Skip to content

Commit

Permalink
Feat: Add OCP bundle to CICD workflow (#1034)
Browse files Browse the repository at this point in the history
Changes overview:
- Renames the `network-operator-docker-and-helm-ci.yaml` workflow
to`ci.yaml`; workflow contains three core jobs:
  1. _docker-build-push_
  2. _helm-package-publish_
  3. _ocp-bundle_
- Adds job for OCP bundling and delivery:
  - Runs only when git _tags_ are pushed.
  - Makes the OCP bundle.
- Creates a PR to _network-operator_, to update the local copy of the
bundle.
- Creates a PR to RedHat's
[_certified-operators_](https://github.com/redhat-openshift-ecosystem/certified-operators)
(only for GA releases).
  
(EDIT: corrected name again - from `cicd.yaml` to `cd.yaml`)
  • Loading branch information
maze88 authored Sep 4, 2024
2 parents b8972cc + 15c2a3a commit 21ac34b
Show file tree
Hide file tree
Showing 3 changed files with 188 additions and 95 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "Build"
name: "Checks"
on: [push, pull_request]

jobs:
Expand Down
187 changes: 187 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
name: Docker, Helm and OCP CI

on:
push:
branches:
- "master"
- "v*.x"
tags:
- "v*"

# note: various environment variable names are set to match expectation from the Makefile; do not change without comparing
env:
DEFAULT_BRANCH: master
REGISTRY: nvcr.io/nvstaging/mellanox
IMAGE_NAME: network-operator

jobs:
docker-build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- if: github.ref_type == 'branch'
name: Determine docker tags (when git branch)
run: |
git_sha=$(git rev-parse --short HEAD) # short git commit hash
latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master
echo DOCKER_TAGS=""$git_sha $latest"" >> $GITHUB_ENV
- if: github.ref_type == 'tag'
name: Determine docker tags (when git tag)
run: |
git_tag=${{ github.ref_name }}
echo DOCKER_TAGS=""$git_tag"" >> $GITHUB_ENV
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Make build and push
env:
TAG: mellanox/${{ env.IMAGE_NAME }}
run: |
echo "Docker tags will be: $DOCKER_TAGS"
for docker_tag in $DOCKER_TAGS; do
make VERSION=$docker_tag image-build-multiarch image-push-multiarch
done
helm-package-publish:
needs:
- docker-build-push
runs-on: ubuntu-latest
steps:
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
uses: actions/checkout@v4
- if: github.ref_name == env.DEFAULT_BRANCH
name: Determine versions (when git branch)
run: |
app_version=$(git rev-parse --short HEAD) # short git commit hash
current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml)
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV
echo VERSION=""$current_chart_version-$app_version"" >> $GITHUB_ENV
- if: github.ref_type == 'tag'
name: Determine versions (when git tag)
run: |
git_tag=${{ github.ref_name }}
app_version=$git_tag
chart_version=${git_tag:1} # without the 'v' prefix
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV
echo VERSION=""$chart_version"" >> $GITHUB_ENV
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
name: NGC setup and authentication
run: |
wget \
--no-verbose \
--content-disposition \
-O ngccli_linux.zip \
https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip
unzip -q ngccli_linux.zip
echo "./ngc-cli" >> $GITHUB_PATH
ngc-cli/ngc config set <<EOF
${{ secrets.NVCR_TOKEN }}
json
nvstaging
mellanox
no-ace
EOF
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
name: Make package and push
env:
NGC_REPO: nvstaging/mellanox/network-operator
run: |
make chart-build chart-push
ocp-bundle:
if: github.ref_type == 'tag'
needs:
- docker-build-push
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }}
DOWNSTREAM_REPO_OWNER: nvidia-ci-cd
UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Determine version and tag
run: |
git_tag=${{ github.ref_name }}
echo VERSION_WITH_PREFIX=$git_tag >> $GITHUB_ENV
echo VERSION_WITHOUT_PREFIX=${git_tag:1} >> $GITHUB_ENV # without the 'v' prefix
- name: Lookup image digest
run: |
network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest)
echo $network_operator_digest | wc -w | grep 1 # verifies value not empty
echo NETWORK_OPERATOR_DIGEST=$network_operator_digest >> $GITHUB_ENV
- name: Make bundle
env:
TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }}
BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }}
VERSION: ${{ env.VERSION_WITHOUT_PREFIX }}
NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }}
run: |
version_major_minor=$(echo $VERSION_WITH_PREFIX | sed -E 's/\.[0-9]+$$//')
export CHANNELS=stable,$version_major_minor
export DEFAULT_CHANNEL=$version_major_minor
make bundle bundle-build bundle-push
- name: Create PR with bundle to Network Operator
env:
FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }}
run: |
git config user.name nvidia-ci-cd
git config user.email [email protected]
git checkout -b $FEATURE_BRANCH
git status
git add bundle
git commit -m "task: update bundle to $VERSION_WITH_PREFIX"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $FEATURE_BRANCH \
--base $DEFAULT_BRANCH \
--title "task: update bundle to $VERSION_WITH_PREFIX" \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
- name: Determine if to send bundle to RedHat
run: |
echo SEND_BUNDLE_TO_REDHAT=$(echo ${{ github.ref_name}} | grep -qE "v[0-9]+.[0-9]+.[0-9]+$" && echo true || echo false) >> $GITHUB_ENV
- if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }}
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
repository: ${{ env.UPSTREAM_REPO_OWNER }}/certified-operators
path: certified-operators
- if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }}
name: Create PR with bundle to RedHat
env:
UPSTREAM_DEFAULT_BRANCH: main
FEATURE_BRANCH: network-operator-bundle-${{ env.VERSION_WITHOUT_PREFIX }}
NEW_BUNDLE_DIR: operators/nvidia-network-operator/${{ env.VERSION_WITHOUT_PREFIX }}
run: |
pushd certified-operators
git config user.name nvidia-ci-cd
git config user.email [email protected]
gh repo fork --remote --default-branch-only
gh repo sync $DOWNSTREAM_REPO_OWNER/certified-operators --source $UPSTREAM_REPO_OWNER/certified-operators --branch $UPSTREAM_DEFAULT_BRANCH
git checkout -b $FEATURE_BRANCH
mkdir -p $NEW_BUNDLE_DIR
cp -r ../bundle/* $NEW_BUNDLE_DIR
git add $NEW_BUNDLE_DIR
git commit -m "operator nvidia-network-operator ($VERSION_WITHOUT_PREFIX)"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $DOWNSTREAM_REPO_OWNER:$FEATURE_BRANCH \
--base $UPSTREAM_DEFAULT_BRANCH \
--fill \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
popd
94 changes: 0 additions & 94 deletions .github/workflows/network-operator-docker-and-helm-ci.yaml

This file was deleted.

0 comments on commit 21ac34b

Please sign in to comment.