operator external-secrets-operator (0.9.5) #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Operator release | |
on: | |
push: | |
branches: | |
- master | |
- main | |
workflow_dispatch: | |
inputs: | |
release: | |
description: 'Force to run release' | |
required: true | |
default: '0' | |
delete: | |
description: 'Remove operator virtually from git (cockroachdb or cockroachdb/5.0.4) for debuging only' | |
required: false | |
default: '' | |
env: | |
OPP_DEBUG: 1 | |
OPP_CONTAINER_OPT: "-t" | |
OPP_SCRIPT_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp.sh" | |
OPP_SCRIPT_ENV_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-env.sh" | |
OPP_SCRIPT_ISS_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-iss.sh" | |
OPP_SCRIPT_CLEANUP_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-disk-cleanup-on-startup.sh" | |
OPP_SCRIPT_TRIGGER_OHIO_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-trigger-operatorhubio-ci.sh" | |
OPP_IMAGE: "quay.io/operator_testing/operator-test-playbooks:latest" | |
OPP_ANSIBLE_PULL_REPO: "https://github.com/redhat-openshift-ecosystem/operator-test-playbooks" | |
OPP_ANSIBLE_PULL_BRANCH: "upstream-community" | |
OPP_PROD: 1 | |
OPP_MIRROR_LATEST_TAG: "v4.6" | |
OPP_PRODUCTION_TYPE: "ocp" | |
OPP_RELEASE_BUNDLE_REGISTRY: "quay.io" | |
OPP_RELEASE_BUNDLE_ORGANIZATION: "openshift-community-operators" | |
OPP_RELEASE_INDEX_REGISTRY: "quay.io" | |
OPP_RELEASE_INDEX_ORGANIZATION: "openshift-community-operators" | |
OPP_RELEASE_INDEX_NAME: "catalog_tmp" | |
OPP_MIRROR_INDEX_REGISTRY: "quay.io" | |
OPP_MIRROR_INDEX_ORGANIZATION: "redhat" | |
OPP_MIRROR_INDEX_NAME: "redhat----community-operator-index" | |
OPP_MIRROR_INDEX_ENABLED: "1" | |
OPP_MIRROR_INDEX_MULTIARCH_BASE: "registry.redhat.io/openshift4/ose-operator-registry" | |
OPP_MULTIARCH_SUPPORTED_VERSIONS: "v4.5 v4.6 v4.7 v4.8 v4.9 v4.10 v4.11 v4.12 v4.13" | |
OPP_MIRROR_INDEX_MULTIARCH_POSTFIX: "s" | |
IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline" | |
OPP_REGISTRY_MIRROR_USER: "redhat+iib_community" | |
OPP_THIS_REPO_BASE: "https://github.com" | |
OPP_THIS_REPO: "redhat-openshift-ecosystem/community-operators-prod" | |
OPP_THIS_BRANCH: "main" | |
INDEX_PATH_TO_SIGN: "registry.redhat.io/redhat/community-operator-index" | |
SIGNATURE_ENDPOINT: "https://community-signing-pipeline-prod.apps.pipelines-prod.ijdb.p1.openshiftapps.com" | |
OPP_REVIEWERS_ENABLED: 0 | |
OPP_ALLOW_FORCE_RELEASE: ${{ github.event.inputs.release }} | |
OPP_REMOVE_OPERATOR_AFTER_CLONE_PATH: "${{ github.event.inputs.delete }}" | |
REGISTRY_RELEASE_API_TOKEN: ${{ secrets.REGISTRY_RELEASE_API_TOKEN }} | |
REGISTRY_MIRROR_PW: ${{ secrets.REGISTRY_MIRROR_PW }} | |
GODEBUG: x509ignoreCN=0 | |
CI_OHIO_TRIGGER_TOKEN: ${{ secrets.CI_OHIO_TRIGGER_TOKEN }} | |
OHIO_REGISTRY_TOKEN: ${{ secrets.OHIO_REGISTRY_TOKEN }} | |
QUAY_APPREG_TOKEN: ${{ secrets.QUAY_APPREG_TOKEN }} | |
QUAY_COURIER_TOKEN: ${{ secrets.QUAY_COURIER_TOKEN }} | |
REPO_GHA_PAT: ${{ secrets.REPO_GHA_PAT }} | |
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} | |
jobs: | |
pr-check: | |
name: "PR-traffic-light" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- id: files | |
uses: masesgroup/retrieve-changed-files@v2 | |
continue-on-error: true | |
- id: prinfo | |
uses: actions-ecosystem/action-get-merged-pull-request@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: python -m pip install --upgrade pip yq | |
- name: Operator traffic light | |
id: op-traffic-light | |
env: | |
OPP_ADDED_MODIFIED_FILES: "${{ steps.files.outputs.added_modified }}" | |
OPP_MODIFIED_FILES: "${{ steps.files.outputs.modified }}" | |
OPP_RENAMED_FILES: "${{ steps.files.outputs.renamed }}" | |
OPP_REMOVED_FILES: "${{ steps.files.outputs.removed }}" | |
OPP_LABELS: "${{ steps.prinfo.outputs.labels }}" | |
run: | | |
if [ -z "${{ github.event.inputs.list_of_operators }}" ] | |
then | |
echo "Found an empty input - list_of_operators [OK]" | |
else | |
OPP_MODIFIED_FILES="" | |
for operator_to_loop in ${{ github.event.inputs.list_of_operators }}; do | |
echo "Processing $operator_to_loop" | |
if [ -z "$OPP_MODIFIED_FILES" ] | |
then | |
echo "...inicializing OPP_MODIFIED_FILES" | |
OPP_MODIFIED_FILES="$(find operators/$operator_to_loop/ -type f -name "*.clusterserviceversion.yaml" | tail -n 1)" | |
else | |
echo "...extending OPP_MODIFIED_FILES" | |
OPP_MODIFIED_FILES="$OPP_MODIFIED_FILES $(find operators/$operator_to_loop/ -type f -name "*.clusterserviceversion.yaml" | tail -n 1)" | |
fi | |
done | |
fi | |
echo "OPP_MODIFIED_FILES=$OPP_MODIFIED_FILES" | |
echo "PR : ${{ steps.prinfo.outputs.number }}" | |
echo "labels : ${{ steps.prinfo.outputs.labels }}" | |
echo "OPP_LABELS=$OPP_LABELS" | |
echo "Using script '$OPP_SCRIPT_ENV_URL' ..." | |
bash <(curl -sL $OPP_SCRIPT_ENV_URL) | |
- name: Block until there is no running workflow | |
if: steps.op-traffic-light.outputs.opp_release_ready == '1' | |
uses: softprops/turnstyle@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
outputs: | |
opp_labels: "${{ steps.prinfo.outputs.labels }}" | |
opp_test_ready: "${{ steps.op-traffic-light.outputs.opp_test_ready }}" | |
opp_release_ready: "${{ steps.op-traffic-light.outputs.opp_release_ready }}" | |
opp_stream: "${{ steps.op-traffic-light.outputs.opp_stream }}" | |
opp_name: "${{ steps.op-traffic-light.outputs.opp_name }}" | |
opp_version: "${{ steps.op-traffic-light.outputs.opp_version }}" | |
opp_ci_yaml_only: "${{ steps.op-traffic-light.outputs.opp_ci_yaml_only }}" | |
opp_ver_overwrite: "${{ steps.op-traffic-light.outputs.opp_ver_overwrite }}" | |
opp_op_delete: "${{ steps.op-traffic-light.outputs.opp_op_delete }}" | |
opp_recreate: "${{ steps.op-traffic-light.outputs.opp_recreate }}" | |
opp_is_new_operatror: "${{ steps.op-traffic-light.outputs.opp_is_new_operatror }}" | |
opp_release_delete_appreg: "${{ steps.op-traffic-light.outputs.opp_release_delete_appreg }}" | |
opp_pr_title: "${{ steps.op-traffic-light.outputs.opp_pr_title }}" | |
opp_auto_packagemanifest_cluster_version_label: "${{ steps.op-traffic-light.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
remove-ocp: | |
name: "Remove / ocp" | |
needs: pr-check | |
if: needs.pr-check.outputs.opp_release_ready == '1' | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] | |
fail-fast: false | |
steps: | |
- name: Remove operator from index | |
if: needs.pr-check.outputs.opp_op_delete == '1' && needs.pr-check.outputs.opp_name != '' | |
env: | |
