Bump pydantic from 2.9.2 to 2.10.0 #406

Workflow file for this run

	name: Create docker image

	on:
	push:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	env:
	GOOGLE_REGISTRY: europe-north1-docker.pkg.dev
	EARTHLY_USE_INLINE_CACHE: true
	EARTHLY_SAVE_INLINE_CACHE: true
	EARTHLY_VERBOSE: true
	EARTHLY_FULL_TARGET: true
	EARTHLY_OUTPUT: true
	FEATURE: aiven-poke

	jobs:
	version:
	name: Version
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
	- name: Generate image environment variable
	id: set-image-tag
	run: \|
	version="$(date +%Y%m%d%H%M%S)-$(git describe --always --dirty --exclude '*')"
	echo "version=${version}" >> $GITHUB_OUTPUT
	outputs:
	version: ${{ steps.set-image-tag.outputs.version }}
	build:
	runs-on: ubuntu-latest
	needs:
	- version
	permissions:
	contents: "read"
	id-token: "write"
	packages: "write"
	steps:
	- name: Install earthly
	uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # ratchet:earthly/actions-setup@v1
	with:
	version: "latest" # or pin to an specific version, e.g. "v0.6.10"
	- name: Install cosign
	uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # ratchet:sigstore/cosign-installer@main
	with:
	cosign-release: 'v2.2.1'
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
	- id: "auth"
	name: "Authenticate to Google Cloud"
	if: github.ref == 'refs/heads/main'
	uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f" # ratchet:google-github-actions/auth@v2.1.7
	with:
	workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: "gh-aiven-poke@nais-io.iam.gserviceaccount.com"
	token_format: "access_token"
	- name: Login to Google Artifact Registry
	if: github.ref == 'refs/heads/main'
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # ratchet:docker/login-action@v2
	with:
	registry: ${{ env.GOOGLE_REGISTRY }}
	username: "oauth2accesstoken"
	password: "${{ steps.auth.outputs.access_token }}"
	- name: "Set image tag"
	id: set-image-tag
	run: \|
	export IMAGE_TAG="${{ needs.version.outputs.version }}"
	echo "IMAGE_TAG=${IMAGE_TAG}" >> ${GITHUB_ENV}

	export IMAGE="${GOOGLE_REGISTRY}/nais-io/nais/images/${FEATURE}"
	echo "IMAGE=${IMAGE}" >> $GITHUB_ENV
	- name: Build and possibly push
	env:
	EARTHLY_PUSH: "${{ github.ref == 'refs/heads/main' }}"
	run: \|
	earthly --version
	earthly --verbose +docker --IMAGE_TAG="${IMAGE_TAG}" --BASEIMAGE="${IMAGE}"
	- name: Retrieve image digest
	id: imgdigest
	if: github.ref == 'refs/heads/main'
	run: \|
	docker pull ${IMAGE}:${IMAGE_TAG}
	echo "digest=$(docker inspect ${IMAGE}:${IMAGE_TAG} \| jq -r '.[].RepoDigests[0]')" >> $GITHUB_OUTPUT
	- name: Sign the container image
	if: github.ref == 'refs/heads/main'
	run: cosign sign --yes ${{ steps.imgdigest.outputs.digest }}
	- name: "Setup Python, Poetry and Dependencies"
	if: github.ref == 'refs/heads/main'
	uses: packetcoders/action-setup-cache-python-poetry@0d0be5577b30d85f3fa2d93a4beeda149520f120 # ratchet:packetcoders/action-setup-cache-python-poetry@v1.2.0
	with:
	python-version: 3.12
	poetry-version: 1.5.1
	install-args: --only=sbom-tools
	- name: Create SBOM
	if: github.ref == 'refs/heads/main'
	run: \|
	poetry run cyclonedx-py poetry -o sbom.json
	- name: Attest image
	if: github.ref == 'refs/heads/main'
	run: cosign attest --yes --predicate sbom.json --type cyclonedx ${{ steps.imgdigest.outputs.digest }}

	chart:
	permissions:
	contents: 'read'
	id-token: 'write'
	name: Build and push chart
	runs-on: ubuntu-latest
	needs:
	- version
	steps:
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
	- id: 'auth'
	if: github.ref == 'refs/heads/main'
	name: 'Authenticate to Google Cloud'
	uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f' # ratchet:google-github-actions/auth@v2.1.7
	with:
	workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: 'gh-aiven-poke@nais-io.iam.gserviceaccount.com'
	token_format: 'access_token'
	- name: 'Set up Cloud SDK'
	uses: 'google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a' # ratchet:google-github-actions/setup-gcloud@v1
	- name: 'Log in to Google Artifact Registry'
	if: github.ref == 'refs/heads/main'
	run: \|-
	echo '${{ steps.auth.outputs.access_token }}' \| docker login -u oauth2accesstoken --password-stdin https://${{ env.GOOGLE_REGISTRY }}
	- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # ratchet:azure/setup-helm@v3
	name: 'Setup Helm'
	with:
	version: '3.8.0'
	- name: Set versions
	run: \|-
	for chart in charts/*; do
	yq e '.version = "${{ needs.version.outputs.version }}"' --inplace "${chart}/Chart.yaml"
	yq e '.image.tag = "${{ needs.version.outputs.version }}"' --inplace "${chart}/values.yaml"
	done
	- name: Build Chart
	run: \|-
	for chart in charts/*; do
	helm package "$chart"
	done
	- name: Push Chart
	if: github.ref == 'refs/heads/main'
	run: \|-
	for chart in *.tgz; do
	helm push "$chart" oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature
	done

	rollout:
	name: Rollout
	if: github.actor != 'dependabot[bot]' && github.ref == 'refs/heads/main'
	needs:
	- version
	- build
	- chart
	runs-on: fasit-deploy
	permissions:
	id-token: write
	steps:
	- uses: nais/fasit-deploy@v2 # ratchet:exclude
	with:
	chart: oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature/${{ env.FEATURE }}
	version: ${{ needs.version.outputs.version }}
	feature_name: ${{ env.FEATURE }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pydantic from 2.9.2 to 2.10.0 #406

Workflow file

Bump pydantic from 2.9.2 to 2.10.0 #406

Jobs

Run details

Workflow file for this run