Skip to content

chore: add user role #1007

chore: add user role

chore: add user role #1007

Workflow file for this run

name: Release
on:
push:
branches:
- main
jobs:
semantic-release:
runs-on: ubuntu-latest
outputs:
release-version: ${{ steps.semantic.outputs.release-version }}
new-release-published: ${{ steps.semantic.outputs.new-release-published }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
token: ${{ secrets.FLANKBOT }}
- uses: codfish/semantic-release-action@cbd853afe12037afb1306caca9d6b1ab6a58cf2a # v1.10.0
id: semantic
with:
additional_packages: |
['@semantic-release/git']
env:
GITHUB_TOKEN: ${{ secrets.FLANKBOT }}
docker:
needs: semantic-release
runs-on: ubuntu-latest
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Publish canary-checker-ui to Registry
uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4
env:
APP_DEPLOYMENT: CANARY_CHECKER
WITHOUT_AUTH: "true"
with:
name: flanksource/canary-checker-ui
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
buildargs: APP_DEPLOYMENT,WITHOUT_AUTH
snapshot: true
tags: "latest,v${{ needs.semantic-release.outputs.release-version }}"
- name: Publish incident-manager-ui to Registry
uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4
env:
APP_DEPLOYMENT: "INCIDENT_MANAGER"
WITHOUT_AUTH: "false"
with:
name: flanksource/incident-manager-ui
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
buildargs: APP_DEPLOYMENT,WITHOUT_AUTH
snapshot: true
tags: "latest,v${{ needs.semantic-release.outputs.release-version }}"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Publish canary-checker-ui to ECR Public
env:
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
REGISTRY_ALIAS: k4y9r6y5
REPOSITORY: canary-checker-ui
IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}"
APP_DEPLOYMENT: CANARY_CHECKER
WITHOUT_AUTH: "true"
run: |
docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG .
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG
- name: Publish incident-manager-ui to ECR Public
env:
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
REGISTRY_ALIAS: k4y9r6y5
REPOSITORY: incident-manager-ui
IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}"
APP_DEPLOYMENT: "INCIDENT_MANAGER"
WITHOUT_AUTH: "false"
run: |
docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG .
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG
helm:
runs-on: ubuntu-latest
needs: [semantic-release, docker]
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Download yq
run: |
wget -nv -nc -O yq https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_linux_amd64
chmod +x yq
- name: Update chart version
run: ./yq -i e '.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
- name: Update app version
run: ./yq -i e '.appVersion = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
- name: Update image tags
run: ./yq -i e '.image.tag = "v${{ needs.semantic-release.outputs.release-version }}"' chart/values.yaml
- name: Set up Helm
uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1
with:
version: v3.8.0
- name: Package Helm chart
run: |
helm package ./chart
- name: Clone charts repo
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: "${{ github.repository_owner }}/charts"
path: charts
token: "${{ secrets.FLANKBOT }}"
- name: Update chart repo
run: |
cd charts
cp ../flanksource-ui-*.tgz ./
helm repo index --merge index.yaml .
- name: Push changes to chart repo
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0
with:
commit_message: "Release ${{ needs.semantic-release.outputs.release-version }} of ${{ github.repository }}"
branch: gh-pages
repository: ./charts
update-canary-checker:
runs-on: ubuntu-latest
needs: [docker, helm, semantic-release]
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: "${{ github.repository_owner }}/canary-checker"
token: ${{ secrets.FLANKBOT }}
path: ./canary-checker
- name: Install yq
run: |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\
tar xz && sudo mv ${BINARY} /usr/bin/yq
env:
VERSION: v4.25.1
BINARY: yq_linux_amd64
- name: Update flanksource-ui version in canary-checker
run: |
cd canary-checker
yq eval-all -i '(.dependencies[] | select(.name == "flanksource-ui")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
- name: Create pull request
uses: peter-evans/create-pull-request@v6
with:
commit-message: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}"
token: ${{ secrets.FLANKBOT }}
title: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}"
branch: "update-flanksource-ui"
path: ./canary-checker
update-incident-commander:
runs-on: ubuntu-latest
needs: [docker, helm, semantic-release]
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: "${{ github.repository_owner }}/incident-commander-chart"
token: ${{ secrets.FLANKBOT }}
path: ./incident-commander-chart
- name: Install yq
run: |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\
tar xz && sudo mv ${BINARY} /usr/bin/yq
env:
VERSION: v4.25.1
BINARY: yq_linux_amd64
- name: Update flanksource-ui version in Incident-commander
run: |
cd incident-commander-chart
yq eval-all -i '(.dependencies[] | select(.name == "flanksource-ui")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
- name: Push changes to chart repo
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0
with:
commit_message: "chore: update flanksource-ui chart dependency to ${{ needs.semantic-release.outputs.release-version }}"
repository: ./incident-commander-chart