Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-implement parallel matrices #388

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Re-implement parallel matrices #388

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
274 changes: 37 additions & 237 deletions .github/workflows/pr-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,32 @@ on:
- main

env:
GHCR_REGISTRY: ghcr.io
GHCR_UI_IMAGE_NAME: "${{ github.repository }}/ui"
QUAY_REGISTRY: quay.io
QUAY_UI_IMAGE_NAME: instructlab-ui/ui
GHCR_PS_IMAGE_NAME: "${{ github.repository }}/pathservice"
QUAY_PS_IMAGE_NAME: instructlab-ui/pathservice
QUAY_REGISTRY: "quay.io"
QUAY_ORG: "instructlab-ui"
GHCR_REGISTRY: "ghcr.io"
GHCR_ORG: "${{ github.repository }}" # instructlab/ui

jobs:
build_and_publish_ui_qa_image:
name: Push QA UI container image to GHCR and QUAY
build_and_publish_QA_images:
name: Build and Push QA images
runs-on: ubuntu-latest
environment: registry-creds
permissions:
packages: write
contents: write
attestations: write
id-token: write
strategy:
matrix:
image_info:
- image: "ui"
long_name: "User Interface"
containerfile_path: "src/Containerfile"
build_context: "."
- image: "pathservice"
long_name: "Pathservice"
containerfile_path: "pathservice/Containerfile"
build_context: "."

steps:
- name: Check out the repo
Expand Down Expand Up @@ -100,265 +109,56 @@ jobs:
console.log("No merged PR found in the recent closed PRs.");
return '';

- name: Extract GHCR metadata (tags, labels) for UI image
- name: Extract Quay.io and GHRC metadata (tags, labels) for ${{ matrix.image_info.long_name }} image
if: env.SKIP_WORKFLOW == 'false'
id: ghcr_ui_meta
id: extract_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}
images: |
${{ env.QUAY_REGISTRY }}/${{ env.QUAY_ORG }}/${{ matrix.image_info.image }}
${{ env.GHCR_REGISTRY }}/${{ env.GHCR_ORG }}/${{ matrix.image_info.image }}

- name: Extract Quay metadata (tags, labels) for UI image
- name: Build and push ${{ matrix.image_info.long_name }} image to Quay.io and GHCR
if: env.SKIP_WORKFLOW == 'false'
id: quay_ui_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}

- name: Build and push ui image to ghcr.io
if: env.SKIP_WORKFLOW == 'false'
id: push-ui-ghcr
id: build_and_push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |-
"${{ steps.ghcr_ui_meta.outputs.tags }}"
"${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.ghcr_ui_meta.outputs.labels }}
context: "${{ matrix.image_info.build_context }}"
tags: |
"${{ steps.extract_meta.outputs.tags }}"
"${{ env.QUAY_REGISTRY }}/${{ env.QUAY_ORG }}/${{ matrix.image_info.image }}:pr-${{ steps.get_pr_number.outputs.result }}"
"${{ env.GHCR_REGISTRY }}/${{ env.GHCR_ORG }}/${{ matrix.image_info.image }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.extract_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: src/Containerfile

- name: Generate GHCR artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }}
push-to-registry: true

- name: Build and push ui image to quay.io
if: env.SKIP_WORKFLOW == 'false'
id: push-ui-quay
uses: docker/build-push-action@v6
with:
context: .
file: "${{ matrix.image_info.containerfile_path}}"
provenance: mode=max
sbom: true
push: true
tags: |-
"${{ steps.quay_ui_meta.outputs.tags }}"
"${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.quay_ui_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: src/Containerfile

- name: Generate QA UI Quay artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
push-to-registry: true

- name: Update coderefs before code changes
if: env.SKIP_WORKFLOW == 'false'
run: |-
git pull --ff-only

- name: Update QA Quay UI image
- name: Update QA ${{ matrix.image_info.long_name }} Image manifest
id: update_qa_image_manifest
if: env.SKIP_WORKFLOW == 'false'
id: update_qa_ui_manifest_image
env:
PR_TAG: "pr-${{ steps.get_pr_number.outputs.result }}"
run: |-
sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
sudo chmod +x /usr/local/bin/yq
yq -i '
(.images[] | select(.name == "quay.io/${{env.QUAY_UI_IMAGE_NAME}}") | .newTag) = env(PR_TAG)
(.images[] | select(.name == "${{ env.QUAY_REGISTRY }}/${{ env.QUAY_ORG }}/${{ matrix.image_info.image }}") | .newTag) = env(PR_TAG)
' deploy/k8s/overlays/openshift/qa/kustomization.yaml

