Skip to content

Managedidentity operatorspec secrets (#3937) #115

Managedidentity operatorspec secrets (#3937)

Managedidentity operatorspec secrets (#3937) #115

name: Create new experimental release
on:
# run when pushed to main is published,
# which creates a new tag
push:
branches:
- main
paths:
- 'v2/**'
# no content, allows manual triggering
workflow_dispatch:
env:
ARTIFACT_VERSION: experimental
jobs:
build-and-push:
runs-on: [self-hosted, 1ES.Pool=aso-1es-pool]
permissions:
contents: write # Required to write a release
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0 # required to access tags
submodules: "true"
- name: Force docker to SSD
run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true
- name: Build & run devcontainer image
# this always builds a new image from scratch rather than from the build-devcontainer-image workflow output
# so that we pick up the latest versions of everything
# NB: if you update this also update live-validation.yml, pre-release-tests.yaml and create-release-official.yaml
id: devcontainer
run: |
docker build --tag devcontainer:latest .devcontainer
mkdir -p $HOME/.docker # in case it doesn't exist
container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock devcontainer:latest)
docker start "$container_id"
echo "container_id=$container_id" >> $GITHUB_ENV
- name: Build required release files
run: |
container_id=${{env.container_id}}
docker exec "$container_id" task VERSION=${{ env.ARTIFACT_VERSION }} LATEST_VERSION_TAG=${{ env.ARTIFACT_VERSION }} make-release-artifacts
# We delete the old release and re-create it because if we just use the overwrite argument to
# upload-release-action it updates the release files but doesn't change the "date" of the release.
# Over time this means that the release date diverges from the date the files were uploaded in a way that is
# likely to confuse users.
- name: Delete Release
run: gh release delete "experimental" --cleanup-tag -y
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# See https://github.com/svenstaro/upload-release-action/issues/99, which describes a bug where (for some reason)
# releases that are deleted and then immediately recreated can sometimes show up as draft rather than an official
# release. This is a hack, but we don't have a better workaround at the moment. See https://github.com/cli/cli/issues/8458
# as well.
- name: Wait 60s
run: sleep 60s
- name: Upload release assets
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # this is v2.7.0, but pinned
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: refs/tags/${{ env.ARTIFACT_VERSION }}
file: "v2/out/release/*"
file_glob: true
prerelease: true
release_name: "Experimental"
body: |
This is an experimental release which containing the most recent commits from the main branch as of commit: ${{ github.sha }}.
**This release might not be stable. Use at your own risk.**
> ⚠️ The provided YAML manifest does not configure any CRDs to install by default, but is required.
> You must specify the CRDs that you want to use as part of `crdPattern`, for example `'resources.azure.com/*;containerservice.azure.com/*;keyvault.azure.com/*;managedidentity.azure.com/*;apimanagement.azure.com/*'`.
It is only intended for developers wishing to try out the latest feature, some of which may not be fully implemented.
- name: Docker login
run: |
container_id=${{env.container_id}}
docker exec -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e DOCKER_REGISTRY "$container_id" task VERSION=${{ env.ARTIFACT_VERSION }} LATEST_VERSION_TAG=${{ env.ARTIFACT_VERSION }} docker-login
env:
DOCKER_REGISTRY: ${{ secrets.REGISTRY_LOGIN }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
- name: Build, tag and push docker image
run: |
container_id=${{env.container_id}}
docker exec -e DOCKER_PUSH_TARGET "$container_id" task VERSION=${{ env.ARTIFACT_VERSION }} LATEST_VERSION_TAG=${{ env.ARTIFACT_VERSION }} controller:docker-push-multiarch
env:
DOCKER_PUSH_TARGET: ${{ secrets.REGISTRY_PUBLIC }}