removeme #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# THIS FILE IS GENERATED, PLEASE DO NOT EDIT. | |
# | |
# Copyright 2022 Flant JSC | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
name: Build and test for release branches | |
# On every push to release branches. | |
on: | |
push: | |
branches: | |
- 'release-*' | |
env: | |
# <template: werf_envs> | |
WERF_CHANNEL: "ea" | |
WERF_ENV: "FE" | |
TEST_TIMEOUT: "15m" | |
# Use fixed string 'sys/deckhouse-oss' for repo name. ${CI_PROJECT_PATH} is not available here in GitHub. | |
DEV_REGISTRY_PATH: "${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/sys/deckhouse-oss" | |
# Registry for additional repositories used for testing Github Actions workflows. | |
GHA_TEST_REGISTRY_PATH: "ghcr.io/${{ github.repository }}" | |
# Need for ssh: default. | |
DOCKER_BUILDKIT: "1" | |
WERF_LOG_TERMINAL_WIDTH: "200" | |
# </template: werf_envs> | |
# <template: git_source_envs> | |
# source repo [email protected]:group | |
SOURCE_REPO: "${{secrets.SOURCE_REPO_GIT}}" | |
# cloud providers source repo should contain creds for repo for ex https://user:[email protected]/group | |
CLOUD_PROVIDERS_SOURCE_REPO: "${{secrets.CLOUD_PROVIDERS_SOURCE_REPO}}" | |
GOPROXY: "${{secrets.GOPROXY}}" | |
# observability source repo should contain creds for repo for ex https://user:[email protected]/group | |
OBSERVABILITY_SOURCE_REPO: "${{secrets.OBSERVABILITY_SOURCE_REPO}}" | |
# Next two are required for accessing the stronghold repo during d8 cli builds. | |
# Stronghold pull token should contain CI token with read access to stronghold repos. | |
STRONGHOLD_PULL_TOKEN: "${{secrets.STRONGHOLD_PULL_TOKEN}}" | |
# deckhouse private repo should contain the host address of proprietary parts of deckhouse ecosystem. Ex repo.my-repo.com | |
DECKHOUSE_PRIVATE_REPO: "${{secrets.DECKHOUSE_PRIVATE_REPO}}" | |
# </template: git_source_envs> | |
# Cancel in-progress jobs for the same branch. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# <template: git_info_job> | |
git_info: | |
name: Get git info | |
runs-on: ubuntu-latest | |
outputs: | |
ci_commit_tag: ${{ steps.git_info.outputs.ci_commit_tag }} | |
ci_commit_branch: ${{ steps.git_info.outputs.ci_commit_branch }} | |
ci_commit_ref_name: ${{ steps.git_info.outputs.ci_commit_ref_name }} | |
ci_commit_ref_slug: ${{ steps.git_info.outputs.ci_commit_ref_slug }} | |
ref_full: ${{ steps.git_info.outputs.ref_full }} | |
github_sha: ${{ steps.git_info.outputs.github_sha }} | |
pr_number: ${{ steps.git_info.outputs.pr_number }} | |
# Skip the CI for automation PRs, e.g. changelog | |
if: ${{ github.event.pull_request.user.login != 'deckhouse-BOaTswain' }} | |
steps: | |
- id: git_info | |
name: Get tag name and SHA | |
uses: actions/[email protected] | |
with: | |
script: | | |
const { GITHUB_REF_TYPE, GITHUB_REF_NAME, GITHUB_REF } = process.env | |
let refSlug = '' | |
let refName = '' | |
let refFull = '' | |
let githubBranch = '' | |
let githubTag = '' | |
let githubSHA = '' | |
let prNumber = '' | |
if (context.eventName === "workflow_dispatch" && context.payload.inputs && context.payload.inputs.pull_request_ref) { | |
// Trigger: workflow_dispatch with pull_request_ref. | |
// Extract pull request number from 'refs/pull/<NUM>/merge' | |
prNumber = context.payload.inputs.pull_request_ref.replace('refs/pull/', '').replace('/merge', '').replace('/head', '') | |
refSlug = `pr${prNumber}` | |
refName = context.payload.inputs.ci_commit_ref_name | |
refFull = context.payload.inputs.pull_request_ref | |
githubBranch = refName | |
githubSHA = context.payload.inputs.pull_request_sha | |
