constellation/.github/actions/find_latest_image/action.yml

name: Find latest image
description: 'Find the latest image reference for a given ref/stream.'

inputs:
  git-ref:
    description: 'Git ref to checkout.'
  imageVersion:
    description: 'Image version to use. If set, no image will be searched for and the specified image will be returned.'
  ref:
    description: 'The ref the image was built on. (e.g. "main")'
    default: 'main'
  stream:
    description: 'The publication stream of the image. (e.g. "debug")'
    default: 'debug'

outputs:
  image:
    description: "Image reference to be used in the cluster."
    value: ${{ steps.find-latest-image.outputs.output }}${{ steps.use-given-image.outputs.output }}
  isDebugImage:
    description: "Whether the image is a debug image."
    value: ${{ steps.isDebugImage.outputs.isDebugImage }}

runs:
  using: 'composite'
  steps:
    - name: Checkout head
      if: inputs.imageVersion == '' && inputs.git-ref == 'head'
      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
      with:
        ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

    - name: Checkout ref
      if: inputs.imageVersion == '' && inputs.git-ref != 'head'
      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
      with:
        ref: ${{ inputs.git-ref }}

    - name: Login to AWS
      if: inputs.imageVersion == ''
      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
      with:
        role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
        aws-region: eu-central-1

    - name: Find latest image
      id: find-latest-image
      if: inputs.imageVersion == ''
      uses: ./.github/actions/versionsapi
      with:
        command: latest
        ref: ${{ inputs.ref }}
        stream: ${{ inputs.stream }}

    - name: Use given image
      id: use-given-image
      if: inputs.imageVersion != ''
      shell: bash
      run: |
        echo "output=${{ inputs.imageVersion }}" | tee -a "$GITHUB_OUTPUT"

    - name: Is debug image?
      id: isDebugImage
      shell: bash
      run: |
        case "${{ inputs.imageVersion }}" in
          "")
            echo "isDebugImage=true" | tee -a "$GITHUB_OUTPUT"
            ;;
          *"/stream/debug/"*)
            echo "isDebugImage=true" | tee -a "$GITHUB_OUTPUT"
            ;;
          *)
            echo "isDebugImage=false" | tee -a "$GITHUB_OUTPUT"
            ;;
        esac
terraform: add Terraform module for Azure (#2566) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> 2023-11-13 12:46:20 -05:00			`name: Find latest image`
			`description: 'Find the latest image reference for a given ref/stream.'`

			`inputs:`
			`git-ref:`
			`description: 'Git ref to checkout.'`
			`imageVersion:`
			`description: 'Image version to use. If set, no image will be searched for and the specified image will be returned.'`
			`ref:`
			`description: 'The ref the image was built on. (e.g. "main")'`
			`default: 'main'`
			`stream:`
			`description: 'The publication stream of the image. (e.g. "debug")'`
			`default: 'debug'`

			`outputs:`
			`image:`
			`description: "Image reference to be used in the cluster."`
ci: use given image if set (#2655) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> 2023-11-28 08:34:02 -05:00			`value: ${{ steps.find-latest-image.outputs.output }}${{ steps.use-given-image.outputs.output }}`
terraform: add Terraform module for Azure (#2566) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> 2023-11-13 12:46:20 -05:00			`isDebugImage:`
			`description: "Whether the image is a debug image."`
			`value: ${{ steps.isDebugImage.outputs.isDebugImage }}`

			`runs:`
			`using: 'composite'`
			`steps:`
			`- name: Checkout head`
			`if: inputs.imageVersion == '' && inputs.git-ref == 'head'`
			`uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0`
			`with:`
			`ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref \|\| '' }}`

			`- name: Checkout ref`
			`if: inputs.imageVersion == '' && inputs.git-ref != 'head'`
			`uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0`
			`with:`
			`ref: ${{ inputs.git-ref }}`

			`- name: Login to AWS`
			`if: inputs.imageVersion == ''`
			`uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1`
			`with:`
			`role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead`
			`aws-region: eu-central-1`

			`- name: Find latest image`
			`id: find-latest-image`
			`if: inputs.imageVersion == ''`
			`uses: ./.github/actions/versionsapi`
			`with:`
			`command: latest`
			`ref: ${{ inputs.ref }}`
			`stream: ${{ inputs.stream }}`

ci: use given image if set (#2655) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> 2023-11-28 08:34:02 -05:00			`- name: Use given image`
			`id: use-given-image`
			`if: inputs.imageVersion != ''`
			`shell: bash`
			`run: \|`
			`echo "output=${{ inputs.imageVersion }}" \| tee -a "$GITHUB_OUTPUT"`

terraform: add Terraform module for Azure (#2566) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> 2023-11-13 12:46:20 -05:00			`- name: Is debug image?`
			`id: isDebugImage`
			`shell: bash`
			`run: \|`
			`case "${{ inputs.imageVersion }}" in`
			`"")`
			`echo "isDebugImage=true" \| tee -a "$GITHUB_OUTPUT"`
			`;;`
			`"/stream/debug/")`
			`echo "isDebugImage=true" \| tee -a "$GITHUB_OUTPUT"`
			`;;`
			`*)`
			`echo "isDebugImage=false" \| tee -a "$GITHUB_OUTPUT"`
			`;;`
			`esac`