.github/workflows/build-images-base.yaml

name: Base Image Release Build

# Any change in triggers needs to be reflected in the concurrency group.
on:
  pull_request_target:
    types:
      - opened
      - synchronize
      - reopened
    paths:
      - images/runtime/**
      - images/builder/**

permissions: read-all

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  build-and-push:
    timeout-minutes: 30
    environment: release-base-images
    runs-on: ubuntu-20.04
    strategy:
      matrix:
        include:
          - name: cilium-runtime
            dockerfile: ./images/runtime/Dockerfile
            context: ./images/runtime

          - name: cilium-builder
            dockerfile: ./images/builder/Dockerfile
            context: ./images/builder
      fail-fast: false

    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25

      - name: Set up QEMU
        id: qemu
        uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480

      - name: Checkout Source Code
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
        with:
          persist-credentials: false
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Generating image tag
        id: tag
        run: |
          echo ::set-output name=tag::"$(git ls-tree --full-tree HEAD -- ${{ matrix.context }} | awk '{ print $3 }')"

      - name: Checking if tag already exists
        id: tag-in-repositories
        shell: bash
        run: |
          if docker buildx imagetools inspect quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{  steps.tag.outputs.tag }} &>/dev/null; then
            echo ::set-output name=exists::"true"
          else
            echo ::set-output name=exists::"false"
          fi

      - name: Login to quay.io
        if: ${{ steps.tag-in-repositories.outputs.exists == 'false' }}
        uses: docker/login-action@42d299face0c5c43a0487c477f595ac9cf22f1a7
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_BASE_RELEASE_USERNAME }}
          password: ${{ secrets.QUAY_BASE_RELEASE_PASSWORD }}

      - name: Release build ${{ matrix.name }}
        if: ${{ steps.tag-in-repositories.outputs.exists == 'false' }}
        uses: docker/build-push-action@1814d3dfb36d6f84174e61f4a4b05bd84089a4b9
        id: docker_build_release
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.dockerfile }}
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}

      - name: Image Release Digest
        if: ${{ steps.tag-in-repositories.outputs.exists == 'false' }}
        shell: bash
        run: |
          mkdir -p image-digest/
          echo "## ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt
          echo "" >> image-digest/${{ matrix.name }}.txt
          echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
          echo "" >> image-digest/${{ matrix.name }}.txt

      - name: Upload artifact digests
        if: ${{ steps.tag-in-repositories.outputs.exists == 'false' }}
        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2
        with:
          name: image-digest ${{ matrix.name }}
          path: image-digest
          retention-days: 1

      - name: Send slack notification
        if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }}
        uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af
        with:
          status: ${{ job.status }}
          fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message)
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

  image-digests:
    name: Display Digests
    runs-on: ubuntu-20.04
    needs: build-and-push
    steps:
      - name: Downloading Image Digests
        shell: bash
        run: |
          mkdir -p image-digest/

      - name: Download digests of all images built
        uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869
        with:
          path: image-digest/

      - name: Image Digests Output
        shell: bash
        run: |
          cd image-digest/
          find -type f | sort | xargs -d '\n' cat