From e83dff656cfb669351282cfedcbd0adcaa4eec69 Mon Sep 17 00:00:00 2001 From: "adam.orcholski" Date: Tue, 9 Dec 2025 18:16:36 +0100 Subject: [PATCH 1/2] removes prepare-build-variables.sh script from the CI workflow adds metada action --- .github/actions/build-push-image/action.yaml | 58 +++--------- .github/actions/metadata/action.yaml | 95 ++++++++++++++++++++ .github/actions/preflight/action.yaml | 23 ++--- .github/workflows/ci.yaml | 23 +---- hack/build/ci/prepare-build-variables.sh | 15 +--- 5 files changed, 126 insertions(+), 88 deletions(-) create mode 100644 .github/actions/metadata/action.yaml diff --git a/.github/actions/build-push-image/action.yaml b/.github/actions/build-push-image/action.yaml index e375832c87..7f0d50e155 100644 --- a/.github/actions/build-push-image/action.yaml +++ b/.github/actions/build-push-image/action.yaml @@ -24,6 +24,15 @@ outputs: runs: using: "composite" steps: + - name: Build image metadata + uses: ./.github/actions/metadata + id: meta + with: + platforms: ${{ inputs.platforms }} + annotation: ${{ inputs.annotation }} + dockerfile: ${{ inputs.dockerfile }} + images: ${{ inputs.images }} + suffix: ${{ inputs.suffix }} - name: Set up QEMU uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx @@ -32,62 +41,23 @@ runs: uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: "${{ github.workspace }}/go.mod" - - name: Prepare build parameters - id: prep - shell: bash - run: | - hack/build/ci/prepare-build-variables.sh - name: Download third party licenses shell: bash run: | hack/build/ci/third-party-licenses.sh - - name: Set build date + - name: Prepare linker args + id: linker-args shell: bash - id: set-build-date run: | - echo "date=$(date --iso-8601)" >> $GITHUB_OUTPUT - - name: Docker metadata - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 - id: meta - env: - DOCKER_METADATA_ANNOTATIONS_LEVELS: ${{ contains(inputs.platforms, ',') && 'manifest,index' || 'manifest' }} - with: - images: ${{ inputs.images }} - flavor: | - # prepend suffixes (like "fips") with a dash - suffix=${{ inputs.suffix != '' && format('-{0}', inputs.suffix) || '' }} - labels: | - # default retention policy - quay.expires-after=10d - # releases and snapshots of the main branch should never expire - ${{ ((github.ref_type == 'tag' && startsWith(github.ref_name, 'release-')) || github.ref_name == 'main') && 'quay.expires-after=' }} - # retention policy for nightly builds - ${{ github.event_name == 'schedule' && 'quay.expires-after=14d' }} - vcs-ref=${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} - build-date=${{ steps.set-build-date.outputs.date }} - tags: | - # PRs - type=raw,value=snapshot-${{ github.head_ref }},enable=${{ github.event_name == 'pull_request' }} - # main branches (not including nightly builds) - type=raw,value=snapshot,enable=${{ github.ref_name == 'main' && github.event_name != 'schedule' }} - # nightly builds - type=raw,value=nightly-${{ steps.set-build-date.outputs.date }},enable=${{ github.event_name == 'schedule' }} - type=raw,value=nightly,enable=${{ github.event_name == 'schedule' }} - # tags - type=raw,value=${{ github.ref_name }},enable=${{ github.ref_type == 'tag' }} - # all other branches including 'release-*' branches except 'main' - type=raw,value=${{ steps.prep.outputs.docker_image_tag_without_prefix }},enable=${{ !(github.event_name == 'pull_request' || github.ref_name == 'main' || github.ref_type == 'tag') }},priority=0 - annotations: | - ${{ inputs.annotation }} - version=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }} + go_linker_args=$(hack/build/create_go_linker_args.sh "${{ steps.meta.outputs.tag-names }}" "${{ github.sha }}") + echo "go_linker_args=${go_linker_args}" >> $GITHUB_OUTPUT - name: Build target id: build-target uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: builder: ${{ steps.buildx.outputs.name }} build-args: | - GO_LINKER_ARGS=${{ steps.prep.outputs.go_linker_args }} - GO_BUILD_TAGS=${{ steps.prep.outputs.go_build_tags }} + GO_LINKER_ARGS=${{ steps.linker-args.outputs.go_linker_args }} context: . file: ${{ inputs.dockerfile }} provenance: false diff --git a/.github/actions/metadata/action.yaml b/.github/actions/metadata/action.yaml new file mode 100644 index 0000000000..732f6994f2 --- /dev/null +++ b/.github/actions/metadata/action.yaml @@ -0,0 +1,95 @@ +name: Build image metadata +description: Builds image metadata +inputs: + platforms: + description: The platforms for which the image will be built + default: linux/amd64,linux/arm64 + required: true + annotation: + description: The annotation added to the built image + required: false + dockerfile: + description: The path to the Dockerfile to be used + default: ./Dockerfile + images: + description: Base names of the image tags + required: false + suffix: + description: Suffix appended to image tags + required: false +outputs: + annotations: + description: Annotations of the image + value: ${{ steps.meta.outputs.annotations }} + labels: + description: Labels of the image + value: ${{ steps.meta.outputs.labels }} + tags: + description: Tags of the image + value: ${{ steps.meta.outputs.tags }} + tag-names: + description: Tag-names of the image + value: ${{ steps.meta.outputs.tag-names }} +runs: + using: "composite" + steps: + - name: Sanitize names + id: sanitize + shell: bash + run: | + # Sanitize names + + ref_name=$(hack/build/ci/sanitize-branch-name.sh "${{ github.ref_name }}") + echo "ref_name=${ref_name}" >> $GITHUB_OUTPUT + echo "ref_name_without_prefix=${ref_name#v}" >> $GITHUB_OUTPUT + + head_ref=$(hack/build/ci/sanitize-branch-name.sh "${{ github.head_ref }}") + echo "head_ref=${head_ref}" >> $GITHUB_OUTPUT + - name: Set build date + shell: bash + id: set-build-date + run: | + # Set build date + + echo "date=$(date --iso-8601)" >> $GITHUB_OUTPUT + - name: Docker metadata + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + id: meta + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: ${{ contains(inputs.platforms, ',') && 'manifest,index' || 'manifest' }} + with: + images: ${{ inputs.images }} + flavor: | + # prepend suffixes (like "fips") with a dash + suffix=${{ inputs.suffix != '' && format('-{0}', inputs.suffix) || '' }} + labels: | + # default retention policy + quay.expires-after=10d + + # releases and snapshots of the main branch should never expire + ${{ ((github.ref_type == 'tag' && startsWith(github.ref_name, 'release-')) || github.ref_name == 'main') && 'quay.expires-after=' }} + + # retention policy for nightly builds + ${{ github.event_name == 'schedule' && 'quay.expires-after=14d' }} + + vcs-ref=${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} + build-date=${{ steps.set-build-date.outputs.date }} + tags: | + # PRs + type=raw,value=snapshot-${{ steps.sanitize.outputs.head_ref }},enable=${{ github.event_name == 'pull_request' }} + + # main branches (not including nightly builds) + type=raw,value=snapshot,enable=${{ github.ref_name == 'main' && github.event_name != 'schedule' }} + + # nightly builds + type=raw,value=nightly-${{ steps.set-build-date.outputs.date }},enable=${{ github.event_name == 'schedule' }} + type=raw,value=nightly,enable=${{ github.event_name == 'schedule' }} + + # tags + type=raw,value=${{ steps.sanitize.outputs.ref_name_without_prefix }},enable=${{ github.ref_type == 'tag' }} + + # all other branches including 'release-*' branches except 'main' + type=raw,value=snapshot-${{ steps.sanitize.outputs.ref_name }},enable=${{ !(github.event_name == 'pull_request' || github.ref_name == 'main' || github.ref_type == 'tag') }},priority=0 + annotations: | + ${{ inputs.annotation }} + version=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }} diff --git a/.github/actions/preflight/action.yaml b/.github/actions/preflight/action.yaml index 37f08b4d4a..9ff6cd05da 100644 --- a/.github/actions/preflight/action.yaml +++ b/.github/actions/preflight/action.yaml @@ -1,15 +1,13 @@ name: Preflight description: Does the preflight check inputs: - version: - description: The version the image is for - required: true - registry: - description: The registry where the image is uploaded - required: true - repository: - description: The repository in the registry where the image is uploaded + platforms: + description: The platforms for which the image will be built + default: linux/amd64,linux/arm64 required: true + images: + description: Base names of the image tags + required: false report-name: description: The name of the output report required: true @@ -27,6 +25,12 @@ inputs: runs: using: "composite" steps: + - name: Build image metadata + uses: ./.github/actions/metadata + id: meta + with: + platforms: ${{ inputs.platforms }} + images: ${{ inputs.images }} - name: Run preflight on image shell: bash env: @@ -34,9 +38,8 @@ runs: RHCC_PROJECT_ID: ${{ inputs.redhat-project-id }} # renovate datasource=github-releases depName=redhat-openshift-ecosystem/openshift-preflight PREFLIGHT_VERSION: 1.15.2 - IMAGE_URI: ${{ inputs.registry }}/${{ inputs.repository }}:${{ inputs.version }} run: | - hack/build/ci/preflight.sh "${{ env.PREFLIGHT_VERSION }}" "${{ env.IMAGE_URI}}" "${{ inputs.report-name }}" "${{ inputs.should-submit }}" + hack/build/ci/preflight.sh "${{ env.PREFLIGHT_VERSION }}" "${{ steps.meta.outputs.tags }}" "${{ inputs.report-name }}" "${{ inputs.should-submit }}" - name: Upload report uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 681a2bf25f..4f674fd15e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -261,22 +261,6 @@ jobs: - name: Check markdown links run: make markdown/link-check - prepare: - name: Prepare properties - needs: [detect-changes] - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - name: Prepare build parameters - id: prep - run: | - hack/build/ci/prepare-build-variables.sh - outputs: - labels: ${{ steps.prep.outputs.docker_image_labels }} - version: ${{ steps.prep.outputs.docker_image_tag }} - build-push: needs: [detect-changes] if: needs.detect-changes.outputs.is_docker_authorized && (needs.detect-changes.outputs.is_protected_branch || needs.detect-changes.outputs.go_changed || needs.detect-changes.outputs.docker_changed || needs.detect-changes.outputs.ci_changed) @@ -301,7 +285,7 @@ jobs: name: Run preflight on quay.io without submitting results when merging to main if: github.event_name == 'push' && github.ref == 'refs/heads/main' environment: Release - needs: [build-push, prepare] + needs: [build-push] runs-on: ubuntu-24.04 env: SCAN_REGISTRY: "quay.io" @@ -311,8 +295,7 @@ jobs: - name: Run preflight uses: ./.github/actions/preflight with: - version: ${{ needs.prepare.outputs.version }} - registry: ${{ env.DOCKER_REGISTRY }} - repository: ${{ env.DOCKER_REPOSITORY }} + platforms: ${{github.ref_protected && env.PLATFORMS || env.PR_PLATFORMS }} + images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY }} report-name: "preflight.json" should-submit: "false" diff --git a/hack/build/ci/prepare-build-variables.sh b/hack/build/ci/prepare-build-variables.sh index bbc8df55c1..3ab5e89fdb 100755 --- a/hack/build/ci/prepare-build-variables.sh +++ b/hack/build/ci/prepare-build-variables.sh @@ -20,23 +20,10 @@ create_docker_image_tag() { echo "snapshot-${ref_name}" } -create_docker_image_labels() { - if [[ "${GITHUB_REF_TYPE}" != "tag" ]] && [[ ! "${GITHUB_REF_NAME}" =~ ^release-* ]] && [[ "${GITHUB_REF_NAME}" != "main" ]]; then - echo "quay.expires-after=10d" - fi - - echo "build-date=$(date --iso-8601)" - echo "vcs-ref=${GITHUB_SHA}" -} - print_build_variables() { - local docker_image_tag docker_image_labels go_linker_args + local docker_image_tag docker_image_tag=$(create_docker_image_tag) - docker_image_labels=$(create_docker_image_labels) - go_linker_args=$(hack/build/create_go_linker_args.sh "${docker_image_tag}" "${GITHUB_SHA}") - echo "go_linker_args=${go_linker_args}" - echo "docker_image_labels=${docker_image_labels}" echo "docker_image_tag=${docker_image_tag}" echo "docker_image_tag_without_prefix=${docker_image_tag#v}" } From 6217ef7c7db0a8235d0ac8ee60ae253c93a48790 Mon Sep 17 00:00:00 2001 From: "adam.orcholski" Date: Thu, 11 Dec 2025 17:49:59 +0100 Subject: [PATCH 2/2] review: removes empty lines, fixes 'tags' logic --- .github/actions/metadata/action.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/actions/metadata/action.yaml b/.github/actions/metadata/action.yaml index 732f6994f2..2e870a0f3c 100644 --- a/.github/actions/metadata/action.yaml +++ b/.github/actions/metadata/action.yaml @@ -38,7 +38,6 @@ runs: shell: bash run: | # Sanitize names - ref_name=$(hack/build/ci/sanitize-branch-name.sh "${{ github.ref_name }}") echo "ref_name=${ref_name}" >> $GITHUB_OUTPUT echo "ref_name_without_prefix=${ref_name#v}" >> $GITHUB_OUTPUT @@ -50,7 +49,6 @@ runs: id: set-build-date run: | # Set build date - echo "date=$(date --iso-8601)" >> $GITHUB_OUTPUT - name: Docker metadata uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 @@ -86,7 +84,7 @@ runs: type=raw,value=nightly,enable=${{ github.event_name == 'schedule' }} # tags - type=raw,value=${{ steps.sanitize.outputs.ref_name_without_prefix }},enable=${{ github.ref_type == 'tag' }} + type=raw,value=${{ steps.sanitize.outputs.ref_name }},enable=${{ github.ref_type == 'tag' }} # all other branches including 'release-*' branches except 'main' type=raw,value=snapshot-${{ steps.sanitize.outputs.ref_name }},enable=${{ !(github.event_name == 'pull_request' || github.ref_name == 'main' || github.ref_type == 'tag') }},priority=0