Skip to content
Build and Publish Container Image

Add deploy-operator-postgres.sh script for automated PostgreSQL datastore deployment with HashiCorp Vault integration #206

Sign in to view logs

Add deploy-operator-postgres.sh script for automated PostgreSQL datastore deployment with HashiCorp Vault integration

Add deploy-operator-postgres.sh script for automated PostgreSQL datastore deployment with HashiCorp Vault integration #206

Workflow file for this run

.github/workflows/build-and-publish.yml at 7814d1d
---
name: Build and Publish Container Image
on:
push:
branches: [main, develop]
tags: ['v*']
pull_request:
branches: [main, develop]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
continue-on-error: true
id: cache-cargo
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/Cargo.toml') }}
restore-keys: |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}-
${{ runner.os }}-cargo-
- name: Pre-fetch dependencies
run: |
# Download dependencies without interfering with existing source
cargo fetch --locked
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr,prefix=pr-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,prefix={{branch}}-,enable={{is_default_branch}}
type=sha,prefix=pr-{{number}}-,enable=${{ github.event_name == 'pull_request' }}
- name: Extract version from Cargo.toml
id: extract_version
uses: ./.github/actions/extract-version
- name: Build container image (status check)
run: |
docker buildx build \
--platform ${{ startsWith(github.ref, 'refs/tags/v') && 'linux/amd64,linux/arm64' || 'linux/amd64' }} \
--cache-from type=gha \
--cache-to type=gha,mode=max \
--build-arg VERSION=${{ steps.extract_version.outputs.cargo_version }} \
--tag temp-build-check \
.
publish:
runs-on: ubuntu-latest
needs: build
if: startsWith(github.ref, 'refs/tags/v')
permissions:
contents: write
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version from Cargo.toml
id: extract_version
uses: ./.github/actions/extract-version
# Check for version mismatch and emit warning instead of failing
# NOTE: The automatic version sync step that used to follow this check is now DISABLED
# due to main branch protection requiring all changes to go through Pull Requests.
# Version mismatches will be detected and warned about, but not automatically fixed.
- name: Check version consistency (warning only)
id: version_check
run: |
TAG_VERSION=${GITHUB_REF#refs/tags/v}
CARGO_VERSION=${{ steps.extract_version.outputs.cargo_version }}
echo "Git tag version: $TAG_VERSION"
echo "Cargo.toml version: $CARGO_VERSION"
if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
echo "⚠️ Version mismatch detected!"
echo "Git tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
echo "❌ AUTOMATIC SYNC DISABLED: Please manually update Cargo.toml via Pull Request"
echo "version_mismatch=true" >> $GITHUB_OUTPUT
echo "tag_version=$TAG_VERSION" >> $GITHUB_OUTPUT
else
echo "✅ Version consistency validated: $CARGO_VERSION"
echo "version_mismatch=false" >> $GITHUB_OUTPUT
echo "tag_version=$TAG_VERSION" >> $GITHUB_OUTPUT
fi
# DISABLED: Automatically sync Cargo.toml version to match Git tag when there's a mismatch
# This step is currently disabled because direct commits to the main branch are prohibited
# due to branch protection rules that require all changes to go through Pull Requests.
#
# The automated push to main (git push origin main) fails because:
# - Main branch protection requires PR reviews
# - Direct commits are not allowed, even from GitHub Actions
#
# FUTURE ENHANCEMENT:
# Consider creating a separate release workflow that:
# 1. Detects version mismatches during tag creation
# 2. Opens a Pull Request to update Cargo.toml version
# 3. Automatically merges the PR after CI validation
# 4. Re-triggers the build after version sync
#
# The code below is preserved for easy re-enablement once a proper
# PR-based version sync mechanism is implemented.
#
# - name: Sync Cargo.toml version with Git tag
# if: steps.version_check.outputs.version_mismatch == 'true'
# run: |
# TAG_VERSION=${{ steps.version_check.outputs.tag_version }}
# echo "🔄 Syncing Cargo.toml version to match Git tag: $TAG_VERSION"
#
# # Configure git for the automated commit
# git config --local user.email "action@github.com"
# git config --local user.name "GitHub Action"
#
# # Update the version field in Cargo.toml in the current working directory
# sed -i "s/^version = \".