Update module github.com/google/docsy to v0.14.3 #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Gitlab CI/CD Training Puzzle Build and Publish | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| pull-requests: write | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| HELM_NAME: gitlab-ci-cd-training-puzzle | |
| TRAINING_VERSION: ${{ github.sha }} | |
| BUILD_VERSION: ${{ github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) }} | |
| DEPLOY_SECRET_VARIABLE_NAME: ${{ github.ref == 'refs/heads/main' && 'KUBECONFIG_PROD_AV2' || 'KUBECONFIG_TEST_AV2' }} | |
| NAMESPACE_NAME: ${{ github.ref == 'refs/heads/main' && 'pitc-cicd-gitlab-ci-cd-training-prod' || 'pitc-cicd-gitlab-ci-cd-training-test' }} | |
| PR_ENV_URL: https://gitlab-ci-cd-training-pr-${{ github.event.pull_request.number }}.ocp.cloudscale.puzzle.ch | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Set up npm for linting | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 'latest' | |
| - name: Cache npm dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Cache node_modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-modules- | |
| - name: Lint Markdown | |
| run: npm ci && npm run mdlint | |
| build_push_image: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| outputs: | |
| digest: ${{ steps.build-push.outputs.digest }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push Docker image | |
| id: build-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| build-args: | | |
| TRAINING_HUGO_ENV=puzzle | |
| push: true | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| sign_image: | |
| runs-on: ubuntu-latest | |
| needs: build_push_image | |
| outputs: | |
| digest: ${{ needs.build_push_image.outputs.digest }} | |
| steps: | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3.9.2 | |
| with: | |
| cosign-release: 'v2.2.4' | |
| - name: Sign Docker image with cosign | |
| env: | |
| TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }} | |
| DIGEST: ${{ needs.build_push_image.outputs.digest }} | |
| run: | | |
| COSIGN_EXPERIMENTAL=1 cosign sign --yes ${TAG}@${DIGEST} | |
| verify_image: | |
| runs-on: ubuntu-latest | |
| needs: sign_image | |
| outputs: | |
| digest: ${{ needs.sign_image.outputs.digest }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| scripts | |
| sparse-checkout-cone-mode: false | |
| fetch-depth: 0 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3.9.2 | |
| with: | |
| cosign-release: 'v2.2.4' | |
| - name: Verify Docker image with cosign | |
| env: | |
| TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }} | |
| DIGEST: ${{ needs.sign_image.outputs.digest }} | |
| run: bash ./scripts/verify_cosign.sh | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: verify_image | |
| env: | |
| KUBE_CONFIG_PATH: '$HOME/.kube' | |
| KUBE_CONFIG_FILENAME: 'config' | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| helm-chart | |
| scripts | |
| sparse-checkout-cone-mode: false | |
| fetch-depth: 0 | |
| - name: 'Install Helm' | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: 'latest' | |
| - name: Install Kubectl | |
| uses: azure/setup-kubectl@v4 | |
| with: | |
| version: 'latest' | |
| - name: Create KUBECONFIG | |
| env: | |
| KUBE_CONFIG: ${{ secrets[env.DEPLOY_SECRET_VARIABLE_NAME] }} | |
| run: bash ./scripts/create_kubeconfig.sh | |
| - name: Deploy Helm Release | |
| env: | |
| HELM_RELEASE: ${{ env.BUILD_VERSION }} | |
| NAMESPACE: ${{ env.NAMESPACE_NAME }} | |
| run: bash ./scripts/deploy_helm_release.sh | |
| - name: Redeploy Deployments | |
| env: | |
| HELM_RELEASE: ${{ env.BUILD_VERSION }} | |
| NAMESPACE: ${{ env.NAMESPACE_NAME }} | |
| run: bash ./scripts/redeploy_deployment.sh | |
| comment: | |
| if: github.ref != 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: verify_image | |
| steps: | |
| - name: Comment PR Environments in PR | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| message: | | |
| 🚀 PR Environment: [Open Deployment](${{ env.PR_ENV_URL }}) | |
| 🏷️ Image Tag: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }}` | |
| 🖋️ Image Digest: `${{ needs.verify_image.outputs.digest }}` |