|
6 | 6 | - main |
7 | 7 |
|
8 | 8 | env: |
9 | | - GHCR_REGISTRY: ghcr.io |
10 | | - GHCR_UI_IMAGE_NAME: "${{ github.repository }}/ui" |
11 | | - QUAY_REGISTRY: quay.io |
12 | | - QUAY_UI_IMAGE_NAME: instructlab-ui/ui |
13 | | - GHCR_PS_IMAGE_NAME: "${{ github.repository }}/pathservice" |
14 | | - QUAY_PS_IMAGE_NAME: instructlab-ui/pathservice |
| 9 | + QUAY_REGISTRY: "quay.io" |
| 10 | + QUAY_ORG: "instructlab-ui" |
| 11 | + GHCR_REGISTRY: "ghcr.io" |
| 12 | + GHCR_ORG: "${{ github.repository }}" # instructlab/ui |
15 | 13 |
|
16 | 14 | jobs: |
17 | | - build_and_publish_ui_qa_image: |
18 | | - name: Push QA UI container image to GHCR and QUAY |
| 15 | + build_and_publish_QA_images: |
| 16 | + name: Build and Push QA images |
19 | 17 | runs-on: ubuntu-latest |
20 | 18 | environment: registry-creds |
21 | 19 | permissions: |
22 | 20 | packages: write |
23 | 21 | contents: write |
24 | 22 | attestations: write |
25 | 23 | id-token: write |
| 24 | + strategy: |
| 25 | + matrix: |
| 26 | + image_info: |
| 27 | + - image: "ui" |
| 28 | + long_name: "User Interface" |
| 29 | + containerfile_path: "src/Containerfile" |
| 30 | + build_context: "." |
| 31 | + - image: "pathservice" |
| 32 | + long_name: "Pathservice" |
| 33 | + containerfile_path: "pathservice/Containerfile" |
| 34 | + build_context: "." |
26 | 35 |
|
27 | 36 | steps: |
28 | 37 | - name: Check out the repo |
@@ -100,265 +109,56 @@ jobs: |
100 | 109 | console.log("No merged PR found in the recent closed PRs."); |
101 | 110 | return ''; |
102 | 111 |
|
103 | | - - name: Extract GHCR metadata (tags, labels) for UI image |
| 112 | + - name: Extract Quay.io and GHRC metadata (tags, labels) for ${{ matrix.image_info.long_name }} image |
104 | 113 | if: env.SKIP_WORKFLOW == 'false' |
105 | | - id: ghcr_ui_meta |
| 114 | + id: extract_meta |
106 | 115 | uses: docker/metadata-action@v5 |
107 | 116 | with: |
108 | | - images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }} |
| 117 | + images: | |
| 118 | + ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_ORG }}/${{ matrix.image_info.image }} |
| 119 | + ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_ORG }}/${{ matrix.image_info.image }} |
109 | 120 |
|
110 | | - - name: Extract Quay metadata (tags, labels) for UI image |
| 121 | + - name: Build and push ${{ matrix.image_info.long_name }} image to Quay.io and GHCR |
111 | 122 | if: env.SKIP_WORKFLOW == 'false' |
112 | | - id: quay_ui_meta |
113 | | - uses: docker/metadata-action@v5 |
114 | | - with: |
115 | | - images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }} |
116 | | - |
117 | | - - name: Build and push ui image to ghcr.io |
118 | | - if: env.SKIP_WORKFLOW == 'false' |
119 | | - id: push-ui-ghcr |
| 123 | + id: build_and_push |
120 | 124 | uses: docker/build-push-action@v6 |
121 | 125 | with: |
122 | | - context: . |
123 | | - push: true |
124 | | - tags: |- |
125 | | - "${{ steps.ghcr_ui_meta.outputs.tags }}" |
126 | | - "${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}" |
127 | | - labels: ${{ steps.ghcr_ui_meta.outputs.labels }} |
| 126 | + context: "${{ matrix.image_info.build_context }}" |
| 127 | + tags: | |
| 128 | + "${{ steps.extract_meta.outputs.tags }}" |
| 129 | + "${{ env.QUAY_REGISTRY }}/${{ env.QUAY_ORG }}/${{ matrix.image_info.image }}:pr-${{ steps.get_pr_number.outputs.result }}" |
| 130 | + "${{ env.GHCR_REGISTRY }}/${{ env.GHCR_ORG }}/${{ matrix.image_info.image }}:pr-${{ steps.get_pr_number.outputs.result }}" |
