-
Notifications
You must be signed in to change notification settings - Fork 56
222 lines (208 loc) · 8.82 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
name: Docker, Helm and OCP CI
on:
push:
branches:
- "master"
- "v*.x"
tags:
- "v*"
# note: various environment variable names are set to match expectation from the Makefile; do not change without comparing
env:
DEFAULT_BRANCH: master
REGISTRY: nvcr.io/nvstaging/mellanox
IMAGE_NAME: network-operator
jobs:
docker-build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- if: github.ref_type == 'branch'
name: Determine docker tags (when git branch)
run: |
git_sha=$(git rev-parse --short HEAD) # short git commit hash
latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master
echo DOCKER_TAGS=""$git_sha $latest"" >> $GITHUB_ENV
- if: github.ref_type == 'tag'
name: Determine docker tags (when git tag)
run: |
git_tag=${{ github.ref_name }}
echo DOCKER_TAGS=""$git_tag"" >> $GITHUB_ENV
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Make build and push
env:
TAG: mellanox/${{ env.IMAGE_NAME }}
run: |
echo "Docker tags will be: $DOCKER_TAGS"
for docker_tag in $DOCKER_TAGS; do
make VERSION=$docker_tag image-build-multiarch image-push-multiarch
done
helm-package-publish:
needs:
- docker-build-push
runs-on: ubuntu-latest
steps:
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
uses: actions/checkout@v4
- if: github.ref_name == env.DEFAULT_BRANCH
name: Determine versions (when git branch)
run: |
app_version=$(git rev-parse --short HEAD) # short git commit hash
current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml)
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV
echo VERSION=""$current_chart_version-$app_version"" >> $GITHUB_ENV
- if: github.ref_type == 'tag'
name: Determine versions (when git tag)
run: |
git_tag=${{ github.ref_name }}
app_version=$git_tag
chart_version=${git_tag:1} # without the 'v' prefix
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV
echo VERSION=""$chart_version"" >> $GITHUB_ENV
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
name: NGC setup and authentication
run: |
wget \
--no-verbose \
--content-disposition \
-O ngccli_linux.zip \
https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip
unzip -q ngccli_linux.zip
echo "./ngc-cli" >> $GITHUB_PATH
ngc-cli/ngc config set <<EOF
${{ secrets.NVCR_TOKEN }}
json
nvstaging
mellanox
no-ace
EOF
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
name: Make package and push
env:
NGC_REPO: nvstaging/mellanox/network-operator
run: |
make chart-build chart-push
ocp-bundle:
needs:
- docker-build-push
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }}
DOWNSTREAM_REPO_OWNER: nvidia-ci-cd
UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
- name: Set is_push flag
id: set-is-push
run: |
if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
echo "is_push=false" >> $GITHUB_ENV
else
echo "is_push=true" >> $GITHUB_ENV
fi
- name: Determine version, tag, and base branch - Process based on is_push flag
run: |
if [[ "$is_push" == "true" ]]; then
echo "Setting VERSION_WITH_PREFIX to git commit hash."
VERSION_WITH_PREFIX=$(git rev-parse --short HEAD)
echo VERSION_WITH_PREFIX=$VERSION_WITH_PREFIX >> $GITHUB_ENV
else
git_tag=${{ github.ref_name }}
echo VERSION_WITH_PREFIX=$git_tag >> $GITHUB_ENV
echo VERSION_WITHOUT_PREFIX=${git_tag:1} >> $GITHUB_ENV # without the 'v' prefix
if echo $git_tag | grep beta; then
base_branch=$DEFAULT_BRANCH
else
v_major_minor=$(echo $git_tag | grep -Eo '^v[0-9]+\.[0-9]+')
base_branch=$v_major_minor.x
fi
echo BASE_BRANCH=$base_branch >> $GITHUB_ENV
fi
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Lookup image digest
run: |
network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest)
echo $network_operator_digest | wc -w | grep 1 # verifies value not empty
echo NETWORK_OPERATOR_DIGEST=$network_operator_digest >> $GITHUB_ENV
- name: Make bundle
env:
TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }}
BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }}
NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }}
run: |
if [[ "$is_push" == "false" ]]; then
export VERSION=${{ env.VERSION_WITHOUT_PREFIX }}
version_major_minor=$(echo $VERSION_WITH_PREFIX | grep -Eo 'v[0-9]+\.[0-9]+')
export CHANNELS=stable,$version_major_minor
export DEFAULT_CHANNEL=$version_major_minor
else
export DEFAULT_CHANNEL=v1.1 # hard coded
export CHANNELS=stable,v1.1 # hard coded
export VERSION=1.1.0-${{ env.VERSION_WITH_PREFIX }} # using the commit hash
fi
make bundle bundle-build bundle-push
if [[ "$is_push" == "true" ]]; then
export BUNDLE_IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:latest # hard coded
make bundle-build bundle-push
fi
- name: Create PR with bundle to Network Operator
if: github.ref_type == 'tag'
env:
FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }}
run: |
git config user.name nvidia-ci-cd
git config user.email [email protected]
git checkout -b $FEATURE_BRANCH
git status
git add bundle
git add bundle.Dockerfile
git commit -sm "task: update bundle to $VERSION_WITH_PREFIX"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $FEATURE_BRANCH \
--base $BASE_BRANCH \
--title "task: update bundle to $VERSION_WITH_PREFIX" \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
- name: Determine if to send bundle to RedHat
if: github.ref_type == 'tag'
run: |
echo SEND_BUNDLE_TO_REDHAT=$(echo ${{ github.ref_name}} | grep -qE "v[0-9]+.[0-9]+.[0-9]+$" && echo true || echo false) >> $GITHUB_ENV
- if: ${{ github.ref_type == 'tag' && env.SEND_BUNDLE_TO_REDHAT == 'true' }}
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
repository: ${{ env.UPSTREAM_REPO_OWNER }}/certified-operators
path: certified-operators
- if: ${{ github.ref_type == 'tag' && env.SEND_BUNDLE_TO_REDHAT == 'true' }}
name: Create PR with bundle to RedHat
env:
UPSTREAM_DEFAULT_BRANCH: main
FEATURE_BRANCH: network-operator-bundle-${{ env.VERSION_WITHOUT_PREFIX }}
NEW_BUNDLE_DIR: operators/nvidia-network-operator/${{ env.VERSION_WITHOUT_PREFIX }}
run: |
pushd certified-operators
git config user.name nvidia-ci-cd
git config user.email [email protected]
gh repo fork --remote --default-branch-only
gh repo sync $DOWNSTREAM_REPO_OWNER/certified-operators --source $UPSTREAM_REPO_OWNER/certified-operators --branch $UPSTREAM_DEFAULT_BRANCH
git checkout -b $FEATURE_BRANCH
mkdir -p $NEW_BUNDLE_DIR
cp -r ../bundle/* $NEW_BUNDLE_DIR
git add $NEW_BUNDLE_DIR
git commit -sm "operator nvidia-network-operator ($VERSION_WITHOUT_PREFIX)"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $DOWNSTREAM_REPO_OWNER:$FEATURE_BRANCH \
--base $UPSTREAM_DEFAULT_BRANCH \
--fill \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
popd