Skip to content

operator external-secrets-operator (0.9.5) #38

operator external-secrets-operator (0.9.5)

operator external-secrets-operator (0.9.5) #38

name: Operator release
on:
push:
branches:
- master
- main
workflow_dispatch:
inputs:
release:
description: 'Force to run release'
required: true
default: '0'
delete:
description: 'Remove operator virtually from git (cockroachdb or cockroachdb/5.0.4) for debuging only'
required: false
default: ''
env:
OPP_DEBUG: 1
OPP_CONTAINER_OPT: "-t"
OPP_SCRIPT_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp.sh"
OPP_SCRIPT_ENV_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-env.sh"
OPP_SCRIPT_ISS_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-iss.sh"
OPP_SCRIPT_CLEANUP_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-disk-cleanup-on-startup.sh"
OPP_SCRIPT_TRIGGER_OHIO_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-trigger-operatorhubio-ci.sh"
OPP_IMAGE: "quay.io/operator_testing/operator-test-playbooks:latest"
OPP_ANSIBLE_PULL_REPO: "https://github.com/redhat-openshift-ecosystem/operator-test-playbooks"
OPP_ANSIBLE_PULL_BRANCH: "upstream-community"
OPP_PROD: 1
OPP_MIRROR_LATEST_TAG: "v4.6"
OPP_PRODUCTION_TYPE: "ocp"
OPP_RELEASE_BUNDLE_REGISTRY: "quay.io"
OPP_RELEASE_BUNDLE_ORGANIZATION: "openshift-community-operators"
OPP_RELEASE_INDEX_REGISTRY: "quay.io"
OPP_RELEASE_INDEX_ORGANIZATION: "openshift-community-operators"
OPP_RELEASE_INDEX_NAME: "catalog_tmp"
OPP_MIRROR_INDEX_REGISTRY: "quay.io"
OPP_MIRROR_INDEX_ORGANIZATION: "redhat"
OPP_MIRROR_INDEX_NAME: "redhat----community-operator-index"
OPP_MIRROR_INDEX_ENABLED: "1"
OPP_MIRROR_INDEX_MULTIARCH_BASE: "registry.redhat.io/openshift4/ose-operator-registry"
OPP_MULTIARCH_SUPPORTED_VERSIONS: "v4.5 v4.6 v4.7 v4.8 v4.9 v4.10 v4.11 v4.12 v4.13"
OPP_MIRROR_INDEX_MULTIARCH_POSTFIX: "s"
IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline"
OPP_REGISTRY_MIRROR_USER: "redhat+iib_community"
OPP_THIS_REPO_BASE: "https://github.com"
OPP_THIS_REPO: "redhat-openshift-ecosystem/community-operators-prod"
OPP_THIS_BRANCH: "main"
INDEX_PATH_TO_SIGN: "registry.redhat.io/redhat/community-operator-index"
SIGNATURE_ENDPOINT: "https://community-signing-pipeline-prod.apps.pipelines-prod.ijdb.p1.openshiftapps.com"
OPP_REVIEWERS_ENABLED: 0
OPP_ALLOW_FORCE_RELEASE: ${{ github.event.inputs.release }}
OPP_REMOVE_OPERATOR_AFTER_CLONE_PATH: "${{ github.event.inputs.delete }}"
REGISTRY_RELEASE_API_TOKEN: ${{ secrets.REGISTRY_RELEASE_API_TOKEN }}
REGISTRY_MIRROR_PW: ${{ secrets.REGISTRY_MIRROR_PW }}
GODEBUG: x509ignoreCN=0
CI_OHIO_TRIGGER_TOKEN: ${{ secrets.CI_OHIO_TRIGGER_TOKEN }}
OHIO_REGISTRY_TOKEN: ${{ secrets.OHIO_REGISTRY_TOKEN }}
QUAY_APPREG_TOKEN: ${{ secrets.QUAY_APPREG_TOKEN }}
QUAY_COURIER_TOKEN: ${{ secrets.QUAY_COURIER_TOKEN }}
REPO_GHA_PAT: ${{ secrets.REPO_GHA_PAT }}
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }}
jobs:
pr-check:
name: "PR-traffic-light"
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- id: files
uses: masesgroup/retrieve-changed-files@v2
continue-on-error: true
- id: prinfo
uses: actions-ecosystem/action-get-merged-pull-request@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install dependencies
run: python -m pip install --upgrade pip yq
- name: Operator traffic light
id: op-traffic-light
env:
OPP_ADDED_MODIFIED_FILES: "${{ steps.files.outputs.added_modified }}"
OPP_MODIFIED_FILES: "${{ steps.files.outputs.modified }}"
OPP_RENAMED_FILES: "${{ steps.files.outputs.renamed }}"
OPP_REMOVED_FILES: "${{ steps.files.outputs.removed }}"
OPP_LABELS: "${{ steps.prinfo.outputs.labels }}"
run: |
if [ -z "${{ github.event.inputs.list_of_operators }}" ]