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" | |
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} | |
run: | | |
echo "OPP_LABELS=$OPP_LABELS" | |
echo "op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/dummy $OPP_THIS_REPO $OPP_THIS_BRANCH" | |
bash <(curl -sL $OPP_SCRIPT_URL) op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/dummy $OPP_THIS_REPO $OPP_THIS_BRANCH | |
- name: Operator release (operator version overwrite) | |
if: needs.pr-check.outputs.opp_ci_yaml_only == '0' && needs.pr-check.outputs.opp_ver_overwrite == '1' && needs.pr-check.outputs.opp_name != '' && needs.pr-check.outputs.opp_version != '' | |
env: | |
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" | |
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
OPP_IIB_INSTALL: 0 | |
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} | |
OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} | |
run: | | |
echo "OPP_LABELS=$OPP_LABELS" | |
FAKE_RC=false | |
FAKE_TYPE=$(echo $OPERATOR_INDEX_TAG | cut -d '-' -f 2) | |
[[ $FAKE_TYPE == *rc* ]] && FAKE_RC=true || true | |
[[ $FAKE_TYPE == *maintenance* ]] && exit 0 || true | |
echo "op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH" | |
bash <(curl -sL $OPP_SCRIPT_URL) op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC | |
operators-ocp: | |
name: "Index check / ocp" | |
needs: [pr-check, remove-ocp ] | |
if: needs.pr-check.outputs.opp_release_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1' ) | |
runs-on: ubuntu-latest | |
steps: | |
- name: List of missing operators | |
id: operators | |
env: | |
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" | |
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
OPP_IIB_INSTALL: 0 | |
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} | |
OPERATOR_INDEX_TAG: "orange_v4.10 orange_v4.11 orange_v4.12 orange_v4.13 orange_v4.14 orange_v4.15" | |
OPP_INDEX_CHECK_ONLY: 1 | |
run: | | |
echo "OPP_LABELS=$OPP_LABELS" | |
echo "'$OPERATOR_INDEX_TAG' operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH" | |
bash <(curl -sL $OPP_SCRIPT_URL) "$OPERATOR_INDEX_TAG" operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH | |
- name: Index check | |
run: | | |
echo "Operators : ${{ steps.operators.outputs.opp_uncomplete_operators }}" | |
echo "Operators (v4.10) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}" | |
echo "Operators (v4.11) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}" | |
echo "Operators (v4.12) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}" | |
echo "Operators (v4.13) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}" | |
echo "Operators (v4.14) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}" | |
echo "Operators (v4.15) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}" | |
- name: Operator info | |
id: op-info | |
env: | |
OPP_FORCE_OPERATORS: ${{ steps.operators.outputs.opp_uncomplete_operators }} | |
OPP_OP_INFO_PARALLEL: 1 | |
OPP_OP_INFO_PARALLEL_BATCH: 20 | |
OPP_AUTO_LABEL: 1 | |
ANSIBLE_FORCE_COLOR: 1 | |
ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0 | |
ANSIBLE_STDOUT_CALLBACK: "yaml" | |
run: | | |
OPP_FORCE_OPERATORS=${OPP_FORCE_OPERATORS// /,} | |
echo $OPP_FORCE_OPERATORS | |