| 131 | + labels: ${{ steps.extract_meta.outputs.labels }} |
128 | 132 | platforms: linux/amd64,linux/arm64 |
129 | 133 | cache-from: type=gha |
130 | 134 | cache-to: type=gha,mode=max |
131 | | - file: src/Containerfile |
132 | | - |
133 | | - - name: Generate GHCR artifact attestation |
134 | | - if: env.SKIP_WORKFLOW == 'false' |
135 | | - uses: actions/attest-build-provenance@v2 |
136 | | - with: |
137 | | - subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} |
138 | | - subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} |
139 | | - push-to-registry: true |
140 | | - |
141 | | - - name: Build and push ui image to quay.io |
142 | | - if: env.SKIP_WORKFLOW == 'false' |
143 | | - id: push-ui-quay |
144 | | - uses: docker/build-push-action@v6 |
145 | | - with: |
146 | | - context: . |
| 135 | + file: "${{ matrix.image_info.containerfile_path}}" |
| 136 | + provenance: mode=max |
| 137 | + sbom: true |
147 | 138 | push: true |
148 | | - tags: |- |
149 | | - "${{ steps.quay_ui_meta.outputs.tags }}" |
150 | | - "${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}" |
151 | | - labels: ${{ steps.quay_ui_meta.outputs.labels }} |
152 | | - platforms: linux/amd64,linux/arm64 |
153 | | - cache-from: type=gha |
154 | | - cache-to: type=gha,mode=max |
155 | | - file: src/Containerfile |
156 | | - |
157 | | - - name: Generate QA UI Quay artifact attestation |
158 | | - if: env.SKIP_WORKFLOW == 'false' |
159 | | - uses: actions/attest-build-provenance@v2 |
160 | | - with: |
161 | | - subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} |
162 | | - subject-digest: ${{ steps.push-ui-quay.outputs.digest }} |
163 | | - push-to-registry: true |
164 | 139 |
|
165 | 140 | - name: Update coderefs before code changes |
166 | 141 | if: env.SKIP_WORKFLOW == 'false' |
167 | 142 | run: |- |
168 | 143 | git pull --ff-only |
169 | 144 |
|
170 | | - - name: Update QA Quay UI image |
171 | | - if: env.SKIP_WORKFLOW == 'false' |
172 | | - id: update_qa_ui_manifest_image |
| 145 | + - name: Update QA ${{ matrix.image_info.long_name }} Image manifest |
| 146 | + id: update_qa_image_manifest |
| 147 | + if: ${{ env.SKIP_WORKFLOW == 'false' }} |
173 | 148 | env: |
174 | 149 | PR_TAG: "pr-${{ steps.get_pr_number.outputs.result }}" |
175 | 150 | run: |- |
176 | 151 | sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq |
177 | 152 | sudo chmod +x /usr/local/bin/yq |
178 | 153 | yq -i ' |
179 | | - (.images[] | select(.name == "quay.io/${{env.QUAY_UI_IMAGE_NAME}}") | .newTag) = env(PR_TAG) |
| 154 | + (.images[] | select(.name == "${{ env.QUAY_REGISTRY }}/${{ env.QUAY_ORG }}/${{ matrix.image_info.image }}") | .newTag) = env(PR_TAG) |
180 | 155 | ' deploy/k8s/overlays/openshift/qa/kustomization.yaml |
181 | 156 |
|
182 | | - - name: Commit and push bump QA UI Image manifest |
| 157 | + - name: Commit and push bump QA ${{ matrix.image_info.long_name }} Image manifest |
183 | 158 | if: env.SKIP_WORKFLOW == 'false' |
184 | 159 | run: |- |
185 | 160 | git config user.name "platform-engineering-bot" |
186 | 161 | git config user.email "[email protected]" |
187 | 162 | git add deploy/k8s/overlays/openshift/qa/kustomization.yaml |
188 | 163 | git commit -m "[CI AUTOMATION]: Bumping QA UI image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s |
189 | 164 | git push origin main |
190 | | -
|
191 | | - build_and_publish_ps_qa_image: |
