Skip to content

Commit b55d4a0

Browse files
authored
Merge pull request #361 from puzzle/353-task-integrate-dagger-techlabs-cicd-pipeline
353 task integrate dagger techlabs cicd pipeline
2 parents 01f6625 + 9539a3c commit b55d4a0

File tree

11 files changed

+368
-252
lines changed

11 files changed

+368
-252
lines changed
Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,188 @@
1+
name: Jenkins Techlab Puzzle Build and Publish
2+
3+
permissions:
4+
contents: read
5+
packages: write
6+
id-token: write
7+
pull-requests: write
8+
9+
on:
10+
pull_request:
11+
workflow_dispatch:
12+
push:
13+
branches:
14+
- main
15+
16+
env:
17+
REGISTRY: ghcr.io
18+
IMAGE_NAME: ${{ github.repository }}
19+
HELM_NAME: jenkins-techlab-puzzle
20+
TRAINING_VERSION: ${{ github.sha }}
21+
BUILD_VERSION: ${{ github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) }}
22+
DEPLOY_SECRET_VARIABLE_NAME: ${{ github.ref == 'refs/heads/main' && 'KUBECONFIG_PROD_AV2' || 'KUBECONFIG_TEST_AV2' }}
23+
NAMESPACE_NAME: ${{ github.ref == 'refs/heads/main' && 'pitc-cicd-jenkins-techlab-prod' || 'pitc-cicd-jenkins-techlab-test' }}
24+
PR_ENV_URL: https://jenkins-techlab-pr-${{ github.event.pull_request.number }}.ocp.cloudscale.puzzle.ch
25+
26+
jobs:
27+
lint:
28+
runs-on: ubuntu-latest
29+
steps:
30+
- name: Checkout
31+
uses: actions/checkout@v4
32+
- name: Set up npm for linting
33+
uses: actions/setup-node@v4
34+
with:
35+
node-version: 'latest'
36+
- name: Cache npm dependencies
37+
uses: actions/cache@v4
38+
with:
39+
path: ~/.npm
40+
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
41+
restore-keys: |
42+
${{ runner.os }}-node-
43+
- name: Cache node_modules
44+
uses: actions/cache@v4
45+
with:
46+
path: node_modules
47+
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
48+
restore-keys: |
49+
${{ runner.os }}-modules-
50+
- name: Lint Markdown
51+
run: npm ci && npm run mdlint
52+
53+
54+
build_push_image:
55+
runs-on: ubuntu-latest
56+
needs: lint
57+
outputs:
58+
digest: ${{ steps.build-push.outputs.digest }}
59+
steps:
60+
- name: Checkout Repository
61+
uses: actions/checkout@v4
62+
with:
63+
fetch-depth: 0
64+
- name: Set up QEMU
65+
uses: docker/setup-qemu-action@v3
66+
- name: Set up Docker Buildx
67+
uses: docker/setup-buildx-action@v3
68+
- name: Log into registry ${{ env.REGISTRY }}
69+
uses: docker/login-action@v3
70+
with:
71+
registry: ${{ env.REGISTRY }}
72+
username: ${{ github.actor }}
73+
password: ${{ secrets.GITHUB_TOKEN }}
74+
- name: Push Docker image
75+
id: build-push
76+
uses: docker/build-push-action@v6
77+
with:
78+
context: .
79+
file: ./Dockerfile
80+
push: true
81+
tags: |
82+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }}
83+
cache-from: type=gha
84+
cache-to: type=gha,mode=max
85+
86+
sign_image:
87+
runs-on: ubuntu-latest
88+
needs: build_push_image
89+
outputs:
90+
digest: ${{ needs.build_push_image.outputs.digest }}
91+
steps:
92+
- name: Log into registry ${{ env.REGISTRY }}
93+
uses: docker/login-action@v3
94+
with:
95+
registry: ${{ env.REGISTRY }}
96+
username: ${{ github.actor }}
97+
password: ${{ secrets.GITHUB_TOKEN }}
98+
- name: Install cosign
99+
uses: sigstore/cosign-installer@v3.8.2
100+
with:
101+
cosign-release: 'v2.2.4'
102+
- name: Sign Docker image with cosign
103+
env:
104+
TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }}
105+
DIGEST: ${{ needs.build_push_image.outputs.digest }}
106+
run: |
107+
COSIGN_EXPERIMENTAL=1 cosign sign --yes ${TAG}@${DIGEST}
108+
109+
verify_image:
110+
runs-on: ubuntu-latest
111+
needs: sign_image
112+
outputs:
113+
digest: ${{ needs.sign_image.outputs.digest }}
114+
steps:
115+
- name: Checkout Repository
116+
uses: actions/checkout@v4
117+
with:
118+
sparse-checkout: |
119+
scripts
120+
sparse-checkout-cone-mode: false
121+
fetch-depth: 0
122+
- name: Log into registry ${{ env.REGISTRY }}
123+
uses: docker/login-action@v3
124+
with:
125+
registry: ${{ env.REGISTRY }}
126+
username: ${{ github.actor }}
127+
password: ${{ secrets.GITHUB_TOKEN }}
128+
- name: Install cosign
129+
uses: sigstore/cosign-installer@v3.8.2
130+
with:
131+
cosign-release: 'v2.2.4'
132+
- name: Verify Docker image with cosign
133+
env:
134+
TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }}
135+
DIGEST: ${{ needs.sign_image.outputs.digest }}
136+
run: bash ./scripts/verify_cosign.sh
137+
138+
deploy:
139+
runs-on: ubuntu-latest
140+
needs: verify_image
141+
env:
142+
KUBE_CONFIG_PATH: '$HOME/.kube'
143+
KUBE_CONFIG_FILENAME: 'config'
144+
steps:
145+
- name: Checkout Repository
146+
uses: actions/checkout@v4
147+
with:
148+
sparse-checkout: |
149+
helm-chart
150+
scripts
151+
sparse-checkout-cone-mode: false
152+
fetch-depth: 0
153+
- name: 'Install Helm'
154+
uses: azure/setup-helm@v4
155+
with:
156+
version: 'latest'
157+
- name: Install Kubectl
158+
uses: azure/setup-kubectl@v4
159+
with:
160+
version: 'latest'
161+
- name: Create KUBECONFIG
162+
env:
163+
KUBE_CONFIG: ${{ secrets[env.DEPLOY_SECRET_VARIABLE_NAME] }}
164+
run: bash ./scripts/create_kubeconfig.sh
165+
- name: Deploy Helm Release
166+
env:
167+
HELM_RELEASE: ${{ env.BUILD_VERSION }}
168+
NAMESPACE: ${{ env.NAMESPACE_NAME }}
169+
run: bash ./scripts/deploy_helm_release.sh
170+
- name: Redeploy Deployments
171+
env:
172+
HELM_RELEASE: ${{ env.BUILD_VERSION }}
173+
NAMESPACE: ${{ env.NAMESPACE_NAME }}
174+
run: bash ./scripts/redeploy_deployment.sh
175+
176+
comment:
177+
if: github.ref != 'refs/heads/main'
178+
runs-on: ubuntu-latest
179+
needs: verify_image
180+
steps:
181+
- name: Comment PR Environments in PR
182+
uses: marocchino/sticky-pull-request-comment@v2
183+
with:
184+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
185+
message: |
186+
🚀 PR Environment: [Open Deployment](${{ env.PR_ENV_URL }})
187+
🏷️ Image Tag: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }}`
188+
🖋️ Image Digest: `${{ needs.verify_image.outputs.digest }}`