core.info(`workflow_dispatch event: set git info from inputs. inputs: ${JSON.stringify(context.payload.inputs)}`) | |
} else if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) { | |
// For PRs from forks, tag images with `prXXX` to avoid clashes between branches. | |
const targetRepo = context.payload.repository.full_name; | |
const prRepo = context.payload.pull_request.head.repo.full_name | |
const prRef = context.payload.pull_request.head.ref | |
refSlug = `pr${context.issue.number}`; | |
refName = (prRepo === targetRepo) ? prRef : refSlug; | |
refFull = `refs/pull/${context.issue.number}/head` | |
githubBranch = refName | |
githubSHA = context.payload.pull_request.head.sha | |
core.info(`pull request event: set git info from pull_request.head. pr:${prRepo}:${prRef} target:${targetRepo}:${context.ref}`) | |
prNumber = context.issue.number | |
} else { | |
// Other triggers: workflow_dispatch without pull_request_ref, schedule, push... | |
// refName is 'main' or tag name, so slugification is not necessary. | |
refSlug = GITHUB_REF_NAME | |
refName = GITHUB_REF_NAME | |
refFull = GITHUB_REF | |
githubTag = GITHUB_REF_TYPE == "tag" ? refName : "" | |
githubBranch = GITHUB_REF_TYPE == "branch" ? refName : "" | |
githubSHA = context.sha | |
core.info(`${context.eventName} event: set git info from context: ${JSON.stringify({GITHUB_REF_NAME, GITHUB_REF_TYPE, sha: context.sha })}`) | |
} | |
core.setCommandEcho(true) | |
core.setOutput('ci_commit_ref_slug', refSlug) | |
core.setOutput('ci_commit_ref_name', refName) | |
core.setOutput(`ci_commit_tag`, githubTag) | |
core.setOutput(`ci_commit_branch`, githubBranch) | |
core.setOutput(`ref_full`, refFull) | |
core.setOutput('github_sha', githubSHA) | |
core.setOutput('pr_number', prNumber) | |
core.setCommandEcho(false) | |
# </template: git_info_job> | |
go_generate: | |
name: Go Generate | |
needs: | |
- git_info | |
# <template: go_generate_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
# </template: checkout_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.23' | |
- name: Run go generate | |
run: | | |
(cd tools && go generate) | |
(cd modules/500-upmeter/hooks/smokemini/internal/snapshot && go generate) | |
- name: Check generated code | |
run: | | |
git diff --exit-code | |
# </template: go_generate_template> | |
workflow_render: | |
name: Render workflow | |
needs: | |
- git_info | |
# <template: workflow_render_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
# </template: checkout_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
- name: Render GitHub workflow | |
run: | | |
cd .github | |
./render-workflows.sh | |
- name: Check rendered files | |
run: | | |
git diff --exit-code | |
# </template: workflow_render_template> | |
build_deckhouse: | |
name: Build Deckhouse FE | |
needs: | |
- git_info | |
- go_generate | |
- workflow_render | |
env: | |
WERF_ENV: "FE" | |
# <template: build_template> | |
runs-on: [self-hosted, test] | |
outputs: | |
tests_image_name: ${{ steps.build.outputs.tests_image_name }} | |
steps: | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
# <template: login_git_step> | |
- name: Start ssh-agent | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: | | |
${{secrets.SOURCE_REPO_SSH_KEY}} | |
- name: Add ssh_known_hosts | |
run: | | |
HOST=$(grep -oP '(?<=@)[^/:]+' <<< ${{secrets.SOURCE_REPO_GIT}}) | |
echo "::add-mask::$HOST" | |
IPS=$(nslookup "$HOST" | awk '/^Address: / { print $2 }') | |
for IP in $IPS; do | |
echo "::add-mask::$IP" | |
done | |
mkdir -p ~/.ssh | |
touch ~/.ssh/known_hosts | |
HOST_KEYS=$(ssh-keyscan -H "$HOST" 2>/dev/null) | |