- name: Commit and push bump QA UI Image manifest
- name: Commit and push bump QA ${{ matrix.image_info.long_name }} Image manifest
if: env.SKIP_WORKFLOW == 'false'
run: |-
git config user.name "platform-engineering-bot"
git config user.email "[email protected]"
git add deploy/k8s/overlays/openshift/qa/kustomization.yaml
git commit -m "[CI AUTOMATION]: Bumping QA UI image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s
git push origin main

build_and_publish_ps_qa_image:
name: Push QA pathservice container image to GHCR and QUAY
runs-on: ubuntu-latest
environment: registry-creds
permissions:
packages: write
contents: write
attestations: write
id-token: write

steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
token: ${{ secrets.BOT_PAT }}
ref: 'main'

- name: Skip if triggered by GitHub Actions bot
id: check_skip
run: |-
if [[ "$(git log -1 --pretty=format:'%s')" == *"[CI AUTOMATION]:"* ]]; then
echo "Workflow triggered by previous action commit. Skipping."
echo "SKIP_WORKFLOW=true" >> "$GITHUB_ENV"
else
echo "SKIP_WORKFLOW=false" >> "$GITHUB_ENV"
fi

- name: Log in to the GHCR container image registry
if: env.SKIP_WORKFLOW == 'false'
uses: docker/login-action@v3
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Log in to the Quay container image registry
if: env.SKIP_WORKFLOW == 'false'
uses: docker/login-action@v3
with:
registry: ${{ env.QUAY_REGISTRY }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

- name: Set up Docker Buildx
if: env.SKIP_WORKFLOW == 'false'
uses: docker/setup-buildx-action@v3

- name: Cache Docker layers
if: env.SKIP_WORKFLOW == 'false'
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-

- name: Get Pull Request Number from Commit
if: env.SKIP_WORKFLOW == 'false'
id: get_pr_number
uses: actions/github-script@v7
with:
script: |
console.log("Repository owner:", context.repo.owner);
console.log("Repository name:", context.repo.repo);
console.log("Current commit SHA:", context.sha);

const prs = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'closed',
sort: 'updated',
direction: 'desc'
});
console.log("Number of closed PRs fetched:", prs.data.length);

for (const pr of prs.data) {
console.log("Checking PR #", pr.number, "- Merged:");
if (pr.merged_at != "") {
console.log("Found merged PR:", pr.number);
return pr.number;
}
}

console.log("No merged PR found in the recent closed PRs.");
return '';

- name: Extract metadata (tags, labels) for pathservice image
if: env.SKIP_WORKFLOW == 'false'
id: ghcr_ps_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }}

- name: Extract metadata (tags, labels) for pathservice image
if: env.SKIP_WORKFLOW == 'false'
id: quay_ps_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }}

- name: Build and push QA PS image to ghcr.io
if: env.SKIP_WORKFLOW == 'false'
id: push-ps-ghcr
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
"${{ steps.ghcr_ps_meta.outputs.tags }}"
"${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.ghcr_ps_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: pathservice/Containerfile

- name: Generate QA PS GHCR artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}}
subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }}
push-to-registry: true

- name: Build and push QA PS image to quay.io
if: env.SKIP_WORKFLOW == 'false'
id: push-ps-quay
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
"${{ steps.quay_ps_meta.outputs.tags }}"
"${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }}:pr-${{ steps.get_pr_number.outputs.result }}"
labels: ${{ steps.quay_ps_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: pathservice/Containerfile

- name: Generate QA PS Quay artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME}}
subject-digest: ${{ steps.push-ps-quay.outputs.digest }}
push-to-registry: true


- name: Update coderefs before code changes
if: env.SKIP_WORKFLOW == 'false'
run: |-
git pull --ff-only

- name: Update QA PS Quay image
if: env.SKIP_WORKFLOW == 'false'
id: update_qa_ps_manifest_image
env:
PR_TAG: "pr-${{ steps.get_pr_number.outputs.result }}"
run: |-
sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
sudo chmod +x /usr/local/bin/yq
yq -i '
(.images[] | select(.name == "quay.io/${{env.QUAY_PS_IMAGE_NAME}}") | .newTag) = env(PR_TAG)
' deploy/k8s/overlays/openshift/qa/kustomization.yaml

- name: Commit and push bump QA PS Image manifest
if: env.SKIP_WORKFLOW == 'false'
run: |-
git config user.name "platform-engineering-bot"
git config user.email "[email protected]"
git add deploy/k8s/overlays/openshift/qa/kustomization.yaml
git commit -m "[CI AUTOMATION]: Bumping QA PS image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s
git push origin main
Loading