then
echo "Found an empty input - list_of_operators [OK]"
else
OPP_MODIFIED_FILES=""
for operator_to_loop in ${{ github.event.inputs.list_of_operators }}; do
echo "Processing $operator_to_loop"
if [ -z "$OPP_MODIFIED_FILES" ]
then
echo "...inicializing OPP_MODIFIED_FILES"
OPP_MODIFIED_FILES="$(find operators/$operator_to_loop/ -type f -name "*.clusterserviceversion.yaml" | tail -n 1)"
else
echo "...extending OPP_MODIFIED_FILES"
OPP_MODIFIED_FILES="$OPP_MODIFIED_FILES $(find operators/$operator_to_loop/ -type f -name "*.clusterserviceversion.yaml" | tail -n 1)"
fi
done
fi
echo "OPP_MODIFIED_FILES=$OPP_MODIFIED_FILES"
echo "PR : ${{ steps.prinfo.outputs.number }}"
echo "labels : ${{ steps.prinfo.outputs.labels }}"
echo "OPP_LABELS=$OPP_LABELS"
echo "Using script '$OPP_SCRIPT_ENV_URL' ..."
bash <(curl -sL $OPP_SCRIPT_ENV_URL)
- name: Block until there is no running workflow
if: steps.op-traffic-light.outputs.opp_release_ready == '1'
uses: softprops/turnstyle@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
opp_labels: "${{ steps.prinfo.outputs.labels }}"
opp_test_ready: "${{ steps.op-traffic-light.outputs.opp_test_ready }}"
opp_release_ready: "${{ steps.op-traffic-light.outputs.opp_release_ready }}"
opp_stream: "${{ steps.op-traffic-light.outputs.opp_stream }}"
opp_name: "${{ steps.op-traffic-light.outputs.opp_name }}"
opp_version: "${{ steps.op-traffic-light.outputs.opp_version }}"
opp_ci_yaml_only: "${{ steps.op-traffic-light.outputs.opp_ci_yaml_only }}"
opp_ver_overwrite: "${{ steps.op-traffic-light.outputs.opp_ver_overwrite }}"
opp_op_delete: "${{ steps.op-traffic-light.outputs.opp_op_delete }}"
opp_recreate: "${{ steps.op-traffic-light.outputs.opp_recreate }}"
opp_is_new_operatror: "${{ steps.op-traffic-light.outputs.opp_is_new_operatror }}"
opp_release_delete_appreg: "${{ steps.op-traffic-light.outputs.opp_release_delete_appreg }}"
opp_pr_title: "${{ steps.op-traffic-light.outputs.opp_pr_title }}"
opp_auto_packagemanifest_cluster_version_label: "${{ steps.op-traffic-light.outputs.opp_auto_packagemanifest_cluster_version_label }}"
remove-ocp:
name: "Remove / ocp"
needs: pr-check
if: needs.pr-check.outputs.opp_release_ready == '1'
runs-on: ubuntu-latest
strategy:
matrix:
index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc']
fail-fast: false
steps:
- name: Remove operator from index
if: needs.pr-check.outputs.opp_op_delete == '1' && needs.pr-check.outputs.opp_name != ''
env:
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}"
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}"
OPERATOR_INDEX_TAG: ${{ matrix.index-tag }}
run: |
echo "OPP_LABELS=$OPP_LABELS"
echo "op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/dummy $OPP_THIS_REPO $OPP_THIS_BRANCH"
bash <(curl -sL $OPP_SCRIPT_URL) op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/dummy $OPP_THIS_REPO $OPP_THIS_BRANCH
- name: Operator release (operator version overwrite)
if: needs.pr-check.outputs.opp_ci_yaml_only == '0' && needs.pr-check.outputs.opp_ver_overwrite == '1' && needs.pr-check.outputs.opp_name != '' && needs.pr-check.outputs.opp_version != ''
env:
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}"
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}"
OPP_IIB_INSTALL: 0
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }}
OPERATOR_INDEX_TAG: ${{ matrix.index-tag }}
run: |
echo "OPP_LABELS=$OPP_LABELS"
FAKE_RC=false
FAKE_TYPE=$(echo $OPERATOR_INDEX_TAG | cut -d '-' -f 2)
[[ $FAKE_TYPE == *rc* ]] && FAKE_RC=true || true
[[ $FAKE_TYPE == *maintenance* ]] && exit 0 || true
echo "op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH"