while IFS= read -r KEY_LINE; do | |
CONSTANT_PART=$(awk '{print $2, $3}' <<< "$KEY_LINE") | |
if ! grep -q "$CONSTANT_PART" ~/.ssh/known_hosts; then | |
echo "$KEY_LINE" >> ~/.ssh/known_hosts | |
fi | |
done <<< "$HOST_KEYS" | |
# </template: login_git_step> | |
- name: Build and push deckhouse images | |
id: build | |
env: | |
DECKHOUSE_REGISTRY_HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
CI_COMMIT_TAG: ${{needs.git_info.outputs.ci_commit_tag}} | |
CI_COMMIT_BRANCH: ${{needs.git_info.outputs.ci_commit_branch}} | |
CI_COMMIT_REF_NAME: ${{needs.git_info.outputs.ci_commit_ref_name}} | |
CI_COMMIT_REF_SLUG: ${{needs.git_info.outputs.ci_commit_ref_slug}} | |
run: | | |
# Extract REPO_SUFFIX from repository name: trim prefix 'deckhouse/deckhouse-'. | |
REPO_SUFFIX=${GITHUB_REPOSITORY#deckhouse/deckhouse-} | |
if [[ $REPO_SUFFIX == $GITHUB_REPOSITORY ]] ; then | |
# REPO_SUFFIX should be empty for main repo 'deckhouse/deckhouse'. | |
REPO_SUFFIX= | |
fi | |
# Put tags on produced images and push to dev and release repositories. | |
# | |
# There are 2 modes: "dev" and "release". | |
# The "dev" mode builds branches only: | |
# - Build using dev-registry as primary and deckhouse registry as secondary. | |
# - Push dev and dev/install images with prNUM tags and push to dev-registry. | |
# The "release" mode builds branches and tags: | |
# - Build using dev-registry as primary and deckhouse registry as secondary. | |
# - Push dev and dev/install images to dev-registry with tag equal to a branch name (main or release-X.Y). | |
# - Build using deckhouse registry as primary and dev-registry as secondary. | |
# - Push dev, dev/install and release-channel-version images to deckhouse registry with tag equels to a Git tag. | |
# SRC_NAME is a name of image from werf.yaml. | |
# SRC is a source image name (stage name from werf build report). | |
# DST is an image name for docker push. | |
function pull_push_rmi() { | |
SRC_NAME=$1 | |
SRC=$2 | |
DST=$3 | |
echo "⚓️ 📥 [$(date -u)] Pull '${SRC_NAME}' image as ${SRC}." | |
docker pull ${SRC} | |
echo "⚓️ 🏷 [$(date -u)] Tag '${SRC_NAME}' image as ${DST}." | |
docker image tag ${SRC} ${DST} | |
echo "⚓️ 📤 [$(date -u)] Push '${SRC_NAME}' image as ${DST}." | |
docker image push ${DST} | |
echo "⚓️ 🧹 [$(date -u)] Remove local tag for '${SRC_NAME}'." | |
docker image rmi ${DST} || true; | |
} | |
if [[ -n "${DEV_REGISTRY_PATH}" ]]; then export WERF_REPO="${DEV_REGISTRY_PATH}"; fi | |
type werf && source $(werf ci-env github --verbose --as-file) | |
# CE/EE/FE -> ce/ee/fe | |
REGISTRY_SUFFIX=$(echo ${WERF_ENV} | tr '[:upper:]' '[:lower:]') | |
#temporary: move temp dir | |
TEMP_WORKDIR="$(dirname "${{github.workspace}}")/${{github.run_id}}-$REGISTRY_SUFFIX" | |
mkdir -p "$TEMP_WORKDIR" | |
# Registry path to publish images for Git branches. | |
BRANCH_REGISTRY_PATH= | |
# Registry path to publish images for Git tags. | |
SEMVER_REGISTRY_PATH= | |
if [[ -n ${DECKHOUSE_REGISTRY_HOST:-} ]] ; then | |
# Build using dev-registry as primary repo and prod registry as secondary (ro) repo. | |
# This build will put stages to "dev" registry. If "dev" registry is empty, existing stages are copied from prod registry. | |
SECONDARY_REPO="--cache-repo ${DECKHOUSE_REGISTRY_HOST}/deckhouse/${REGISTRY_SUFFIX}" | |
if [[ -n "${CI_COMMIT_BRANCH}" && ! "${CI_COMMIT_BRANCH}" =~ ^(main|release-.+)$ ]]; then | |
SECONDARY_REPO= | |
fi | |
werf build \ | |
${SECONDARY_REPO} \ | |
--parallel=true --parallel-tasks-limit=5 \ | |
--save-build-report=true \ | |
--tmp-dir="$TEMP_WORKDIR" \ | |
--build-report-path images_tags_werf.json | |
BRANCH_REGISTRY_PATH="${DEV_REGISTRY_PATH}" | |
