constellation/.github/actions/build_operator/action.yml

name: Build operator
description: Build and upload a container image for a Constellation operator
inputs:
  name:
    description: "Name of the operator"
    required: true
  sourceDir:
    description: "Path to the operators source directory"
    required: true
  pushTag:
    description: "Use this image tag"
    required: false
  githubToken:
    description: "GitHub authorization token"
    required: true
  cosignPublicKey:
    description: "Cosign public key"
    required: false
  cosignPrivateKey:
    description: "Cosign private key"
    required: false
  cosignPassword:
    description: "Password for Cosign private key"
    required: false

# Linux runner only (Docker required)
runs:
  using: "composite"
  steps:
    - name: Determine pseudo version
      id: pseudo-version
      uses: ./.github/actions/pseudo_version

    - name: Install operator-sdk
      uses: ./.github/actions/install_operator_sdk
      with:
        version: v1.22.2

    - name: Log in to the Container registry
      id: docker-login
      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ inputs.githubToken }}

    - name: Docker metadata
      id: meta
      uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
      with:
        images: |
          ghcr.io/${{ github.repository }}/${{ inputs.name }}
        tags: |
          type=raw,value=latest,enable={{is_default_branch}}
          type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }}
          type=raw,value=${{ steps.pseudo-version.outputs.pseudoVersion }},enable=${{ '' != steps.pseudo-version.outputs.pseudoVersion }}
          type=ref,event=branch

    - name: Build and push container image
      id: build-image
      uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0
      with:
        context: .
        file: ${{ inputs.sourceDir }}/Dockerfile
        push: true
        tags: ${{ steps.meta.outputs.tags }}

    - name: Generate SBOM
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
      uses: ./.github/actions/container_sbom
      with:
        containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}@${{ steps.build-image.outputs.digest }}
        cosignPublicKey: ${{ inputs.cosignPublicKey }}
        cosignPrivateKey: ${{ inputs.cosignPrivateKey }}
        cosignPassword: ${{ inputs.cosignPassword }}

    - name: Bundle for pseudo version
      if: steps.pseudo-version.outputs.pseudoVersion != '' && inputs.pushTag == ''
      shell: bash
      working-directory: ${{ inputs.sourceDir }}
      env:
        VERSION: ${{ steps.pseudo-version.outputs.pseudoVersion }}
      run: make bundle VERSION=${VERSION#v}

    - name: Bundle for semantic version
      if: inputs.pushTag != ''
      shell: bash
      working-directory: ${{ inputs.sourceDir }}
      env:
        VERSION: ${{ inputs.pushTag }}
      run: make bundle VERSION=${VERSION#v}

    - name: Docker metadata for bundle
      id: bundle-meta
      uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
      with:
        images: |
          ghcr.io/${{ github.repository }}/${{ inputs.name }}-bundle
        tags: |
          type=raw,value=latest,enable={{is_default_branch}}
          type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }}
          type=raw,value=${{ steps.pseudo-version.outputs.pseudoVersion }},enable=${{ '' != steps.pseudo-version.outputs.pseudoVersion }}
          type=ref,event=branch

    - name: Build and push bundle image
      id: build-image-bundle
      uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0
      with:
        context: ${{ inputs.sourceDir }}
        file: ${{ inputs.sourceDir }}/bundle.Dockerfile
        push: true
        tags: ${{ steps.bundle-meta.outputs.tags }}

    - name: Generate Bundle SBOM
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
      uses: ./.github/actions/container_sbom
      with:
        containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}-bundle@${{ steps.build-image-bundle.outputs.digest }}
        cosignPublicKey: ${{ inputs.cosignPublicKey }}
        cosignPrivateKey: ${{ inputs.cosignPrivateKey }}
        cosignPassword: ${{ inputs.cosignPassword }}

    - name: Build and push catalog for pseudo versions
      if: steps.pseudo-version.outputs.pseudoVersion != '' && inputs.pushTag == ''
      shell: bash
      working-directory: ${{ inputs.sourceDir }}
      env:
        VERSION: ${{ steps.pseudo-version.outputs.pseudoVersion }}
      run: make VERSION=${VERSION#v} catalog-build catalog-push

    - name: Build and push catalog for releases
      if: inputs.pushTag != ''
      shell: bash
      working-directory: ${{ inputs.sourceDir }}
      env:
        VERSION: ${{ inputs.pushTag }}
      run: make VERSION=${VERSION#v} catalog-build catalog-push
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`name: Build operator`
			`description: Build and upload a container image for a Constellation operator`
			`inputs:`
			`name:`
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`description: "Name of the operator"`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`required: true`
			`sourceDir:`
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`description: "Path to the operators source directory"`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`required: true`
			`pushTag:`
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`description: "Use this image tag"`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`required: false`
			`githubToken:`
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`description: "GitHub authorization token"`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`required: true`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`cosignPublicKey:`
			`description: "Cosign public key"`
			`required: false`
			`cosignPrivateKey:`
			`description: "Cosign private key"`
			`required: false`
			`cosignPassword:`
			`description: "Password for Cosign private key"`
			`required: false`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`# Linux runner only (Docker required)`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`runs:`
			`using: "composite"`
			`steps:`
			`- name: Determine pseudo version`
			`id: pseudo-version`
			`uses: ./.github/actions/pseudo_version`

