Skip to content

Commit

Permalink
add and use ocm-oci-build action
Browse files Browse the repository at this point in the history 
Add an opinionated action for building OCI-Images that will as an
additional output expose a (customisable) OCM-Resource-Fragment (which
can be used to generate an OCM-Component-Descriptor.
  • Loading branch information
@ccwienk
ccwienk committed Nov 11, 2024
1 parent 3344eb1 commit 7ea0b08
Show file tree
Hide file tree
Showing 2 changed files with 124 additions and 23 deletions.
111 changes: 111 additions & 0 deletions .github/actions/ocm-oci-build/action.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
name: Build and Push OCI-Image / OCM-Resource
description: |
Builds an OCI Image using `docker/build-push-action@v6`, and exposes a (customisable)
OCM Resource fragment as output (for being added to OCM Component-Descriptor).
For convenience, the action tries to authenticate against target-OCI-Registry using
github.com/gardener/cc-utils/.github/actions/gar-auth.
inputs:
name:
description: |
resource-name (used in OCM Resource Fragment; must be unique within component)
required: true
repository:
description: |
OCI Repository to push to (including registry, but excluding tag)
For example: `europe-docker.pkg.dev/gardener-project/snapshots/my-image`
required: true
version:
description: |
Used for both image-tag, and OCM Resource fragment.
required: true
extra-tags:
description: |
An optional list of additional image-tags (for example: latest)
required: false
ocm_labels:
description: |
An optional list of OCM Labels to add into OCM Resource fragment.
required: false
target:
description: |
docker-build target (similar to `docker build --target`)
required: no
default: null
oci_platforms:
description: |
OCI Platforms to build (comma-separated)
required: false
default: linux/amd64
dockerfile:
description: |
path to dockerfile to use; relative to `context`
required: false
default: Dockerfile
context:
description: |
passed to build-push-action's `context`
see:
- https://github.com/docker/build-push-action#git-context
- https://github.com/docker/build-push-action#path-context
required: false
outputs:
ocm_resource:
description: |
The OCM Resource fragment
value: ${{ steps.export.outputs.ocm_resource }}
image_reference:
description: |
The (default) target-image-reference
value: ${{ steps.preprocess.outputs.image_reference }}

runs:
using: composite
steps:
- name: GAR-Auth
id: auth
uses: gardener/cc-utils/.github/actions/gar-auth@master
- name: Preprocess Parameters
shell: bash
id: preprocess
run: |
echo preparing..
image_reference=${{ inputs.repository }}:${{ inputs.version }}
echo "image_reference=${image_reference}" >> "${GITHUB_OUTPUT}"
- name: Build and Push
uses: docker/build-push-action@v6
with:
push: true
platforms: ${{ inputs.oci_platforms }}
tags: ${{ steps.preprocess.outputs.image_reference }}
context: ${{ inputs.context }}
- name: Write OCM Resource fragment
shell: bash
id: export
run: |
r=ocm-resource.yaml
cat << EOF > $r
name: ${{ inputs.name }}
version: ${{ inputs.version }}
type: ociImage
relation: local
access:
type: ociRegistry
imageReference: ${{ steps.preprocess.outputs.image_reference }}
EOF
labels="${{ inputs.ocm_labels }}"
if [ -n "${labels}" ]; then
if ! which python3 &>/dev/null; then
apt install -y python3 python3-pip
pip3 install --no-cache gardener-ocm
fi
echo -e "labels:\n${labels}" >> $r
fi
(
echo 'ocm_resource<<EOF'
cat $r
echo EOF
) >> "${GITHUB_OUTPUT}"
echo "debug: printing ocm_resource"
cat $r
cat ${GITHUB_OUTPUT}
36 changes: 13 additions & 23 deletions .github/workflows/build-and-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,9 +340,8 @@ jobs:
python3 -m ocm append resource \
--file component-descriptor.yaml
echo "${{ needs.images.outputs.ocm_resources }}" | base64 -d > oci_ocm_resources.yaml
cat oci_ocm_resources.yaml | \
echo "adding image-resource"
echo "${{ needs.images.outputs.ocm_resources }} " | \
python3 -m ocm append resource \
--file component-descriptor.yaml
Expand Down Expand Up @@ -507,8 +506,8 @@ jobs:
- package
- params
outputs:
oci_image_ref: ${{ steps.prepare.outputs.oci_image_ref }}
ocm_resources: ${{ steps.prepare.outputs.ocm_resources }}
oci_image_ref: ${{ steps.image-build.outputs.image_reference }}
ocm_resources: ${{ steps.image-build.outputs.ocm_resource }}
runs-on: ubuntu-latest
environment: build
permissions:
Expand Down Expand Up @@ -542,15 +541,16 @@ jobs:
image_ref=${oci_repo}/cicd/job-image:${image_tag}
echo "oci_image_ref=${image_ref}" >> ${GITHUB_OUTPUT}
cat << EOF > ocm_resources.yaml
- name: Build OCI Image (using ocm-oci-build-action)
uses: ./.github/actions/ocm-oci-build
id: image-build
with:
name: job-image
version: ${image_tag}
type: ociImage
access:
type: ociRegistry
imageReference: ${image_ref}
relation: local
labels:
repository: ${{ needs.params.outputs.oci_repository }}/cicd/job-image
version: ${{ needs.version.outputs.effective_version }}
oci_platforms: ${{ needs.params.outputs.oci_platforms }}
context: . # pass modified path rather than clean checkout
ocm_labels: |
- name: cloud.gardener.cnudie/dso/scanning-hints/package-versions
value:
- name: containerd
Expand All @@ -563,16 +563,6 @@ jobs:
integrity_requirement: high
network_exposure: protected
user_interaction: gardener-operator
EOF
echo "ocm_resources=$(cat ocm_resources.yaml | base64 -w0)" >> ${GITHUB_OUTPUT}
- name: Build OCI Image
uses: docker/build-push-action@v6
with:
push: true
platforms: ${{ needs.params.outputs.oci_platforms }}
tags: ${{ steps.prepare.outputs.oci_image_ref }}
context: . # pass modified path rather than clean checkout
documentation:
name: Generate Documentation
Expand Down

0 comments on commit 7ea0b08

Please sign in to comment.