Merge pull request #169 from Kuadrant/ci-improve-build-images-job-for…

…-release-tag

ci: Improve build images job for release tags

.github/workflows/build-images-base.yaml

@@ -69,7 +69,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install qemu dependency
         run: |
           sudo apt-get update
@@ -91,6 +91,7 @@ jobs:
           build-args: |
             GIT_SHA=${{ github.sha }}
             DIRTY=false
+            VERSION=${{ inputs.operatorVersion }}
             QUAY_IMAGE_EXPIRY=${{ inputs.quayImageExpiry }}
       - name: Push Image
         if: ${{ !env.ACT }}

.github/workflows/build-images-for-tag-release.yaml

@@ -0,0 +1,197 @@
+name: Build and Publish Images For Tag Release
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+env:
+  IMG_REGISTRY_HOST: quay.io
+  IMG_REGISTRY_ORG: kuadrant
+  IMG_REGISTRY_REPO: limitador-operator
+  OPERATOR_NAME: limitador-operator
+
+jobs:
+  build:
+    name: Build and Push image
+    runs-on: ubuntu-latest
+    outputs:
+      build-tags: ${{ steps.build-image.outputs.tags }}
+      image: ${{ steps.push-to-quay.outputs.registry-path }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Read release string version
+        id: release
+        run: |
+          version=`make read-release-version`
+          echo version=$version >> $GITHUB_OUTPUT
+
+      - name: Print tags
+        run: echo "Git reference name = ${{ github.ref_name }}, release version = ${{ steps.release.outputs.version }}"
+      - name: Verify git reference name matches the release version
+        if: ${{ github.ref_name != steps.release.outputs.version }}
+        run: exit 1
+
+      - name: Install qemu dependency
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+
+      - name: Build Image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.OPERATOR_NAME }}
+          tags: ${{ github.ref_name }}
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            GIT_SHA=${{ github.sha }}
+            DIRTY=false
+            VERSION=${{ github.ref_name }}
+
+          dockerfiles: |
+            ./Dockerfile
+
+      - name: Print Build Info
+        run: echo "Image = ${{ steps.build-image.outputs.image }}, Tags = ${{ steps.build-image.outputs.tags }}"
+
+      - name: Push Image
+        if: github.repository_owner == 'kuadrant'
+        id: push-to-quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}
+          username: ${{ secrets.IMG_REGISTRY_USERNAME }}
+          password: ${{ secrets.IMG_REGISTRY_TOKEN }}
+
+      - name: Print Image URL
+        run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
+  build-bundle:
+    name: Build and Push bundle image
+    needs: [build]
+    runs-on: ubuntu-latest
+    outputs:
+      build-tags: ${{ steps.build-image.outputs.tags }}
+      image: ${{ steps.push-to-quay.outputs.registry-path }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Install yq tool
+        run: |
+          # following sub-shells running make target should have yq already installed
+          make yq
+      - name: Read operator image reference URL from the manifest bundle
+        id: parsed-operator-image
+        run: |
+          url=`make bundle-operator-image-url`
+          echo url=$url >> $GITHUB_OUTPUT
+      - name: Print tags and references
+        run: echo "Operator image tag = ${{ needs.build.outputs.image }}, Reference in bundle = ${{ steps.parsed-operator-image.outputs.url }}"
+      - name: Verify referenced operator image tag matches the tag currently being built
+        if: ${{ needs.build.outputs.image != steps.parsed-operator-image.outputs.url }}
+        run: exit 1
+
+      - name: Install qemu dependency
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+
+      - name: Build Image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.OPERATOR_NAME }}-bundle
+          tags: ${{ needs.build.outputs.build-tags }}
+          platforms: linux/amd64,linux/arm64
+          dockerfiles: |
+            ./bundle.Dockerfile
+
+      - name: Print Build Info
+        run: echo "Image = ${{ steps.build-image.outputs.image }}, Tags = ${{ steps.build-image.outputs.tags }}, Operator IMG = ${{ steps.parsed-operator-image.outputs.url }}"
+
+      - name: Push Image
+        if: github.repository_owner == 'kuadrant'
+        id: push-to-quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}
+          username: ${{ secrets.IMG_REGISTRY_USERNAME }}
+          password: ${{ secrets.IMG_REGISTRY_TOKEN }}
+
+      - name: Print Image URL
+        run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
+  build-catalog:
+    name: Build and Push catalog image
+    needs: [build, build-bundle]
+    runs-on: ubuntu-latest
+    outputs:
+      build-tags: ${{ steps.build-image.outputs.tags }}
+      image: ${{ steps.push-to-quay.outputs.registry-path }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Install yq tool
+        run: |
+          # following sub-shells running make target should have yq already installed
+          make yq
+      - name: Read operator bundle image reference
+        id: parsed-operator-bundle
+        run: |
+          image=`make print-bundle-image`
+          echo image=$image >> $GITHUB_OUTPUT
+      - name: Print tags and references
+        run: echo "Operator bundle image tag = ${{ needs.build-bundle.outputs.image }}, Reference in catalog = ${{ steps.parsed-operator-bundle.outputs.image }}"
+      - name: Verify referenced bundle tag matches the bundle tag currently being built
+        if: ${{ needs.build-bundle.outputs.image != steps.parsed-operator-bundle.outputs.image }}
+        run: exit 1
+      - name: Generate Catalog Content
+        run: make catalog
+      - name: Install qemu dependency
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+      - name: Build Image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.OPERATOR_NAME }}-catalog
+          tags: ${{ needs.build.outputs.build-tags }}
+          platforms: linux/amd64,linux/arm64
+          context: ./catalog
+          dockerfiles: ./catalog/${{ env.OPERATOR_NAME }}-catalog.Dockerfile
+
+      - name: Print Build Info
+        run: echo "Image = ${{ steps.build-image.outputs.image }}, Tags = ${{ steps.build-image.outputs.tags }}, Bundle IMG = ${{ steps.parsed-operator-bundle.outputs.image }}"
+
+      - name: Push Image
+        if: github.repository_owner == 'kuadrant'
+        id: push-to-quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}
+          username: ${{ secrets.IMG_REGISTRY_USERNAME }}
+          password: ${{ secrets.IMG_REGISTRY_TOKEN }}
+
+      - name: Print Image URL
+        run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
+  verify-builds:
+    name: Ensure all image references are equal (operator, bundle, catalog)
+    needs: [build, build-bundle, build-catalog]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Verify bundle and operator image tags match
+        if: ${{ needs.build.outputs.build-tags != needs.build-bundle.outputs.build-tags }}
+        run: exit 1
+      - name: Verify catalog and bundle tags match
+        if: ${{ needs.build-bundle.outputs.build-tags != needs.build-catalog.outputs.build-tags }}
+        run: exit 1