SEMVER_REGISTRY_PATH="${DECKHOUSE_REGISTRY_HOST}/deckhouse" | |
else | |
# DECKHOUSE_REGISTRY_HOST is empty, so this repo is not the main repo. | |
# Build using dev-registry as a single primary repo and push: | |
# - branches to Dev registry to run e2e tests. | |
# - semver tags to Github Container Registry for testing release process. | |
werf build \ | |
--parallel=true --parallel-tasks-limit=5 \ | |
--save-build-report=true \ | |
--tmp-dir="$TEMP_WORKDIR" \ | |
--build-report-path images_tags_werf.json | |
BRANCH_REGISTRY_PATH="${DEV_REGISTRY_PATH}" | |
SEMVER_REGISTRY_PATH="${GHA_TEST_REGISTRY_PATH}" | |
echo "⚓️ 🧪 [$(date -u)] DECKHOUSE_REGISTRY_HOST is empty. Publish to Github Container Registry '${PROD_REGISTRY_PATH}'" | |
fi | |
cp images_tags_werf.json "$TEMP_WORKDIR" | |
# Publish images for Git branch. | |
if [[ -n "${CI_COMMIT_BRANCH}" ]]; then | |
# Add edition name for non-FE builds | |
if [[ -n ${WERF_ENV} && ${WERF_ENV,,} != "fe" ]]; then | |
IMAGE_EDITION=${WERF_ENV,,} | |
fi | |
# CI_COMMIT_REF_SLUG is a 'prNUM' for dev branches or 'main' for default branch. | |
# Use it as image tag. Add suffix to not overlap with PRs in main repo. | |
IMAGE_TAG=${CI_COMMIT_REF_SLUG}${IMAGE_EDITION:+-${IMAGE_EDITION}}${REPO_SUFFIX:+-${REPO_SUFFIX}} | |
echo "⚓️ 💫 [$(date -u)] Publish images to dev-registry for branch '${CI_COMMIT_BRANCH}' and edition '${WERF_ENV}' using tag '${IMAGE_TAG}' ..." | |
echo "⚓️ 💫 [$(date -u)] Publish 'dev' image to dev-registry using tag ${IMAGE_TAG}". | |
DECKHOUSE_IMAGE_SRC="$(jq -r '.Images."dev".DockerImageName' images_tags_werf.json)" | |
DECKHOUSE_IMAGE=${BRANCH_REGISTRY_PATH}:${IMAGE_TAG} | |
pull_push_rmi 'dev' ${DECKHOUSE_IMAGE_SRC} ${DECKHOUSE_IMAGE} | |
echo "⚓️ 💫 [$(date -u)] Publish 'dev/install' image to dev-registry using tag ${IMAGE_TAG}". | |
INSTALL_IMAGE_SRC="$(jq -r '.Images."dev/install".DockerImageName' images_tags_werf.json)" | |
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/install:${IMAGE_TAG} | |
pull_push_rmi 'dev/install' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE} | |
echo "⚓️ 💫 [$(date -u)] Publish 'dev/install-standalone' image to dev-registry using tag ${IMAGE_TAG}". | |
INSTALL_IMAGE_SRC="$(jq -r '.Images."dev/install-standalone".DockerImageName' images_tags_werf.json)" | |
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/install-standalone:${IMAGE_TAG} | |
pull_push_rmi 'dev/install-standalone' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE} | |
echo "⚓️ 💫 [$(date -u)] Publish 'e2e-terraform' image to dev-registry using tag ${IMAGE_TAG}". | |
INSTALL_IMAGE_SRC="$(jq -r '.Images."e2e-terraform".DockerImageName' images_tags_werf.json)" | |
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/e2e-terraform:${IMAGE_TAG} | |
pull_push_rmi 'e2e-terraform' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE} | |
fi | |
# Save 'tests' image name to pass it as output for 'tests' jobs. | |
TESTS_IMAGE_NAME="$(jq -r '.Images."tests".DockerImageName' images_tags_werf.json)" | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
# Encode as gzip+base64 to evade github's SecretMasker error: "Skip output since it may contain secret". | |
echo "tests_image_name=$(echo ${TESTS_IMAGE_NAME} | gzip | base64 -w0)" >> $GITHUB_OUTPUT | |
- name: Cleanup | |
if: ${{ always() }} | |
run: | | |
rm -f images_tags_werf.json | |
# </template: build_template> | |
doc_web_build: | |
name: Doc web build | |
# Wait for success build of modules. | |
if: ${{ github.repository == 'deckhouse/deckhouse' }} | |
needs: | |
- git_info | |
# <template: web_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run doc web build | |
uses: werf/actions/build@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
env: | |
WERF_DIR: "docs/documentation" | |
WERF_LOG_VERBOSE: "on" | |
WERF_ENV: "EE" | |
WERF_REPO: "${{ steps.check_rw_registry.outputs.web_registry_path }}" | |
WERF_SECONDARY_REPO: "${{ steps.check_dev_registry.outputs.web_registry_path }}" | |
# </template: web_build_template> | |
main_web_build: | |
name: Main web build | |
if: ${{ github.repository == 'deckhouse/deckhouse' }} | |
# Wait for success build of modules. | |
needs: | |
- git_info | |
# <template: web_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
- name: Run main web build | |
uses: werf/actions/build@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
env: | |
WERF_DIR: "docs/site" | |
WERF_LOG_VERBOSE: "on" | |
WERF_ENV: "EE" | |
DOC_API_KEY: "${{secrets.DOC_API_KEY}}" | |
DOC_API_URL: "${{vars.DOC_API_URL}}" | |
WERF_REPO: "${{ steps.check_dev_registry.outputs.web_registry_path }}" | |
# </template: web_build_template> | |
tests: | |
name: Tests | |
needs: | |
- git_info | |
# <template: tests_before_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.23.1-bullseye@sha256:a24507d1a36fce86431198a979435dadb187e8d0ce0b5c181f46d6788d84a40f" | |
run: | | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-controller tests-modules | |
# </template: tests_before_build_template> | |
tests_python_webhooks: | |
name: Tests python webhooks | |
needs: | |
- git_info | |
# <template: tests_webhooks_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
- name: Run python webhook tests | |
run: | | |
make tests-webhooks | |
# </template: tests_webhooks_template> | |
matrix_tests: | |
name: Matrix tests | |
needs: | |
- git_info | |
# <template: tests_before_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.23.1-bullseye@sha256:a24507d1a36fce86431198a979435dadb187e8d0ce0b5c181f46d6788d84a40f" | |
run: | | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg -v ~/deckhouse-bin-cache:/deckhouse/bin ${TESTS_IMAGE_NAME} make tests-matrix | |
# </template: tests_before_build_template> | |
dhctl_tests: | |
name: Dhctl Tests | |
needs: | |
- git_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse/dhctl -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make ci | |
# </template: tests_template> | |
golangci_lint: | |
name: GolangCI Lint | |
needs: | |
- git_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} sh -c "go generate tools/register.go && GOGC=50 GOFLAGS=\"-buildvcs=false\" golangci-lint run" | |
# </template: tests_template> | |
openapi_test_cases: | |
name: OpenAPI Test Cases | |
needs: | |
- git_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -v ${{github.workspace}}:/deckhouse -w /deckhouse -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} ginkgo -vet=off ./testing/openapi_cases/ | |
# </template: tests_template> | |
web_links_test: | |
name: Web links test | |
if: ${{ github.repository == 'deckhouse/deckhouse' }} | |
needs: | |
- git_info | |
- doc_web_build | |
- main_web_build | |
continue-on-error: true | |
# <template: web_links_test_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
- name: Prepare site structure | |
env: | |
DOC_API_KEY: "${{secrets.DOC_API_KEY}}" | |
DOC_API_URL: "${{vars.DOC_API_URL}}" | |
WERF_ENV: "EE" | |
WEB_REGISTRY_PATH: ${{steps.check_rw_registry.outputs.web_registry_path}} | |
run: | | |
type werf | |
werf version | |
BASEDIR=$(pwd)/docs | |
_TMPDIR=$(mktemp -d -t -p ${BASEDIR}) | |
# Save TMPDIR to clean it later. | |
echo "_TMPDIR=$_TMPDIR" >> ${GITHUB_ENV} | |
echo "_TMPDIR=$_TMPDIR" | |
export WERF_REPO="${WEB_REGISTRY_PATH}" | |
