Thanks to visit codestin.com
Credit goes to github.com

Skip to content
Publish QA Container Images

Merge pull request #819 from jeff-phillips-18/feature-flags #123

Sign in to view logs

Merge pull request #819 from jeff-phillips-18/feature-flags

Merge pull request #819 from jeff-phillips-18/feature-flags #123

Workflow file for this run

.github/workflows/pr-images.yml at 810db4f
name: Publish QA Container Images
on:
push:
branches:
- main
env:
GHCR_REGISTRY: ghcr.io
GHCR_UI_IMAGE_NAME: "${{ github.repository }}/ui"
QUAY_REGISTRY: quay.io
QUAY_UI_IMAGE_NAME: instructlab-ui/ui
jobs:
build_and_publish_ui_qa_image:
name: Push QA UI container image to GHCR and QUAY
runs-on: ubuntu-latest
environment: registry-creds
permissions:
packages: write
contents: write
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
token: ${{ secrets.BOT_PAT }}
ref: 'main'
- name: Skip if triggered by GitHub Actions bot
id: check_skip
run: |-
if [[ "$(git log -1 --pretty=format:'%s')" == *"[CI AUTOMATION]:"* ]]; then
echo "Workflow triggered by previous action commit. Skipping."
echo "SKIP_WORKFLOW=true" >> "$GITHUB_ENV"
else
echo "SKIP_WORKFLOW=false" >> "$GITHUB_ENV"
fi
- name: Log in to the GHCR container image registry
if: env.SKIP_WORKFLOW == 'false'
uses: docker/login-action@v3
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the Quay container image registry
if: env.SKIP_WORKFLOW == 'false'
uses: docker/login-action@v3
with:
registry: ${{ env.QUAY_REGISTRY }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Set up Docker Buildx
if: env.SKIP_WORKFLOW == 'false'
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
if: env.SKIP_WORKFLOW == 'false'
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
"${{ runner.os }}-buildx-"
- name: Get Pull Request Number from Commit
if: env.SKIP_WORKFLOW == 'false'
id: get_pr_number
uses: actions/github-script@v7
with:
script: |
console.log("Repository owner:", context.repo.owner);
console.log("Repository name:", context.repo.repo);
console.log("Current commit SHA:", context.sha);
const prs = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'closed',
sort: 'updated',
direction: 'desc'
});
console.log("Number of closed PRs fetched:", prs.data.length);
for (const pr of prs.data) {
console.log("Checking PR #", pr.number, "- Merged:");
if (pr.merged_at != "") {
console.log("Found merged PR:", pr.number);
return pr.number;
}
}
console.log("No merged PR found in the recent closed PRs.");
return '';
- name: Extract GHCR metadata (tags, labels) for UI image
if: env.SKIP_WORKFLOW == 'false'
id: ghcr_ui_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}
- name: Extract Quay metadata (tags, labels) for UI image
if: env.SKIP_WORKFLOW == 'false'
id: quay_ui_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}
- name: Build and push ui image to ghcr.io
if: env.SKIP_WORKFLOW == 'false'
id: push-ui-ghcr
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |-
"${{ steps.ghcr_ui_meta.outputs.tags }}"
"${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.ghcr_ui_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: src/Containerfile
- name: Generate GHCR artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }}
push-to-registry: true
- name: Build and push ui image to quay.io
if: env.SKIP_WORKFLOW == 'false'
id: push-ui-quay
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |-
"${{ steps.quay_ui_meta.outputs.tags }}"
"${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.quay_ui_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: src/Containerfile
- name: Generate QA UI Quay artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
push-to-registry: true
- name: Update coderefs before code changes
if: env.SKIP_WORKFLOW == 'false'
run: |-
git pull --ff-only
- name: Update QA Quay UI image
if: env.SKIP_WORKFLOW == 'false'
id: update_qa_ui_manifest_image
env:
PR_TAG: "pr-${{ steps.get_pr_number.outputs.result }}"
run: |-
sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
sudo chmod +x /usr/local/bin/yq
yq -i '
(.images[] | select(.name == "quay.io/${{env.QUAY_UI_IMAGE_NAME}}") | .newTag) = env(PR_TAG)
' deploy/k8s/overlays/openshift/qa/kustomization.yaml
- name: Commit and push bump QA UI Image manifest
if: env.SKIP_WORKFLOW == 'false'
run: |-
git config user.name "platform-engineering-bot"
git config user.email "[email protected]"
git add deploy/k8s/overlays/openshift/qa/kustomization.yaml
git commit -m "[CI AUTOMATION]: Bumping QA UI image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s
git push origin main