-
Notifications
You must be signed in to change notification settings - Fork 14
139 lines (122 loc) · 4.97 KB
/
image-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: bpfman-image-build
on: # yamllint disable-line rule:truthy
push:
branches: [main]
tags:
- v*
pull_request:
paths: [.github/workflows/image-build.yaml]
jobs:
build-and-push-images:
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
runs-on: ubuntu-latest
env:
WF_BPFMAN_AGENT_IMG: quay.io/bpfman/bpfman-agent
WF_BPFMAN_OPERATOR_IMG: quay.io/bpfman/bpfman-operator
WF_MULTIARCH_TARGETS: amd64 # comment out other arch arm64 ppc64le s390x till we sort out microdnf issue
strategy:
fail-fast: false
matrix:
image:
- registry: quay.io
build_language: go
repository: bpfman
image: bpfman-agent
dockerfile: ./Containerfile.bpfman-agent
context: .
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
- registry: quay.io
build_language: go
repository: bpfman
image: bpfman-operator
dockerfile: ./Containerfile.bpfman-operator
context: .
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
- registry: quay.io
build_language: go
repository: bpfman
image: bpfman-operator-bundle
context: .
dockerfile: ./Containerfile.bundle
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
name: Build Image (${{ matrix.image.image }})
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
if: ${{ matrix.image.build_language == 'go' }}
with:
# prettier-ignore
go-version: '1.22' # yamllint disable-line rule:quoted-strings
- uses: sigstore/[email protected]
- name: Generate olm bundle on disk
if: ${{ matrix.image.image == 'bpfman-operator-bundle' }}
run: |
make bundle
- name: Login to quay.io/bpfman
uses: redhat-actions/podman-login@v1
if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}}
with:
registry: ${{ matrix.image.registry }}
username: ${{ secrets.BPFMAN_USERNAME }}
password: ${{ secrets.BPFMAN_ROBOT_TOKEN }}
- name: Extract metadata (tags, labels) for image
id: meta
uses: docker/[email protected]
with:
images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }}
tags: ${{ matrix.image.tags }}
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ matrix.image.image }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
containerfiles: ${{ matrix.image.dockerfile }}
build-args: ${{ matrix.image.build_args }}
context: ${{ matrix.image.context }}
- name: Push to registry
id: push-image
uses: redhat-actions/push-to-registry@v2
if: ${{ github.event_name == 'push' }}
with:
tags: ${{ steps.meta.outputs.tags }}
- name: Sign the images with GitHub OIDC Token
if: ${{ github.event_name == 'push' }}
run: |
readarray -t tags <<<"${{ steps.meta.outputs.tags }}"
for tag in ${tags[@]}; do
cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}"
done
- name: get short sha
run: |
echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build multi arch images
if: ${{ matrix.image.image == 'bpfman-operator' }} # we need to run this once because it builds all images
run: |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make build-images
- name: Push multi arch images and manifest
if: ${{ github.event_name == 'push' && matrix.image.image == 'bpfman-operator'}} # we need to run this once because it builds and push all images
run: |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make images