SumoLogic · sumo-drosiek · May 29, 2024 · May 29, 2024 · May 29, 2024 · May 29, 2024
@@ -9,7 +9,8 @@ jobs:
   build-all:
     runs-on: ubuntu-22.04
     env:
-      CHECK: "false"
+      CHECK: "true"
+      PYAXIS_API_TOKEN: ${{ secrets.RED_HAT_API_KEY }}
     steps:
       - uses: actions/checkout@v4
       - name: Build all

@@ -0,0 +1,75 @@
+name: Manual test run
+
+on:
+  workflow_dispatch:
+    inputs:
+      push:
+        type: choice
+        description: Push the image to repository
+        options:
+          - "true"
+          - "false"
+      check:
+        type: choice
+        description: Check the image using preflight
+        options:
+          - "true"
+          - "false"
+      certify:
+        type: choice
+        description: Certify the image
+        options:
+          - "true"
+          - "false"
+      force:
+        type: choice
+        description: Perform action even if image already exists
+        options:
+          - "false"
+          - "true"
+      name:
+        description: Image name
+        required: true
+        type: string
+      version:
+        description: Image version
+        required: true
+        type: string
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    env:
+      PUSH: "${{ inputs.push }}"
+      CHECK: "${{ inputs.check }}"
+      CERTIFY: "${{ inputs.certify }}"
+      FORCE: "${{ inputs.force }}"
+      NAME: "${{ inputs.NAME }}"
+      VERSION: "${{ inputs.VERSION }}"
+      PYAXIS_API_TOKEN: ${{ secrets.RED_HAT_API_KEY }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to Open Source ECR
+        run: make login
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: Get preflight
+        run: |
+          curl -L https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/latest/preflight-linux-amd64
+          chmod +x preflight-linux-amd64
+          mv preflight-linux-amd64 /usr/local/bin/preflight
+      - name: Build push
+        run: |
+          PYAXIS_API_TOKEN="${PYAXIS_API_TOKEN=}" \
+          NAME="${NAME}" \
+          VERSION="${VERSION}" \
+          CHECK="${CHECK}" \
+          PUSH="${PUSH}" \
+          FORCE="${FORCE}" \
+          CERTIFY="${CERTIFY}" \
+          ./scripts/build-push.sh
diff --git a/.github/workflows/run_manually_test.yml b/.github/workflows/run_manually_test.yml
@@ -0,0 +1,44 @@
+name: Manual test run
+
+on:
+  pull_request:
+    branches:
+      - main
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    env:
+      PUSH: "true"
+      CHECK: "true"
+      CERTIFY: "true"
+      FORCE: "true"
+      NAME: opentelemetry-operator
+      VERSION: "0.95.0"
+      PYAXIS_API_TOKEN: ${{ secrets.RED_HAT_API_KEY }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to Open Source ECR
+        run: make login
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: Get preflight
+        run: |
+          curl -LO https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/latest/download/preflight-linux-amd64
+          chmod +x preflight-linux-amd64
+          mv preflight-linux-amd64 /usr/local/bin/preflight
+      - name: Build push
+        run: |
+          PYAXIS_API_TOKEN="${PYAXIS_API_TOKEN=}" \
+          NAME="${NAME}" \
+          VERSION="${VERSION}" \
+          CHECK="${CHECK}" \
+          PUSH="${PUSH}" \
+          FORCE="${FORCE}" \
+          CERTIFY="${CERTIFY}" \
+          ./scripts/build-push.sh
@@ -1 +1,2 @@
 preflight.log
+artifacts
@@ -1,3 +1,5 @@
+OPENSOURCE_ECR_URL = public.ecr.aws/sumologic
+
 list-images-v4:
 	./scripts/list-images.py \
     	--fetch-base \
@@ -14,7 +16,15 @@ build-all:
 	CHECK=false ./scripts/build-push-all.sh
 
 check:
-	PUSH=true CERTIFY=false CHECK=true ./scripts/build-push-all.sh
+	PUSH=true CHECK=true CERTIFY=false ./scripts/build-push-all.sh
 
