Merge pull request #488 from ComplianceAsCode/action

Add GitHub action to build image on new PR
ComplianceAsCode · Jan 26, 2024 · 87b61e6 · 87b61e6
2 parents 97c897c + 512bcbf
commit 87b61e6
Showing 1 changed file with 152 additions and 0 deletions.
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
@@ -0,0 +1,152 @@
+name: Release PR image
+
+on:
+  pull_request:
+    types:
+    - opened
+    - reopened
+    - synchronize
+
+jobs:
+  get-pr-number:
+    name: Get PR number
+    runs-on: ubuntu-latest
+    outputs:
+      pr-number: ${{ steps.get-pr-number.outputs.pr-number }}
+    steps:
+      - name: Get PR number
+        id: get-pr-number
+        run: echo "::set-output name=pr-number::$(echo ${GITHUB_REF#refs/pull/} | cut -d'/' -f1)"
+  operator-container-push-pr:
+    needs: get-pr-number
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
+    with:
+      name: compliance-operator
+      registry_org: complianceascode
+      tag: ${{ needs.get-pr-number.outputs.pr-number }}
+      dockerfile_path: build/Dockerfile
+      vendor: 'Compliance Operator Authors'
+
+  bundle-container-push-pr:
+    needs: get-pr-number
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
+    with:
+      name: compliance-operator-bundle
+      registry_org: complianceascode
+      tag: ${{ needs.get-pr-number.outputs.pr-number }}
+      dockerfile_path: bundle.Dockerfile
+      vendor: 'Compliance Operator Authors'
+
+  openscap-container-push-pr:
+    needs: get-pr-number
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
+    with:
+      name: openscap-ocp
+      registry_org: complianceascode
+      tag: ${{ needs.get-pr-number.outputs.pr-number }}
+      dockerfile_path: images/openscap/Dockerfile
+      vendor: 'Compliance Operator Authors'
+
+  catalog-container-push-pr:
+    runs-on: ubuntu-latest
+    needs:
+    - get-pr-number
+    - bundle-container-push-pr
+    if: always() # remove this after we fix signing
+
+    permissions:
+      packages: write
+      contents: read
+
+    outputs:
+      image-digest: ${{ steps.container_info.outputs.image-digest }}
+      image-tags: ${{ steps.container_info.outputs.image-tags }}
+
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Login to ghcr.io
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/complianceascode/compliance-operator-catalog
+          tags: |
+            type=raw,value=${{ needs.get-pr-number.outputs.pr-number }}
+            type=sha,format=long
+          labels: |
+            org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
+            org.opencontainers.image.title=compliance-operator-catalog
+            org.opencontainers.image.version=latest
+            org.opencontainers.image.licenses='Apache-2.0'
+            org.opencontainers.image.vendor='Compliance Operator Authors'
+        
+      - name: Generate catalog dockerfile
+        id: generate_catalog_dockerfile
+        run: |
+          make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}
+
+      - name: Build container images and push
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: catalog.Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
+          platforms: 'linux/amd64'
+
+      - name: Get container info
+        id: container_info
+        run: |
+          image_tags="${{ needs.get-pr-number.outputs.pr-number }}"
+          echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}"
+          echo "::set-output name=image-tags::${image_tags}"
+
+  comment-pr:
+    needs: 
+    - operator-container-push-pr
+    - bundle-container-push-pr
+    - openscap-container-push-pr
+    - catalog-container-push-pr
+    - get-pr-number
+    runs-on: ubuntu-latest
+    name: Comment on the PR
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Comment PR
+        uses: thollander/actions-comment-pull-request@v2
+        with:
+          message: |
+            :robot: To deploy this PR, run the following command:
+            ```
+            make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}
+            ```