Merge pull request #351 from nerdalert/knowledge-submission-wiz #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish QA Container Images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build_and_publish_QA_images: | |
| name: Build and Push QA images | |
| runs-on: ubuntu-latest | |
| environment: registry-creds | |
| permissions: | |
| packages: write | |
| contents: write | |
| attestations: write | |
| id-token: write | |
| strategy: | |
| matrix: | |
| registry: | |
| - name: "quay.io" | |
| org_name: "instructlab-ui" | |
| user_name_store: "secrets" | |
| user_name_key: "QUAY_USERNAME" | |
| password_store: "secrets" | |
| password_key: "QUAY_TOKEN" | |
| - name: "ghcr.io" | |
| org_name: "instructlab/ui" | |
| user_name_store: "github" | |
| user_name_key: "actor" | |
| password_store: "secrets" | |
| password_key: "GITHUB_TOKEN" | |
| image_info: | |
| - name: "ui" | |
| long_name: "User Interface" | |
| image: "ui" | |
| containerfile_path: "src/Containerfile" | |
| - name: "ps" | |
| long_name: "Pathservice" | |
| image: "pathservice" | |
| containerfile_path: "pathservice/Containerfile" | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.BOT_PAT }} | |
| ref: 'main' | |
| - name: Skip if triggered by GitHub Actions bot | |
| id: check-skip | |
| run: |- | |
| if [[ "$(git log -1 --pretty=format:'%s')" == *"[CI AUTOMATION]:"* ]]; then | |
| echo "Workflow triggered by previous action commit. Skipping." | |
| exit 1 | |
| fi | |
| - name: Log in to the ${{ matrix.registry.name }} registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: "${{ matrix.registry.name }}" | |
| username: "${{ matrix.registry.user_name_store }}[${{matrix.registry.user_name_key}}]" | |
| password: "${{ matrix.registry.password_store }}[${{matrix.registry.password_key}}]" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: "${{ runner.os }}-buildx-${{ github.sha }}" | |
| restore-keys: | | |
| "${{ runner.os }}-buildx-" | |
| - name: Get Pull Request Number from Commit | |
| id: get_pr_number | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| console.log("Repository owner:", context.repo.owner); | |
| console.log("Repository name:", context.repo.repo); | |
| console.log("Current commit SHA:", context.sha); | |
| const prs = await github.rest.pulls.list({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'closed', | |
| sort: 'updated', | |
| direction: 'desc' | |
| }); | |
| console.log("Number of closed PRs fetched:", prs.data.length); | |
| for (const pr of prs.data) { | |
| console.log("Checking PR #", pr.number, "- Merged:"); | |
| if (pr.merged_at != "") { | |
| console.log("Found merged PR:", pr.number); | |
| return pr.number; | |
| } | |
| } | |
| console.log("No merged PR found in the recent closed PRs."); | |
| return ''; | |
| - name: Extract ${{ matrix.registry.name }} metadata (tags, labels) for ${{ matrix.image_info.long_name }} image | |
| id: extract_meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ matrix.registry.name }}/${{matrix.registry.org_name}}/${{ matrix.image_info.name }} | |
| - name: Build and push ${{ matrix.image_info.long_name }} image to ${{ matrix.registry.name }} | |
| id: build-and-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: |- | |
| "${{ steps.extract_meta.outputs.tags }}" | |
| "${{ matrix.registry.name }}/${{matrix.registry.org_name}}/${{ matrix.image_info.name }}:pr-${{ steps.get_pr_number.outputs.result }}" | |
| labels: ${{ steps.extract_meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| file: "${{ matrix.image_info.containerfile_path}}" | |
| - name: Generate ${{ matrix.registry.name }} artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: "${{ matrix.registry.name }}/${{matrix.registry.org_name}}/${{ matrix.image_info.name }}" | |
| subject-digest: ${{ steps.build-and-push.outputs.digest }} | |
| push-to-registry: true | |
| - name: Update coderefs before code changes | |
| run: |- | |
| git pull --ff-only | |
| - name: Update QA image Manifest | |
| id: update_qa_image_manifest | |
| if: ${{ matrix.registry.name == 'quay.io' }} | |
| env: | |
| PR_TAG: "pr-${{ steps.get_pr_number.outputs.result }}" | |
| run: |- | |
| sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq | |
| sudo chmod +x /usr/local/bin/yq | |
| yq -i ' | |
| (.images[] | select(.name == "quay.io/instructlab-ui/ui") | .newTag) = env(PR_TAG) | |
| ' deploy/k8s/overlays/openshift/qa/kustomization.yaml | |
| - name: Commit and push bump QA ${{ matrix.image_info.long_name }} Image manifest | |
| if: ${{ matrix.registry.name == 'quay.io' }} | |
| run: |- | |
| git config user.name "platform-engineering-bot" | |
| git config user.email "[email protected]" | |
| git add deploy/k8s/overlays/openshift/qa/kustomization.yaml | |
| git commit -m "[CI AUTOMATION]: Bumping QA UI image to tag: pr-${{ steps.get_pr_number.outputs.result }}" -s | |
| git push origin main |