-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (113 loc) · 5.35 KB
/
publish.yml
File metadata and controls
131 lines (113 loc) · 5.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Publish Capabilities
on:
push:
branches: [main]
workflow_dispatch:
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Download nebi
env:
NEBI_VERSION: "0.10.4"
run: |
curl -sL "https://github.com/nebari-dev/nebi/releases/download/v${NEBI_VERSION}/nebi_${NEBI_VERSION}_linux_x86_64.tar.gz" \
| tar xz -C /usr/local/bin nebi
nebi version
- name: Start nebi server
env:
NEBI_DATABASE_DRIVER: sqlite
NEBI_DATABASE_DSN: /tmp/nebi.db
NEBI_QUEUE_TYPE: memory
NEBI_AUTH_JWT_SECRET: ci-ephemeral-secret
ADMIN_USERNAME: admin
ADMIN_PASSWORD: admin
run: |
nebi serve &
# Wait for server to be ready
for i in $(seq 1 30); do
if curl -sf http://localhost:8460/api/v1/health > /dev/null 2>&1; then
echo "Server is ready"
break
fi
sleep 1
done
- name: Login to nebi
run: |
echo "admin" | nebi login http://localhost:8460 --username admin --password-stdin
- name: Add quay.io registry
run: |
echo "${{ secrets.QUAY_PASSWORD }}" | nebi registry add --name quay --url quay.io --namespace openteams_capabilities --username "${{ secrets.QUAY_USERNAME }}" --password-stdin --default
- name: Push and publish capabilities
run: |
for pixi_toml in capabilities/*/pixi.toml; do
env_dir=$(dirname "$pixi_toml")
env_name=$(basename "$env_dir")
version=$(grep '^version = ' "$pixi_toml" | sed 's/.*= *"\(.*\)"/\1/')
echo "==> Publishing ${env_name}:${version}"
# Create the quay.io repo (idempotent) and ensure it's public
curl -sf -X POST \
-H "Authorization: Bearer ${{ secrets.QUAY_API_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"namespace\":\"openteams_capabilities\",\"repository\":\"${env_name}\",\"visibility\":\"public\",\"description\":\"\"}" \
"https://quay.io/api/v1/repository" \
&& echo " -> Created ${env_name} on quay.io" \
|| echo " -> Repository ${env_name} already exists on quay.io"
# Grant the robot account write access so nebi publish can push blobs
# Robot account names contain '+' which must be URL-encoded as '%2B'
encoded_username=$(echo "${{ secrets.QUAY_USERNAME }}" | sed 's/+/%2B/g')
curl -sv -X PUT \
-H "Authorization: Bearer ${{ secrets.QUAY_API_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"role":"write"}' \
"https://quay.io/api/v1/repository/openteams_capabilities/${env_name}/permissions/user/${encoded_username}" \
&& echo " -> Granted write access to ${{ secrets.QUAY_USERNAME }}" \
|| echo " -> Warning: could not set write access for ${{ secrets.QUAY_USERNAME }}"
cd "$env_dir"
nebi init
echo "${{ secrets.QUAY_PASSWORD }}" | nebi registry add --local --name quay --url quay.io --namespace openteams_capabilities --username "${{ secrets.QUAY_USERNAME }}" --password-stdin --default || echo " -> Local registry quay already exists, skipping"
nebi publish --local --registry quay --repo "${env_name}"
cd "$GITHUB_WORKSPACE"
done
- name: Summary
run: |
echo "## Published Capabilities" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Environment | Version | Registry | Import Command |" >> $GITHUB_STEP_SUMMARY
echo "|-------------|---------|----------|----------------|" >> $GITHUB_STEP_SUMMARY
for pixi_toml in capabilities/*/pixi.toml; do
env_name=$(basename "$(dirname "$pixi_toml")")
version=$(grep '^version = ' "$pixi_toml" | sed 's/.*= *"\(.*\)"/\1/')
ref="quay.io/openteams_capabilities/${env_name}:latest"
echo "| ${env_name} | ${version} | [quay.io](https://quay.io/repository/openteams_capabilities/${env_name}) | \`nebi import ${ref}\` |" >> $GITHUB_STEP_SUMMARY
done
- name: Shutdown server
if: always()
run: pkill nebi || true
import-test:
needs: publish
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Download nebi
env:
NEBI_VERSION: "0.10.4"
run: |
curl -sL "https://github.com/nebari-dev/nebi/releases/download/v${NEBI_VERSION}/nebi_${NEBI_VERSION}_linux_x86_64.tar.gz" \
| tar xz -C /usr/local/bin nebi
nebi version
- name: Import capabilities from registry
run: |
for pixi_toml in capabilities/*/pixi.toml; do
env_name=$(basename "$(dirname "$pixi_toml")")
echo "==> Importing ${env_name}:latest"
nebi import "quay.io/openteams_capabilities/${env_name}:latest" -o "/tmp/${env_name}" --force
if [ ! -f "/tmp/${env_name}/pixi.toml" ]; then
echo "ERROR: pixi.toml not found after importing ${env_name}"
exit 1
fi
echo " -> OK"
done