Skip to content

Commit 26675af

Browse files
TechassiTechassi
committed
ci: Improve build workflow
1 parent 0fe8b3a commit 26675af

File tree

3 files changed

+217
-484
lines changed

3 files changed

+217
-484
lines changed

.github/workflows/build.yaml

Lines changed: 214 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,214 @@
1+
# =============
2+
# This file is automatically generated from the templates in stackabletech/operator-templating
3+
# DON'T MANUALLY EDIT THIS FILE
4+
# =============
5+
---
6+
# TODO: Template operator name
7+
name: Build Airflow Operator Artifacts
8+
9+
permissions: {}
10+
11+
on:
12+
push:
13+
branches:
14+
- main
15+
tags:
16+
- '[0-9][0-9].[0-9]+.[0-9]+-rc[0-9]+'
17+
- '[0-9][0-9].[0-9]+.[0-9]+'
18+
schedule:
19+
# Run every Saturday morning: https://crontab.guru/#15_3_*_*_6
20+
- cron: '15 3 * * 6'
21+
pull_request:
22+
paths:
23+
- '.github/workflows/build.yaml'
24+
- 'rust-toolchain.toml'
25+
- '.dockerignore'
26+
- 'deploy/**'
27+
- '.cargo/**'
28+
- 'docker/**'
29+
- 'Cargo.*'
30+
- '*.rs'
31+
32+
# These are pretty much all templated
33+
env:
34+
# TODO: Template env var for operator name
35+
OPERATOR_NAME: airflow-operator
36+
RUST_NIGHTLY_TOOLCHAIN_VERSION: "nightly-2025-10-23"
37+
NIX_PKG_MANAGER_VERSION: "2.30.0"
38+
RUST_TOOLCHAIN_VERSION: "1.89.0"
39+
HADOLINT_VERSION: "v2.12.0"
40+
PYTHON_VERSION: "3.13"
41+
CARGO_TERM_COLOR: always
42+
43+
jobs:
44+
cargo-udeps:
45+
name: Run cargo-udeps
46+
runs-on: ubuntu-latest
47+
env:
48+
RUSTC_BOOTSTRAP: 1
49+
steps:
50+
- name: Install host dependencies
51+
uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3
52+
with:
53+
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https
54+
version: ubuntu-latest
55+
56+
- name: Checkout Repository
57+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
58+
with:
59+
persist-credentials: false
60+
submodules: recursive
61+
62+
- name: Install Rust ${{ env.RUST_TOOLCHAIN_VERSION }} toolchain
63+
uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b
64+
with:
65+
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
66+
67+
- name: Setup Rust Cache
68+
uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
69+
with:
70+
cache-all-crates: "true"
71+
key: udeps
72+
73+
- name: Install cargo-udeps
74+
uses: stackabletech/cargo-install-action@8f7dbbcd2ebe22717efc132d0dd61e80841994b9 # cargo-udeps
75+
76+
- name: Run cargo-udeps
77+
run: cargo udeps --workspace --all-targets
78+
79+
build-image:
80+
name: Build/Publish ${{ matrix.runner.arch }} Image
81+
needs:
82+
- cargo-udeps
83+
permissions:
84+
id-token: write
85+
strategy:
86+
fail-fast: false
87+
matrix:
88+
runner:
89+
- { name: "ubuntu-latest", arch: "amd64" }
90+
- { name: "ubicloud-standard-8-arm", arch: "arm64" }
91+
runs-on: ${{ matrix.runner.name }}
92+
outputs:
93+
operator-version: ${{ steps.version.outputs.OPERATOR_VERSION }}
94+
steps:
95+
- name: Install host dependencies
96+
uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3
97+
with:
98+
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https
99+
version: ${{ matrix.runner.name }}
100+
101+
- name: Checkout Repository
102+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
103+
with:
104+
persist-credentials: false
105+
submodules: recursive
106+
107+
- name: Update/Extract Operator Version
108+
id: version
109+
if: github.event_name == 'pull_request'
110+
env:
111+
PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
112+
PR_NUMBER: ${{ github.event.pull_request.number }}
113+
GITHUB_DEBUG: ${{ runner.debug }}
114+
shell: bash
115+
run: |
116+
set -euo pipefail
117+
[ -n "$GITHUB_DEBUG" ] && set -x
118+
119+
CURRENT_VERSION=$(cargo metadata --format-version 1 --no-deps | jq -r '.packages[0].version')
120+
121+
if [ "$PR_BASE_REF" == 'main' ]; then
122+
NEW_VERSION="0.0.0-pr$PR_NUMBER"
123+
else