[ "$OPP_AUTO_LABEL" = '1' ] && ANSIBLE_ARGS="-e automatic_cluster_version_label=true" || ANSIBLE_ARGS="-e automatic_cluster_version_label=false" | |
[ "$OPP_OP_INFO_PARALLEL" = '1' ] && ANSIBLE_ARGS="$ANSIBLE_ARGS -e op_info_parallel=true -e op_info_parallel_batch=$OPP_OP_INFO_PARALLEL_BATCH" || ANSIBLE_ARGS="$ANSIBLE_ARGS -e op_info_parallel=false" | |
echo $ANSIBLE_ARGS | |
git clone $OPP_ANSIBLE_PULL_REPO -b $OPP_ANSIBLE_PULL_BRANCH operator-test-playbooks | |
cd operator-test-playbooks | |
ansible-playbook -i localhost, -e ansible_connection=local -e run_upstream=true -e run_prepare_catalog_repo_upstream=true -e catalog_repo=$OPP_THIS_REPO_BASE/$OPP_THIS_REPO -e catalog_repo_branch=$OPP_THIS_BRANCH upstream/local.yml --tags reset_tools,operator_info -e operator_base_dir=/tmp/community-operators-for-catalog/operators -e operators=$OPP_FORCE_OPERATORS -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e stream_kind=openshift_upstream -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS | |
- name: Upload operator_info | |
uses: actions/upload-artifact@v2 | |
with: | |
name: operator_info | |
path: "/tmp/operator-test/op_info.yaml" | |
- name: Upload converted operators | |
uses: actions/upload-artifact@v2 | |
with: | |
name: operators_converted | |
path: "/tmp/operator-test/operators" | |
- shell: bash | |
run: | | |
[ -f /tmp/operator-test/op_info.yaml ] && cat /tmp/operator-test/op_info.yaml || echo "opp_uncomplete_operators=" >> $GITHUB_OUTPUT | |
outputs: | |
opp_uncomplete_operators: "${{ steps.operators.outputs.opp_uncomplete_operators }}" | |
opp_uncomplete_operators_v4_10: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}" | |
opp_uncomplete_operators_v4_11: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}" | |
opp_uncomplete_operators_v4_12: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}" | |
opp_uncomplete_operators_v4_13: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}" | |
opp_uncomplete_operators_v4_14: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}" | |
opp_uncomplete_operators_v4_15: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}" | |
bundles-ocp: | |
name: "Bundles / ocp" | |
needs: [ pr-check, remove-ocp, operators-ocp ] | |
if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download operator_info | |
uses: actions/download-artifact@v2 | |
with: | |
name: operator_info | |
path: /tmp/operator-test/ | |
- name: Download converted operators | |
uses: actions/download-artifact@v2 | |
with: | |
name: operators_converted | |
path: /tmp/operator-test/operators | |
- name: Build bundles | |
env: | |
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" | |
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
OPP_IIB_INSTALL: 0 | |
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} | |
OPERATOR_INDEX_TAG: latest | |
OPP_SKIP_INDEX: 1 | |
OPP_SKIP_BUNDLES: 0 | |
OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}" | |
run: | | |
echo "OPP_LABELS=$OPP_LABELS" | |
echo "OPP_FORCE_OPERATORS=$OPP_FORCE_OPERATORS" | |
FAKE_RC=false | |
FAKE_TYPE=$(echo $OPERATOR_INDEX_TAG | cut -d '-' -f 2) | |
[[ $FAKE_TYPE == *rc* ]] && FAKE_RC=true || true | |
[[ $FAKE_TYPE == *maintenance* ]] && exit 0 || true | |
