.github/workflows/release-pr.yml

name: Release PR image

on:
  pull_request:
    types:
    - opened
    - reopened
    - synchronize

jobs:
  get-pr-number:
    name: Get PR number
    runs-on: ubuntu-latest
    outputs:
      pr-number: ${{ steps.get-pr-number.outputs.pr-number }}
    steps:
      - name: Get PR number
        id: get-pr-number
        run: echo "::set-output name=pr-number::$(echo ${GITHUB_REF#refs/pull/} | cut -d'/' -f1)"
  operator-container-push-pr:
    needs: get-pr-number
    permissions:
      contents: read
      id-token: write
      packages: write
    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
    with:
      name: compliance-operator
      registry_org: complianceascode
      tag: ${{ needs.get-pr-number.outputs.pr-number }}
      dockerfile_path: build/Dockerfile
      vendor: 'Compliance Operator Authors'
  
  bundle-container-push-pr:
    needs: get-pr-number
    permissions:
      contents: read
      id-token: write
      packages: write
    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
    with:
      name: compliance-operator-bundle
      registry_org: complianceascode
      tag: ${{ needs.get-pr-number.outputs.pr-number }}
      dockerfile_path: bundle.Dockerfile
      vendor: 'Compliance Operator Authors'
  
  openscap-container-push-pr:
    needs: get-pr-number
    permissions:
      contents: read
      id-token: write
      packages: write
    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
    with:
      name: openscap-ocp
      registry_org: complianceascode
      tag: ${{ needs.get-pr-number.outputs.pr-number }}
      dockerfile_path: images/openscap/Dockerfile
      vendor: 'Compliance Operator Authors'

  catalog-container-push-pr:
    runs-on: ubuntu-latest
    needs:
    - get-pr-number
    - bundle-container-push-pr
    if: always() # remove this after we fix signing

    permissions:
      packages: write
      contents: read

    outputs:
      image-digest: ${{ steps.container_info.outputs.image-digest }}
      image-tags: ${{ steps.container_info.outputs.image-tags }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3.6.0

      - name: Login to ghcr.io
        uses: docker/login-action@v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ghcr.io/complianceascode/compliance-operator-catalog
          tags: |
            type=raw,value=${{ needs.get-pr-number.outputs.pr-number }}
            type=sha,format=long
          labels: |
            org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
            org.opencontainers.image.title=compliance-operator-catalog
            org.opencontainers.image.version=latest
            org.opencontainers.image.licenses='Apache-2.0'
            org.opencontainers.image.vendor='Compliance Operator Authors'
        
      - name: Generate catalog dockerfile
        id: generate_catalog_dockerfile
        run: |
          make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}

      - name: Build container images and push
        id: docker_build
        uses: docker/build-push-action@v5
        with:
          context: .
          file: catalog.Dockerfile
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          push: true
          platforms: 'linux/amd64'

      - name: Get container info
        id: container_info
        run: |
          image_tags="${{ needs.get-pr-number.outputs.pr-number }}"
          echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}"
          echo "::set-output name=image-tags::${image_tags}"

  comment-pr:
    needs: 
    - operator-container-push-pr
    - bundle-container-push-pr
    - openscap-container-push-pr
    - catalog-container-push-pr
    - get-pr-number
    runs-on: ubuntu-latest
    name: Comment on the PR
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Comment PR
        uses: thollander/actions-comment-pull-request@v2
        with:
          message: |
            :robot: To deploy this PR, run the following command:
            ```
            make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}
            ```