CI updates and bump operator version

.github/workflows/minimal-app.yml

@@ -6,6 +6,7 @@ on:
     paths:
       - minimal-app/**
       - .github/workflows/minimal-app.yml
+      - .github/workflows/scripts
   push:
     branches:
       - main
@@ -60,36 +61,42 @@ jobs:
           IMAGE_NAME=$(mvn help:evaluate -Dexpression=image-name -q -DforceStdout)
           echo "REGISTRY=$REGISTRY" >> "$GITHUB_OUTPUT"
           echo "TAG_NAME=${{ env.GIT_TAG_PREFIX }}$VERSION" >> "$GITHUB_OUTPUT"
-          echo "IMAGE_NAME=$REGISTRY/$IMAGE_NAME:$VERSION" >> "$GITHUB_OUTPUT"
+          echo "FULL_IMAGE_NAME=$REGISTRY/$IMAGE_NAME:$VERSION" >> "$GITHUB_OUTPUT"
           cat $GITHUB_OUTPUT
         id: naming-selector
         name: generate names for artifacts
 
-      - run: |
-          ! docker manifest inspect ${{ steps.naming-selector.outputs.IMAGE_NAME }}
-        name: confirm image is not already pushed
-
       - run: |
           git fetch --tags
-          ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"
-        name: confirm git tag does not exist
+          if git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"; then
+            # confirm image exists
+            docker manifest inspect ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }}
+          else
+            echo "needs_release=true" >> $GITHUB_ENV
+          fi
+        name: check if release is needed
 
       - uses: actions/setup-java@v3
+        if: env.needs_release == 'true'
         with:
           java-version: "${{ env.JAVA_VERSION }}"
           distribution: "temurin"
       - run: mvn --batch-mode --update-snapshots verify
+        if: env.needs_release == 'true'
         name: build image
 
       - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        if: env.needs_release == 'true'
         with:
           registry: ${{ steps.naming-selector.outputs.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - run: docker push ${{ steps.naming-selector.outputs.IMAGE_NAME }}
+      - run: docker push ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }}
+        if: env.needs_release == 'true'
 
       - uses: mathieudutour/github-tag-action@v6.1
+        if: env.needs_release == 'true'
         id: tag_version
         with:
           custom_tag: ${{ steps.naming-selector.outputs.TAG_NAME }}

.github/workflows/operator.yml

@@ -6,6 +6,7 @@ on:
       - operator/**
       - "!operator/webhook/**"
       - .github/workflows/operator.yml
+      - .github/workflows/scripts
   push:
     branches:
       - main
@@ -57,13 +58,17 @@ jobs:
 
       - run: |
           git fetch --tags
-          ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"
-        name: confirm git tag does not exist
+          if ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"; then
+            echo "needs_release=true" >> $GITHUB_ENV
+          fi
+        name: check if release is needed
 
       - run: make prep-release
+        if: env.needs_release == 'true'
         name: generate release files
 
       - uses: mathieudutour/github-tag-action@v6.1
+        if: env.needs_release == 'true'
         id: tag_version
         with:
           custom_tag: ${{ steps.naming-selector.outputs.TAG_NAME }}
@@ -72,6 +77,7 @@ jobs:
           tag_prefix: ""
 
       - uses: ncipollo/release-action@v1
+        if: env.needs_release == 'true'
         with:
           tag: ${{ steps.tag_version.outputs.new_tag }}
           name: Release ${{ steps.tag_version.outputs.new_tag }}

.github/workflows/scripts/shared/verify_current_webhook_img.sh

@@ -0,0 +1,15 @@
+OPERATOR_DIR=operator
+OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/integrationroute-controller.yaml
+
+verify_current_webhook_img() {
+  current_webhook_img=$(make --no-print-directory -C operator/webhook get-image-name)
+  webhook_image_used=$(yq eval '.spec.template.spec.containers[].image' $OPERATOR_CONTROLLER_YAML)
+
+  test -n "$current_webhook_img"
+  test -n "$webhook_image_used"
+
+  error_message="Operator is using $webhook_image_used but should be using the most recent $current_webhook_img."
+  test "$webhook_image_used" = "$current_webhook_img" || (echo $error_message && exit 1)
+}
+
+verify_current_webhook_img