124+
NEW_VERSION="$CURRENT_VERSION-pr$PR_NUMBER"
125+
fi
126+
127+
sed -i "s/version = \"${CURRENT_VERSION}\"/version = \"${NEW_VERSION}\"/" Cargo.toml
128+
echo "OPERATOR_VERSION=$NEW_VERSION" | tee -a "$GITHUB_OUTPUT"
129+
130+
- name: Install Nix
131+
uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31.5.2
132+
133+
- name: Install Rust ${{ env.RUST_TOOLCHAIN_VERSION }} Toolchain
134+
uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b
135+
with:
136+
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
137+
138+
- name: Build Container Image
139+
id: build
140+
uses: stackabletech/actions/build-container-image@7ffd8c8c5c0378ebeae80f95e2680510d3d1be4c # TODO: Use released image
141+
with:
142+
image-name: ${{ env.OPERATOR_NAME }}
143+
image-index-manifest-tag: ${{ steps.version.outputs.OPERATOR_VERSION }}
144+
build-arguments: VERSION=${{ steps.version.outputs.OPERATOR_VERSION }}
145+
container-file: docker/Dockerfile
146+
147+
- name: Publish Container Image
148+
uses: stackabletech/actions/publish-image@7ffd8c8c5c0378ebeae80f95e2680510d3d1be4c # TODO: Use released image
149+
with:
150+
image-registry-uri: oci.stackable.tech
151+
image-registry-username: robot$sdp+github-action-build
152+
image-registry-password: ${{ secrets.harbor-robot-secret }}
153+
image-repository: sdp/${{ env.OPERATOR_NAME }}
154+
image-manifest-tag: ${{ steps.build.outputs.image-manifest-tag }}
155+
source-image-uri: ${{ steps.build.outputs.image-manifest-uri }}
156+
157+
publish-index-manifest:
158+
name: Publish/Sign ${{ needs.build-image.outputs.operator-version }} Index
159+
needs:
160+
- build-image
161+
permissions:
162+
id-token: write
163+
runs-on: ubuntu-latest
164+
steps:
165+
- name: Publish and Sign Image Index
166+
uses: stackabletech/actions/publish-index-manifest@497f3e3cbfe9b89b1e570351b97d050eebcad5d0 # 0.8.3
167+
with:
168+
image-registry-uri: oci.stackable.tech
169+
image-registry-username: robot$sdp+github-action-build
170+
image-registry-password: ${{ secrets.harbor-robot-secret }}
171+
image-repository: sdp/${{ env.OPERATOR_NAME }}
172+
image-index-manifest-tag: ${{ needs.build-image.outputs.operator-version }}
173+
174+
package-chart:
175+
name: Package/Publish ${{ needs.build-image.outputs.operator-version }} Helm Chart
176+
needs:
177+
- build-image
178+
runs-on: ubuntu-latest
179+
steps:
180+
- name: Checkout Repository
181+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
182+
with:
183+
persist-credentials: false
184+
submodules: recursive
185+
186+
- name: Package, Publish, and Sign Helm Chart
187+
uses: stackabletech/actions/publish-helm-chart@923b9de2c77d2a736035e744c22ab6e5937b4c18 # TODO: Use released version
188+
with:
189+
chart-registry-uri: oci.stackable.tech
190+
chart-registry-username: robot$sdp+github-action-build
191+
chart-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
192+
chart-repository: sdp-charts/${{ env.OPERATOR_NAME }}
193+
chart-directory: deploy/helm/${{ env.OPERATOR_NAME }}
194+
chart-version: ${{ needs.build-image.outputs.operator-version }}
195+
app-version: ${{ needs.build-image.outputs.operator-version }}
196+
197+
openshift-preflight-check:
198+
name: Run OpenShift Preflight Check for ${{ needs.build-image.outputs.operator-version }}-${{ matrix.arch }}
199+
needs:
200+
- build-image
201+
- publish-index-manifest
202+
strategy:
203+
fail-fast: false
204+
matrix:
205+
arch:
206+
- amd64
207+
- arm64
208+
runs-on: ubuntu-latest
209+
steps:
210+
- name: Run OpenShift Preflight Check
211+
uses: stackabletech/actions/run-openshift-preflight@50f31550a09fc10b16892a85edfb75b6f2e448d6 # TODO: Use released version
212+
with:
213+
image-index-uri: oci.stackable.tech/sdp/${{ env.OPERATOR_NAME }}:${{ needs.build-image.outputs.operator-version }}
214+
image-architecture: ${{ matrix.arch }}

0 commit comments

Comments
 (0)