Add GHA workflow to push operator images for PRs

Signed-off-by: Pavel Macík <pavel.macik@gmail.com>

.github/actions/clean-images/action.yaml

@@ -0,0 +1,30 @@
+# action.yml
+name: 'Clean container images by tags.'
+description: 'Deletes images from remote repository by tags that match a regular expression.'
+inputs:
+  repository:
+    description: "Repository"
+    required: true
+  tags:
+    description: "Regular expression for tag names to remote"
+    required: true
+  username:
+    descriptino: "Repo username"
+    required: false
+    default: ""
+  password:
+    descriptino: "Repo password"
+    required: false
+    default: ""
+runs:
+  using: "composite"
+  steps:
+    - id: clean-images
+      env:
+        REPO: ${{ inputs.repository }}
+        TAGS: ${{ inputs.tags }}
+        REPO_USERNAME: ${{ inputs.username }}
+        REPO_PASSWORD: ${{ inputs.password }}
+      run: |
+        $GITHUB_ACTION_PATH/clean-images.sh "${REPO}" "${TAGS}"
+      shell: bash

.github/actions/clean-images/clean-images.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+REPO=$1
+# REPO_USERNAME=...
+# REPO_PASSWORD=...
+TAGS=${2:-}
+
+if [ -z "$TAGS" ] || [ -z "$REPO" ]; then
+    echo "Usage: $0 <repo> <images regex>"
+    echo ""
+    echo "Optionally set REPO_USERNAME and REPO_PASSWORD env variables to provide repo credentials."
+    echo ""
+    exit 1
+fi
+
+if [ -n "$REPO_USERNAME" ]; then
+    REPO_CREDS="--creds ${REPO_USERNAME}:${REPO_PASSWORD}"
+fi
+
+for tag in $(skopeo list-tags --tls-verify=false docker://${REPO} | jq -r ".Tags[] | select(.? | match(\"${TAGS}\"))"); do
+    echo "Deleting docker://${REPO}:${tag}"
+    skopeo delete ${REPO_CREDS} docker://${REPO}:${tag}
+done

.github/actions/setup-cli/action.yaml

@@ -1,16 +1,45 @@
 # action.yml
 name: 'Setup Tools'
 description: 'Setup CLI configuration with kubectl operator-sdk opm minikube, setup path, kubeconfig, minikube and docker info '
+inputs:
+  operator-sdk:
+    description: "Install Operator SDK"
+    required: false
+    default: false
+  opm:
+    description: "Install opm"
+    required: false
+    default: false
+  kubectl:
+    description: "Install kubectl"
+    required: false
+    default: false
+  minikube:
+    description: "Install minikube"
+    required: false
+    default: false
+  start-minikube:
+    description: "Start minikube cluster"
+    required: false
+    default: false
 runs:
   using: "composite"
   steps:
     - id: setup-path
       run: |
         mkdir -p $GITHUB_WORKSPACE/bin/
-        echo "PATH=$PATH:$GITHUB_WORKSPACE/bin/" >> $GITHUB_ENV
+        echo "PATH=$GITHUB_WORKSPACE/bin:$PATH" >> $GITHUB_ENV
       shell: bash
 
-    - run: $GITHUB_ACTION_PATH/setup_tools.sh
+    - id: setup-tools
+      env:
+        OPERATOR_SDK: ${{ inputs.operator-sdk }}
+        OPM: ${{ inputs.opm }}
+        KUBECTL: ${{ inputs.kubectl }}
+        MINIKUBE: ${{ inputs.minikube }}
+        START_MINIKUBE: ${{ inputs.start-minikube }}
+      run: |
+        $GITHUB_ACTION_PATH/setup_tools.sh
       shell: bash
 
     - id: set-kubeconfig
@@ -22,14 +51,17 @@ runs:
 
     - id: setup-minikube
       run: |
-        ./hack/start-minikube.sh start --kubernetes-version=v${K8S_VERSION} --driver=$CONTAINER_RUNTIME --cpus $(nproc) --memory 5g
+        if [ "${{ inputs.start-minikube }}" == "true" ]; then
+          ./hack/start-minikube.sh start --kubernetes-version=v${K8S_VERSION} --driver=$CONTAINER_RUNTIME --cpus $(nproc) --memory 5g
+        fi
       shell: bash
 
-    - id: docker-info
+    - id: podman-info
       run: |
-        eval $(minikube docker-env)
-        docker ps
-        kubectl get nodes -o yaml
-        kubectl cluster-info
-        docker info
+        if [ "${{ inputs.start-minikube }}" == "true" ]; then
+          kubectl get nodes -o yaml
+          kubectl cluster-info
+        fi
+        podman ps
+        podman info
       shell: bash

