diff --git a/.github/workflows/build-images-base.yaml b/.github/workflows/build-images-base.yaml index 79ea19b..9e807b2 100644 --- a/.github/workflows/build-images-base.yaml +++ b/.github/workflows/build-images-base.yaml @@ -23,6 +23,10 @@ on: description: Bundle and catalog channels, comma separated default: preview type: string + quayImageExpiry: + description: When to expire the built quay images. The time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively, from the time the image is built. + default: never + type: string workflow_dispatch: inputs: operatorVersion: @@ -45,6 +49,10 @@ on: description: Bundle and catalog channels, comma separated default: preview type: string + quayImageExpiry: + description: When to expire the built quay images. The time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively, from the time the image is built. + default: never + type: string env: IMG_TAGS: ${{ inputs.operatorTag }} @@ -53,6 +61,7 @@ env: IMG_REGISTRY_ORG: kuadrant MAIN_BRANCH_NAME: main OPERATOR_NAME: limitador-operator + QUAY_IMAGE_EXPIRY: ${{ inputs.quayImageExpiry }} jobs: build: @@ -82,6 +91,7 @@ jobs: build-args: | GIT_SHA=${{ github.sha }} DIRTY=false + QUAY_IMAGE_EXPIRY=${{ inputs.quayImageExpiry }} - name: Push Image if: ${{ !env.ACT }} id: push-to-quay @@ -136,6 +146,8 @@ jobs: platforms: linux/amd64,linux/arm64 dockerfiles: | ./bundle.Dockerfile + build-args: | + QUAY_IMAGE_EXPIRY=${{ inputs.quayImageExpiry }} - name: Push Image if: ${{ !env.ACT }} id: push-to-quay @@ -188,6 +200,7 @@ jobs: context: ./catalog dockerfiles: | ./catalog/${{ env.OPERATOR_NAME }}-catalog.Dockerfile + # The Quay image expiry label for the generated catalog Dockerfile is set via opm, using the value set in the QUAY_IMAGE_EXPIRY environment variable - name: Push Image if: ${{ !env.ACT }} id: push-to-quay diff --git a/.github/workflows/build-images-branches.yaml b/.github/workflows/build-images-branches.yaml index 133f1f2..524f15f 100644 --- a/.github/workflows/build-images-branches.yaml +++ b/.github/workflows/build-images-branches.yaml @@ -13,3 +13,4 @@ jobs: with: operatorVersion: ${{ github.ref_name }} operatorTag: ${{ github.ref_name }} + quayImageExpiry: 1w diff --git a/.github/workflows/build-images-scheduled.yaml b/.github/workflows/build-images-scheduled.yaml index e58df20..3f59195 100644 --- a/.github/workflows/build-images-scheduled.yaml +++ b/.github/workflows/build-images-scheduled.yaml @@ -13,3 +13,4 @@ jobs: operatorVersion: ${{ github.sha }} operatorTag: ${{ github.sha }} limitadorVersion: ${{ vars.LIMITADOR_SHA }} + quayImageExpiry: 2w diff --git a/Dockerfile b/Dockerfile index e03b52f..8047a89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.21 as builder +FROM golang:1.21 AS builder WORKDIR /workspace # Copy the Go Modules manifests @@ -31,4 +31,9 @@ WORKDIR / COPY --from=builder /workspace/manager . USER 65532:65532 +# Quay image expiry +ARG QUAY_IMAGE_EXPIRY +ENV QUAY_IMAGE_EXPIRY=${QUAY_IMAGE_EXPIRY:-never} +LABEL quay.expires-after=$QUAY_IMAGE_EXPIRY + ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index ae66f93..beb0232 100644 --- a/Makefile +++ b/Makefile @@ -277,7 +277,7 @@ run: manifests generate fmt vet ## Run a controller from your host.) docker-build: GIT_SHA=$(shell git rev-parse HEAD || echo "unknown") docker-build: DIRTY=$(shell $(PROJECT_PATH)/utils/check-git-dirty.sh || echo "unknown") docker-build: ## Build docker image with the manager. - docker build --build-arg GIT_SHA=$(GIT_SHA) --build-arg DIRTY=$(DIRTY) -t $(IMG) . + docker build --build-arg GIT_SHA=$(GIT_SHA) --build-arg DIRTY=$(DIRTY) --build-arg QUAY_IMAGE_EXPIRY=$(QUAY_IMAGE_EXPIRY) -t $(IMG) . docker-push: ## Push docker image with the manager. docker push $(IMG) @@ -340,6 +340,7 @@ bundle: $(KUSTOMIZE) $(OPERATOR_SDK) $(YQ) manifests ## Generate bundle manifest # Validate bundle manifests $(OPERATOR_SDK) bundle validate ./bundle $(MAKE) bundle-ignore-createdAt + echo "$$QUAY_EXPIRY_TIME_LABEL" >> bundle.Dockerfile .PHONY: bundle-ignore-createdAt bundle-ignore-createdAt: @@ -354,7 +355,7 @@ bundle-ignore-createdAt: .PHONY: bundle-build bundle-build: ## Build the bundle image. - docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + docker build --build-arg QUAY_IMAGE_EXPIRY=$(QUAY_IMAGE_EXPIRY) -f bundle.Dockerfile -t $(BUNDLE_IMG) . .PHONY: bundle-push bundle-push: ## Push the bundle image. diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 4560d7b..0806175 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -18,3 +18,8 @@ LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ COPY bundle/manifests /manifests/ COPY bundle/metadata /metadata/ COPY bundle/tests/scorecard /tests/scorecard/ + +# Quay image expiry +ARG QUAY_IMAGE_EXPIRY +ENV QUAY_IMAGE_EXPIRY=${QUAY_IMAGE_EXPIRY:-never} +LABEL quay.expires-after=${QUAY_IMAGE_EXPIRY} diff --git a/make/catalog.mk b/make/catalog.mk index e59ff58..731ecd5 100644 --- a/make/catalog.mk +++ b/make/catalog.mk @@ -6,9 +6,22 @@ CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:$(IMAGE_TAG) CATALOG_FILE = $(PROJECT_PATH)/catalog/limitador-operator-catalog/operator.yaml CATALOG_DOCKERFILE = $(PROJECT_PATH)/catalog/limitador-operator-catalog.Dockerfile +# Quay image default expiry +QUAY_IMAGE_EXPIRY ?= never + +# A LABEL that can be appended to a generated Dockerfile to set the Quay image expiration through Docker arguments. +define QUAY_EXPIRY_TIME_LABEL + +# Quay image expiry +ARG QUAY_IMAGE_EXPIRY +ENV QUAY_IMAGE_EXPIRY=$${QUAY_IMAGE_EXPIRY:-never} +LABEL quay.expires-after=$${QUAY_IMAGE_EXPIRY} +endef +export QUAY_EXPIRY_TIME_LABEL + $(CATALOG_DOCKERFILE): $(OPM) -mkdir -p $(PROJECT_PATH)/catalog/limitador-operator-catalog - cd $(PROJECT_PATH)/catalog && $(OPM) generate dockerfile limitador-operator-catalog + cd $(PROJECT_PATH)/catalog && $(OPM) generate dockerfile limitador-operator-catalog -l quay.expires-after=$(QUAY_IMAGE_EXPIRY) catalog-dockerfile: $(CATALOG_DOCKERFILE) ## Generate catalog dockerfile. $(CATALOG_FILE): $(OPM) $(YQ)