diff --git a/.github/workflows/registry-publish.yml b/.github/workflows/registry-publish.yml index 0eb79b93..68ecac75 100644 --- a/.github/workflows/registry-publish.yml +++ b/.github/workflows/registry-publish.yml @@ -1,3 +1,11 @@ +# This workflow will build a steampipe plugin image and publish it to Google Container Registry +# +# To configure this workflow: +# +# 1. Share the following secrets with your repository: +# - STEAMPIPE_REGISTRY_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs). +# 2. Change the values for the environment variables (below) if required. + name: Build and Deploy OCI Image on: @@ -5,9 +13,304 @@ on: tags: - 'v*' +env: + PROJECT_ID: steampipe + ORG: turbot + PLUGIN_REPO: us-docker.pkg.dev/steampipe/plugins + CONFIG_SCHEMA_VERSION: '2020-11-18' + ORAS_VERSION: '0.14.0' + jobs: - registry_publish_workflow: - uses: turbot/steampipe-workflows/.github/workflows/registry-publish.yml@main - secrets: inherit + build: + name: Build + runs-on: + labels: ubuntu_4_core + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set environment variables + run: | + plugin_name=$(echo $GITHUB_REPOSITORY | cut -d'-' -f 3) + echo $plugin_name + echo "PLUGIN_NAME=${plugin_name}" >> $GITHUB_ENV + + - name: Exit if goreleaser file is missing + run: | + test -f .goreleaser.yml + + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: 1.21 + + - name: Get latest version tag + run: |- + echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Trim tag + run: |- + echo $VERSION + trim=${VERSION#"v"} + echo $trim + echo "VERSION=${trim}" >> $GITHUB_ENV + + - name: Validate Version String + run: |- + if [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Version OK: $VERSION" + else + echo "Invalid version: $VERSION" + exit 1 + fi + + - name: Ensure Version Does Not Exist + run: |- + URL=https://$(echo $PLUGIN_REPO | sed 's/\//\/v2\//')/$ORG/$PLUGIN_NAME/tags/list + IDX=$(curl -L $URL | jq ".tags | index(\"$VERSION\")") + if [ $IDX == "null" ]; then + echo "OK - Version does not exist: $VERSION" + else + echo "Version already exists: $VERSION" + exit 1 + fi + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist --skip-publish --timeout=${{ inputs.releaseTimeout }} + + - name: List Build Artifacts + run: ls -laR ./dist + + - name: Save Linux Build Artifact - AMD64 + uses: actions/upload-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_linux_amd64 + path: ./dist/steampipe-plugin-${{ env.PLUGIN_NAME }}_linux_amd64.gz + if-no-files-found: error + + - name: Save Linux Build Artifact - ARM64 + uses: actions/upload-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_linux_arm64 + path: ./dist/steampipe-plugin-${{ env.PLUGIN_NAME }}_linux_arm64.gz + if-no-files-found: error + + - name: Save MacOS Build Artifact - AMD64 + uses: actions/upload-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_darwin_amd64 + path: ./dist/steampipe-plugin-${{ env.PLUGIN_NAME }}_darwin_amd64.gz + if-no-files-found: error + + - name: Save MacOS Build Artifact - ARM64 + uses: actions/upload-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_darwin_arm64 + path: ./dist/steampipe-plugin-${{ env.PLUGIN_NAME }}_darwin_arm64.gz + if-no-files-found: error + + publish-deploy: + name: Publish and Deploy + runs-on: + labels: ubuntu_4_core + needs: + - build + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Set environment variables + run: | + plugin_name=$(echo $GITHUB_REPOSITORY | cut -d'-' -f 3) + echo $plugin_name + echo "PLUGIN_NAME=${plugin_name}" >> $GITHUB_ENV + + # Setup gcloud CLI + - uses: google-github-actions/setup-gcloud@v0.2.0 + with: + service_account_key: ${{ secrets.STEAMPIPE_REGISTRY_SA_KEY }} + project_id: ${{ env.PROJECT_ID }} + + - run: gcloud config list + + - run: gcloud components install beta + + # Configure Docker to use the gcloud command-line tool as a credential + # helper for authentication + - run: |- + gcloud beta auth configure-docker us-docker.pkg.dev + + # oras is pre-installed on the image, but we should install a specific version + # to protect against unexpected breaking changes + - run: | + curl -LO https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz + sudo tar xzf oras_${ORAS_VERSION}_linux_amd64.tar.gz -C /usr/local/bin oras + oras version + + - name: Download linux-amd64 artifact + uses: actions/download-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_linux_amd64 + + - name: Download linux_arm64 artifact + uses: actions/download-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_linux_arm64 + + - name: Download darwin_amd64 artifact + uses: actions/download-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_darwin_amd64 + + - name: Download darwin_arm64 artifact + uses: actions/download-artifact@v2 + with: + name: steampipe-${{ env.PLUGIN_NAME }}_darwin_arm64 + + - name: List files + run: ls -l + + - name: Get latest version tag + run: |- + echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Trim tag + run: |- + echo $VERSION + trim=${VERSION#"v"} + echo $trim + echo "VERSION=${trim}" >> $GITHUB_ENV + + - name: Validate Version String + run: |- + if [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Version OK: $VERSION" + else + echo "Invalid version: $VERSION" + exit 1 + fi + + # create the config file + - run: |- + JSON_STRING=$( jq -n \ + --arg name "$PLUGIN_NAME" \ + --arg organization "$ORG" \ + --arg version "$VERSION" \ + --arg schemaVersion "$CONFIG_SCHEMA_VERSION" \ + '{schemaVersion: $schemaVersion, plugin: { name: $name, organization: $organization, version: $version} }' ) + + echo $JSON_STRING > config.json + + - run: cat config.json + + # create the annotations file + - run: |- + JSON_STRING=$( jq -n \ + --arg title "$PLUGIN_NAME" \ + --arg desc "$ORG" \ + --arg version "$VERSION" \ + --arg timestamp "$(date +%FT%T%z)" \ + --arg repo "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ + --arg commit "$GITHUB_SHA" \ + --arg vendor "Turbot HQ, Inc." \ + '{ + "$manifest": { + "org.opencontainers.image.title": $title, + "org.opencontainers.image.description": $desc, + "org.opencontainers.image.version": $version, + "org.opencontainers.image.created": $timestamp, + "org.opencontainers.image.source": $repo, + "org.opencontainers.image.revision": $commit, + "org.opencontainers.image.vendor": $vendor + } + }' ) + + echo $JSON_STRING > annotations.json + + - run: cat annotations.json + + - run: cat README.md + + # push to the registry + - run: |- + REF="$PLUGIN_REPO/$ORG/$PLUGIN_NAME:$GITHUB_RUN_ID" + oras push $REF \ + --config config.json:application/vnd.turbot.steampipe.config.v1+json \ + --annotation-file annotations.json \ + steampipe-plugin-${PLUGIN_NAME}_darwin_amd64.gz:application/vnd.turbot.steampipe.plugin.darwin-amd64.layer.v1+gzip \ + steampipe-plugin-${PLUGIN_NAME}_darwin_arm64.gz:application/vnd.turbot.steampipe.plugin.darwin-arm64.layer.v1+gzip \ + steampipe-plugin-${PLUGIN_NAME}_linux_amd64.gz:application/vnd.turbot.steampipe.plugin.linux-amd64.layer.v1+gzip \ + steampipe-plugin-${PLUGIN_NAME}_linux_arm64.gz:application/vnd.turbot.steampipe.plugin.linux-arm64.layer.v1+gzip \ + docs:application/vnd.turbot.steampipe.plugin.docs.layer.v1+tar \ + config:application/vnd.turbot.steampipe.plugin.spc.layer.v1+tar + + tag-versions: + name: Set Version tags runs-on: labels: ubuntu_4_core + needs: + - publish-deploy + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Set environment variables + run: | + plugin_name=$(echo $GITHUB_REPOSITORY | cut -d'-' -f 3) + echo $plugin_name + echo "PLUGIN_NAME=${plugin_name}" >> $GITHUB_ENV + + # Setup gcloud CLI + - uses: google-github-actions/setup-gcloud@v0.2.0 + with: + service_account_key: ${{ secrets.STEAMPIPE_REGISTRY_SA_KEY }} + project_id: ${{ env.PROJECT_ID }} + + - run: gcloud config list --quiet + + - run: gcloud components install alpha --quiet + + - name: Get latest version tag + run: |- + echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Trim tag + run: |- + echo $VERSION + trim=${VERSION#"v"} + echo $trim + echo "VERSION=${trim}" >> $GITHUB_ENV + + - name: Validate Version String + run: |- + if [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Version OK: $VERSION" + else + echo "Invalid version: $VERSION" + exit 1 + fi + + - name: Ensure Version Does Not Exist + run: |- + URL=https://$(echo $PLUGIN_REPO | sed 's/\//\/v2\//')/$ORG/$PLUGIN_NAME/tags/list + IDX=$(curl -L $URL | jq ".tags | index(\"$VERSION\")") + if [ $IDX == "null" ]; then + echo "OK - Version does not exist: $VERSION" + else + echo "Version already exists: $VERSION" + exit 1 + fi + + - name: Set version tags + uses: turbot/steampipe-workflows/.github/actions/semver-tags@main + id: semver + with: + image-to-tag: '${{ env.PLUGIN_REPO }}/${{ env.ORG }}/${{ env.PLUGIN_NAME }}:${{ github.run_id }}' + image-version: ${{ env.VERSION }}