Configure CI/CD to use a latest image build

The deploy action was extended with a build configuration and the
individual steps of release use the image with a latest commit sha.

JIRA: ISV-1363, ISV-1364

Author: Allda

.github/workflows/deploy.yml

@@ -5,15 +5,46 @@ on:  # yamllint disable-line rule:truthy
   workflow_run:
     workflows:
       - E2E-CI
+      - validation
     branches:
       - main
     types:
       - completed
-  workflow_dispatch:
 
 jobs:
+  build:
+    name: Build and push image
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build Image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: operator-pipelines-images
+          tags: latest ${{ github.sha }}
+          dockerfiles: |
+            ./operator-pipeline-images/Dockerfile
+
+      - name: Push To quay.io
+        id: push-to-quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: quay.io/redhat-isv
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Print image url
+        run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
   deploy-dev:
     runs-on: ubuntu-latest
+    needs:
+      - build
     environment:
       name: dev
     steps:
@@ -30,12 +61,14 @@ jobs:
           vault_password: ${{secrets.VAULT_PASSWORD}}
           options: |
             --inventory inventory/operator-pipeline
-            --extra-vars env=dev
+            --extra-vars "env=dev operator_pipeline_image_tag=${{ github.sha }}"
             --skip-tags ci
             --verbose
 
   deploy-qa:
     runs-on: ubuntu-latest
+    needs:
+      - build
     environment:
       name: qa
     steps:
@@ -52,7 +85,7 @@ jobs:
           vault_password: ${{secrets.VAULT_PASSWORD}}
           options: |
             --inventory inventory/operator-pipeline
-            --extra-vars env=qa
+            --extra-vars "env=qa operator_pipeline_image_tag=${{ github.sha }}"
             --skip-tags ci
             --verbose
 
@@ -61,8 +94,8 @@ jobs:
     environment:
       name: stage
     needs:
-      - deploy-dev
       - deploy-qa
+      - deploy-dev
     steps:
       - uses: actions/checkout@v1
       - name: Install dependencies
@@ -77,7 +110,7 @@ jobs:
           vault_password: ${{secrets.VAULT_PASSWORD}}
           options: |
             --inventory inventory/operator-pipeline
-            --extra-vars env=stage
+            --extra-vars "env=stage operator_pipeline_image_tag=${{ github.sha }}"
             --skip-tags ci
             --verbose
 
@@ -101,6 +134,47 @@ jobs:
           vault_password: ${{secrets.VAULT_PASSWORD}}
           options: |
             --inventory inventory/operator-pipeline
-            --extra-vars env=prod
+            --extra-vars "env=prod operator_pipeline_image_tag=${{ github.sha }}"
             --skip-tags ci
             --verbose
+
+  release:
+    name: Github release
+    runs-on: ubuntu-latest
+    needs:
+      - deploy-prod
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create a GitHub release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.tag_version.outputs.new_tag }}
+          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+
+      - name: Log in to Quay.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          registry: quay.io
+
+      - name: Tag image with a release tag
+        run: |
+
+          podman pull quay.io/redhat-isv/operator-pipelines-images:${{ github.sha }}
+
+          podman tag quay.io/redhat-isv/operator-pipelines-images:${{ github.sha }} quay.io/redhat-isv/operator-pipelines-images:released
+          podman tag quay.io/redhat-isv/operator-pipelines-images:${{ github.sha }} quay.io/redhat-isv/operator-pipelines-images:${{ steps.tag_version.outputs.new_tag }}
+
+          podman push quay.io/redhat-isv/operator-pipelines-images:released
+          podman push quay.io/redhat-isv/operator-pipelines-images:${{ steps.tag_version.outputs.new_tag }}

.github/workflows/main-image.yml

@@ -1,19 +1,11 @@
 name: Build and Push Image
 on:  # yamllint disable-line rule:truthy
-  - push
-  - pull_request
+  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
-  test-lint:
-    name: Run unit tests and linters
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: fedora-python/[email protected]
-        with:
-          tox_env: black,test
-          dnf_install: krb5-devel krb5-workstation
-
   build:
     name: Build and push image
     runs-on: ubuntu-20.04

.github/workflows/ppc64le-image.yml

@@ -1,7 +1,9 @@
 name: Build and Push ppc64le Image
 on:  # yamllint disable-line rule:truthy
-  - push
-  - pull_request
+  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
   build:

.github/workflows/release-image.yml

@@ -2,13 +2,25 @@
 name: validation
 
 on:  # yamllint disable-line rule:truthy
-  - push
-  - pull_request
+  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
-  linting:
+  yaml-lint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: yaml-lint
         uses: ibiqlik/action-yamllint@v3
+
+  tox:
+    name: Run unit tests and linters
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: fedora-python/[email protected]
+        with:
+          tox_env: black,test
+          dnf_install: krb5-devel krb5-workstation

.github/workflows/validation.yml

@@ -40,7 +40,7 @@ spec:
       default: "false"
     - name: pipeline_image
       description: An image of operator-pipeline-images.
-      default: "quay.io/redhat-isv/operator-pipelines-images:v1.0.8"
+      default: "quay.io/redhat-isv/operator-pipelines-images:released"
   workspaces:
     - name: pipeline
     - name: kubeconfig

ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-ci-pipeline.yml

@@ -30,7 +30,7 @@ spec:
       description: The namespace/organization all built images will be pushed to.
     - name: pipeline_image
       description: An image of operator-pipeline-images.
-      default: "quay.io/redhat-isv/operator-pipelines-images:v1.0.8"
+      default: "quay.io/redhat-isv/operator-pipelines-images:released"
     - name: github_token_secret_name
       description: The name of the Kubernetes Secret that contains the GitHub token.
       default: github-bot-token

ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-hosted-pipeline.yml

@@ -29,7 +29,7 @@ spec:
       default: "prod"
     - name: pipeline_image
       description: An image of operator-pipeline-images.
-      default: "quay.io/redhat-isv/operator-pipelines-images:v1.0.8"
+      default: "quay.io/redhat-isv/operator-pipelines-images:released"
     - name: github_token_secret_name
       description: The name of the Kubernetes Secret that contains the GitHub token.
       default: github-bot-token