Update actions/cache action to v5 #262
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AMM Techlab Puzzle Build and Publish | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| pull-requests: write | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| HELM_NAME: amm-techlab-puzzle | |
| TRAINING_VERSION: ${{ github.sha }} | |
| BUILD_VERSION: ${{ github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) }} | |
| DEPLOY_SECRET_VARIABLE_NAME: ${{ github.ref == 'refs/heads/main' && 'KUBECONFIG_PROD_AV2' || 'KUBECONFIG_TEST_AV2' }} | |
| NAMESPACE_NAME: ${{ github.ref == 'refs/heads/main' && 'pitc-cicd-amm-techlab-prod' || 'pitc-cicd-amm-techlab-test' }} | |
| PR_ENV_URL: https://amm-techlab-pr-${{ github.event.pull_request.number }}.ocp.cloudscale.puzzle.ch | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Set up npm for linting | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 'latest' | |
| - name: Cache npm dependencies | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Cache node_modules | |
| uses: actions/cache@v5 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-modules- | |
| - name: Lint Markdown | |
| run: npm ci && npm run mdlint | |
| build_push_image: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| outputs: | |
| digest: ${{ steps.build-push.outputs.digest }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push Docker image | |
| id: build-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| sign_image: | |
| runs-on: ubuntu-latest | |
| needs: build_push_image | |
| outputs: | |
| digest: ${{ needs.build_push_image.outputs.digest }} | |
| steps: | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install cosign | |
| uses: sigstore/[email protected] | |
| with: | |
| cosign-release: 'v2.2.4' | |
| - name: Sign Docker image with cosign | |
| env: | |
| TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }} | |
| DIGEST: ${{ needs.build_push_image.outputs.digest }} | |
| run: | | |
| COSIGN_EXPERIMENTAL=1 cosign sign --yes ${TAG}@${DIGEST} | |
| verify_image: | |
| runs-on: ubuntu-latest | |
| needs: sign_image | |
| outputs: | |
| digest: ${{ needs.sign_image.outputs.digest }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| scripts | |
| sparse-checkout-cone-mode: false | |
| fetch-depth: 0 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install cosign | |
| uses: sigstore/[email protected] | |
| with: | |
| cosign-release: 'v2.2.4' | |
| - name: Verify Docker image with cosign | |
| env: | |
| TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }} | |
| DIGEST: ${{ needs.sign_image.outputs.digest }} | |
| run: bash ./scripts/verify_cosign.sh | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: verify_image | |
| env: | |
| KUBE_CONFIG_PATH: '$HOME/.kube' | |
| KUBE_CONFIG_FILENAME: 'config' | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| helm-chart | |
| scripts | |
| sparse-checkout-cone-mode: false | |
| fetch-depth: 0 | |
| - name: 'Install Helm' | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: 'latest' | |
| - name: Install Kubectl | |
| uses: azure/setup-kubectl@v4 | |
| with: | |
| version: 'latest' | |
| - name: Create KUBECONFIG | |
| env: | |
| KUBE_CONFIG: ${{ secrets[env.DEPLOY_SECRET_VARIABLE_NAME] }} | |
| run: bash ./scripts/create_kubeconfig.sh | |
| - name: Deploy Helm Release | |
| env: | |
| HELM_RELEASE: ${{ env.BUILD_VERSION }} | |
| NAMESPACE: ${{ env.NAMESPACE_NAME }} | |
| run: bash ./scripts/deploy_helm_release.sh | |
| - name: Redeploy Deployments | |
| env: | |
| HELM_RELEASE: ${{ env.BUILD_VERSION }} | |
| NAMESPACE: ${{ env.NAMESPACE_NAME }} | |
| run: bash ./scripts/redeploy_deployment.sh | |
| comment: | |
| if: github.ref != 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: verify_image | |
| steps: | |
| - name: Comment PR Environments in PR | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| message: | | |
| 🚀 PR Environment: [Open Deployment](${{ env.PR_ENV_URL }}) | |
| 🏷️ Image Tag: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BUILD_VERSION }}` | |
| 🖋️ Image Digest: `${{ needs.verify_image.outputs.digest }}` |