312 lines (295 loc) · 11.3 KB
/
ci-cd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
name: Continuous Integration and Release
concurrency: ci-${{ github.ref }}
on:
push:
tags-ignore:
- "*"
branches:
- "main"
pull_request:
release:
types: [published]
workflow_dispatch:
jobs:
test-binary:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.16
- uses: actions/cache@v3
id: go-cache
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: get git tags
run: git fetch --prune --unshallow --tags
- name: install-mockery
run: go install github.com/vektra/mockery/v2
- name: test
run: make test
- name: static analysis
run: make vet-check
- name: coding styles
run: make fmt-check
test-checks:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.7
- uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-python-${{ hashFiles('requirements.dev.txt') }}
- name: install python dependencies
run: pip install -r requirements.dev.txt
- name: ansible playbooks and roles lint check
run: |
ansible-lint -vv -x role-name,risky-shell-pipe,no-tabs -w yaml \
runner/ansible/* runner/ansible/roles/* \
runner/ansible/roles/checks/* runner/ansible/vars/*
- name: trento checks ID sanity test
run: python3 hack/id_checker.py
test-python-callback:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.7
- uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-python-${{ hashFiles('requirements.dev.txt') }}
- name: install python dependencies
run: pip install -r requirements.dev.txt
- name: ansible playbooks and roles lint check
run: |
cd test/ansible_callback_test
pytest -vv
build-and-push-container-images:
runs-on: ubuntu-20.04
if: github.event_name == 'release' || (github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'workflow_dispatch'
needs: [test-binary, test-checks, test-python-callback]
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_REPOSITORY: ghcr.io/${{ github.repository_owner }}/trento-runner
IMAGE_TAG: "${{ (github.event_name == 'release' && github.event.release.tag_name) || (github.event_name == 'push' && github.ref_name == 'main' && 'rolling') || github.sha }}"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@v2
- name: Log in to the Container registry
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a
with:
images: ${{ env.IMAGE_REPOSITORY }}
- name: Build and push container image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ env.IMAGE_REPOSITORY }}:${{ env.IMAGE_TAG }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-and-export-container-images:
runs-on: ubuntu-20.04
needs: [test-binary, test-checks, test-python-callback]
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_REPOSITORY: ghcr.io/${{ github.repository_owner }}/trento-runner
IMAGE_TAG: "${{ (github.event_name == 'release' && github.event.release.tag_name) || (github.event_name == 'push' && github.ref_name == 'main' && 'rolling') || github.sha }}"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@v2
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a
with:
images: ${{ env.IMAGE_REPOSITORY }}
- name: Create image artifact
uses: docker/build-push-action@v3
with:
context: .
push: false
tags: ${{ env.IMAGE_REPOSITORY }}:${{ env.IMAGE_TAG }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=docker,dest=/tmp/trento-runner.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: trento-runner
path: /tmp/trento-runner.tar
smoke-test-container-images:
runs-on: ubuntu-20.04
needs: build-and-export-container-images
env:
REGISTRY: ghcr.io
IMAGE_REPOSITORY: ghcr.io/${{ github.repository_owner }}/trento-runner
IMAGE_TAG: "${{ (github.event_name == 'release' && github.event.release.tag_name) || (github.event_name == 'push' && github.ref_name == 'main' && 'rolling') || github.sha }}"
steps:
- uses: docker/setup-buildx-action@v2
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: trento-runner
path: /tmp
- name: Load image
run: docker load --input /tmp/trento-runner.tar
- name: Test CLI
run: docker run --rm ${{ env.IMAGE_REPOSITORY }}:${{ env.IMAGE_TAG }} version
build-static-binary:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.16
- uses: actions/cache@v3
id: go-cache
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: build
run: make -j4 cross-compiled
- name: compress
run: |
set -x
find ./build -maxdepth 1 -mindepth 1 -type d -exec sh -c 'tar -zcf build/trento-runner-$(basename {}).tgz -C {} trento-runner' \;
- uses: actions/upload-artifact@v3
with:
name: trento-runner-binaries
path: |
build/trento-runner-amd64.tgz
build/trento-runner-arm64.tgz
build/trento-runner-ppc64le.tgz
build/trento-runner-s390x.tgz
release-rolling:
needs: [test-binary, test-checks, test-python-callback, build-static-binary]
if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
runs-on: ubuntu-20.04
steps:
- uses: actions/download-artifact@v3
with:
name: trento-runner-binaries
- uses: "marvinpinto/action-automatic-releases@v1.2.1"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: "rolling"
prerelease: true
title: "Cutting Edge"
