NationTech/harmony
3
0
Fork 2
Code Issues 38 Pull Requests 29 Actions Packages Projects Releases 1 Wiki Activity
Files
ci/fleet-operator-release-pipeline
harmony/.gitea/workflows/harmony-fleet-operator.yaml
Jean-Gabriel Gill-Couture 7ab5fd7041 ci: per-tag release pipeline for harmony-fleet-operator (image + chart) 
One git tag `harmony-fleet-operator-v*` now produces both the
container image and a hydrated helm chart at the same version,
pushed to hub.nationtech.io. release.sh is a 5-line wrapper around a
new `harmony-fleet-operator-release` binary in harmony-fleet-deploy
that orchestrates docker build/push, chart hydration via the
existing `build_chart()`, and `helm package`/`helm push`. CI is
reduced to a thin trigger calling the same script developers run
locally.

- chart.rs: ChartOptions gains an optional chart_version (None
  preserves the previous CARGO_PKG_VERSION behavior).
- operator_release.rs: new binary.
- release.sh: thin wrapper.
- .gitea/workflows/harmony-fleet-operator.yaml: rewritten to fire
  on `harmony-fleet-operator-v*` tags (and workflow_dispatch with a
  manual version input).
2026-05-26 13:59:29 -04:00

83 lines
3.0 KiB
YAML
Raw Permalink Blame History

name: Release harmony-fleet-operator (image + chart)
on:
push:
tags:
# Per-crate release tag. One tag → one image + one chart, both
# at the same version. Format: `harmony-fleet-operator-v0.1.0`.
- 'harmony-fleet-operator-v*'
workflow_dispatch:
inputs:
version:
description: 'Version tag to release (e.g. v0.1.0). Required for manual runs.'
required: true
type: string
jobs:
release:
container:
image: hub.nationtech.io/harmony/harmony_composer:latest
runs-on: dind
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Log in to hub.nationtech.io (docker)
uses: docker/login-action@v3
with:
registry: hub.nationtech.io
username: ${{ secrets.HUB_BOT_USER }}
password: ${{ secrets.HUB_BOT_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# helm is not in harmony_composer:latest at time of writing; pull
# the official installer. One-shot, no apt source needed.
#
# TODO: bake helm into harmony_composer so this step disappears.
- name: Install helm
run: |
curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- name: Log in to hub.nationtech.io (helm OCI)
run: |
echo "${{ secrets.HUB_BOT_PASSWORD }}" \
| helm registry login hub.nationtech.io \
--username "${{ secrets.HUB_BOT_USER }}" \
--password-stdin
# On tag-triggered runs, GITHUB_REF_NAME = the tag name. Strip
# the per-crate prefix to get the version the release binary
# wants (e.g. `harmony-fleet-operator-v0.1.0` → `v0.1.0`). On
# manual workflow_dispatch the operator passes `version`
# directly.
- name: Resolve version
id: ver
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
VERSION="${{ inputs.version }}"
else
VERSION="${GITHUB_REF_NAME#harmony-fleet-operator-}"
fi
if [ -z "$VERSION" ] || [ "$VERSION" = "$GITHUB_REF_NAME" ]; then
echo "could not resolve version from ref '$GITHUB_REF_NAME'"
exit 1
fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Releasing harmony-fleet-operator $VERSION"
# Same script a developer would run from their laptop in an
# outage. All build logic lives in Rust under
# fleet/harmony-fleet-deploy; CI is just a thin trigger.
#
# TODO (carried over from the previous workflow): add buildx
# layer caching. Each run currently recompiles the whole
# `harmony` workspace from scratch in the Dockerfile's builder
# stage. cargo-chef + `cache-from: type=gha` would help once
# build time becomes the bottleneck.
- name: Build and push image + chart
run: |
./fleet/harmony-fleet-operator/release.sh \
hub.nationtech.io \
"${{ steps.ver.outputs.version }}"
Reference in New Issue View Git Blame Copy Permalink