diff --git a/.github/workflows/build-main.yml b/.github/workflows/build-main.yml index e4b9e08..ec87d98 100644 --- a/.github/workflows/build-main.yml +++ b/.github/workflows/build-main.yml @@ -4,6 +4,9 @@ on: push: branches: [ main, ghactions ] +permissions: + contents: read + jobs: build-main: name: Build and push a main snapshot image @@ -33,8 +36,10 @@ jobs: - name: Set image registry env run: | - echo IMAGE_REGISTRY=$(echo ${{ secrets.IMAGE_REGISTRY }} | cut -d '/' -f 1) >> $GITHUB_ENV - echo IMAGE_REPO=$(echo ${{ secrets.IMAGE_REGISTRY }} | cut -d '/' -f 2) >> $GITHUB_ENV + echo "IMAGE_REGISTRY=$(echo "${_IMAGE_REGISTRY}" | cut -d '/' -f 1)" >> "${GITHUB_ENV}" + echo "IMAGE_REPO=$(echo "${_IMAGE_REGISTRY}" | cut -d '/' -f 2)" >> "${GITHUB_ENV}" + env: + _IMAGE_REGISTRY: ${{ secrets.IMAGE_REGISTRY }} - name: Build Operator Image id: build-operator-image @@ -61,10 +66,7 @@ jobs: - name: Build Bundle id: build-bundle run: | - IMAGE_REGISTRY=${{ env.IMAGE_REGISTRY }} \ - IMAGE_REPO=${{ env.IMAGE_REPO }} \ - RELEASE_TAG=${{ env.RELEASE_TAG }} \ - VERSION=${{ env.RELEASE_TAG }} \ + VERSION="${RELEASE_TAG}" \ make bundle - name: Build Bundle Image @@ -86,5 +88,9 @@ jobs: username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_PASSWORD }} - - run: echo "Operator Image pushed to ${{ steps.push-operator-image.outputs.registry-paths }}" - - run: echo "Bundle Image pushed to ${{ steps.push-bundle-image.outputs.registry-paths }}" + - run: | + echo "Operator Image pushed to ${OPERATOR_IMAGE_REGISTRY_PATHS}" + echo "Bundle Image pushed to ${BUNDLE_IMAGE_REGISTRY_PATHS}" + env: + OPERATOR_IMAGE_REGISTRY_PATHS: ${{ steps.push-operator-image.outputs.registry-paths }} + BUNDLE_IMAGE_REGISTRY_PATHS: ${{ steps.push-bundle-image.outputs.registry-paths }} diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index fd6746c..77d7f5e 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -8,6 +8,9 @@ on: branches: - ghactions +permissions: + contents: read + jobs: build-release: name: Build and push a tag image @@ -24,9 +27,13 @@ jobs: id: go - name: Set Env Tags run: | - echo RELEASE_TAG=$(echo $GITHUB_REF | cut -d '/' -f 3) >> $GITHUB_ENV - echo IMAGE_REGISTRY=$(echo ${{ secrets.IMAGE_REGISTRY }} | cut -d '/' -f 1) >> $GITHUB_ENV - echo IMAGE_REPO=$(echo ${{ secrets.IMAGE_REGISTRY }} | cut -d '/' -f 2) >> $GITHUB_ENV + { + echo "RELEASE_TAG=$(echo "${GITHUB_REF}" | cut -d '/' -f 3)" + echo "IMAGE_REGISTRY=$(echo "${_IMAGE_REGISTRY}" | cut -d '/' -f 1)" + echo "IMAGE_REPO=$(echo "${_IMAGE_REGISTRY}" | cut -d '/' -f 2)" + } >> "${GITHUB_ENV}" + env: + _IMAGE_REGISTRY: ${{ secrets.IMAGE_REGISTRY }} - name: Build Operator Image id: build-operator-image @@ -52,11 +59,8 @@ jobs: - name: Build Bundle id: build-bundle run: | - IMAGE_REGISTRY=${{ env.IMAGE_REGISTRY }} \ - IMAGE_REPO=${{ env.IMAGE_REPO }} \ - RELEASE_TAG=${{ env.RELEASE_TAG }} \ - VERSION=${{ env.RELEASE_TAG }} \ - USE_IMAGE_DIGESTS=true \ + VERSION="${RELEASE_TAG}" \ + USE_IMAGE_DIGESTS="true" \ make bundle # This is a very naive implementation. Mainly for PoC @@ -85,5 +89,9 @@ jobs: username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_PASSWORD }} - - run: echo "Operator Image pushed to ${{ steps.push-operator-image.outputs.registry-paths }}" - - run: echo "Bundle Image pushed to ${{ steps.push-bundle-image.outputs.registry-paths }}" + - run: | + echo "Operator Image pushed to ${OPERATOR_IMAGE_REGISTRY_PATHS}" + echo "Bundle Image pushed to ${BUNDLE_IMAGE_REGISTRY_PATHS}" + env: + OPERATOR_IMAGE_REGISTRY_PATHS: ${{ steps.push-operator-image.outputs.registry-paths }} + BUNDLE_IMAGE_REGISTRY_PATHS: ${{ steps.push-bundle-image.outputs.registry-paths }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1211abc..7ea892c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,9 @@ on: pull_request: branches: [ main ] +permissions: + contents: read + jobs: sanity: name: sanity