Build and Bundle Jfrog Helm chart #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Bundle Jfrog Helm chart | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| workflow_dispatch: | |
| inputs: | |
| chart_version: | |
| description: 'Build number to use for the build metadata' | |
| required: true | |
| default: '0.0.0' | |
| env: | |
| JF_PROJECT: ecosystem | |
| JF_REPO: ecosystem-helm-dev-local | |
| CHART_NAME: 'aerospike-vector-search' | |
| jobs: | |
| setup: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| chart_version: ${{ steps.version.outputs.chart_version }} | |
| steps: | |
| - name: Determine Version | |
| id: version | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| CHART_VERSION=${{ github.event.inputs.chart_version }} | |
| elif [[ "${{ github.event_name}}" == "push" ]]; then | |
| TAG=${GITHUB_REF#refs/tags/} | |
| # Remove "v" prefix to get the version | |
| CHART_VERSION=${TAG#v} | |
| else | |
| echo "Unable to determine version" | |
| exit 1 | |
| fi | |
| echo "CHART_VERSION=${CHART_VERSION}" >> $GITHUB_ENV | |
| echo "chart_version=${CHART_VERSION}" >> $GITHUB_OUTPUT | |
| build-chart: | |
| runs-on: ubuntu-20.04 | |
| needs: setup | |
| steps: | |
| - name: Checkout current repository | |
| uses: actions/checkout@v4 | |
| - name: setup GPG | |
| uses: aerospike/shared-workflows/devops/setup-gpg@af875da2c1956bc5848705de17c4998a0fad7b77 # v0.2.0 | |
| with: | |
| gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} | |
| gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} | |
| gpg-key-pass: ${{ secrets.GPG_PASS }} | |
| gpg-key-name: "aerospike-inc" | |
| - name: setup jfrog | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: https://aerospike.jfrog.io | |
| JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
| JF_PROJECT: ${{ env.JF_PROJECT }} | |
| - name: Set Helm Chart Version | |
| uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd | |
| with: | |
| cmd: yq e -i '.version = "${{ needs.setup.outputs.chart_version }}"' charts/$CHART_NAME/Chart.yaml | |
| - name: "Sign and publish build to JFrog" | |
| env: | |
| GPG_TTY: no-tty | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} | |
| run: | | |
| cd charts | |
| gpg --export --no-tty --passphrase "$GPG_PASSPHRASE" > ~/.gnupg/pubring.gpg | |
| gpg --export-secret-keys --no-tty --passphrase "$GPG_PASSPHRASE">~/.gnupg/secring.gpg | |
| echo $GPG_PASSPHRASE > passphrase.txt | |
| helm --sign --key='aerospike-inc' --keyring='/home/runner/.gnupg/secring.gpg' --passphrase-file passphrase.txt package $CHART_NAME | |
| find . | |
| jf rt u "${{env.CHART_NAME}}-${{needs.setup.outputs.chart_version}}.tgz*" "${{env.JF_REPO}}/${{env.CHART_NAME}}/${{needs.setup.outputs.chart_version}}/" \ | |
| --build-name="${{env.CHART_NAME}}-helm" --build-number="${{needs.setup.outputs.chart_version}}" --project="${{env.JF_PROJECT}}" | |
| jf rt build-collect-env "${{env.CHART_NAME}}-helm" "${{needs.setup.outputs.chart_version}}" | |
| jf rt build-add-git "${{env.CHART_NAME}}-helm" "${{needs.setup.outputs.chart_version}}" | |
| jf rt build-publish "${{env.CHART_NAME}}-helm" "${{needs.setup.outputs.chart_version}}" --project="${{env.JF_PROJECT}}" | |
| build-init-container: | |
| needs: | |
| - setup | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: 'Git checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 | |
| with: | |
| platforms: all | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
| - name: setup jfrog | |
| uses: jfrog/setup-jfrog-cli@f748a0599171a192a2668afee8d0497f7c1069df # v4.5.6 | |
| env: | |
| JF_URL: https://aerospike.jfrog.io | |
| JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
| JF_PROJECT: ${{ env.JF_PROJECT }} | |
| - name: Login to Artifact Aerospike Docker Registry | |
| run: | | |
| jf docker login artifact.aerospike.io --username ${{ vars.JF_USERNAME }} --password ${{ secrets.JF_ACCESS_TOKEN }} | |
| env: | |
| JFROG_CLI_OFFER_CONFIG: 'false' | |
| - name: Configure JFrog CLI | |
| run: | | |
| jf c add \ | |
| --url https://artifact.aerospike.io/ \ | |
| --user ${{ vars.JF_USERNAME }} \ | |
| --access-token ${{ secrets.JF_ACCESS_TOKEN }} \ | |
| artifact | |
| jf c use artifact | |
| env: | |
| JFROG_CLI_OFFER_CONFIG: 'false' | |
| # Init container uses chart's version | |
| - name: Build and Push Docker Image | |
| run: | | |
| jf docker buildx bake \ | |
| --set avs-init-container.tags=artifact.aerospike.io/${{ env.JF_PROJECT }}-container-dev-local/avs-init-container:${{ needs.setup.outputs.chart_version }} \ | |
| --file avs-init-container/bake.hcl \ | |
| --push \ | |
| --metadata-file=build-metadata | |
| env: | |
| DOCKER_BUILDKIT: '1' | |
| - name: Install jq | |
| run: sudo apt-get update && sudo apt-get install -y jq | |
| - name: Extract Image Name and Digest | |
| run: | | |
| jq -r '.[] | {digest: .["containerimage.digest"], names: .["image.name"] | split(",")} | "(.digest)"' build-metadata > sha | |
| echo artifact.aerospike.io/${{ env.JF_PROJECT }}-container-dev-local/avs-init-container:${{ needs.setup.outputs.chart_version }}@$(cat sha) > meta-info | |
| echo artifact.aerospike.io/${{ env.JF_PROJECT }}-container-dev-local/avs-init-container:${{ needs.setup.outputs.chart_version }}@$(cat sha) > meta-info-latest | |
| - name: Create Docker Build Info | |
| run: | | |
| jf rt build-docker-create \ | |
| --build-name "avs-init-container" \ | |
| --build-number "${{ needs.setup.outputs.chart_version }}" \ | |
| --image-file ./meta-info \ | |
| --project ${{env.JF_PROJECT}} \ | |
| ${{env.JF_PROJECT}}-container-dev-local | |
| - name: Publish Build Info | |
| run: | | |
| export JFROG_CLI_LOG_LEVEL=DEBUG | |
| jf rt build-collect-env --project ${{env.JF_PROJECT}} "avs-init-container" "${{ needs.setup.outputs.chart_version }}" | |
| jf rt build-add-git --project ${{env.JF_PROJECT}} "avs-init-container" "${{ needs.setup.outputs.chart_version }}" | |
| jf rt build-publish \ | |
| --detailed-summary \ | |
| --project ${{env.JF_PROJECT}} \ | |
| "avs-init-container" "${{ needs.setup.outputs.chart_version }}" | |
| create-release-bundle: | |
| needs: | |
| - build-chart | |
| - build-init-container | |
| - setup | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: setup jfrog | |
| uses: jfrog/setup-jfrog-cli@f748a0599171a192a2668afee8d0497f7c1069df # v4.5.6 | |
| env: | |
| JF_URL: https://aerospike.jfrog.io | |
| JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
| JF_PROJECT: ${{ env.JF_PROJECT }} | |
| - name: Create release bundle | |
| run: | | |
| echo '{ | |
| "name": "${{ env.CHART_NAME }}-helm", | |
| "version": "${{ needs.setup.outputs.chart_version }}", | |
| "files": [ | |
| { | |
| "project": "${{ env.JF_PROJECT }}", | |
| "build": "${{ env.CHART_NAME }}-helm/${{ needs.setup.outputs.chart_version }}" | |
| }, | |
| { | |
| "project": "${{ env.JF_PROJECT }}", | |
| "build": "avs-init-container/${{ needs.setup.outputs.chart_version }}" | |
| } | |
| ] | |
| }' > release-bundle-spec.json | |
| cat release-bundle-spec.json | |
| jf release-bundle-create "${{ env.CHART_NAME }}-helm" "${{ needs.setup.outputs.chart_version }}" \ | |
| --spec release-bundle-spec.json --project="${{ env.JF_PROJECT }}" --signing-key="aerospike" |