sigstore · javanlacerda · Sep 20, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024
diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
@@ -31,6 +31,7 @@ jobs:
     permissions:
       id-token: write
       contents: read
+      pull-requests: read
 
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -59,5 +60,23 @@ jobs:
       - name: creds
         run: gcloud auth configure-docker --quiet
 
+      - name: Formatted labels
+        id: labels
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          FORMATED_LABELS="--image-label commit-hash=$GITHUB_SHA"
+
+          BRANCH_NUMBER=$(gh pr list --state all --search "sha:$GITHUB_SHA" --label "breaking-change" | awk '{print $1}')
+          echo "Branch Number: $BRANCH_NUMBER" 
+
+          # Check if a pull request number was found
+          if [ -n "$BRANCH_NUMBER" ]; then
+            FORMATED_LABELS+=" --image-label breaking-change=true"
+          fi
+          echo "FORMATED_LABELS='$FORMATED_LABELS'" >> $GITHUB_OUTPUT
+
       - name: container
-        run: KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio make sign-keyless-ci
+        run: |
+          echo "Formated Label: ${{ steps.labels.outputs.FORMATED_LABELS }}"
+          KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} make sign-keyless-ci
diff --git a/Makefile b/Makefile
@@ -46,6 +46,13 @@ GHCR_PREFIX ?= ghcr.io/sigstore
 
 FULCIO_YAML ?= fulcio-$(GIT_TAG).yaml
 
+# It should be blank for default builds
+FORMATED_LABEL ?=
+
+GITHUB_RUN_NUMBER ?= "local"
+
+FULL_TAG := "0.$(shell date +%Y%m%d).$(GITHUB_RUN_NUMBER)-ref.$(GIT_VERSION)"
+
 # Binaries
 PROTOC-GEN-GO := $(TOOLS_BIN_DIR)/protoc-gen-go
 PROTOC-GEN-GO-GRPC := $(TOOLS_BIN_DIR)/protoc-gen-go-grpc
@@ -122,8 +129,8 @@ $(PROTOC-API-LINTER): $(TOOLS_DIR)/go.mod
 ko:
 	# fulcio
 	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
-	KO_DOCKER_REPO=$(KO_PREFIX)/fulcio ko resolve --bare \
-		--platform=linux/amd64 --tags $(GIT_VERSION) --tags $(GIT_HASH) \
+	KO_DOCKER_REPO=$(KO_PREFIX)/fulcio ko resolve $(FORMATED_LABEL) --bare \
+		--platform=linux/amd64 --tags $(GIT_VERSION) --tags $(GIT_HASH) --tags $(FULL_TAG) \
 		--image-refs fulcioImagerefs --filename config/ > $(FULCIO_YAML)
 
 .PHONY: ko-local