-
Notifications
You must be signed in to change notification settings - Fork 59
151 lines (129 loc) · 4.89 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
---
name: Build and test
on: # yamllint disable-line rule:truthy
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, labeled]
workflow_dispatch:
jobs:
tox:
name: Run unit tests and linters
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up PDM
uses: pdm-project/setup-pdm@v4
with:
python-version: "3.12"
- name: Install non-python dependencies
run: |
sudo apt-get update && sudo apt-get install -y libkrb5-dev
- name: Install Hadolint via Brew
run: |
NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
/home/linuxbrew/.linuxbrew/bin/brew install hadolint
sudo ln -s /home/linuxbrew/.linuxbrew/bin/hadolint /usr/bin/
- name: Install Python dependencies
run: |
pdm sync -dG tox
pipx install ansible-lint
- name: Run Tests
run: |
pdm run -v tox
build:
name: Build and push image
runs-on: ubuntu-latest
steps:
- name: Set variables
id: set-vars
run: |
if [[ $GITHUB_REF_NAME == 'main' ]]; then
echo "tags=latest ${{ github.sha }}" >> $GITHUB_OUTPUT
else
echo "tags=${{ github.sha }}">> $GITHUB_OUTPUT
fi
- uses: actions/checkout@v4
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: operator-pipelines-images
tags: ${{ steps.set-vars.outputs.tags }}
dockerfiles: |
./operator-pipeline-images/Dockerfile
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: quay.io/redhat-isv
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Print image url
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
integration-tests:
needs: [build]
if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event.label.name == 'ready-for-testing'
timeout-minutes: 90
strategy:
matrix:
test_type:
- isv
- community
- isv-fbc-bundle
- isv-fbc-catalog
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Prepare
id: prepare
run: |
echo "suffix=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
- name: Install dependencies
run: |
# Install python packages needed from ansible
pipx inject ansible-core jmespath openshift pygithub
# Add certificates to trusted list
sudo cp operator-pipeline-images/certs/* /usr/local/share/ca-certificates
# Rename all .pem files to .crt to allow update-ca-certificates
for file in /usr/local/share/ca-certificates/*.pem
do
sudo mv "$file" "${file%.pem}.crt"
done
sudo update-ca-certificates
echo "${{ secrets.VAULT_PASSWORD }}" > "$HOME"/.vault-password
# secret used also in hosted pipeline for enabling
# access to cluster for tkn command log accessing
mkdir -p "$HOME"/.kube
ansible-vault decrypt \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.kube/config \
ansible/vaults/integration-tests/ci-pipeline-kubeconfig
# secret used also in hosted pipeline for enabling
# cloning of the repository
mkdir -p "$HOME"/.ssh
ansible-vault decrypt \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.ssh/id_rsa \
ansible/vaults/integration-tests/ci-pipeline-github-ssh-key
- name: Run the integration tests ansible playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: playbooks/operator-pipeline-integration-tests.yml
directory: ./ansible
requirements: playbooks/requirements.yml
vault_password: ${{secrets.VAULT_PASSWORD}}
options: |
-e "test_type=${{ matrix.test_type }}"
-e "oc_namespace=int-tests-${{ matrix.test_type }}-${{ github.run_number }}-${{ github.run_attempt }}"
-e "integration_tests_operator_bundle_version=0.2.${{ github.run_number }}-${{ github.run_attempt }}"
-e "operator_pipeline_image_tag=${{ github.sha }}"
-e "suffix=${{ steps.prepare.outputs.suffix }}"
-e "ansible_python_interpreter=/opt/pipx/venvs/ansible-core/bin/python3"
--skip-tags=signing-pipeline
-v