Skip to content

Release PR image

Release PR image #661

Workflow file for this run

name: Release PR image
on:
workflow_run:
workflows: [PR Image Trigger]
types:
- completed
jobs:
get-pr-number:
name: Get PR number
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.pr_number.outputs.pr_number }}
commit_sha: ${{ steps.commit_sha.outputs.commit_sha }}
platforms: ${{ steps.arch.outputs.platforms }}
steps:
- name: "Download artifacts"
uses: actions/github-script@v7
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr_number"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
- name: "Unzip artifact"
run: unzip pr_number.zip
- name: "Read PR number"
id: pr_number
run: |
echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT"
- name: "Read commit SHA"
id: commit_sha
run: |
echo "commit_sha=$(cat commit_sha)" >> "$GITHUB_OUTPUT"
- name: "Get all labels"
id: labels
uses: snnaplab/[email protected]
with:
number: ${{ steps.pr_number.outputs.pr_number }}
- name: "Check arch to build from labels"
id: arch
run: |
platforms="linux/amd64" # append other platforms as needed to platforms variable
if [[ $(echo "${{ steps.labels.outputs.labels }}" | grep -c "arch/ppc64le") -gt 0 ]]; then
platforms="$platforms,linux/ppc64le"
fi
if [[ $(echo "${{ steps.labels.outputs.labels }}" | grep -c "arch/s390x") -gt 0 ]]; then
platforms="$platforms,linux/s390x"
fi
echo "platforms=$platforms" >> "$GITHUB_OUTPUT"
operator-container-push-pr:
needs: get-pr-number
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: build/Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ needs.get-pr-number.outputs.platforms }}
bundle-container-push-pr:
needs: get-pr-number
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator-bundle
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: bundle.Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
prepare_command: |
make bundle OPERATOR_IMAGE=ghcr.io/complianceascode/compliance-operator:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} OPENSCAP_IMAGE=ghcr.io/complianceascode/openscap-ocp:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }} BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
platforms: ${{ needs.get-pr-number.outputs.platforms }}
openscap-container-push-pr:
needs: get-pr-number
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: openscap-ocp
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: images/openscap/Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ needs.get-pr-number.outputs.platforms }}
catalog-container-push-pr:
needs:
- get-pr-number
- operator-container-push-pr
- bundle-container-push-pr
permissions:
contents: read
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator-catalog
registry_org: complianceascode
tag: ${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
dockerfile_path: catalog.Dockerfile
vendor: "Compliance Operator Authors"
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
prepare_command: |
make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
platforms: ${{ needs.get-pr-number.outputs.platforms }}
comment-pr:
needs:
- operator-container-push-pr
- bundle-container-push-pr
- openscap-container-push-pr
- catalog-container-push-pr
- get-pr-number
runs-on: ubuntu-latest
name: Comment on the PR
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Comment PR
uses: thollander/actions-comment-pull-request@v2
with:
message: |
:robot: To deploy this PR, run the following command:
```
make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}-${{ needs.get-pr-number.outputs.commit_sha }}
```
pr_number: ${{ needs.get-pr-number.outputs.pr-number }}