Skip to content

Add advanced validation for release-config.yaml #193

Add advanced validation for release-config.yaml

Add advanced validation for release-config.yaml #193

---
name: Build and test
on: # yamllint disable-line rule:truthy
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, labeled]
workflow_dispatch:
jobs:
tox:
name: Run unit tests and linters
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up PDM
uses: pdm-project/setup-pdm@v4
with:
python-version: "3.12"
- name: Install non-python dependencies
run: |
sudo apt-get update && sudo apt-get install -y libkrb5-dev
- name: Install Hadolint via Brew
run: |
NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
/home/linuxbrew/.linuxbrew/bin/brew install hadolint
sudo ln -s /home/linuxbrew/.linuxbrew/bin/hadolint /usr/bin/
- name: Install Python dependencies
run: |
pdm sync -dG tox
pipx install ansible-lint
- name: Run Tests
run: |
pdm run -v tox
build:
name: Build and push image
runs-on: ubuntu-latest
steps:
- name: Set variables
id: set-vars
run: |
if [[ $GITHUB_REF_NAME == 'main' ]]; then
echo "tags=latest ${{ github.sha }}" >> $GITHUB_OUTPUT
else
echo "tags=${{ github.sha }}">> $GITHUB_OUTPUT
fi
- uses: actions/checkout@v4
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: operator-pipelines-images
tags: ${{ steps.set-vars.outputs.tags }}
dockerfiles: |
./operator-pipeline-images/Dockerfile
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: quay.io/redhat-isv
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Print image url
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
integration-tests:
needs: [build]
if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event.label.name == 'ready-for-testing'
timeout-minutes: 90
strategy:
matrix:
test_type:
- isv
- community
- isv-fbc-bundle
- isv-fbc-catalog
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Prepare
id: prepare
run: |
echo "suffix=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
- name: Install dependencies
run: |
# Install python packages needed from ansible
pipx inject ansible-core jmespath openshift pygithub
# Add certificates to trusted list
sudo cp operator-pipeline-images/certs/* /usr/local/share/ca-certificates
# Rename all .pem files to .crt to allow update-ca-certificates
for file in /usr/local/share/ca-certificates/*.pem
do
sudo mv "$file" "${file%.pem}.crt"
done
sudo update-ca-certificates
echo "${{ secrets.VAULT_PASSWORD }}" > "$HOME"/.vault-password
# secret used also in hosted pipeline for enabling
# access to cluster for tkn command log accessing
mkdir -p "$HOME"/.kube
ansible-vault decrypt \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.kube/config \
ansible/vaults/integration-tests/ci-pipeline-kubeconfig
# secret used also in hosted pipeline for enabling
# cloning of the repository
mkdir -p "$HOME"/.ssh
ansible-vault decrypt \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.ssh/id_rsa \
ansible/vaults/integration-tests/ci-pipeline-github-ssh-key
- name: Run the integration tests ansible playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: playbooks/operator-pipeline-integration-tests.yml
directory: ./ansible
requirements: playbooks/requirements.yml
vault_password: ${{secrets.VAULT_PASSWORD}}
options: |
-e "test_type=${{ matrix.test_type }}"
-e "oc_namespace=int-tests-${{ matrix.test_type }}-${{ github.run_number }}-${{ github.run_attempt }}"
-e "integration_tests_operator_bundle_version=0.2.${{ github.run_number }}-${{ github.run_attempt }}"
-e "operator_pipeline_image_tag=${{ github.sha }}"
-e "suffix=${{ steps.prepare.outputs.suffix }}"
-e "ansible_python_interpreter=/opt/pipx/venvs/ansible-core/bin/python3"
--skip-tags=signing-pipeline
-v