Build Platform Mesh OCM Component (aggregator) #2543
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Platform Mesh OCM Component | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| force_version_upgrade: | |
| description: 'Force version upgrade even without dependency changes' | |
| required: false | |
| default: false | |
| type: boolean | |
| version_increment: | |
| description: 'Version component to increment (only applies when force_version_upgrade is true)' | |
| required: false | |
| default: 'minor' | |
| type: choice | |
| options: | |
| - minor | |
| - major | |
| - patch | |
| release_type: | |
| description: 'Type of release to create (only applies when force_version_upgrade is true)' | |
| required: false | |
| default: 'rc' | |
| type: choice | |
| options: | |
| - rc | |
| - full | |
| schedule: | |
| - cron: '0 * * * *' | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - '.github/workflows/ocm.yaml' | |
| - 'constructor/component-constructor.yaml' | |
| permissions: | |
| packages: write | |
| contents: read | |
| actions: write | |
| concurrency: | |
| group: ocm-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| ocm: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup yq@latest | |
| run: | | |
| if ! command -v yq &>/dev/null | |
| then | |
| mkdir -p /home/runner/.local/bin | |
| wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /home/runner/.local/bin/yq &&\ | |
| chmod +x /home/runner/.local/bin/yq | |
| fi | |
| - name: Check out the repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| - name: setup OCM CLI | |
| run: | | |
| REPO=${repo:=open-component-model/ocm} | |
| if [ -z "$version" -o "$version" == latest ]; then | |
| version="$(basename "$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/$REPO/releases/latest)")" | |
| echo "Selecting latest version: $version" | |
| fi | |
| VERSION=${version#v} | |
| ARCHIVE_FILE="ocm-${VERSION}-linux-amd64.tar.gz" | |
| URL="https://github.com/$REPO/releases/download/v${VERSION}/$ARCHIVE_FILE" | |
| echo "Installing ocm-cli version $version from $REPO" | |
| curl -LsS -o ocm-cli.tgz "$URL" | |
| tar --overwrite -xvzf ocm-cli.tgz >/dev/null | |
| chmod a+x ocm | |
| - name: Write Credentials file | |
| run: | | |
| cat <<EOF > $HOME/.ocmconfig | |
| type: generic.config.ocm.software/v1 | |
| configurations: | |
| - type: credentials.config.ocm.software | |
| consumers: | |
| - identity: | |
| type: OCIRegistry | |
| scheme: https | |
| hostname: ghcr.io | |
| pathprefix: platform-mesh | |
| credentials: | |
| - type: Credentials | |
| properties: | |
| username: github | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| EOF | |
| - name: Get versions | |
| run: | | |
| set -e | |
| echo ACCOUNT_OPERATOR_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/account-operator --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo SECURITY_OPERATOR_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/security-operator --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo EXTENSION_MANAGER_OPERATOR_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/extension-manager-operator --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo INFRA_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/infra --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo REBAC_AUTHZ_WEBHOOK_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/rebac-authz-webhook --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo PORTAL_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/portal --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo PLATFORM_MESH_OPERATOR_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/platform-mesh-operator --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo KEYCLOAK_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/keycloak --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo KUBERNETES_GRAPHQL_GATEWAY_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/kubernetes-graphql-gateway --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo VIRTUAL_WORKSPACES_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/virtual-workspaces --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo PLATFORM_MESH_OPERATOR_COMPONENTS_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/platform-mesh-operator-components --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| echo EXAMPLE_HTTPBIN_OPERATOR_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/example-httpbin-operator --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') >> $GITHUB_ENV | |
| # Get current platform-mesh version | |
| PM_VERSION=$(./ocm get componentversions --latest github.com/platform-mesh/platform-mesh --repo ghcr.io/platform-mesh -o json | jq -r '.items[0].component.version') | |
| PM_VERSION=${PM_VERSION:-0.0.0} | |
| echo CURRENT_PM_VERSION="$PM_VERSION" >> $GITHUB_ENV | |
| # Calculate next version for potential use with release candidate logic | |
| if [[ "$PM_VERSION" =~ -rc\.([0-9]+)$ ]]; then | |
| # Current version is already a release candidate, increment the rc number | |
| RC_NUM=${BASH_REMATCH[1]} | |
| NEW_RC_NUM=$((RC_NUM + 1)) | |
| BASE_VERSION=${PM_VERSION%-rc.*} | |
| NEXT_VERSION="$BASE_VERSION-rc.$NEW_RC_NUM" | |
| else | |
| # Current version is not a release candidate | |
| # Check if force upgrade is requested with specific version increment | |
| if [ "${{ inputs.force_version_upgrade }}" = "true" ]; then | |
| IFS='.' read -r major minor patch <<< "$PM_VERSION" | |
| case "${{ inputs.version_increment }}" in | |
| "major") | |
| major=$((major + 1)) | |
| if [ "${{ inputs.release_type }}" = "full" ]; then | |
| NEXT_VERSION="$major.0.0" | |
| else | |
| NEXT_VERSION="$major.0.0-rc.1" | |
| fi | |
| ;; | |
| "minor") | |
| minor=$((minor + 1)) | |
| if [ "${{ inputs.release_type }}" = "full" ]; then | |
| NEXT_VERSION="$major.$minor.0" | |
| else | |
| NEXT_VERSION="$major.$minor.0-rc.1" | |
| fi | |
| ;; | |
| "patch") | |
| patch=$((patch + 1)) | |
| if [ "${{ inputs.release_type }}" = "full" ]; then | |
| NEXT_VERSION="$major.$minor.$patch" | |
| else | |
| NEXT_VERSION="$major.$minor.$patch-rc.1" | |
| fi | |
| ;; | |
| *) | |
| # Default to minor increment | |
| minor=$((minor + 1)) | |
| if [ "${{ inputs.release_type }}" = "full" ]; then | |
| NEXT_VERSION="$major.$minor.0" | |
| else | |
| NEXT_VERSION="$major.$minor.0-rc.1" | |
| fi | |
| ;; | |
| esac | |
| else | |
| # Default behavior: increment minor version and add -rc.1 | |
| IFS='.' read -r major minor patch <<< "$PM_VERSION" | |
| minor=$((minor + 1)) | |
| NEXT_VERSION="$major.$minor.0-rc.1" | |
| fi | |
| fi | |
| echo NEXT_VERSION="$NEXT_VERSION" >> $GITHUB_ENV | |
| - name: Check if version update needed | |
| id: version_check | |
| run: | | |
| set -e | |
| # Get the latest platform-mesh component descriptor to compare dependencies | |
| ./ocm get componentversions --latest github.com/platform-mesh/platform-mesh --repo ghcr.io/platform-mesh -o yaml > current_pm_component.yaml || echo "No existing platform-mesh component found" | |
| # Extract current dependency versions from the existing component (if it exists) | |
| if [ -f current_pm_component.yaml ] && [ -s current_pm_component.yaml ]; then | |
