Merge pull request #22 from bpfman/dependabot/go_modules/production-d… #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: bpfman-image-build | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: [main] | |
tags: | |
- v* | |
pull_request: | |
paths: [.github/workflows/image-build.yaml] | |
jobs: | |
build-and-push-images: | |
permissions: | |
contents: read | |
packages: write | |
id-token: write # needed for signing the images with GitHub OIDC Token | |
runs-on: ubuntu-latest | |
env: | |
WF_BPFMAN_AGENT_IMG: quay.io/bpfman/bpfman-agent | |
WF_BPFMAN_OPERATOR_IMG: quay.io/bpfman/bpfman-operator | |
WF_MULTIARCH_TARGETS: amd64 arm64 ppc64le s390x | |
strategy: | |
fail-fast: false | |
matrix: | |
image: | |
- registry: quay.io | |
repository: bpfman | |
image: bpfman-agent | |
dockerfile: ./Containerfile.bpfman-agent | |
context: . | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman | |
image: bpfman-operator | |
dockerfile: ./Containerfile.bpfman-operator | |
context: . | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman | |
image: bpfman-operator-bundle | |
context: . | |
dockerfile: ./Containerfile.bundle | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
name: Build Image (${{ matrix.image.image }}) | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
# prettier-ignore | |
go-version: '1.22' # yamllint disable-line rule:quoted-strings | |
- uses: sigstore/cosign-installer@v3.5.0 | |
- name: Generate olm bundle on disk | |
if: ${{ matrix.image.image == 'bpfman-operator-bundle' }} | |
run: | | |
make bundle | |
- name: Login to quay.io/bpfman | |
uses: redhat-actions/podman-login@v1 | |
if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}} | |
with: | |
registry: ${{ matrix.image.registry }} | |
username: ${{ secrets.BPFMAN_USERNAME }} | |
password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | |
- name: Extract metadata (tags, labels) for image | |
id: meta | |
uses: docker/metadata-action@v5.5.1 | |
with: | |
images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | |
tags: ${{ matrix.image.tags }} | |
- name: Build image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: ${{ matrix.image.image }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
containerfiles: ${{ matrix.image.dockerfile }} | |
build-args: ${{ matrix.image.build_args }} | |
context: ${{ matrix.image.context }} | |
- name: Push to registry | |
id: push-image | |
uses: redhat-actions/push-to-registry@v2 | |
if: ${{ github.event_name == 'push' && matrix.image.image != 'mutli-arch-images' }} | |
with: | |
tags: ${{ steps.meta.outputs.tags }} | |
- name: Sign the images with GitHub OIDC Token | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | |
for tag in ${tags[@]}; do | |
cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}" | |
done | |
- name: get short sha | |
run: | | |
echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Build operator multi arch images | |
if: ${{ matrix.image.image == 'bpfman-operator' }} | |
run: | | |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make build-operator-images | |
- name: Push operator multi arch images and manifest | |
if: ${{ github.event_name == 'push' && matrix.image.image == 'bpfman-operator' }} | |
run: | | |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make operator-images | |
- name: Build agent multi arch images | |
if: ${{ matrix.image.image == 'bpfman-agent' }} | |
run: | | |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make build-agent-images | |
- name: Push agent multi arch images and manifest | |
if: ${{ github.event_name == 'push' && matrix.image.image == 'bpfman-agent' }} | |
run: | | |
BPFMAN_AGENT_IMG="${{ env.WF_BPFMAN_AGENT_IMG }}:${{ env.short_sha }}" BPFMAN_OPERATOR_IMG="${{ env.WF_BPFMAN_OPERATOR_IMG}}:${{ env.short_sha }}" MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" make agent-images |