*\"/version = \"$TAG_VERSION\"/" Cargo.toml
#
# # Verify the change
# NEW_VERSION=$(grep '^version\s*=\s*"' Cargo.toml | sed 's/.*"\([^"]*\)".*/\1/')
# echo "Updated Cargo.toml version to: $NEW_VERSION"
#
# # Fetch the main branch and create a temporary branch for the commit
# git fetch origin main:main
# git checkout main
#
# # Apply the same change to main branch
# sed -i "s/^version = \".*\"/version = \"$TAG_VERSION\"/" Cargo.toml
#
# # Commit and push the version sync to main
# git add Cargo.toml
# git commit -m "chore: sync Cargo.toml version to $TAG_VERSION for release"
# git push origin main
#
# # Return to the tag for the build process
# git checkout ${GITHUB_REF#refs/tags/}
#
# # Ensure our working directory has the updated version for the build
# sed -i "s/^version = \".*\"/version = \"$TAG_VERSION\"/" Cargo.toml
#
# echo "✅ Successfully synced and committed Cargo.toml version update"
# DISABLED: Re-extract version after sync (part of disabled version sync functionality)
# This step was used to re-extract the version after the automated sync step above.
# Since the sync step is disabled, this step is also commented out.
#
# - name: Re-extract version from Cargo.toml
# if: steps.version_check.outputs.version_mismatch == 'true'
# id: extract_version_updated
# uses: ./.github/actions/extract-version
# Set the final version to use for Docker build
# Since the version sync step is disabled, we always use the original extracted version
# When version sync is re-enabled, this logic should be updated to handle synced versions
- name: Set final version for build
id: final_version
run: |
# ORIGINAL LOGIC (when sync was enabled):
# if [ "${{ steps.version_check.outputs.version_mismatch }}" = "true" ]; then
# FINAL_VERSION="${{ steps.extract_version_updated.outputs.cargo_version }}"
# echo "Using synced version: $FINAL_VERSION"
# else
# FINAL_VERSION="${{ steps.extract_version.outputs.cargo_version }}"
# echo "Using original version: $FINAL_VERSION"
# fi
# CURRENT LOGIC (sync disabled - always use original version):
FINAL_VERSION="${{ steps.extract_version.outputs.cargo_version }}"
echo "Using original Cargo.toml version: $FINAL_VERSION"
# Warn if there's a version mismatch since sync is disabled
if [ "${{ steps.version_check.outputs.version_mismatch }}" = "true" ]; then
echo "⚠️ WARNING: Version mismatch detected but sync is disabled!"
echo "Git tag version: ${{ steps.version_check.outputs.tag_version }}"
echo "Cargo.toml version: $FINAL_VERSION"
echo "Consider manually updating Cargo.toml or re-enabling the sync mechanism via PR."
fi
echo "version=$FINAL_VERSION" >> $GITHUB_OUTPUT
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest
- name: Build and push container image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=gha
cache-to: |
type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
VERSION=${{ steps.final_version.outputs.version }}
- name: Generate build summary
run: |
echo "## Container Image Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "🎉 Successfully built and published container image!" \
>> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Image Details" >> $GITHUB_STEP_SUMMARY
echo "- **Registry**: \`${{ env.REGISTRY }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "- **Repository**: \`${{ env.IMAGE_NAME }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "- **Version**: \`${{ steps.final_version.outputs.version }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "- **Tags**: \`${{ steps.meta.outputs.tags }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Usage" >> $GITHUB_STEP_SUMMARY
echo "Pull the image:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
echo "docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" \
>> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Minikube Deployment" >> $GITHUB_STEP_SUMMARY
echo "Use with Minikube:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
echo "export IMAGE_REGISTRY=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" \
>> $GITHUB_STEP_SUMMARY
echo "make minikube-deploy-registry" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY