Merge pull request #930 from abays/rapid_reset_cve_2 #370
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OSP Director Operator image builder | |
on: | |
push: | |
branches: | |
- '*' | |
paths-ignore: | |
- .gitignore | |
- .pull_request_pipeline | |
- changelog.txt | |
- kuttl-test.yaml | |
- LICENSE | |
- Makefile | |
- OWNERS | |
- PROJECT | |
- README.md | |
- .github/ | |
- build/ | |
- docs/ | |
- tests/ | |
env: | |
imageregistry: 'quay.io' | |
imagenamespace: ${{ secrets.IMAGENAMESPACE || secrets.QUAY_USERNAME }} | |
latesttag: latest | |
jobs: | |
check-secrets: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check secrets are set | |
id: have-secrets | |
if: "${{ env.imagenamespace != '' }}" | |
run: echo "ok=true" >>$GITHUB_OUTPUT | |
outputs: | |
have-secrets: ${{ steps.have-secrets.outputs.ok }} | |
build-osp-director-operator: | |
name: Build osp-director-operator image using buildah | |
runs-on: ubuntu-latest | |
needs: [check-secrets] | |
if: needs.check-secrets.outputs.have-secrets == 'true' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get branch name | |
id: branch-name | |
uses: tj-actions/branch-names@v6 | |
- name: Set latest tag for non master branch | |
if: "${{ steps.branch-name.outputs.current_branch != 'master' }}" | |
run: | | |
echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV | |
- name: Buildah Action | |
id: build-osp-director-operator | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: osp-director-operator | |
tags: ${{ env.latesttag }} ${{ github.sha }} | |
containerfiles: | | |
./Dockerfile | |
- name: Push osp-director-operator To ${{ env.imageregistry }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-osp-director-operator.outputs.image }} | |
tags: ${{ steps.build-osp-director-operator.outputs.tags }} | |
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
build-osp-director-downloader: | |
name: Build osp-director-downloader image using buildah | |
runs-on: ubuntu-latest | |
needs: [check-secrets] | |
if: needs.check-secrets.outputs.have-secrets == 'true' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get branch name | |
id: branch-name | |
uses: tj-actions/branch-names@v6 | |
- name: Set latest tag for non master branch | |
if: "${{ steps.branch-name.outputs.current_branch != 'master' }}" | |
run: | | |
echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV | |
- name: Buildah Action | |
id: build-osp-director-downloader | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: osp-director-downloader | |
tags: ${{ env.latesttag }} ${{ github.sha }} | |
containerfiles: | | |
./containers/image_downloader/Dockerfile | |
build-args: | | |
REMOTE_SOURCE=containers/image_downloader | |
- name: Push osp-director-downloader To ${{ env.imageregistry }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-osp-director-downloader.outputs.image }} | |
tags: ${{ steps.build-osp-director-downloader.outputs.tags }} | |
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
build-osp-director-agent: | |
name: Build agent image using buildah | |
runs-on: ubuntu-latest | |
needs: [check-secrets] | |
if: needs.check-secrets.outputs.have-secrets == 'true' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get branch name | |
id: branch-name | |
uses: tj-actions/branch-names@v6 | |
- name: Set latest tag for non master branch | |
if: "${{ steps.branch-name.outputs.current_branch != 'master' }}" | |
run: | | |
echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV | |
- name: Buildah Action | |
id: build-osp-director-agent | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: osp-director-agent | |
tags: ${{ env.latesttag }} ${{ github.sha }} | |
containerfiles: | | |
./Dockerfile.agent | |
- name: Push agent To ${{ env.imageregistry }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-osp-director-agent.outputs.image }} | |
tags: ${{ steps.build-osp-director-agent.outputs.tags }} | |
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
build-osp-director-operator-bundles: | |
needs: [ check-secrets, build-osp-director-operator, build-osp-director-downloader, build-osp-director-agent ] | |
name: osp-director-operator-bundles | |
runs-on: ubuntu-latest | |
if: needs.check-secrets.outputs.have-secrets == 'true' | |
strategy: | |
matrix: | |
osp_release: | |
- "16.2" | |
- "17.0" | |
- "17.1" | |
# When set to true, GitHub cancels all in-progress jobs if any matrix job fails. | |
fail-fast: true | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19.x | |
- name: Checkout osp-director-operator repository | |
uses: actions/checkout@v3 | |
- name: Install operator-sdk | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
source: github | |
operator-sdk: '1.26.0' | |
- name: Log in to Quay Registry | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: ${{ env.imageregistry }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Log in to Red Hat Registry | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.REDHATIO_USERNAME }} | |
password: ${{ secrets.REDHATIO_PASSWORD }} | |
- name: Create bundle image | |
run: | | |
pushd "${GITHUB_WORKSPACE}"/.github/ | |
chmod +x "create_bundle.sh" | |
"./create_bundle.sh" | |
popd | |
env: | |
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
GITHUB_SHA: ${{ github.sha }} | |
BASE_IMAGE: osp-director-operator | |
AGENT_IMAGE: osp-director-agent | |
DOWNLOADER_IMAGE: osp-director-downloader | |
OSP_RELEASE: "${{ matrix.osp_release }}" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get branch name | |
id: branch-name | |
uses: tj-actions/branch-names@v6 | |
- name: Set latest tag for non master branch | |
if: "${{ steps.branch-name.outputs.current_branch != 'master' }}" | |
run: | | |
echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV | |
- name: Build osp-director-operator-bundle using buildah | |
id: build-osp-director-operator-bundle | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: osp-director-operator-bundle | |
tags: ${{ env.latesttag }}-${{ matrix.osp_release }} ${{ github.sha }}-${{ matrix.osp_release }} | |
containerfiles: | | |
./bundle.Dockerfile | |
- name: Push osp-director-operator-bundle To ${{ env.imageregistry }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-osp-director-operator-bundle.outputs.image }} | |
tags: ${{ steps.build-osp-director-operator-bundle.outputs.tags }} | |
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
build-osp-director-operator-indexes: | |
needs: [ check-secrets, build-osp-director-operator-bundles ] | |
name: osp-director-operator-indexes | |
runs-on: ubuntu-latest | |
if: needs.check-secrets.outputs.have-secrets == 'true' | |
strategy: | |
matrix: | |
osp_release: | |
- "16.2" | |
- "17.0" | |
- "17.1" | |
# When set to true, GitHub cancels all in-progress jobs if any matrix job fails. | |
fail-fast: true | |
# The maximum number of jobs that can run simultaneously | |
#max-parallel: 1 | |
steps: | |
- name: Checkout osp-director-operator repository | |
uses: actions/checkout@v3 | |
- name: Get branch name | |
id: branch-name | |
uses: tj-actions/branch-names@v6 | |
- name: Set latest tag for non master branch | |
if: "${{ steps.branch-name.outputs.current_branch != 'master' }}" | |
run: | | |
echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV | |
- name: Install opm | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
source: github | |
opm: 'latest' | |
- name: Log in to Red Hat Registry | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: ${{ env.imageregistry }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Create index image | |
run: | | |
pushd "${GITHUB_WORKSPACE}"/.github/ | |
chmod +x "create_opm_index.sh" | |
"./create_opm_index.sh" | |
popd | |
env: | |
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
GITHUB_SHA_TAG: ${{ github.sha }}-${{ matrix.osp_release }} | |
BUNDLE_IMAGE: osp-director-operator-bundle | |
INDEX_IMAGE_TAG: ${{ env.latesttag }}-${{ matrix.osp_release }} | |
INDEX_IMAGE: osp-director-operator-index | |
- name: Push osp-director-operator-index To ${{ env.imageregistry }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: osp-director-operator-index | |
tags: ${{ env.latesttag }}-${{ matrix.osp_release }} ${{ github.sha }}-${{ matrix.osp_release }} | |
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} |