Fix GitHub's CI action

kubewarden · May 5, 2021 · ad55fb1 · ad55fb1
1 parent 40dcb70
commit ad55fb1
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 99 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,8 +9,10 @@ on:
   pull_request: {}
 
 jobs:
-  unit-tests:
+  tests:
     runs-on: ubuntu-latest
+    env:
+      WASM_BINARY_NAME: policy.wasm
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -19,17 +21,6 @@ jobs:
         with:
           shell-action: carton test
 
-  e2e-tests:
-    needs: unit-tests
-    runs-on: ubuntu-latest
-    env:
-      WASM_BINARY_NAME: policy.wasm
-    steps:
-      #############################
-      # Preparing the environment
-      #############################
-      - uses: actions/checkout@v2
-
       - name: Download policy-testdrive
         uses: i3h/download-release-asset@v1
         with:
@@ -77,9 +68,91 @@ jobs:
       #############################
       # Upload policy as an artifact
       #############################
-      - uses: actions/upload-artifact@v2
+      - name: upload wasm policy as an artifact
+        uses: actions/upload-artifact@v2
+        if: github.event.workflow_run.event != 'pull_request'
         with:
           name: policy.wasm
           path: ${{ env.WASM_BINARY_NAME }}
           if-no-files-found: error
 
+  push-to-oci-registry:
+    needs: tests
+    if: github.event.workflow_run.event != 'pull_request'
+    runs-on: ubuntu-latest
+    env:
+      OCI_TARGET: ghcr.io/kubewarden/policies/pod-runtime
+
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: policy.wasm
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Download wasm-to-oci
+        uses: i3h/download-release-asset@v1
+        with:
+          owner: engineerd
+          repo: wasm-to-oci
+          tag: v0.1.1
+          file: linux-amd64-wasm-to-oci
+      - name: fix wasm-to-oci permissions
+        run: |
+          chmod 755 linux-amd64-wasm-to-oci
+
+      - name: Publish Wasm policy artifact to OCI registry with the 'latest' tag
+        if: startsWith(github.ref, 'refs/heads/')
+        run: |
+          ./linux-amd64-wasm-to-oci push policy.wasm ${OCI_TARGET}:latest
+
+      - name: Publish Wasm policy artifact to OCI registry with the version tag and 'latest'
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          export OCI_TAG=$(echo $GITHUB_REF | sed -e "s|refs/tags/||")
+          ./linux-amd64-wasm-to-oci push policy.wasm ${OCI_TARGET}:${OCI_TAG}
+
+  release:
+    needs: tests
+    if: ${{ github.event.workflow_run.event != 'pull_request' && startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: policy.wasm
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          draft: false
+          prerelease: false
+
+      - name: Upload Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: policy.wasm
+          asset_name: policy.wasm
+          asset_content_type: application/wasm
+
+      - name: Notify policy-hub
+        uses: kubewarden/notify-policy-hub@main
+        with:
+          USERNAME: chimera-kube-bot
+          PAT: ${{ secrets.WORKFLOW_PAT }}