update ci workflow to push to both quay repos

Author: dminnear-rh

.github/workflows/container-test.yml

@@ -1,6 +1,11 @@
 ---
 name: "Container build and test"
-on: [push, pull_request]
+
+on:
+  pull_request:
+    branches: ["main"]
+
+permissions: read-all
 
 jobs:
   podman-build:

.github/workflows/docker-publish.yml

@@ -0,0 +1,96 @@
+---
+name: Docker build and push to quay
+permissions: read-all
+
+on:
+  push:
+    branches: ['main']
+    tags: ['v*.*.*']
+
+env:
+  REGISTRY: quay.io
+
+jobs:
+  build-container-and-push:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image:
+          - name: hybridcloudpatterns/utility-container
+            username_secret: LEGACY_QUAY_USERNAME
+            password_secret: LEGACY_QUAY_PASSWORD
+          - name: validatedpatterns/utility-container
+            username_secret: QUAY_USERNAME
+            password_secret: QUAY_PASSWORD
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # Install the cosign tool
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      # Login against a Docker registry
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets[matrix.image.username_secret] }}
+          password: ${{ secrets[matrix.image.password_secret] }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ matrix.image.name }}
+
+      # Build and push Docker image with Buildx
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: Containerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I "{}" cosign sign --yes "{}@${DIGEST}"

.github/workflows/superlinter.yml

@@ -1,7 +1,9 @@
 ---
 name: Super linter
 
-on: [push, pull_request]
+on:
+  pull_request:
+    branches: ["main"]
 
 jobs:
   build:

Makefile

@@ -3,7 +3,7 @@ TAG ?= latest
 CONTAINER ?= $(NAME):$(TAG)
 
 REGISTRY ?= localhost
-UPLOADREGISTRY ?= quay.io/hybridcloudpatterns
+UPLOADREGISTRY ?= quay.io/validatedpatterns
 TESTCOMMAND := "set -e; echo '* Helm: '; helm version; \
 		echo '* ArgoCD: '; argocd version --client ; \
 		echo '* Tekton: '; tkn version ; \
@@ -161,7 +161,7 @@ super-linter: ## Runs super linter locally
 					ghcr.io/super-linter/super-linter:slim-v8
 
 .PHONY: upload
-upload: ## Uploads the container to quay.io/hybridcloudpatterns/${CONTAINER}
+upload: ## Uploads the container to quay.io/validatedpatterns/${CONTAINER}
 	@echo "Uploading the ${REGISTRY}/${CONTAINER} container to ${UPLOADREGISTRY}/${CONTAINER}"
 	buildah manifest push --all "${REGISTRY}/${CONTAINER}" "docker://${UPLOADREGISTRY}/${CONTAINER}"
 
@@ -200,4 +200,3 @@ cluster-stop: ## Stops the hosted-cluster machines
 		-v ${HOME}:${HOME} \
 		-v ${HOME}/.aws:/pattern-home/.aws \
 		"${REGISTRY}/${CONTAINER}" python3 /usr/local/bin/stop-instances.py -f ${CLUSTER}
-

README.md

@@ -1,6 +1,6 @@
-# Validated Pattern Utility Container
+# Validated Patterns Utility Container
 
-[![Quay Repository](https://img.shields.io/badge/Quay.io-utility--container-blue?logo=quay)](https://quay.io/repository/hybridcloudpatterns/utility-container)
+[![Quay Repository](https://img.shields.io/badge/Quay.io-utility--container-blue?logo=quay)](https://quay.io/repository/validatedpatterns/utility-container)
 
 A utility container for simplified execution of imperative commands in each of the Validated Patterns.
 
@@ -17,12 +17,12 @@ This container provides a pre-configured environment with all the necessary tool
 |ansible-runner                     |pip       |2.4.1         |
 |ansible.utils                      |collection|6.0.0         |
 |argocd                             |binary    |v2.9.7+fbb6b20|
-|awscli                             |pip       |1.42.18       |
+|awscli                             |pip       |1.42.20       |
 |awx.awx                            |collection|24.6.1        |
 |awxkit                             |pip       |24.6.1        |
 |azure-cli                          |pip       |2.76.0        |
-|boto3                              |pip       |1.40.18       |
-|botocore                           |pip       |1.40.18       |
+|boto3                              |pip       |1.40.20       |
+|botocore                           |pip       |1.40.20       |
 |community.general                  |collection|11.2.1        |
 |community.okd                      |collection|5.0.0         |
 |gcloud                             |pip       |0.18.3        |
@@ -57,7 +57,7 @@ This container provides a pre-configured environment with all the necessary tool
 ### Pull the Image
 
 ```bash
-podman pull quay.io/hybridcloudpatterns/utility-container:latest
+podman pull quay.io/validatedpatterns/utility-container:latest
 ```
 
 ### Examples
@@ -70,7 +70,7 @@ podman run --rm -it --net=host \
   -v ${HOME}:/pattern \
   -v ${HOME}:${HOME} \
   -w $(pwd) \
-  quay.io/hybridcloudpatterns/utility-container:latest sh
+  quay.io/validatedpatterns/utility-container:latest sh
 ```
 
 **Execute an Ansible playbook**
@@ -81,7 +81,7 @@ podman run --rm -it --net=host \
   -v ${HOME}:/pattern \
   -v ${HOME}:${HOME} \
   -w $(pwd) \
-  quay.io/hybridcloudpatterns/utility-container:latest \
+  quay.io/validatedpatterns/utility-container:latest \
   ansible-playbook <playbook>.yml
 ```
 
@@ -93,7 +93,7 @@ podman run --rm -it --net=host \
   -v ${HOME}:/pattern \
   -v ${HOME}:${HOME} \
   -w $(pwd) \
-  quay.io/hybridcloudpatterns/utility-container:latest \
+  quay.io/validatedpatterns/utility-container:latest \
   oc get nodes
 ```