Skip to content

Commit 5428c75

Browse files
reggie-kreggie-k
committed
calculate params in setup-variables for image.yaml
Signed-off-by: reggie-k <regina.voloshin@codefresh.io>
1 parent 64e24b0 commit 5428c75

File tree

1 file changed

+49
-18
lines changed

1 file changed

+49
-18
lines changed

.github/workflows/image.yaml

Lines changed: 49 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -15,29 +15,58 @@ concurrency:
1515

1616
permissions: {}
1717

18-
env:
19-
# Image repository configuration - can be overridden in forks via repository variables
20-
IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY || 'quay.io' }}
21-
IMAGE_NAMESPACE: ${{ vars.IMAGE_NAMESPACE || 'argoproj' }}
22-
IMAGE_REPOSITORY: ${{ vars.IMAGE_REPOSITORY || 'argocd' }}
23-
GHCR_REGISTRY: ${{ vars.GHCR_REGISTRY || 'ghcr.io' }}
24-
GHCR_NAMESPACE: ${{ vars.GHCR_NAMESPACE || 'argoproj/argo-cd' }}
25-
GHCR_REPOSITORY: ${{ vars.GHCR_REPOSITORY || 'argocd' }}
26-
2718
jobs:
2819
set-vars:
2920
permissions:
3021
contents: read
31-
if: github.repository == 'argoproj/argo-cd' || (vars.IMAGE_NAMESPACE && vars.IMAGE_NAMESPACE != 'argoproj')
22+
# Always run to calculate variables - other jobs check outputs
3223
runs-on: ubuntu-22.04
3324
outputs:
3425
image-tag: ${{ steps.image.outputs.tag}}
3526
platforms: ${{ steps.platforms.outputs.platforms }}
27+
image_registry: ${{ steps.image.outputs.image_registry }}
28+
image_namespace: ${{ steps.image.outputs.image_namespace }}
29+
image_repository: ${{ steps.image.outputs.image_repository }}
30+
quay_image_name: ${{ steps.image.outputs.quay_image_name }}
31+
docker_image_name: ${{ steps.image.outputs.docker_image_name }}
32+
ghcr_image_name: ${{ steps.image.outputs.ghcr_image_name }}
33+
ghcr_provenance_image: ${{ steps.image.outputs.ghcr_provenance_image }}
3634
steps:
3735
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
3836

39-
- name: Set image tag for ghcr
40-
run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
37+
- name: Set image tag and names
38+
run: |
39+
# Calculate image tag
40+
TAG="$(cat ./VERSION)-${GITHUB_SHA::8}"
41+
echo "tag=$TAG" >> $GITHUB_OUTPUT
42+
43+
# Calculate image names with defaults
44+
IMAGE_REGISTRY="${{ vars.IMAGE_REGISTRY || 'quay.io' }}"
45+
IMAGE_NAMESPACE="${{ vars.IMAGE_NAMESPACE || 'argoproj' }}"
46+
IMAGE_REPOSITORY="${{ vars.IMAGE_REPOSITORY || 'argocd' }}"
47+
GHCR_REGISTRY="${{ vars.GHCR_REGISTRY || 'ghcr.io' }}"
48+
GHCR_NAMESPACE="${{ vars.GHCR_NAMESPACE || 'argoproj/argo-cd' }}"
49+
GHCR_REPOSITORY="${{ vars.GHCR_REPOSITORY || 'argocd' }}"
50+
51+
echo "image_registry=$IMAGE_REGISTRY" >> $GITHUB_OUTPUT
52+
echo "image_namespace=$IMAGE_NAMESPACE" >> $GITHUB_OUTPUT
53+
echo "image_repository=$IMAGE_REPOSITORY" >> $GITHUB_OUTPUT
54+
55+
# Construct image names based on registry type
56+
if [[ "$IMAGE_REGISTRY" == "quay.io" ]]; then
57+
echo "quay_image_name=$IMAGE_REGISTRY/$IMAGE_NAMESPACE/$IMAGE_REPOSITORY:latest" >> $GITHUB_OUTPUT
58+
echo "docker_image_name=" >> $GITHUB_OUTPUT
59+
elif [[ "$IMAGE_REGISTRY" == "docker.io" ]]; then
60+
echo "quay_image_name=" >> $GITHUB_OUTPUT
61+
echo "docker_image_name=$IMAGE_REGISTRY/$IMAGE_NAMESPACE/$IMAGE_REPOSITORY:latest" >> $GITHUB_OUTPUT
62+
else
63+
# For other registries, use quay parameter
64+
echo "quay_image_name=$IMAGE_REGISTRY/$IMAGE_NAMESPACE/$IMAGE_REPOSITORY:latest" >> $GITHUB_OUTPUT
65+
echo "docker_image_name=" >> $GITHUB_OUTPUT
66+
fi
67+
68+
echo "ghcr_image_name=$GHCR_REGISTRY/$GHCR_NAMESPACE/$GHCR_REPOSITORY:$TAG" >> $GITHUB_OUTPUT
69+
echo "ghcr_provenance_image=$GHCR_REGISTRY/$GHCR_NAMESPACE/$GHCR_REPOSITORY" >> $GITHUB_OUTPUT
4170
id: image
4271

4372
- name: Determine image platforms to use
@@ -57,7 +86,7 @@ jobs:
5786
contents: read
5887
packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
5988
id-token: write # for creating OIDC tokens for signing.
60-
if: ${{ (github.repository == 'argoproj/argo-cd' || (vars.IMAGE_NAMESPACE && vars.IMAGE_NAMESPACE != 'argoproj')) && github.event_name != 'push' }}
89+
if: ${{ (github.repository == 'argoproj/argo-cd' || needs.set-vars.outputs.image_namespace != 'argoproj') && github.event_name != 'push' }}
6190
uses: ./.github/workflows/image-reuse.yaml
6291
with:
6392
# Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
@@ -72,11 +101,12 @@ jobs:
72101
contents: read
73102
packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
74103
id-token: write # for creating OIDC tokens for signing.
75-
if: ${{ (github.repository == 'argoproj/argo-cd' || (vars.IMAGE_NAMESPACE && vars.IMAGE_NAMESPACE != 'argoproj')) && github.event_name == 'push' }}
104+
if: ${{ (github.repository == 'argoproj/argo-cd' || needs.set-vars.outputs.image_namespace != 'argoproj') && github.event_name == 'push' }}
76105
uses: ./.github/workflows/image-reuse.yaml
77106
with:
78-
quay_image_name: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_REPOSITORY }}:latest
79-
ghcr_image_name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_NAMESPACE }}/${{ env.GHCR_REPOSITORY }}:${{ needs.set-vars.outputs.image-tag }}
107+
quay_image_name: ${{ needs.set-vars.outputs.quay_image_name }}
108+
docker_image_name: ${{ needs.set-vars.outputs.docker_image_name }}
109+
ghcr_image_name: ${{ needs.set-vars.outputs.ghcr_image_name }}
80110
# Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
81111
# renovate: datasource=golang-version packageName=golang
82112
go-version: 1.25.3
@@ -90,16 +120,17 @@ jobs:
90120

91121
build-and-publish-provenance: # Push attestations to GHCR, latest image is polluting quay.io
92122
needs:
123+
- set-vars
93124
- build-and-publish
94125
permissions:
95126
actions: read # for detecting the Github Actions environment.
96127
id-token: write # for creating OIDC tokens for signing.
97128
packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
98-
if: ${{ (github.repository == 'argoproj/argo-cd' || (vars.IMAGE_NAMESPACE && vars.IMAGE_NAMESPACE != 'argoproj')) && github.event_name == 'push' }}
129+
if: ${{ (github.repository == 'argoproj/argo-cd' || needs.set-vars.outputs.image_namespace != 'argoproj') && github.event_name == 'push' }}
99130
# Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
100131
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
101132
with:
102-
image: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_NAMESPACE }}/${{ env.GHCR_REPOSITORY }}
133+
image: ${{ needs.set-vars.outputs.ghcr_provenance_image }}
103134
digest: ${{ needs.build-and-publish.outputs.image-digest }}
104135
registry-username: ${{ github.actor }}
105136
secrets:

0 commit comments

Comments
 (0)