diff --git a/.github/workflows/getstream-publish.yml b/.github/workflows/getstream-publish.yml new file mode 100644 index 00000000000..f772554b63c --- /dev/null +++ b/.github/workflows/getstream-publish.yml @@ -0,0 +1,87 @@ +name: Publish KubeBlocks (GetStream fork) + +# Publishes the forked operator IMAGE and CHART to GHCR at one version, so the +# two never drift. Manual (workflow_dispatch); existing serial.* artifacts are +# left untouched, this publishes new tags only. +# +# Version format (canonical, enforced by the validate job below): +# +# -getstream. e.g. 1.0.2-getstream.1 +# +# the exact upstream KubeBlocks release this fork is rebased +# on. Bump only on a real rebase (1.0.3, 1.1.0, ...). +# getstream fixed org namespace. It is a SemVer PRERELEASE suffix, so +# use '-' (not '+build', which OCI image tags reject). +# fork build counter: increments per build, resets to 1 when +# changes. +# +# The image tag and the chart version are always this same string. + +on: + workflow_dispatch: + inputs: + version: + description: 'Fork version -getstream., e.g. 1.0.2-getstream.1' + required: true + default: '1.0.2-getstream.1' + +permissions: + contents: read + packages: write + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Enforce version format + env: + VERSION: ${{ inputs.version }} + run: | + re='^[0-9]+\.[0-9]+\.[0-9]+-getstream\.[0-9]+$' + if [[ ! "$VERSION" =~ $re ]]; then + echo "::error::version '$VERSION' must be -getstream., e.g. 1.0.2-getstream.1" + exit 1 + fi + + image: + needs: validate + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + # arm64 emulation; the make target creates the multi-arch buildx builder. + - uses: docker/setup-qemu-action@v3 + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push operator image (linux/amd64,linux/arm64) + run: make push-manager-image IMG=ghcr.io/getstream/kubeblocks VERSION=${{ inputs.version }} BUILDX_ENABLED=true + + chart: + needs: image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: azure/setup-helm@v4 + with: + version: v3.16.4 + + - name: Log in to GHCR + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: echo "$GH_TOKEN" | helm registry login ghcr.io -u "${{ github.actor }}" --password-stdin + + # crds/ is no longer .helmignored, so the fork CRDs ship inside the chart. + - name: Package and push chart + run: | + helm package deploy/helm --version "${{ inputs.version }}" --app-version "${{ inputs.version }}" + helm push "kubeblocks-${{ inputs.version }}.tgz" oci://ghcr.io/getstream/charts diff --git a/deploy/helm/.helmignore b/deploy/helm/.helmignore index 90549187b2f..59e76c6de8a 100644 --- a/deploy/helm/.helmignore +++ b/deploy/helm/.helmignore @@ -28,5 +28,8 @@ depend-charts/ # dashboards dashboards/ -# crds, need to separate installation -crds/ \ No newline at end of file +# GetStream fork: crds/ is intentionally NOT ignored. Upstream excludes it and +# installs CRDs via kbcli, but we ship this operator chart as a self-contained +# OCI artifact, so its CRDs (including the fork's externallyManaged field) must +# travel with the chart. chat's rocky installer pulls this chart and applies +# crds/ directly (helm only auto-applies crds/ on install, never on upgrade). \ No newline at end of file