 certify:
-	PUSH=true CERTIFY=true CHECK=false ./scripts/build-push-all.sh
+	PUSH=true CHECK=true CERTIFY=true ./scripts/build-push-all.sh
+
+_login:
+	aws ecr-public get-login-password --region us-east-1 \
+	| docker login --username AWS --password-stdin $(ECR_URL)
+
+login:
+	$(MAKE) _login \
+		ECR_URL="$(OPENSOURCE_ECR_URL)"
@@ -2,6 +2,7 @@ VERSION_PREFIX ?= ""
 UPSTREAM_VERSION ?= ""
 VERSION := "${VERSION_PREFIX}${UPSTREAM_VERSION}"
 IMAGE_NAME ?= ""
+PLATFORM ?= "amd64"
 
 ifeq ($(UPSTREAM_VERSION),"")
         $(error UPSTREAM_VERSION is required)
@@ -16,7 +17,7 @@ build:
 	docker build . -t ${IMAGE_NAME} --build-arg UPSTREAM_VERSION=${UPSTREAM_VERSION} --build-arg RELEASE=$${RELEASE}
 
 check:
-	preflight check container ${IMAGE_NAME}
+	preflight check container ${IMAGE_NAME} --platform=${PLATFORM}
 
 push:
 	docker push ${IMAGE_NAME}
@@ -8,36 +8,12 @@ CHECK="${CHECK:-true}"
 CERTIFY="${CERTIFY:-false}"
 PUSH="${PUSH:-false}"
 
-## Sumo Logic Helm Operator project id
-## rel: https://connect.redhat.com/manage/products/6075d88c2b962feb86bea730/overview
-readonly OPERATOR_PROJECT_ID=6075d88c2b962feb86bea730
 
 if [[ -z "${PYAXIS_API_TOKEN}" && "${CHECK}" == "true" ]]; then
     echo "PYAXIS_API_TOKEN is required to perform check"
     exit -1
 fi
 
-## Perform image check
-function check(){
-    echo "Checking image, image: ${IMAGE_NAME}"
-    make -C ${NAME} check IMAGE_NAME=${IMAGE_NAME} UPSTREAM_VERSION="${UPSTREAM_VERSION}"
-}
-
-## Perform image submit for certification
-function submit(){
-    echo "Submitting image for cerification, image: ${IMAGE_NAME}"
-    ## Fetch container project id based on directory(image) name
-    CONTAINER_PROJECT_ID="$(curl -sH "X-API-KEY: ${PYAXIS_API_TOKEN}" "https://catalog.redhat.com/api/containers/v1/product-listings/id/${OPERATOR_PROJECT_ID}/projects/certification" | jq ".data[] | select(.name == \"${NAME}\")._id" --raw-output)"
-    ## Fetch key for image registry
-    CONTAINER_REGISTRY_KEY="$(curl -sH "X-API-KEY: ${PYAXIS_API_TOKEN}" "https://catalog.redhat.com/api/containers/v1/projects/certification/id/${CONTAINER_PROJECT_ID}/secrets" | jq ".registry_credentials.password" --raw-output)"
-
-    CONTAINER_PROJECT_ID=${CONTAINER_PROJECT_ID} \
-    CONTAINER_REGISTRY_KEY=${CONTAINER_REGISTRY_KEY} \
-    SUMOLOGIC_IMAGE=${IMAGE_NAME} \
-    ./scripts/submit_image.sh
-}
-
-
 IMAGES=$(./scripts/list-images.py \
     --fetch-base \
     --values scripts/values.yaml \
@@ -61,31 +37,11 @@ for IMAGE in ${IMAGES}; do
     IMAGE_NAME="${SUMO_REGISTRY}${NAME}:${UBI_VERSION}${DEV_SUFFIX}"
     echo "Image: ${IMAGE_NAME}"
 
