Kubernetes content image for PR #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Kubernetes content image for PR | |
on: | |
workflow_run: | |
workflows: [Kubernetes content image for PR Trigger] | |
types: | |
- completed | |
jobs: | |
get-pr-number: | |
name: Get PR number | |
runs-on: ubuntu-latest | |
outputs: | |
pr-number: ${{ steps.pr_number.outputs.pr_number }} | |
steps: | |
- name: 'Download artifacts' | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 | |
with: | |
script: | | |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: context.payload.workflow_run.id, | |
}); | |
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "pr_number" | |
})[0]; | |
let download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
let fs = require('fs'); | |
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data)); | |
- name: 'Unzip artifact' | |
run: unzip pr_number.zip | |
- name: 'Read PR number' | |
id: pr_number | |
run: | | |
echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT" | |
container-main: | |
needs: | |
- get-pr-number | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
runs-on: ubuntu-latest | |
outputs: | |
image-digest: ${{ steps.container_info.outputs.image-digest }} | |
image-tags: ${{ steps.container_info.outputs.image-tags }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
with: | |
ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head | |
- name: Login to ghcr.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 | |
with: | |
images: ghcr.io/complianceascode/k8scontent | |
flavor: | | |
latest=false | |
tags: | | |
type=raw,value=${{ needs.get-pr-number.outputs.pr-number }} | |
type=sha,format=long | |
labels: | | |
org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} | |
org.opencontainers.image.title=Kubernetes content | |
org.opencontainers.image.version=${{ needs.get-pr-number.outputs.pr-number }} | |
org.opencontainers.image.licenses='BSD-3-Clause' | |
org.opencontainers.image.vendor='Compliance Operator Authors' | |
- name: Build container images and push | |
id: docker_build | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
with: | |
context: . | |
file: ./Dockerfiles/ocp4_content | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: true | |
platforms: 'linux/amd64,linux/ppc64le,linux/s390x' | |
- name: Get container info | |
id: container_info | |
run: | | |
image_tags="${{ needs.get-pr-number.outputs.pr-number }}" | |
echo "image-digest=${{ steps.docker_build.outputs.digest }}" >> $GITHUB_OUTPUT | |
echo "image-tags=${{ needs.get-pr-number.outputs.pr-number }}" >> $GITHUB_OUTPUT | |
comment-pr: | |
needs: | |
- container-main | |
- get-pr-number | |
runs-on: ubuntu-latest | |
name: Upsert comment on the PR | |
steps: | |
- uses: thollander/actions-comment-pull-request@e2c37e53a7d2227b61585343765f73a9ca57eda9 # v2 | |
with: | |
message: | | |
:robot: A k8s content image for this PR is available at: | |
`ghcr.io/complianceascode/k8scontent:${{ needs.get-pr-number.outputs.pr-number }}` | |
This image was built from commit: ${{ github.event.workflow_run.head_sha }} | |
<details> | |
<summary>Click here to see how to deploy it</summary> | |
If you alread have Compliance Operator deployed: | |
```utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:${{ needs.get-pr-number.outputs.pr-number }}``` | |
Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: | |
```CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:${{ needs.get-pr-number.outputs.pr-number }} make deploy-local``` | |
</details> | |
comment_tag: kubernetes_content_image | |
pr_number: ${{ needs.get-pr-number.outputs.pr-number }} |