rabbitmq
diff --git a/‎.github/workflows/build-test-publish.yml‎
Lines changed: 386 additions & 0 deletions b/‎.github/workflows/build-test-publish.yml‎
Lines changed: 386 additions & 0 deletions
@@ -0,0 +1,386 @@
+name: Build, Test, Publish Image & Manifest
+
+on:
+  push:
+    branches: [ "main" ]
+    paths-ignore:
+    - 'docs/**'
+    - '*.md'
+    - 'LICENSE.txt'
+    - 'PROJECT'
+    tags: [ "v*" ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  GO_VERSION: ~1.19
+  # Taken from https://github.com/kubernetes-sigs/kind/releases/tag/v0.17.0
+  # The image here should be listed under 'Images built for this release' for the version of kind in go.mod
+  KIND_NODE_IMAGE: "kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1"
+  BASELINE_UPGRADE_VERSION: v1.12.0
+
+jobs:
+  kubectl_tests:
+    name: kubectl rabbitmq tests
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: Install Bats
+      run: |
+        git clone https://github.com/bats-core/bats-core.git "$HOME"/bats-core
+        cd "$HOME"/bats-core
+        sudo ./install.sh /usr/local
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - name: kubectl rabbitmq tests
+      run: |
+        make install-tools
+        kind create cluster --image "${{ env.KIND_NODE_IMAGE }}"
+        DOCKER_REGISTRY_SERVER=local-server OPERATOR_IMAGE=local-operator make deploy-kind kubectl-plugin-tests
+  unit_integration_tests:
+    name: unit and integration tests
+    runs-on: ubuntu-latest
+    container: us.gcr.io/cf-rabbitmq-for-k8s-bunny/rabbitmq-for-kubernetes-ci
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - name: Unit tests
+      run: make unit-tests
+    - name: Integration tests
+      run: make integration-tests
+  build_operator:
+    runs-on: ubuntu-latest
+    needs: unit_integration_tests
+    permissions:
+      contents: 'write'
+      id-token: 'write'
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: OCI Metadata for multi-arch image
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        # list of Docker images to use as base name for tags
+        images: |
+          rabbitmqoperator/cluster-operator
+          quay.io/rabbitmqoperator/cluster-operator
+        # generate Docker tags based on the following events/attributes
+        tags: |
+          type=edge
+          type=sha
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+    - name: Login to Docker Hub
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - name: Login to Quay.io
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+    - name: Build and push
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        platforms: linux/amd64, linux/arm64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+    - name: OCI Metadata for single-arch image
+      if: startsWith(github.ref, 'refs/tags/v')
+      id: single-arch-meta
+      uses: docker/metadata-action@v4
+      with:
+        # list of Docker images to use as base name for tags
+        images: |
+          rabbitmqoperator/cluster-operator
+        flavor: |
+          latest=false
+        # generate Docker tags based on the following events/attributes
+        tags: |
+          type=semver,pattern={{version}},suffix=-amd64,latest=false
+    - name: Build and push single-arch image
+      if: startsWith(github.ref, 'refs/tags/v')
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        platforms: linux/amd64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.single-arch-meta.outputs.tags }}
+        labels: ${{ steps.single-arch-meta.outputs.labels }}
+    - name: Build manifest
+      if: github.event_name != 'pull_request'
+      env:
+        RELEASE_VERSION: ${{ steps.meta.outputs.version }}
+      run: |
+        make install-tools
+        pushd config/installation
+        kustomize edit set image rabbitmqoperator/cluster-operator-dev=rabbitmqoperator/cluster-operator:"${RELEASE_VERSION}"
+        popd
+        make generate-installation-manifest QUAY_IO_OPERATOR_IMAGE=quay.io/rabbitmqoperator/cluster-operator:"${RELEASE_VERSION}"
+    - name: Upload operator manifests
+      if: github.event_name != 'pull_request'
+      uses: actions/upload-artifact@v3
+      with:
+        name: operator-manifests
+        path: releases/cluster-operator*.yml
+        retention-days: 2
+        if-no-files-found: error
