Function-Mesh Bundle Release (Manually) #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Function-Mesh Bundle Release (Manually) | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: 'Version Tag' | |
required: true | |
openshift: | |
description: 'Publish to openshift certificated' | |
required: true | |
default: true | |
type: boolean | |
operatorhub: | |
description: 'Publish to operatorhub.io' | |
required: true | |
default: true | |
type: boolean | |
jobs: | |
operatorhub: | |
name: publish to operatorhub.io | |
runs-on: ubuntu-latest | |
if: ${{ inputs.operatorhub }} | |
steps: | |
- name: clean disk | |
run: | | |
sudo swapoff -a | |
sudo rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc | |
sudo apt clean | |
docker rmi $(docker images -q) -f | |
df -h | |
- name: checkout | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ inputs.tag }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Set up GO 1.20.4 | |
uses: actions/setup-go@v1 | |
with: | |
go-version: 1.20.4 | |
id: go | |
- name: InstallKubebuilder | |
run: | | |
curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz | tar -xz -C /tmp/ | |
sudo mv /tmp/kubebuilder_2.3.1_linux_amd64 /usr/local/kubebuilder | |
export PATH=$PATH:/usr/local/kubebuilder/bin | |
- name: Install operator-sdk | |
run: | | |
RELEASE_VERSION=v1.14.0 | |
curl -LO "https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk_linux_amd64" | |
chmod +x operator-sdk_linux_amd64 && sudo mkdir -p /usr/local/bin/ && sudo mv operator-sdk_linux_amd64 /usr/local/bin/operator-sdk | |
- name: Set up yq | |
run: | | |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.30.4/yq_linux_amd64 -O /usr/bin/yq | |
sudo chmod +x /usr/bin/yq | |
yq --help | |
- name: Get vertical-pod-autoscaler crd | |
run: | | |
wget https://raw.githubusercontent.com/kubernetes/autoscaler/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml -O config/crd/bases/vpa-v1-crd.yaml | |
- name: build release | |
id: build_release | |
env: | |
VERSION: ${{ inputs.tag }} | |
IMAGE_TAG_BASE: streamnative/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
run: | | |
# convert vx.y.z to x.y.z because a valid semver is needed in creating the bundle | |
VERSION=$(echo $VERSION|cut -c 2-) | |
make release | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_DOCKER_USERNAME }} | |
password: ${{ secrets.QUAY_DOCKER_PASSWORD }} | |
- name: Build RedHat certificated bundle And Publish to Quay | |
env: | |
VERSION: ${{ inputs.tag }} | |
DOCKER_REPO: quay.io/streamnativeio | |
IMAGE_TAG_BASE: quay.io/streamnativeio/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
run: | | |
# convert vx.y.z to x.y.z because a valid semver is needed in creating the bundle | |
VERSION=$(echo $VERSION|cut -c 2-) | |
echo $VERSION | |
make redhat-certificated-image-build redhat-certificated-image-push redhat-certificated-bundle redhat-certificated-bundle-build redhat-certificated-bundle-push | |
- name: Checkout streamnative community-operators | |
uses: actions/checkout@v3 | |
with: | |
repository: streamnative/community-operators | |
path: community-operators | |
token: ${{ secrets.SNBOT_GITHUB_TOKEN }} | |
- name: Copy bundle to community-operators and create pr | |
env: | |
GITHUB_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }} | |
VERSION: ${{ inputs.tag }} | |
run: | | |
pushd community-operators | |
git config --global user.email "[email protected]" | |
git config --global user.name "streamnativebot" | |
export VERSION=$(echo $VERSION|cut -c 2-) | |
echo $VERSION | |
export BRANCH=function-mesh-operator-$VERSION | |
echo $BRANCH | |
git push -d origin $BRANCH || echo 'Skip branch deletion' | |
# sync with the upstream repo https://github.com/k8s-operatorhub/community-operators.git | |
git remote add upstream https://github.com/k8s-operatorhub/community-operators.git | |
