Skip to content

Function-Mesh Bundle Release (Manually) #23

Function-Mesh Bundle Release (Manually)

Function-Mesh Bundle Release (Manually) #23

name: Function-Mesh Bundle Release (Manually)
on:
workflow_dispatch:
inputs:
tag:
description: 'Version Tag'
required: true
openshift:
description: 'Publish to openshift certificated'
required: true
default: true
type: boolean
operatorhub:
description: 'Publish to operatorhub.io'
required: true
default: true
type: boolean
jobs:
operatorhub:
name: publish to operatorhub.io
runs-on: ubuntu-latest
if: ${{ inputs.operatorhub }}
steps:
- name: clean disk
run: |
sudo swapoff -a
sudo rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc
sudo apt clean
docker rmi $(docker images -q) -f
df -h
- name: checkout
uses: actions/checkout@v2
with:
ref: ${{ inputs.tag }}
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set up GO 1.20.4
uses: actions/setup-go@v1
with:
go-version: 1.20.4
id: go
- name: InstallKubebuilder
run: |
curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz | tar -xz -C /tmp/
sudo mv /tmp/kubebuilder_2.3.1_linux_amd64 /usr/local/kubebuilder
export PATH=$PATH:/usr/local/kubebuilder/bin
- name: Install operator-sdk
run: |
RELEASE_VERSION=v1.14.0
curl -LO "https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk_linux_amd64"
chmod +x operator-sdk_linux_amd64 && sudo mkdir -p /usr/local/bin/ && sudo mv operator-sdk_linux_amd64 /usr/local/bin/operator-sdk
- name: Set up yq
run: |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.30.4/yq_linux_amd64 -O /usr/bin/yq
sudo chmod +x /usr/bin/yq
yq --help
- name: Get vertical-pod-autoscaler crd
run: |
wget https://raw.githubusercontent.com/kubernetes/autoscaler/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml -O config/crd/bases/vpa-v1-crd.yaml
- name: build release
id: build_release
env:
VERSION: ${{ inputs.tag }}
IMAGE_TAG_BASE: streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
run: |
# convert vx.y.z to x.y.z because a valid semver is needed in creating the bundle
VERSION=$(echo $VERSION|cut -c 2-)
make release
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_DOCKER_USERNAME }}
password: ${{ secrets.QUAY_DOCKER_PASSWORD }}
- name: Build RedHat certificated bundle And Publish to Quay
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: quay.io/streamnativeio
IMAGE_TAG_BASE: quay.io/streamnativeio/function-mesh
CATALOG_BRANCH_TAG: latest
run: |
# convert vx.y.z to x.y.z because a valid semver is needed in creating the bundle
VERSION=$(echo $VERSION|cut -c 2-)
echo $VERSION
make redhat-certificated-image-build redhat-certificated-image-push redhat-certificated-bundle redhat-certificated-bundle-build redhat-certificated-bundle-push
- name: Checkout streamnative community-operators
uses: actions/checkout@v3
with:
repository: streamnative/community-operators
path: community-operators
token: ${{ secrets.SNBOT_GITHUB_TOKEN }}
- name: Copy bundle to community-operators and create pr
env:
GITHUB_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
VERSION: ${{ inputs.tag }}
run: |
pushd community-operators
git config --global user.email "[email protected]"
git config --global user.name "streamnativebot"
export VERSION=$(echo $VERSION|cut -c 2-)
echo $VERSION
export BRANCH=function-mesh-operator-$VERSION
echo $BRANCH
git push -d origin $BRANCH || echo 'Skip branch deletion'
# sync with the upstream repo https://github.com/k8s-operatorhub/community-operators.git
git remote add upstream https://github.com/k8s-operatorhub/community-operators.git
git fetch upstream
git checkout -b upstream upstream/main
git pull
git checkout -b $BRANCH
export TARGET_DIR=operators/function-mesh/$VERSION
mkdir -p $TARGET_DIR
cp -rf ../bundle.Dockerfile $TARGET_DIR
cp -rf ../bundle/* $TARGET_DIR
git add .
git commit -s -m "operator function-mesh ($VERSION)"
git push --set-upstream origin $BRANCH
wget https://raw.githubusercontent.com/streamnative/function-mesh/master/.github/openshift/community-operators -O ../.github/community-operators
gh pr create --title "operator function-mesh ($VERSION)" -F ../.github/community-operators -R k8s-operatorhub/community-operators
popd
openshift:
name: publish to openshift certificated
runs-on: ubuntu-latest
if: ${{ inputs.openshift }}
steps:
- name: clean disk
run: |
sudo swapoff -a
sudo rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc
sudo apt clean
docker rmi $(docker images -q) -f
df -h
- name: checkout
uses: actions/checkout@v2
with:
ref: ${{ inputs.tag }}
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set up GO 1.20.4
uses: actions/setup-go@v1
with:
go-version: 1.20.4
id: go
- name: InstallKubebuilder
run: |
curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz | tar -xz -C /tmp/
sudo mv /tmp/kubebuilder_2.3.1_linux_amd64 /usr/local/kubebuilder
export PATH=$PATH:/usr/local/kubebuilder/bin
- name: Install operator-sdk
run: |
RELEASE_VERSION=v1.14.0
curl -LO "https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk_linux_amd64"
chmod +x operator-sdk_linux_amd64 && sudo mkdir -p /usr/local/bin/ && sudo mv operator-sdk_linux_amd64 /usr/local/bin/operator-sdk
- name: Set up yq
