1.0 - Update konflux pipelines to use refrences #602
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Operator Upgrade | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ "main", "release*" ] | |
tags: [ "*" ] | |
pull_request: | |
branches: [ "main", "release*" ] | |
env: | |
GO_VERSION: 1.21 | |
jobs: | |
upgrade: | |
name: Upgrade operator test | |
runs-on: ubuntu-20.04 | |
env: | |
IMG: ttl.sh/securesign/operator-upgrade-${{github.run_number}}:1h | |
BUNDLE_IMG: ttl.sh/securesign/bundle-upgrade-${{github.run_number}}:1h | |
CATALOG_IMG: ttl.sh/securesign/catalog-upgrade-${{github.run_number}}:1h | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: true | |
- name: Checkout source | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Log in to registry.redhat.io | |
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1 | |
with: | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
registry: registry.redhat.io | |
auth_file_path: /tmp/config.json | |
- name: Install OPM | |
run: | | |
make opm | |
echo "OPM=${{ github.workspace }}/bin/opm" >> $GITHUB_ENV | |
- name: Remove rhel9 suffix from images.go | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "-rhel9@" | |
replace: "@" | |
include: "**images.go" | |
regex: false | |
- name: Replace trillian images | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/trillian-" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/trillian/" | |
include: "**images.go" | |
regex: false | |
- name: replace Fulcio images | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/fulcio" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/fulcio/fulcio-server" | |
include: "**images.go" | |
regex: false | |
- name: replace Rekor-search images | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/rekor-search-ui" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/rekor-search/rekor-search" | |
include: "**images.go" | |
regex: false | |
- name: replace Rekor images | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: 'registry.redhat.io/rhtas/rekor-' | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-" | |
include: "**images.go" | |
regex: false | |
- name: replace Tuf images | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/tuf-" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/scaffold/tuf-" | |
include: "**images.go" | |
regex: false | |
- name: replace CTL images | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/certificate-transparency" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/certificate-transparency-go/certificate-transparency-go" | |
include: "**images.go" | |
regex: false | |
- name: replace server-cg image | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/client-server-cg" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/cli/client-server-cg" | |
include: "**images.go" | |
regex: false | |
- name: replace server-re image | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/client-server-re" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/cli/client-server-re" | |
include: "**images.go" | |
regex: false | |
- name: replace segment job image | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "registry.redhat.io/rhtas/segment-reporting" | |
replace: "quay.io/redhat-user-workloads/rhtas-tenant/segment-backup-job/segment-backup-job" | |
include: "**images.go" | |
regex: false | |
- name: Print Resulting images.go file | |
run: cat controllers/constants/images.go | |
- name: Build operator container | |
run: make docker-build docker-push | |
- name: Build operator bundle | |
run: make bundle bundle-build bundle-push | |
- name: Checkout FBC source | |
uses: actions/checkout@v2 | |
with: | |
repository: "securesign/fbc" | |
path: fbc | |
- name: Build catalog | |
run: | | |
cd fbc | |
chmod +x ./generate-fbc.sh && OPM_CMD=${{ env.OPM }} ./generate-fbc.sh --init-basic v4.14 jq | |
cat << EOF >> v4.14/graph.json | |
{ | |
"schema": "olm.bundle", | |
"image": "$BUNDLE_IMG" | |
} | |
EOF | |
#TODO: versions needs to be maintained - try to eliminate | |
cat <<< $(jq 'select(.schema == "olm.channel" and .name == "stable").entries += [{"name":"rhtas-operator.v1.0.2", "replaces": "rhtas-operator.v1.0.1"}]' v4.14/graph.json) > v4.14/graph.json | |
cat v4.14/graph.json | |
${{ env.OPM }} alpha render-template basic v4.14/graph.json > v4.14/catalog/rhtas-operator/catalog.json | |
${{ env.OPM }} validate v4.14/catalog/rhtas-operator | |
docker build v4.14 -f v4.14/catalog.Dockerfile -t $CATALOG_IMG | |
docker push $CATALOG_IMG | |
- name: Image prune | |
run: docker image prune -af | |
- name: Install Cluster | |
uses: container-tools/[email protected] | |
with: | |
version: v0.20.0 | |
node_image: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb | |
cpu: 3 | |
registry: false | |
config: ./ci/config.yaml | |
- name: Configure cluster | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml | |
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s | |
#install OLM | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml | |
# wait for a while to be sure CRDs are installed | |
sleep 1 | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml | |
kubectl create --kustomize ci/keycloak/operator/overlay/kind | |
until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ] | |
do | |
echo "Waiting for keycloak operator. Pods in keycloak-system namespace:" | |
kubectl get pods -n keycloak-system | |
sleep 10 | |
done | |
kubectl create --kustomize ci/keycloak/resources/overlay/kind | |
until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]] | |
do | |
printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system) | |
sleep 10 | |
done | |
# HACK - expose keycloak under the same name as the internal SVC has so it will be accessible: | |
# - within the cluster (where the localhost does not work) | |
# - outside the cluster (resolved from /etc/hosts and redirect to the localhost) | |
kubectl create -n keycloak-system -f - <<EOF | |
apiVersion: networking.k8s.io/v1 | |
kind: Ingress | |
metadata: | |
name: keycloak | |
spec: | |
rules: | |
- host: keycloak-internal.keycloak-system.svc | |
http: | |
paths: | |
- backend: | |
service: | |
name: keycloak-internal | |
port: | |
number: 80 | |
path: / | |
pathType: Prefix | |
EOF | |
shell: bash | |
- name: Add service hosts to /etc/hosts | |
run: | | |
sudo echo "127.0.0.1 fulcio-server.local tuf.local rekor-server.local keycloak-internal.keycloak-system.svc rekor-search-ui.local cli-server.local" | sudo tee -a /etc/hosts | |
- name: Install cosign | |
run: go install github.com/sigstore/cosign/v2/cmd/[email protected] | |
- name: Run tests | |
run: TEST_BASE_CATALOG=registry.redhat.io/redhat/redhat-operator-index:v4.14 TEST_TARGET_CATALOG=$CATALOG_IMG OPENSHIFT=false go test ./e2e/... -tags=upgrade -timeout 20m | |