-
Notifications
You must be signed in to change notification settings - Fork 719
executable file
·99 lines (86 loc) · 3.31 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: Build
on:
pull_request:
branches:
- dev-v*
- release-v*
jobs:
build:
name: Validate
runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
container: registry.suse.com/bci/bci-base:latest
permissions:
contents: read
id-token: write
steps:
- name: Install Dependencies
continue-on-error: false
env:
GH_VERSION: 2.63.2
YQ_VERSION: "v4.44.2"
run: |
echo "installing docker jq git make go awk through zypper"
zypper --non-interactive install docker jq git make go awk
echo "installing gh"
mkdir -p /tmp/gh
curl -fsL https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz | tar xvzf - --strip-components=1 -C /tmp/gh
mv /tmp/gh/bin/gh /usr/bin/gh
chmod +x /usr/bin/gh
echo "installing yq"
curl -fsL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq
chmod +x /usr/bin/yq
echo "yq version:"
yq --version
- name: Load Secrets from Vault
continue-on-error: true
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD;
- name: actions/checkout@v4
continue-on-error: false
uses: actions/checkout@v4
- name: Git Checkout PR and into new branch
continue-on-error: false
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "git global configuration"
git config --global --add safe.directory "$PWD"
echo $PATH >> $GITHUB_PATH
echo "checkout the PR"
gh pr checkout ${{ github.event.pull_request.number }}
echo "checkout into a new branch for safety"
git checkout -b staging-pr-workflow
- name: Pull scripts
continue-on-error: false
run: make pull-scripts
- name: Check release.yaml format with yq
continue-on-error: false
run: make check-release-yaml
- name: Release PR Validation Chekpoints
continue-on-error: false
if: contains(github.base_ref, 'release-v')
run: make validate-release-charts BRANCH=${{ github.event.pull_request.base.ref }} GH_TOKEN=${{ secrets.GITHUB_TOKEN }} PR_NUMBER=${{ github.event.pull_request.number }}
- name: Validate index.yaml Vs assets/ dir
continue-on-error: false
run: |
echo "github.base_ref: ${{ github.base_ref }}"
if [[ "${{ github.base_ref }}" == *release-v* ]]; then
echo "Validating remote release branch"
make validate remote=true
else
echo "Validating local branch"
make validate
fi
- name: Check Images
continue-on-error: false
env:
DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
run: make check-images
- name: Check RC's
continue-on-error: false
if: contains(github.base_ref, 'release-v')
run: make check-rc