.github/workflows/images.yaml

name: Image CI Build

on:
  pull_request_target:
    types:
      - opened
      - synchronize
      - reopened
  push:
    branches:
      - master

jobs:
  build-and-push-prs:
    if: ${{ github.repository == 'cilium/hubble-ui' }}
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        include:
          - name: hubble-ui
            context: .
            dockerfile: ./Dockerfile

          - name: hubble-ui-backend
            context: ./backend
            dockerfile: ./backend/Dockerfile

    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb

      - name: Login to quay.io for CI
        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME_CI }}
          password: ${{ secrets.QUAY_PASSWORD_CI }}

      - name: Getting image tag
        id: tag
        run: |
          if [ ${{ github.event.pull_request.head.sha }} != "" ]; then
            echo ::set-output name=tag::${{ github.event.pull_request.head.sha }}
          else
            echo ::set-output name=tag::${{ github.sha }}
          fi

      - name: Checkout Source Code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
        with:
          ref: ${{ steps.tag.outputs.tag }}

      # master branch pushes
      - name: CI Build ${{ matrix.name }}
        if: ${{ github.event_name != 'pull_request_target' }}
        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
        id: docker_build_ci_master
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.dockerfile }}
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest
            quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}

      - name: CI Image Releases digests
        if: ${{ github.event_name != 'pull_request_target' }}
        shell: bash
        run: |
          mkdir -p image-digest/
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest@${{ steps.docker_build_ci_master.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_master.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt

      # PR updates
      - name: CI Build ${{ matrix.name }}
        if: ${{ github.event_name == 'pull_request_target' }}
        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
        id: docker_build_ci_pr
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.dockerfile }}
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}

      - name: CI Image Releases digests
        if: ${{ github.event_name == 'pull_request_target' }}
        shell: bash
        run: |
          mkdir -p image-digest/
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt

      - name: CI Image Releases digests
        if: ${{ github.event_name == 'pull_request_target' }}
        shell: bash
        run: |
          mkdir -p image-digest/
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt

      # Upload artifact digests
      - name: Upload artifact digests
        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
        with:
          name: image-digest ${{ matrix.name }}
          path: image-digest
          retention-days: 1

  image-digests:
    if: ${{ github.repository == 'cilium/hubble-ui' }}
    name: Display Digests
    runs-on: ubuntu-22.04
    needs: build-and-push-prs
    steps:
      - name: Downloading Image Digests
        shell: bash
        run: |
          mkdir -p image-digest/

      - name: Download digests of all images built
        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
        with:
          path: image-digest/

      - name: Image Digests Output
        shell: bash
        run: |
          cd image-digest/
          find -type f | sort | xargs -d '\n' cat