-    if docker pull ${IMAGE_NAME}; then
-        if [[ "${CHECK}" == "true" ]]; then
-            check
-        fi
-
-        if [[ ${DEV_SUFFIX} != "-dev" ]]; then
-            # as non-dev image exists, we can go to the next one
-            # we may want push dev images once again, e.g. with fixes
-            echo "Image ${IMAGE_NAME} exists, there is no need to push it once again, continue with next image."
-            continue
-        fi
-    fi
-
-    make -C ${NAME} build IMAGE_NAME=${IMAGE_NAME} UPSTREAM_VERSION="${UPSTREAM_VERSION}"
-
-    if [[ "${PUSH}" == "true" ]]; then
-        echo "Pushing image, image: ${IMAGE_NAME}"
-        make -C ${NAME} push IMAGE_NAME=${IMAGE_NAME} UPSTREAM_VERSION="${UPSTREAM_VERSION}"
-    fi
-
-    if [[ "${CHECK}" == "true" ]]; then
-        check
-    fi
-
-    if [[ "${CERTIFY}" == "true" ]]; then
-        submit
-    fi
+   PYAXIS_API_TOKEN="${PYAXIS_API_TOKEN=}" \
+   NAME="${NAME}" \
+   VERSION="${VERSION}" \
+   CHECK="${CHECK}" \
+   PUSH="${PUSH}" \
+   CERTIFY="${CERTIFY}" \
+   ./scripts/build-push.sh
 done
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+set -e
+
+# consts
+readonly SUMO_REGISTRY="public.ecr.aws/sumologic/"
+
+function usage() {
+    echo "usage: NAME=image name VERSION= PYAXIS_API_TOKEN= ./scripts/build-push.sh
+
+PYAXIS_API_TOKEN    token for Red Hat API
+NAME                image to build, for example 'opentelemetry-operator'
+VERSION             version to build from (without prefix), for example 'v0.95.0'
+PUSH                set to 'true' to push image. Default is 'false'
+CHECK               set to 'true' to perform preflight check on the image. Default is 'false', requires 'PUSH=true'
+CERTIFY             set to 'true' to certify image. If 'false', it will use '-dev' suffix for image tag. Default is 'false', requires 'CHECK=true'
+FORCE               set to 'true' to perform action if image already exist in repository. Default is 'false'
+PLATFORM            platform to test. Default is 'amd64'"
+}
+
+## Perform image check
+function check(){
+    echo "Checking image, image: ${IMAGE_NAME}"
+    make -C "${NAME}" check PLATFORM="${PLATFORM}" IMAGE_NAME="${IMAGE_NAME}" UPSTREAM_VERSION="${VERSION}"
+}
+
+## Perform image submit for certification
+function submit(){
+    echo "Submitting image for cerification, image: ${IMAGE_NAME}"
+    ## Fetch container project id based on directory(image) name
+    CONTAINER_PROJECT_ID="$(curl -sH "X-API-KEY: ${PYAXIS_API_TOKEN}" "https://catalog.redhat.com/api/containers/v1/product-listings/id/${OPERATOR_PROJECT_ID}/projects/certification" | jq ".data[] | select(.name == \"${NAME}\")._id" --raw-output)"
+    ## Fetch key for image registry
+    CONTAINER_REGISTRY_KEY="$(curl -sH "X-API-KEY: ${PYAXIS_API_TOKEN}" "https://catalog.redhat.com/api/containers/v1/projects/certification/id/${CONTAINER_PROJECT_ID}/secrets" | jq ".registry_credentials.password" --raw-output)"
+    DOCKER_CONFIG_JSON="$(curl -sH "X-API-KEY: ${PYAXIS_API_TOKEN}" "https://catalog.redhat.com/api/containers/v1/projects/certification/id/${CONTAINER_PROJECT_ID}/secrets" | jq ".docker_config_json" --raw-output)"
+
+    CONTAINER_PROJECT_ID=${CONTAINER_PROJECT_ID} \
+    CONTAINER_REGISTRY_KEY=${CONTAINER_REGISTRY_KEY} \
+    AUTH_CONTENT=${DOCKER_CONFIG_JSON} \
+    SUMOLOGIC_IMAGE=${IMAGE_NAME} \
+    ./scripts/submit_image.sh
+}
+
+# NAME is a directory (image) name, for example `opentelemetry-operator`
+readonly NAME="${NAME}"
+readonly VERSION="${VERSION}"
+# Strip v from version
+readonly UPSTREAM_VERSION="${VERSION##[v]}"
+readonly CHECK="${CHECK:-true}"
+readonly PUSH="${PUSH:-false}"
+readonly CERTIFY="${CERTIFY:-false}"
+readonly FORCE="${FORCE:-false}"
+readonly PYAXIS_API_TOKEN="${PYAXIS_API_TOKEN}"
+readonly PLATFORM="${PLATFORM:-amd64}"
+DEV_SUFFIX=""
+
+## Sumo Logic Helm Operator project id
+## rel: https://connect.redhat.com/manage/products/6075d88c2b962feb86bea730/overview
+readonly OPERATOR_PROJECT_ID=6075d88c2b962feb86bea730
+
+if [[ -z "${NAME}" ]]; then
+    echo 'Missing NAME variable' 2>&1
+    usage
+    exit 1
+fi
+
+if [[ -z "${VERSION}" ]]; then
+    echo 'Missing VERSION variable' 2>&1
+    usage
+    exit 1
+fi
+
+if [[ -z "${PYAXIS_API_TOKEN}" ]]; then
+    echo 'Missing PYAXIS_API_TOKEN variable' 2>&1
+    usage
+    exit 1
+fi
+
+if [[ "${CERTIFY}" == "false" ]]; then
+    DEV_SUFFIX="-dev"
+fi
+readonly DEV_SUFFIX
+
+readonly UBI_VERSION="${VERSION}-ubi"
+readonly IMAGE_NAME="${SUMO_REGISTRY}${NAME}:${UBI_VERSION}${DEV_SUFFIX}"
+
+if docker pull "${IMAGE_NAME}" && [[ "${FORCE}" == "false" ]]; then
+    echo "Image ${IMAGE_NAME} exists, there is no need to push it once again, continue with next image." 2>&1
+    exit 0
+fi
+
+## Image do not exists or we forcefully want to build and push it
+
+# Build image
+make -C "${NAME}" build IMAGE_NAME="${IMAGE_NAME}" UPSTREAM_VERSION="${UPSTREAM_VERSION}"
+
+# Push image
+if [[ "${PUSH}" != "true" ]]; then
+    exit 0
+fi
+
+echo "Pushing image, image: ${IMAGE_NAME}" 2>&1
+make -C "${NAME}" push IMAGE_NAME="${IMAGE_NAME}" UPSTREAM_VERSION="${UPSTREAM_VERSION}"
+
+if [[ "${CHECK}" == "false" ]]; then
+    exit 0
+fi
+check
+
+if [[ "${CERTIFY}" == "false" ]]; then
+    exit 0
+fi
+
+submit
@@ -9,6 +9,9 @@ then
     exit 1
 fi
 
