[deploy] Fix helm chart values #138
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: installer | |
| on: | |
| push: | |
| branches: [master] | |
| pull_request: | |
| branches: [master] | |
| paths: | |
| - ".github/workflows/installer.yml" | |
| - "deploy/**/*.sh" | |
| - "deploy/**/*.yaml" | |
| - "deploy/**/*.yml" | |
| - "installer/**" | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.ref_protected && github.run_id || github.event.pull_request.number }} | |
| permissions: # added using https://github.com/step-security/secure-workflows | |
| contents: read | |
| jobs: | |
| make_installer: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on | |
| # configuring harden-runner and identifying allowed endpoints. | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| *-docker.pkg.dev:443 | |
| *.cloudfront.net:443 | |
| azure.archive.ubuntu.com:80 | |
| cdn.dl.k8s.io:443 | |
| dl.k8s.io:443 | |
| esm.ubuntu.com:443 | |
| files.pythonhosted.org:443 | |
| get.helm.sh:443 | |
| get.k3s.io:443 | |
| github.com:443 | |
| kubernetes.github.io:443 | |
| packages.microsoft.com:443 | |
| prod-registry-k8s-io-us-east-1.s3.dualstack.us-east-1.amazonaws.com:443 | |
| prod-registry-k8s-io-us-east-2.s3.dualstack.us-east-2.amazonaws.com:443 | |
| prod-registry-k8s-io-us-west-1.s3.dualstack.us-west-1.amazonaws.com:443 | |
| prod-registry-k8s-io-us-west-2.s3.dualstack.us-west-2.amazonaws.com:443 | |
| public.ecr.aws:443 | |
| pypi.org:443 | |
| registry.k8s.io:443 | |
| release-assets.githubusercontent.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y makeself | |
| shell: bash | |
| - name: Make installer with --net-install | |
| run: | | |
| cd installer | |
| ./make-combine-installer.sh --net-install --debug | |
| shell: bash | |
| - name: Upload net-installer artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: combine-net-installer | |
| path: installer/combine-net-installer.run | |
| retention-days: 5 | |
| - name: Make installer with release version | |
| run: | | |
| cd installer | |
| ./make-combine-installer.sh $(git describe --tags --abbrev=0) --debug | |
| shell: bash | |
| - name: Show size of installer files | |
| run: | | |
| cd installer | |
| du -sh * | |
| shell: bash | |
| make_readme: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on | |
| # configuring harden-runner and identifying allowed endpoints. | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| esm.ubuntu.com:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| s3.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443 | |
| sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 2 | |
| - name: Detect changes to installer README | |
| id: changed-readme | |
| run: | | |
| if git diff --name-only HEAD~1.. | grep -q "^installer/README.md$"; then | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y pandoc weasyprint | |
| shell: bash | |
| - name: Generate README PDF | |
| run: | | |
| cd installer | |
| pandoc --pdf-engine=weasyprint --metadata title="The Combine Installation Instructions" README.md -o README.pdf | |
| shell: bash | |
| - name: Configure AWS credentials | |
| if: steps.changed-readme.outputs.changed == 'true' && github.event_name == 'push' | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
| - name: Upload README to S3 | |
| if: steps.changed-readme.outputs.changed == 'true' && github.event_name == 'push' | |
| run: | | |
| aws s3 cp installer/README.pdf s3://software.thecombine.app/README.pdf --content-type application/pdf | |
| shell: bash | |
| upload_net_installer: | |
| needs: make_installer | |
| runs-on: ubuntu-latest | |
| steps: | |
| # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on | |
| # configuring harden-runner and identifying allowed endpoints. | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| esm.ubuntu.com:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| s3.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443 | |
| sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 2 | |
| - name: Detect changes to installer scripts | |
| id: changed-installer | |
| run: | | |
| paths="^installer/make-combine-installer.sh$|^deploy/.*\.sh$|^deploy/.*\.ya?ml$" | |
| if git diff --name-only HEAD~1.. | grep -Eq "$paths"; then | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| - name: Download net-installer artifact | |
| if: steps.changed-installer.outputs.changed == 'true' && github.event_name == 'push' | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: combine-net-installer | |
| path: installer/ | |
| - name: Configure AWS credentials | |
| if: steps.changed-installer.outputs.changed == 'true' && github.event_name == 'push' | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
| - name: Upload net-installer to S3 | |
| if: steps.changed-installer.outputs.changed == 'true' && github.event_name == 'push' | |
| run: | | |
| aws s3 cp installer/combine-net-installer.run s3://software.thecombine.app/combine-net-installer.run --content-type application/octet-stream | |
| shell: bash |