feat: wire structured logger (slog) throughout detection pipeline (#16) #68
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker & Helm | |
| permissions: {} | |
| on: | |
| push: | |
| tags: ["v*"] | |
| branches: [main] | |
| pull_request: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| lint-chart: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 | |
| - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 | |
| - run: ct lint --target-branch "$BASE_REF" --charts charts/version-guard | |
| env: | |
| BASE_REF: ${{ github.event.pull_request.base.ref }} | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'block/Version-Guard' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Set up QEMU | |
| if: github.event_name != 'pull_request' | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 | |
| - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| - name: Login to GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 | |
| id: meta | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=sha,prefix= | |
| type=semver,pattern=v{{version}} | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 | |
| with: | |
| context: . | |
| file: deploy/Dockerfile | |
| platforms: ${{ github.event_name != 'pull_request' && 'linux/amd64,linux/arm64' || 'linux/amd64' }} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: VERSION=${{ github.ref_name }} | |
| - name: Package and push Helm chart | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| TAG_VERSION="${GITHUB_REF_NAME#v}" | |
| CHART_VERSION=$(yq '.version' charts/version-guard/Chart.yaml) | |
| if [ "$TAG_VERSION" != "$CHART_VERSION" ]; then | |
| echo "::error::Tag ${GITHUB_REF_NAME} does not match Chart.yaml version ${CHART_VERSION}" | |
| exit 1 | |
| fi | |
| helm package charts/version-guard --destination ./build | |
| echo "$HELM_TOKEN" | helm registry login ghcr.io -u "$HELM_USER" --password-stdin | |
| helm push ./build/version-guard-${CHART_VERSION}.tgz oci://ghcr.io/block/charts | |
| env: | |
| HELM_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| HELM_USER: ${{ github.actor }} |