From d2c3a25a3f396705f6e7888cb8bdbbe5f300b133 Mon Sep 17 00:00:00 2001
From: Javan lacerda <javanlacerda@google.com>
Date: Mon, 14 Oct 2024 15:32:07 +0000
Subject: [PATCH] adding a richer tag and breaking-change label for build
 action

Signed-off-by: Javan lacerda <javanlacerda@google.com>
---
 .github/workflows/build.yml | 18 +++++++++++++++++-
 Makefile                    | 11 +++++++++--
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 90f1f7f62..d60b32056 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -32,6 +32,7 @@ jobs:
     permissions:
       id-token: write
       contents: read
+      pull-requests: read
 
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
@@ -58,8 +59,23 @@ jobs:
 
       - name: creds
         run: gcloud auth configure-docker --quiet
+        
+      - name: Formatted labels
+        id: labels
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          FORMATED_LABELS="--image-label commit-hash=$GITHUB_SHA"
+          BRANCH_NUMBER=$(gh pr list --state all --search "sha:$GITHUB_SHA" --label "breaking-change" | awk '{print $1}')
+          
+          echo "Branch Number: $BRANCH_NUMBER" 
+          # Check if a pull request number was found
+          if [ -n "$BRANCH_NUMBER" ]; then
+            FORMATED_LABELS+=" --image-label breaking-change=true"
+          fi
+          echo "FORMATED_LABELS='$FORMATED_LABELS'" >> $GITHUB_OUTPUT
 
       - name: container
-        run: KO_PREFIX=gcr.io/projectsigstore/rekor/ci/rekor make sign-keyless-ci
+        run: KO_PREFIX=gcr.io/projectsigstore/rekor/ci/rekor FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} make sign-keyless-ci
         env:
           COSIGN_YES: true
diff --git a/Makefile b/Makefile
index 0b2973a99..2921e5fec 100644
--- a/Makefile
+++ b/Makefile
@@ -63,6 +63,13 @@ REKOR_LDFLAGS=-X sigs.k8s.io/release-utils/version.gitVersion=$(GIT_VERSION) \
 CLI_LDFLAGS=$(REKOR_LDFLAGS)
 SERVER_LDFLAGS=$(REKOR_LDFLAGS)
 
+# It should be blank for default builds
+FORMATED_LABEL ?=
+
+GITHUB_RUN_NUMBER ?= "local"
+
+FULL_TAG := "0.$(shell date +%Y%m%d).$(GITHUB_RUN_NUMBER)-ref.$(GIT_VERSION)"
+
 Makefile.swagger: $(SWAGGER) $(OPENAPIDEPS)
 	$(SWAGGER) validate openapi.yaml
 	$(SWAGGER) generate client -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --additional-initialism=TUF --additional-initialism=DSSE
@@ -110,8 +117,8 @@ debug:
 ko:
 	# rekor-server
 	LDFLAGS="$(SERVER_LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
-	KO_DOCKER_REPO=$(KO_PREFIX)/rekor-server ko resolve --bare \
-		--platform=all --tags $(GIT_VERSION) --tags $(GIT_HASH) \
+	KO_DOCKER_REPO=$(KO_PREFIX)/rekor-server ko resolve $(FORMATED_LABEL) --bare \
+		--platform=all --tags $(GIT_VERSION) --tags $(GIT_HASH) --tags $(FULL_TAG) \
 		--image-refs rekorServerImagerefs --filename config/ > $(REKOR_YAML)
 
 	# rekor-cli