reimplement tag updates

Signed-off-by: greg pereira <grpereir@redhat.com>

Author: Gregory-Pereira

.github/workflows/pr-images.yml

@@ -15,7 +15,7 @@ env:
 
 jobs:
   build_and_publish_ui_qa_image:
-    name: Push UI container image to GHCR and QUAY
+    name: Push QA UI container image to GHCR and QUAY
     runs-on: ubuntu-latest
     environment: registry-creds
     permissions:
@@ -28,6 +28,15 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v4
 
+      - name: Skip if triggered by GitHub Actions bot
+        id: check-skip
+        run: |
+          if [[ "$(git log -1 --pretty=format:'%s')" == *"[CI AUTOMATION]:"* ]]; then
+            echo "Workflow triggered by previous action commit. Skipping."
+            exit 1
+          fi
+          exit 0
+
       - name: Log in to the GHCR container image registry
         uses: docker/login-action@v3
         with:
@@ -82,7 +91,7 @@ jobs:
             console.log("No merged PR found in the recent closed PRs.");
             return '';
 
-      - name: Extract metadata (tags, labels) for UI image
+      - name: Extract GHCR metadata (tags, labels) for UI image
         id: ghcr_ui_meta
         uses: docker/metadata-action@v5
         with:
@@ -96,21 +105,23 @@ jobs:
           PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}"
           COMBINED_TAGS="${PR_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "PR_TAG=$PR_TAG" >> $GITHUB_ENV
 
-      - name: Extract metadata (tags, labels) for UI image
+      - name: Extract Quay metadata (tags, labels) for UI image
         id: quay_ui_meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}
 
-      - name: Combine GHCR Tags with PR Tag
+      - name: Combine Quay Tags with PR Tag
         id: combined_quay_ui_tags
         if: ${{ steps.get_pr_number.outputs.result }} != ""
         run: |
           TAGS="${{ steps.quay_ui_meta.outputs.tags }}"
           PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}"
           COMBINED_TAGS="${PR_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "PR_TAG=$PR_TAG" >> $GITHUB_ENV 
 
       - name: Build and push ui image to ghcr.io
         id: push-ui-ghcr
@@ -125,7 +136,7 @@ jobs:
           cache-to: type=gha,mode=max
           file: Containerfile
 
-      - name: Generate artifact attestation
+      - name: Generate GHCR artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
@@ -144,9 +155,35 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           file: Containerfile
+      
+      - name: Generate QA UI Quay artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
+          subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
+          push-to-registry: true
+
+      - name: Update QA Quay UI image
+        id: update_qa_ui_manifest_image
+        env:
+          PR_TAG: ${{ steps.combined_quay_ui_tags.outputs.PR_TAG }}
+        run: |
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
+          sudo chmod +x /usr/local/bin/yq
+          PR_TAG="${PR_TAG}" yq -i '
+            (.images[] | select(.name == "quay.io/instructlab-ui/ui") | .newTag) = '$PR_TAG'
+          ' deploy/k8s/overlays/openshift/qa/kustomization.yaml
+
+      - name: Commit and push bump QA UI Image manifest
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}"
+          git add deploy/k8s/overlays/openshift/qa/kustomization.yaml
+          git commit -m "[CI AUTOMATION]: Bumping QA UI image to tag: ${{ steps.combined_quay_ui_tags.outputs.PR_TAG }}" -s -S
+          git push origin main --force
 
   build_and_publish_ps_qa_image:
-    name: Push pathservice container image to GHCR and QUAY
+    name: Push QA pathservice container image to GHCR and QUAY
     runs-on: ubuntu-latest
     environment: registry-creds
     permissions:
@@ -159,6 +196,15 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v4
 
+      - name: Skip if triggered by GitHub Actions bot
+        id: check-skip
+        run: |
+          if [[ "$(git log -1 --pretty=format:'%s')" == *"[CI AUTOMATION]:"* ]]; then
+            echo "Workflow triggered by previous action commit. Skipping."
+            exit 1
+          fi
+          exit 0
+
       - name: Log in to the GHCR container image registry
         uses: docker/login-action@v3
         with:
@@ -227,6 +273,7 @@ jobs:
           PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}"
           COMBINED_TAGS="${PR_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "PR_TAG=$PR_TAG" >> $GITHUB_ENV
 