			`- name: Install operator-sdk`
			`uses: ./.github/actions/install_operator_sdk`
			`with:`
			`version: v1.22.2`

			`- name: Log in to the Container registry`
			`id: docker-login`
Delete dependabot and prepare renovate (#238) * Delete microserivce template. * Remove dependabot config * Prepare renovate by adopting GitHub actions syntax Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-12 12:05:58 -04:00			`uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`with:`
			`registry: ghcr.io`
			`username: ${{ github.actor }}`
			`password: ${{ inputs.githubToken }}`

			`- name: Docker metadata`
			`id: meta`
Update GitHub action dependencies (#1007) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 11:04:46 -05:00			`uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`with:`
			`images: \|`
			`ghcr.io/${{ github.repository }}/${{ inputs.name }}`
			`tags: \|`
			`type=raw,value=latest,enable={{is_default_branch}}`
			`type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }}`
			`type=raw,value=${{ steps.pseudo-version.outputs.pseudoVersion }},enable=${{ '' != steps.pseudo-version.outputs.pseudoVersion }}`
			`type=ref,event=branch`

			`- name: Build and push container image`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`id: build-image`
Update GitHub action dependencies (#1007) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 11:04:46 -05:00			`uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`with:`
operator: add v2 to package name 2023-01-04 13:04:28 -05:00			`context: .`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`file: ${{ inputs.sourceDir }}/Dockerfile`
			`push: true`
			`tags: ${{ steps.meta.outputs.tags }}`

sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`- name: Generate SBOM`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`uses: ./.github/actions/container_sbom`
			`with:`
			`containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}@${{ steps.build-image.outputs.digest }}`
			`cosignPublicKey: ${{ inputs.cosignPublicKey }}`
			`cosignPrivateKey: ${{ inputs.cosignPrivateKey }}`
			`cosignPassword: ${{ inputs.cosignPassword }}`

CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`- name: Bundle for pseudo version`
ci: remove unneeded brackets in if statements Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-17 12:49:00 -05:00			`if: steps.pseudo-version.outputs.pseudoVersion != '' && inputs.pushTag == ''`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`shell: bash`
			`working-directory: ${{ inputs.sourceDir }}`
			`env:`
			`VERSION: ${{ steps.pseudo-version.outputs.pseudoVersion }}`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`run: make bundle VERSION=${VERSION#v}`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00
			`- name: Bundle for semantic version`
ci: remove unneeded brackets in if statements Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-17 12:49:00 -05:00			`if: inputs.pushTag != ''`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`shell: bash`
			`working-directory: ${{ inputs.sourceDir }}`
			`env:`
			`VERSION: ${{ inputs.pushTag }}`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`run: make bundle VERSION=${VERSION#v}`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00
			`- name: Docker metadata for bundle`
			`id: bundle-meta`
Update GitHub action dependencies (#1007) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 11:04:46 -05:00			`uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`with:`
			`images: \|`
			`ghcr.io/${{ github.repository }}/${{ inputs.name }}-bundle`
			`tags: \|`
			`type=raw,value=latest,enable={{is_default_branch}}`
			`type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }}`
			`type=raw,value=${{ steps.pseudo-version.outputs.pseudoVersion }},enable=${{ '' != steps.pseudo-version.outputs.pseudoVersion }}`
			`type=ref,event=branch`

			`- name: Build and push bundle image`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`id: build-image-bundle`
Update GitHub action dependencies (#1007) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 11:04:46 -05:00			`uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`with:`
			`context: ${{ inputs.sourceDir }}`
			`file: ${{ inputs.sourceDir }}/bundle.Dockerfile`
			`push: true`
			`tags: ${{ steps.bundle-meta.outputs.tags }}`

sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`- name: Generate Bundle SBOM`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`uses: ./.github/actions/container_sbom`
			`with:`
			`containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}-bundle@${{ steps.build-image-bundle.outputs.digest }}`
			`cosignPublicKey: ${{ inputs.cosignPublicKey }}`
			`cosignPrivateKey: ${{ inputs.cosignPrivateKey }}`
			`cosignPassword: ${{ inputs.cosignPassword }}`

CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`- name: Build and push catalog for pseudo versions`
ci: remove unneeded brackets in if statements Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-17 12:49:00 -05:00			`if: steps.pseudo-version.outputs.pseudoVersion != '' && inputs.pushTag == ''`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`shell: bash`
			`working-directory: ${{ inputs.sourceDir }}`
			`env:`
			`VERSION: ${{ steps.pseudo-version.outputs.pseudoVersion }}`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`run: make VERSION=${VERSION#v} catalog-build catalog-push`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00
			`- name: Build and push catalog for releases`
ci: remove unneeded brackets in if statements Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-17 12:49:00 -05:00			`if: inputs.pushTag != ''`
CI: build and upload node operator 2022-08-08 09:50:37 -04:00			`shell: bash`
			`working-directory: ${{ inputs.sourceDir }}`
			`env:`
			`VERSION: ${{ inputs.pushTag }}`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`run: make VERSION=${VERSION#v} catalog-build catalog-push`