From de66e2f2fe1e54e7d2ed2d230fbe8dd7423f5f7a Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Sat, 3 Feb 2024 20:38:04 +0200
Subject: [PATCH] Publish distribution images with digests

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 .github/workflows/index-images.sh   | 57 +++++++++++++++++++++++++++
 .github/workflows/index-images.yaml | 61 +++++++++++++++++++++++++++++
 2 files changed, 118 insertions(+)
 create mode 100755 .github/workflows/index-images.sh
 create mode 100644 .github/workflows/index-images.yaml

diff --git a/.github/workflows/index-images.sh b/.github/workflows/index-images.sh
new file mode 100755
index 0000000..31cf02a
--- /dev/null
+++ b/.github/workflows/index-images.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+set -eoux pipefail
+
+REGISTRY="${REGISTRY}"
+VARIANT="${VARIANT}"
+VERSION="${VERSION}"
+
+ROOT_DIR="$(git rev-parse --show-toplevel)"
+WORK_DIR="${ROOT_DIR}/images"
+
+mkdir -p "${WORK_DIR}"
+
+cd "${WORK_DIR}"
+
+FLUX_IMAGES="${VERSION}-${VARIANT}.yaml"
+
+flux install --version ${VERSION} \
+--registry=${REGISTRY}/${VARIANT} \
+--components-extra=image-reflector-controller,image-automation-controller \
+--export | grep 'ghcr.io/' | awk '{print $2}' > "${FLUX_IMAGES}"
+
+
+sc=$(awk 'NR==1{print $1}' "${FLUX_IMAGES}")
+sc_digest=$(docker buildx imagetools inspect ${sc}  --format '{{json .}}' | jq -r .manifest.digest)
+kc=$(awk 'NR==2{print $1}' "${FLUX_IMAGES}")
+kc_digest=$(docker buildx imagetools inspect ${kc}  --format '{{json .}}' | jq -r .manifest.digest)
+hc=$(awk 'NR==3{print $1}' "${FLUX_IMAGES}")
+hc_digest=$(docker buildx imagetools inspect ${hc}  --format '{{json .}}' | jq -r .manifest.digest)
+nc=$(awk 'NR==4{print $1}' "${FLUX_IMAGES}")
+nc_digest=$(docker buildx imagetools inspect ${nc}  --format '{{json .}}' | jq -r .manifest.digest)
+irc=$(awk 'NR==5{print $1}' "${FLUX_IMAGES}")
+irc_digest=$(docker buildx imagetools inspect ${irc}  --format '{{json .}}' | jq -r .manifest.digest)
+iac=$(awk 'NR==6{print $1}' "${FLUX_IMAGES}")
+iac_digest=$(docker buildx imagetools inspect ${iac}  --format '{{json .}}' | jq -r .manifest.digest)
+
+cat >${FLUX_IMAGES} <<EOF
+images:
+  - name: ${REGISTRY}/${VARIANT}/source-controller
+    newTag: ${sc#*:}
+    digest: ${sc_digest}
+  - name: ${REGISTRY}/${VARIANT}/kustomize-controller
+    newTag: ${kc#*:}
+    digest: ${kc_digest}
+  - name: ${REGISTRY}/${VARIANT}/helm-controller
+    newTag: ${hc#*:}
+    digest: ${hc_digest}
+  - name: ${REGISTRY}/${VARIANT}/notification-controller
+    newTag: ${nc#*:}
+    digest: ${nc_digest}
+  - name: ${REGISTRY}/${VARIANT}/image-reflector-controller
+    newTag: ${irc#*:}
+    digest: ${irc_digest}
+  - name: ${REGISTRY}/${VARIANT}/image-automation-controller
+    newTag: ${iac#*:}
+    digest: ${iac_digest}
+EOF
diff --git a/.github/workflows/index-images.yaml b/.github/workflows/index-images.yaml
new file mode 100644
index 0000000..6f18a6f
--- /dev/null
+++ b/.github/workflows/index-images.yaml
@@ -0,0 +1,61 @@
+name: index-images
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '00 10 * * 1-5'
+
+permissions:
+  contents: read
+
+jobs:
+  generate:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      packages: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Flux
+        uses: fluxcd/flux2/action@5c5c15ea212b8f029a110f9975851d25c8272695 #v2.2.2
+      - name: Write image files
+        id: update
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REGISTRY: ghcr.io/controlplaneio-fluxcd
+        run: |
+          VERSION=$(gh release view --json tagName -q '.tagName')
+          echo "version=${VERSION}" >> $GITHUB_ENV
+          
+          VARIANT="alpine" \
+          REGISTRY="${REGISTRY}" \
+          VERSION="${VERSION}" \
+          ./workflows/index-images.sh
+          
+          VARIANT="distroless" \
+          REGISTRY="${REGISTRY}" \
+          VERSION="${VERSION}" \
+          ./workflows/index-images.sh
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: |
+            Update images for Flux ${{ steps.update.outputs.version }}
+          committer: GitHub <noreply@github.com>
+          signoff: true
+          branch: update-images-${{ steps.update.outputs.version }}
+          title: Update images for Flux ${{ steps.update.outputs.version }}
+          body: |
+            Update images with digests for Flux ${{ steps.update.outputs.version }}
+          labels: |
+            area/images