GH Build+Release Actions (#85)

* Add build+push action to GH action, sync dockerfile with downstream
trustyai-explainability · Jul 18, 2023 · 107d58e · 107d58e
1 parent cb0e5a3
commit 107d58e
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 2 deletions.
diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
@@ -0,0 +1,87 @@
+name: Build and Push
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+    paths-ignore:
+      - 'LICENSE'
+      - '**/.gitignore'
+      - '**.md'
+      - '**.adoc'
+      - '*.txt'
+  pull_request_target:
+    paths-ignore:
+      - 'LICENSE'
+      - '**/.gitignore'
+      - '**.md'
+      - '**.adoc'
+      - '*.txt'
+    types: [labeled, opened, synchronize, reopened]
+jobs:
+  # Ensure that tests pass before publishing a new image.
+  build-and-push-ci:
+    runs-on: ubuntu-latest
+    steps: # Assign context variable for various action contexts (tag, main, CI)
+      - name: Assigning CI context
+        if: github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v')
+        run: echo "BUILD_CONTEXT=ci" >> $GITHUB_ENV
+      - name: Assigning tag context
+        if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v')
+        run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV
+      - name: Assigning main context
+        if: github.head_ref == '' && github.ref == 'refs/heads/main'
+        run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV
+      #
+      # Run checkouts
+      - uses: mheap/github-action-required-labels@v4
+        if: env.BUILD_CONTEXT == 'ci'
+        with:
+          mode: minimum
+          count: 1
+          labels: "ok-to-test, lgtm, approved"
+      - uses: actions/checkout@v3
+        if: env.BUILD_CONTEXT == 'ci'
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: actions/checkout@v3
+        if: env.BUILD_CONTEXT == 'main' ||  env.BUILD_CONTEXT == 'tag'
+      #
+      # Print variables for debugging
+      - name: Log reference variables
+        run: |
+          echo "CONTEXT: ${{ env.BUILD_CONTEXT }}"
+          echo "GITHUB.REF: ${{ github.ref }}"
+          echo "GITHUB.HEAD_REF: ${{ github.head_ref }}"
+          echo "SHA: ${{ github.event.pull_request.head.sha }}"
+          echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest"
+          echo "CI IMAGE AT: quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}"
+      #
+      # Set environments depending on context
+      - name: Set CI environment
+        if:  env.BUILD_CONTEXT == 'ci'
+        run: | 
+          echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
+          echo "IMAGE_NAME=quay.io/trustyai/trustyai-service-operator-ci" >> $GITHUB_ENV
+      - name: Set main-branch environment
+        if:  env.BUILD_CONTEXT == 'main'
+        run: |
+          echo "TAG=latest" >> $GITHUB_ENV
+          echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
+      - name: Set tag environment
+        if: env.BUILD_CONTEXT == 'tag'
+        run: |
+          echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
+          echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
+      #
+      # Run docker commands
+      - name: Put expiry date on CI-tagged image
+        if:  env.BUILD_CONTEXT == 'ci'
+        run: sed -i 's#summary="odh-trustyai-service-operator\"#summary="odh-trustyai-service-operator" \\ \n      quay.expires-after=7d#' Dockerfile
+      - name: Log in to Quay
+        run: docker login -u ${{ secrets.QUAY_ROBOT_USERNAME }} -p ${{ secrets.QUAY_ROBOT_SECRET }} quay.io
+      - name: Build image
+        run: docker build -t ${{ env.IMAGE_NAME }}:$TAG .
+      - name: Push to Quay CI repo
+        run: docker push ${{ env.IMAGE_NAME }}:$TAG
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM registry.redhat.io/ubi8/go-toolset:1.19 as builder
+FROM registry.access.redhat.com/ubi8/go-toolset:1.19 as builder
 ARG TARGETOS
 ARG TARGETARCH
 
@@ -21,13 +21,24 @@ COPY controllers/ controllers/
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+USER root
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM registry.redhat.io/ubi8/ubi-minimal:8.7
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]
+
+LABEL com.redhat.component="odh-trustyai-service-operator-container" \
+      name="managed-open-data-hub/odh-trustyai-service-operator-rhel8" \
+      version="${CI_CONTAINER_VERSION}" \
+      summary="odh-trustyai-service-operator" \
+      io.openshift.expose-services="" \
+      io.k8s.display-name="odh-trustyai-service-operator" \
+      maintainer="['[email protected]']" \
+      description="The TrustyAI Operator manages TrustyAI deployments within a k8s cluster" \
+      com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf"