feat: build Service OCM Component (#59)

akafazov · web-flow · commit 16f2ea5cf457 · 2026-03-30T14:48:44.000+03:00
* feat: add GitHub Actions workflow for building root OCM component On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov <akafazov@cst-bg.net> * ocm: add step to sign root OCM component On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov <akafazov@cst-bg.net> * chore: rename "Root" to "Service OCM Component" On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov <akafazov@cst-bg.net> --------- Signed-off-by: Angel Kafazov <akafazov@cst-bg.net>
diff --git a/.github/workflows/pipeline-service-component.yml b/.github/workflows/pipeline-service-component.yml
@@ -0,0 +1,122 @@
+name: Build Service OCM Component
+on:
+  workflow_dispatch:
+    inputs:
+      componentName:
+        description: 'Service component name (e.g., github.com/platform-mesh/security-operator)'
+        required: true
+        type: string
+      chartName:
+        description: 'Chart name (e.g., security-operator)'
+        required: true
+        type: string
+      chartVersion:
+        description: 'Chart version (semver)'
+        required: true
+        type: string
+      appVersion:
+        description: 'App/image version (semver)'
+        required: true
+        type: string
+      imageComponentName:
+        description: 'Image component name suffix (defaults to repo name, e.g., security-operator)'
+        required: false
+        type: string
+
+permissions:
+  packages: write
+  contents: read
+
+jobs:
+  service-component:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+      - name: Setup OCM CLI
+        run: |
+          REPO=${repo:=open-component-model/ocm}
+          if [ -z "$version" -o "$version" == latest ]; then
+            version="$(basename "$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/$REPO/releases/latest)")"
+            echo "Selecting latest version: $version"
+          fi
+          VERSION=${version#v}
+          ARCHIVE_FILE="ocm-${VERSION}-linux-amd64.tar.gz"
+          URL="https://github.com/$REPO/releases/download/v${VERSION}/$ARCHIVE_FILE"
+          echo "Installing ocm-cli version $version from $REPO"
+          curl -LsS -o ocm-cli.tgz "$URL"
+          tar --overwrite -xvzf ocm-cli.tgz >/dev/null
+          chmod a+x ocm
+
+      - name: Write OCM credentials file
+        run: |
+          cat <<EOF > $HOME/.ocmconfig
+          type: generic.config.ocm.software/v1
+          configurations:
+            - type: credentials.config.ocm.software
+              consumers:
+                - identity:
+                    type: OCIRegistry
+                    scheme: https
+                    hostname: ghcr.io
+                    pathprefix: platform-mesh
+                  credentials:
+                    - type: Credentials
+                      properties:
+                        username: github
+                        password: ${{ secrets.GITHUB_TOKEN }}
+          EOF
+
+      - name: Determine image component name
+        run: |
+          # Use imageComponentName if provided, otherwise derive from chartName
+          IMAGE_COMPONENT_NAME="${{ inputs.imageComponentName }}"
+          if [ -z "$IMAGE_COMPONENT_NAME" ]; then
+            IMAGE_COMPONENT_NAME="${{ inputs.chartName }}"
+          fi
+          echo "IMAGE_COMPONENT_NAME=$IMAGE_COMPONENT_NAME" >> $GITHUB_ENV
+
+      - name: Write service component constructor
+        run: |
+          cat <<'EOF' > service-component-constructor.yaml
+          components:
+            - name: "{{ .COMPONENT_NAME }}"
+              version: "{{ .VERSION }}"
+              provider:
+                name: Platform Mesh Team
+              componentReferences:
+                - name: chart
+                  componentName: "github.com/platform-mesh/helm-charts/{{ .CHART_NAME }}"
+                  version: "{{ .VERSION }}"
+                - name: image
+                  componentName: "github.com/platform-mesh/images/{{ .IMAGE_COMPONENT_NAME }}"
+                  version: "{{ .APP_VERSION }}"
+          EOF
+
+      - name: Create OCM ComponentArchive
+        run: |
+          ocm_ctf=transport.ctf
+          ./ocm add components -c --templater=go --file "$ocm_ctf" service-component-constructor.yaml -- \
+            COMPONENT_NAME=${{ inputs.componentName }} \
+            VERSION=${{ inputs.chartVersion }} \
+            CHART_NAME=${{ inputs.chartName }} \
+            IMAGE_COMPONENT_NAME=${{ env.IMAGE_COMPONENT_NAME }} \
+            APP_VERSION=${{ inputs.appVersion }}
+
+      - name: Sign OCM Component
+        run: |
+          printf '%s' "$OCM_SIGNING_PRIVATE_KEY" > /tmp/ocm-signing.priv
+          ./ocm sign componentversion --signature platform-mesh --private-key /tmp/ocm-signing.priv transport.ctf
+          rm -f /tmp/ocm-signing.priv
+        env:
+          OCM_SIGNING_PRIVATE_KEY: ${{ secrets.OCM_SIGNING_PRIVATE_KEY }}
+
+      - name: Transfer to OCM registry
+        run: ./ocm transfer ctf --overwrite transport.ctf "ghcr.io/platform-mesh"
+
+      - name: Trigger aggregator build
+        run: |
+          gh workflow run ocm.yaml --repo "platform-mesh/ocm"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,5 @@
 
 # Generated release files (created by hack/ scripts)
 generated/
-dist/
+dist/
+.vscode/settings.json