bash <(curl -sL $OPP_SCRIPT_URL) op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC
operators-ocp:
name: "Index check / ocp"
needs: [pr-check, remove-ocp ]
if: needs.pr-check.outputs.opp_release_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1' )
runs-on: ubuntu-latest
steps:
- name: List of missing operators
id: operators
env:
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}"
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}"
OPP_IIB_INSTALL: 0
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }}
OPERATOR_INDEX_TAG: "orange_v4.10 orange_v4.11 orange_v4.12 orange_v4.13 orange_v4.14 orange_v4.15"
OPP_INDEX_CHECK_ONLY: 1
run: |
echo "OPP_LABELS=$OPP_LABELS"
echo "'$OPERATOR_INDEX_TAG' operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH"
bash <(curl -sL $OPP_SCRIPT_URL) "$OPERATOR_INDEX_TAG" operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH
- name: Index check
run: |
echo "Operators : ${{ steps.operators.outputs.opp_uncomplete_operators }}"
echo "Operators (v4.10) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}"
echo "Operators (v4.11) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}"
echo "Operators (v4.12) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}"
echo "Operators (v4.13) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}"
echo "Operators (v4.14) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}"
echo "Operators (v4.15) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}"
- name: Operator info
id: op-info
env:
OPP_FORCE_OPERATORS: ${{ steps.operators.outputs.opp_uncomplete_operators }}
OPP_OP_INFO_PARALLEL: 1
OPP_OP_INFO_PARALLEL_BATCH: 20
OPP_AUTO_LABEL: 1
ANSIBLE_FORCE_COLOR: 1
ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0
ANSIBLE_STDOUT_CALLBACK: "yaml"
run: |
OPP_FORCE_OPERATORS=${OPP_FORCE_OPERATORS// /,}
echo $OPP_FORCE_OPERATORS
[ "$OPP_AUTO_LABEL" = '1' ] && ANSIBLE_ARGS="-e automatic_cluster_version_label=true" || ANSIBLE_ARGS="-e automatic_cluster_version_label=false"
[ "$OPP_OP_INFO_PARALLEL" = '1' ] && ANSIBLE_ARGS="$ANSIBLE_ARGS -e op_info_parallel=true -e op_info_parallel_batch=$OPP_OP_INFO_PARALLEL_BATCH" || ANSIBLE_ARGS="$ANSIBLE_ARGS -e op_info_parallel=false"
echo $ANSIBLE_ARGS
git clone $OPP_ANSIBLE_PULL_REPO -b $OPP_ANSIBLE_PULL_BRANCH operator-test-playbooks
cd operator-test-playbooks
ansible-playbook -i localhost, -e ansible_connection=local -e run_upstream=true -e run_prepare_catalog_repo_upstream=true -e catalog_repo=$OPP_THIS_REPO_BASE/$OPP_THIS_REPO -e catalog_repo_branch=$OPP_THIS_BRANCH upstream/local.yml --tags reset_tools,operator_info -e operator_base_dir=/tmp/community-operators-for-catalog/operators -e operators=$OPP_FORCE_OPERATORS -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e stream_kind=openshift_upstream -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS
- name: Upload operator_info
uses: actions/upload-artifact@v2
with:
name: operator_info
path: "/tmp/operator-test/op_info.yaml"
- name: Upload converted operators
uses: actions/upload-artifact@v2
with:
name: operators_converted
path: "/tmp/operator-test/operators"
- shell: bash
run: |
[ -f /tmp/operator-test/op_info.yaml ] && cat /tmp/operator-test/op_info.yaml || echo "opp_uncomplete_operators=" >> $GITHUB_OUTPUT
outputs:
opp_uncomplete_operators: "${{ steps.operators.outputs.opp_uncomplete_operators }}"
opp_uncomplete_operators_v4_10: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}"
opp_uncomplete_operators_v4_11: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}"
opp_uncomplete_operators_v4_12: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}"
opp_uncomplete_operators_v4_13: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}"
