Add github actions like in ctlplane operators

* dependabot config to auto create PRs to update dependencies * CI workflows to run checks + create images when PR merges
openstack-k8s-operators · Nov 22, 2022 · 389759d · 389759d
1 parent b28ae75
commit 389759d
Show file tree

Hide file tree

Showing 6 changed files with 389 additions and 0 deletions.
diff --git a/.github/create_bundle.sh b/.github/create_bundle.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+set -e
+
+CLUSTER_BUNDLE_FILE="bundle/manifests/ansibleee-operator.clusterserviceversion.yaml"
+
+echo "Creating ansibleee operator bundle"
+cd ..
+echo "${GITHUB_SHA}"
+echo "${BASE_IMAGE}"
+skopeo --version
+
+echo "Calculating image digest for docker://${REGISTRY}/${BASE_IMAGE}:${GITHUB_SHA}"
+DIGEST=$(skopeo inspect docker://${REGISTRY}/${BASE_IMAGE}:${GITHUB_SHA} | jq '.Digest' -r)
+# Output:
+# Calculating image digest for docker://quay.io/openstack-k8s-operators/ansibleee-operator:d03f2c1c362c04fc5ef819f92a218f9ea59bbd0c
+# Digest: sha256:1d5b578fd212f8dbd03c0235f1913ef738721766f8c94236af5efecc6d8d8cb1
+echo "Digest: ${DIGEST}"
+
+RELEASE_VERSION=$(grep "^VERSION" Makefile | awk -F'?= ' '{ print $2 }')
+OPERATOR_IMG_WITH_DIGEST="${REGISTRY}/${BASE_IMAGE}@${DIGEST}"
+
+echo "New Operator Image with Digest: $OPERATOR_IMG_WITH_DIGEST"
+echo "Release Version: $RELEASE_VERSION"
+
+echo "Creating bundle image..."
+VERSION=$RELEASE_VERSION IMG=$OPERATOR_IMG_WITH_DIGEST make bundle
+
+echo "Bundle file images:"
+cat "${CLUSTER_BUNDLE_FILE}" | grep "image:"
+# FIXME: display any ENV variables once we have offline support implemented
+#grep -A1 IMAGE_URL_DEFAULT "${CLUSTER_BUNDLE_FILE}"
+
+# We do not want to exit here. Some images are in different registries, so
+# error will be reported to the console.
+set +e
+for csv_image in $(cat "${CLUSTER_BUNDLE_FILE}" | grep "image:" | sed -e "s|.*image:||" | sort -u); do
+  digest_image=""
+  echo "CSV line: ${csv_image}"
+
+  # case where @ is in the csv_image image
+  if [[ "$csv_image" =~ .*"@".* ]]; then
+    delimeter='@'
+  else
+    delimeter=':'
+  fi
+
+  base_image=$(echo $csv_image | cut -f 1 -d${delimeter})
+  tag_image=$(echo $csv_image | cut -f 2 -d${delimeter})
+
+  if [[ "$base_image:$tag_image" == "controller:latest" ]]; then
+    echo "$base_image:$tag_image becomes $OPERATOR_IMG_WITH_DIGEST"
+    sed -e "s|$base_image:$tag_image|$OPERATOR_IMG_WITH_DIGEST|g" -i "${CLUSTER_BUNDLE_FILE}"
+  else
+    digest_image=$(skopeo inspect docker://${base_image}${delimeter}${tag_image} | jq '.Digest' -r)
+    echo "Base image: $base_image"
+    if [ -n "$digest_image" ]; then
+      echo "$base_image${delimeter}$tag_image becomes $base_image@$digest_image"
+      sed -i "s|$base_image$delimeter$tag_image|$base_image@$digest_image|g" "${CLUSTER_BUNDLE_FILE}"
+    else
+      echo "$base_image${delimeter}$tag_image not changed"
+    fi
+  fi
+done
+
+echo "Resulting bundle file images:"
+cat "${CLUSTER_BUNDLE_FILE}" | grep "image:"
+
+# FIXME: display any ENV variables once we have offline support implemented
+#grep -A1 IMAGE_URL_DEFAULT "${CLUSTER_BUNDLE_FILE}"
diff --git a/.github/create_opm_index.sh b/.github/create_opm_index.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+echo "Creating operator index image"
+echo "${REGISTRY}"
+echo "${GITHUB_SHA}"
+echo "${INDEX_IMAGE}"
+echo "${INDEX_IMAGE_TAG}"
+echo "${BUNDLE_IMAGE}"
+
+echo "opm index add --bundles ${REGISTRY}/${BUNDLE_IMAGE}:${GITHUB_SHA} --tag ${REGISTRY}/${INDEX_IMAGE}:${GITHUB_SHA} -u podman --pull-tool podman"
+opm index add --bundles "${REGISTRY}/${BUNDLE_IMAGE}:${GITHUB_SHA}" --tag "${REGISTRY}/${INDEX_IMAGE}:${GITHUB_SHA}" -u podman --pull-tool podman
+
+echo "podman tag ${REGISTRY}/${INDEX_IMAGE}:${GITHUB_SHA} ${REGISTRY}/${INDEX_IMAGE}:${INDEX_IMAGE_TAG}"
+podman tag "${REGISTRY}/${INDEX_IMAGE}:${GITHUB_SHA}" "${REGISTRY}/${INDEX_IMAGE}:${INDEX_IMAGE_TAG}"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+- package-ecosystem: "gomod"
+  directory: "/"
+  schedule:
+    interval: "daily"
+- package-ecosystem: "gomod"
+  directory: "/apis/"
+  schedule:
+    interval: "daily"
diff --git a/.github/workflows/build-ansibleee-operator.yaml b/.github/workflows/build-ansibleee-operator.yaml
@@ -0,0 +1,200 @@
