Move runtime image to UBI9 from UBI8 to address GLIBC discrepancies #308
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test and Release | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened] | |
| branches: [ main ] | |
| jobs: | |
| build: | |
| name: Build artifacts | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| path: "chart-verifier" | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: ./chart-verifier/go.mod | |
| - name: Ensure Modules | |
| working-directory: ./chart-verifier | |
| run: make tidy | |
| - name: Ensure Formatting | |
| working-directory: ./chart-verifier | |
| run: make fmt | |
| - name: Run Linters | |
| working-directory: ./chart-verifier | |
| run: make lint | |
| - name: Build Binary | |
| working-directory: ./chart-verifier | |
| run: make bin | |
| - name: Run tests | |
| working-directory: ./chart-verifier | |
| run: | | |
| # Run go tests | |
| make test | |
| if [[ ! -z $(git status -s) ]] | |
| then | |
| echo "go test - errors running go tests : $(git status -s)" | |
| exit 1 | |
| fi | |
| - name: Set up Python 3.x | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.9' | |
| - name: Set up Python scripts on PR branch | |
| working-directory: ./chart-verifier | |
| run: | | |
| # set up python requirements and scripts on PR branch | |
| python3 -m venv ve1 | |
| cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. | |
| cd scripts && ../ve1/bin/python3 setup.py install && cd .. | |
| - name: Check if only release file in PR | |
| working-directory: ./chart-verifier | |
| id: check_version_in_PR | |
| run: | | |
| # check if release file only is included in PR | |
| ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Get Date | |
| id: get-date | |
| run: | | |
| echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - uses: actions/cache@v2 | |
| id: cache | |
| with: | |
| path: ./chart-verifier/oc | |
| key: ${{ steps.get-date.outputs.date }} | |
| - name: Install oc | |
| working-directory: ./chart-verifier | |
| id: install-oc | |
| run: | | |
| # install oc | |
| curl -sLO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz | |
| tar zxvf openshift-client-linux.tar.gz oc | |
| - name: Build the Image | |
| working-directory: ./chart-verifier | |
| id: build_image | |
| run: | | |
| # build a docker image | |
| commit_sha=$(git rev-parse --short HEAD) | |
| ve1/bin/build-and-test --image-name="quay.io/redhat-certification/chart-verifier" --sha-value=$commit_sha --build-only="True"} | |
| - name: Build podman Image | |
| working-directory: ./chart-verifier | |
| id: build_podman_image | |
| run: | | |
| # build a podman image | |
| # sudo apt install qemu-system-x86 | |
| commit_sha=$(git rev-parse --short HEAD) | |
| image_tag="podman-"$commit_sha | |
| echo "use image tag $image_tag" | |
| podman build -t quay.io/redhat-certification/chart-verifier:$image_tag . | |
| echo "podman_image_tag=$image_tag" >> $GITHUB_OUTPUT | |
| - name: Create tarfile | |
| id: create-tarfile | |
| working-directory: ./chart-verifier | |
| run: | | |
| # check if release file only is included in PR | |
| ve1/bin/tar-file --release="test" | |
| - name: Login to oc | |
| working-directory: ./chart-verifier | |
| env: | |
| KUBECONFIG: /tmp/ci-kubeconfig | |
| run: | | |
| # oc login | |
| API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
| gpg --version | |
| curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
| if [ $GITHUB_REPOSITORY == "redhat-certification/chart-verifier" ]; then | |
| # TODO: temporarily allow for skipping TLS verification as the new cluster uses local-only certificates | |
| # This if logic isn't removed to remind us to come back and swap this out when a valid cert is put in place. | |
| ./oc login --insecure-skip-tls-verify --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
| else | |
| ./oc login --insecure-skip-tls-verify --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
| fi | |
| ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER} | |
| - name: Run the tests | |
| working-directory: ./chart-verifier | |
| env: | |
| KUBECONFIG: /tmp/ci-kubeconfig | |
| VERIFIER_IMAGE_TAG: ${{ steps.build_image.outputs.verifier-image-tag }} | |
| VERIFIER_TARBALL_NAME : ${{ steps.create-tarfile.outputs.tarball_full_name }} | |
| PODMAN_IMAGE_TAG : ${{ steps.build_podman_image.outputs.podman_image_tag }} | |
| id: run_test | |
| run: | | |
| # run pytest | |
| ve1/bin/pytest -v --log-cli-level=WARNING --tb=short | |
| - name: Delete Namespace | |
| if: ${{ always() && steps.install-oc.conclusion == 'success' }} | |
| working-directory: ./chart-verifier | |
| env: | |
| KUBECONFIG: /tmp/ci-kubeconfig | |
| run: | | |
| # delete the namespace | |
| API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
| ./oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
| ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }} | |
| - name: Set up Python scripts on main branch | |
| run: | | |
| # set up python requirements and scripts on main branch | |
| echo $(pwd) | |
| python3 -m venv ve1 | |
| cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. | |
| cd scripts && ../ve1/bin/python3 setup.py install && cd .. | |
| - name: Check for restricted files and user permissiom | |
| id: check_authorization | |
| run: | | |
| # check for a restricted file and, if found, check user has permissiom | |
| ve1/bin/check-user --api-url=${{ github.event.pull_request._links.self.href }} --user=${{ github.event.pull_request.user.login }} | |
| - name: Check if version updated | |
| id: check_version_updated | |
| if: ${{ steps.check_version_in_PR.outputs.PR_includes_release == 'true' }} | |
| run: | | |
| # check if version file was changed | |
| ve1/bin/release-checker --version=${{ steps.check_version_in_PR.outputs.PR_version }} | |
| - name: Approve PR | |
| id: approve_pr | |
| if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
| uses: hmarr/auto-approve-action@v2 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Merge PR | |
| id: merge_pr | |
| if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
| uses: pascalgn/automerge-action@v0.13.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MERGE_METHOD: squash | |
| MERGE_LABELS: "" | |
| - name: Check for PR merge | |
| if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
| run: | | |
| ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Create the the release | |
| id: create_release | |
| if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.check_version_in_PR.outputs.PR_version }} | |
| body: ${{ steps.check_version_in_PR.outputs.PR_release_body }} | |
| files: ${{ steps.check_version_in_PR.outputs.PR_tarball_name }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check and link latest image in quay | |
| id: link_image_in_qauy | |
| if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
| env: | |
| QUAY_AUTH_TOKEN: ${{ secrets.QUAY_AUTH_TOKEN }} | |
| run: | | |
| # Check and link latest image to latest release if needed | |
| ve1/bin/link-images --verifier-version=${{ steps.check_version_in_PR.outputs.PR_version }} --link-tag="latest" |