192 | | - name: Push QA pathservice container image to GHCR and QUAY |
193 | | - runs-on: ubuntu-latest |
194 | | - environment: registry-creds |
195 | | - permissions: |
196 | | - packages: write |
197 | | - contents: write |
198 | | - attestations: write |
199 | | - id-token: write |
200 | | - |
201 | | - steps: |
202 | | - - name: Check out the repo |
203 | | - uses: actions/checkout@v4 |
204 | | - with: |
205 | | - token: ${{ secrets.BOT_PAT }} |
206 | | - ref: 'main' |
207 | | - |
208 | | - - name: Skip if triggered by GitHub Actions bot |
209 | | - id: check_skip |
210 | | - run: |- |
211 | | - if [[ "$(git log -1 --pretty=format:'%s')" == *"[CI AUTOMATION]:"* ]]; then |
212 | | - echo "Workflow triggered by previous action commit. Skipping." |
213 | | - echo "SKIP_WORKFLOW=true" >> "$GITHUB_ENV" |
214 | | - else |
215 | | - echo "SKIP_WORKFLOW=false" >> "$GITHUB_ENV" |
216 | | - fi |
217 | | -
|
218 | | - - name: Log in to the GHCR container image registry |
219 | | - if: env.SKIP_WORKFLOW == 'false' |
220 | | - uses: docker/login-action@v3 |
221 | | - with: |
222 | | - registry: ${{ env.GHCR_REGISTRY }} |
223 | | - username: ${{ github.actor }} |
224 | | - password: ${{ secrets.GITHUB_TOKEN }} |
225 | | - |
226 | | - - name: Log in to the Quay container image registry |
227 | | - if: env.SKIP_WORKFLOW == 'false' |
228 | | - uses: docker/login-action@v3 |
229 | | - with: |
230 | | - registry: ${{ env.QUAY_REGISTRY }} |
231 | | - username: ${{ secrets.QUAY_USERNAME }} |
232 | | - password: ${{ secrets.QUAY_TOKEN }} |
233 | | - |
234 | | - - name: Set up Docker Buildx |
235 | | - if: env.SKIP_WORKFLOW == 'false' |
236 | | - uses: docker/setup-buildx-action@v3 |
237 | | - |
238 | | - - name: Cache Docker layers |
239 | | - if: env.SKIP_WORKFLOW == 'false' |
240 | | - uses: actions/cache@v4 |
241 | | - with: |
242 | | - path: /tmp/.buildx-cache |
243 | | - key: ${{ runner.os }}-buildx-${{ github.sha }} |
244 | | - restore-keys: | |
245 | | - ${{ runner.os }}-buildx- |
246 | | -
|
247 | | - - name: Get Pull Request Number from Commit |
248 | | - if: env.SKIP_WORKFLOW == 'false' |
249 | | - id: get_pr_number |
250 | | - uses: actions/github-script@v7 |
251 | | - with: |
252 | | - script: | |
253 | | - console.log("Repository owner:", context.repo.owner); |
254 | | - console.log("Repository name:", context.repo.repo); |
255 | | - console.log("Current commit SHA:", context.sha); |
256 | | -
|
257 | | - const prs = await github.rest.pulls.list({ |
258 | | - owner: context.repo.owner, |
259 | | - repo: context.repo.repo, |
260 | | - state: 'closed', |
261 | | - sort: 'updated', |
262 | | - direction: 'desc' |
263 | | - }); |
264 | | - console.log("Number of closed PRs fetched:", prs.data.length); |
265 | | -
|
266 | | - for (const pr of prs.data) { |
267 | | - console.log("Checking PR #", pr.number, "- Merged:"); |
268 | | - if (pr.merged_at != "") { |
269 | | - console.log("Found merged PR:", pr.number); |
270 | | - return pr.number; |
271 | | - } |
272 | | - } |
273 | | -
|
274 | | - console.log("No merged PR found in the recent closed PRs."); |
275 | | - return ''; |
276 | | -
|
277 | | - - name: Extract metadata (tags, labels) for pathservice image |
278 | | - if: env.SKIP_WORKFLOW == 'false' |
279 | | - id: ghcr_ps_meta |
280 | | - uses: docker/metadata-action@v5 |
281 | | - with: |
282 | | - images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }} |
283 | | - |
284 | | - - name: Extract metadata (tags, labels) for pathservice image |