.github/actions/setup-cli/setup_tools.sh

@@ -1,17 +1,33 @@
 #!/usr/bin/env bash
 
-curl -Lo operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v${SDK_VERSION}/operator-sdk_linux_amd64
-chmod +x operator-sdk
-mv -v operator-sdk $GITHUB_WORKSPACE/bin/
+echo "Downloading requested CLI"
 
-curl -Lo opm https://github.com/operator-framework/operator-registry/releases/download/v${OPM_VERSION}/linux-amd64-opm
-chmod +x opm
-mv -v opm $GITHUB_WORKSPACE/bin/
+if [ "$OPERATOR_SDK" == true ]; then
+    echo "Downloading operator-sdk..."
+    curl -Lo operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v${SDK_VERSION}/operator-sdk_linux_amd64
+    chmod +x operator-sdk
+    mv -v operator-sdk $GITHUB_WORKSPACE/bin/
+fi
 
-curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v${K8S_VERSION}/bin/linux/amd64/kubectl
-chmod +x kubectl
-mv -v kubectl $GITHUB_WORKSPACE/bin/
+if [ "$OPM" == true ]; then
+    echo "Downloading opm..."
+    curl -Lo opm https://github.com/operator-framework/operator-registry/releases/download/v${OPM_VERSION}/linux-amd64-opm
+    chmod +x opm
+    mv -v opm $GITHUB_WORKSPACE/bin/
+fi
 
-curl -Lo minikube https://storage.googleapis.com/minikube/releases/v${MINIKUBE_VERSION}/minikube-linux-amd64
-chmod +x minikube
-mv -v minikube $GITHUB_WORKSPACE/bin/
+if [ "$KUBECTL" == true ] || [ "$START_MINIKUBE" == true ]; then
+    echo "Downloading kubectl..."
+    curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v${K8S_VERSION}/bin/linux/amd64/kubectl
+    chmod +x kubectl
+    mv -v kubectl $GITHUB_WORKSPACE/bin/
+fi
+
+if [ "$MINIKUBE" == true ] || [ "$START_MINIKUBE" == true ]; then
+    echo "Downloading minikube..."
+    curl -Lo minikube https://storage.googleapis.com/minikube/releases/v${MINIKUBE_VERSION}/minikube-linux-amd64
+    chmod +x minikube
+    mv -v minikube $GITHUB_WORKSPACE/bin/
+fi
+
+echo "All requested CLI downloaded!"

.github/actions/setup-podman/podman

@@ -0,0 +1,17 @@
+#!/bin/bash
+cmd="/usr/bin/podman"
+case "$1" in
+  push)
+    prefix=${2%/*}
+    img=${2#${prefix}}
+   "$cmd" push --tls-verify=false $2 docker://localhost:5000${img}
+   ;;
+  inspect)
+    prefix=${3%/*}
+    img=${3#${prefix}}
+    echo $prefix${img%:*}@$(skopeo inspect --tls-verify=false docker://localhost:5000${img} | jq -r .Digest)
+    ;;
+  *)
+    "$cmd" "$@"   
+    ;;
+esac

.github/actions/setup-podman/registries_template.conf

@@ -0,0 +1,6 @@
+unqualified-search-registries = ['docker.io']
+
+[[registry]]
+prefix = "REGISTRY_PREFIX"
+insecure = true
+location = "localhost:5000"

.github/actions/setup-podman/setup-local-registry.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -x
+
+mkdir -p ${GITHUB_WORKSPACE}/registry
+
+podman run -d -p 5000:5000 --rm -v ${GITHUB_WORKSPACE}/registry:/var/lib/registry:Z --name reg registry:2.7

.github/actions/setup-podman/setup-podman-wrapper.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -x
+
+mkdir -p $HOME/.config/containers
+sed -e "s,REGISTRY_PREFIX,${REGISTRY_PREFIX},g" ./.github/actions/setup-podman/registries_template.conf > $HOME/.config/containers/registries.conf
+cp -rvf ./.github/actions/setup-podman/podman ${GITHUB_WORKSPACE}/bin/podman

