Skip to content

Commit a4a947a

Browse files
ggguardianggguardian
committed
init
1 parent 955d13e commit a4a947a

37 files changed

+2507
-1
lines changed

.github/workflows/ci.yaml

Lines changed: 171 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,171 @@
1+
name: CI
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- '*'
8+
tags-ignore:
9+
- '*'
10+
paths-ignore:
11+
- 'demo/**'
12+
- 'docs/**'
13+
- 'LICENSE'
14+
- 'README.md'
15+
workflow_dispatch:
16+
17+
env:
18+
DAGGER_VERSION: "0.13.7"
19+
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
20+
DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
21+
DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
22+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
23+
GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
24+
GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}
25+
26+
jobs:
27+
docker-unstable:
28+
if: github.ref == 'refs/heads/init' && github.event_name == 'push'
29+
30+
name: Push Docker image
31+
runs-on: ubuntu-latest
32+
33+
strategy:
34+
matrix:
35+
target: ["debug", "prod"]
36+
37+
permissions:
38+
contents: read
39+
packages: write
40+
attestations: write
41+
id-token: write
42+
43+
steps:
44+
- name: Checkout
45+
uses: actions/checkout@v4
46+
47+
- name: Set short SHA
48+
id: sha
49+
run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_ENV
50+
51+
- name: Set image tag
52+
id: tag
53+
run: |
54+
if [ "${{ github.ref }}" == "refs/heads/init" ]; then
55+
if [[ "${{ matrix.target }}" == "debug" ]]; then
56+
echo "tag=unstable-debug" >> $GITHUB_ENV
57+
else
58+
echo "tag=unstable" >> $GITHUB_ENV
59+
fi
60+
else
61+
if [[ "${{ matrix.target }}" == "debug" ]]; then
62+
echo "tag=build-${{ env.short_sha }}-debug" >> $GITHUB_ENV
63+
else
64+
echo "tag=build-${{ env.short_sha }}" >> $GITHUB_ENV
65+
fi
66+
fi
67+
68+
- name: Publish Docker image to Github
69+
uses: dagger/dagger-for-github@v6
70+
env:
71+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
72+
with:
73+
version: ${{ env.DAGGER_VERSION }}
74+
engine-stop: false
75+
module: github.com/opopops/daggerverse/[email protected]
76+
verb: call
77+
args: |
78+
--registry=ghcr.io \
79+
--username=${{ github.actor }} \
80+
--password=env:GH_REGISTRY_PASSWORD \
81+
build \
82+
--context=. \
83+
--target=${{ matrix.target }} \
84+
--platform=linux/amd64,linux/arm64 \
85+
publish \
86+
--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
87+
88+
- name: Copy Docker image to Docker Hub
89+
uses: dagger/dagger-for-github@v6
90+
env:
91+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
92+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
93+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
94+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
95+
with:
96+
version: ${{ env.DAGGER_VERSION }}
97+
engine-stop: false
98+
module: github.com/opopops/daggerverse/[email protected]
99+
verb: call
100+
args: |
101+
with-registry-auth \
102+
--address=ghcr.io \
103+
--username=${{ github.actor }} \
104+
--secret=env:GH_REGISTRY_PASSWORD \
105+
with-registry-auth \
106+
--address=$DOCKER_REGISTRY \
107+
--username=$DOCKER_REGISTRY_USERNAME \
108+
--secret=env:DOCKER_REGISTRY_PASSWORD \
109+
copy \
110+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
111+
--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ env.tag }} \
112+
113+
- name: Scan Docker image
114+
uses: dagger/dagger-for-github@v6
115+
env:
116+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
117+
with:
118+
version: ${{ env.DAGGER_VERSION }}
119+
module: github.com/opopops/daggerverse/[email protected]
120+
verb: call
121+
args: |
122+
with-registry-auth \
123+
--address=ghcr.io \
124+
--username=${{ github.actor }} \
125+
--secret=env:GH_REGISTRY_PASSWORD \
126+
scan \
127+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
128+
129+
helm-unstable:
130+
if: github.ref == 'refs/heads/init' && github.event_name == 'push'
131+
name: Push Helm Chart
132+
runs-on: ubuntu-latest
133+
134+
permissions:
135+
contents: read
136+
packages: write
137+
attestations: write
138+
id-token: write
139+
140+
steps:
141+
- name: Checkout
142+
uses: actions/checkout@v4
143+
144+
- name: Lint
145+
uses: dagger/dagger-for-github@v6
146+
with:
147+
version: ${{ env.DAGGER_VERSION }}
148+
engine-stop: false
149+
module: github.com/purpleclay/daggerverse/[email protected]
150+
verb: call
151+
args: |
152+
lint \
153+
--dir chart \
154+
--strict \
155+
156+
- name: Publish Helm chart
157+
uses: dagger/dagger-for-github@v6
158+
env:
159+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
160+
with:
161+
version: ${{ env.DAGGER_VERSION }}
162+
module: github.com/purpleclay/daggerverse/[email protected]
163+
verb: call
164+
args: |
165+
package-push \
166+
--dir chart \
167+
--version="0.0.0" \
168+
--appVersion="unstable" \
169+
--registry=ghcr.io/${GH_HELM_REPOSITORY} \
170+
--username=${{ github.actor }} \
171+
--password=env:GH_REGISTRY_PASSWORD \

.github/workflows/release.yaml

Lines changed: 145 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,145 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- 'v*'
7+
8+
env:
9+
DAGGER_VERSION: "0.13.7"
10+
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
11+
DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
12+
DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
13+
GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
14+
GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}
15+
16+
jobs:
17+
docker:
18+
if: startsWith(github.event.ref, 'refs/tags/v')
19+
20+
name: Release Docker image
21+
runs-on: ubuntu-latest
22+
23+
strategy:
24+
matrix:
25+
target: ["debug", "prod"]
26+
27+
permissions:
28+
contents: read
29+
packages: write
30+
attestations: write
31+
id-token: write
32+
33+
steps:
34+
- name: Checkout
35+
uses: actions/checkout@v4
36+
37+
- name: Publish Docker image to GitHub
38+
uses: dagger/dagger-for-github@v6
39+
env:
40+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
41+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
42+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
43+
with:
44+
version: ${{ env.DAGGER_VERSION }}
45+
engine-stop: false
46+
module: github.com/opopops/daggerverse/[email protected]
47+
verb: call
48+
args: |
49+
--registry=ghcr.io \
50+
--username=${{ github.actor }} \
51+
--password=env:GH_REGISTRY_PASSWORD \
52+
build \
53+
--context=. \
54+
--target=${{ matrix.target }} \
55+
--platform=linux/amd64,linux/arm64 \
56+
publish \
57+
--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
58+
sign \
59+
--password=env:COSIGN_PASSWORD \
60+
--private-key=env:COSIGN_PRIVATE_KEY \
61+
62+
- name: Copy Docker image to Docker Hub
63+
uses: dagger/dagger-for-github@v6
64+
env:
65+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
66+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
67+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
68+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
69+
with:
70+
version: ${{ env.DAGGER_VERSION }}
71+
engine-stop: false
72+
module: github.com/opopops/daggerverse/[email protected]
73+
verb: call
74+
args: |
75+
with-registry-auth \
76+
--address=ghcr.io \
77+
--username=${{ github.actor }} \
78+
--secret=env:GH_REGISTRY_PASSWORD \
79+
with-registry-auth \
80+
--address=$DOCKER_REGISTRY \
81+
--username=$DOCKER_REGISTRY_USERNAME \
82+
--secret=env:DOCKER_REGISTRY_PASSWORD \
83+
copy \
84+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
85+
--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ github.ref_name }} \
86+
87+
- name: Scan Docker image
88+
uses: dagger/dagger-for-github@v6
89+
env:
90+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
91+
with:
92+
version: ${{ env.DAGGER_VERSION }}
93+
module: github.com/opopops/daggerverse/[email protected]
94+
verb: call
95+
args: |
96+
with-registry-auth \
97+
--address=ghcr.io \
98+
--username=${{ github.actor }} \
99+
--secret=env:GH_REGISTRY_PASSWORD \
100+
scan \
101+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
102+
--fail-on=high \
103+
104+
105+
helm:
106+
name: Push Helm Chart
107+
runs-on: ubuntu-latest
108+
109+
permissions:
110+
contents: read
111+
packages: write
112+
attestations: write
113+
id-token: write
114+
115+
steps:
116+
- name: Checkout
117+
uses: actions/checkout@v4
118+
119+
- name: Lint
120+
uses: dagger/dagger-for-github@v6
121+
with:
122+
version: ${{ env.DAGGER_VERSION }}
123+
engine-stop: false
124+
module: github.com/purpleclay/daggerverse/[email protected]
125+
verb: call
126+
args: |
127+
lint \
128+
--dir chart \
129+
--strict \
130+
131+
- name: Publish Helm chart
132+
uses: dagger/dagger-for-github@v6
133+
env:
134+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
135+
with:
136+
version: ${{ env.DAGGER_VERSION }}
137+
module: github.com/purpleclay/daggerverse/[email protected]
138+
verb: call
139+
args: |
140+
package-push \
141+
--dir chart \
142+
--appVersion="${{ github.ref_name }}" \
143+
--registry=ghcr.io/${GH_HELM_REPOSITORY} \
144+
--username=${{ github.actor }} \
145+
--password=env:GH_REGISTRY_PASSWORD \

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
.local/

0 commit comments

Comments
 (0)