Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add release workflow for kustomize oci image #1379

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: add release workflow for kustomize oci image #1379

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e13b03f
feat: enable certmanager for dis-apim-operator
tjololo Feb 28, 2025
1d2f4ff
fix indentations
tjololo Feb 28, 2025
f8c1f22
rename file to yml
tjololo Feb 28, 2025
88a3ea6
fix tag fetching
tjololo Feb 28, 2025
77fdba5
fix step condition
tjololo Feb 28, 2025
a84d533
fix paths
tjololo Feb 28, 2025
ed9ecf9
replace USERNAME with actor
tjololo Feb 28, 2025
e21ff50
revert changes in kustomization to keep to one change in pr
tjololo Mar 5, 2025
56b0a80
fix filename typo
tjololo Mar 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 86 additions & 0 deletions .github/workflows/dis-apim-kustomize-realease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Build kustomize oci artifact for Dis APIM Operator

env:
ARTIFACT_NAME: kustomize/dis-apim-operator

on:
push:
branches:
- main
paths:
- 'services/dis-apim-operator/config/**'
- '.github/workflows/dis-apim-kustomize-release.yaml'
tags:
- 'kustomize-dis-apim-*'

permissions:
contents: read
packages: write

jobs:
latest:
name: Build latest from main
if: github.ref == 'refs/heads/main'
defaults:
run:
working-directory: ./services/dis-apim-operator/config
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup vars
id: vars
run: |
echo "reponame=${GITHUB_REPOSITORY,,}" >> ${GITHUB_OUTPUT}
- name: Setup flux
uses: fluxcd/flux2/action@3b42b200d376430f0e24d35f1a600447d92da531
with:
version: latest
- name: Build latest artifact
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u USERNAME --password-stdin
container_registry=ghcr.io/${{ steps.vars.outputs.reponame }}
artifact_name=${{ env.ARTIFACT_NAME }}
flux push artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
--provider=generic \
--reproducible \
--path="." \
--source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
flux tag artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
--provider=generic \
--tag latest
release:
name: Build release from tag
if: github.ref == 'refs/tags/kustomize-dis-apim-*'
defaults:
run:
working-directory: ./services/dis-apim-operator/config
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup flux
uses: fluxcd/flux2/action@3b42b200d376430f0e24d35f1a600447d92da531
with:
version: latest
- name: Setup vars
id: vars
run: |
tag=${GITHUB_REF/refs\/tags\/${{ env.ARTIFACT_NAME }}-/}
echo "reponame=${GITHUB_REPOSITORY,,}" >> ${GITHUB_OUTPUT}
echo "tag=${tag}" >> $GITHUB_OUTPUT
- name: Build release artifact
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u USERNAME --password-stdin
container_registry=ghcr.io/${{ steps.vars.outputs.reponame }}
artifact_name=${{ env.ARTIFACT_NAME }}
flux push artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
--provider=generic \
--reproducible \
--path="." \
--source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
flux tag artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
--provider=generic \
--tag ${{ steps.vars.outputs.tag }}
194 changes: 97 additions & 97 deletions services/dis-apim-operator/config/default/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ resources:
# crd/kustomization.yaml
- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
#- ../certmanager
- ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
# [METRICS] Expose the controller manager metrics service.
Expand All @@ -47,68 +47,68 @@ patches:

# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
# Uncomment the following replacements to add the cert-manager CA injection annotations
#replacements:
# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert # This name should match the one in certificate.yaml
# fieldPath: .metadata.namespace # Namespace of the certificate CR
# targets:
# - select:
# kind: ValidatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 0
# create: true
# - source:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert # This name should match the one in certificate.yaml
# fieldPath: .metadata.name
# targets:
# - select:
# kind: ValidatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 1
# create: true
#
# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert # This name should match the one in certificate.yaml
# fieldPath: .metadata.namespace # Namespace of the certificate CR
# targets:
# - select:
# kind: MutatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 0
# create: true
# - source:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert # This name should match the one in certificate.yaml
# fieldPath: .metadata.name
# targets:
# - select:
# kind: MutatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 1
# create: true
replacements:
- source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # This name should match the one in certificate.yaml
fieldPath: .metadata.namespace # Namespace of the certificate CR
targets:
- select:
kind: ValidatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
- source:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # This name should match the one in certificate.yaml
fieldPath: .metadata.name
targets:
- select:
kind: ValidatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 1
create: true

- source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # This name should match the one in certificate.yaml
fieldPath: .metadata.namespace # Namespace of the certificate CR
targets:
- select:
kind: MutatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
- source:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # This name should match the one in certificate.yaml
fieldPath: .metadata.name
targets:
- select:
kind: MutatingWebhookConfiguration
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 1
create: true
#
# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
# kind: Certificate
Expand Down Expand Up @@ -141,37 +141,37 @@ patches:
# index: 1
# create: true
#
# - source: # Uncomment the following block if you enable cert-manager
# kind: Service
# version: v1
# name: webhook-service
# fieldPath: .metadata.name # Name of the service
# targets:
# - select:
# kind: Certificate
# group: cert-manager.io
# version: v1
# fieldPaths:
# - .spec.dnsNames.0
# - .spec.dnsNames.1
# options:
# delimiter: '.'
# index: 0
# create: true
# - source:
# kind: Service
# version: v1
# name: webhook-service
# fieldPath: .metadata.namespace # Namespace of the service
# targets:
# - select:
# kind: Certificate
# group: cert-manager.io
# version: v1
# fieldPaths:
# - .spec.dnsNames.0
# - .spec.dnsNames.1
# options:
# delimiter: '.'
# index: 1
# create: true
- source: # Uncomment the following block if you enable cert-manager
kind: Service
version: v1
name: webhook-service
fieldPath: .metadata.name # Name of the service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
fieldPaths:
- .spec.dnsNames.0
- .spec.dnsNames.1
options:
delimiter: '.'
index: 0
create: true
- source:
kind: Service
version: v1
name: webhook-service
fieldPath: .metadata.namespace # Namespace of the service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
fieldPaths:
- .spec.dnsNames.0
- .spec.dnsNames.1
options:
delimiter: '.'
index: 1
create: true
Loading