From 79b0ef598ffadd5cb4239ae59b13f5aad91fbdb9 Mon Sep 17 00:00:00 2001
From: Marius Ghita <ghita.v.marius@gmail.com>
Date: Mon, 10 Feb 2025 14:21:41 +0200
Subject: [PATCH 1/2] feat: make docker build args extensible #8559

---
 group_vars/all.yaml                              |  7 +++++++
 repo.schema.yaml                                 | 16 ++++++++++++++++
 tasks/other-dev-generated-files.yaml             |  4 ++++
 .../workflows/30-release-and-build.yaml.j2       |  5 +++--
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 60d74ac..44a57b6 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -12,3 +12,10 @@ default_devcontainer_customizations_vscode:
         - repo.yaml
     # YAML extension by RedHat that prompts on each new devcontainer to enable telemetry
     "redhat.telemetry.enabled": false
+
+default_docker_build_args:
+  PACKAGIST_USER: token
+  PACKAGIST_TOKEN: "{{ '${{ secrets.PACKAGIST_TOKEN }}' }}"
+  # XXX we need this intricate value escaping in here, because Ansible will try to evaluate the value when we
+  # merge this default with any user provided build args. Since GitHub workflow secrets look very much like Jinja2
+  # template interpolation, playbook will fail.
diff --git a/repo.schema.yaml b/repo.schema.yaml
index ab0d0d3..9c41d0c 100644
--- a/repo.schema.yaml
+++ b/repo.schema.yaml
@@ -194,6 +194,22 @@ properties:
             type: boolean
             default: false
 
+  github_workflows:
+    type: object
+    additionalProperties: false
+    description: EXPERIMENTAL configuration options for the optionally generated GitHub workflows (sdlc_workflows)
+    properties:
+      build:
+        type: object
+        additionalProperties: false
+        properties:
+          extra_docker_build_args:
+            type: object
+            additionalProperties: true
+            default: {}
+            description: >
+              Key-value pairs to use as build args during the docker build step of build and release workflow
+
   reviewdog:
     type: object
     description: Reviewdog configuration. Used during repo-ansible/reviewdog container execution
diff --git a/tasks/other-dev-generated-files.yaml b/tasks/other-dev-generated-files.yaml
index 2d2287a..7156748 100644
--- a/tasks/other-dev-generated-files.yaml
+++ b/tasks/other-dev-generated-files.yaml
@@ -14,6 +14,10 @@
     set_fact:
       followup_workflows: "{{ extension_workflows.stdout | from_json }}"
 
+  - name: define docker build args
+    set_fact:
+      docker_build_args: "{{ default_docker_build_args | combine(repo.github_workflows.build.extra_docker_build_args) }}"
+
   - name: copy github actions workflow files
     ansible.builtin.template:
       src: "./templates/.github/workflows/{{ item.target }}.j2"
diff --git a/templates/.github/workflows/30-release-and-build.yaml.j2 b/templates/.github/workflows/30-release-and-build.yaml.j2
index 1b03dd4..18e75b1 100644
--- a/templates/.github/workflows/30-release-and-build.yaml.j2
+++ b/templates/.github/workflows/30-release-and-build.yaml.j2
@@ -68,8 +68,9 @@ jobs:
         cache-to: type=gha
         cache-from: type=gha
         build-args: |
-          PACKAGIST_USER=token
-          PACKAGIST_TOKEN=${{ secrets.PACKAGIST_TOKEN }}
+{% for key, value in docker_build_args.items() %}
+          [[key]]=[[value]]
+{% endfor %}
 {% if workflow_group in followup_workflows %}
 {% for followup_workflow in followup_workflows[workflow_group] %}
 

From e7ceeddc431a34e4f2c7a939f1b62c16eb4a8136 Mon Sep 17 00:00:00 2001
From: Marius Ghita <ghita.v.marius@gmail.com>
Date: Mon, 10 Feb 2025 14:28:41 +0200
Subject: [PATCH 2/2] docs: readme&workflows notes on build args #8559

---
 README.md                                                | 1 +
 docs/partials/readme.configuration.md                    | 1 +
 templates/.github/workflows/30-release-and-build.yaml.j2 | 1 +
 3 files changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 88852b1..a7ccd7c 100644
--- a/README.md
+++ b/README.md
@@ -104,6 +104,7 @@ your repository.
 | github<br>features<br>wiki `boolean` |false| Enable Wiki tab.|
 | github<br>features<br>issues `boolean` |false| Enable issues tab.|
 | github<br>features<br>projects `boolean` |false| Enable projects tab.|
+| github_workflows<br>build<br>extra_docker_build_args `object` |{}| Key-value pairs to use as build args during the docker build step of build and release workflow|
 | reviewdog<br>platforms `array` |[]| A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external tool we can use to assure code quality during review.&nbsp; Accepted values:`php`,`twig`,||
 | devcontainer<br>custom_docker_compose_yaml `boolean` |false| When enabled the compose file located at .devcontainer/docker-compose.yaml will no longer get automatically updated. Allowing users to customize their docker-compose setup.|
 | devcontainer<br>postCreateCommand `string` |-| Additional (shell) commands to run when the containers is created. For a typical project you would specify commands that only need to run once when the project is setup. For example you might add a command in here to load database fixtures for your project.|
diff --git a/docs/partials/readme.configuration.md b/docs/partials/readme.configuration.md
index 343749f..49210fc 100644
--- a/docs/partials/readme.configuration.md
+++ b/docs/partials/readme.configuration.md
@@ -29,6 +29,7 @@
 | github<br>features<br>wiki `boolean` |false| Enable Wiki tab.|
 | github<br>features<br>issues `boolean` |false| Enable issues tab.|
 | github<br>features<br>projects `boolean` |false| Enable projects tab.|
+| github_workflows<br>build<br>extra_docker_build_args `object` |{}| Key-value pairs to use as build args during the docker build step of build and release workflow|
 | reviewdog<br>platforms `array` |[]| A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external tool we can use to assure code quality during review.&nbsp; Accepted values:`php`,`twig`,||
 | devcontainer<br>custom_docker_compose_yaml `boolean` |false| When enabled the compose file located at .devcontainer/docker-compose.yaml will no longer get automatically updated. Allowing users to customize their docker-compose setup.|
 | devcontainer<br>postCreateCommand `string` |-| Additional (shell) commands to run when the containers is created. For a typical project you would specify commands that only need to run once when the project is setup. For example you might add a command in here to load database fixtures for your project.|
diff --git a/templates/.github/workflows/30-release-and-build.yaml.j2 b/templates/.github/workflows/30-release-and-build.yaml.j2
index 18e75b1..33c5d69 100644
--- a/templates/.github/workflows/30-release-and-build.yaml.j2
+++ b/templates/.github/workflows/30-release-and-build.yaml.j2
@@ -67,6 +67,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
         cache-to: type=gha
         cache-from: type=gha
+        # For additional docker build args set github_workflows.build.extra_docker_build_args in the repo.yaml file
         build-args: |
 {% for key, value in docker_build_args.items() %}
           [[key]]=[[value]]