285 | | - if: env.SKIP_WORKFLOW == 'false' |
286 | | - id: quay_ps_meta |
287 | | - uses: docker/metadata-action@v5 |
288 | | - with: |
289 | | - images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }} |
290 | | - |
291 | | - - name: Build and push QA PS image to ghcr.io |
292 | | - if: env.SKIP_WORKFLOW == 'false' |
293 | | - id: push-ps-ghcr |
294 | | - uses: docker/build-push-action@v6 |
295 | | - with: |
296 | | - context: . |
297 | | - push: true |
298 | | - tags: | |
299 | | - "${{ steps.ghcr_ps_meta.outputs.tags }}" |
300 | | - "${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}" |
301 | | - labels: ${{ steps.ghcr_ps_meta.outputs.labels }} |
302 | | - platforms: linux/amd64,linux/arm64 |
303 | | - cache-from: type=gha |
304 | | - cache-to: type=gha,mode=max |
305 | | - file: pathservice/Containerfile |
306 | | - |
307 | | - - name: Generate QA PS GHCR artifact attestation |
308 | | - if: env.SKIP_WORKFLOW == 'false' |
309 | | - uses: actions/attest-build-provenance@v2 |
310 | | - with: |
311 | | - subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}} |
312 | | - subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }} |
313 | | - push-to-registry: true |
314 | | - |
315 | | - - name: Build and push QA PS image to quay.io |
316 | | - if: env.SKIP_WORKFLOW == 'false' |
317 | | - id: push-ps-quay |
318 | | - uses: docker/build-push-action@v6 |
319 | | - with: |
320 | | - context: . |
321 | | - push: true |
322 | | - tags: | |
323 | | - "${{ steps.quay_ps_meta.outputs.tags }}" |
324 | | - "${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}" |
325 | | - labels: ${{ steps.quay_ps_meta.outputs.labels }} |
326 | | - platforms: linux/amd64,linux/arm64 |
327 | | - cache-from: type=gha |
328 | | - cache-to: type=gha,mode=max |
329 | | - file: pathservice/Containerfile |
330 | | - |
331 | | - - name: Generate QA PS Quay artifact attestation |
332 | | - if: env.SKIP_WORKFLOW == 'false' |
333 | | - uses: actions/attest-build-provenance@v2 |
334 | | - with: |
335 | | - subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME}} |
336 | | - subject-digest: ${{ steps.push-ps-quay.outputs.digest }} |
337 | | - push-to-registry: true |
338 | | - |
339 | | - |
340 | | - - name: Update coderefs before code changes |
341 | | - if: env.SKIP_WORKFLOW == 'false' |
342 | | - run: |- |
343 | | - git pull --ff-only |
344 | | -
|
345 | | - - name: Update QA PS Quay image |
346 | | - if: env.SKIP_WORKFLOW == 'false' |
347 | | - id: update_qa_ps_manifest_image |
348 | | - env: |
349 | | - PR_TAG: "pr-${{ steps.get_pr_number.outputs.result }}" |
350 | | - run: |- |
351 | | - sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq |
352 | | - sudo chmod +x /usr/local/bin/yq |
353 | | - yq -i ' |
354 | | - (.images[] | select(.name == "quay.io/${{env.QUAY_PS_IMAGE_NAME}}") | .newTag) = env(PR_TAG) |
355 | | - ' deploy/k8s/overlays/openshift/qa/kustomization.yaml |
356 | | -
|
357 | | - - name: Commit and push bump QA PS Image manifest |
358 | | - if: env.SKIP_WORKFLOW == 'false' |
359 | | - run: |- |
360 | | - git config user.name "platform-engineering-bot" |
361 | | - git config user.email "[email protected]" |
362 | | - git add deploy/k8s/overlays/openshift/qa/kustomization.yaml |
363 | | - git commit -m "[CI AUTOMATION]: Bumping QA PS image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s |
364 | | - git push origin main |
0 commit comments