Skip to content

feat(ci): use AKS overlaybd (#55) #21

feat(ci): use AKS overlaybd (#55)

feat(ci): use AKS overlaybd (#55) #21

Workflow file for this run

name: Release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+-alpha"
jobs:
publish:
name: Build and Publish Container Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
REPO_PREFIX: ${{ format('azure/acr/dev/') }}
outputs:
git_tag: ${{ steps.get_git_tag.outputs.git_tag }}
steps:
- name: Get Git Tag
id: get_git_tag
run: echo ::set-output name=git_tag::${GITHUB_REF#refs/tags/}
- name: Check Out Source Code
if: ${{ success() }}
uses: actions/checkout@v2
with:
ref: ${{ steps.get_git_tag.outputs.git_tag }}
- name: Set Docker Image Tag
env:
GIT_TAG: ${{ steps.get_git_tag.outputs.git_tag }}
id: get_image_tag
run: echo ::set-output name=docker_tag::${GIT_TAG}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Image
if: ${{ success() }}
run: |
REGISTRY=${{ env.REGISTRY }} REPO_PREFIX=${{ env.REPO_PREFIX }} TAG=${{ steps.get_image_tag.outputs.docker_tag }} make build-image
- name: Push Image
if: ${{ success() }}
run: |
docker push ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ steps.get_image_tag.outputs.docker_tag }}
ciCtr:
name: Run AKS CTR CI
runs-on: ubuntu-latest
needs: publish
permissions:
contents: read
id-token: write # This is required for requesting the JWT from AAD.
env:
TAG: ${{ needs.publish.outputs.git_tag }}
SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
steps:
- name: "Az CLI login"
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# This is a temporary workaround. See: https://github.com/Azure/azure-cli/issues/28708#issuecomment-2049014471
- name: Fetch OID token every 4 mins
run: |
while true; do
token_request=$ACTIONS_ID_TOKEN_REQUEST_TOKEN
token_uri=$ACTIONS_ID_TOKEN_REQUEST_URL
token=$(curl -H "Authorization: bearer $token_request" "${token_uri}&audience=api://AzureADTokenExchange" | jq .value -r)
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -t ${{ secrets.AZURE_TENANT_ID }} --federated-token $token --output none
# Sleep for 4 minutes
sleep 240
done &
- name: Check Out Source Code
if: ${{ success() }}
uses: actions/checkout@v2
with:
ref: ${{ env.TAG }}
- name: "Make"
if: ${{ success() }}
run: |
PEERD_IMAGE_TAG=${{ env.TAG }} make tests-deps-install ci-aks-ctr
ciStreaming:
name: Run AKS Streaming CI
runs-on: ubuntu-latest
needs: [publish, ciCtr]
permissions:
contents: read
id-token: write # This is required for requesting the JWT from AAD.
env:
TAG: ${{ needs.publish.outputs.git_tag }}
SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
steps:
- name: "Az CLI login"
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# This is a temporary workaround. See: https://github.com/Azure/azure-cli/issues/28708#issuecomment-2049014471
- name: Fetch OID token every 4 mins
run: |
while true; do
token_request=$ACTIONS_ID_TOKEN_REQUEST_TOKEN
token_uri=$ACTIONS_ID_TOKEN_REQUEST_URL
token=$(curl -H "Authorization: bearer $token_request" "${token_uri}&audience=api://AzureADTokenExchange" | jq .value -r)
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -t ${{ secrets.AZURE_TENANT_ID }} --federated-token $token --output none
# Sleep for 4 minutes
sleep 240
done &
- name: Check Out Source Code
if: ${{ success() }}
uses: actions/checkout@v2
with:
ref: ${{ env.TAG }}
- name: "Make"
if: ${{ success() }}
run: |
PEERD_IMAGE_TAG=${{ env.TAG }} make tests-deps-install ci-aks-streaming
tag:
name: Tag Release
runs-on: ubuntu-latest
needs: [publish, ciCtr, ciStreaming]
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
REPO_PREFIX: ${{ format('azure/acr/dev/') }}
SOURCE_TAG: ${{ needs.publish.outputs.git_tag }}
TARGET_TAG: stable
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull Tag ${{ env.SOURCE_TAG }}
if: ${{ success() }}
run: |
docker pull ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ env.SOURCE_TAG }}
- name: Push Tag ${{ env.TARGET_TAG }}
if: ${{ success() }}
run: |
docker tag ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ env.SOURCE_TAG }} ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ env.TARGET_TAG }} && \
docker push ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ env.TARGET_TAG }}