.github/workflows/scripts/verify_minimal_app_releasable.sh

@@ -5,7 +5,7 @@ MINIMAL_APP_DIR=minimal-app
 verify_version_bump() {
   version=$(mvn -f minimal-app/pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)
   potential_tag="${GIT_TAG_PREFIX}${version}"
-  sh .github/workflows/scripts/verify_changes_update_version.sh $potential_tag $MINIMAL_APP_DIR
+  sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $MINIMAL_APP_DIR
 }
 
 verify_version_bump

.github/workflows/scripts/verify_operator_releasable.sh

@@ -1,22 +1,11 @@
 set -eux
 
 OPERATOR_DIR=operator
-OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/integrationroute-controller.yaml
-
-verify_current_webhook_img() {
-  current_webhook_img=$(make --no-print-directory -C operator/webhook get-image-name)
-  webhook_image_used=$(yq eval '.spec.template.spec.containers[].image' $OPERATOR_CONTROLLER_YAML)
-
-  test -n "$current_webhook_img"
-  test -n "$webhook_image_used"
-
-  test "$webhook_image_used" = "$current_webhook_img" || (echo "Operator is not using current version of webhook image" && exit 1)
-}
 
 verify_version_bump() {
   potential_tag=$(make --no-print-directory -C $OPERATOR_DIR get-tag)
-  sh .github/workflows/scripts/verify_changes_update_version.sh $potential_tag $OPERATOR_DIR
+  sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $OPERATOR_DIR
 }
 
-verify_current_webhook_img
+sh .github/workflows/scripts/shared/verify_current_webhook_img.sh
 verify_version_bump

.github/workflows/scripts/verify_webhook_releasable.sh

@@ -4,7 +4,8 @@ WEBHOOK_DIR=operator/webhook
 
 verify_version_bump() {
   potential_tag=$(make --no-print-directory -C $WEBHOOK_DIR get-tag)
-  sh .github/workflows/scripts/verify_changes_update_version.sh $potential_tag $WEBHOOK_DIR
+  sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $WEBHOOK_DIR
 }
 
+sh .github/workflows/scripts/shared/verify_current_webhook_img.sh
 verify_version_bump

.github/workflows/webhook.yml

@@ -5,6 +5,7 @@ on:
     paths:
       - operator/webhook/**
       - .github/workflows/webhook.yml
+      - .github/workflows/scripts
   push:
     branches:
       - main
@@ -81,32 +82,37 @@ jobs:
         id: naming-selector
         name: generate names for artifacts
 
-      - run: |
-          ! docker manifest inspect ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }}
-        name: confirm image is not already pushed
-
       - run: |
           git fetch --tags
-          ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"
-        name: confirm git tag does not exist
+          if git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"; then
+            # confirm image exists
+            docker manifest inspect ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }}
+          else
+            echo "needs_release=true" >> $GITHUB_ENV
+          fi
+        name: check if release is needed
 
       - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        if: env.needs_release == 'true'
         with:
           registry: ${{ steps.naming-selector.outputs.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
+        if: env.needs_release == 'true'
         uses: docker/setup-buildx-action@v3
 
       - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        if: env.needs_release == 'true'
         with:
           context: ${{ env.WORKING_DIR }}
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }}
 
       - uses: mathieudutour/github-tag-action@v6.1
+        if: env.needs_release == 'true'
         id: tag_version
         with:
           custom_tag: ${{ steps.naming-selector.outputs.TAG_NAME }}

operator/Makefile

@@ -1,4 +1,4 @@
-VERSION ?= 0.4.0
+VERSION ?= 0.4.1
 GIT_TAG := operator_v$(VERSION)
 KEIP_INTEGRATION_IMAGE ?= ghcr.io/octoconsulting/keip/minimal-app:latest
 

operator/controller/integrationroute-controller.yaml

@@ -50,7 +50,7 @@ spec:
     spec:
       containers:
         - name: webhook
-          image: ghcr.io/octoconsulting/keip/route-webhook:0.7.0
+          image: ghcr.io/octoconsulting/keip/route-webhook:0.8.0
           ports:
             - containerPort: 7080
               name: webhook-http