Skip to content
Rust

fix: kustomize image changes weren't working #7

Sign in to view logs

fix: kustomize image changes weren't working

fix: kustomize image changes weren't working #7

Workflow file for this run

.github/workflows/rust.yaml at fe89a81
name: Rust
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
workflow_dispatch:
# Automatically cancel in-progress actions on the same branch
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}
cancel-in-progress: true
env:
DOCKER_CONTAINER_IMAGE_BASE: lhr.ocir.io/lrdyqp2xtoja/cd-webhooks-forwarder
# get correct commit sha for pull requests as well
COMMIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
target:
- rust: aarch64-unknown-linux-musl
docker: linux/arm64
# nix: aarch64-linux
steps:
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
with:
cache-all-crates: "true"
- run: cargo install cross
- uses: docker/setup-buildx-action@v3
with:
install: true
- name: build
run: cross build --target ${{ matrix.target.rust }} --release
- name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: lhr.ocir.io
username: ${{ secrets.OCIR_USERNAME }}
password: ${{ secrets.OCIR_TOKEN }}
- name: Docker meta tags generator
id: meta
uses: docker/metadata-action@v5
# use correct sha for pr commits
env:
DOCKER_METADATA_PR_HEAD_SHA: true
with:
images: |
${{ env.DOCKER_CONTAINER_IMAGE_BASE }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=edge
type=sha,format=long
- name: Build Dockerfile
id: build-and-push-action-1
uses: docker/build-push-action@v3
with:
context: .
file: Dockerfile
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha
platforms: ${{ matrix.target.docker }}
build-args: |
RUST_TARGET_DIR=target/${{ matrix.target.rust }}/release
- run: docker push --all-tags $DOCKER_CONTAINER_IMAGE_BASE
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.DOCKER_CONTAINER_IMAGE_BASE }}:sha-${{ env.COMMIT_SHA }}
format: "table"
exit-code: "1"
ignore-unfixed: true
severity: "CRITICAL"
outputs:
pushed-image-digest: ${{ steps.build-and-push-action-1.outputs.digest }}
deploy:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.WRITE_BACK_TO_REPO_TOKEN }}
- name: install kustomize
id: kustomize-installation
run: |
curl -sfLo kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.5.7/kustomize_v4.5.7_linux_amd64.tar.gz
tar xzf ./kustomize.tar.gz
echo "KUSTOMIZE_COMMAND=$PWD/kustomize" >> $GITHUB_OUTPUT
- name: Update kustomization for new image
# in 'prod' folder
env:
KUSTOMIZE_COMMAND: ${{ steps.kustomize-installation.outputs.KUSTOMIZE_COMMAND }}
run: |
cd k8s/overlays/prod
# update image digest
$KUSTOMIZE_COMMAND edit set image \
${DOCKER_CONTAINER_IMAGE_BASE}=${DOCKER_CONTAINER_IMAGE_BASE}:sha-${COMMIT_SHA}@${{ needs.build.outputs.pushed-image-digest }}
- name: Update version label
uses: mikefarah/[email protected]
with:
cmd: yq -i '.labels[].pairs."app.kubernetes.io/version" = strenv(COMMIT_SHA)' k8s/overlays/prod/kustomization.yaml
- name: Commit to git
run: |
git config user.name github-actions
git config user.email [email protected]
git add k8s/overlays/prod
git commit -m "update: image to version $COMMIT_SHA
[no ci]"
git pull --rebase
git push
echo "Committed to infra" >> $GITHUB_STEP_SUMMARY