+name: AnsibleEE Operator image builder
+
+on:
+  push:
+    branches:
+      - '*'
+    paths-ignore:
+      - .gitignore
+      - .pull_request_pipeline
+      - changelog.txt
+      - kuttl-test.yaml
+      - LICENSE
+      - Makefile
+      - OWNERS
+      - PROJECT
+      - README.md
+      - .github/
+      - build/
+      - docs/
+      - tests/
+
+env:
+  imageregistry: 'quay.io'
+  imagenamespace: ${{ secrets.IMAGENAMESPACE || secrets.QUAY_USERNAME }}
+  latesttag: latest
+
+jobs:
+
+  check-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check secrets are set
+        id: have-secrets
+        if: "${{ env.imagenamespace != '' }}"
+        run: echo "::set-output name=ok::true"
+    outputs:
+      have-secrets: ${{ steps.have-secrets.outputs.ok }}
+
+  build-ansibleee-operator:
+    name: Build ansibleee-operator image using buildah
+    runs-on: ubuntu-latest
+    needs: [check-secrets]
+    if: needs.check-secrets.outputs.have-secrets == 'true'
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Get branch name
+      id: branch-name
+      uses: tj-actions/branch-names@v5
+
+    - name: Set latest tag for non master branch
+      if: "${{ steps.branch-name.outputs.current_branch != 'master' }}"
+      run: |
+        echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV
+
+    - name: Buildah Action
+      id: build-ansibleee-operator
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ansibleee-operator
+        tags: ${{ env.latesttag }} ${{ github.sha }}
+        containerfiles: |
+          ./Dockerfile
+
+    - name: Push ansibleee-operator To ${{ env.imageregistry }}
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.build-ansibleee-operator.outputs.image }}
+        tags: ${{ steps.build-ansibleee-operator.outputs.tags }}
+        registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+  build-ansibleee-operator-bundle:
+    needs: [ check-secrets, build-ansibleee-operator ]
+    name: ansibleee-operator-bundle
+    runs-on: ubuntu-latest
+    if: needs.check-secrets.outputs.have-secrets == 'true'
+
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.18.x
+
+    - name: Checkout ansibleee-operator repository
+      uses: actions/checkout@v2
+
+    - name: Install operator-sdk
+      uses: redhat-actions/openshift-tools-installer@v1
+      with:
+        source: github
+        operator-sdk: '1.23.0'
+
+    - name: Log in to Quay Registry
+      uses: redhat-actions/podman-login@v1
+      with:
+        registry: ${{ env.imageregistry }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Log in to Red Hat Registry
+      uses: redhat-actions/podman-login@v1
+      with:
+        registry: registry.redhat.io
+        username: ${{ secrets.REDHATIO_USERNAME }}
+        password: ${{ secrets.REDHATIO_PASSWORD }}
+
+    - name: Create bundle image
+      run: |
+        pushd "${GITHUB_WORKSPACE}"/.github/
+        chmod +x "create_bundle.sh"
+        "./create_bundle.sh"
+        popd
+      env:
+        REGISTRY:  ${{ env.imageregistry }}/${{ env.imagenamespace }}
+        GITHUB_SHA: ${{ github.sha }}
+        BASE_IMAGE: ansibleee-operator
+
+    - name: Get branch name
+      id: branch-name
+      uses: tj-actions/branch-names@v5
+
+    - name: Set latest tag for non master branch
+      if: "${{ steps.branch-name.outputs.current_branch != 'master' }}"
+      run: |
+        echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV
+
+    - name: Build ansibleee-operator-bundle using buildah
+      id: build-ansibleee-operator-bundle
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ansibleee-operator-bundle
+        tags: ${{ env.latesttag }} ${{ github.sha }}
+        containerfiles: |
+          ./bundle.Dockerfile
+
+    - name: Push ansibleee-operator To ${{ env.imageregistry }}
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.build-ansibleee-operator-bundle.outputs.image }}
+        tags: ${{ steps.build-ansibleee-operator-bundle.outputs.tags }}
+        registry:  ${{ env.imageregistry }}/${{ env.imagenamespace }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+  build-ansibleee-operator-index:
+    needs: [ check-secrets, build-ansibleee-operator-bundle ]
+    name: ansibleee-operator-index
+    runs-on: ubuntu-latest
