-
Notifications
You must be signed in to change notification settings - Fork 14
142 lines (125 loc) · 4.89 KB
/
image-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: bpfman-image-build
on: # yamllint disable-line rule:truthy
push:
branches: [main]
tags:
- v*
pull_request:
paths: [.github/workflows/image-build.yaml]
jobs:
build-and-push-images:
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
runs-on: ubuntu-latest
env:
WF_BPFMAN_AGENT_IMG: quay.io/bpfman/bpfman-agent
WF_BPFMAN_OPERATOR_IMG: quay.io/bpfman/bpfman-operator
WF_MULTIARCH_TARGETS: amd64 arm64 ppc64le s390x
strategy:
fail-fast: false
matrix:
image:
- registry: quay.io
build_language: go
repository: bpfman
image: bpfman-agent
dockerfile: ./Containerfile.bpfman-agent
context: .
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
- registry: quay.io
build_language: go
repository: bpfman
image: bpfman-operator
dockerfile: ./Containerfile.bpfman-operator
context: .
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
- registry: quay.io
build_language: go
repository: bpfman
image: bpfman-operator-bundle
context: .
dockerfile: ./Containerfile.bundle
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
name: Build Image (${{ matrix.image.image }})
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
if: ${{ matrix.image.build_language == 'go' }}
with:
# prettier-ignore
go-version: '1.22' # yamllint disable-line rule:quoted-strings
- uses: sigstore/[email protected]
- name: Generate olm bundle on disk
if: ${{ matrix.image.image == 'bpfman-operator-bundle' }}
run: |
make bundle
- name: Login to quay.io/bpfman
uses: redhat-actions/podman-login@v1
if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}}
with:
registry: ${{ matrix.image.registry }}
username: ${{ secrets.BPFMAN_USERNAME }}
password: ${{ secrets.BPFMAN_ROBOT_TOKEN }}
- name: Extract metadata (tags, labels) for image
id: meta
uses: docker/[email protected]
with:
images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }}
tags: ${{ matrix.image.tags }}
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ matrix.image.image }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
containerfiles: ${{ matrix.image.dockerfile }}
build-args: ${{ matrix.image.build_args }}
context: ${{ matrix.image.context }}
- name: Push to registry
id: push-image
uses: redhat-actions/push-to-registry@v2
if: ${{ github.event_name == 'push' }}
with:
tags: ${{ steps.meta.outputs.tags }}
- name: Sign the images with GitHub OIDC Token
if: ${{ github.event_name == 'push' }}
run: |
readarray -t tags <<<"${{ steps.meta.outputs.tags }}"
for tag in ${tags[@]}; do
cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}"
done
- name: get short sha
run: |
echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build multi arch images and manifest
run: |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make build-images manifest-build
- name: Push multi arch images and manifest
if: ${{ github.event_name == 'push' }}
with:
registry: ${{ matrix.image.registry }}
username: ${{ secrets.BPFMAN_USERNAME }}
password: ${{ secrets.BPFMAN_ROBOT_TOKEN }}
run: |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make images