|
| 1 | +name: Podman Push |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_run: |
| 5 | + workflows: |
| 6 | + - 'PR Build Image (Hermetic)' |
| 7 | + types: |
| 8 | + - completed |
| 9 | + workflow_call: |
| 10 | + inputs: |
| 11 | + buildId: |
| 12 | + type: string |
| 13 | + description: The build identifier for artifact naming (e.g., PR number, 'nightly', 'main') |
| 14 | + required: false |
| 15 | + shortSha: |
| 16 | + type: string |
| 17 | + description: The short SHA for artifact naming |
| 18 | + required: false |
| 19 | + registry: |
| 20 | + type: string |
| 21 | + description: The registry to push to |
| 22 | + required: false |
| 23 | + default: quay.io |
| 24 | + |
| 25 | +jobs: |
| 26 | + podman-push: |
| 27 | + name: Push Podman Image to Registry |
| 28 | + runs-on: ubuntu-latest |
| 29 | + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} |
| 30 | + permissions: |
| 31 | + contents: read |
| 32 | + issues: write |
| 33 | + pull-requests: write |
| 34 | + |
| 35 | + steps: |
| 36 | + - name: Determine artifact name |
| 37 | + run: | |
| 38 | + if [ "${{ github.event_name }}" == "workflow_run" ]; then |
| 39 | + # For workflow_run, extract from the event context |
| 40 | + BUILD_ID="${{ github.event.workflow_run.pull_requests[0].number || 'main' }}" |
| 41 | + SHORT_SHA="${{ github.event.workflow_run.head_sha }}" |
| 42 | + SHORT_SHA="${SHORT_SHA:0:8}" |
| 43 | + else |
| 44 | + # For workflow_call, use the inputs |
| 45 | + BUILD_ID="${{ inputs.buildId || 'main' }}" |
| 46 | + SHORT_SHA="${{ inputs.shortSha }}" |
| 47 | + fi |
| 48 | + |
| 49 | + echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV |
| 50 | + ARTIFACT_NAME="podman-image-${BUILD_ID}-${SHORT_SHA}" |
| 51 | + echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> $GITHUB_ENV |
| 52 | + echo "SKIP_ARTIFACT_NAME=pr-${BUILD_ID}-${SHORT_SHA}-isSkipped" >> $GITHUB_ENV |
| 53 | + echo "Using artifact name: $ARTIFACT_NAME" |
| 54 | + echo "Using skip artifact name: $SKIP_ARTIFACT_NAME" |
| 55 | +
|
| 56 | + - name: Download Skip Status Artifact |
| 57 | + id: download-skip-status |
| 58 | + uses: actions/download-artifact@v4 |
| 59 | + with: |
| 60 | + name: ${{ env.SKIP_ARTIFACT_NAME }} |
| 61 | + path: ./rhdh-skip-artifacts |
| 62 | + run-id: ${{ github.event.workflow_run.id || github.run_id }} |
| 63 | + github-token: ${{ secrets.GITHUB_TOKEN }} |
| 64 | + continue-on-error: true |
| 65 | + |
| 66 | + - name: Check Skip Status |
| 67 | + id: check-skip |
| 68 | + run: | |
| 69 | + if [ -f "./rhdh-skip-artifacts/isSkipped.txt" ]; then |
| 70 | + IS_SKIPPED=$(cat ./rhdh-skip-artifacts/isSkipped.txt) |
| 71 | + echo "Found skip status: $IS_SKIPPED" |
| 72 | + echo "is_skipped=$IS_SKIPPED" >> $GITHUB_OUTPUT |
| 73 | + else |
| 74 | + echo "Skip status artifact not found, proceeding with push" |
| 75 | + echo "is_skipped=false" >> $GITHUB_OUTPUT |
| 76 | + fi |
| 77 | +
|
| 78 | + - name: Download Image Artifacts |
| 79 | + if: ${{ steps.check-skip.outputs.is_skipped != 'true' }} |
| 80 | + uses: actions/download-artifact@v4 |
| 81 | + with: |
| 82 | + name: ${{ env.ARTIFACT_NAME }} |
| 83 | + path: ./rhdh-podman-artifacts |
| 84 | + run-id: ${{ github.event.workflow_run.id || github.run_id }} |
| 85 | + github-token: ${{ secrets.GITHUB_TOKEN }} |
| 86 | + |
| 87 | + - name: Load and prepare image |
| 88 | + if: ${{ steps.check-skip.outputs.is_skipped != 'true' }} |
| 89 | + id: prepare |
| 90 | + run: | |
| 91 | + # Check if artifacts exist |
| 92 | + if [ ! -f "./rhdh-podman-artifacts/image.tar" ]; then |
| 93 | + echo "Error: image.tar not found in artifacts" |
| 94 | + echo "This may make sense if the build was skipped" |
| 95 | + exit 1 |
| 96 | + fi |
| 97 | + |
| 98 | + # Load the image from tar file (contains all tags) |