opp_uncomplete_operators_v4_14: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}"
opp_uncomplete_operators_v4_15: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}"
bundles-ocp:
name: "Bundles / ocp"
needs: [ pr-check, remove-ocp, operators-ocp ]
if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != ''
runs-on: ubuntu-latest
steps:
- name: Download operator_info
uses: actions/download-artifact@v2
with:
name: operator_info
path: /tmp/operator-test/
- name: Download converted operators
uses: actions/download-artifact@v2
with:
name: operators_converted
path: /tmp/operator-test/operators
- name: Build bundles
env:
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}"
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}"
OPP_IIB_INSTALL: 0
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }}
OPERATOR_INDEX_TAG: latest
OPP_SKIP_INDEX: 1
OPP_SKIP_BUNDLES: 0
OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}"
run: |
echo "OPP_LABELS=$OPP_LABELS"
echo "OPP_FORCE_OPERATORS=$OPP_FORCE_OPERATORS"
FAKE_RC=false
FAKE_TYPE=$(echo $OPERATOR_INDEX_TAG | cut -d '-' -f 2)
[[ $FAKE_TYPE == *rc* ]] && FAKE_RC=true || true
[[ $FAKE_TYPE == *maintenance* ]] && exit 0 || true
echo "orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH"
bash <(curl -sL $OPP_SCRIPT_URL) orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC
release-ocp:
name: "Index / ocp"
needs: [ pr-check, operators-ocp, bundles-ocp ]
if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != ''
runs-on: ubuntu-latest
strategy:
matrix:
index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc']
fail-fast: false
steps:
- name: Download operator_info
uses: actions/download-artifact@v2
with:
name: operator_info
path: /tmp/operator-test/
- name: Download converted operators
uses: actions/download-artifact@v2
with:
name: operators_converted
path: /tmp/operator-test/operators
- name: Print space info (before)
run: |
du -h -d 3 /tmp | sort -h -r
df -h
docker images
- name: Index sync
env:
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}"
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}"
OPP_IIB_INSTALL: 1
OPP_FORCE_INDEX_UPDATE: 1
OPP_SKIP_BUNDLES: 1
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }}
IIB_OUTPUT_REGISTRY_TOKEN: ${{ secrets.IIB_OUTPUT_REGISTRY_TOKEN }}
OPERATOR_INDEX_TAG: ${{ matrix.index-tag }}
# OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}"
OPP_FORCE_OPERATORS: ""
OPP_FORCE_OPERATORS_v4_10: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_10 }}"
OPP_FORCE_OPERATORS_v4_11: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_11 }}"
OPP_FORCE_OPERATORS_v4_12: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_12 }}"
OPP_FORCE_OPERATORS_v4_13: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_13 }}"
OPP_FORCE_OPERATORS_v4_14: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_14 }}"
OPP_FORCE_OPERATORS_v4_15: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_15 }}"
run: |
echo "OPP_LABELS=$OPP_LABELS"
FAKE_RC=false
FAKE_TYPE=$(echo $OPERATOR_INDEX_TAG | cut -d '-' -f 2)
[[ $FAKE_TYPE == *rc* ]] && FAKE_RC=true || true
[[ $FAKE_TYPE == *maintenance* ]] && exit 0 || true
bash <(curl -sL $OPP_SCRIPT_CLEANUP_URL)
echo "orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH"
bash <(curl -sL $OPP_SCRIPT_URL) orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC
- name: Print space info (after)
if: always()
run: |
docker exec -t op-test /bin/bash -c "du -h -d 3 /tmp | sort -h -r" || true
docker exec -t op-test /bin/bash -c "podman images ; df -h" || true
echo "local df:"
df -h
- name: Sign index
id: openshift-vars
env:
OPERATOR_INDEX_TAG_RAW: ${{ matrix.index-tag }}