+    if: needs.check-secrets.outputs.have-secrets == 'true'
+
+    steps:
+    - name: Checkout ansibleee-operator repository
+      uses: actions/checkout@v2
+
+    - name: Get branch name
+      id: branch-name
+      uses: tj-actions/branch-names@v5
+
+    - name: Set latest tag for non master branch
+      if: "${{ steps.branch-name.outputs.current_branch != 'master' }}"
+      run: |
+        echo "latesttag=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV
+
+    - name: Install opm
+      uses: redhat-actions/openshift-tools-installer@v1
+      with:
+        source: github
+        opm: 'latest'
+
+    - name: Log in to Red Hat Registry
+      uses: redhat-actions/podman-login@v1
+      with:
+        registry: ${{ env.imageregistry }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Create index image
+      run: |
+        pushd "${GITHUB_WORKSPACE}"/.github/
+        chmod +x "create_opm_index.sh"
+        "./create_opm_index.sh"
+        popd
+      env:
+        REGISTRY:  ${{ env.imageregistry }}/${{ env.imagenamespace }}
+        GITHUB_SHA: ${{ github.sha }}
+        BUNDLE_IMAGE: ansibleee-operator-bundle
+        INDEX_IMAGE_TAG: ${{ env.latesttag }}
+        INDEX_IMAGE: ansibleee-operator-index
+
+    - name: Push ansibleee-operator-index To ${{ env.imageregistry }}
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ansibleee-operator-index
+        tags: ${{ env.latesttag }} ${{ github.sha }}
+        registry:  ${{ env.imageregistry }}/${{ env.imagenamespace }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml
@@ -0,0 +1,42 @@
+name: Golang lint, vet and unit test pipeline
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    name: github (govet, golint and gotest)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.18.x
+      - name: Checkout project code
+        uses: actions/checkout@v2
+      - name: Checkout openstack-k8s-operators-ci project
+        uses: actions/checkout@v2
+        with:
+          repository: openstack-k8s-operators/openstack-k8s-operators-ci
+          path: ./openstack-k8s-operators-ci
+      - name: Run govet.sh
+        run: ./openstack-k8s-operators-ci/test-runner/govet.sh
+      - name: Run golint.sh
+        run: ./openstack-k8s-operators-ci/test-runner/golint.sh
+      - name: Run gotest.sh
+        run: ./openstack-k8s-operators-ci/test-runner/gotest.sh
+
+  golangci:
+    name: github (golangci)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.18.x
+      - name: Checkout project code
+        uses: actions/checkout@v2
+      - name: Run golangci lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: latest
+          args: --timeout 5m
diff --git a/.github/workflows/release-ansibleee-operator.yaml b/.github/workflows/release-ansibleee-operator.yaml
@@ -0,0 +1,48 @@
+name: Release AnsibleEE Operator
+
+on:
+  release:
+    types:
+      - released
+      - prereleased
+
+env:
+  imageregistry: 'quay.io'
+  imagenamespace: ${{ secrets.IMAGENAMESPACE || secrets.QUAY_USERNAME }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Tag image
+      uses: tinact/docker.image-retag@1.0.2
+      with:
+        image_name: ${{ env.imagenamespace }}/
+        image_old_tag: ${{ github.sha }}
+        image_new_tag: ${{ github.event.release.tag_name }}
+        registry: ${{ env.imageregistry }}
+        registry_username: ${{ secrets.QUAY_USERNAME }}
+        registry_password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Tag -bundle image
+      uses: tinact/docker.image-retag@1.0.2
+      with:
+        image_name: ${{ env.imagenamespace }}/-bundle
+        image_old_tag: ${{ github.sha }}
+        image_new_tag: ${{ github.event.release.tag_name }}
+        registry: ${{ env.imageregistry }}
+        registry_username: ${{ secrets.QUAY_USERNAME }}
+        registry_password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Tag -index image
+      uses: tinact/docker.image-retag@1.0.2
+      with:
+        image_name: ${{ env.imagenamespace }}/-index
+        image_old_tag: ${{ github.sha }}
+        image_new_tag: ${{ github.event.release.tag_name }}
+        registry: ${{ env.imageregistry }}
+        registry_username: ${{ secrets.QUAY_USERNAME }}
+        registry_password: ${{ secrets.QUAY_PASSWORD }}