-
Notifications
You must be signed in to change notification settings - Fork 180
231 lines (207 loc) · 8.28 KB
/
on_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
name: Build and publish to Docker Hub
on:
release:
# job will automatically run after a new "release" is create on github.
types: [published]
jobs:
# this job will build, test and (potentially) push the docker images to docker hub
#
# BUILD PHASE:
# - will auto tag the image according to the release tag / `git describe`.
#
# TEST PHASE:
# - will run an e2e test with a modified docker compose.
# - queries OPA data to check its state matches an expected value.
# - state will match only if OPAL client successfully synced to OPAL server.
# - outputs the docker compose logs to more easily investigate errors.
#
# PUSH PHASE:
# - Runs only if test phase completes with no errors.
# - Pushes images (built at BUILD PHASE) to docker hub.
docker_build_and_publish:
runs-on: ubuntu-latest
env:
github_token: ${{ secrets.TOKEN_GITHUB }}
permissions:
id-token: write
contents: write # 'write' access to repository contents
pull-requests: write # 'write' access to pull requests
steps:
# BUILD PHASE
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker Compose install
run: |
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
- name: Echo version tag
run: |
echo "The version tag that will be published to docker hub is: ${{ github.event.release.tag_name }}"
- name: Build client for testing
id: build_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-client:test
- name: Build server for testing
id: build_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-server:test
# TEST PHASE
- name: Create modified docker compose file
run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml
- name: Bring up stack
run: docker-compose -f docker/docker-compose-test.yml up -d
- name: Check if OPA is healthy
run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"'
- name: Output container logs
run: docker-compose -f docker/docker-compose-test.yml logs
# PUSH PHASE
- name: Output local docker images
run: docker image ls --digests | grep opal
# pushes the *same* docker images that were previously tested as part of e2e sanity test.
# each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
- name: Build & Push client
id: build_push_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
tags: |
permitio/opal-client:latest
permitio/opal-client:${{ github.event.release.tag_name }}
- name: Build client-standalone
id: build_push_client_standalone
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client-standalone
cache-from: type=registry,ref=permitio/opal-client-standalone:latest
cache-to: type=inline
tags: |
permitio/opal-client-standalone:latest
permitio/opal-client-standalone:${{ github.event.release.tag_name }}
- name: Build server
id: build_push_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
tags: |
permitio/opal-server:latest
permitio/opal-server:${{ github.event.release.tag_name }}
- name: Build & Push client cedar
id: build_push_client_cedar
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client-cedar
cache-from: type=registry,ref=permitio/opal-client-cedar:latest
cache-to: type=inline
tags: |
permitio/opal-client-cedar:latest
permitio/opal-client-cedar:${{ github.event.release.tag_name }}
- name: Python setup
uses: actions/setup-python@v5
with:
python-version: '3.11.8'
# This is the root file representing the package for all the sub-packages.
- name: Bump version - packaging__.py
run: |
version_tag=${{ github.event.release.tag_name }}
version_tag=${version_tag#v} # Remove the leading 'v'
version_tuple=$(echo $version_tag | sed 's/\./, /g')
sed -i "s/VERSION = (.*/VERSION = (${version_tuple})/" packages/__packaging__.py
cat packages/__packaging__.py
- name: Cleanup setup.py and Build every sub-packages
run: |
pip install wheel
cd packages/opal-common/ ; rm -rf *.egg-info build/ dist/
python setup.py sdist bdist_wheel
cd ../..
cd packages/opal-client/ ; rm -rf *.egg-info build/ dist/
python setup.py sdist bdist_wheel
cd ../..
cd packages/opal-server/ ; rm -rf *.egg-info build/ dist/
python setup.py sdist bdist_wheel
cd ../..
# Upload package distributions to the release - All assets in one step
- name: Upload assets to release
uses: shogo82148/[email protected]
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: |
packages/opal-common/dist/*
packages/opal-client/dist/*
packages/opal-server/dist/*
# Publish package distributions to PyPI
- name: Publish package distributions to PyPI - Opal-Common
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
packages-dir: packages/opal-common/dist/
# For Test only !
# password: ${{ secrets.TEST_PYPI_TOKEN }}
# repository-url: https://test.pypi.org/legacy/
env:
name: pypi
url: https://pypi.org/p/opal-common/
- name: Publish package distributions to PyPI - Opal-Client
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
packages-dir: packages/opal-client/dist/
# For Test only !
# password: ${{ secrets.TEST_PYPI_TOKEN }}
# repository-url: https://test.pypi.org/legacy/
env:
name: pypi
url: https://pypi.org/p/opal-client/
- name: Publish package distributions to PyPI - Opal-Server
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
packages-dir: packages/opal-server/dist/
# For Test only !
# password: ${{ secrets.TEST_PYPI_TOKEN }}
# repository-url: https://test.pypi.org/legacy/
env:
name: pypi
url: https://pypi.org/p/opal-server/