
-          versionSpec: '5.x'
+          versionSpec: "5.x"
           preferLatestVersion: true
 
       - name: gitversion - execute
@@ -102,6 +100,17 @@ jobs:
           fi
           echo "result=$result" >> $GITHUB_OUTPUT
 
+      - name: evaluate - requires_release
+        id: requires_release
+        run: |
+          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
+            result=true
+          else
+            result=false
+          fi
+          echo "result=$result" >> $GITHUB_OUTPUT
+
+
 
   build:
     name: build
@@ -118,18 +127,19 @@ jobs:
       - name: tools - kubectl - install
         uses: azure/setup-kubectl@v4
 
-      - name: tools - helm - install
-        uses: azure/setup-helm@v4
+      - name: tools - oras - install
+        uses: oras-project/setup-oras@v1
 
-      - name: tools - helm - login - ghcr
+      - name: tools - oras - login - ghcr.io
         if: ${{ needs.discovery.outputs.requiresBuildPush == 'true' }}
-        run: |
-          echo "${{ secrets.ES_GITHUB_PAT }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
+        run: echo "${{ secrets.ES_GITHUB_PAT }}" | oras login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: tools - helm - install
+        uses: azure/setup-helm@v4
 
-      - name: tools - helm - login - docker.io
+      - name: tools - helm - login - ghcr.io
         if: ${{ needs.discovery.outputs.requiresBuildPush == 'true' }}
-        run: |
-          echo "${{ secrets.ES_DOCKERHUB_PAT }}" | helm registry login registry-1.docker.io -u ${{ secrets.ES_DOCKERHUB_USERNAME }} --password-stdin
+        run: echo "${{ secrets.ES_GITHUB_PAT }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
 
       - name: tools - docker - login ghcr.io
         if: ${{ needs.discovery.outputs.requiresBuildPush == 'true' }}
@@ -154,8 +164,7 @@ jobs:
       - name: tools - docker - setup buildx
         uses: docker/setup-buildx-action@v3
         with:
-          driver: docker-container  # REQUIRED for multi-platform builds
-
+          driver: docker-container # REQUIRED for multi-platform builds
 
       - name: artifacts - prepare directories
         run: |
@@ -169,7 +178,7 @@ jobs:
         run: helm package --destination .artifacts/helm --version ${{ env.gitVersion_SemVer }} --app-version ${{ env.gitVersion_SemVer }} ${{ env.helmChartDir }}
 
       - name: helm - template chart
-        run: helm template --namespace kube-system ${{ env.helmChart }} .artifacts/helm/${{ env.helmChart }}-${{ env.gitVersion_SemVer }}.tgz > .artifacts/kubectl/${{ env.helmChart }}-${{ env.gitVersion_SemVer }}.yaml
+        run: helm template --namespace kube-system ${{ env.helmChart }} .artifacts/helm/${{ env.helmChart }}-${{ env.gitVersion_SemVer }}.tgz > .artifacts/kubectl/${{ env.helmChart }}.yaml
 
       - name: docker - build and push
         uses: docker/build-push-action@v5
@@ -192,22 +201,26 @@ jobs:
       - name: helm - push - ghcr.io
         run: helm push .artifacts/helm/${{ env.helmChart }}-${{ env.gitVersion_SemVer }}.tgz oci://ghcr.io/${{ github.repository_owner }}/helm-charts
 
-      - name: "artifacts - upload - helm chart"
-        uses: actions/upload-artifact@v4
-        with:
-          name: helm
-          path: .artifacts/helm
+      - name: docker - tag and push - latest
+        run: |
+          docker buildx imagetools create \
+            --tag ${{ env.dockerHubContainerImageRepository }}/${{ env.containerImage }}:latest \
+            --tag ${{ env.ghcrContainerImageRepository }}/${{ env.containerImage }}:latest \
+            ${{ env.ghcrContainerImageRepository }}/${{ env.containerImage }}:${{ env.gitVersion_SemVer }}
 
-      - name: "artifacts - upload - artifacthub"
-        uses: actions/upload-artifact@v4
-        with:
-          name: artifacthub
-          path: src/helm/artifacthub-repo.yaml
+      - name: oras - push - artifact hub metadata
+        run: |
+          oras push ghcr.io/${{ github.repository_owner }}/helm-charts/${{ env.helmChart }}:artifacthub.io \
+            --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
+            .artifacts/artifacthub/artifacthub-repo.yaml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
 
-      - name: "artifacts - upload - kubectl manifests"
-        uses: actions/upload-artifact@v4
+      - name: github - release - create
+        uses: softprops/action-gh-release@v2
         with:
-          name: kubectl
-          path: .artifacts/kubectl
-
-
+          repository: ${{ github.repository }}
+          tag_name: v${{ env.gitVersion_SemVer }}
+          body: The release process is automated.
+          generate_release_notes: true
+          token: ${{ secrets.ES_GITHUB_PAT }}
+          files: |
+            .artifacts/kubectl/${{ env.helmChart }}.yaml
