diff --git a/.github/workflows/build-images-action.yml b/.github/workflows/build-images-action.yml index a05c359527..6bec5b7c43 100644 --- a/.github/workflows/build-images-action.yml +++ b/.github/workflows/build-images-action.yml @@ -1,56 +1,35 @@ name: build-images-action on: - push: - branches: - - 'main' - - 'release-*' - tags: - - 'v*' - -permissions: {} + pull_request + # push: + # branches: + # - 'main' + # - 'release-*' + # tags: + # - 'v*' jobs: - build: - name: Build container images - runs-on: ubuntu-latest - - permissions: - contents: read - - if: github.repository == 'metal3-io/baremetal-operator' - steps: - - name: build bmo image - uses: toptal/jenkins-job-trigger-action@137fff703dd260b52b53d3ba1960396415abc568 # 1.0.2 - with: - jenkins_url: "https://jenkins.nordix.org/" - jenkins_user: "metal3.bot@gmail.com" - jenkins_token: ${{ secrets.JENKINS_TOKEN }} - job_name: "metal3_baremetal-operator_container_image_building" - job_params: | - { - "BUILD_CONTAINER_IMAGE_GIT_REFERENCE": "${{ github.ref }}" - } - job_timeout: "1000" - - name: build keepalived image - uses: toptal/jenkins-job-trigger-action@137fff703dd260b52b53d3ba1960396415abc568 # 1.0.2 - with: - jenkins_url: "https://jenkins.nordix.org/" - jenkins_user: "metal3.bot@gmail.com" - jenkins_token: ${{ secrets.JENKINS_TOKEN }} - job_name: "metal3_keepalived_container_image_building" - job_params: | - { - "BUILD_CONTAINER_IMAGE_GIT_REFERENCE": "${{ github.ref }}" - } - job_timeout: "1000" - - name: Slack Notification on Failure - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # 2.3.0 - env: - SLACK_TITLE: 'GitHub Action Failed in ${{ github.repository }}' - SLACK_COLOR: '#FF0000' - SLACK_MESSAGE: 'The GitHub Action workflow failed for baremetal operator image build.' - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - SLACK_CHANNEL: metal3-github-actions-notify - SLACK_USERNAME: metal3-github-actions-notify + build_bmo: + name: Build BMO container image + # uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main + # uses: Nordix/metal3-project-infra/.github/workflows/container-image-build.yml@mquhuy/add-container-image-build-wf-template + uses: "./.github/workflows/container-image-build.yml" + with: + image-name: "baremetal-operator" + pushImage: true + secrets: + QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} + QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + build_keepalived: + name: Build keepalived container image + # uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main + uses: Nordix/metal3-project-infra/.github/workflows/container-image-build.yml@mquhuy/add-container-image-build-wf-template + with: + image-name: "keepalived" + dockerfile-directory: resources/keepalived-docker + secrets: + QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} + QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/check-secrets.yml b/.github/workflows/check-secrets.yml new file mode 100644 index 0000000000..4689dafaa2 --- /dev/null +++ b/.github/workflows/check-secrets.yml @@ -0,0 +1,14 @@ +name: Check Secret +on: [pull_request] + +jobs: + check-secret-1: + runs-on: ubuntu-latest + steps: + - name: Login to Quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + ecr: false diff --git a/.github/workflows/container-image-build.yml b/.github/workflows/container-image-build.yml new file mode 100644 index 0000000000..729daeee8c --- /dev/null +++ b/.github/workflows/container-image-build.yml @@ -0,0 +1,85 @@ +name: build-images action template +permissions: {} + +on: + workflow_call: + inputs: + image-name: + required: true + description: "Name of the image to build" + type: string + dockerfile-directory: + required: false + description: "The directory where the dockerfile locates, as relative to the repo root" + type: string + default: . + pushImage: + required: false + description: "Whether to push the image afterwards" + type: boolean + default: true + secrets: + QUAY_USERNAME: + required: false + QUAY_PASSWORD: + required: false + SLACK_WEBHOOK: + required: true + +jobs: + job: + runs-on: ubuntu-latest + if: github.repository_owner == 'metal3-io' + + permissions: + contents: write + + steps: + - name: Login to Quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + ecr: false + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ github.ref }} + + - name: Get current date + id: date + run: echo "current_date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT + + - name: Get image tags + id: image_tags + run: | + BASE_TAG=`echo "${{ github.ref_name }}" | sed 's/\//_/'` + IMAGE_TAGS="${BASE_TAG}, ${BASE_TAG}_${{ steps.date.outputs.current_date }}_${{ github.sha }}" + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + IMAGE_TAGS="${IMAGE_TAGS}, latest" + fi + echo "IMAGE_TAGS=${IMAGE_TAGS}" >> $GITHUB_ENV + + - name: Build ${{ inputs.image-name }} image + uses: mr-smithers-excellent/docker-build-push@59523c638baec979a74fea99caa9e29d97e5963c # v6.4 + with: + image: metal3-io/${{ inputs.image-name }} + tags: ${{ env.IMAGE_TAGS }} + directory: ${{ inputs.dockerfile-directory }} + dockerfile: ${{ inputs.dockerfile-directory }}/Dockerfile + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + pushImage: ${{ inputs.pushImage }} + + - name: Slack Notification on Failure + if: ${{ failure() }} + uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # 2.3.0 + env: + SLACK_TITLE: 'GitHub Action Failed in ${{ github.repository }}' + SLACK_COLOR: '#FF0000' + SLACK_MESSAGE: 'The GitHub Action workflow failed for ${{ inputs.image-name }} image build.' + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_CHANNEL: metal3-github-actions-notify + SLACK_USERNAME: metal3-github-actions-notify