Add podman-entitlement GitHub Action.

[adelton]

Description

When building images that need Red Hat content beyond what is available in the Universal Base Image repositories, Red Hat subscription is needed. To avoid changing the Dockerfile and invoke subscription-manager register manually, this GitHub Actions calls that step in separate temporary container and uses /etc/containers/mounts.conf to configure subsequent podman build invocations to have access to the entitlements.

Note that for example registry.access.redhat.com/ubi9-minimal does not have subscription-manager at all so the approach with tweaking the Dockerfile and somehow passing the subscription credentials to the podman build invocation which gets sometimes recommended would not work with those minimalistic images at all.

Related Issue(s)

• Configuration of RH Entitlements  #32

Checklist

• This PR includes a documentation change
• This PR does not need a documentation change

---

• This PR includes test changes
• This PR's changes are already tested

---

• This change is not user-facing
• This change is a patch change
• This change is a minor change
• This change is a major (breaking) change

Changes made

• Add new GitHub Action podman-entitlement

[adelton]

I've been playing with this approach for a while in https://github.com/adelton/redhat-entitlements because I'd need it for RHEL-based container image builds and tests of https://github.com/freeipa/freeipa-container. With RHEL 9 release this week, I updated and tested the approach to use ubi9.

I currently did not include any tests with this PR because

• we'd need some valid subscription credentials in this repository to actually consume them and test the approach;
• it might be useful to actually test this from some external repository, to make sure the redhat-actions/common/podman-entitlement "path" to the Action works.

Please let me know how you'd like tests for this Action to be laid out.

[adelton]

I've now updated the code to make it a bit more readable.