run: |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.30.4/yq_linux_amd64 -O /usr/bin/yq
sudo chmod +x /usr/bin/yq
yq --help
- name: Get vertical-pod-autoscaler crd
run: |
wget https://raw.githubusercontent.com/kubernetes/autoscaler/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml -O config/crd/bases/vpa-v1-crd.yaml
- name: Use the master hack scripts
run: |
wget https://raw.githubusercontent.com/streamnative/function-mesh/master/hack/publish-rhel.sh -O hack/publish-rhel.sh
- name: build release
id: build_release
env:
VERSION: ${{ inputs.tag }}
IMAGE_TAG_BASE: streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
run: |
VERSION=$(echo $VERSION|cut -c 2-)
make release
- name: Login to Quay for RedHat container certification
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REDHAT_CERTIFICATED_CONTAINER_REGISTRY_USER }}
password: ${{ secrets.REDHAT_CERTIFICATED_CONTAINER_REGISTRY_PASSWORD }}
- name: Login to RedHat Connect registry
uses: docker/login-action@v1
with:
registry: https://registry.connect.redhat.com
username: ${{ secrets.REDHAT_CONNECT_REGISTRY_USER }}
password: ${{ secrets.REDHAT_CONNECT_REGISTRY_PASSWORD }}
- name: Build Openshift certificated container And Publish to Quay
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: registry.connect.redhat.com/streamnative
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
run: |
VERSION=$(echo $VERSION|cut -c 2-)
echo $VERSION
make redhat-certificated-image-build
docker tag $IMAGE_TAG_BASE:v$VERSION quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:v$VERSION
docker push quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:v$VERSION
- name: Trigger openshift preflight test
env:
VERSION: ${{ inputs.tag }}
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }}
REDHAT_CERTIFICATED_CONTAINER_AUTHFILE: ${{ secrets.REDHAT_CERTIFICATED_CONTAINER_AUTHFILE }}
run: |
echo $VERSION
export TARGET_DIR=/tmp/artifacts
export AUTHFILE=/tmp/authfile.json
mkdir $TARGET_DIR
echo $REDHAT_CERTIFICATED_CONTAINER_AUTHFILE > $AUTHFILE
cat $AUTHFILE
docker run -i --rm --security-opt=label=disable --env PFLT_LOGLEVEL=trace --env PFLT_ARTIFACTS=/artifacts --env PFLT_LOGFILE=/artifacts/preflight.log --env PFLT_CERTIFICATION_PROJECT_ID=$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN --env PFLT_DOCKERCONFIG=/temp-authfile.json -v $TARGET_DIR:/artifacts -v $AUTHFILE:/temp-authfile.json:ro quay.io/opdev/preflight:stable check container quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION --submit
sleep 60s
- name: Wait for Scan to Complete
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: registry.connect.redhat.com/streamnative
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }}
TIMEOUT_IN_MINS: 10
run: |
echo $VERSION
source hack/publish-rhel.sh
wait_for_container_scan "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" "$TIMEOUT_IN_MINS"
- name: Wait for image release
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: registry.connect.redhat.com/streamnative
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }}
TIMEOUT_IN_MINS: 10
run: |
echo $VERSION
source hack/publish-rhel.sh
publish_the_image "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN"
wait_for_container_publish "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" "$TIMEOUT_IN_MINS"
sync_tags "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN"
docker rmi quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION
docker pull registry.connect.redhat.com/streamnative/function-mesh:$VERSION
docker inspect registry.connect.redhat.com/streamnative/function-mesh:$VERSION
- name: Build the openshift bundle
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: registry.connect.redhat.com/streamnative
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
run: |
VERSION=$(echo $VERSION|cut -c 2-)
echo $VERSION
make redhat-certificated-bundle redhat-certificated-bundle-build
- name: Checkout streamnative certified-operators
uses: actions/checkout@v3
with:
repository: streamnative/certified-operators
path: certified-operators
token: ${{ secrets.SNBOT_GITHUB_TOKEN }}
- name: Copy bundle to certified-operators and create pr
env:
GITHUB_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
VERSION: ${{ inputs.tag }}
run: |
pushd certified-operators
git config --global user.email "[email protected]"
git config --global user.name "streamnativebot"
echo $VERSION
export BRANCH=function-mesh-operator-$VERSION
echo $BRANCH
git push -d origin $BRANCH || echo 'Skip branch deletion'
# sync with the upstream repo https://github.com/redhat-openshift-ecosystem/certified-operators.git
git remote add upstream https://github.com/redhat-openshift-ecosystem/certified-operators.git
git fetch upstream
git checkout -b upstream upstream/main
git pull
git checkout -b $BRANCH
export TARGET_DIR=operators/function-mesh/$VERSION
mkdir -p $TARGET_DIR
cp -rf ../bundle.Dockerfile $TARGET_DIR
cp -rf ../bundle/* $TARGET_DIR
git add .
git commit -s -m "operator function-mesh ($VERSION)"
git push --set-upstream origin $BRANCH
gh pr create --title "operator function-mesh ($VERSION)" --body "Signed-off-by: streamnativebot [email protected]" -R redhat-openshift-ecosystem/certified-operators
popd