echo -n 'use werf_repo ' | |
echo $WERF_REPO | tr 'a-z' 'A-Z' | |
# Extract site content to the tmp directory. | |
export WERF_DIR=$BASEDIR/site | |
echo "Use werf_dir $WERF_DIR" | |
type werf && source $(werf ci-env github --verbose --as-file) | |
echo "werf stage image web-backend:" | |
werf stage image web-backend | tr 'a-z' 'A-Z' | |
echo "Run 'docker pull' from werf stage image web-backend" | |
docker pull $(werf stage image web-backend) || true | |
echo "werf stage image web-frontend:" | |
werf stage image web-frontend | tr 'a-z' 'A-Z' | |
echo "Run 'docker pull' from werf stage image web-frontend" | |
docker pull $(werf stage image web-frontend) || true | |
echo "Run 'docker cp' from werf stage image web-backend" | |
docker cp $(docker create --rm $(werf stage image web-backend)):/app/root ${_TMPDIR}/backend | |
echo "Run 'docker cp' from werf stage image web-frontend" | |
docker cp $(docker create --rm $(werf stage image web-frontend)):/app ${_TMPDIR}/frontend | |
# Extract documentation content to the tmp directory. | |
export WERF_DIR=$BASEDIR/documentation | |
type werf && source $(werf ci-env github --verbose --as-file) | |
echo "werf stage image docs/web:" | |
werf stage image web | tr 'a-z' 'A-Z' | |
echo "Run 'docker pull' from werf stage image docs/web" | |
docker pull $(werf stage image docs/web) | |
echo "Run 'docker cp' from werf stage image docs/web" | |
docker cp $(docker create --rm $(werf stage image docs/web)):/app ${_TMPDIR}/documentation | |
# Create EN site structure. | |
echo "Create site structure in '${_TMPDIR}/site_en/'" | |
mkdir -p ${_TMPDIR}/site_en/ ${_TMPDIR}/site_ru/ | |
touch ${_TMPDIR}/site_en/index.html ${_TMPDIR}/site_ru/index.html | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' --exclude='includes/header.html' ${_TMPDIR}/frontend/ ${_TMPDIR}/site_en/ | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' --exclude='includes/header.html' ${_TMPDIR}/frontend/ ${_TMPDIR}/site_ru/ | |
# | |
rsync -a ${_TMPDIR}/frontend/en/ ${_TMPDIR}/site_en/ | |
rsync -a ${_TMPDIR}/frontend/ru/ ${_TMPDIR}/site_ru/ | |
# | |
rsync -a --exclude='includes/header.html' ${_TMPDIR}/backend/en/ ${_TMPDIR}/site_en/ | |
rsync -a --exclude='includes/header.html' ${_TMPDIR}/backend/ru/ ${_TMPDIR}/site_ru/ | |
# | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' ${_TMPDIR}/documentation/ ${_TMPDIR}/site_en/documentation/ | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' ${_TMPDIR}/documentation/ ${_TMPDIR}/site_ru/documentation/ | |
rsync -a ${_TMPDIR}/documentation/en/ ${_TMPDIR}/site_en/documentation/ | |
rsync -a ${_TMPDIR}/documentation/ru/ ${_TMPDIR}/site_ru/documentation/ | |
# | |
rsync -a ${_TMPDIR}/documentation/{assets,css,images,js} ${_TMPDIR}/site_en/documentation | |
rsync -a ${_TMPDIR}/documentation/{assets,css,images,js} ${_TMPDIR}/site_ru/documentation | |
- name: Check links with html-proofer (EN) | |
run: | | |
# Do not exit on html-proofer error. | |
set +e | |
# Checking EN site | |
docker run --rm -v "${_TMPDIR}/site_en:/src:ro" klakegg/html-proofer:3.19.2 \ | |
--allow-hash-href --check-html --empty-alt-ignore \ | |
--url-ignore "/alerts.html/,/^\/(?!(gs\/|documentation\/|guides\/))/,/localhost/,/https\:\/\/t.me/,/docs-prv\.pcisecuritystandards\.org/,/gitlab.com\/profile/,/dash.cloudflare.com\/profile/,/example.com/,/vmware.com/,/.slack.com/,/habr.com/,/flant.ru/,/bcrypt-generator.com/,/candi\/bashible\/bashbooster/,/..\/..\/compare\//,/compare\/ru\//,/compare\/en\//,/\.yml$/,/\.yaml$/,/\.tmpl$/,/\.tpl$/" \ | |
