Publish the certsuite image (latest release only)
#351
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: 'Publish the `cnf-certification-test` image (latest release only)' | |
| "on": | |
| # Run the workflow when a new release gets published | |
| release: | |
| target_commitish: main | |
| types: [published] | |
| # Run the workflow every day at 5 am UTC (1 am EST, 7am CET) | |
| # This is useful for keeping the image up-to-date with security | |
| # patches provided in the UBI. | |
| # Disclaimer: There is no guarantee that scheduled workflows will | |
| # run at the predefined time, if at all. The delay is usually | |
| # around 10-30 minutes. | |
| schedule: | |
| - cron: '0 5 * * *' | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| REGISTRY: quay.io | |
| REGISTRY_LOCAL: localhost | |
| RELEASE_LEVEL: 4.12 | |
| TNF_IMAGE_NAME: testnetworkfunction/cnf-certification-test | |
| IMAGE_TAG: latest | |
| TNF_CONTAINER_CLIENT: docker | |
| TNF_NON_INTRUSIVE_ONLY: false | |
| TNF_ALLOW_PREFLIGHT_INSECURE: false | |
| TNF_DISABLE_CONFIG_AUTODISCOVER: false | |
| TNF_CONFIG_DIR: /tmp/tnf/config | |
| TNF_OUTPUT_DIR: /tmp/tnf/output | |
| TNF_SRC_URL: 'https://github.com/${{ github.repository }}' | |
| PARTNER_REPO: test-network-function/cnf-certification-test-partner | |
| PARTNER_SRC_URL: 'https://github.com/${PARTNER_REPO}' | |
| TESTING_CMD_PARAMS: '-n host -i ${REGISTRY_LOCAL}/${TNF_IMAGE_NAME}:${IMAGE_TAG} -t ${TNF_CONFIG_DIR} -o ${TNF_OUTPUT_DIR}' | |
| ON_DEMAND_DEBUG_PODS: false | |
| jobs: | |
| test-and-push-tnf-image-main: | |
| name: 'Test and push the `cnf-certification-test` image' | |
| runs-on: ubuntu-22.04 | |
| env: | |
| SHELL: /bin/bash | |
| KUBECONFIG: '/home/runner/.kube/config' | |
| PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
| CURRENT_VERSION_GENERIC_BRANCH: main | |
| TNF_VERSION: "" | |
| PARTNER_VERSION: "" | |
| steps: | |
| - name: Write temporary docker file | |
| run: | | |
| mkdir -p /home/runner/.docker | |
| touch ${PFLT_DOCKERCONFIG} | |
| echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} | |
| - name: Checkout generic working branch of the current version | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.CURRENT_VERSION_GENERIC_BRANCH }} | |
| fetch-depth: '0' | |
| - name: Get the latest TNF version from GIT | |
| run: | | |
| GIT_RELEASE=$(git tag --points-at HEAD | head -n 1) | |
| GIT_PREVIOUS_RELEASE=$(git tag --no-contains HEAD --sort=v:refname | tail -n 1) | |
| GIT_LATEST_RELEASE=$GIT_RELEASE | |
| if [ -z "$GIT_RELEASE" ]; then | |
| GIT_LATEST_RELEASE=$GIT_PREVIOUS_RELEASE | |
| fi | |
| echo "version_number=$GIT_LATEST_RELEASE" >> $GITHUB_OUTPUT | |
| id: set_tnf_version | |
| - name: Print the latest TNF version from GIT | |
| run: | | |
| echo Version tag: ${{ steps.set_tnf_version.outputs.version_number }} | |
| - name: Get contents of the version.json file | |
| run: echo "json=$(cat version.json | tr -d '[:space:]')" >> $GITHUB_OUTPUT | |
| id: get_version_json_file | |
| - name: Get the partner version number from file | |
| run: | | |
| echo Partner version tag: $VERSION_FROM_FILE_PARTNER | |
| echo "partner_version_number=$VERSION_FROM_FILE_PARTNER" >> $GITHUB_OUTPUT | |
| id: set_partner_version | |
| env: | |
| VERSION_FROM_FILE_PARTNER: ${{ fromJSON(steps.get_version_json_file.outputs.json).partner_tag }} | |
| - name: Update env variables | |
| run: | | |
| echo "TNF_VERSION=${{ steps.set_tnf_version.outputs.version_number }}" >> $GITHUB_ENV | |
| echo "PARTNER_VERSION=${{ steps.set_partner_version.outputs.partner_version_number }}" >> $GITHUB_ENV | |
| - name: Ensure $TNF_VERSION and $IMAGE_TAG are set | |
| run: '[[ -n "$TNF_VERSION" ]] && [[ -n "$IMAGE_TAG" ]] && [[ -n "$PARTNER_VERSION" ]]' | |
| - name: Check whether the version tag exists on remote | |
| run: git ls-remote --exit-code $TNF_SRC_URL refs/tags/$TNF_VERSION | |
| - name: (if tag is missing) Display debug message | |
| if: ${{ failure() }} | |
| run: echo "Tag '$TNF_VERSION' does not exist on remote $TNF_SRC_URL" | |
| - name: Check whether the version tag exists on remote | |
| run: git ls-remote --exit-code ${{ env.PARTNER_SRC_URL }} refs/tags/$PARTNER_VERSION | |
| - name: (if partner_tag is missing) Display debug message | |
| if: ${{ failure() }} | |
| run: echo "Tag '$PARTNER_VERSION' does not exist on remote $PARTNER_SRC_URL" | |
| - name: Checkout the version tag | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.TNF_VERSION }} | |
| - name: Build the `cnf-certification-test` image | |
| run: | | |
| make build-image-tnf | |
| env: | |
| TNF_VERSION: ${{ env.TNF_VERSION }} | |
| # Push the new TNF image to Quay.io. | |
| - name: Authenticate against Quay.io | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| # Use a Robot Account to authenticate against Quay.io | |
| # https://docs.quay.io/glossary/robot-accounts.html | |
| username: ${{ secrets.QUAY_ROBOT_USERNAME }} | |
| password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
| - name: Push the newly built image to Quay.io | |
| run: docker push --all-tags ${REGISTRY}/${TNF_IMAGE_NAME} |