chore: use global registry and update svc account name #857

Workflow file for this run

.github/workflows/publish.yaml at 2829eaa

	name: Release
	on:
	push:
	branches:
	- main
	jobs:
	semantic-release:
	runs-on: ubuntu-latest
	outputs:
	release-version: ${{ steps.semantic.outputs.release-version }}
	new-release-published: ${{ steps.semantic.outputs.new-release-published }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	token: ${{ secrets.FLANKBOT }}

	- uses: codfish/semantic-release-action@cbd853afe12037afb1306caca9d6b1ab6a58cf2a # v1.10.0
	id: semantic
	with:
	additional_packages: \|
	['@semantic-release/git']
	env:
	GITHUB_TOKEN: ${{ secrets.FLANKBOT }}

	docker:
	needs: semantic-release
	runs-on: ubuntu-latest
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Publish canary-checker-ui to Registry
	uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4
	env:
	APP_DEPLOYMENT: CANARY_CHECKER
	WITHOUT_AUTH: 'true'
	with:
	name: flanksource/canary-checker-ui
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	buildargs: APP_DEPLOYMENT,WITHOUT_AUTH
	snapshot: true
	tags: "latest,v${{ needs.semantic-release.outputs.release-version }}"

	- name: Publish incident-manager-ui to Registry
	uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4
	env:
	APP_DEPLOYMENT: 'INCIDENT_MANAGER'
	WITHOUT_AUTH: 'false'
	with:
	name: flanksource/incident-manager-ui
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	buildargs: APP_DEPLOYMENT,WITHOUT_AUTH
	snapshot: true
	tags: "latest,v${{ needs.semantic-release.outputs.release-version }}"

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }}
	aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-1

	- name: Login to Amazon ECR Public
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Publish canary-checker-ui to ECR Public
	env:
	REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
	REGISTRY_ALIAS: k4y9r6y5
	REPOSITORY: canary-checker-ui
	IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}"
	APP_DEPLOYMENT: CANARY_CHECKER
	WITHOUT_AUTH: 'true'
	run: \|
	docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG .
	docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG

	- name: Publish incident-manager-ui to ECR Public
	env:
	REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
	REGISTRY_ALIAS: k4y9r6y5
	REPOSITORY: incident-manager-ui
	IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}"
	APP_DEPLOYMENT: 'INCIDENT_MANAGER'
	WITHOUT_AUTH: 'false'
	run: \|
	docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG .
	docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG

	helm:
	runs-on: ubuntu-latest
	needs: [semantic-release, docker]
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	- name: Download yq
	run: \|
	wget -nv -nc -O yq https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_linux_amd64
	chmod +x yq
	- name: Update chart version
	run: ./yq -i e '.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Update app version
	run: ./yq -i e '.appVersion = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Update image tags
	run: ./yq -i e '.image.tag = "v${{ needs.semantic-release.outputs.release-version }}"' chart/values.yaml
	- name: Set up Helm
	uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1
	with:
	version: v3.8.0
	- name: Package Helm chart
	run: \|
	helm package ./chart
	- name: Clone charts repo
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	repository: "${{ github.repository_owner }}/charts"
	path: charts
	token: "${{ secrets.FLANKBOT }}"
	- name: Update chart repo
	run: \|
	cd charts
	cp ../flanksource-ui-*.tgz ./
	helm repo index --merge index.yaml .
	- name: Push changes to chart repo
	uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0
	with:
	commit_message: "Release ${{ needs.semantic-release.outputs.release-version }} of ${{ github.repository }}"
	branch: gh-pages
	repository: ./charts

	update-canary-checker:
	runs-on: ubuntu-latest
	needs: [docker, helm, semantic-release]
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	repository: "${{ github.repository_owner }}/canary-checker"
	token: ${{ secrets.FLANKBOT }}
	path: ./canary-checker
	- name: Install yq
	run: \|
	wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - \|\
	tar xz && sudo mv ${BINARY} /usr/bin/yq
	env:
	VERSION: v4.25.1
	BINARY: yq_linux_amd64
	- name: Update flanksource-ui version in canary-checker
	run: \|
	cd canary-checker
	yq eval-all -i '(.dependencies[] \| select(.name == "flanksource-ui")) ref $d \| $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Create pull request
	uses: peter-evans/create-pull-request@v6
	with:
	commit-message: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}"
	token: ${{ secrets.FLANKBOT }}
	title: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}"
	branch: "update-flanksource-ui"
	path: ./canary-checker

	update-incident-commander:
	runs-on: ubuntu-latest
	needs: [docker, helm, semantic-release]
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	repository: "${{ github.repository_owner }}/incident-commander-chart"
	token: ${{ secrets.FLANKBOT }}
	path: ./incident-commander-chart
	- name: Install yq
	run: \|
	wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - \|\
	tar xz && sudo mv ${BINARY} /usr/bin/yq
	env:
	VERSION: v4.25.1
	BINARY: yq_linux_amd64
	- name: Update flanksource-ui version in Incident-commander
	run: \|
	cd incident-commander-chart
	yq eval-all -i '(.dependencies[] \| select(.name == "flanksource-ui")) ref $d \| $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Push changes to chart repo
	uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0
	with:
	commit_message: "chore: update flanksource-ui chart dependency to ${{ needs.semantic-release.outputs.release-version }}"
	repository: ./incident-commander-chart

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: use global registry and update svc account name #857

Workflow file

chore: use global registry and update svc account name #857

Jobs

Run details

Workflow file for this run