+    - name: Rename manifest for GCS
+      if: github.event_name != 'pull_request'
+      run: mv releases/cluster-operator.yml cluster-operator-${{ steps.meta.outputs.version }}.yml
+    - id: 'auth'
+      uses: 'google-github-actions/auth@v1'
+      with:
+        workload_identity_provider: ${{ secrets.GCP_IDENTITY_PROVIDER }}
+        service_account: ${{ secrets.GCP_SA }}
+    - name: Upload manifests to GCS
+      if: github.event_name != 'pull_request'
+      uses: 'google-github-actions/upload-cloud-storage@v1'
+      with:
+        path: cluster-operator-${{ steps.meta.outputs.version }}.yml
+        destination: operator-manifests-dev
+  system_tests_local:
+    name: Local system tests (using KinD)
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'pull_request' }}
+    needs: build_operator
+    strategy:
+      matrix:
+        rabbitmq-image:
+        - rabbitmq:3.9.9-management
+        - rabbitmq:management
+        - pivotalrabbitmq/rabbitmq:main-otp-min-bazel
+        - pivotalrabbitmq/rabbitmq:main-otp-max-bazel
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - name: System tests
+      env:
+        KIND_NODE_IMAGE: ${{ env.KIND_NODE_IMAGE }}
+        RABBITMQ_IMAGE: ${{ matrix.rabbitmq-image }}
+      run: |
+        make install-tools
+        kind create cluster --image "$KIND_NODE_IMAGE"
+        DOCKER_REGISTRY_SERVER=local-server OPERATOR_IMAGE=local-operator make deploy-kind
+        make cert-manager
+        SUPPORT_VOLUME_EXPANSION=false make system-tests
+    - name: Dry-run example YAMLs
+      run: |
+        for a in docs/examples/*/*.y*ml; do
+          manifest_path="$manifest_path -f $a"
+        done
+        # The examples are assumed to run in the 'examples' namespace, create if it doesn't exist
+        kubectl create namespace examples --dry-run=client -o yaml | kubectl  apply -f -
+        kubectl --namespace=examples apply --dry-run=server $manifest_path
+  system_tests:
+    name: System tests
+    runs-on: ubuntu-latest
+    container: us.gcr.io/cf-rabbitmq-for-k8s-bunny/rabbitmq-for-kubernetes-ci
+    if: ${{ github.event_name != 'pull_request' }}
+    # Add "id-token" with the intended permissions.
+    permissions:
+      contents: 'write'
+      id-token: 'write'
+    needs: build_operator
+    strategy:
+      matrix:
+        rabbitmq-image:
+        - rabbitmq:3.9.9-management
+        - rabbitmq:management
+        - pivotalrabbitmq/rabbitmq:main-otp-min-bazel
+        - pivotalrabbitmq/rabbitmq:main-otp-max-bazel
+        include:
+        - rabbitmq-image: rabbitmq:3.9.9-management
+          gke-cluster: ci-bunny-1
+        - rabbitmq-image: rabbitmq:management
+          gke-cluster: ci-bunny-1
+        - rabbitmq-image: pivotalrabbitmq/rabbitmq:main-otp-min-bazel
+          gke-cluster: ci-bunny-2
+        - rabbitmq-image: pivotalrabbitmq/rabbitmq:main-otp-max-bazel
+          gke-cluster: ci-bunny-2
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - name: Acquire lock for ${{ matrix.gke-cluster }}
+      uses: ben-z/gh-action-mutex@9709ba4d8596ad4f9f8bbe8e0f626ae249b1b3ac
+      with:
+        branch: lock-${{ matrix.gke-cluster }}
+    - id: 'auth'
+      uses: 'google-github-actions/auth@v1'
+      with:
+        workload_identity_provider: ${{ secrets.GCP_IDENTITY_PROVIDER }}
+        service_account: ${{ secrets.GCP_SA }}
+    - id: 'get-credentials'
+      uses: 'google-github-actions/get-gke-credentials@v1'
+      with:
+        cluster_name: ${{ matrix.gke-cluster }}
+        location: europe-west1
+    - name: Get operator manifest
+      uses: actions/download-artifact@v3
+      with:
+        name: operator-manifests
+    - name: Install Operator build
+      run: |
+        make install-tools
+        make destroy
+        kubectl apply -f cluster-operator.yml
+        kubectl --namespace=rabbitmq-system wait --for=condition=Available deployment/rabbitmq-cluster-operator
+    - name: System tests
+      env:
+        RABBITMQ_IMAGE: ${{ matrix.rabbitmq-image }}
+      run: |
+        make system-tests
+  test_doc_examples:
+    name: Documented example tests
+    runs-on: ubuntu-latest
+    container: us.gcr.io/cf-rabbitmq-for-k8s-bunny/rabbitmq-for-kubernetes-ci
+    if: ${{ github.event_name != 'pull_request' }}
+    # Add "id-token" with the intended permissions.
