-
Notifications
You must be signed in to change notification settings - Fork 4.9k
133 lines (130 loc) · 6.37 KB
/
cd-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
name: '[CI/CD] CD Pipeline'
run-name: "${{ format('[CI/CD] CD Publish {0}',github.event.workflow_run.display_title) }}"
on: # rebuild any PRs and main branch changes
workflow_run:
workflows:
- '\[CI/CD\] CD Prepare'
types:
- 'completed'
# Remove all permissions by default.
permissions: {}
env:
CSP_API_URL: https://console.cloud.vmware.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
jobs:
get-metadata:
runs-on: ubuntu-latest
name: Get modified containers path
permissions:
actions: read
if: ${{ github.event.workflow_run.conclusion == 'success' }}
outputs:
packages_json_url: ${{ steps.get-artifacts.outputs.packages_json_url }}
containers: ${{ steps.get-artifacts.outputs.containers }}
steps:
- id: get-artifacts
name: Get modified containers path
env:
PREPARE_WORKFLOW_ARTIFACTS_URL: ${{ github.event.workflow_run.artifacts_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -sSL -o artifacts.json -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $PREPARE_WORKFLOW_ARTIFACTS_URL
publish_metadata_url="$(jq -r '.artifacts[] | select(.name == "publish-metadata.json") | .archive_download_url' artifacts.json)"
curl -sSL -o publish-metadata.json.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $publish_metadata_url
unzip publish-metadata.json.zip
containers=$(cat publish-metadata.json | jq -c)
packages_json_url="$(jq -r '.artifacts[] | select(.name == "packages.json") | .archive_download_url' artifacts.json)"
echo "packages_json_url=${packages_json_url}" >> $GITHUB_OUTPUT
echo "containers=${containers}" >> $GITHUB_OUTPUT
vib-publish:
runs-on: ubuntu-latest
needs: get-metadata
name: VIB Publish
permissions:
contents: read
strategy:
fail-fast: false
max-parallel: 2
matrix:
container: ${{ fromJSON(needs.get-metadata.outputs.containers) }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
# Full history is not required anymore
with:
ref: ${{ matrix.container.sha }}
fetch-depth: 1
- id: get-registry-credentials
name: Get marketplace's registry credentials
run: |
csp_auth_token=$(curl -s -H 'Content-Type: application/x-www-form-urlencoded' -X POST -d "grant_type=refresh_token&api_token=${{ secrets.PROD_MARKETPLACE_API_TOKEN }}" https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize | jq -re .access_token)
repo_info=$(curl -s -X POST -H "Content-Type: application/json" -H "csp-auth-token:$csp_auth_token" -d '{"withCredentials":true, "storageType":"OCI"}' https://gtw.marketplace.cloud.vmware.com/api/v1/repositories/transient)
marketplace_user=$(echo "$repo_info" | jq -re .response.repodetails.username)
marketplace_passwd=$(echo "$repo_info" | jq -re .response.repodetails.token)
echo "::add-mask::${marketplace_user}"
echo "::add-mask::${marketplace_passwd}"
echo "marketplace_user=${marketplace_user}" >> $GITHUB_OUTPUT
echo "marketplace_passwd=${marketplace_passwd}" >> $GITHUB_OUTPUT
- uses: vmware-labs/vmware-image-builder-action@v0
name: 'Publish ${{ matrix.container.name }}: ${{ matrix.container.tag }}'
with:
pipeline: ${{ matrix.container.dsl_path }}/vib-publish.json
env:
# Path with docker resources
VIB_ENV_PATH: "${{ matrix.container.path }}"
# Container name
VIB_ENV_CONTAINER: "${{ matrix.container.name }}"
VIB_ENV_CONTAINER_URL: "${{ matrix.container.sha_url }}"
VIB_ENV_PACKAGES_JSON_URL: "${{ needs.get-metadata.outputs.packages_json_url }}"
VIB_ENV_APP_VERSION: "${{ matrix.container.app_version }}"
VIB_ENV_OS_FLAVOUR: "${{ matrix.container.os_flavour }}"
VIB_ENV_GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
VIB_ENV_TAG: "${{ matrix.container.tag }}"
VIB_ENV_ROLLING_TAGS: "${{ toJSON(matrix.container.rolling_tags) }}"
VIB_ENV_REGISTRY_URL: "${{ secrets.PROD_MARKETPLACE_REGISTRY_URL }}"
VIB_ENV_REGISTRY_USERNAME: "${{ steps.get-registry-credentials.outputs.marketplace_user }}"
VIB_ENV_REGISTRY_PASSWORD: "${{ steps.get-registry-credentials.outputs.marketplace_passwd }}"
VIB_ENV_BOSSD_RELEASE_ID: "${{ secrets.BOSSD_RELEASE_ID }}"
# If the CD Pipeline does not succeed we should notify the interested agents
slack-notif:
runs-on: ubuntu-latest
needs:
- vib-publish
if: always()
name: Notify unsuccessful CD run
steps:
- name: Notify in Slack channel
if: ${{ needs.vib-publish.result != 'success' }}
uses: slackapi/slack-github-action@v1.23.0
with:
channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }}
payload: |
{
"attachments": [
{
"color": "#CC0000",
"fallback": "Unsuccessful bitnami/containers CD pipeline",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Unsuccessful `bitnami/containers` CD pipeline*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "The CD Pipeline for <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.event.workflow_run.head_commit.id }}|${{ github.repository }}@${{ github.event.workflow_run.head_commit.id }}> and launched by its CD Prepare <${{ github.event.workflow_run.html_url }}|workflow run> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|CD Pipeline run> for more information."
}
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }}