diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml index 77ae8a9..aaf17c5 100644 --- a/.github/workflows/container-test.yml +++ b/.github/workflows/container-test.yml @@ -1,6 +1,11 @@ --- name: "Container build and test" -on: [push, pull_request] + +on: + pull_request: + branches: ["main"] + +permissions: read-all jobs: podman-build: diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..8ae8ace --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,96 @@ +--- +name: Docker build and push to quay +permissions: read-all + +on: + push: + branches: ['main'] + tags: ['v*.*.*'] + +env: + REGISTRY: quay.io + +jobs: + build-container-and-push: + runs-on: ubuntu-latest + strategy: + matrix: + image: + - name: hybridcloudpatterns/utility-container + username_secret: LEGACY_QUAY_USERNAME + password_secret: LEGACY_QUAY_PASSWORD + - name: validatedpatterns/utility-container + username_secret: QUAY_USERNAME + password_secret: QUAY_PASSWORD + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + # Install the cosign tool + # https://github.com/sigstore/cosign-installer + - name: Install cosign + uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + with: + cosign-release: 'v2.2.4' + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + + # Login against a Docker registry + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets[matrix.image.username_secret] }} + password: ${{ secrets[matrix.image.password_secret] }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + with: + images: ${{ env.REGISTRY }}/${{ matrix.image.name }} + + # Build and push Docker image with Buildx + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: . + file: Containerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I "{}" cosign sign --yes "{}@${DIGEST}" diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml index 0e2f88f..502be1b 100644 --- a/.github/workflows/superlinter.yml +++ b/.github/workflows/superlinter.yml @@ -1,7 +1,9 @@ --- name: Super linter -on: [push, pull_request] +on: + pull_request: + branches: ["main"] jobs: build: diff --git a/Makefile b/Makefile index 7e32bb2..e03779a 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ TAG ?= latest CONTAINER ?= $(NAME):$(TAG) REGISTRY ?= localhost -UPLOADREGISTRY ?= quay.io/hybridcloudpatterns +UPLOADREGISTRY ?= quay.io/validatedpatterns TESTCOMMAND := "set -e; echo '* Helm: '; helm version; \ echo '* ArgoCD: '; argocd version --client ; \ echo '* Tekton: '; tkn version ; \ @@ -161,7 +161,7 @@ super-linter: ## Runs super linter locally ghcr.io/super-linter/super-linter:slim-v8 .PHONY: upload -upload: ## Uploads the container to quay.io/hybridcloudpatterns/${CONTAINER} +upload: ## Uploads the container to quay.io/validatedpatterns/${CONTAINER} @echo "Uploading the ${REGISTRY}/${CONTAINER} container to ${UPLOADREGISTRY}/${CONTAINER}" buildah manifest push --all "${REGISTRY}/${CONTAINER}" "docker://${UPLOADREGISTRY}/${CONTAINER}" @@ -200,4 +200,3 @@ cluster-stop: ## Stops the hosted-cluster machines -v ${HOME}:${HOME} \ -v ${HOME}/.aws:/pattern-home/.aws \ "${REGISTRY}/${CONTAINER}" python3 /usr/local/bin/stop-instances.py -f ${CLUSTER} - diff --git a/README.md b/README.md index dc321ae..63be2b8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Validated Pattern Utility Container +# Validated Patterns Utility Container -[![Quay Repository](https://img.shields.io/badge/Quay.io-utility--container-blue?logo=quay)](https://quay.io/repository/hybridcloudpatterns/utility-container) +[![Quay Repository](https://img.shields.io/badge/Quay.io-utility--container-blue?logo=quay)](https://quay.io/repository/validatedpatterns/utility-container) A utility container for simplified execution of imperative commands in each of the Validated Patterns. @@ -17,12 +17,12 @@ This container provides a pre-configured environment with all the necessary tool |ansible-runner |pip |2.4.1 | |ansible.utils |collection|6.0.0 | |argocd |binary |v2.9.7+fbb6b20| -|awscli |pip |1.42.18 | +|awscli |pip |1.42.20 | |awx.awx |collection|24.6.1 | |awxkit |pip |24.6.1 | |azure-cli |pip |2.76.0 | -|boto3 |pip |1.40.18 | -|botocore |pip |1.40.18 | +|boto3 |pip |1.40.20 | +|botocore |pip |1.40.20 | |community.general |collection|11.2.1 | |community.okd |collection|5.0.0 | |gcloud |pip |0.18.3 | @@ -57,7 +57,7 @@ This container provides a pre-configured environment with all the necessary tool ### Pull the Image ```bash -podman pull quay.io/hybridcloudpatterns/utility-container:latest +podman pull quay.io/validatedpatterns/utility-container:latest ``` ### Examples @@ -70,7 +70,7 @@ podman run --rm -it --net=host \ -v ${HOME}:/pattern \ -v ${HOME}:${HOME} \ -w $(pwd) \ - quay.io/hybridcloudpatterns/utility-container:latest sh + quay.io/validatedpatterns/utility-container:latest sh ``` **Execute an Ansible playbook** @@ -81,7 +81,7 @@ podman run --rm -it --net=host \ -v ${HOME}:/pattern \ -v ${HOME}:${HOME} \ -w $(pwd) \ - quay.io/hybridcloudpatterns/utility-container:latest \ + quay.io/validatedpatterns/utility-container:latest \ ansible-playbook .yml ``` @@ -93,7 +93,7 @@ podman run --rm -it --net=host \ -v ${HOME}:/pattern \ -v ${HOME}:${HOME} \ -w $(pwd) \ - quay.io/hybridcloudpatterns/utility-container:latest \ + quay.io/validatedpatterns/utility-container:latest \ oc get nodes ```