| 99 | + podman load -i ./rhdh-podman-artifacts/image.tar |
| 100 | + |
| 101 | + # Read metadata |
| 102 | + REGISTRY=$(cat ./rhdh-podman-artifacts/registry.txt) |
| 103 | + IMAGE_NAME=$(cat ./rhdh-podman-artifacts/imageName.txt) |
| 104 | + TAGS_LIST=$(cat ./rhdh-podman-artifacts/tags.txt) |
| 105 | + |
| 106 | + echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV |
| 107 | + echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_OUTPUT |
| 108 | + |
| 109 | + echo "Loaded images:" |
| 110 | + podman images |
| 111 | + |
| 112 | + echo "Full tags from metadata:" |
| 113 | + echo "$TAGS_LIST" |
| 114 | + |
| 115 | + # Use a heredoc since TAGS_LIST contains newlines |
| 116 | + echo "tags<<EOF" >> $GITHUB_OUTPUT |
| 117 | + echo "$TAGS_LIST" >> $GITHUB_OUTPUT |
| 118 | + echo "EOF" >> $GITHUB_OUTPUT |
| 119 | +
|
| 120 | + - name: Push Images |
| 121 | + if: ${{ steps.check-skip.outputs.is_skipped != 'true' }} |
| 122 | + uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8 |
| 123 | + with: |
| 124 | + tags: ${{ steps.prepare.outputs.tags }} |
| 125 | + username: ${{ secrets.QUAY_USERNAME }} |
| 126 | + password: ${{ secrets.QUAY_TOKEN }} |
| 127 | + |
| 128 | + - name: Extract PR info for commenting |
| 129 | + id: get-pr |
| 130 | + if: ${{ github.event_name == 'workflow_run' }} |
| 131 | + env: |
| 132 | + WORKFLOW_RUN_PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number || '' }} |
| 133 | + WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} |
| 134 | + run: | |
| 135 | + if [ -n "$WORKFLOW_RUN_PR_NUMBER" ]; then |
| 136 | + echo "pr_number=$WORKFLOW_RUN_PR_NUMBER" >> $GITHUB_OUTPUT |
| 137 | + else |
| 138 | + echo "No PR number found in workflow_run context" |
| 139 | + fi |
| 140 | +
|
| 141 | + - name: Log skip status |
| 142 | + if: ${{ steps.check-skip.outputs.is_skipped == 'true' }} |
| 143 | + run: | |
| 144 | + echo "🚫 Image Push Skipped" |
| 145 | + echo "The container image push was skipped because the build was skipped" |
| 146 | + echo "(either due to [skip-build] tag or no relevant changes with existing image)" |
| 147 | +
|
| 148 | + - name: Comment the image pull link |
| 149 | + if: ${{ steps.check-skip.outputs.is_skipped != 'true' && github.event_name == 'workflow_run' && steps.get-pr.outputs.pr_number }} |
| 150 | + uses: actions/github-script@v7 |
| 151 | + env: |
| 152 | + PUSHED_TAGS: ${{ steps.prepare.outputs.tags }} |
| 153 | + PR_NUMBER: ${{ steps.get-pr.outputs.pr_number }} |
| 154 | + with: |
| 155 | + script: | |
| 156 | + const prNumber = process.env.PR_NUMBER; |
| 157 | + const pushedTags = process.env.PUSHED_TAGS; |
| 158 | + |
| 159 | + if (!prNumber) { |
| 160 | + console.log('No pull request number found'); |
| 161 | + return; |
| 162 | + } |
| 163 | + |
| 164 | + if (!pushedTags) { |
| 165 | + console.log('No pushed tags found'); |
| 166 | + return; |
| 167 | + } |
| 168 | + |
| 169 | + const tags = pushedTags.trim().split('\n').filter(tag => tag.trim()); |
| 170 | + |
| 171 | + if (tags.length === 0) { |
| 172 | + console.log('No valid tags found'); |
| 173 | + return; |
| 174 | + } |
| 175 | + |
| 176 | + console.log(`Found ${tags.length} tags:`, tags); |
| 177 | + |
| 178 | + const tagLinks = tags.map(fullTag => { |
| 179 | + return `* [\`${fullTag}\`](https://${fullTag})`; |
| 180 | + }).join('\n'); |
| 181 | + |
| 182 | + const body = `The image is available at:\n\n${tagLinks}\n\n`; |
| 183 | + |
| 184 | + console.log(`Creating comment for PR ${prNumber} with body:\n ${body}`); |
| 185 | +
|
| 186 | + github.rest.issues.createComment({ |
| 187 | + issue_number: parseInt(prNumber), |
| 188 | + owner: context.repo.owner, |
| 189 | + repo: context.repo.repo, |
| 190 | + body: body |
| 191 | + }) |
| 192 | +
|
0 commit comments