| CURRENT_ACCOUNT_OPERATOR=$(yq eval '.component.componentReferences[] | select(.name == "account-operator") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_SECURITY_OPERATOR=$(yq eval '.component.componentReferences[] | select(.name == "security-operator") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_EXTENSION_MANAGER_OPERATOR=$(yq eval '.component.componentReferences[] | select(.name == "extension-manager-operator") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_INFRA=$(yq eval '.component.componentReferences[] | select(.name == "infra") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_REBAC_AUTHZ_WEBHOOK=$(yq eval '.component.componentReferences[] | select(.name == "rebac-authz-webhook") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_PORTAL=$(yq eval '.component.componentReferences[] | select(.name == "portal") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_PLATFORM_MESH_OPERATOR=$(yq eval '.component.componentReferences[] | select(.name == "platform-mesh-operator") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_KEYCLOAK=$(yq eval '.component.componentReferences[] | select(.name == "keycloak") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_KUBERNETES_GRAPHQL_GATEWAY=$(yq eval '.component.componentReferences[] | select(.name == "kubernetes-graphql-gateway") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_VIRTUAL_WORKSPACES=$(yq eval '.component.componentReferences[] | select(.name == "virtual-workspaces") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_PLATFORM_MESH_OPERATOR_COMPONENTS=$(yq eval '.component.componentReferences[] | select(.name == "platform-mesh-operator-components") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| CURRENT_EXAMPLE_HTTPBIN_OPERATOR=$(yq eval '.component.componentReferences[] | select(.name == "example-httpbin-operator") | .version' current_pm_component.yaml 2>/dev/null || echo "") | |
| else | |
| # No existing component, so we need to create one | |
| echo "No existing platform-mesh component found, creating initial version" | |
| echo "needs_update=true" >> $GITHUB_OUTPUT | |
| echo "VERSION=${{ env.NEXT_VERSION }}" >> $GITHUB_ENV | |
| exit 0 | |
| fi | |
| # Check if force upgrade is requested | |
| if [ "${{ inputs.force_version_upgrade }}" = "true" ]; then | |
| echo "Force version upgrade requested, creating new version" | |
| echo "Previous platform-mesh version: ${{ env.CURRENT_PM_VERSION }}" | |
| echo "New platform-mesh version: ${{ env.NEXT_VERSION }}" | |
| echo "needs_update=true" >> $GITHUB_OUTPUT | |
| echo "VERSION=${{ env.NEXT_VERSION }}" >> $GITHUB_ENV | |
| exit 0 | |
| fi | |
| # Compare versions to detect changes | |
| NEEDS_UPDATE=false | |
| if [ "$CURRENT_ACCOUNT_OPERATOR" != "${{ env.ACCOUNT_OPERATOR_VERSION }}" ]; then | |
| echo "Account operator: $CURRENT_ACCOUNT_OPERATOR -> ${{ env.ACCOUNT_OPERATOR_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_SECURITY_OPERATOR" != "${{ env.SECURITY_OPERATOR_VERSION }}" ]; then | |
| echo "Security operator: $CURRENT_SECURITY_OPERATOR -> ${{ env.SECURITY_OPERATOR_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_EXTENSION_MANAGER_OPERATOR" != "${{ env.EXTENSION_MANAGER_OPERATOR_VERSION }}" ]; then | |
| echo "Extension manager operator: $CURRENT_EXTENSION_MANAGER_OPERATOR -> ${{ env.EXTENSION_MANAGER_OPERATOR_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_INFRA" != "${{ env.INFRA_VERSION }}" ]; then | |
| echo "Infra: $CURRENT_INFRA -> ${{ env.INFRA_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_REBAC_AUTHZ_WEBHOOK" != "${{ env.REBAC_AUTHZ_WEBHOOK_VERSION }}" ]; then | |
| echo "Rebac authz webhook: $CURRENT_REBAC_AUTHZ_WEBHOOK -> ${{ env.REBAC_AUTHZ_WEBHOOK_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_PORTAL" != "${{ env.PORTAL_VERSION }}" ]; then | |
| echo "Portal: $CURRENT_PORTAL -> ${{ env.PORTAL_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_PLATFORM_MESH_OPERATOR" != "${{ env.PLATFORM_MESH_OPERATOR_VERSION }}" ]; then | |
| echo "Platform mesh operator: $CURRENT_PLATFORM_MESH_OPERATOR -> ${{ env.PLATFORM_MESH_OPERATOR_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_KEYCLOAK" != "${{ env.KEYCLOAK_VERSION }}" ]; then | |
| echo "Keycloak: $CURRENT_KEYCLOAK -> ${{ env.KEYCLOAK_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_KUBERNETES_GRAPHQL_GATEWAY" != "${{ env.KUBERNETES_GRAPHQL_GATEWAY_VERSION }}" ]; then | |
| echo "Kubernetes GraphQL gateway: $CURRENT_KUBERNETES_GRAPHQL_GATEWAY -> ${{ env.KUBERNETES_GRAPHQL_GATEWAY_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_VIRTUAL_WORKSPACES" != "${{ env.VIRTUAL_WORKSPACES_VERSION }}" ]; then | |
| echo "Virtual workspaces: $CURRENT_VIRTUAL_WORKSPACES -> ${{ env.VIRTUAL_WORKSPACES_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_PLATFORM_MESH_OPERATOR_COMPONENTS" != "${{ env.PLATFORM_MESH_OPERATOR_COMPONENTS_VERSION }}" ]; then | |
| echo "Platform mesh operator components: $CURRENT_PLATFORM_MESH_OPERATOR_COMPONENTS -> ${{ env.PLATFORM_MESH_OPERATOR_COMPONENTS_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$CURRENT_EXAMPLE_HTTPBIN_OPERATOR" != "${{ env.EXAMPLE_HTTPBIN_OPERATOR_VERSION }}" ]; then | |
| echo "Example HTTPBin operator: $CURRENT_EXAMPLE_HTTPBIN_OPERATOR -> ${{ env.EXAMPLE_HTTPBIN_OPERATOR_VERSION }}" | |
| NEEDS_UPDATE=true | |
| fi | |
| if [ "$NEEDS_UPDATE" = "true" ]; then | |
| echo "Component dependencies have changed, creating new version" | |
| echo "Previous platform-mesh version: ${{ env.CURRENT_PM_VERSION }}" | |
| echo "New platform-mesh version: ${{ env.NEXT_VERSION }}" | |
| echo "needs_update=true" >> $GITHUB_OUTPUT | |
| echo "VERSION=${{ env.NEXT_VERSION }}" >> $GITHUB_ENV | |
| else | |
| echo "No dependency changes detected, skipping component creation" | |
| echo "Current platform-mesh version: ${{ env.CURRENT_PM_VERSION }} (no update needed)" | |
| echo "needs_update=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: create OCM ComponentArchive | |
| if: steps.version_check.outputs.needs_update == 'true' | |
| run: | | |
| ocm_ctf=.ocm/transport.ctf | |
| mkdir -p "$(dirname "$ocm_ctf")" | |
| ./ocm add components -c --templater=go --file "$ocm_ctf" constructor/component-constructor.yaml -- \ | |
| VERSION=${{ env.VERSION }} \ | |
| ACCOUNT_OPERATOR_VERSION=${{ env.ACCOUNT_OPERATOR_VERSION }} \ | |
| EXTENSION_MANAGER_OPERATOR_VERSION=${{ env.EXTENSION_MANAGER_OPERATOR_VERSION }} \ | |
| INFRA_VERSION=${{ env.INFRA_VERSION }} \ | |
| SECURITY_OPERATOR_VERSION=${{ env.SECURITY_OPERATOR_VERSION }} \ | |
| REBAC_AUTHZ_WEBHOOK_VERSION=${{ env.REBAC_AUTHZ_WEBHOOK_VERSION }} \ | |
| PORTAL_VERSION=${{ env.PORTAL_VERSION }} \ | |
| PLATFORM_MESH_OPERATOR_VERSION=${{ env.PLATFORM_MESH_OPERATOR_VERSION }} \ | |
| VIRTUAL_WORKSPACES_VERSION=${{ env.VIRTUAL_WORKSPACES_VERSION }} \ | |
| ISTIO_VERSION=1.27.0 \ | |
| CROSSPLANE_VERSION=1.20.1 \ | |
| KCP_OPERATOR_VERSION=0.1.1 \ | |
| KCP_IMAGE_VERSION=d976f348 \ | |
| GARDENER_ETCD_DRUID_SOURCE_REF=v0.31.0 \ | |
| GARDENER_ETCD_DRUID_CHART_VERSION=0.1.0 \ | |
| OPENFGA_VERSION=0.2.38 \ | |
| KUBERNETES_GRAPHQL_GATEWAY_VERSION=${{ env.KUBERNETES_GRAPHQL_GATEWAY_VERSION }} \ | |
| KEYCLOAK_VERSION=${{ env.KEYCLOAK_VERSION}} \ | |
| PLATFORM_MESH_OPERATOR_COMPONENTS_VERSION=${{ env.PLATFORM_MESH_OPERATOR_COMPONENTS_VERSION }} \ | |
| EXAMPLE_HTTPBIN_OPERATOR_VERSION=${{ env.EXAMPLE_HTTPBIN_OPERATOR_VERSION }} | |
| - name: Transfer to OCM REPO | |
| if: steps.version_check.outputs.needs_update == 'true' | |
| run: ./ocm transfer ctf --overwrite .ocm/transport.ctf "ghcr.io/platform-mesh" |