-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feat: Add OCP bundle to CICD workflow (#1034)
Changes overview: - Renames the `network-operator-docker-and-helm-ci.yaml` workflow to`ci.yaml`; workflow contains three core jobs: 1. _docker-build-push_ 2. _helm-package-publish_ 3. _ocp-bundle_ - Adds job for OCP bundling and delivery: - Runs only when git _tags_ are pushed. - Makes the OCP bundle. - Creates a PR to _network-operator_, to update the local copy of the bundle. - Creates a PR to RedHat's [_certified-operators_](https://github.com/redhat-openshift-ecosystem/certified-operators) (only for GA releases). (EDIT: corrected name again - from `cicd.yaml` to `cd.yaml`)
- Loading branch information
Showing
3 changed files
with
188 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
name: "Build" | ||
name: "Checks" | ||
on: [push, pull_request] | ||
|
||
jobs: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
name: Docker, Helm and OCP CI | ||
|
||
on: | ||
push: | ||
branches: | ||
- "master" | ||
- "v*.x" | ||
tags: | ||
- "v*" | ||
|
||
# note: various environment variable names are set to match expectation from the Makefile; do not change without comparing | ||
env: | ||
DEFAULT_BRANCH: master | ||
REGISTRY: nvcr.io/nvstaging/mellanox | ||
IMAGE_NAME: network-operator | ||
|
||
jobs: | ||
docker-build-push: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- if: github.ref_type == 'branch' | ||
name: Determine docker tags (when git branch) | ||
run: | | ||
git_sha=$(git rev-parse --short HEAD) # short git commit hash | ||
latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master | ||
echo DOCKER_TAGS=""$git_sha $latest"" >> $GITHUB_ENV | ||
- if: github.ref_type == 'tag' | ||
name: Determine docker tags (when git tag) | ||
run: | | ||
git_tag=${{ github.ref_name }} | ||
echo DOCKER_TAGS=""$git_tag"" >> $GITHUB_ENV | ||
- uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ secrets.NVCR_USERNAME }} | ||
password: ${{ secrets.NVCR_TOKEN }} | ||
- name: Make build and push | ||
env: | ||
TAG: mellanox/${{ env.IMAGE_NAME }} | ||
run: | | ||
echo "Docker tags will be: $DOCKER_TAGS" | ||
for docker_tag in $DOCKER_TAGS; do | ||
make VERSION=$docker_tag image-build-multiarch image-push-multiarch | ||
done | ||
helm-package-publish: | ||
needs: | ||
- docker-build-push | ||
runs-on: ubuntu-latest | ||
steps: | ||
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' | ||
uses: actions/checkout@v4 | ||
- if: github.ref_name == env.DEFAULT_BRANCH | ||
name: Determine versions (when git branch) | ||
run: | | ||
app_version=$(git rev-parse --short HEAD) # short git commit hash | ||
current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml) | ||
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV | ||
echo VERSION=""$current_chart_version-$app_version"" >> $GITHUB_ENV | ||
- if: github.ref_type == 'tag' | ||
name: Determine versions (when git tag) | ||
run: | | ||
git_tag=${{ github.ref_name }} | ||
app_version=$git_tag | ||
chart_version=${git_tag:1} # without the 'v' prefix | ||
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV | ||
echo VERSION=""$chart_version"" >> $GITHUB_ENV | ||
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' | ||
name: NGC setup and authentication | ||
run: | | ||
wget \ | ||
--no-verbose \ | ||
--content-disposition \ | ||
-O ngccli_linux.zip \ | ||
https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip | ||
unzip -q ngccli_linux.zip | ||
echo "./ngc-cli" >> $GITHUB_PATH | ||
ngc-cli/ngc config set <<EOF | ||
${{ secrets.NVCR_TOKEN }} | ||
json | ||
nvstaging | ||
mellanox | ||
no-ace | ||
EOF | ||
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' | ||
name: Make package and push | ||
env: | ||
NGC_REPO: nvstaging/mellanox/network-operator | ||