echo "orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH" | |
bash <(curl -sL $OPP_SCRIPT_URL) orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC | |
release-ocp: | |
name: "Index / ocp" | |
needs: [ pr-check, operators-ocp, bundles-ocp ] | |
if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] | |
fail-fast: false | |
steps: | |
- name: Download operator_info | |
uses: actions/download-artifact@v2 | |
with: | |
name: operator_info | |
path: /tmp/operator-test/ | |
- name: Download converted operators | |
uses: actions/download-artifact@v2 | |
with: | |
name: operators_converted | |
path: /tmp/operator-test/operators | |
- name: Print space info (before) | |
run: | | |
du -h -d 3 /tmp | sort -h -r | |
df -h | |
docker images | |
- name: Index sync | |
env: | |
OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" | |
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
OPP_IIB_INSTALL: 1 | |
OPP_FORCE_INDEX_UPDATE: 1 | |
OPP_SKIP_BUNDLES: 1 | |
IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} | |
IIB_OUTPUT_REGISTRY_TOKEN: ${{ secrets.IIB_OUTPUT_REGISTRY_TOKEN }} | |
OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} | |
# OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}" | |
OPP_FORCE_OPERATORS: "" | |
OPP_FORCE_OPERATORS_v4_10: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_10 }}" | |
OPP_FORCE_OPERATORS_v4_11: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_11 }}" | |
OPP_FORCE_OPERATORS_v4_12: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_12 }}" | |
OPP_FORCE_OPERATORS_v4_13: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_13 }}" | |
OPP_FORCE_OPERATORS_v4_14: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_14 }}" | |
OPP_FORCE_OPERATORS_v4_15: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_15 }}" | |
run: | | |
echo "OPP_LABELS=$OPP_LABELS" | |
FAKE_RC=false | |
FAKE_TYPE=$(echo $OPERATOR_INDEX_TAG | cut -d '-' -f 2) | |
[[ $FAKE_TYPE == *rc* ]] && FAKE_RC=true || true | |
[[ $FAKE_TYPE == *maintenance* ]] && exit 0 || true | |
bash <(curl -sL $OPP_SCRIPT_CLEANUP_URL) | |
echo "orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH" | |
bash <(curl -sL $OPP_SCRIPT_URL) orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC | |
- name: Print space info (after) | |
if: always() | |
run: | | |
docker exec -t op-test /bin/bash -c "du -h -d 3 /tmp | sort -h -r" || true | |
docker exec -t op-test /bin/bash -c "podman images ; df -h" || true | |
echo "local df:" | |
df -h | |
- name: Sign index | |
id: openshift-vars | |
env: | |
OPERATOR_INDEX_TAG_RAW: ${{ matrix.index-tag }} | |
OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" | |
run: | | |
docker login ${OPP_MIRROR_INDEX_REGISTRY} -u $OPP_REGISTRY_MIRROR_USER -p $REGISTRY_MIRROR_PW | |
OPERATOR_INDEX_TAG=$(echo ${OPERATOR_INDEX_TAG_RAW} |cut -d'-' -f1) | |
echo "OPERATOR_INDEX_TAG=$OPERATOR_INDEX_TAG" | |
OPERATOR_INDEX="${INDEX_PATH_TO_SIGN}:${OPERATOR_INDEX_TAG}" | |
MANIFEST_LIST=${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}:${OPERATOR_INDEX_TAG} | |
echo "MANIFEST_LIST=$MANIFEST_LIST" | |
SIGNATURE_PAYLOAD=$( | |
docker manifest inspect ${MANIFEST_LIST} | jq -r '.manifests[]|.digest' \ | |
| awk -v pullspec=${OPERATOR_INDEX} \ | |
