From fd3ba694466c95c662667e9c92df1229470995f0 Mon Sep 17 00:00:00 2001 From: greg pereira Date: Tue, 12 Nov 2024 12:57:44 -0800 Subject: [PATCH] combining tags and use combined tags Signed-off-by: greg pereira --- .github/workflows/pr-images.yml | 128 +++++++++++-- .github/workflows/release-images.yml | 266 ++++++++++++++++++++++----- 2 files changed, 332 insertions(+), 62 deletions(-) diff --git a/.github/workflows/pr-images.yml b/.github/workflows/pr-images.yml index bc6d1bf5..dbafb908 100644 --- a/.github/workflows/pr-images.yml +++ b/.github/workflows/pr-images.yml @@ -1,23 +1,20 @@ -name: Publish container images +name: Publish QA Container Images on: push: branches: - main - - release-1.0 - tags: - - v* env: GHCR_REGISTRY: ghcr.io GHCR_UI_IMAGE_NAME: ${{ github.repository }}/ui QUAY_REGISTRY: quay.io QUAY_UI_IMAGE_NAME: instructlab-ui/ui - GHCR_PATHSERVICE_IMAGE_NAME: ${{ github.repository }}/pathservice - QUAY_PATHSERVICE_IMAGE_NAME: instructlab-ui/pathservice + GHCR_PS_IMAGE_NAME: ${{ github.repository }}/pathservice + QUAY_PS_IMAGE_NAME: instructlab-ui/pathservice jobs: - build_and_publish_ui_image: + build_and_publish_ui_qa_image: name: Push UI container image to GHCR and QUAY runs-on: ubuntu-latest environment: registry-creds @@ -56,25 +53,72 @@ jobs: restore-keys: | ${{ runner.os }}-buildx- + - name: Get Pull Request Number from Commit + id: get_pr_number + uses: actions/github-script@v6 + with: + script: | + console.log("Repository owner:", context.repo.owner); + console.log("Repository name:", context.repo.repo); + console.log("Current commit SHA:", context.sha); + + const prs = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'closed', + sort: 'updated', + direction: 'desc' + }); + console.log("Number of closed PRs fetched:", prs.data.length); + + for (const pr of prs.data) { + console.log("Checking PR #", pr.number, "- Merged:"); + if (pr.merged_at != "") { + console.log("Found merged PR:", pr.number); + return pr.number; + } + } + + console.log("No merged PR found in the recent closed PRs."); + return ''; + - name: Extract metadata (tags, labels) for UI image id: ghcr_ui_meta uses: docker/metadata-action@v5 with: images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }} + - name: Combine GHCR Tags with PR Tag + id: combined_ghcr_ui_tags + if: ${{ steps.get_pr_number.outputs.result }} != "" + run: | + TAGS="${{ steps.ghcr_ui_meta.outputs.tags }}" + PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}" + COMBINED_TAGS="${PR_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV + - name: Extract metadata (tags, labels) for UI image id: quay_ui_meta uses: docker/metadata-action@v5 with: images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }} + - name: Combine GHCR Tags with PR Tag + id: combined_quay_ui_tags + if: ${{ steps.get_pr_number.outputs.result }} != "" + run: | + TAGS="${{ steps.quay_ui_meta.outputs.tags }}" + PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}" + COMBINED_TAGS="${PR_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV + - name: Build and push ui image to ghcr.io id: push-ui-ghcr uses: docker/build-push-action@v6 with: context: . push: true - tags: ${{ steps.ghcr_ui_meta.outputs.tags }} + tags: ${{ steps.combined_ghcr_ui_tags.outputs.COMBINED_TAGS }} labels: ${{ steps.ghcr_ui_meta.outputs.labels }} platforms: linux/amd64,linux/arm64 cache-from: type=gha @@ -94,14 +138,14 @@ jobs: with: context: . push: true - tags: ${{ steps.quay_ui_meta.outputs.tags }} + tags: ${{ steps.combined_quay_ui_tags.outputs.COMBINED_TAGS }} labels: ${{ steps.quay_ui_meta.outputs.labels }} platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max file: Containerfile - build_and_publish_pathservice_image: + build_and_publish_ps_qa_image: name: Push pathservice container image to GHCR and QUAY runs-on: ubuntu-latest environment: registry-creds @@ -140,17 +184,64 @@ jobs: restore-keys: | ${{ runner.os }}-buildx- + - name: Get Pull Request Number from Commit + id: get_pr_number + uses: actions/github-script@v6 + with: + script: | + console.log("Repository owner:", context.repo.owner); + console.log("Repository name:", context.repo.repo); + console.log("Current commit SHA:", context.sha); + + const prs = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'closed', + sort: 'updated', + direction: 'desc' + }); + console.log("Number of closed PRs fetched:", prs.data.length); + + for (const pr of prs.data) { + console.log("Checking PR #", pr.number, "- Merged:"); + if (pr.merged_at != "") { + console.log("Found merged PR:", pr.number); + return pr.number; + } + } + + console.log("No merged PR found in the recent closed PRs."); + return ''; + - name: Extract metadata (tags, labels) for pathservice image id: ghcr_ps_meta uses: docker/metadata-action@v5 with: - images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PATHSERVICE_IMAGE_NAME }} + images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }} + + - name: Combine GHCR Tags with PR Tag + id: combined_ghcr_ps_tags + if: ${{ steps.get_pr_number.outputs.result }} != "" + run: | + TAGS="${{ steps.ghcr_ps_meta.outputs.tags }}" + PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}" + COMBINED_TAGS="${PR_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV - name: Extract metadata (tags, labels) for pathservice image id: quay_ps_meta uses: docker/metadata-action@v5 with: - images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PATHSERVICE_IMAGE_NAME }} + images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }} + + - name: Combine GHCR Tags with PR Tag + id: combined_quay_ps_tags + if: ${{ steps.get_pr_number.outputs.result }} != "" + run: | + TAGS="${{ steps.quay_ps_meta.outputs.tags }}" + PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}" + COMBINED_TAGS="${PR_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV - name: Build and push pathservice image to ghcr.io id: push-ps-ghcr @@ -158,7 +249,7 @@ jobs: with: context: . push: true - tags: ${{ steps.ghcr_ps_meta.outputs.tags }} + tags: ${{ steps.combined_ghcr_ps_tags.outputs.COMBINED_TAGS }} labels: ${{ steps.ghcr_ps_meta.outputs.labels }} platforms: linux/amd64,linux/arm64 cache-from: type=gha @@ -168,7 +259,7 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: - subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PATHSERVICE_IMAGE_NAME}} + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}} subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }} push-to-registry: true @@ -178,9 +269,16 @@ jobs: with: context: . push: true - tags: ${{ steps.quay_ps_meta.outputs.tags }} + tags: ${{ steps.combined_ghcr_ps_tags.outputs.COMBINED_TAGS }} labels: ${{ steps.quay_ps_meta.outputs.labels }} platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max file: Containerfile.ps + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}} + subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }} + push-to-registry: true diff --git a/.github/workflows/release-images.yml b/.github/workflows/release-images.yml index 3f9a6843..4235109b 100644 --- a/.github/workflows/release-images.yml +++ b/.github/workflows/release-images.yml @@ -1,58 +1,230 @@ -# name: Deploy To Prodcution -# on: -# release: -# types: [released] - -name: test-wf +name: Publish Prod Container Images on: - pull_request: - branches: - - main + release: + types: [released] + env: GHCR_REGISTRY: ghcr.io GHCR_UI_IMAGE_NAME: ${{ github.repository }}/ui QUAY_REGISTRY: quay.io QUAY_UI_IMAGE_NAME: instructlab-ui/ui - GHCR_PATHSERVICE_IMAGE_NAME: ${{ github.repository }}/pathservice - QUAY_PATHSERVICE_IMAGE_NAME: instructlab-ui/pathservice + GHCR_PS_IMAGE_NAME: ${{ github.repository }}/pathservice + QUAY_PS_IMAGE_NAME: instructlab-ui/pathservice jobs: - check_most_recent_pr_number: + build_and_publish_ui_prod_image: + name: Push UI container image to GHCR and QUAY + runs-on: ubuntu-latest + environment: registry-creds + permissions: + packages: write + contents: read + attestations: write + id-token: write + + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Log in to the GHCR container image registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Log in to the Quay container image registry + uses: docker/login-action@v3 + with: + registry: ${{ env.QUAY_REGISTRY }} + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Extract Release Tag + id: get_release_tag + run: | + RELEASE_TAG="release-${{ github.event.release.tag_name }}" + echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV + + - name: Extract metadata (tags, labels) for UI image + id: ghcr_ui_meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }} + + - name: Combine GHCR Tags with PR Tag + id: combined_ghcr_ui_tags + if: ${{ steps.get_release_tag.outputs.result }} != "" + run: | + TAGS="${{ steps.ghcr_ui_meta.outputs.tags }}" + RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.RELEASE_TAG }}" + COMBINED_TAGS="${RELEASE_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV + + - name: Extract metadata (tags, labels) for UI image + id: quay_ui_meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }} + + - name: Combine GHCR Tags with PR Tag + id: combined_quay_ui_tags + if: ${{ steps.get_release_tag.outputs.result }} != "" + run: | + TAGS="${{ steps.quay_ui_meta.outputs.tags }}" + RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.result }}" + COMBINED_TAGS="${RELEASE_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV + + - name: Build and push ui image to ghcr.io + id: push-ui-ghcr + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.combined_ghcr_ui_tags.outputs.COMBINED_TAGS }} + labels: ${{ steps.ghcr_ui_meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + file: Containerfile + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} + subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} + push-to-registry: true + + - name: Build and push ui image to quay.io + id: push-ui-quay + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.combined_quay_ui_tags.outputs.COMBINED_TAGS }} + labels: ${{ steps.quay_ui_meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + file: Containerfile + + build_and_publish_ps_prod_image: + name: Push UI container image to GHCR and QUAY runs-on: ubuntu-latest + environment: registry-creds + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: - - name: Get Pull Request Number from Commit - id: get_pr_number - uses: actions/github-script@v6 - with: - script: | - console.log("Repository owner:", context.repo.owner); - console.log("Repository name:", context.repo.repo); - console.log("Current commit SHA:", context.sha); - - const prs = await github.rest.pulls.list({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'closed', - sort: 'updated', - direction: 'desc' - }); - console.log("Number of closed PRs fetched:", prs.data.length); - - for (const pr of prs.data) { - console.log("Checking PR #", pr.number, "- Merged:", pr.merged); - if (pr.merged_at != "") { - console.log("Found merged PR:", pr.number); - return pr.number; - } - } - - console.log("No merged PR found in the recent closed PRs."); - return ''; - - - name: Build and Tag Docker Image - if: steps.get_pr_number.outputs.result != '' - env: - PR_NUMBER: ${{ steps.get_pr_number.outputs.result }} + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Log in to the GHCR container image registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Log in to the Quay container image registry + uses: docker/login-action@v3 + with: + registry: ${{ env.QUAY_REGISTRY }} + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Extract Release Tag + id: get_release_tag run: | - echo my-image:pr-${PR_NUMBER} - + RELEASE_TAG="release-${{ github.event.release.tag_name }}" + echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV + + - name: Extract metadata (tags, labels) for PS image + id: ghcr_ps_meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }} + + - name: Combine GHCR Tags with PR Tag + id: combined_ghcr_ps_tags + if: ${{ steps.get_release_tag.outputs.result }} != "" + run: | + TAGS="${{ steps.ghcr_ps_meta.outputs.tags }}" + RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.RELEASE_TAG }}" + COMBINED_TAGS="${RELEASE_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV + + - name: Extract metadata (tags, labels) for PS image + id: quay_ps_meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }} + + - name: Combine GHCR Tags with PR Tag + id: combined_quay_ps_tags + if: ${{ steps.get_release_tag.outputs.result }} != "" + run: | + TAGS="${{ steps.quay_ps_meta.outputs.tags }}" + RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.result }}" + COMBINED_TAGS="${RELEASE_TAG},${TAGS}" + echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV + + - name: Build and push ps image to ghcr.io + id: push-ps-ghcr + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.combined_ghcr_ps_tags.outputs.COMBINED_TAGS }} + labels: ${{ steps.ghcr_ps_meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + file: Containerfile + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}} + subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }} + push-to-registry: true + + - name: Build and push PS image to quay.io + id: push-ps-quay + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.combined_quay_ps_tags.outputs.COMBINED_TAGS }} + labels: ${{ steps.quay_ps_meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + file: Containerfile + \ No newline at end of file