Release PR image #769
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release PR image | |
on: | |
workflow_run: | |
workflows: [PR Image Trigger] | |
types: | |
- completed | |
jobs: | |
get-pr-number: | |
name: Get PR number | |
runs-on: ubuntu-latest | |
outputs: | |
pr-number: ${{ steps.pr_number.outputs.pr_number }} | |
commit_sha: ${{ steps.commit_sha.outputs.commit_sha }} | |
platforms: ${{ steps.arch.outputs.platforms }} | |
steps: | |
- name: "Download artifacts" | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: context.payload.workflow_run.id, | |
}); | |
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "pr_number" | |
})[0]; | |
let download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
let fs = require('fs'); | |
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data)); | |
- name: "Unzip artifact" | |
run: unzip pr_number.zip | |
- name: "Read PR number" | |
id: pr_number | |
run: | | |
echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT" | |
- name: "Read commit SHA" | |
id: commit_sha | |
run: | | |
echo "commit_sha=$(cat commit_sha)" >> "$GITHUB_OUTPUT" | |
- name: "Get all labels" | |
id: labels | |
uses: snnaplab/get-labels-action@v1.0.1 | |
with: | |
number: ${{ steps.pr_number.outputs.pr_number }} | |
- name: "Check arch to build from labels" | |
id: arch | |
run: | | |
platforms="linux/amd64" # append other platforms as needed to platforms variable | |
if [[ $(echo "${{ steps.labels.outputs.labels }}" | grep -c "arch/ppc64le") -gt 0 ]]; then | |
platforms="$platforms,linux/ppc64le" | |
fi | |
if [[ $(echo "${{ steps.labels.outputs.labels }}" | grep -c "arch/s390x") -gt 0 ]]; then | |
platforms="$platforms,linux/s390x" | |
fi | |
echo "platforms=$platforms" >> "$GITHUB_OUTPUT" | |
operator-container-push-pr: | |
needs: get-pr-number | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main | |
with: | |
name: compliance-operator | |
registry_org: complianceascode | |
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
dockerfile_path: build/Dockerfile | |
vendor: "Compliance Operator Authors" | |
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head | |
platforms: ${{ needs.get-pr-number.outputs.platforms }} | |
bundle-container-push-pr: | |
needs: get-pr-number | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main | |
with: | |
name: compliance-operator-bundle | |
registry_org: complianceascode | |
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
dockerfile_path: bundle.Dockerfile | |
vendor: "Compliance Operator Authors" | |
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head | |
prepare_command: | | |
make bundle OPERATOR_IMAGE=ghcr.io/complianceascode/compliance-operator:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} OPENSCAP_IMAGE=ghcr.io/complianceascode/openscap-ocp:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
platforms: ${{ needs.get-pr-number.outputs.platforms }} | |
openscap-container-push-pr: | |
needs: get-pr-number | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main | |
with: | |
name: openscap-ocp | |
registry_org: complianceascode | |
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
dockerfile_path: images/openscap/Dockerfile | |
vendor: "Compliance Operator Authors" | |
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head | |
platforms: ${{ needs.get-pr-number.outputs.platforms }} | |
catalog-container-push-pr: | |
needs: | |
- get-pr-number | |
- operator-container-push-pr | |
- bundle-container-push-pr | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main | |
with: | |
name: compliance-operator-catalog | |
registry_org: complianceascode | |
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
dockerfile_path: catalog.Dockerfile | |
vendor: "Compliance Operator Authors" | |
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head | |
prepare_command: | | |
make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
platforms: ${{ needs.get-pr-number.outputs.platforms }} | |
comment-pr: | |
needs: | |
- operator-container-push-pr | |
- bundle-container-push-pr | |
- openscap-container-push-pr | |
- catalog-container-push-pr | |
- get-pr-number | |
runs-on: ubuntu-latest | |
name: Comment on the PR | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Comment PR | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: | | |
:robot: To deploy this PR, run the following command: | |
``` | |
make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} | |
``` | |
pr_number: ${{ needs.get-pr-number.outputs.pr-number }} |