diff --git a/.github/workflows/deploy_ce_onprem_public.yaml b/.github/workflows/deploy_ce_onprem_public.yaml new file mode 100644 index 00000000..472f593a --- /dev/null +++ b/.github/workflows/deploy_ce_onprem_public.yaml @@ -0,0 +1,74 @@ +name: Trigger Private Deployment + +on: + workflow_call: + inputs: + version: + description: 'MLRun CE Chart version (e.g. 0.9.2)' + required: true + type: string + secrets: + GH_APP_ID: + required: true + GH_APP_PRIVATE_KEY: + required: true + DEPLOYMENT_REPO: + required: true + SYSTEM_ID: + required: true + +permissions: {} + +jobs: + trigger-deployment: + name: Trigger Deployment in Private Repo + runs-on: ubuntu-latest + steps: + - name: Resolve target repository + id: repo-info + run: | + DEPLOYMENT_REPO="${{ secrets.DEPLOYMENT_REPO }}" + + if [[ "$DEPLOYMENT_REPO" != */* ]]; then + echo "::error::DEPLOYMENT_REPO must be in the form owner/repo." + exit 1 + fi + + OWNER="${DEPLOYMENT_REPO%%/*}" + REPO="${DEPLOYMENT_REPO#*/}" + + echo "owner=$OWNER" >> $GITHUB_OUTPUT + echo "repo=$REPO" >> $GITHUB_OUTPUT + echo "full_name=$DEPLOYMENT_REPO" >> $GITHUB_OUTPUT + + - name: Generate GitHub App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + owner: ${{ steps.repo-info.outputs.owner }} + repositories: ${{ steps.repo-info.outputs.repo }} + + - name: Send Repository Dispatch to Private Deployment Repo + run: | + DEPLOYMENT_REPO="${{ steps.repo-info.outputs.full_name }}" + curl -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: token ${{ steps.app-token.outputs.token }}" \ + https://api.github.com/repos/${DEPLOYMENT_REPO}/dispatches \ + -d "$(jq -n \ + --arg version "${{ inputs.version }}" \ + --arg system_id "${{ secrets.SYSTEM_ID }}" \ + '{ + event_type: "deploy-ce-onprem", + client_payload: { + version: $version, + system_id: $system_id, + run_naipi: true, + source_repo: "ce", + triggered_by: "${{ github.actor }}" + } + }')" + + echo "Deployment triggered in private repository" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2a28171a..09fec8f6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,14 +1,20 @@ name: Release Charts +permissions: + contents: read + on: push: branches: - development - "[0-9]+.[0-9]+.x" + workflow_dispatch: jobs: release: runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout @@ -38,6 +44,19 @@ jobs: env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Extract Chart Version from Chart.yaml + id: extract_version + run: | + CHART_VERSION=$(grep '^version:' charts/mlrun-ce/Chart.yaml | awk '{print $2}') + if [[ -z "$CHART_VERSION" ]]; then + echo "Error: Failed to extract version from Chart.yaml" >&2 + exit 1 + fi + echo "version=$CHART_VERSION" >> $GITHUB_OUTPUT + + outputs: + version: ${{ steps.extract_version.outputs.version }} + notify_mlefi: runs-on: ubuntu-latest needs: release # Ensure this runs after the release job @@ -73,3 +92,14 @@ jobs: -H "Authorization: token ${{ secrets.MLEFIGHTRIGGER }}" \ https://api.github.com/repos/iguazio/mlefi/dispatches \ -d "$JSON_PAYLOAD" + + deploy_ce_onprem: + needs: release + uses: ./.github/workflows/deploy_ce_onprem_public.yaml + with: + version: ${{ needs.release.outputs.version }} + secrets: + GH_APP_ID: ${{ secrets.GH_APP_ID }} + GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }} + DEPLOYMENT_REPO: ${{ secrets.DEPLOYMENT_REPO }} + SYSTEM_ID: ${{ secrets.SYSTEM_ID }} \ No newline at end of file