name: Build operator description: Build and upload a container image for a Constellation operator inputs: name: description: "Name of the operator" required: true sourceDir: description: "Path to the operators source directory" required: true pushTag: description: "Use this image tag" required: false githubToken: description: "GitHub authorization token" required: true cosignPublicKey: description: "Cosign public key" required: false cosignPrivateKey: description: "Cosign private key" required: false cosignPassword: description: "Password for Cosign private key" required: false # Linux runner only (Docker required) runs: using: "composite" steps: - name: Determine pseudo version id: pseudo-version uses: ./.github/actions/pseudo_version - name: Install operator-sdk uses: ./.github/actions/install_operator_sdk with: version: v1.22.2 - name: Log in to the Container registry id: docker-login uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ inputs.githubToken }} - name: Docker metadata id: meta uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0 with: images: | ghcr.io/${{ github.repository }}/${{ inputs.name }} tags: | type=raw,value=latest,enable={{is_default_branch}} type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }} type=raw,value=${{ steps.pseudo-version.outputs.version }},enable=${{ '' != steps.pseudo-version.outputs.version }} type=ref,event=branch - name: Build and push container image id: build-image uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: . file: ${{ inputs.sourceDir }}/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} - name: Generate SBOM if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' uses: ./.github/actions/container_sbom with: containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}@${{ steps.build-image.outputs.digest }} cosignPublicKey: ${{ inputs.cosignPublicKey }} cosignPrivateKey: ${{ inputs.cosignPrivateKey }} cosignPassword: ${{ inputs.cosignPassword }} - name: Bundle for pseudo version if: steps.pseudo-version.outputs.version != '' && inputs.pushTag == '' shell: bash working-directory: ${{ inputs.sourceDir }} env: VERSION: ${{ steps.pseudo-version.outputs.version }} run: make bundle VERSION=${VERSION#v} - name: Bundle for semantic version if: inputs.pushTag != '' shell: bash working-directory: ${{ inputs.sourceDir }} env: VERSION: ${{ inputs.pushTag }} run: make bundle VERSION=${VERSION#v} - name: Docker metadata for bundle id: bundle-meta uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0 with: images: | ghcr.io/${{ github.repository }}/${{ inputs.name }}-bundle tags: | type=raw,value=latest,enable={{is_default_branch}} type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }} type=raw,value=${{ steps.pseudo-version.outputs.version }},enable=${{ '' != steps.pseudo-version.outputs.version }} type=ref,event=branch - name: Build and push bundle image id: build-image-bundle uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: ${{ inputs.sourceDir }} file: ${{ inputs.sourceDir }}/bundle.Dockerfile push: true tags: ${{ steps.bundle-meta.outputs.tags }} - name: Generate Bundle SBOM if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' uses: ./.github/actions/container_sbom with: containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}-bundle@${{ steps.build-image-bundle.outputs.digest }} cosignPublicKey: ${{ inputs.cosignPublicKey }} cosignPrivateKey: ${{ inputs.cosignPrivateKey }} cosignPassword: ${{ inputs.cosignPassword }} - name: Build and push catalog for pseudo versions if: steps.pseudo-version.outputs.version != '' && inputs.pushTag == '' shell: bash working-directory: ${{ inputs.sourceDir }} env: VERSION: ${{ steps.pseudo-version.outputs.version }} run: make VERSION=${VERSION#v} catalog-build catalog-push - name: Build and push catalog for releases if: inputs.pushTag != '' shell: bash working-directory: ${{ inputs.sourceDir }} env: VERSION: ${{ inputs.pushTag }} run: make VERSION=${VERSION#v} catalog-build catalog-push