git fetch upstream | |
git checkout -b upstream upstream/main | |
git pull | |
git checkout -b $BRANCH | |
export TARGET_DIR=operators/function-mesh/$VERSION | |
mkdir -p $TARGET_DIR | |
cp -rf ../bundle.Dockerfile $TARGET_DIR | |
cp -rf ../bundle/* $TARGET_DIR | |
git add . | |
git commit -s -m "operator function-mesh ($VERSION)" | |
git push --set-upstream origin $BRANCH | |
wget https://raw.githubusercontent.com/streamnative/function-mesh/master/.github/openshift/community-operators -O ../.github/community-operators | |
gh pr create --title "operator function-mesh ($VERSION)" -F ../.github/community-operators -R k8s-operatorhub/community-operators | |
popd | |
openshift: | |
name: publish to openshift certificated | |
runs-on: ubuntu-latest | |
if: ${{ inputs.openshift }} | |
steps: | |
- name: clean disk | |
run: | | |
sudo swapoff -a | |
sudo rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc | |
sudo apt clean | |
docker rmi $(docker images -q) -f | |
df -h | |
- name: checkout | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ inputs.tag }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Set up GO 1.20.4 | |
uses: actions/setup-go@v1 | |
with: | |
go-version: 1.20.4 | |
id: go | |
- name: InstallKubebuilder | |
run: | | |
curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz | tar -xz -C /tmp/ | |
sudo mv /tmp/kubebuilder_2.3.1_linux_amd64 /usr/local/kubebuilder | |
export PATH=$PATH:/usr/local/kubebuilder/bin | |
- name: Install operator-sdk | |
run: | | |
RELEASE_VERSION=v1.14.0 | |
curl -LO "https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk_linux_amd64" | |
chmod +x operator-sdk_linux_amd64 && sudo mkdir -p /usr/local/bin/ && sudo mv operator-sdk_linux_amd64 /usr/local/bin/operator-sdk | |
- name: Set up yq | |
run: | | |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.30.4/yq_linux_amd64 -O /usr/bin/yq | |
sudo chmod +x /usr/bin/yq | |
yq --help | |
- name: Get vertical-pod-autoscaler crd | |
run: | | |
wget https://raw.githubusercontent.com/kubernetes/autoscaler/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml -O config/crd/bases/vpa-v1-crd.yaml | |
- name: Use the master hack scripts | |
run: | | |
wget https://raw.githubusercontent.com/streamnative/function-mesh/master/hack/publish-rhel.sh -O hack/publish-rhel.sh | |
- name: build release | |
id: build_release | |
env: | |
VERSION: ${{ inputs.tag }} | |
IMAGE_TAG_BASE: streamnative/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
run: | | |
VERSION=$(echo $VERSION|cut -c 2-) | |
make release | |
- name: Login to Quay for RedHat container certification | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REDHAT_CERTIFICATED_CONTAINER_REGISTRY_USER }} | |
password: ${{ secrets.REDHAT_CERTIFICATED_CONTAINER_REGISTRY_PASSWORD }} | |
- name: Login to RedHat Connect registry | |
uses: docker/login-action@v1 | |
with: | |
registry: https://registry.connect.redhat.com | |
username: ${{ secrets.REDHAT_CONNECT_REGISTRY_USER }} | |
password: ${{ secrets.REDHAT_CONNECT_REGISTRY_PASSWORD }} | |
- name: Build Openshift certificated container And Publish to Quay | |
env: | |
VERSION: ${{ inputs.tag }} | |
DOCKER_REPO: registry.connect.redhat.com/streamnative | |
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }} | |
run: | | |
VERSION=$(echo $VERSION|cut -c 2-) | |
echo $VERSION | |
make redhat-certificated-image-build | |
docker tag $IMAGE_TAG_BASE:v$VERSION quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:v$VERSION | |
docker push quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:v$VERSION | |
- name: Trigger openshift preflight test | |
env: | |
VERSION: ${{ inputs.tag }} | |
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }} | |
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }} | |
REDHAT_CERTIFICATED_CONTAINER_AUTHFILE: ${{ secrets.REDHAT_CERTIFICATED_CONTAINER_AUTHFILE }} | |
