Use SHA instead of versions in GH actions #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| paths-ignore: | |
| - '.gitignore' | |
| - 'CODEOWNERS' | |
| - 'LICENSE' | |
| - '*.md' | |
| - '*.adoc' | |
| - '*.txt' | |
| - '.all-contributorsrc' | |
| concurrency: | |
| group: deployment | |
| cancel-in-progress: false | |
| jobs: | |
| deploy: | |
| if: github.repository == 'hibernate/hibernate-github-bot' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # 4.7.0 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - name: Build | |
| run: ./mvnw -B clean verify | |
| - name: Set up Helm | |
| uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # 4.2.0 | |
| with: | |
| version: 'v3.13.3' | |
| - name: Install CLI tools from OpenShift Mirror | |
| uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # 1.13.1 | |
| with: | |
| oc: "latest" | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@5eb45e848b168b6bf6b8fe7f1561003c12e3c99d # 1.3 | |
| with: | |
| openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_INFRA_PROD }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN_INFRA_PROD }} | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE_INFRA_PROD }} | |
| - name: Create ImageStream | |
| run: | | |
| oc create imagestream hibernate-github-bot || true | |
| # https://docs.openshift.com/container-platform/4.14/openshift_images/using-imagestreams-with-kube-resources.html | |
| oc set image-lookup hibernate-github-bot | |
| - name: Retrieve OpenShift Container Registry URL | |
| id: oc-registry | |
| run: | | |
| echo -n "OC_REGISTRY_URL=" >> "$GITHUB_OUTPUT" | |
| oc get imagestream -o json | jq -r '.items[0].status.publicDockerImageRepository' | awk -F"[/]" '{print $1}' >> "$GITHUB_OUTPUT" | |
| - name: Log in to OpenShift Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ steps.oc-registry.outputs.OC_REGISTRY_URL }} | |
| username: ignored | |
| password: ${{ secrets.OPENSHIFT_TOKEN_INFRA_PROD }} | |
| # Helm in particular needs semantic versions | |
| # See https://github.com/helm/helm/issues/9342#issuecomment-775269042 | |
| # See the parts about pre-release versions in https://semver.org/#semantic-versioning-specification-semver | |
| # Ideally we should use a "+" before the SHA, but that won't work with Quarkus | |
| # See https://github.com/quarkusio/quarkus/blob/da1a782e04b01b2e165d65474163050d497340c1/extensions/container-image/spi/src/main/java/io/quarkus/container/spi/ImageReference.java#L60 | |
| - name: Generate app version | |
| id: app-version | |
| run: | | |
| echo "VALUE=1.0.0-$(date -u '+%Y%m%d%H%M%S')-${{ github.sha }}" >> $GITHUB_OUTPUT | |
| - name: Build and push app container image | |
| run: | | |
| ./mvnw clean package -DskipTests \ | |
| -Drevision="${{ steps.app-version.outputs.value }}" \ | |
| -Dquarkus.container-image.build=true \ | |
| -Dquarkus.container-image.push=true \ | |
| -Dquarkus.container-image.registry="$(oc get imagestream -o json | jq -r '.items[0].status.publicDockerImageRepository' | awk -F"[/]" '{print $1}')" \ | |
| -Dquarkus.container-image.group="$(oc project --short)" \ | |
| -Dquarkus.container-image.additional-tags=latest | |
| - name: Deploy Helm charts | |
| run: | | |
| helm upgrade --install hibernate-github-bot ./target/helm/openshift/hibernate-github-bot |