.github/workflows/release.yaml

@@ -8,11 +8,11 @@ on:
         required: true
       limitadorOperatorVersion:
         description: Limitador Operator bundle version
-        default: latest
+        default: 0.0.0
         type: string
       limitadorVersion:
         description: Limitador service version
-        default: latest
+        default: 0.0.0
         type: string
       prerelease:
         description: Is the release a pre release?
@@ -22,7 +22,7 @@ on:
 jobs:
   build:
     name: Release operator
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Install gettext-base
         run: |
@@ -34,24 +34,29 @@ jobs:
           go-version: 1.21.x
         id: go
       - name: Checkout code at git ref
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.gitRef }}
+          token: ${{ secrets.KUADRANT_DEV_PAT }}
       - name: Create release branch
         if: ${{ !startsWith(inputs.gitRef, 'release-v') }}
         run: |
           git checkout -b release-v${{ inputs.limitadorOperatorVersion }}
       - name: Prepare release
         run: |
+          make prepare-release \
           VERSION=${{ inputs.limitadorOperatorVersion }} \
-          LIMITADOR_VERSION=${{ inputs.limitadorVersion }} \
-          make prepare-release
+          LIMITADOR_VERSION=${{ inputs.limitadorVersion }}
       - name: Commit and push
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git add -A && git commit -s -m "Prepared release v${{ inputs.limitadorOperatorVersion }}"
-          git push origin release-v${{ inputs.limitadorOperatorVersion }}
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "Prepared release v${{ inputs.limitadorOperatorVersion }}"
+          commit_user_name: "github-actions[bot]"
+          commit_user_email: "github-actions[bot]@users.noreply.github.com"
+          branch: release-v${{ inputs.limitadorOperatorVersion }}
+          create_branch: true
+          tagging_message: v${{ inputs.limitadorOperatorVersion }}
+          commit_options: '--signoff'
       - name: Create release
         uses: softprops/action-gh-release@v1
         with:

Dockerfile

@@ -14,15 +14,17 @@ COPY main.go main.go
 COPY api/ api/
 COPY controllers/ controllers/
 COPY pkg/ pkg/
-COPY version/ version/
 
