Skip to content

[Release 1.8] Fix CVE-2024-45338 (#3230) #1842

[Release 1.8] Fix CVE-2024-45338 (#3230)

[Release 1.8] Fix CVE-2024-45338 (#3230) #1842

name: Build and Push Images
on:
push:
branches:
- main
- release-1*
paths-ignore:
- 'docs/**'
- 'images/**'
- 'automation/**'
- 'cluster/**'
jobs:
build_push:
if: (github.repository == 'kubevirt/hyperconverged-cluster-operator')
name: Build and Push Images
runs-on: ubuntu-latest
env:
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
REGISTRY_NAMESPACE: kubevirt
OPM_VERSION: v1.26.2
steps:
- name: Checkout the latest code
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: '1.19'
- name: Get latest version
run: |
PACKAGE_DIR="./deploy/olm-catalog/community-kubevirt-hyperconverged"
CSV_VERSION=$(ls -d ${PACKAGE_DIR}/*/ | sort -rV | awk "NR==$((RELEASE_DELTA+1))" | cut -d '/' -f 5)
echo "CSV_VERSION=${CSV_VERSION}" >> $GITHUB_ENV
echo "PACKAGE_DIR=${PACKAGE_DIR}" >> $GITHUB_ENV
- name: set unstable tag
# This workflow always pushes unstable tags, both from main and release branches.
run: |
echo "IMAGE_TAG=${CSV_VERSION}-unstable" >> $GITHUB_ENV
echo "UNSTABLE=UNSTABLE" >> $GITHUB_ENV
- name: Build Applications Images
env:
IMAGE_TAG: ${{ env.IMAGE_TAG }}
run: |
IMAGE_TAG=${IMAGE_TAG} make container-build
- name: Push Application Images
env:
IMAGE_TAG: ${{ env.IMAGE_TAG }}
run: |
IMAGE_TAG=${IMAGE_TAG} make container-push
- name: Build Digester
run: |
(cd tools/digester && go build .)
- name: Build Manifests with unique CSV semver
env:
IMAGE_TAG: ${{ env.IMAGE_TAG }}
PACKAGE_DIR: ${{ env.PACKAGE_DIR }}
CSV_VERSION: ${{ env.CSV_VERSION }}
run: |
export HCO_OPERATOR_IMAGE=$(tools/digester/digester --image="quay.io/kubevirt/hyperconverged-cluster-operator:${IMAGE_TAG}")
export HCO_WEBHOOK_IMAGE=$(tools/digester/digester --image="quay.io/kubevirt/hyperconverged-cluster-webhook:${IMAGE_TAG}")
export HCO_DOWNLOADS_IMAGE=$(tools/digester/digester --image="quay.io/kubevirt/virt-artifacts-server:${IMAGE_TAG}")
./hack/build-manifests.sh UNIQUE
sed -i "/^ \+replaces:/d" ${PACKAGE_DIR}/${CSV_VERSION}/manifests/kubevirt-hyperconverged-operator.v${CSV_VERSION}.clusterserviceversion.yaml
- name: Get opm client
run: |
wget https://github.com/operator-framework/operator-registry/releases/download/${OPM_VERSION}/linux-amd64-opm
chmod +x linux-amd64-opm
- name: Build and Push the Index Image
run: |
export OPM=$(pwd)/linux-amd64-opm
./hack/build-index-image.sh ${{ env.IMAGE_TAG }} ${{ env.UNSTABLE }}