       - name: Extract metadata (tags, labels) for pathservice image
         id: quay_ps_meta
@@ -242,8 +289,9 @@ jobs:
           PR_TAG="pr-${{ steps.get_pr_number.outputs.result }}"
           COMBINED_TAGS="${PR_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "PR_TAG=$PR_TAG" >> $GITHUB_ENV
 
-      - name: Build and push pathservice image to ghcr.io
+      - name: Build and push QA PS image to ghcr.io
         id: push-ps-ghcr
         uses: docker/build-push-action@v6
         with:
@@ -256,29 +304,48 @@ jobs:
           cache-to: type=gha,mode=max
           file: Containerfile.ps
 
-      - name: Generate artifact attestation
+      - name: Generate QA PS GHCR artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}}
           subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }}
           push-to-registry: true
 
-      - name: Build and push ui image to quay.io
-        id: push-ui-quay
+      - name: Build and push QA PS image to quay.io
+        id: push-ps-quay
         uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          tags: ${{ steps.combined_ghcr_ps_tags.outputs.COMBINED_TAGS }}
+          tags: ${{ steps.combined_quay_ps_tags.outputs.COMBINED_TAGS }}
           labels: ${{ steps.quay_ps_meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64
           cache-from: type=gha
           cache-to: type=gha,mode=max
           file: Containerfile.ps
 
-      - name: Generate artifact attestation
+      - name: Generate QA PS Quay artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}}
-          subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }}
+          subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME}}
+          subject-digest: ${{ steps.push-ps-quay.outputs.digest }}
           push-to-registry: true
+
+      - name: Update QA PS Quay image
+        id: update_qa_ps_manifest_image
+        env:
+          PR_TAG: ${{ steps.combined_quay_ps_tags.outputs.PR_TAG }}
+        run: |
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
+          sudo chmod +x /usr/local/bin/yq
+          PR_TAG="${PR_TAG}" yq -i '
+            (.images[] | select(.name == "quay.io/instructlab-ui/pathservice") | .newTag) = '$PR_TAG'
+          ' deploy/k8s/overlays/openshift/qa/kustomization.yaml
+
+      - name: Commit and push bump QA PS Image manifest
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}"
+          git add deploy/k8s/overlays/openshift/qa/kustomization.yaml
+          git commit -m "[CI AUTOMATION]: Bumping QA PS image to tag: ${{ steps.combined_quay_ps_tags.outputs.PR_TAG }}" -s -S
+          git push origin main --force

.github/workflows/release-images.yml

@@ -68,24 +68,26 @@ jobs:
         if: ${{ steps.get_release_tag.outputs.result }} != ""
         run: |
           TAGS="${{ steps.ghcr_ui_meta.outputs.tags }}"
-          RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
+          RELEASE_TAG="release-${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
           COMBINED_TAGS="${RELEASE_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
 
       - name: Extract metadata (tags, labels) for UI image
         id: quay_ui_meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}
 
-      - name: Combine GHCR Tags with PR Tag
+      - name: Combine Quay Tags with PR Tag
         id: combined_quay_ui_tags
         if: ${{ steps.get_release_tag.outputs.result }} != ""
         run: |
           TAGS="${{ steps.quay_ui_meta.outputs.tags }}"
-          RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.result }}"
+          RELEASE_TAG="release-${{ steps.get_release_tag.outputs.result }}"
           COMBINED_TAGS="${RELEASE_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
 
       - name: Build and push ui image to ghcr.io
         id: push-ui-ghcr
@@ -100,7 +102,7 @@ jobs:
           cache-to: type=gha,mode=max
           file: Containerfile
 
-      - name: Generate artifact attestation
+      - name: Generate Prod UI GHCR artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
@@ -120,6 +122,32 @@ jobs:
           cache-to: type=gha,mode=max
           file: Containerfile
 
