Use GHA directly to push container (#576)

* Use GHA directly to push container

* Build docker image in CI for PRs as well

Author: mrueg

.github/workflows/pull_request.yaml

@@ -1,6 +1,10 @@
 name: Pull Request
 on: [pull_request]
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 jobs:
   lint:
     name: Lint
@@ -74,19 +78,44 @@ jobs:
     name: Docker Tests
     needs: [lint]
     runs-on: ubuntu-latest
-
+    
     steps:
-      - name: checkout
+      - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: docker build
-        run: make docker-build
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          build-args: |
+            KONSTRAINT_VER="${{ env.DOCKER_METADATA_OUTPUT_VERSION }}"
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
 
       - name: test create command
-        run: docker run -v $PWD:/konstraint konstraint create /konstraint/examples
+        run: docker run -v $PWD:/konstraint ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_METADATA_OUTPUT_VERSION }} create /konstraint/examples
 
       - name: test doc command
-        run: docker run -v $PWD:/konstraint konstraint doc /konstraint/examples
+        run: docker run -v $PWD:/konstraint ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_METADATA_OUTPUT_VERSION }} doc /konstraint/examples
 
   policy-checks:
     name: Policy Checks

.github/workflows/push_container.yaml

@@ -4,6 +4,10 @@ on:
     tags:
     - v*.*.*
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 jobs:
   unit-test:
     runs-on: ubuntu-latest
@@ -28,17 +32,35 @@ jobs:
     needs: [unit-test]
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-    - name: get version tag
-      run: echo TAG_NAME=$(echo ${GITHUB_REF} | rev | cut -d"/" -f1 | rev) >> $GITHUB_ENV
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: docker login
-      run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
-    - name: docker build
-      run: >-
-        docker buildx create --name builder &&
-        docker buildx use --builder builder &&
-        make dockerx-build version=${TAG_NAME}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          build-args: |
+            KONSTRAINT_VER="${{ github.ref_name }}"
+          platforms: linux/arm/v7,linux/arm64,linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Makefile

@@ -1,8 +1,3 @@
-## The repository where the container image will be pushed to.
-IMAGE := ghcr.io/plexsystems/konstraint
-
-PLATFORMS := linux/arm/v7,linux/arm64/v8,linux/amd64
-
 #
 ##@ Development
 #
@@ -42,39 +37,6 @@ fmt: ## Ensures consistent formatting on policy tests.
 ##@ Releases
 #
 
-.PHONY: docker-build
-docker-build: ## Builds the docker image. Can optionally pass in a version.
-ifeq ($(version),)
-	docker build -t konstraint:latest .
-else
-	docker build -t konstraint:latest -t konstraint:$(version) --build-arg KONSTRAINT_VER=$(version) .
-endif
-
-.PHONY: dockerx-build
-dockerx-build: ## Builds the docker image. Can optionally pass in a version.
-ifeq ($(version),)
-	docker buildx build \
-		--platform "$(PLATFORMS)" \
-		-t konstraint:latest \
-		.
-else
-	docker buildx build \
-		--push \
-		--platform "$(PLATFORMS)" \
-		-t konstraint:latest \
-		-t "konstraint:$(version)" \
-		--build-arg "KONSTRAINT_VER=$(version)" \
-		.
-endif
-
-.PHONY: docker-push
-docker-push: ## Pushes the docker image to the container registry.
-	@test $(version)
-	docker tag konstraint:latest $(IMAGE):$(version)
-	docker tag konstraint:latest $(IMAGE):latest
-	docker push $(IMAGE):$(version)
-	docker push $(IMAGE):latest
-
 .PHONY: release
 release: ## Builds the binaries for each OS and creates the checksums.
 	@test $(version)