-v requester=${{ secrets.SIGNATURE_WEBHOOK_REQUESTER_EMAIL }} \ | |
-v 'body={"manifest_digest": "@DIGESTS@", "reference": "@REFERENCES@", "requester": "@REQUESTER@"}' \ | |
' | |
/^sha/ { | |
digests=digests "," $1; | |
references=references "," pullspec | |
} | |
END { | |
sub(/^,/, "", digests); | |
sub(/^,/, "", references); | |
sub(/@DIGESTS@/, digests, body); | |
sub(/@REFERENCES@/, references, body); | |
sub(/@REQUESTER@/, requester, body); | |
print body | |
} | |
' | |
) | |
echo "SIGNATURE_PAYLOAD=$SIGNATURE_PAYLOAD" | |
curl --connect-timeout 10 --max-time 20 --fail --retry-all-errors --retry 5 --retry-delay 3 \ | |
${SIGNATURE_ENDPOINT} -d "${SIGNATURE_PAYLOAD}" -u "community-op-cert:${{ secrets.SIGNATURE_WEBHOOK_PASSWD }}" | |
# skopeo inspect docker://$MANIFEST_LIST > /dev/null # error out if needed | |
# OPERATOR_INDEX_DIGEST=$(skopeo inspect docker://$MANIFEST_LIST | jq -r ".Digest") | |
#OPERATOR_INDEX_RESOLVED="${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}@${OPERATOR_INDEX_DIGEST}" | |
index-verify-ocp: | |
name: "Index Verify / ocp" | |
needs: [ pr-check, operators-ocp, bundles-ocp, release-ocp] | |
if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] | |
fail-fast: false | |
steps: | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: python -m pip install --upgrade pip yq | |
- name: Index verify | |
id: index-verify | |
env: | |
OPP_CONTAINER_TOOL: podman | |
run: | | |
MY_TAG=${{ matrix.index-tag }} | |
MY_TAG=$(echo $MY_TAG | cut -d '-' -f 1) | |
MY_INDEXES="quay.io/openshift-community-operators/catalog_tmp:${MY_TAG}" | |
MY_INDEXES="$MY_INDEXES,quay.io/openshift-community-operators/catalog_tmp:${MY_TAG}s" | |
MY_INDEXES="$MY_INDEXES,quay.io/redhat/redhat----community-operator-index:${MY_TAG}" | |
echo "MY_INDEXES=$MY_INDEXES" | |
echo "$REGISTRY_MIRROR_PW" | $OPP_CONTAINER_TOOL login $OPP_MIRROR_INDEX_REGISTRY -u $OPP_REGISTRY_MIRROR_USER --password-stdin || { echo "Problem to login to '$OPP_MIRROR_INDEX_REGISTRY' !!!"; exit 1; } | |
ansible-pull -U $OPP_ANSIBLE_PULL_REPO -C $OPP_ANSIBLE_PULL_BRANCH -i localhost, -e run_upstream=true -e run_prepare_catalog_repo_upstream=false -e container_tool=$OPP_CONTAINER_TOOL upstream/local.yml --tags reset_tools,index_verify -e iv_indexes="$MY_INDEXES" | |
slack-notification: | |
name: "Monitoring notification" | |
needs: [ pr-check, remove-ocp, operators-ocp, bundles-ocp, release-ocp , index-verify-ocp ] | |
if: failure() | |
runs-on: ubuntu-latest | |
steps: | |
- name: Google Chat Notification | |
run: | | |
echo "title: Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}" | |
echo "subtitle: failure" | |
curl --location --request POST '${{ secrets.GCHAT_WEBHOOK }}' \ | |
--header 'Content-Type: application/json' \ | |
--data-raw '{ | |
"cards": [ | |
{ | |
"header": { | |
"title": "Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}", | |
"subtitle": "failure" | |
}, | |
"sections": [ | |
{ | |
"widgets": [ | |
{ | |
"buttons": [ | |
{ | |
"textButton": { | |
"text": "Open the release queue", | |
"onClick": { | |
"openLink": { | |
"url": "https://github.com/${{ github.repository }}/actions/workflows/operator_release.yaml" | |
} | |
} | |
} | |
} | |
] | |
} | |
] | |
} | |
] | |
} | |
] | |
}' |