feat(ci): add automated image builds (#590)

* feat(ci): add automated image builds

Signed-off-by: Paul Schultz <pschultz@pobox.com>

* apply requested changes

Signed-off-by: Paul Schultz <pschultz@pobox.com>

* Update .github/workflows/versioned-docker-build.yaml

Co-authored-by: Nick Boldt <nboldt@redhat.com>

---------

Signed-off-by: Paul Schultz <pschultz@pobox.com>
Co-authored-by: Nick Boldt <nboldt@redhat.com>

.changeset/giant-baboons-breathe.md

@@ -0,0 +1,2 @@
+---
+---

.github/workflows/codeql.yaml

@@ -20,6 +20,11 @@ on:
       - 'changeset-release/**'
   schedule:
     - cron: '17 0 * * 2'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   analyze:
     name: Analyze

.github/workflows/next-docker-build.yaml

@@ -0,0 +1,54 @@
+# Copyright 2023 Janus Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Next Docker Build
+
+on:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  REGISTRY: quay.io
+
+jobs:
+  next-docker-build:
+    name: Next Docker Build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build and Push with Buildx
+        uses: ./.github/actions/docker-build
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ vars.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}
+          imageName: ${{ github.repository }}
+          imageTags: |
+            type=raw,value=next
+            type=sha
+          imageLabels: quay.expires-after=14d
+          push: true

.github/workflows/pr-docker-build.yaml

@@ -32,7 +32,7 @@ env:
 
 jobs:
   pr-docker-build:
-    name: Docker Build
+    name: PR Docker Build
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -58,3 +58,14 @@ jobs:
           # to autodelete PR image tags, set an expiry date
           imageLabels: quay.expires-after=14d
           push: true
+
+      - name: Comment the image pull link
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'The image is available at: `quay.io/${{ github.repository }}:pr-${{ github.event.number }}`!'
+            })

.github/workflows/release.yaml

@@ -6,7 +6,7 @@ on:
       - main
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
@@ -36,35 +36,5 @@ jobs:
       - name: Create Release Pull Request
         id: changesets
         uses: changesets/action@v1
-        with:
-          version: yarn run version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Get Latest Tag and Publish
-        if: steps.changesets.outputs.hasChangesets == 'false'
-        run: |
-          # pull recent commits and tags
-          git pull origin; git fetch --all
-          echo "recent tags:"; git rev-list --tags --max-count=4
-          latest_tag="$(git describe --tags $(git rev-list --tags --max-count=1))"; echo "Got latest tag = $latest_tag"
-          echo "latest_tag=$latst_tag" >> "$GITHUB_ENV"
-          git push origin "$latest_tag" || exit 1 # fail if tag already exists
-
-      - name: Publish Image
-        if: steps.changesets.outputs.hasChangesets == 'false'
-        uses: ./.github/actions/docker-build
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ vars.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_TOKEN }}
-          imageName: ${{ github.repository }}
-          imageTags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
-          # if we want image tags to autodelete, can set an expiry date
-          # imageLabels: quay.expires-after=365d
-          push: true
-

.github/workflows/sync-renovate-changeset.yaml

@@ -5,6 +5,10 @@ on:
       - '.github/workflows/sync-renovate-changeset.yaml'
       - '**/yarn.lock'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   generate-changeset:
     runs-on: ubuntu-latest

.github/workflows/techdocs.yaml

@@ -8,6 +8,10 @@ on:
       - "docs/**"
       - "mkdocs.yaml"
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   publish-techdocs-site:
     name: Publish techdocs site

.github/workflows/versioned-docker-build.yaml

@@ -0,0 +1,68 @@
+# Copyright 2023 Janus Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# on push of a tag, trigger a container build for that tag and push to http://quay.io/janus-idp/backstage-showcase
+name: Versioned Docker Build
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  REGISTRY: quay.io
+
+jobs:
+  versioned-docker-build:
+    name: Versioned Docker Build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if current tag is the newest version
+        run: |
+          # Get the current tag
+          current_tag="$(git describe --tags --abbrev=0)"; echo "Current tag: $current_tag"
+
+          # Get the newest version tag
+          newest_tag="$(git tag -l 'v*' | sort -uV | tail -1)"; echo "Newest tag: $newest_tag"
+
+          # Check if the current tag is the newest version
+          [ "$current_tag" == "$newest_version" ] && is_latest=true || is_latest=false
+          echo "is_latest=$is_latest" >> "$GITHUB_ENV"
+
+      - name: Build and Push with Buildx
+        uses: ./.github/actions/docker-build
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ vars.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}
+          imageName: ${{ github.repository }}
+          imageTags: |
+            type=raw,value=latest,enable=${{ env.is_latest }}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+          push: true

package.json

@@ -23,8 +23,7 @@
     "new": "backstage-cli new --scope internal",
     "git:tag": "cross-var git tag -a v$npm_package_version -m \"Release v$npm_package_version\"",
     "changeset": "changeset",
-    "changeset:empty": "changeset --empty",
-    "version": "yarn changeset version && yarn run git:tag"
+    "changeset:empty": "changeset --empty"
   },
   "workspaces": {
     "packages": [