Allow traffic to GitHub API (take II) #76
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Helm Chart | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| env: | |
| PYTHON_VERSION: '3.9' | |
| HELM_VERSION: v3.11.2 | |
| ARTIFACT_REGISTRY: europe-north1-docker.pkg.dev | |
| ARTIFACT_REPO: nais-io/nais/feature | |
| SERVICE_ACCOUNT: [email protected] | |
| jobs: | |
| meta: | |
| name: Metadata | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| name: ${{ steps.name.outputs.name }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - id: version | |
| run: echo "version=$(date +'%Y%m%d')-$(git rev-parse --short HEAD)" >> ${GITHUB_OUTPUT} | |
| - id: name | |
| run: echo "name=${{ github.event.repository.name }}" >> ${GITHUB_OUTPUT} | |
| - name: Update Chart.yaml | |
| run: | | |
| sed -i "s/^version:.*$/version: ${{ steps.version.outputs.version }}/g" ./charts/${{ steps.name.outputs.name }}/Chart.yaml | |
| sed -i "s/^appVersion:.*$/appVersion: ${{ steps.version.outputs.version }}/g" ./charts/${{ steps.name.outputs.name }}/Chart.yaml | |
| cat ./charts/${{ steps.name.outputs.name }}/Chart.yaml | |
| - name: Update values.yaml | |
| run: | | |
| sed -i "s/^ tag:.*$/ tag: ${{ steps.version.outputs.version }}/g" ./charts/${{ steps.name.outputs.name }}/values.yaml | |
| cat ./charts/${{ steps.name.outputs.name }}/values.yaml | |
| - name: Save Chart Metadata | |
| uses: actions/[email protected] | |
| with: | |
| name: chart-metadata | |
| path: | | |
| ./charts/${{ steps.name.outputs.name }}/Chart.yaml | |
| ./charts/${{ steps.name.outputs.name }}/values.yaml | |
| lint-test: | |
| name: Lint and test | |
| runs-on: ubuntu-latest | |
| needs: meta | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Restore Chart Metadata | |
| uses: actions/[email protected] | |
| with: | |
| name: chart-metadata | |
| path: ./charts/${{ needs.meta.outputs.name }} | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v3 | |
| with: | |
| version: ${{ env.HELM_VERSION }} | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| check-latest: true | |
| - name: Set up chart-testing | |
| uses: helm/[email protected] | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Run chart-testing (lint) | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct lint --target-branch ${{github.event.repository.default_branch }} | |
| # - name: Create kind cluster | |
| # if: steps.list-changed.outputs.changed == 'true' | |
| # uses: helm/[email protected] | |
| # - name: Run chart-testing (install) | |
| # if: steps.list-changed.outputs.changed == 'true' | |
| # run: | | |
| # helm install bifrost ./charts/bifrost --wait | |
| # ct install --charts ./charts/bifrost --target-branch ${{ github.event.repository.default_branch }} | |
| push: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| name: Build and push | |
| runs-on: ubuntu-latest | |
| needs: [meta, lint-test] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Restore Chart Metadata | |
| uses: actions/[email protected] | |
| with: | |
| name: chart-metadata | |
| path: ./charts/${{ needs.meta.outputs.name }} | |
| - id: auth | |
| if: github.actor != 'dependabot[bot]' | |
| name: Authenticate to Google Cloud | |
| uses: google-github-actions/[email protected] | |
| with: | |
| workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ env.SERVICE_ACCOUNT }} | |
| token_format: access_token | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: Log in to Google Artifact Registry | |
| if: github.actor != 'dependabot[bot]' | |
| run: | | |
| echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://${{ env.ARTIFACT_REGISTRY }} | |
| - uses: azure/setup-helm@v3 | |
| name: Setup Helm | |
| with: | |
| version: ${{ env.HELM_VERSION }} | |
| - name: Build Charts | |
| run: | | |
| helm package ./charts/${{ needs.meta.outputs.name }} -d ./charts | |
| - name: Push Chart | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: | | |
| helm push ./charts/*.tgz oci://${{ env.ARTIFACT_REGISTRY }}/${{ env.ARTIFACT_REPO }} |