diff --git a/.github/workflows/build.yml b/.github/workflows/checks.yaml similarity index 99% rename from .github/workflows/build.yml rename to .github/workflows/checks.yaml index 45e6dc1a8..92888079a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/checks.yaml @@ -1,4 +1,4 @@ -name: "Build" +name: "Checks" on: [push, pull_request] jobs: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..daa0f6c7a --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,187 @@ +name: Docker, Helm and OCP CI + +on: + push: + branches: + - "master" + - "v*.x" + tags: + - "v*" + +# note: various environment variable names are set to match expectation from the Makefile; do not change without comparing +env: + DEFAULT_BRANCH: master + REGISTRY: nvcr.io/nvstaging/mellanox + IMAGE_NAME: network-operator + +jobs: + docker-build-push: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - if: github.ref_type == 'branch' + name: Determine docker tags (when git branch) + run: | + git_sha=$(git rev-parse --short HEAD) # short git commit hash + latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master + echo DOCKER_TAGS=""$git_sha $latest"" >> $GITHUB_ENV + - if: github.ref_type == 'tag' + name: Determine docker tags (when git tag) + run: | + git_tag=${{ github.ref_name }} + echo DOCKER_TAGS=""$git_tag"" >> $GITHUB_ENV + - uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.NVCR_USERNAME }} + password: ${{ secrets.NVCR_TOKEN }} + - name: Make build and push + env: + TAG: mellanox/${{ env.IMAGE_NAME }} + run: | + echo "Docker tags will be: $DOCKER_TAGS" + for docker_tag in $DOCKER_TAGS; do + make VERSION=$docker_tag image-build-multiarch image-push-multiarch + done + + helm-package-publish: + needs: + - docker-build-push + runs-on: ubuntu-latest + steps: + - if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' + uses: actions/checkout@v4 + - if: github.ref_name == env.DEFAULT_BRANCH + name: Determine versions (when git branch) + run: | + app_version=$(git rev-parse --short HEAD) # short git commit hash + current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml) + echo APP_VERSION=""$app_version"" >> $GITHUB_ENV + echo VERSION=""$current_chart_version-$app_version"" >> $GITHUB_ENV + - if: github.ref_type == 'tag' + name: Determine versions (when git tag) + run: | + git_tag=${{ github.ref_name }} + app_version=$git_tag + chart_version=${git_tag:1} # without the 'v' prefix + echo APP_VERSION=""$app_version"" >> $GITHUB_ENV + echo VERSION=""$chart_version"" >> $GITHUB_ENV + - if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' + name: NGC setup and authentication + run: | + wget \ + --no-verbose \ + --content-disposition \ + -O ngccli_linux.zip \ + https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip + unzip -q ngccli_linux.zip + echo "./ngc-cli" >> $GITHUB_PATH + + ngc-cli/ngc config set <> $GITHUB_ENV + echo VERSION_WITHOUT_PREFIX=${git_tag:1} >> $GITHUB_ENV # without the 'v' prefix + - name: Lookup image digest + run: | + network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest) + echo $network_operator_digest | wc -w | grep 1 # verifies value not empty + echo NETWORK_OPERATOR_DIGEST=$network_operator_digest >> $GITHUB_ENV + - name: Make bundle + env: + TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }} + BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }} + VERSION: ${{ env.VERSION_WITHOUT_PREFIX }} + NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }} + run: | + version_major_minor=$(echo $VERSION_WITH_PREFIX | sed -E 's/\.[0-9]+$$//') + export CHANNELS=stable,$version_major_minor + export DEFAULT_CHANNEL=$version_major_minor + make bundle bundle-build bundle-push + - name: Create PR with bundle to Network Operator + env: + FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }} + run: | + git config user.name nvidia-ci-cd + git config user.email svc-cloud-orch-gh@nvidia.com + + git checkout -b $FEATURE_BRANCH + git status + git add bundle + git commit -m "task: update bundle to $VERSION_WITH_PREFIX" + + git push -u origin $FEATURE_BRANCH + gh pr create \ + --head $FEATURE_BRANCH \ + --base $DEFAULT_BRANCH \ + --title "task: update bundle to $VERSION_WITH_PREFIX" \ + --body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." + - name: Determine if to send bundle to RedHat + run: | + echo SEND_BUNDLE_TO_REDHAT=$(echo ${{ github.ref_name}} | grep -qE "v[0-9]+.