.github/workflows/pr-checks-build-images.yaml

@@ -0,0 +1,70 @@
+name: PR checks - Build operator images
+
+on:
+  pull_request:
+    branches:
+      - master
+
+env:
+  SDK_VERSION: "1.3.0"
+  OPM_VERSION: "1.15.2"
+  CONTAINER_RUNTIME: "podman"
+  ARTIFACTS: "artifacts"
+  REGISTRY_PREFIX: quay.io/redhat-developer
+  REPO: servicebinding-operator
+
+jobs:
+  build-operator-images:
+    name: "Build operator images (PR)"
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout Git Repository
+        uses: actions/checkout@v2
+
+      - name: Setup CLI
+        uses: ./.github/actions/setup-cli
+        with:
+          operator-sdk: true
+          opm: true
+
+      - name: Setup local registry
+        run: |
+          .github/actions/setup-podman/setup-local-registry.sh
+          .github/actions/setup-podman/setup-podman-wrapper.sh
+
+      - name: Build images
+        env:
+          PR_NUMBER: ${{github.event.pull_request.number}}
+          PR_SHA: ${{github.event.pull_request.head.sha}}
+          OPERATOR_REPO_REF: ${{env.REGISTRY_PREFIX}}/${{env.REPO}}
+        run: |
+          export TAG=pr-${PR_NUMBER}-${PR_SHA:0:8}
+          export OPERATOR_IMAGE_REF=${OPERATOR_REPO_REF}:${TAG}
+          export OPERATOR_BUNDLE_IMAGE_REF=${OPERATOR_IMAGE_REF}-bundle
+          export OPERATOR_INDEX_IMAGE_REF=${OPERATOR_IMAGE_REF}-index
+
+          which podman
+
+          BUILDAH_FORMAT=docker make SKIP_REGISTRY_LOGIN=true release-operator -o registry-login
+
+          mkdir -p ${ARTIFACTS}
+
+          echo "export OPERATOR_IMAGE_REF=${OPERATOR_IMAGE_REF}" >> ${ARTIFACTS}/operator.refs
+          echo "export OPERATOR_BUNDLE_IMAGE_REF=${OPERATOR_BUNDLE_IMAGE_REF}" >> ${ARTIFACTS}/operator.refs
+          echo "export OPERATOR_INDEX_IMAGE_REF=${OPERATOR_INDEX_IMAGE_REF}" >> ${ARTIFACTS}/operator.refs
+
+          podman stop reg
+          tar -czvf ${ARTIFACTS}/registry.tar.gz -C ${GITHUB_WORKSPACE} registry
+
+      - name: Archive images
+        uses: actions/upload-artifact@v2
+        with:
+          name: operator-images-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}}
+          path: ${{env.ARTIFACTS}}/*.tar.gz
+
+      - name: Archive image references
+        uses: actions/upload-artifact@v2
+        with:
+          name: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}}
+          path: ${{env.ARTIFACTS}}/*.refs

.github/workflows/pr-checks-clean-images.yaml

@@ -0,0 +1,27 @@
+name: "PR checks - Clean operator images"
+
+on:
+  pull_request_target:
+    branches:
+      - master
+    types: [closed]
+
+env:
+  OPERATOR_REPO_REF: quay.io/redhat-developer/servicebinding-operator
+
+jobs:
+  clean-operator-images:
+    name: "Clean operator images (PR)"
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout Git Repository
+        uses: actions/checkout@v2
+
+      - name: Clean PR images
+        uses: ./.github/actions/clean-images
+        with:
+          repository: ${{ env.OPERATOR_REPO_REF }}
+          tags: "pr-${{github.event.pull_request.number}}-.*"
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}

.github/workflows/pr-checks-push-images.yaml

@@ -0,0 +1,45 @@
+name: "PR checks - Push operator images"
+
+on:
+  pull_request_target:
+    branches:
+      - master
+
+env:
+  REGISTRY_PREFIX: quay.io/redhat-developer
+  REPO: servicebinding-operator
+
+jobs:
+  push-operator-images:
+    name: "Push operator images (PR)"
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout Git Repository
+        uses: actions/checkout@v2
+
+      - name: Wait for build
+        uses: lewagon/wait-on-check-action@1b1630e169116b58a4b933d5ad7effc46d3d312d
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          check-name: "Build operator images (PR)"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 60
+
+      - name: Download images
+        uses: marcofaggian/action-download-multiple-artifacts@v3.0.8
+        with:
+          names: operator-images-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}}
+
+      - name: Setup local registry
+        run: |
+          tar -xvf registry.tar.gz
+          .github/actions/setup-podman/setup-local-registry.sh
+
+      - name: Push operator, bundle and index images
+        run: |
+          set -x
+          for tag in $(skopeo list-tags --tls-verify=false docker://localhost:5000/${REPO} | jq -r '.Tags[] | select(startswith("pr-${{github.event.pull_request.number}}-"))'); do
+            sha=$(skopeo inspect --tls-verify=false docker://localhost:5000/${REPO}:${tag} | jq -r '.Digest')
+            skopeo copy --dest-creds ${{secrets.QUAY_USERNAME}}:${{secrets.QUAY_TOKEN}} --all --src-tls-verify=false docker://localhost:5000/${REPO}@${sha} docker://${REGISTRY_PREFIX}/${REPO}:${tag}
+          done