files: |
trento-runner-amd64.tgz
trento-runner-arm64.tgz
trento-runner-ppc64le.tgz
trento-runner-s390x.tgz
# This job doesn't actually make release, but rather reacts to a manual one, made via the GitHub UI.
# In the future, we might want to reuse the same mechanism of the rolling ones to automate everything here as well.
release-tag:
needs: [test-binary, test-checks, test-python-callback]
if: github.event.release
runs-on: ubuntu-20.04
steps:
- uses: actions/download-artifact@v3
with:
name: trento-runner-binaries
- uses: AButler/upload-release-assets@v2.0
with:
files: "trento-runner-*"
repo-token: ${{ secrets.GITHUB_TOKEN }}
obs-commit:
name: Commit the project on OBS
runs-on: ubuntu-20.04
if: github.event_name == 'release' || (github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'workflow_dispatch'
needs: [test-binary, test-checks, test-python-callback]
container:
image: ghcr.io/trento-project/continuous-delivery:main
env:
OSC_CHECKOUT_DIR: /tmp/trento-runner-package
PACKAGE_NAME: trento-runner-image
OBS_USER: ${{ secrets.OBS_USER }}
OBS_PASS: ${{ secrets.OBS_PASS }}
OBS_PROJECT: ${{ secrets.OBS_PROJECT }}
PACKAGE_DIR: packaging/suse
REPOSITORY: ${{ github.repository }}
options: -u 0:0
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.9.1
with:
access_token: ${{ github.token }}
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure OSC
# OSC credentials must be configured beforehand as the HOME variables cannot be changed from /github/home
# that is used to run osc commands
run: |
mkdir -p $HOME/.config/osc
cp /home/osc/.config/osc/oscrc $HOME/.config/osc
/scripts/init_osc_creds.sh
- name: Set version
run: |
git config --global --add safe.directory /__w/runner/runner
VERSION=$(./hack/get_version_from_git.sh)
sed -i 's~%%REVISION%%~${{ github.sha }}~' $PACKAGE_DIR/_service && \
sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $PACKAGE_DIR/_service && \
sed -i 's~%%VERSION%%~'"${VERSION}"'~' $PACKAGE_DIR/_service && \
sed -i 's~%%VERSION%%~'"${VERSION}"'~' $PACKAGE_DIR/Dockerfile
# "+" character is not allowed in OBS dockerfile version strings
VERSION=${VERSION//[+]/-}
sed -i 's~%%OBS_VERSION%%~'"${VERSION}"'~' $PACKAGE_DIR/Dockerfile
- name: create vendor dependencies archive
# note the following tar options to strip all the things that could make the archive different without the content actually changing
# to make it easier to identify when dependencies changed
run: |
go mod vendor
tar --sort=name --owner=root:0 --group=root:0 --mtime='UTC 1970-01-01' -c vendor | gzip -n > vendor.tar.gz
- name: checkout and prepare OBS package
run: |
osc checkout $OBS_PROJECT $PACKAGE_NAME -o $OSC_CHECKOUT_DIR
cp $PACKAGE_DIR/_service $OSC_CHECKOUT_DIR
cp $PACKAGE_DIR/Dockerfile $OSC_CHECKOUT_DIR
rm -v $OSC_CHECKOUT_DIR/{vendor,runner}*.tar.gz
pushd $OSC_CHECKOUT_DIR
osc service manualrun
cp /__w/runner/runner/vendor.tar.gz .
- name: Prepare .changes file
# The .changes file is updated only in release creation. This current task should be improved
# in order to add the current rolling release notes
if: github.event_name == 'release'
run: |
CHANGES_FILE=$PACKAGE_NAME.changes
VERSION=$(./hack/get_version_from_git.sh)
hack/gh_release_to_obs_changeset.py $REPOSITORY -a trento-developers@suse.com -t $VERSION -f $OSC_CHECKOUT_DIR/$CHANGES_FILE
- name: Commit on OBS
run: |
pushd $OSC_CHECKOUT_DIR
osc ar
osc commit -m "GitHub Actions automated update to reference ${{ github.sha }}"