run: | | |
echo $VERSION | |
export TARGET_DIR=/tmp/artifacts | |
export AUTHFILE=/tmp/authfile.json | |
mkdir $TARGET_DIR | |
echo $REDHAT_CERTIFICATED_CONTAINER_AUTHFILE > $AUTHFILE | |
cat $AUTHFILE | |
docker run -i --rm --security-opt=label=disable --env PFLT_LOGLEVEL=trace --env PFLT_ARTIFACTS=/artifacts --env PFLT_LOGFILE=/artifacts/preflight.log --env PFLT_CERTIFICATION_PROJECT_ID=$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN --env PFLT_DOCKERCONFIG=/temp-authfile.json -v $TARGET_DIR:/artifacts -v $AUTHFILE:/temp-authfile.json:ro quay.io/opdev/preflight:stable check container quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION --submit | |
sleep 60s | |
- name: Wait for Scan to Complete | |
env: | |
VERSION: ${{ inputs.tag }} | |
DOCKER_REPO: registry.connect.redhat.com/streamnative | |
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }} | |
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }} | |
TIMEOUT_IN_MINS: 10 | |
run: | | |
echo $VERSION | |
source hack/publish-rhel.sh | |
wait_for_container_scan "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" "$TIMEOUT_IN_MINS" | |
- name: Wait for image release | |
env: | |
VERSION: ${{ inputs.tag }} | |
DOCKER_REPO: registry.connect.redhat.com/streamnative | |
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }} | |
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }} | |
TIMEOUT_IN_MINS: 10 | |
run: | | |
echo $VERSION | |
source hack/publish-rhel.sh | |
publish_the_image "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" | |
wait_for_container_publish "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" "$TIMEOUT_IN_MINS" | |
sync_tags "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" | |
docker rmi quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION | |
docker pull registry.connect.redhat.com/streamnative/function-mesh:$VERSION | |
docker inspect registry.connect.redhat.com/streamnative/function-mesh:$VERSION | |
- name: Build the openshift bundle | |
env: | |
VERSION: ${{ inputs.tag }} | |
DOCKER_REPO: registry.connect.redhat.com/streamnative | |
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh | |
CATALOG_BRANCH_TAG: latest | |
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }} | |
run: | | |
VERSION=$(echo $VERSION|cut -c 2-) | |
echo $VERSION | |
make redhat-certificated-bundle redhat-certificated-bundle-build | |
- name: Checkout streamnative certified-operators | |
uses: actions/checkout@v3 | |
with: | |
repository: streamnative/certified-operators | |
path: certified-operators | |
token: ${{ secrets.SNBOT_GITHUB_TOKEN }} | |
- name: Copy bundle to certified-operators and create pr | |
env: | |
GITHUB_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }} | |
VERSION: ${{ inputs.tag }} | |
run: | | |
pushd certified-operators | |
git config --global user.email "[email protected]" | |
git config --global user.name "streamnativebot" | |
echo $VERSION | |
export BRANCH=function-mesh-operator-$VERSION | |
echo $BRANCH | |
git push -d origin $BRANCH || echo 'Skip branch deletion' | |
# sync with the upstream repo https://github.com/redhat-openshift-ecosystem/certified-operators.git | |
git remote add upstream https://github.com/redhat-openshift-ecosystem/certified-operators.git | |
git fetch upstream | |
git checkout -b upstream upstream/main | |
git pull | |
git checkout -b $BRANCH | |
export TARGET_DIR=operators/function-mesh/$VERSION | |
mkdir -p $TARGET_DIR | |
cp -rf ../bundle.Dockerfile $TARGET_DIR | |
cp -rf ../bundle/* $TARGET_DIR | |
git add . | |
git commit -s -m "operator function-mesh ($VERSION)" | |
git push --set-upstream origin $BRANCH | |
gh pr create --title "operator function-mesh ($VERSION)" --body "Signed-off-by: streamnativebot [email protected]" -R redhat-openshift-ecosystem/certified-operators | |
popd |