+      - name: Generate PROD UI Quay artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
+          subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
+          push-to-registry: true
+
+      - name: Update Prod Quay PS image
+        id: update_prod_ui_manifest_image
+        env:
+          RELEASE_TAG: ${{ steps.combined_quay_ui_tags.outputs.RELEASE_TAG }}
+        run: |
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
+          sudo chmod +x /usr/local/bin/yq
+          RELEASE_TAG="${RELEASE_TAG}" yq -i '
+            (.images[] | select(.name == "quay.io/instructlab-ui/ui") | .newTag) = '$RELEASE_TAG'
+          ' deploy/k8s/overlays/openshift/prod/kustomization.yaml
+
+      - name: Commit and push bump to Prod UI image manifest
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}"
+          git add deploy/k8s/overlays/openshift/prod/kustomization.yaml
+          git commit -m "[CI AUTOMATION]: Bumping Prod UI image to tag: ${{ steps.combined_quay_ui_tags.outputs.RELEASE_TAG }}" -s -S
+          git push origin main --force
+
   build_and_publish_ps_prod_image:
     name: Push UI container image to GHCR and QUAY
     runs-on: ubuntu-latest
@@ -176,24 +204,26 @@ jobs:
         if: ${{ steps.get_release_tag.outputs.result }} != ""
         run: |
           TAGS="${{ steps.ghcr_ps_meta.outputs.tags }}"
-          RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
+          RELEASE_TAG="release-${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
           COMBINED_TAGS="${RELEASE_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
 
       - name: Extract metadata (tags, labels) for PS image
         id: quay_ps_meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }}
 
-      - name: Combine GHCR Tags with PR Tag
+      - name: Combine Quay Tags with PR Tag
         id: combined_quay_ps_tags
         if: ${{ steps.get_release_tag.outputs.result }} != ""
         run: |
           TAGS="${{ steps.quay_ps_meta.outputs.tags }}"
-          RELEASE_TAG="pr-${{ steps.get_release_tag.outputs.result }}"
+          RELEASE_TAG="release-${{ steps.get_release_tag.outputs.result }}"
           COMBINED_TAGS="${RELEASE_TAG},${TAGS}"
           echo "COMBINED_TAGS=$COMBINED_TAGS" >> $GITHUB_ENV
+          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
 
       - name: Build and push ps image to ghcr.io
         id: push-ps-ghcr
@@ -208,14 +238,14 @@ jobs:
           cache-to: type=gha,mode=max
           file: Containerfile
 
-      - name: Generate artifact attestation
+      - name: Generate GHCR PS Image attestation
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME}}
           subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }}
           push-to-registry: true
 
-      - name: Build and push PS image to quay.io
+      - name: Build and push PS image to Quay.io
         id: push-ps-quay
         uses: docker/build-push-action@v6
         with:
@@ -227,4 +257,29 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           file: Containerfile
-        
+
+      - name: Generate Quay PS Image attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME}}
+          subject-digest: ${{ steps.push-ps-quay.outputs.digest }}
+          push-to-registry: true
+        
+      - name: Update Prod Quay PS image
+        id: update_prod_ps_manifest_image
+        env:
+          RELEASE_TAG: ${{ steps.combined_quay_ps_tags.outputs.RELEASE_TAG }}
+        run: |
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
+          sudo chmod +x /usr/local/bin/yq
+          RELEASE_TAG="${RELEASE_TAG}" yq -i '
+            (.images[] | select(.name == "quay.io/instructlab-ui/pathservice") | .newTag) = '$RELEASE_TAG'
+          ' deploy/k8s/overlays/openshift/prod/kustomization.yaml
+
+      - name: Commit and push bump to Prod PS image manifest
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}"
+          git add deploy/k8s/overlays/openshift/prod/kustomization.yaml
+          git commit -m "[CI AUTOMATION]: Bumping Prod PS image to tag: ${{ steps.combined_quay_ps_tags.outputs.RELEASE_TAG }}" -s -S
+          git push origin main --force

deploy/k8s/overlays/openshift/prod/kustomization.yaml

@@ -24,28 +24,15 @@ patches:
         path: /spec/tls/0/hosts/0
         value: ui.instructlab.ai
 
-  # Override the UI image for Openshift production deployment
-  - target:
-      kind: Deployment
-      name: ui
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/containers/0/image
-        value: quay.io/instructlab-ui/ui:latest
-
-  # Override the pathservice image for Openshift production deployment
-  - target:
-      kind: Deployment
-      name: pathservice
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/containers/0/image
-        value: quay.io/instructlab-ui/pathservice:latest
-
   - target:
       kind: Deployment
       name: ui
     patch: |-
       - op: replace
         path: /spec/template/spec/containers/0/envFrom/0/secretRef/name
         value: prod.env
+images:
+  - name: quay.io/instructlab-ui/ui
+    newTag: latest
+  - name: quay.io/instructlab-ui/pathservice
+    newTag: latest