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}"
run: |
docker login ${OPP_MIRROR_INDEX_REGISTRY} -u $OPP_REGISTRY_MIRROR_USER -p $REGISTRY_MIRROR_PW
OPERATOR_INDEX_TAG=$(echo ${OPERATOR_INDEX_TAG_RAW} |cut -d'-' -f1)
echo "OPERATOR_INDEX_TAG=$OPERATOR_INDEX_TAG"
OPERATOR_INDEX="${INDEX_PATH_TO_SIGN}:${OPERATOR_INDEX_TAG}"
MANIFEST_LIST=${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}:${OPERATOR_INDEX_TAG}
echo "MANIFEST_LIST=$MANIFEST_LIST"
SIGNATURE_PAYLOAD=$(
docker manifest inspect ${MANIFEST_LIST} | jq -r '.manifests[]|.digest' \
| awk -v pullspec=${OPERATOR_INDEX} \
-v requester=${{ secrets.SIGNATURE_WEBHOOK_REQUESTER_EMAIL }} \
-v 'body={"manifest_digest": "@DIGESTS@", "reference": "@REFERENCES@", "requester": "@REQUESTER@"}' \
'
/^sha/ {
digests=digests "," $1;
references=references "," pullspec
}
END {
sub(/^,/, "", digests);
sub(/^,/, "", references);
sub(/@DIGESTS@/, digests, body);
sub(/@REFERENCES@/, references, body);
sub(/@REQUESTER@/, requester, body);
print body
}
'
)
echo "SIGNATURE_PAYLOAD=$SIGNATURE_PAYLOAD"
curl --connect-timeout 10 --max-time 20 --fail --retry-all-errors --retry 5 --retry-delay 3 \
${SIGNATURE_ENDPOINT} -d "${SIGNATURE_PAYLOAD}" -u "community-op-cert:${{ secrets.SIGNATURE_WEBHOOK_PASSWD }}"
# skopeo inspect docker://$MANIFEST_LIST > /dev/null # error out if needed
# OPERATOR_INDEX_DIGEST=$(skopeo inspect docker://$MANIFEST_LIST | jq -r ".Digest")
#OPERATOR_INDEX_RESOLVED="${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}@${OPERATOR_INDEX_DIGEST}"
index-verify-ocp:
name: "Index Verify / ocp"
needs: [ pr-check, operators-ocp, bundles-ocp, release-ocp]
if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != ''
runs-on: ubuntu-latest
strategy:
matrix:
index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc']
fail-fast: false
steps:
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install dependencies
run: python -m pip install --upgrade pip yq
- name: Index verify
id: index-verify
env:
OPP_CONTAINER_TOOL: podman
run: |
MY_TAG=${{ matrix.index-tag }}
MY_TAG=$(echo $MY_TAG | cut -d '-' -f 1)
MY_INDEXES="quay.io/openshift-community-operators/catalog_tmp:${MY_TAG}"
MY_INDEXES="$MY_INDEXES,quay.io/openshift-community-operators/catalog_tmp:${MY_TAG}s"
MY_INDEXES="$MY_INDEXES,quay.io/redhat/redhat----community-operator-index:${MY_TAG}"
echo "MY_INDEXES=$MY_INDEXES"
echo "$REGISTRY_MIRROR_PW" | $OPP_CONTAINER_TOOL login $OPP_MIRROR_INDEX_REGISTRY -u $OPP_REGISTRY_MIRROR_USER --password-stdin || { echo "Problem to login to '$OPP_MIRROR_INDEX_REGISTRY' !!!"; exit 1; }
ansible-pull -U $OPP_ANSIBLE_PULL_REPO -C $OPP_ANSIBLE_PULL_BRANCH -i localhost, -e run_upstream=true -e run_prepare_catalog_repo_upstream=false -e container_tool=$OPP_CONTAINER_TOOL upstream/local.yml --tags reset_tools,index_verify -e iv_indexes="$MY_INDEXES"
slack-notification:
name: "Monitoring notification"
needs: [ pr-check, remove-ocp, operators-ocp, bundles-ocp, release-ocp , index-verify-ocp ]
if: failure()
runs-on: ubuntu-latest
steps:
- name: Google Chat Notification
run: |
echo "title: Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}"
echo "subtitle: failure"
curl --location --request POST '${{ secrets.GCHAT_WEBHOOK }}' \
--header 'Content-Type: application/json' \
--data-raw '{
"cards": [
{
"header": {
"title": "Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}",
"subtitle": "failure"
},
"sections": [
{
"widgets": [
{
"buttons": [
{
"textButton": {
"text": "Open the release queue",
"onClick": {
"openLink": {
"url": "https://github.com/${{ github.repository }}/actions/workflows/operator_release.yaml"
}
}
}
}
]
}
]
}
]
}
]
}'