.github/workflows/build.yaml

Lines changed: 0 additions & 111 deletions
This file was deleted.

.github/workflows/pr-cleanup.yaml

Lines changed: 44 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,48 +1,59 @@
11
name: PRCleanup
2+
23
on:
34
pull_request:
45
types: [closed]
6+
workflow_dispatch:
57

68
jobs:
7-
pr-cleanup:
8-
runs-on: 'ubuntu-latest'
9+
cleanup_helm:
10+
runs-on: ubuntu-latest
11+
env:
12+
TRAINING_HELM_RELEASE: 'pr-${{ github.event.pull_request.number }}'
13+
TRAINING_NAMESPACE: 'pitc-cicd-jenkins-techlab-test'
14+
KUBE_CONFIG_PATH: '$HOME/.kube'
15+
KUBE_CONFIG_FILENAME: 'config'
916
steps:
10-
-
11-
name: Checkout
17+
- name: Checkout
1218
uses: actions/checkout@v4
1319
with:
14-
submodules: recursive
15-
-
16-
name: 'Install Helm'
20+
sparse-checkout: |
21+
scripts
22+
sparse-checkout-cone-mode: false
23+
24+
- name: Install Helm
1725
uses: azure/setup-helm@v4
1826
with:
19-
version: v3.6.2
20-
-
21-
name: Install Kubectl
27+
version: 'latest'
28+
29+
- name: Install Kubectl
2230
uses: azure/setup-kubectl@v4
2331
with:
24-
version: v1.21.2
25-
-
26-
name: Create KUBECONFIG
32+
version: 'latest'
33+
34+
- name: Create KUBECONFIG
2735
env:
2836
KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST_AV2 }}'
29-
run: |
30-
mkdir -p $HOME/.kube
31-
echo "$KUBE_CONFIG" > $HOME/.kube/config
32-
-
33-
name: Remove PR Environment Helm Release
34-
env:
35-
TRAINING_HELM_RELEASE: 'pr-${{ github.event.pull_request.number }}'
36-
TRAINING_NAMESPACE: 'pitc-cicd-jenkins-techlab-test'
37-
TRAINING_VERSION: '${{ github.sha }}'
38-
run: |
39-
helm uninstall $TRAINING_HELM_RELEASE --kubeconfig $HOME/.kube/config --namespace=$TRAINING_NAMESPACE
40-
-
41-
name: Delete Tags on Quay
42-
id: delete_tags
43-
env:
44-
PR_NUMBER: '${{ github.event.pull_request.number }}'
45-
QUAYIO_API_TOKEN: '${{ secrets.QUAYIO_API_TOKEN }}'
46-
REPOSITORY: '${{ github.repository }}'
47-
run: |
48-
curl -X DELETE -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" https://quay.io/api/v1/repository/${REPOSITORY}/tag/pr-${PR_NUMBER}
37+
run: bash ./scripts/create_kubeconfig.sh
38+
- name: Remove PR Environment Helm Release
39+
run: bash ./scripts/remove_helm_release.sh
40+
41+
cleanup_registry:
42+
runs-on: ubuntu-latest
43+
needs: cleanup_helm
44+
env:
45+
ORG: '${{ github.repository_owner }}'
46+
PACKAGE_NAME: '${{ github.event.repository.name }}'
47+
PACKAGE_TYPE: 'container'
48+
TAG: "pr-${{ github.event.pull_request.number }}"
49+
LOGIN_TOKEN: ${{ secrets.GITHUB_TOKEN }}
50+
steps:
51+
- name: Checkout Repository
52+
uses: actions/checkout@v4
53+
with:
54+
sparse-checkout: |
55+
scripts
56+
sparse-checkout-cone-mode: false
57+
fetch-depth: 0
58+
- name: Run registry cleanup script
59+
run: bash ./scripts/cleanup_registry.sh

0 commit comments

Comments
 (0)