--url-swap "https\:\/\/deckhouse.io\/:/,\/products\/kubernetes-platform\/documentation\/v1\/:/documentation/,\/products\/kubernetes-platform\/documentation\/latest\/:/documentation/,\/documentation\/v1\/:/documentation/" \ | |
--file_ignore "404.html,./documentation/alerts.html" \ | |
--http-status-ignore "0,429" ${1} | |
# Emulate 'allow_failure: true' from Gitlab. Github has only two state: success and failure. | |
exit 0 | |
- name: Check links with html-proofer (RU) | |
run: | | |
# Do not exit on html-proofer error. | |
set +e | |
# Checking RU site | |
docker run --rm -v "${_TMPDIR}/site_ru:/src:ro" klakegg/html-proofer:3.19.2 \ | |
--allow-hash-href --check-html --empty-alt-ignore \ | |
--url-ignore "/alerts.html/,/^\/(?!(gs\/|documentation\/|guides\/))/,/localhost/,/https\:\/\/t.me/,/docs-prv\.pcisecuritystandards\.org/,/gitlab.com\/profile/,/dash.cloudflare.com\/profile/,/example.com/,/vmware.com/,/.slack.com/,/habr.com/,/flant.ru/,/bcrypt-generator.com/,/candi\/bashible\/bashbooster/,/..\/..\/compare\//,/compare\/ru\//,/compare\/en\//,/\.yml$/,/\.yaml$/,/\.tmpl$/,/\.tpl$/" \ | |
--url-swap "https\:\/\/deckhouse.io\/:/,\/products\/kubernetes-platform\/documentation\/v1\/:/documentation/,\/products\/kubernetes-platform\/documentation\/latest\/:/documentation/,\/documentation\/v1\/:/documentation/" \ | |
--file_ignore "404.html,./documentation/alerts.html" \ | |
--http-status-ignore "0,429" ${1} | |
# Emulate 'allow_failure: true' from Gitlab. Github has only two state: success and failure. | |
exit 0 | |
- name: Clean TMPDIR | |
if: always() | |
run: | | |
if [[ -n $_TMPDIR ]] ; then | |
rm -rf $_TMPDIR | |
fi | |
# </template: web_links_test_template> | |
validators: | |
name: Validators | |
needs: | |
- git_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} go test -tags=validation -run Validation -timeout=${{env.TEST_TIMEOUT}} ./testing/... | |
# </template: tests_template> | |
deploy_release_doc_prod_sel: | |
name: (Prod) Deploy release documentation | |
needs: | |
- git_info | |
- doc_web_build | |
if: ${{ startsWith(needs.git_info.outputs.ci_commit_ref_name, 'release-') && github.repository == 'deckhouse/deckhouse' }} | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: doc_release_version_template> | |
- name: Set documentation version | |
env: | |
CI_COMMIT_REF_NAME: ${{needs.git_info.outputs.ci_commit_ref_name}} | |
run: | | |
echo "DOC_VERSION=${CI_COMMIT_REF_NAME/release-/v}" >> $GITHUB_ENV | |
# </template: doc_release_version_template> | |
# <template: deploy_doc_template> | |
- name: Deploy documentation to preproduction | |
uses: werf/actions/converge@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
kube-config-base64-data: "${{ secrets.KUBECONFIG_BASE64_PROD_SEL }}" | |
env: web-production | |
env: | |
WERF_REPO: ${{ steps.check_readonly_registry.outputs.web_registry_path }} | |
WERF_DIR: "docs/documentation" | |
WERF_RELEASE: "deckhouse-doc-${{ env.DOC_VERSION }}" | |
WERF_NAMESPACE: deckhouse-web-production | |
WERF_SET_DOC_VERSION: "global.doc_version=${{ env.DOC_VERSION }}" | |
WERF_SET_URL: "global.url=deckhouse.io" | |
WERF_SET_URL_RU: "global.url_ru=deckhouse.ru" | |
WERF_SET_WEB_ENV: "web.env=web-production" | |
WERF_SET_DCNAME: "web.dc_name=prod-sel" | |
# </template: deploy_doc_template> | |
# <template: update_comment_on_finish> | |
- name: Update comment on finish | |
id: update_comment_on_finish | |
if: ${{ always() && github.event_name == 'workflow_dispatch' && !!github.event.inputs.issue_number }} | |
env: | |
NEEDS_CONTEXT: ${{ toJSON(needs) }} | |
JOB_CONTEXT: ${{ toJSON(job) }} | |
STEPS_CONTEXT: ${{ toJSON(steps) }} | |
uses: actions/[email protected] | |
with: | |
github-token: ${{secrets.BOATSWAIN_GITHUB_TOKEN}} | |