 # Build
 ARG GIT_SHA
 ARG DIRTY
+ARG VERSION
 
 ENV GIT_SHA=${GIT_SHA:-unknown}
 ENV DIRTY=${DIRTY:-unknown}
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -ldflags "-X main.gitSHA=${GIT_SHA} -X main.dirty=${DIRTY}" -o manager main.go
+ENV VERSION=${VERSION:-unknown}
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -ldflags "-X main.version=${VERSION} -X main.gitSHA=${GIT_SHA} -X main.dirty=${DIRTY}" -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Makefile

@@ -95,6 +95,7 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
+RELEASE_FILE = $(PROJECT_PATH)/make/release.mk
 
 all: build
 
@@ -264,19 +265,19 @@ test-unit: clean-cov generate fmt vet ## Run Unit tests.
 build: GIT_SHA=$(shell git rev-parse HEAD || echo "unknown")
 build: DIRTY=$(shell $(PROJECT_PATH)/utils/check-git-dirty.sh || echo "unknown")
 build: generate fmt vet ## Build manager binary.
-	   go build -ldflags "-X main.gitSHA=${GIT_SHA} -X main.dirty=${DIRTY}" -o bin/manager main.go
+	   go build -ldflags "-X main.version=v$(VERSION) -X main.gitSHA=${GIT_SHA} -X main.dirty=${DIRTY}" -o bin/manager main.go
 
 run: export LOG_LEVEL = debug
 run: export LOG_MODE = development
 run: GIT_SHA=$(shell git rev-parse HEAD || echo "unknown")
 run: DIRTY=$(shell $(PROJECT_PATH)/utils/check-git-dirty.sh || echo "unknown")
 run: manifests generate fmt vet ## Run a controller from your host.)
-	go run -ldflags "-X main.gitSHA=${GIT_SHA} -X main.dirty=${DIRTY}" ./main.go
+	go run -ldflags "-X main.version=v$(VERSION) -X main.gitSHA=${GIT_SHA} -X main.dirty=${DIRTY}" ./main.go
 
 docker-build: GIT_SHA=$(shell git rev-parse HEAD || echo "unknown")
 docker-build: DIRTY=$(shell $(PROJECT_PATH)/utils/check-git-dirty.sh || echo "unknown")
 docker-build: ## Build docker image with the manager.
-	docker build --build-arg GIT_SHA=$(GIT_SHA) --build-arg DIRTY=$(DIRTY) --build-arg QUAY_IMAGE_EXPIRY=$(QUAY_IMAGE_EXPIRY) -t $(IMG) .
+	docker build --build-arg VERSION=v$(VERSION) --build-arg GIT_SHA=$(GIT_SHA) --build-arg DIRTY=$(DIRTY) --build-arg QUAY_IMAGE_EXPIRY=$(QUAY_IMAGE_EXPIRY) -t $(IMG) .
 
 docker-push: ## Push docker image with the manager.
 	docker push $(IMG)
@@ -369,13 +370,28 @@ bundle-build: ## Build the bundle image.
 bundle-push: ## Push the bundle image.
 	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
 
+.PHONY: bundle-operator-image-url
+bundle-operator-image-url: $(YQ) ## Read operator image reference URL from the manifest bundle.
+	@$(YQ) '.metadata.annotations.containerImage' bundle/manifests/limitador-operator.clusterserviceversion.yaml
+
+print-bundle-image: ## Pring bundle images.
+	@echo $(BUNDLE_IMG)
+
 .PHONY: prepare-release
+prepare-release: IMG_TAG=v$(VERSION)
 prepare-release: ## Prepare the manifests for OLM and Helm Chart for a release.
+	echo -e "#Release default values\\nLIMITADOR_VERSION=$(LIMITADOR_VERSION)\nIMG=$(IMAGE_TAG_BASE):$(IMG_TAG)\nBUNDLE_IMG=$(IMAGE_TAG_BASE)-bundle:$(IMG_TAG)\n\
+	CATALOG_IMG=$(IMAGE_TAG_BASE)-catalog:$(IMG_TAG)\nCHANNELS=$(CHANNELS)\nBUNDLE_CHANNELS=--channels=$(CHANNELS)\n\
+	VERSION=$(VERSION)" > $(RELEASE_FILE)
 	$(MAKE) bundle VERSION=$(VERSION) \
 		LIMITADOR_VERSION=$(LIMITADOR_VERSION) \
 	$(MAKE) helm-build VERSION=$(VERSION) \
 		LIMITADOR_VERSION=$(LIMITADOR_VERSION)
 
+.PHONY: read-release-version
+read-release-version: ## Reads release version
+	@echo "v$(VERSION)"
+
 ##@ Misc
 
 .PHONY: local-env-setup