Skip to content

chore(deps): update github/codeql-action digest to df409f7 (#566) #311

chore(deps): update github/codeql-action digest to df409f7 (#566)

chore(deps): update github/codeql-action digest to df409f7 (#566) #311

# for main branch, use next tags; for 1.y branches, use :latest tags
name: Build and push operator, bundle, and catalog images
on:
push:
branches:
- main
- rhdh-1.[0-9]+
- 1.[0-9]+.x
- release-1.[0-9]+
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
REGISTRY: quay.io
jobs:
next-build:
name: Next build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
# check changes in this commit for regex include and exclude matches; pipe to an env var
- name: Check for changes to build
run: |
# don't fail if nothing returned by grep
set +e
CHANGES="$(git diff --name-only HEAD~1 | \
grep -E "workflows/.+-container-build.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go|docker/|\.dockerignore" | \
grep -v -E ".+_test.go|/.rhdh/")";
echo "Changed files for this commit:"
echo "=============================="
echo "$CHANGES"
echo "=============================="
{
echo 'CHANGES<<EOF'
echo $CHANGES
echo EOF
} >> "$GITHUB_ENV"
- name: Get the last commit short SHA
# run this stage only if there are changes that match the includes and not the excludes
if: ${{ env.CHANGES != '' }}
run: |
SHORT_SHA=$(git rev-parse --short HEAD)
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
BASE_VERSION=$(grep -E "^VERSION \?=" Makefile | sed -r -e "s/.+= //") # 0.0.1
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV
- name: Setup Go
# run this stage only if there are changes that match the includes and not the excludes
if: ${{ env.CHANGES != '' }}
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: 'go.mod'
- name: Login to quay.io
# run this stage only if there are changes that match the includes and not the excludes
if: ${{ env.CHANGES != '' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ vars.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Build and push operator, bundle, and catalog images
# run this stage only if there are changes that match the includes and not the excludes
if: ${{ env.CHANGES != '' }}
run: |
# install skopeo, podman
sudo apt-get -y update; sudo apt-get -y install skopeo podman
export CONTAINER_TOOL=podman
latestNext="next"
# for main branch, use next tags; for 1.y branches, use :latest tags
if [[ $(git rev-parse --abbrev-ref HEAD) != "main" ]]; then
latestNext="latest"
fi
export VERSION=${{ env.BASE_VERSION }}
set -ex
# build 4 container images with a 14d expiry
CONTAINER_TOOL=${CONTAINER_TOOL} VERSION=${VERSION} make release-build
# now copy images from local cache to quay, using 0.0.1-next-f00cafe, 0.0.1-next, and next tags
for image in operator operator-bundle operator-catalog; do
podman push -q quay.io/rhdh-community/${image}:${VERSION} docker://quay.io/rhdh-community/${image}:${VERSION}
skopeo --insecure-policy copy --all docker://quay.io/rhdh-community/${image}:${VERSION} docker://quay.io/rhdh-community/${image}:${VERSION}-${{ env.SHORT_SHA }}
skopeo --insecure-policy copy --all docker://quay.io/rhdh-community/${image}:${VERSION} docker://quay.io/rhdh-community/${image}:${latestNext}
done
env:
# to avoid throttling on RHD org, use GH token
GH_TOKEN: ${{ secrets.RHDH_BOT_TOKEN }}