feat: Github Workflows reworked for OCM

Author: wchomik

.github/workflows/build_verify.yml

@@ -0,0 +1,74 @@
+name: Build and Verify
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch: {}
+  # push:
+  #   branches:
+  #     - main
+  #   paths:
+  #     - "**/helmfile/**"
+  #     - "**/component-constructor.yaml"
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  pull-requests: write
+  contents: write
+  packages: write
+  actions: write
+  checks: write
+  statuses: write
+
+env:
+  DOMAIN: "opendesk.internal"
+
+jobs:
+  expose-env-vars:
+    name: Expose Environment Variables
+    runs-on: [ubuntu-latest]
+    outputs:
+      domain: ${{ env.DOMAIN }}
+    steps:
+      - run: echo "domain=${{ env.DOMAIN }}"
+  get-version:
+    name: Get OCM Version
+    uses: ./.github/workflows/re-get-version.yml
+  find-constructors:
+    name: Find Component Constructors
+    uses: ./.github/workflows/re-find-constructors.yml
+  publish-ocm:
+    name: Publish OCM Packages
+    needs:
+      - get-version
+      - find-constructors
+    uses: ./.github/workflows/re-publish-ocm.yaml
+    with:
+      files: ${{ needs.find-constructors.outputs.files }}
+      dry-run: true
+      version: ${{ needs.get-version.outputs.version }}
+      oci_registry: ghcr.io
+    secrets:
+      oci_reg_username: ${{ github.actor }}
+      oci_reg_password: ${{ secrets.GITHUB_TOKEN }}
+  set-pr-status:
+    name: Set PR Status
+    if: ${{ github.event_name == 'pull_request' }}
+    needs:
+      - publish-ocm
+    runs-on: [ubuntu-latest]
+    steps:
+      - name: Get commit SHA
+        run: echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_ENV"
+      - name: Set commit status
+        uses: myrotvorets/set-commit-status-action@master
+        if: always()
+        with:
+          allowForks: true
+          status: ${{ job.status }}
+          sha: ${{ env.commit }}
+          targetUrl: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/ocm-component-check.yml

@@ -0,0 +1,87 @@
+name: OCM Package & Transfer
+
+run-name: >-
+  ${{ github.event_name == 'workflow_dispatch'
+    && format('Manual release: {0}', inputs.version)
+    || format('Automatic release') }}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'The version to set/publish the OCM packages as. E.g., "1.2.3". If not provided, the version will be auto-incremented based on the latest existing tag.'
+        required: false
+        type: string
+  # To ensure this workflow only runs after successful PR checks via "Build and Verify" workflow, you must:
+  # - block direct pushes to main by enabling branch protection rules
+  # - require "Build and Verify" workflow to pass before merging and uncomment the 'push' trigger below.
+  # This way we can be sure that all changes go through the PR process.
+  push:
+    branches:
+      - main
+    paths:
+      - "**/helmfile/**"
+      - "**/component-constructor.yaml"
+  # Alternatively, disable the 'push' trigger and use 'workflow_run' to ensure this workflow is triggered by the "Build and Verify" workflow.
+  # workflow_run:
+  #   workflows: ["Build and Verify"]
+  #   types:
+  #     - completed
+  #   branches:
+  #     - main
+
+permissions:
+  pull-requests: write
+  contents: write
+  packages: write
+  actions: write
+  checks: write
+  statuses: write
+
+jobs:
+  bump-version:
+    name: Get OCM Version
+    if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
+    uses: ./.github/workflows/re-get-version.yml
+    with:
+      bumped: true
+      version: ${{ github.event.inputs.version || '' }}
+  find-constructors:
+    name: Find Component Constructors
+    if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
+    uses: ./.github/workflows/re-find-constructors.yml
+  publish-ocm:
+    name: Publish OCM Packages
+    if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
+    needs:
+      - bump-version
+      - find-constructors
+    uses: ./.github/workflows/re-publish-ocm.yaml
+    with:
+      files: ${{ needs.find-constructors.outputs.files }}
+      dry-run: false
+      version: ${{ needs.bump-version.outputs.version }}
+      oci_registry: ghcr.io
+      oci_repository: ${{ github.repository }}
+    secrets:
+      oci_reg_username: ${{ github.actor }}
+      oci_reg_password: ${{ secrets.GITHUB_TOKEN }}
+  create-release:
+    name: Create GitHub Release
+    if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
+    runs-on: [ubuntu-latest]
+    needs:
+      - bump-version
+      - publish-ocm
+    steps:
+      - uses: actions/checkout@v5
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ocm-${{ needs.bump-version.outputs.version }}
+          name: Release ${{ needs.bump-version.outputs.version }}
+          generateReleaseNotes: true

.github/workflows/package_transfer.yaml

@@ -0,0 +1,28 @@
+name: Find Component Constructors
+
+on:
+  workflow_call:
+    outputs:
+      files:
+        description: 'List of component-constructor.yaml files'
+        value: ${{ jobs.find-files.outputs.files }}
+
+permissions:
+  contents: read
+
+jobs:
+  find-files:
+    runs-on: [ubuntu-latest]
+    outputs:
+      files: ${{ steps.set-matrix.outputs.files }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Find all component-constructor.yaml files
+        id: set-matrix
+        run: |
+          files=$(find . -type f -name 'component-constructor.yaml' | jq -R -s -c 'split("\n")[:-1]')
+          echo "files=$files" >> $GITHUB_OUTPUT

.github/workflows/re-find-constructors.yml

@@ -0,0 +1,96 @@
+name: Get Version
+
+on:
+  workflow_call:
+    inputs:
+      bumped:
+        description: 'Whether to bump the version'
+        type: boolean
+        required: false
+        default: false
+      version:
+        description: 'The version to set'
+        type: string
+        required: false
+    outputs:
+      version:
+        description: 'The new version'
+        value: ${{ jobs.bump-version.outputs.version }}
+
+permissions:
+  contents: read
+
+jobs:
+  bump-version:
+    runs-on: [ubuntu-latest]
+    outputs:
+      version: ${{ steps.print-version.outputs.version }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Get new version
+        id: get-version
+        run: |
+          if [ "${{ inputs.bumped }}" = "false" ]; then
+            echo "VERSION=$(make print-ocm-version)" >> $GITHUB_ENV
+          else
+            echo "VERSION=$(make print-ocm-version-bumped)" >> $GITHUB_ENV
+          fi
+        if: ${{ inputs.version == '' }}
+
+      - name: Validate provided version
+        id: validate-version
+        run: |
+          set -e
+          echo "${{ inputs.version }}" | grep -P '^[v]?(0|[1-9]\d*)(?:\.(0|[1-9]\d*))?(?:\.(0|[1-9]\d*))?(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$'
+        if: ${{ inputs.version != '' }}
+
+      - name: Set provided version
+        id: set-version
+        run: |
+          set -e
+          
+          # Normalize version by padding with .0 if needed
+          VERSION="${{ inputs.version }}"
+          # Remove 'v' prefix if present
+          VERSION=${VERSION#v}
+          
+          # Split version into parts (before any pre-release or build metadata)
+          BASE_VERSION=$(echo "$VERSION" | cut -d'-' -f1 | cut -d'+' -f1)
+          # Get everything after the base version (pre-release and build metadata)
+          SUFFIX=$(echo "$VERSION" | sed "s/^$BASE_VERSION//")
+          
+          # Count dots in base version
+          DOT_COUNT=$(echo "$BASE_VERSION" | tr -cd '.' | wc -c)
+          
+          # Pad with .0 if needed
+          if [ $DOT_COUNT -eq 0 ]; then
+            # Only major version provided (e.g., "1" -> "1.0.0")
+            NORMALIZED_VERSION="$BASE_VERSION.0.0$SUFFIX"
+          elif [ $DOT_COUNT -eq 1 ]; then
+            # Major and minor provided (e.g., "1.2" -> "1.2.0")
+            NORMALIZED_VERSION="$BASE_VERSION.0$SUFFIX"
+          else
+            # Already has 3 or more components, don't change
+            NORMALIZED_VERSION="$VERSION"
+          fi
+          
+          # error if tag already exists
+          ! git tag -l | grep "ocm-$NORMALIZED_VERSION"
+          echo "VERSION=$NORMALIZED_VERSION" >> $GITHUB_ENV
+        if: ${{ inputs.version != '' }}
+
+      - name: Print version
+        id: print-version
+        run: |
+          echo "version=${{ env.VERSION }}" >> $GITHUB_OUTPUT
+          echo "New OCM version: ${{ env.VERSION }}"