chore(deps): update github/codeql-action digest to df409f7 (#566) #311
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# for main branch, use next tags; for 1.y branches, use :latest tags | |
name: Build and push operator, bundle, and catalog images | |
on: | |
push: | |
branches: | |
- main | |
- rhdh-1.[0-9]+ | |
- 1.[0-9]+.x | |
- release-1.[0-9]+ | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
REGISTRY: quay.io | |
jobs: | |
next-build: | |
name: Next build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: 0 | |
# check changes in this commit for regex include and exclude matches; pipe to an env var | |
- name: Check for changes to build | |
run: | | |
# don't fail if nothing returned by grep | |
set +e | |
CHANGES="$(git diff --name-only HEAD~1 | \ | |
grep -E "workflows/.+-container-build.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go|docker/|\.dockerignore" | \ | |
grep -v -E ".+_test.go|/.rhdh/")"; | |
echo "Changed files for this commit:" | |
echo "==============================" | |
echo "$CHANGES" | |
echo "==============================" | |
{ | |
echo 'CHANGES<<EOF' | |
echo $CHANGES | |
echo EOF | |
} >> "$GITHUB_ENV" | |
- name: Get the last commit short SHA | |
# run this stage only if there are changes that match the includes and not the excludes | |
if: ${{ env.CHANGES != '' }} | |
run: | | |
SHORT_SHA=$(git rev-parse --short HEAD) | |
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV | |
BASE_VERSION=$(grep -E "^VERSION \?=" Makefile | sed -r -e "s/.+= //") # 0.0.1 | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Setup Go | |
# run this stage only if there are changes that match the includes and not the excludes | |
if: ${{ env.CHANGES != '' }} | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 | |
with: | |
go-version-file: 'go.mod' | |
- name: Login to quay.io | |
# run this stage only if there are changes that match the includes and not the excludes | |
if: ${{ env.CHANGES != '' }} | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ vars.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: Build and push operator, bundle, and catalog images | |
# run this stage only if there are changes that match the includes and not the excludes | |
if: ${{ env.CHANGES != '' }} | |
run: | | |
# install skopeo, podman | |
sudo apt-get -y update; sudo apt-get -y install skopeo podman | |
export CONTAINER_TOOL=podman | |
latestNext="next" | |
# for main branch, use next tags; for 1.y branches, use :latest tags | |
if [[ $(git rev-parse --abbrev-ref HEAD) != "main" ]]; then | |
latestNext="latest" | |
fi | |
export VERSION=${{ env.BASE_VERSION }} | |
set -ex | |
# build 4 container images with a 14d expiry | |
CONTAINER_TOOL=${CONTAINER_TOOL} VERSION=${VERSION} make release-build | |
# now copy images from local cache to quay, using 0.0.1-next-f00cafe, 0.0.1-next, and next tags | |
for image in operator operator-bundle operator-catalog; do | |
podman push -q quay.io/rhdh-community/${image}:${VERSION} docker://quay.io/rhdh-community/${image}:${VERSION} | |
skopeo --insecure-policy copy --all docker://quay.io/rhdh-community/${image}:${VERSION} docker://quay.io/rhdh-community/${image}:${VERSION}-${{ env.SHORT_SHA }} | |
skopeo --insecure-policy copy --all docker://quay.io/rhdh-community/${image}:${VERSION} docker://quay.io/rhdh-community/${image}:${latestNext} | |
done | |
env: | |
# to avoid throttling on RHD org, use GH token | |
GH_TOKEN: ${{ secrets.RHDH_BOT_TOKEN }} |