-
Notifications
You must be signed in to change notification settings - Fork 20
144 lines (138 loc) · 5.78 KB
/
build-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: build-CI
concurrency:
group: ci-${{ github.run_id }}
cancel-in-progress: true
on:
push:
branches:
- main
- v[0-9]+
- v[0-9]+.[0-9]+
- cryostat-v[0-9]+.[0-9]+
# TODO remove once merged into main
- cryostat3
env:
CI_USER: cryostat+bot
CI_REGISTRY: quay.io/cryostat
CI_OPERATOR_IMG: quay.io/cryostat/cryostat-operator
CI_BUNDLE_IMG: quay.io/cryostat/cryostat-operator-bundle
CI_SCORECARD_IMG: quay.io/cryostat/cryostat-operator-scorecard
CI_PLATFORMS: linux/amd64,linux/arm64
OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key"
OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"
jobs:
build-operator:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install podman v4
run: |
echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt update
sudo apt install podman
- name: Build operator image
run: |
IMAGE_NAMESPACE=${{ env.CI_REGISTRY }} SKIP_TESTS=true PLATFORMS=${{ env.CI_PLATFORMS }} MANIFEST_PUSH=false make oci-buildx
- name: Tag image
id: tag-image
run: |
IMG_TAG="$(make --eval='print-img-ver: ; @echo $(IMAGE_VERSION)' print-img-ver)"
if [ "$GITHUB_REF" == "refs/heads/main" ]; then
podman tag \
${{ env.CI_OPERATOR_IMG }}:$IMG_TAG \
${{ env.CI_OPERATOR_IMG }}:latest
echo "tags=$IMG_TAG latest" >> $GITHUB_OUTPUT
else
echo "tags=$IMG_TAG" >> $GITHUB_OUTPUT
fi
- name: Push to quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: cryostat-operator
tags: ${{ steps.tag-image.outputs.tags }}
registry: ${{ env.CI_REGISTRY }}
username: ${{ env.CI_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
if: ${{ github.repository_owner == 'cryostatio' }}
- name: Print image URL
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
build-bundle:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build bundle image
run: IMAGE_NAMESPACE=${{ env.CI_REGISTRY }} make bundle-build
- name: Tag image
id: tag-image
run: |
IMG_TAG="$(make --eval='print-img-ver: ; @echo $(IMAGE_VERSION)' print-img-ver)"
if [ "$GITHUB_REF" == "refs/heads/main" ]; then
podman tag \
${{ env.CI_BUNDLE_IMG }}:$IMG_TAG \
${{ env.CI_BUNDLE_IMG }}:latest
echo "tags=$IMG_TAG latest" >> $GITHUB_OUTPUT
else
echo "tags=$IMG_TAG" >> $GITHUB_OUTPUT
fi
- name: Push to quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: cryostat-operator-bundle
tags: ${{ steps.tag-image.outputs.tags }}
registry: ${{ env.CI_REGISTRY }}
username: ${{ env.CI_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
if: ${{ github.repository_owner == 'cryostatio' }}
- name: Print image URL
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
build-scorecard:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get scorecard image tag
id: get-image-tag
run: |
SCORECARD_TAG=$(yq '[.stages[1].tests[].image | capture("cryostat-operator-scorecard:(?P<tag>[\w.\-_]+)$")][0].tag' bundle/tests/scorecard/config.yaml)
echo "tag=$SCORECARD_TAG" >> $GITHUB_OUTPUT
- name: Check if scorecard image tag already exists
id: check-tag-exists
run: |
EXIST=false
STATUS_CODE=$(curl -ILs -o /dev/null https://quay.io/v2/${CI_SCORECARD_IMG/"quay.io/"/}/manifests/${{ steps.get-image-tag.outputs.tag }} -w "%{http_code}")
if [ ${STATUS_CODE} -eq 200 ]; then
EXIST=true
elif [ ${STATUS_CODE} -ne 404 ]; then
echo "Failed to query image's existence with status code ${STATUS_CODE}"
exit 1
fi
echo "${CI_SCORECARD_IMG}:${{ steps.get-image-tag.outputs.tag }} exists: $EXIST"
echo "exist=$EXIST" >> $GITHUB_OUTPUT
- name: Install podman v4
run: |
echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt update
sudo apt install podman
- name: Build scorecard image
run: |
CUSTOM_SCORECARD_IMG=${CI_SCORECARD_IMG}:${{ steps.get-image-tag.outputs.tag }} \
PLATFORMS=${{ env.CI_PLATFORMS }} \
MANIFEST_PUSH=false \
make scorecard-build
if: ${{ steps.check-tag-exists.outputs.exist == 'false' }}
- name: Push to quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: cryostat-operator-scorecard
tags: ${{ steps.get-image-tag.outputs.tag }}
registry: ${{ env.CI_REGISTRY }}
username: ${{ env.CI_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
if: ${{ steps.check-tag-exists.outputs.exist == 'false' && github.repository_owner == 'cryostatio' }}
- name: Print image URL
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
if: ${{ steps.check-tag-exists.outputs.exist == 'false' }}