Merge pull request #747 from redhat-openshift-ecosystem/ISV-5240 #104
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build and test | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: | |
- main | |
pull_request: | |
types: [opened, synchronize, reopened, labeled] | |
workflow_dispatch: | |
jobs: | |
tox: | |
name: Run unit tests and linters | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up PDM | |
uses: pdm-project/setup-pdm@v4 | |
with: | |
python-version: "3.12" | |
- name: Install non-python dependencies | |
run: | | |
sudo apt-get update && sudo apt-get install -y libkrb5-dev | |
- name: Install Hadolint via Brew | |
run: | | |
NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
/home/linuxbrew/.linuxbrew/bin/brew install hadolint | |
sudo ln -s /home/linuxbrew/.linuxbrew/bin/hadolint /usr/bin/ | |
- name: Install Python dependencies | |
run: | | |
pdm sync -dG tox | |
pipx install ansible-lint | |
- name: Run Tests | |
run: | | |
pdm run -v tox | |
build: | |
name: Build and push image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set variables | |
id: set-vars | |
run: | | |
if [[ $GITHUB_REF_NAME == 'main' ]]; then | |
echo "tags=latest ${{ github.sha }}" >> $GITHUB_OUTPUT | |
else | |
echo "tags=${{ github.sha }}">> $GITHUB_OUTPUT | |
fi | |
- uses: actions/checkout@v4 | |
- name: Build Image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: operator-pipelines-images | |
tags: ${{ steps.set-vars.outputs.tags }} | |
dockerfiles: | | |
./operator-pipeline-images/Dockerfile | |
- name: Push To quay.io | |
id: push-to-quay | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: quay.io/redhat-isv | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Print image url | |
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
integration-tests: | |
needs: [build] | |
if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event.label.name == 'ready-for-testing' | |
timeout-minutes: 90 | |
strategy: | |
matrix: | |
test_type: | |
- isv | |
- community | |
- isv-fbc-bundle | |
- isv-fbc-catalog | |
fail-fast: false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare | |
id: prepare | |
run: | | |
echo "suffix=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
- name: Install dependencies | |
run: | | |
# Install python packages needed from ansible | |
pipx inject ansible-core jmespath openshift pygithub | |
# Add certificates to trusted list | |
sudo cp operator-pipeline-images/certs/* /usr/local/share/ca-certificates | |
# Rename all .pem files to .crt to allow update-ca-certificates | |
for file in /usr/local/share/ca-certificates/*.pem | |
do | |
sudo mv "$file" "${file%.pem}.crt" | |
done | |
sudo update-ca-certificates | |
echo "${{ secrets.VAULT_PASSWORD }}" > "$HOME"/.vault-password | |
# secret used also in hosted pipeline for enabling | |
# access to cluster for tkn command log accessing | |
mkdir -p "$HOME"/.kube | |
ansible-vault decrypt \ | |
--vault-password-file "$HOME"/.vault-password \ | |
--output "$HOME"/.kube/config \ | |
ansible/vaults/integration-tests/ci-pipeline-kubeconfig | |
# secret used also in hosted pipeline for enabling | |
# cloning of the repository | |
mkdir -p "$HOME"/.ssh | |
ansible-vault decrypt \ | |
--vault-password-file "$HOME"/.vault-password \ | |
--output "$HOME"/.ssh/id_rsa \ | |
ansible/vaults/integration-tests/ci-pipeline-github-ssh-key | |
- name: Run the integration tests ansible playbook | |
uses: dawidd6/action-ansible-playbook@v2 | |
with: | |
playbook: playbooks/operator-pipeline-integration-tests.yml | |
directory: ./ansible | |
requirements: playbooks/requirements.yml | |
vault_password: ${{secrets.VAULT_PASSWORD}} | |
options: | | |
-e "test_type=${{ matrix.test_type }}" | |
-e "oc_namespace=int-tests-${{ matrix.test_type }}-${{ github.run_number }}-${{ github.run_attempt }}" | |
-e "integration_tests_operator_bundle_version=0.2.${{ github.run_number }}-${{ github.run_attempt }}" | |
-e "operator_pipeline_image_tag=${{ github.sha }}" | |
-e "suffix=${{ steps.prepare.outputs.suffix }}" | |
-e "ansible_python_interpreter=/opt/pipx/venvs/ansible-core/bin/python3" | |
--skip-tags=signing-pipeline | |
-v |