diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml new file mode 100644 index 000000000..8b9f7b1ed --- /dev/null +++ b/.github/workflows/release-pr.yml @@ -0,0 +1,128 @@ +name: Release PR image + +on: + pull_request: + types: + - opened + - reopened + - synchronize + +jobs: + get-pr-number: + name: Get PR number + runs-on: ubuntu-latest + outputs: + pr-number: ${{ steps.get-pr-number.outputs.pr-number }} + steps: + - name: Get PR number + id: get-pr-number + run: echo "::set-output name=pr-number::$(echo ${GITHUB_REF#refs/pull/} | cut -d'/' -f1)" + operator-container-push-pr: + needs: get-pr-number + permissions: + contents: read + id-token: write + packages: write + uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main + with: + name: compliance-operator + registry_org: complianceascode + tag: ${{ needs.get-pr-number.outputs.pr-number }} + dockerfile_path: build/Dockerfile + vendor: 'Compliance Operator Authors' + + bundle-container-push-pr: + needs: get-pr-number + permissions: + contents: read + id-token: write + packages: write + uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main + with: + name: compliance-operator-bundle + registry_org: complianceascode + tag: ${{ needs.get-pr-number.outputs.pr-number }} + dockerfile_path: bundle.Dockerfile + vendor: 'Compliance Operator Authors' + + openscap-container-push-pr: + needs: get-pr-number + permissions: + contents: read + id-token: write + packages: write + uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main + with: + name: openscap-ocp + registry_org: complianceascode + tag: ${{ needs.get-pr-number.outputs.pr-number }} + dockerfile_path: images/openscap/Dockerfile + vendor: 'Compliance Operator Authors' + + catalog-container-push-pr: + runs-on: ubuntu-latest + needs: bundle-container-push-pr + if: always() # remove this after we fix signing + + permissions: + packages: write + contents: read + + outputs: + image-digest: ${{ steps.container_info.outputs.image-digest }} + image-tags: ${{ steps.container_info.outputs.image-tags }} + + steps: + - name: Checkout + uses: actions/checkout@v3.6.0 + + - name: Login to ghcr.io + uses: docker/login-action@v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/complianceascode/compliance-operator-catalog + tags: | + type=raw,value=${{ needs.get-pr-number.outputs.pr-number }} + type=sha,format=long + labels: | + org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} + org.opencontainers.image.title=compliance-operator-catalog + org.opencontainers.image.version=latest + org.opencontainers.image.licenses='Apache-2.0' + org.opencontainers.image.vendor='Compliance Operator Authors' + + - name: Generate catalog dockerfile + id: generate_catalog_dockerfile + run: | + make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }} + + - name: Build container images and push + id: docker_build + uses: docker/build-push-action@v5 + with: + context: . + file: catalog.Dockerfile + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: true + platforms: 'linux/amd64' + + - name: Get container info + id: container_info + run: | + image_tags="${{ needs.get-pr-number.outputs.pr-number }}" + echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}" + echo "::set-output name=image-tags::${image_tags}" \ No newline at end of file