test: bulk container release (#172) #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build multiple containers | |
on: | |
pull_request: | |
# Only consider PRs that change files for this asset, including ci scripts | |
paths: | |
- '.github/workflows/flake8.yaml' | |
- '.github/workflows/multi-container-test.yaml' | |
- 'containers/controller/**' | |
- 'containers/trino/**' | |
- 'charts/fizzbuzz/**' | |
# Make sure all workflows that are "required checks" for a given | |
# branch protection rule have the same paths: and branches-ignore: | |
# filters. Otherwise, you can end up in a deadlock waiting on a | |
# required check that will never be executed. | |
push: | |
# Only release off of release and maintenance branches for this asset | |
branches: | |
- 'main' | |
# Only consider pushes that change files for this asset, including ci scripts | |
paths: | |
- '.github/workflows/multi-container-test.yaml' | |
- 'containers/controller/**' | |
- 'containers/trino/**' | |
- 'charts/fizzbuzz/**' | |
permissions: | |
contents: write | |
pull-requests: write | |
actions: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
# Cancel early on pull requests if new commits are added, | |
# Don't cancel on release pushes | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
jobs: | |
# Job name must be unique across repo to target | |
# branch protection rules "required checks" properly! | |
setup: | |
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-repo.yaml@v1.0.0-repo | |
with: | |
job-name: setup | |
release-tag-format: 'v${version}-bulk-release-test' | |
controller-container: | |
needs: setup | |
uses: SwanseaUniversityMedical/workflows/.github/workflows/bulk-pr-and-release-container.yaml@fix/bulk-release-null-info | |
with: | |
job-name: controller-container | |
comment-pr: "true" | |
comment-release: "true" | |
registry: ${{ vars.HARBOR_REGISTRY }} | |
registry-user: ${{ vars.HARBOR_USER }} | |
registry-repo: ${{ vars.HARBOR_PROJECT }}/controller | |
release-info: "" | |
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} | |
build-file: containers/controller/Dockerfile | |
build-context: containers/controller | |
secrets: | |
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
cosign-password: ${{ secrets.COSIGN_PASSWORD }} | |
registry-token: ${{ secrets.HARBOR_TOKEN }} | |
trino-container: | |
needs: setup | |
uses: SwanseaUniversityMedical/workflows/.github/workflows/bulk-pr-and-release-container.yaml@fix/bulk-release-null-info | |
with: | |
job-name: trino-container | |
comment-pr: "true" | |
comment-release: "true" | |
registry: ${{ vars.HARBOR_REGISTRY }} | |
registry-user: ${{ vars.HARBOR_USER }} | |
registry-repo: ${{ vars.HARBOR_PROJECT }}/trino | |
registry-extra-tag-command: >- | |
cat containers/trino/Dockerfile | grep -m 1 "ARG BASE_VERSION=" | cut -d "=" -f 2 | |
release-info: ${{ needs.setup.outputs.release-info }} | |
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} | |
build-file: containers/trino/Dockerfile | |
build-context: containers/trino | |
secrets: | |
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
cosign-password: ${{ secrets.COSIGN_PASSWORD }} | |
registry-token: ${{ secrets.HARBOR_TOKEN }} | |
fizzbuzz-chart: | |
needs: setup | |
uses: SwanseaUniversityMedical/workflows/.github/workflows/bulk-pr-and-release-chart.yaml@fix/bulk-release-null-info | |
with: | |
job-name: fizzbuzz-chart | |
comment-pr: "true" | |
comment-release: "true" | |
registry: ${{ vars.HARBOR_REGISTRY }} | |
registry-user: ${{ vars.HARBOR_USER }} | |
registry-project: ${{ vars.HARBOR_PROJECT }} | |
registry-repo: fizzbuzz | |
release-info: ${{ needs.setup.outputs.release-info }} | |
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} | |
chart: charts/fizzbuzz | |
test-command: | | |
helm template $CHART --debug | |
secrets: | |
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
cosign-password: ${{ secrets.COSIGN_PASSWORD }} | |
registry-token: ${{ secrets.HARBOR_TOKEN }} |