+    permissions:
+      contents: 'write'
+      id-token: 'write'
+    needs: build_operator
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - name: Acquire lock for ci-bunny-2
+      uses: ben-z/gh-action-mutex@9709ba4d8596ad4f9f8bbe8e0f626ae249b1b3ac
+      with:
+        branch: lock-ci-bunny-2
+    - id: 'auth'
+      uses: 'google-github-actions/auth@v1'
+      with:
+        workload_identity_provider: ${{ secrets.GCP_IDENTITY_PROVIDER }}
+        service_account: ${{ secrets.GCP_SA }}
+    - id: 'get-credentials'
+      uses: 'google-github-actions/get-gke-credentials@v1'
+      with:
+        cluster_name: ci-bunny-2
+        location: europe-west1
+    - name: Get operator manifest
+      uses: actions/download-artifact@v3
+      with:
+        name: operator-manifests
+    - name: Install Operator build
+      run: |
+        make install-tools
+        make destroy
+        kubectl apply -f cluster-operator.yml
+        kubectl --namespace=rabbitmq-system wait --for=condition=Available deployment/rabbitmq-cluster-operator
+    - name: Documented example tests
+      run: docs/examples/test.sh
+  test_upgrade:
+    name: Test upgrade of the operator
+    runs-on: ubuntu-latest
+    container: us.gcr.io/cf-rabbitmq-for-k8s-bunny/rabbitmq-for-kubernetes-ci
+    if: ${{ github.event_name != 'pull_request' }}
+    # Add "id-token" with the intended permissions.
+    permissions:
+      contents: 'write'
+      id-token: 'write'
+    needs: build_operator
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        check-latest: true
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - name: Acquire lock for ci-bunny-1
+      uses: ben-z/gh-action-mutex@9709ba4d8596ad4f9f8bbe8e0f626ae249b1b3ac
+      with:
+        branch: lock-ci-bunny-1
+    - id: 'auth'
+      uses: 'google-github-actions/auth@v1'
+      with:
+        workload_identity_provider: ${{ secrets.GCP_IDENTITY_PROVIDER }}
+        service_account: ${{ secrets.GCP_SA }}
+    - id: 'get-credentials'
+      uses: 'google-github-actions/get-gke-credentials@v1'
+      with:
+        cluster_name: ci-bunny-1
+        location: europe-west1
+    - name: Get operator manifest
+      uses: actions/download-artifact@v3
+      with:
+        name: operator-manifests
+    - name: Test upgrade rollout
+      run: hack/test-upgrade.sh https://github.com/rabbitmq/cluster-operator/releases/download/${{ env.BASELINE_UPGRADE_VERSION }}/cluster-operator.yml cluster-operator.yml release-header.md
+    - name: Upload release header
+      if: github.event_name != 'pull_request'
+      uses: actions/upload-artifact@v3
+      with:
+        name: release-header
+        path: release-header.md
+        retention-days: 2
+        if-no-files-found: error
+  release:
+    name: Release to GitHub Releases
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    needs: [system_tests, test_doc_examples, test_upgrade]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Get operator manifest
+      uses: actions/download-artifact@v3
+      with:
+        name: operator-manifests
+    - name: Get release header
+      uses: actions/download-artifact@v3
+      with:
+        name: release-header
+    - name: Release
+      uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
+      if: startsWith(github.ref, 'refs/tags/')
+      with:
+        files: |
+          cluster-operator.yml
+          cluster-operator-quay-io.yml
+        generate_release_notes: true
+        draft: true
+        body_path: release-header.md
+        fail_on_unmatched_files: true