[0-9]+.[0-9]+$" && echo true || echo false) >> $GITHUB_ENV + - if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }} + uses: actions/checkout@v4 + with: + token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step + repository: ${{ env.UPSTREAM_REPO_OWNER }}/certified-operators + path: certified-operators + - if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }} + name: Create PR with bundle to RedHat + env: + UPSTREAM_DEFAULT_BRANCH: main + FEATURE_BRANCH: network-operator-bundle-${{ env.VERSION_WITHOUT_PREFIX }} + NEW_BUNDLE_DIR: operators/nvidia-network-operator/${{ env.VERSION_WITHOUT_PREFIX }} + run: | + pushd certified-operators + + git config user.name nvidia-ci-cd + git config user.email svc-cloud-orch-gh@nvidia.com + gh repo fork --remote --default-branch-only + gh repo sync $DOWNSTREAM_REPO_OWNER/certified-operators --source $UPSTREAM_REPO_OWNER/certified-operators --branch $UPSTREAM_DEFAULT_BRANCH + + git checkout -b $FEATURE_BRANCH + mkdir -p $NEW_BUNDLE_DIR + cp -r ../bundle/* $NEW_BUNDLE_DIR + git add $NEW_BUNDLE_DIR + git commit -m "operator nvidia-network-operator ($VERSION_WITHOUT_PREFIX)" + + git push -u origin $FEATURE_BRANCH + gh pr create \ + --head $DOWNSTREAM_REPO_OWNER:$FEATURE_BRANCH \ + --base $UPSTREAM_DEFAULT_BRANCH \ + --fill \ + --body "Created by the *${{ github.job }}* job in [${{ github.repository }} CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." + + popd diff --git a/.github/workflows/network-operator-docker-and-helm-ci.yaml b/.github/workflows/network-operator-docker-and-helm-ci.yaml deleted file mode 100644 index b82919e14..000000000 --- a/.github/workflows/network-operator-docker-and-helm-ci.yaml +++ /dev/null @@ -1,94 +0,0 @@ -name: Network Operator Docker and Helm CI - -on: - push: - branches: - - "master" - - "v[0-9]+.[0-9]+.x" - tags: - - "v[0-9]+.[0-9]+.[0-9]+*" - -env: - DEFAULT_BRANCH: master - -jobs: - docker-build-push: - runs-on: ubuntu-latest - env: - REGISTRY: nvcr.io/nvstaging/mellanox - IMAGE_NAME: network-operator # used in makefile - steps: - - uses: actions/checkout@v4 - - if: github.ref_type == 'branch' - name: Determine docker tags (when git branch) - run: | - git_sha=$(git rev-parse --short HEAD) # short git commit hash - latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master - echo DOCKER_TAGS=""$git_sha $latest"" >> $GITHUB_ENV - - if: github.ref_type == 'tag' - name: Determine docker tags (when git tag) - run: | - git_tag=${{ github.ref_name }} - echo DOCKER_TAGS=""$git_tag"" >> $GITHUB_ENV - - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.NVCR_USERNAME }} - password: ${{ secrets.NVCR_TOKEN }} - - name: Make build and push - run: | - echo "Docker tags will be: $DOCKER_TAGS" - for docker_tag in $DOCKER_TAGS; do - make VERSION=$docker_tag image-build-multiarch image-push-multiarch - done - - helm-package-publish: - needs: docker-build-push - runs-on: ubuntu-latest - env: - NGC_REPO: nvstaging/mellanox/network-operator - steps: - - if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' - uses: actions/checkout@v4 - - if: github.ref_name == env.DEFAULT_BRANCH - name: Determine versions (when git branch) - run: | - app_version=$(git rev-parse --short HEAD) # short git commit hash - current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml) - echo APP_VERSION=""$app_version"" >> $GITHUB_ENV - echo VERSION=""$current_chart_version-$app_version"" >> $GITHUB_ENV - - if: github.ref_type == 'tag' - name: Determine versions (when git tag) - run: | - git_tag=${{ github.ref_name }} - app_version=$git_tag - chart_version=${git_tag:1} # without the 'v' prefix - echo APP_VERSION=""$app_version"" >> $GITHUB_ENV - echo VERSION=""$chart_version"" >> $GITHUB_ENV - - if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag' - name: NGC authentication - run: | - wget \ - --no-verbose \ - --content-disposition \ - -O ngccli_linux.zip \ - https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip - unzip -q ngccli_linux.zip - echo "./ngc-cli" >> $GITHUB_PATH - - ngc-cli/ngc config set <