Skip to content

Add RBAC to manipulate VMI and VMIM (#907) #213

Add RBAC to manipulate VMI and VMIM (#907)

Add RBAC to manipulate VMI and VMIM (#907) #213

Workflow file for this run

name: Publish Images
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches:
- master
- 'release-*.*.*'
- 'sprint-*'
tags:
- 'release-*.*.*'
workflow_dispatch:
env:
SUPPORTED_CHANNELS: release-v1.3,release-v1.4,release-v1.5,release-v1.6,release-v1.7
REGISTRY: quay.io
IMAGE_NAME: ${{ github.repository }}
BUNDLE_SUFFIX: bundle
CONTAINER_SUFFIX: container
INDEX_SUFFIX: index
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Get opm
run: wget $(curl -s https://api.github.com/repos/operator-framework/operator-registry/releases/latest | grep 'browser_' | cut -d\" -f4 | grep linux) -O opm && chmod +x opm
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: Build container image
run: docker build . --file build/Dockerfile --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.CONTAINER_SUFFIX }}:${{ steps.extract_branch.outputs.branch }}
- name: Build bundle image
run: docker build . --file build/Dockerfile.${{ env.BUNDLE_SUFFIX }} --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:${{ steps.extract_branch.outputs.branch }}
- name: Log into registry
run: echo "${{ secrets.QUAY_PUBLISH_TOKEN }}" | docker login quay.io -u ${{ secrets.QUAY_PUBLISH_ROBOT }} --password-stdin
- name: Push container image
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.CONTAINER_SUFFIX }}:${{ steps.extract_branch.outputs.branch }}
- name: Push bundle image
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:${{ steps.extract_branch.outputs.branch }}
- name: Retag container image
run: docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.CONTAINER_SUFFIX }}:${{ steps.extract_branch.outputs.branch }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.CONTAINER_SUFFIX }}:latest
if: ${{ github.ref == 'refs/heads/master' }}
- name: Retag bundle image
run: docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:${{ steps.extract_branch.outputs.branch }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:latest
if: ${{ github.ref == 'refs/heads/master' }}
- name: push retagged container image
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.CONTAINER_SUFFIX }}:latest
if: ${{ github.ref == 'refs/heads/master' }}
- name: push retagged bundle image
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:latest
if: ${{ github.ref == 'refs/heads/master' }}
- name: Get latest bundle images
run: |
git fetch -q origin
BUNDLES=""
for i in $(echo $SUPPORTED_CHANNELS | sed "s/,/ /g"); do
BUNDLES=$(echo $BUNDLES,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:$(git branch -r --contains $i | tail -n 1 | grep release | cut -d '/' -f 2 ) | sed 's/^,//')
done
BUNDLES=$BUNDLES,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.BUNDLE_SUFFIX }}:latest
echo "##[set-output name=bundles]$(echo $BUNDLES)"
id: get_bundles
- name: Run OPM
run: ./opm index add -c docker --bundles ${{ steps.get_bundles.outputs.bundles }} --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.INDEX_SUFFIX }}:latest
- name: Push index
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ env.INDEX_SUFFIX }}:latest