run: | | ||
make chart-build chart-push | ||
ocp-bundle: | ||
if: github.ref_type == 'tag' | ||
needs: | ||
- docker-build-push | ||
runs-on: ubuntu-latest | ||
env: | ||
GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} | ||
DOWNSTREAM_REPO_OWNER: nvidia-ci-cd | ||
UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step | ||
- uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ secrets.NVCR_USERNAME }} | ||
password: ${{ secrets.NVCR_TOKEN }} | ||
- name: Determine version and tag | ||
run: | | ||
git_tag=${{ github.ref_name }} | ||
echo VERSION_WITH_PREFIX=$git_tag >> $GITHUB_ENV | ||
echo VERSION_WITHOUT_PREFIX=${git_tag:1} >> $GITHUB_ENV # without the 'v' prefix | ||
- name: Lookup image digest | ||
run: | | ||
network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest) | ||
echo $network_operator_digest | wc -w | grep 1 # verifies value not empty | ||
echo NETWORK_OPERATOR_DIGEST=$network_operator_digest >> $GITHUB_ENV | ||
- name: Make bundle | ||
env: | ||
TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }} | ||
BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }} | ||
VERSION: ${{ env.VERSION_WITHOUT_PREFIX }} | ||
NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }} | ||
run: | | ||
version_major_minor=$(echo $VERSION_WITH_PREFIX | sed -E 's/\.[0-9]+$$//') | ||
export CHANNELS=stable,$version_major_minor | ||
export DEFAULT_CHANNEL=$version_major_minor | ||
make bundle bundle-build bundle-push | ||
- name: Create PR with bundle to Network Operator | ||
env: | ||
FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }} | ||
run: | | ||
git config user.name nvidia-ci-cd | ||
git config user.email [email protected] | ||
git checkout -b $FEATURE_BRANCH | ||
git status | ||
git add bundle | ||
git commit -m "task: update bundle to $VERSION_WITH_PREFIX" | ||
git push -u origin $FEATURE_BRANCH | ||
gh pr create \ | ||
--head $FEATURE_BRANCH \ | ||
--base $DEFAULT_BRANCH \ | ||
--title "task: update bundle to $VERSION_WITH_PREFIX" \ | ||
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." | ||
- name: Determine if to send bundle to RedHat | ||
run: | | ||
echo SEND_BUNDLE_TO_REDHAT=$(echo ${{ github.ref_name}} | grep -qE "v[0-9]+.[0-9]+.[0-9]+$" && echo true || echo false) >> $GITHUB_ENV | ||
- if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }} | ||
uses: actions/checkout@v4 | ||
with: | ||
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step | ||
repository: ${{ env.UPSTREAM_REPO_OWNER }}/certified-operators | ||
path: certified-operators | ||
- if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }} | ||
name: Create PR with bundle to RedHat | ||
env: | ||
UPSTREAM_DEFAULT_BRANCH: main | ||
FEATURE_BRANCH: network-operator-bundle-${{ env.VERSION_WITHOUT_PREFIX }} | ||
NEW_BUNDLE_DIR: operators/nvidia-network-operator/${{ env.VERSION_WITHOUT_PREFIX }} | ||
run: | | ||
pushd certified-operators | ||
git config user.name nvidia-ci-cd | ||
git config user.email [email protected] | ||
gh repo fork --remote --default-branch-only | ||
gh repo sync $DOWNSTREAM_REPO_OWNER/certified-operators --source $UPSTREAM_REPO_OWNER/certified-operators --branch $UPSTREAM_DEFAULT_BRANCH | ||
git checkout -b $FEATURE_BRANCH | ||
mkdir -p $NEW_BUNDLE_DIR | ||
cp -r ../bundle/* $NEW_BUNDLE_DIR | ||
git add $NEW_BUNDLE_DIR | ||
git commit -m "operator nvidia-network-operator ($VERSION_WITHOUT_PREFIX)" | ||
git push -u origin $FEATURE_BRANCH | ||
gh pr create \ | ||
--head $DOWNSTREAM_REPO_OWNER:$FEATURE_BRANCH \ | ||
--base $UPSTREAM_DEFAULT_BRANCH \ | ||
--fill \ | ||
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." | ||
popd |
94 changes: 0 additions & 94 deletions
94
.github/workflows/network-operator-docker-and-helm-ci.yaml
This file was deleted.
Oops, something went wrong.