retries: 3 | |
script: | | |
const statusConfig = 'job,one-line'; | |
const name = '(Prod) Deploy release documentation'; | |
const needsContext = JSON.parse(process.env.NEEDS_CONTEXT); | |
const jobContext = JSON.parse(process.env.JOB_CONTEXT); | |
const stepsContext = JSON.parse(process.env.STEPS_CONTEXT); | |
let jobNames = null | |
if (process.env.JOB_NAMES) { | |
jobNames = JSON.parse(process.env.JOB_NAMES); | |
} | |
core.info(`needsContext: ${JSON.stringify(needsContext)}`); | |
core.info(`jobContext: ${JSON.stringify(jobContext)}`); | |
core.info(`stepsContext: ${JSON.stringify(stepsContext)}`); | |
core.info(`jobNames: ${JSON.stringify(jobNames)}`); | |
const ci = require('./.github/scripts/js/ci'); | |
return await ci.updateCommentOnFinish({github, context, core, statusConfig, name, needsContext, jobContext, stepsContext, jobNames}); | |
# </template: update_comment_on_finish> | |
deploy_release_doc_stage: | |
name: (Stage) Deploy release documentation | |
needs: | |
- git_info | |
- doc_web_build | |
if: ${{ startsWith(needs.git_info.outputs.ci_commit_ref_name, 'release-') && github.repository == 'deckhouse/deckhouse' }} | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: doc_release_version_template> | |
- name: Set documentation version | |
env: | |
CI_COMMIT_REF_NAME: ${{needs.git_info.outputs.ci_commit_ref_name}} | |
run: | | |
echo "DOC_VERSION=${CI_COMMIT_REF_NAME/release-/v}" >> $GITHUB_ENV | |
# </template: doc_release_version_template> | |
# <template: deploy_doc_template> | |
- name: Deploy documentation to stage | |
uses: werf/actions/converge@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
kube-config-base64-data: "${{ secrets.KUBECONFIG_BASE64_DEV }}" | |
env: web-stage | |
env: | |
WERF_REPO: ${{ steps.check_dev_registry.outputs.web_registry_path }} | |
WERF_DIR: "docs/documentation" | |
WERF_RELEASE: "deckhouse-doc-${{ env.DOC_VERSION }}" | |
WERF_NAMESPACE: deckhouse-web-stage | |
WERF_SET_DOC_VERSION: "global.doc_version=${{ env.DOC_VERSION }}" | |
WERF_SET_URL: "global.url=deckhouse.stage.flant.com" | |
WERF_SET_URL_RU: "global.url_ru=deckhouse.ru.stage.flant.com" | |
WERF_SET_WEB_ENV: "web.env=web-stage" | |
WERF_SET_DCNAME: "web.dc_name=dev" | |
# </template: deploy_doc_template> | |
# <template: update_comment_on_finish> | |
- name: Update comment on finish | |
id: update_comment_on_finish | |
if: ${{ always() && github.event_name == 'workflow_dispatch' && !!github.event.inputs.issue_number }} | |
env: | |
NEEDS_CONTEXT: ${{ toJSON(needs) }} | |
JOB_CONTEXT: ${{ toJSON(job) }} | |
STEPS_CONTEXT: ${{ toJSON(steps) }} | |
uses: actions/[email protected] | |
with: | |
github-token: ${{secrets.BOATSWAIN_GITHUB_TOKEN}} | |
retries: 3 | |
script: | | |
const statusConfig = 'job,one-line'; | |
const name = '(Stage) Deploy release documentation'; | |
const needsContext = JSON.parse(process.env.NEEDS_CONTEXT); | |
const jobContext = JSON.parse(process.env.JOB_CONTEXT); | |
const stepsContext = JSON.parse(process.env.STEPS_CONTEXT); | |
let jobNames = null | |
if (process.env.JOB_NAMES) { | |
jobNames = JSON.parse(process.env.JOB_NAMES); | |
} | |
core.info(`needsContext: ${JSON.stringify(needsContext)}`); | |
core.info(`jobContext: ${JSON.stringify(jobContext)}`); | |
core.info(`stepsContext: ${JSON.stringify(stepsContext)}`); | |
core.info(`jobNames: ${JSON.stringify(jobNames)}`); | |
const ci = require('./.github/scripts/js/ci'); | |
return await ci.updateCommentOnFinish({github, context, core, statusConfig, name, needsContext, jobContext, stepsContext, jobNames}); | |
# </template: update_comment_on_finish> |