From 1398c57866e2b149408099d3f5178b99a640bd54 Mon Sep 17 00:00:00 2001 From: Nick Carboni Date: Tue, 28 May 2024 10:03:18 -0400 Subject: [PATCH] MGMT-17897: Build and publish assisted-service-el8 image (#52320) * Build and publish assisted-service-el8 image This image is required for assisted-service to be able to install clusters of version <4.16 in FIPS environments. Resolves https://issues.redhat.com/browse/MGMT-17897 * Use a build arg rather than a separate Dockerfile for the el8 image --- ...enshift-assisted-service-master__edge.yaml | 27 ++++++++ ...ift-assisted-service-master-periodics.yaml | 61 +++++++++++++++++++ ...t-assisted-service-master-postsubmits.yaml | 59 ++++++++++++++++++ 3 files changed, 147 insertions(+) diff --git a/ci-operator/config/openshift/assisted-service/openshift-assisted-service-master__edge.yaml b/ci-operator/config/openshift/assisted-service/openshift-assisted-service-master__edge.yaml index 2afb51037b3c..aa910cc69f57 100644 --- a/ci-operator/config/openshift/assisted-service/openshift-assisted-service-master__edge.yaml +++ b/ci-operator/config/openshift/assisted-service/openshift-assisted-service-master__edge.yaml @@ -107,6 +107,15 @@ images: as: - registry.ci.openshift.org/openshift/release:golang-1.20 to: assisted-service +- build_args: + - name: BASE_TAG + value: stream8 + dockerfile_path: Dockerfile.assisted-service + inputs: + openshift_release_golang-1.20: + as: + - registry.ci.openshift.org/openshift/release:golang-1.20 + to: assisted-service-el8 - dockerfile_literal: | FROM coreos/centos COPY . . @@ -167,6 +176,15 @@ tests: SOURCE_IMAGE_REF: assisted-service test: - ref: assisted-baremetal-images-publish +- as: mirror-nightly-image-el8 + cron: '@daily' + steps: + dependencies: + SOURCE_IMAGE_REF: assisted-service-el8 + env: + IMAGE_REPO: assisted-service-el8 + test: + - ref: assisted-baremetal-images-publish - as: mirror-vcsref-image postsubmit: true steps: @@ -174,6 +192,15 @@ tests: SOURCE_IMAGE_REF: assisted-service test: - ref: assisted-baremetal-images-publish +- as: mirror-vcsref-image-el8 + postsubmit: true + steps: + dependencies: + SOURCE_IMAGE_REF: assisted-service-el8 + env: + IMAGE_REPO: assisted-service-el8 + test: + - ref: assisted-baremetal-images-publish - as: operator-publish postsubmit: true steps: diff --git a/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-periodics.yaml b/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-periodics.yaml index 5bceb4334c72..8184bb0e9ff2 100644 --- a/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-periodics.yaml +++ b/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-periodics.yaml @@ -850,6 +850,67 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 24 22 * * * + decorate: true + extra_refs: + - base_ref: master + org: openshift + repo: assisted-service + labels: + ci-operator.openshift.io/variant: edge + ci.openshift.io/generator: prowgen + job-release: "4.16" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-assisted-service-master-edge-mirror-nightly-image-el8 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=mirror-nightly-image-el8 + - --variant=edge + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build04 cron: 00 00 */1 * 0-5 diff --git a/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-postsubmits.yaml b/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-postsubmits.yaml index 606e1241525b..11d381f7c35c 100644 --- a/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-postsubmits.yaml +++ b/ci-operator/jobs/openshift/assisted-service/openshift-assisted-service-master-postsubmits.yaml @@ -179,6 +179,65 @@ postsubmits: - name: result-aggregator secret: secretName: result-aggregator + - agent: kubernetes + always_run: true + branches: + - ^master$ + cluster: build04 + decorate: true + labels: + ci-operator.openshift.io/variant: edge + ci.openshift.io/generator: prowgen + job-release: "4.16" + max_concurrency: 1 + name: branch-ci-openshift-assisted-service-master-edge-mirror-vcsref-image-el8 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=mirror-vcsref-image-el8 + - --variant=edge + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes always_run: true branches: