Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move container images creation to release workflow #386

Merged
merged 1 commit into from
Jul 28, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 1 addition & 37 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Build, Test, Automerge and Tag
# This workflow runs on all PRs that are targetting the main branch.
#
# It runs the test suite. If the PR is a release PR, it automerges and tags the main branch with
# the corresonding new version. Finally, it retags the container image with latest.
# the corresonding new version.

on:
pull_request_target:
Expand Down Expand Up @@ -225,39 +225,3 @@ jobs:
custom_tag: ${{ steps.check_version_in_PR.outputs.PR_version }}
tag_prefix: ""
commit_sha: ${{ steps.main_sha.outputs.origin_main_sha }}

- name: Wait for image build to complete
# Quay is configured to automatically build our image. This waits
# for it to complete before proceeding successfully.
id: wait_for_image_build
if: ${{ steps.check_version_updated.outputs.updated == 'true'}}
run: |
expectedImage=quay.io/redhat-certification/chart-verifier:${{ steps.check_version_in_PR.outputs.PR_version }}
for i in {1..30}; do
s=60
echo "Querying Quay for "${expectedImage}" in ${s} seconds..."
sleep $s
skopeo inspect docker://"${expectedImage}" && echo "Image Found!" && exit 0
done
echo "ERR Image not found in allotted time."
exit 1

- name: Login to Quay as Bot
id: login_as_bot
if: ${{ steps.wait_for_image_build.outcome == 'success'}}
uses: redhat-actions/podman-login@v1
with:
username: ${{ secrets.QUAY_BOT_USERNAME }}
password: ${{ secrets.QUAY_BOT_TOKEN }}
registry: quay.io/redhat-certification

- name: Update latest tag
if: ${{ steps.login_as_bot.outcome == 'success'}}
id: update_latest_tag
# TODO: When we shift to a push-from-this-repo model (instead of Quay build model)
# we should transition this tag workflow to use the digest of the image built here in CI.
run: |
imageReference=quay.io/redhat-certification/chart-verifier
podman pull ${imageReference}:${{ steps.check_version_in_PR.outputs.PR_version }}
podman tag ${imageReference}:${{ steps.check_version_in_PR.outputs.PR_version }} ${imageReference}:latest
podman push ${imageReference}:latest
42 changes: 42 additions & 0 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Create container image on main

# This workflow builds a container image for each commit on the main branch.
# The image is tagged with the (short) commit ID and "main", and pushed to Quay.

on:
push:
branches:
- main
jobs:
image:
name: Build and push container images
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Get commit ID
id: get_commit_id
run: |
# Make the short commit ID available to the following steps.
COMMIT_ID=$(git rev-parse --short HEAD)
echo "commit_id=$COMMIT_ID" | tee -a $GITHUB_OUTPUT

- name: Build container images
id: build_container_images
run: |
# Build podman images locally
make build-image IMAGE_TAG=${{ steps.get_commit_id.outputs.commit_id }}
make build-image IMAGE_TAG=main

- name: Push to quay.io
id: push_to_quay
uses: redhat-actions/push-to-registry@v2
with:
image: chart-verifier
tags: |
${{ steps.get_commit_id.outputs.commit_id }}
main
registry: quay.io/redhat-certification
username: ${{ secrets.QUAY_BOT_USERNAME }}
password: ${{ secrets.QUAY_BOT_TOKEN }}
21 changes: 20 additions & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ name: create release on new tags
# Finally, as mentioned above, create a new tag (e.g. `git tag 1.12.2 && git push --tags`) to
# recreate the release.
#
# This workflow builds the tarball, creates the Github release and attaches the tarball to it.
# This workflow builds all release assets (the tarball and the container images), creates the
# Github release and attaches the tarball to it.

on:
push:
Expand Down Expand Up @@ -88,3 +89,21 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Build container images
id: build_container_images
run: |
# Build podman images locally
make build-image IMAGE_TAG=${{ steps.get_tag.outputs.release_version }}
make build-image IMAGE_TAG=latest

- name: Push to quay.io
id: push_to_quay
uses: redhat-actions/push-to-registry@v2
with:
image: chart-verifier
tags: |
${{ steps.get_tag.outputs.release_version }}
latest
registry: quay.io/redhat-certification
username: ${{ secrets.QUAY_BOT_USERNAME }}
password: ${{ secrets.QUAY_BOT_TOKEN }}
13 changes: 11 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ IMAGE_BUILDER?=podman
IMAGE_REPO?=quay.io/redhat-certification
COMMIT_ID=$(shell git rev-parse --short HEAD)
COMMIT_ID_LONG=$(shell git rev-parse HEAD)
IMAGE_TAG=$(COMMIT_ID)

default: bin

Expand Down Expand Up @@ -52,9 +53,17 @@ bin_win:
test:
go test -v ./...

# Build the container image. Usage: make build-image IMAGE_TAG=my_tag
# If IMAGE_TAG is not provided, use the COMMIT_ID
.PHONY: build-image
build-image:
$(IMAGE_BUILDER) build -t $(IMAGE_REPO)/chart-verifier:$(COMMIT_ID) .
$(IMAGE_BUILDER) build -t $(IMAGE_REPO)/chart-verifier:$(IMAGE_TAG) .

# Push the container image. Usage: make push-image IMAGE_TAG=my_tag
# If IMAGE_TAG is not provided, use the COMMIT_ID
.PHONY: push-image
push-image:
$(IMAGE_BUILDER) push $(IMAGE_REPO)/chart-verifier:$(IMAGE_TAG) .

.PHONY: gosec
gosec: install.gosec
Expand Down Expand Up @@ -86,4 +95,4 @@ define go-install-tool
@[ -f $(1) ] || { \
GOBIN=$(PROJECT_DIR)/out go install $(2) ;\
}
endef
endef
2 changes: 0 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# **chart-verifier**: Rules based tool to certify Helm charts

[![Docker Repository on Quay](https://quay.io/repository/redhat-certification/chart-verifier/status "Docker Repository on Quay")](https://quay.io/repository/redhat-certification/chart-verifier)

The **chart-verifier** CLI tool allows you to validate the Helm chart against a configurable list of checks. The tool ensures that the Helm charts include the associated metadata and formatting, and are distribution ready.

The tool allows users to validate a Helm chart URL and provides a report where each check has a `positive` or `negative` result. A negative result from a check indicates a problem with the chart, which needs correction. It ensures that the Helm chart works seamlessly on Red Hat OpenShift and can be submitted as a certified Helm chart in the [OpenShift Helm Repository](https://github.com/openshift-helm-charts).
Expand Down
Loading