forked from openshift/compliance-operator
-
Notifications
You must be signed in to change notification settings - Fork 24
157 lines (149 loc) · 6.26 KB
/
release-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Release PR image
on:
workflow_run:
workflows: [PR Image Trigger]
types:
- completed
jobs:
get-pr-number:
name: Get PR number
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.pr_number.outputs.pr_number }}
commit_sha: ${{ steps.commit_sha.outputs.commit_sha }}
platforms: ${{ steps.arch.outputs.platforms }}
steps:
- name: "Download artifacts"
uses: actions/github-script@v7
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr_number"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
- name: "Unzip artifact"
run: unzip pr_number.zip
- name: "Read PR number"
id: pr_number
run: |
echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT"
- name: "Read commit SHA"
id: commit_sha
run: |
echo "commit_sha=$(cat commit_sha)" >> "$GITHUB_OUTPUT"
- name: "Get all labels"
id: labels
uses: snnaplab/[email protected]
with:
number: ${{ steps.pr_number.outputs.pr_number }}
- name: "Check arch to build from labels"
id: arch
run: |
platforms="linux/amd64" # append other platforms as needed to platforms variable
if [[ $(echo "${{ steps.labels.outputs.labels }}" | grep -c "arch/ppc64le") -gt 0 ]]; then
platforms="$platforms,linux/ppc64le"
fi
if [[ $(echo "${{ steps.labels.outputs.labels }}" | grep -c "arch/s390x") -gt 0 ]]; then
platforms="$platforms,linux/s390x"
fi
echo "platforms=$platforms" >> "$GITHUB_OUTPUT"
operator-container-push-pr:
needs: get-pr-number
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: build/Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ needs.get-pr-number.outputs.platforms }}
bundle-container-push-pr:
needs: get-pr-number
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator-bundle
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: bundle.Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
prepare_command: |
make bundle OPERATOR_IMAGE=ghcr.io/complianceascode/compliance-operator:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} OPENSCAP_IMAGE=ghcr.io/complianceascode/openscap-ocp:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
platforms: ${{ needs.get-pr-number.outputs.platforms }}
openscap-container-push-pr:
needs: get-pr-number
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: openscap-ocp
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: images/openscap/Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ needs.get-pr-number.outputs.platforms }}
catalog-container-push-pr:
needs:
- get-pr-number
- operator-container-push-pr
- bundle-container-push-pr
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator-catalog
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: catalog.Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
prepare_command: |
make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
platforms: ${{ needs.get-pr-number.outputs.platforms }}
comment-pr:
needs:
- operator-container-push-pr
- bundle-container-push-pr
- openscap-container-push-pr
- catalog-container-push-pr
- get-pr-number
runs-on: ubuntu-latest
name: Comment on the PR
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Comment PR
uses: thollander/actions-comment-pull-request@v2
with:
message: |
:robot: To deploy this PR, run the following command:
```
make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
```
pr_number: ${{ needs.get-pr-number.outputs.pr-number }}