cd: build/push images (#59)

* cd: build/push images Push built artifacts to quay.io for further distribution, either for testing or use in production. Containers are tagged under the following naming convention: - Release artifacts are tagged with the output of `git describe --always`. The most-recently-pushed container will be tagged with `latest`. - Testing artifacts are tagged as `pr-${PR_NUMBER}-${COMMIT}`, where $PR_NUMBER is the pull request number, and $COMMIT is the output of `git describe --always` on the latest commit. This naming convention distinguishes testing artifacts from release artifacts. Signed-off-by: Andy Sadler <ansadler@redhat.com> * Update .github/workflows/push.yaml Co-authored-by: Francesco Ilario <filario@redhat.com> Signed-off-by: Andy Sadler <ansadler@redhat.com> * cd: use commit hash instead of git-describe for tags This makes image tags more predictable and will let us pull pre-built images in prow. Signed-off-by: Andy Sadler <ansadler@redhat.com> * Fix errors caught in review Fix three errors: - we should unconditionally use $GITHUB_SHA for fetching commit SHAs, rather than from the pull_request event. - remove an outdated comment referring to ghcr.io; we don't push there. - `docker push -a` takes an untagged image name, so we should leave them off. Signed-off-by: Andy Sadler <ansadler@redhat.com> --------- Signed-off-by: Andy Sadler <ansadler@redhat.com> Co-authored-by: Francesco Ilario <filario@redhat.com>
konflux-workspaces · Apr 4, 2024 · f4f27ac · f4f27ac
1 parent fd45730
commit f4f27ac
Showing 1 changed file with 64 additions and 0 deletions.
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -0,0 +1,64 @@
+name: Build container images
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches: [main]
+  pull_request_target:
+    types: [opened, syncronize, reopened, ready_for_review]
+
+jobs:
+  build:
+    name: Build images
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+          - directory: server
+            image_base: quay.io/konflux-workspaces/workspaces-server
+          - directory: operator
+            image_base: quay.io/konflux-workspaces/workspaces-operator
+
+    steps:
+      - name: Checkout Git Repository
+        uses: actions/checkout@v4
+        if: ${{ github.event_name == 'pull_request_target' }}
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      - name: Checkout Git Repository
+        uses: actions/checkout@v4
+        if: ${{ github.event_name == 'push' }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Determine image tag
+        id: tag
+        run: |
+          if [[ "${GITHUB_EVENT_NAME}" -eq "pull_request_target" ]]; then
+            echo "tag=${{ matrix.image_base }}:pr-${{ github.event.pull_request.number }}-${GITHUB_SHA:0:8}" >> ${GITHUB_OUTPUT}
+          else
+            echo "tag=${{ matrix.image_base }}:${GITHUB_SHA:0:8}" >> ${GITHUB_OUTPUT}
+          fi
+
+      - name: Build image
+        env:
+          LATEST: ${{ matrix.image_base }}:latest
+          IMG: ${{ steps.tag.outputs.tag }}
+        run: |
+          make -C "${{ matrix.directory }}" docker-build
+          if [[ "${GITHUB_EVENT_NAME}" -eq "push" ]]; then
+            docker tag "${IMG}" "${LATEST}"
+          fi
+
+      - name: Login to Quay
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+      - name: Push images
+        run: |
+          docker push -a ${{ matrix.image_base }}