-
Notifications
You must be signed in to change notification settings - Fork 5
228 lines (200 loc) · 9.13 KB
/
publish.yaml
File metadata and controls
228 lines (200 loc) · 9.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
name: Release Container
on:
push:
branches:
- main
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: write
pages: write
id-token: write
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "release"
cancel-in-progress: false
jobs:
build_container:
runs-on: rehosting-arc
steps:
- name: Update and Install Dependencies
run: |
# Nuke the existing corrupted lists
sudo rm -rf /var/lib/apt/lists/*
sudo apt-get clean
# Targeted replacement to avoid mangling the protocol slashes
# This targets the domain names specifically
SOURCES_FILES="/etc/apt/sources.list /etc/apt/sources.list.d/ubuntu.sources"
for f in $SOURCES_FILES; do
if [ -f "$f" ]; then
echo "Updating $f to use MIT mirror..."
sudo sed -i -E 's/([a-z]+\.)?archive\.ubuntu\.com/mirrors.mit.edu/g' "$f"
sudo sed -i -E 's/security\.ubuntu\.com/mirrors.mit.edu/g' "$f"
fi
done
# Verify the file content if it fails again
# cat /etc/apt/sources.list.d/ubuntu.sources
sudo apt-get update
sudo apt-get install -yy curl jq
- name: Get next version
uses: reecetech/version-increment@2023.10.1
id: version
with:
use_api: true
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: rehosting
password: ${{secrets.DOCKERHUB_TOKEN}}
- name: Trust Harbor's self-signed certificate
run: |
echo "Fetching certificate from ${{ secrets.REHOSTING_ARC_REGISTRY }}"
openssl s_client -showcerts -connect ${{ secrets.REHOSTING_ARC_REGISTRY }}:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /usr/local/share/ca-certificates/harbor.crt > /dev/null
sudo update-ca-certificates
- name: Log in to Rehosting Arc Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.REHOSTING_ARC_REGISTRY }}
username: ${{ secrets.REHOSTING_ARC_REGISTRY_USER }}
password: ${{ secrets.REHOSTING_ARC_REGISTRY_PASSWORD }}
- name: Install dependencies and label git workspace safe
run: |
sudo apt-get update
sudo apt-get -y install git curl jq gzip tmux
git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:master
network=host
buildkitd-config-inline: |
[registry."${{ secrets.REHOSTING_ARC_REGISTRY }}"]
insecure = true
http = true
- name: Build Docker image and push to Dockerhub
uses: docker/build-push-action@v6.18.0
with:
context: .
push: true
cache-from: |
type=registry,ref=${{secrets.REHOSTING_ARC_REGISTRY}}/rehosting/penguin:cache,mode=max
type=registry,ref=${{secrets.REHOSTING_ARC_REGISTRY}}/rehosting/penguin:cache_last_published,mode=max
cache-to: |
type=registry,ref=${{secrets.REHOSTING_ARC_REGISTRY}}/rehosting/penguin:cache,mode=max
type=registry,ref=${{secrets.REHOSTING_ARC_REGISTRY}}/rehosting/penguin:cache_last_published,mode=max
tags: rehosting/penguin:${{ github.sha }},rehosting/penguin:${{ steps.version.outputs.v-version }},rehosting/penguin:latest,${{secrets.REHOSTING_ARC_REGISTRY}}/rehosting/penguin:${{ github.sha }}
build-args: |
OVERRIDE_VERSION=${{ steps.version.outputs.v-version }}
REGISTRY=${{ secrets.REHOSTING_ARC_REGISTRY }}/proxy
APT_MIRROR=MIT
- name: Set up Python for config schema
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies for config schema
run: pip install pydantic pydantic-partial pyyaml yamlcore
- name: Generate config schema
run: python3 src/penguin/penguin_config/gen_docs.py schema > config_schema.yaml
- name: Upload config schema to server
uses: easingthemes/ssh-deploy@main
with:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
ARGS: "-rlgoDzvc -i --delete"
SOURCE: config_schema.yaml
REMOTE_HOST: rehosti.ng
REMOTE_USER: github
TARGET: /var/www/igloo
# ACTIONS: deploy docs to GitHub Pages
- name: Setup Pages
uses: actions/configure-pages@v5
- name: Add dependencies
run: |
cat <<'EOF' >> Dockerfile
FROM penguin AS docs
RUN pip install sphinx \
sphinx-autobuild \
sphinx-rtd-theme \
myst-parser \
sphinx-copybutton \
furo \
linkify-it-py \
sphinx-prompt \
sphinxemoji \
sphinx-notfound-page \
sphinx-last-updated-by-git
RUN apt-get update && apt-get install -y texlive-latex-base texlive-latex-recommended texlive-fonts-recommended texlive-latex-extra
EOF
- name: Build Docker image and push to Docker Hub
uses: docker/build-push-action@v6
with:
context: .
load: true
push: false
tags: rehosting/penguin:docs
build-args: |
REGISTRY=${{ secrets.REHOSTING_ARC_REGISTRY }}/proxy
cache-from: |
type=registry,ref=${{ secrets.REHOSTING_ARC_REGISTRY }}/rehosting/penguin:cache,mode=max
type=registry,ref=${{ secrets.REHOSTING_ARC_REGISTRY }}/rehosting/penguin:cache_docs,mode=max
type=registry,ref=${{ secrets.REHOSTING_ARC_REGISTRY }}/rehosting/penguin:cache_last_published,mode=max
cache-to: |
type=registry,ref=${{ secrets.REHOSTING_ARC_REGISTRY }}/rehosting/penguin:cache_docs,mode=max
- name: Install dependencies
run: pip install click pyyaml
- name: Generate Docs
run: |
timeout 10m python3 $GITHUB_WORKSPACE/tests/unit_tests/test_target/test.py -i rehosting/penguin:docs --docs-only
cp $GITHUB_WORKSPACE/tests/unit_tests/test_target/results/latest/sphinx/latex/penguin.pdf $GITHUB_WORKSPACE/tests/unit_tests/test_target/results/latest/sphinx/html
tar -czvf $GITHUB_WORKSPACE/docs.tar.gz -C $GITHUB_WORKSPACE/tests/unit_tests/test_target/results/latest/sphinx/html .
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: html
path: ${{ github.workspace }}/docs.tar.gz
- name: Create release
id: create_release
uses: softprops/action-gh-release@v2.3.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.version.outputs.v-version }}
name: Release ${{ steps.version.outputs.v-version }} ${{ github.ref }}
body: |
Release ${{ steps.version.outputs.v-version }} @${{ github.ref }}
draft: false
generate_release_notes: true
prerelease: false
files: |
config_schema.yaml
${{ github.workspace }}/tests/unit_tests/test_target/results/latest/sphinx/latex/penguin.pdf
${{ github.workspace }}/tests/unit_tests/test_target/results/latest/sphinx/docs.tar.gz
deploy_static:
needs: build_container
runs-on: ubuntu-latest
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Setup Pages
uses: actions/configure-pages@v5
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: html
- name: Unzip HTML
run: |
mkdir html_content
tar -xvf docs.tar.gz -C html_content
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
# Upload entire repository
path: 'html_content'
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4