.github/workflows/build-and-push.yaml

name: Build and Push
on:
  push:
    branches:
      - main
    tags:
      - v*
    paths-ignore:
      - 'LICENSE'
      - '**/.gitignore'
      - '**.md'
      - '**.adoc'
      - '*.txt'
  pull_request_target:
    paths-ignore:
      - 'LICENSE'
      - '**/.gitignore'
      - '**.md'
      - '**.adoc'
      - '*.txt'
    types: [labeled, opened, synchronize, reopened]
jobs:
  # Ensure that tests pass before publishing a new image.
  build-and-push-ci:
    runs-on: ubuntu-latest
    steps: # Assign context variable for various action contexts (tag, main, CI)
      - name: Assigning CI context
        if: github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v')
        run: echo "BUILD_CONTEXT=ci" >> $GITHUB_ENV
      - name: Assigning tag context
        if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v')
        run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV
      - name: Assigning main context
        if: github.head_ref == '' && github.ref == 'refs/heads/main'
        run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV
      #
      # Run checkouts
      - uses: mheap/github-action-required-labels@v4
        if: env.BUILD_CONTEXT == 'ci'
        with:
          mode: minimum
          count: 1
          labels: "ok-to-test, lgtm, approved"
      - uses: actions/checkout@v3
        if: env.BUILD_CONTEXT == 'ci'
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - uses: actions/checkout@v3
        if: env.BUILD_CONTEXT == 'main' ||  env.BUILD_CONTEXT == 'tag'
      #
      # Print variables for debugging
      - name: Log reference variables
        run: |
          echo "CONTEXT: ${{ env.BUILD_CONTEXT }}"
          echo "GITHUB.REF: ${{ github.ref }}"
          echo "GITHUB.HEAD_REF: ${{ github.head_ref }}"
          echo "SHA: ${{ github.event.pull_request.head.sha }}"
          echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest"
          echo "CI IMAGE AT: quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}"
      #
      # Set environments depending on context
      - name: Set CI environment
        if:  env.BUILD_CONTEXT == 'ci'
        run: |
          echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
          echo "IMAGE_NAME=quay.io/trustyai/trustyai-service-operator-ci" >> $GITHUB_ENV
      - name: Set main-branch environment
        if:  env.BUILD_CONTEXT == 'main'
        run: |
          echo "TAG=latest" >> $GITHUB_ENV
          echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
      - name: Set tag environment
        if: env.BUILD_CONTEXT == 'tag'
        run: |
          echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
          echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV

       # Run docker commands
      - name: Put expiry date on CI-tagged image
        if:  env.BUILD_CONTEXT == 'ci'
        run: sed -i 's#summary="odh-trustyai-service-operator\"#summary="odh-trustyai-service-operator" \\ \n      quay.expires-after=7d#' Dockerfile
      - name: Log in to Quay
        run: docker login -u ${{ secrets.QUAY_ROBOT_USERNAME }} -p ${{ secrets.QUAY_ROBOT_SECRET }} quay.io
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Build and Push Image
        uses: docker/build-push-action@v3
        with:
          tags: ${{ env.IMAGE_NAME }}:${{ env.TAG }}
          platforms: linux/amd64,linux/s390x,linux/ppc64le
          push: true

      # Create CI Manifests
      - name: Set up manifests for CI
        if: env.BUILD_CONTEXT == 'ci'
        run: |
          sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/base/params.env
          rm -Rf $(ls . | grep -v config)
          rm -Rf .gitignore .dockerignore .github .git .yamllint.yaml
      # pysh to ci-manifest repo
      - uses: cpina/github-action-push-to-another-repository@main
        if:  env.BUILD_CONTEXT == 'ci'
        env:
          SSH_DEPLOY_KEY: ${{ secrets.TRUSTYAI_CI_BOT_SSH_KEY}}
        with:
          source-directory: '.'
          destination-github-username: 'trustyai-ci-bot'
          destination-repository-username: 'trustyai-explainability'
          destination-repository-name: 'trustyai-service-operator-ci'
          target-branch: operator-${{ env.TAG }}
          create-target-branch-if-needed: 'true'

      # Leave comment
      - uses: peter-evans/find-comment@v3
        name: Find Comment
        id: fc
        with:
          issue-number: ${{ github.event.pull_request.number }}
          comment-author: 'github-actions[bot]'
          body-includes: PR image build and manifest generation completed successfully
      - uses: peter-evans/create-or-update-comment@v4
        name: Generate/update success message comment
        with:
          comment-id: ${{ steps.fc.outputs.comment-id }}
          issue-number: ${{ github.event.pull_request.number }}
          edit-mode: replace
          body: |
            PR image build and manifest generation completed successfully!

            📦 [PR image](https://quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}`

            🗂️ [CI manifests](https://github.com/trustyai-explainability/trustyai-service-operator-ci/tree/operator-${{ env.TAG }})