diff --git a/.github/workflows/build.yaml b/.github/workflows/build-and-publish.yaml similarity index 64% rename from .github/workflows/build.yaml rename to .github/workflows/build-and-publish.yaml index 346eea4..bf423b3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build-and-publish.yaml @@ -1,4 +1,4 @@ -name: Build Training +name: Dagger Techlab Puzzle Build and Publish permissions: contents: read @@ -9,6 +9,9 @@ permissions: on: pull_request: workflow_dispatch: + push: + branches: + - main env: REGISTRY: ghcr.io @@ -18,6 +21,7 @@ env: NAMESPACE: pitc-cicd-dagger-techlab-test TRAINING_VERSION: ${{ github.sha }} PR_ENV_URL: https://dagger-techlab-pr-${{ github.event.pull_request.number }}.ocp.cloudscale.puzzle.ch + IMAGE_TAG: ${{ github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) }} jobs: lint: @@ -46,9 +50,12 @@ jobs: - name: Lint Markdown run: npm ci && npm run mdlint - build_and_push: + + build_push_image: runs-on: ubuntu-latest needs: lint + outputs: + digest: ${{ steps.build-push.outputs.digest }} steps: - name: Checkout Repository uses: actions/checkout@v4 @@ -64,36 +71,73 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push Docker pr image - id: build-and-push + - name: Push Docker image + id: build-push uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile push: true tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} cache-from: type=gha cache-to: type=gha,mode=max + + sign_image: + runs-on: ubuntu-latest + needs: build_push_image + outputs: + digest: ${{ needs.build_push_image.outputs.digest }} + steps: + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Install cosign uses: sigstore/cosign-installer@v3.8.2 with: cosign-release: 'v2.2.4' - name: Sign Docker image with cosign env: - TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} + TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + DIGEST: ${{ needs.build_push_image.outputs.digest }} run: | COSIGN_EXPERIMENTAL=1 cosign sign --yes ${TAG}@${DIGEST} + + verify_image: + runs-on: ubuntu-latest + needs: sign_image + outputs: + digest: ${{ needs.sign_image.outputs.digest }} + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + sparse-checkout: | + scripts + sparse-checkout-cone-mode: false + fetch-depth: 0 + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install cosign + uses: sigstore/cosign-installer@v3.8.2 + with: + cosign-release: 'v2.2.4' - name: Verify Docker image with cosign env: - TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} + TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + DIGEST: ${{ needs.sign_image.outputs.digest }} run: bash ./scripts/verify_cosign.sh deploy: runs-on: ubuntu-latest - needs: build_and_push + needs: verify_image env: KUBE_CONFIG_PATH: '$HOME/.kube' KUBE_CONFIG_FILENAME: 'config' @@ -125,7 +169,7 @@ jobs: comment: runs-on: ubuntu-latest - needs: deploy + needs: verify_image steps: - name: Comment PR Environments in PR uses: marocchino/sticky-pull-request-comment@v2 @@ -133,4 +177,5 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: | 🚀 PR Environment: [Open Deployment](${{ env.PR_ENV_URL }}) - 🖋️ Image Digest: `${{ steps.build-and-push.outputs.digest }}` \ No newline at end of file + 🏷️ Image Tag: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}` + 🖋️ Image Digest: `${{ needs.verify_image.outputs.digest }}` \ No newline at end of file diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml index 3013b65..78570f3 100644 --- a/.github/workflows/pr-cleanup.yaml +++ b/.github/workflows/pr-cleanup.yaml @@ -17,15 +17,20 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: - submodules: recursive + sparse-checkout: | + scripts + sparse-checkout-cone-mode: false + - name: Install Helm uses: azure/setup-helm@v4 with: version: 'latest' + - name: Install Kubectl uses: azure/setup-kubectl@v4 with: version: 'latest' + - name: Create KUBECONFIG env: KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST_AV2 }}' diff --git a/.github/workflows/push-main.yaml b/.github/workflows/push-main.yaml deleted file mode 100644 index 350c0aa..0000000 --- a/.github/workflows/push-main.yaml +++ /dev/null @@ -1,98 +0,0 @@ -name: Publish Main Version - -on: - push: - branches: - - main - -env: - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - -jobs: - build: - runs-on: ubuntu-latest - env: - KUBE_CONFIG_PATH: '$HOME/.kube' - KUBE_CONFIG_FILENAME: 'config' - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Set up npm for linting - uses: actions/setup-node@v4 - with: - node-version: 'latest' - - - name: Lint Markdown - run: npm ci && npm run mdlint - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and Push Latest version - id: build-and-push - uses: docker/build-push-action@v6 - with: - context: . - file: ./Dockerfile - push: true - tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: 'Install Helm' - uses: azure/setup-helm@v4 - with: - version: 'latest' - - - name: Install Kubectl - uses: azure/setup-kubectl@v4 - with: - version: 'latest' - - - name: Create KUBECONFIG - env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG_PROD_AV2 }}' - run: bash ./scripts/create_kubeconfig.sh - - - name: Deploy Helm Release - env: - TRAINING_HELM_RELEASE: 'latest' - TRAINING_NAMESPACE: 'pitc-cicd-dagger-techlab-prod' - TRAINING_VERSION: '${{ github.sha }}' - run: | - helm upgrade $TRAINING_HELM_RELEASE acend-training-chart --install --wait \ - --kubeconfig "$KUBE_CONFIG_PATH/$KUBE_CONFIG_FILENAME" \ - --namespace=$TRAINING_NAMESPACE \ - --set=app.name=$HELM_RELEASE \ - --set=app.version=$TRAINING_VERSION \ - --repo=https://acend.github.io/helm-charts/ \ - --values=helm-chart/values.yaml \ - --set-string=acendTraining.deployments[0].ingress.labels.public=true \ - --atomic - - - name: Redeploy Deployments - env: - TRAINING_HELM_RELEASE: 'latest' - TRAINING_HELM_NAME: 'dagger-techlab-puzzle' - TRAINING_NAMESPACE: 'pitc-cicd-dagger-techlab-prod' - run: | - kubectl rollout restart deployment/${TRAINING_HELM_RELEASE}-${TRAINING_HELM_NAME} \ - --kubeconfig "$KUBE_CONFIG_PATH/$KUBE_CONFIG_FILENAME" \ - --namespace $TRAINING_NAMESPACE diff --git a/scripts/deploy_helm_release.sh b/scripts/deploy_helm_release.sh index 0df5348..9642c7c 100755 --- a/scripts/deploy_helm_release.sh +++ b/scripts/deploy_helm_release.sh @@ -1,4 +1,3 @@ - #!/bin/bash set -euo pipefail @@ -20,7 +19,6 @@ helm upgrade "$HELM_RELEASE" acend-training-chart \ --set=app.version="$TRAINING_VERSION" \ --repo=https://acend.github.io/helm-charts/ \ --values=helm-chart/values.yaml \ - --set-string=acendTraining.deployments[0].ingress.labels.public=true \ --atomic echo "✅ Helm release '$HELM_RELEASE' deployed successfully." \ No newline at end of file diff --git a/scripts/redeploy_deployment.sh b/scripts/redeploy_deployment.sh index 0fe4b51..fe76510 100755 --- a/scripts/redeploy_deployment.sh +++ b/scripts/redeploy_deployment.sh @@ -16,4 +16,4 @@ kubectl rollout restart deployment/"$DEPLOYMENT_NAME" \ --kubeconfig "$KUBE_CONFIG_PATH/$KUBE_CONFIG_FILENAME" \ --namespace "$NAMESPACE" -echo "✅ Deployment '$DEPLOYMENT_NAME' restarted successfully." \ No newline at end of file +echo "✅ Deployment '$DEPLOYMENT_NAME' restarted successfully."