From a96ed22d0edce09e1789dbe75a35766ad3aba478 Mon Sep 17 00:00:00 2001
From: mgoerens <mgoerens@redhat.com>
Date: Mon, 24 Jul 2023 13:30:35 +0200
Subject: [PATCH] Move container images creation to release workflow

This makes it possible to retrigger the entire release process,
including all assets creation, by retagging the main branch.

Starting with this commit, build triggers on the
quay.io/redhat-certification/chart-verifier repo are no longer needed.

close #383
---
 .github/workflows/build.yaml   | 38 +---------------------------------
 .github/workflows/release.yaml | 25 +++++++++++++++++++++-
 2 files changed, 25 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index e7373281..8265da24 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -3,7 +3,7 @@ name: Build, Test, Automerge and Tag
 # This workflow runs on all PRs that are targetting the main branch.
 #
 # It runs the test suite. If the PR is a release PR, it automerges and tags the main branch with
-# the corresonding new version. Finally, it retags the container image with latest.
+# the corresonding new version.
 
 on:
     pull_request_target:
@@ -227,39 +227,3 @@ jobs:
                 custom_tag: ${{ steps.check_version_in_PR.outputs.PR_version }}
                 tag_prefix: ""
                 commit_sha: ${{ steps.master_sha.outputs.origin_master_sha }}
-
-            - name: Wait for image build to complete
-              # Quay is configured to automatically build our image. This waits
-              # for it to complete before proceeding successfully.
-              id: wait_for_image_build
-              if: ${{ steps.check_version_updated.outputs.updated == 'true'}}
-              run: |
-                expectedImage=quay.io/redhat-certification/chart-verifier:${{ steps.check_version_in_PR.outputs.PR_version }}
-                for i in {1..30}; do
-                  s=60
-                  echo "Querying Quay for "${expectedImage}" in ${s} seconds..." 
-                  sleep $s
-                  skopeo inspect docker://"${expectedImage}" && echo "Image Found!" && exit 0
-                done
-                echo "ERR Image not found in allotted time."
-                exit 1           
-          
-            - name: Login to Quay as Bot
-              id: login_as_bot
-              if: ${{ steps.wait_for_image_build.outcome == 'success'}}
-              uses: redhat-actions/podman-login@v1
-              with:
-                username: ${{ secrets.QUAY_BOT_USERNAME }}
-                password: ${{ secrets.QUAY_BOT_TOKEN }}
-                registry: quay.io/redhat-certification
-
-            - name: Update latest tag
-              if: ${{ steps.login_as_bot.outcome == 'success'}}
-              id: update_latest_tag
-              # TODO: When we shift to a push-from-this-repo model (instead of Quay build model)
-              # we should transition this tag workflow to use the digest of the image built here in CI.
-              run: |
-                imageReference=quay.io/redhat-certification/chart-verifier
-                podman pull ${imageReference}:${{ steps.check_version_in_PR.outputs.PR_version }}
-                podman tag ${imageReference}:${{ steps.check_version_in_PR.outputs.PR_version }} ${imageReference}:latest
-                podman push ${imageReference}:latest
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 29274f37..cddb717e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -18,7 +18,8 @@ name: create release on new tags
 # Finally, as mentioned above, create a new tag (e.g. `git tag 1.12.2 && git push --tags`) to
 # recreate the release.
 #
-# This workflow builds the tarball, creates the Github release and attaches the tarball to it.
+# This workflow builds all release assets (the tarball and the container images), creates the
+# Github release and attaches the tarball to it.
 
 on:
   push:
@@ -88,3 +89,25 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Build container images
+        id: build_container_images
+        run: |
+            # Build podman images locally
+            image_tag=${{ steps.get_tag.outputs.release_version }}
+            podman build \
+              -t quay.io/redhat-certification/chart-verifier:$image_tag \
+              -t quay.io/redhat-certification/chart-verifier:latest \
+              -t quay.io/redhat-certification/chart-verifier:main .
+
+      - name: Push to quay.io
+        id: push_to_quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: chart-verifier
+          tags: |
+            ${{ steps.get_tag.outputs.release_version }}
+            latest
+            main
+          registry: quay.io/redhat-certification
+          username: ${{ secrets.QUAY_BOT_USERNAME }}
+          password: ${{ secrets.QUAY_BOT_TOKEN }}