+AUTH_CONTENT="${AUTH_CONTENT}"
+readonly PLATFORM="${PLATFORM:-amd64}"
+
 echo "${CONTAINER_REGISTRY_KEY}" | docker login -u "redhat-isv-containers+${CONTAINER_PROJECT_ID}-robot" quay.io --password-stdin
 
 # extract tag
@@ -19,16 +22,19 @@ docker tag ${SUMOLOGIC_IMAGE} "quay.io/redhat-isv-containers/${CONTAINER_PROJECT
 docker push "quay.io/redhat-isv-containers/${CONTAINER_PROJECT_ID}:${TAG}"
 
 # prepare temporary auth file
-AUTH_KEY=$(echo -n  "redhat-isv-containers+${CONTAINER_PROJECT_ID}-robot:${CONTAINER_REGISTRY_KEY}" | base64 --wrap 0)
-AUTH_CONTENT="{\"auths\": {\"quay.io\": {\"auth\": \"${AUTH_KEY}\"}}}"
+if [[ -z "${AUTH_CONTENT}" ]]; then
+    AUTH_KEY=$(echo -n  "redhat-isv-containers+${CONTAINER_PROJECT_ID}-robot:${CONTAINER_REGISTRY_KEY}" | base64 --wrap 0)
+    AUTH_CONTENT="{\"auths\": {\"quay.io\": {\"auth\": \"${AUTH_KEY}\"}}}"
+fi
 echo ${AUTH_CONTENT} > temp_auth.json
 
 # submit image
 preflight check container "quay.io/redhat-isv-containers/${CONTAINER_PROJECT_ID}:${TAG}" \
 --submit \
 --pyxis-api-token="${PYAXIS_API_TOKEN}" \
 --certification-project-id="${CONTAINER_PROJECT_ID}" \
---docker-config=temp_auth.json
+--docker-config=temp_auth.json \
+--platform="${PLATFORM}"
 
 # add latest tag
 docker tag  ${SUMOLOGIC_IMAGE} "quay.io/redhat-isv-containers/${CONTAINER_PROJECT_ID}:latest"