diff --git a/.github/workflows/command_merge.yaml b/.github/workflows/command_merge.yaml index d8d93e515..20b48fb83 100644 --- a/.github/workflows/command_merge.yaml +++ b/.github/workflows/command_merge.yaml @@ -2,7 +2,7 @@ on: issue_comment name: Issue Comments - merge env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" OPP_THIS_REPO_NAME: "community-operators-pipeline" OPP_THIS_REPO_ORG: "redhat-openshift-ecosystem" diff --git a/.github/workflows/command_retest.yaml b/.github/workflows/command_retest.yaml index e1b73df0d..89d728cb6 100644 --- a/.github/workflows/command_retest.yaml +++ b/.github/workflows/command_retest.yaml @@ -2,7 +2,7 @@ on: issue_comment name: Issue Comments - retest env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: handle_comments: diff --git a/.github/workflows/dco_test.yaml b/.github/workflows/dco_test.yaml index b0eb7d01d..9f3244062 100644 --- a/.github/workflows/dco_test.yaml +++ b/.github/workflows/dco_test.yaml @@ -20,8 +20,8 @@ env: OPP_THIS_BRANCH: "main" OPP_PROD: 0 OPP_DRY_RUN: 0 - KIND_KUBE_VERSION: "v1.26.3" - OPP_PRODUCTION_TYPE: "k8s" + KIND_KUBE_VERSION: "v1.27.2" + OPP_PRODUCTION_TYPE: "ocp" OPP_REVIEWERS_ENABLED: 0 diff --git a/.github/workflows/dco_workflow_complete.yaml b/.github/workflows/dco_workflow_complete.yaml index d083c2bb4..2552975e1 100644 --- a/.github/workflows/dco_workflow_complete.yaml +++ b/.github/workflows/dco_workflow_complete.yaml @@ -7,7 +7,7 @@ on: types: [completed] env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index cd721b2ea..b27b9f13c 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -27,7 +27,7 @@ jobs: OPP_THIS_REPO_SED=${OPP_THIS_REPO_SED//\//\\/} sed -i 's/repo_url.*/repo_url: '$OPP_THIS_REPO_SED'/g' mkdocs.yml - sed -i 's/ cluster_type:.*/ cluster_type: k8s/g' mkdocs.yml + sed -i 's/ cluster_type:.*/ cluster_type: ocp/g' mkdocs.yml cat mkdocs.yml diff --git a/.github/workflows/operator_ci.yaml b/.github/workflows/operator_ci.yaml index 07b5c4008..2712ad7d0 100644 --- a/.github/workflows/operator_ci.yaml +++ b/.github/workflows/operator_ci.yaml @@ -7,7 +7,7 @@ on: env: AUTOMERGE_ENABLED: "1" - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" OPP_SCRIPT_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/dev/ci/scripts/opp.sh" OPP_SCRIPT_ENV_OPRT_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/dev/ci/scripts/opp-oprt.sh" OPP_SCRIPT_ENV_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/dev/ci/scripts/opp-env.sh" @@ -120,7 +120,7 @@ jobs: with: github-token: ${{secrets.GITHUB_TOKEN}} script: | - const arr = ['installation-validated', 'installation-validated-atest', ]; + const arr = ['installation-validated', 'installation-validated-4.10', 'installation-validated-4.11', 'installation-validated-4.12', 'installation-validated-4.13', ]; for (let label of arr) { github.rest.issues.removeLabel({ diff --git a/.github/workflows/operator_ci_approved.yaml b/.github/workflows/operator_ci_approved.yaml index ff3739bd6..6bde5d655 100644 --- a/.github/workflows/operator_ci_approved.yaml +++ b/.github/workflows/operator_ci_approved.yaml @@ -22,8 +22,8 @@ env: OPP_THIS_BRANCH: "main" OPP_PROD: 0 OPP_DRY_RUN: 0 - KIND_KUBE_VERSION: "v1.26.3" - OPP_PRODUCTION_TYPE: "k8s" + KIND_KUBE_VERSION: "v1.27.2" + OPP_PRODUCTION_TYPE: "ocp" OPP_REVIEWERS_ENABLED: 0 jobs: diff --git a/.github/workflows/operator_ci_index_sha.yaml b/.github/workflows/operator_ci_index_sha.yaml index 892a98aed..89952b186 100644 --- a/.github/workflows/operator_ci_index_sha.yaml +++ b/.github/workflows/operator_ci_index_sha.yaml @@ -19,14 +19,14 @@ env: GODEBUG: x509ignoreCN=0 OPP_INDEX_MIRROR: 1 OPP_MIRROR_LATEST_TAG: "" - OPP_PRODUCTION_TYPE: "k8s" - OPP_MIRROR_INDEX_MULTIARCH_BASE: "quay.io/operator-framework/opm" - OPP_MULTIARCH_SUPPORTED_VERSIONS: "latest" + OPP_PRODUCTION_TYPE: "ocp" + OPP_MIRROR_INDEX_MULTIARCH_BASE: "registry.redhat.io/openshift4/ose-operator-registry" + OPP_MULTIARCH_SUPPORTED_VERSIONS: "v4.5 v4.6 v4.7 v4.8 v4.9 v4.10 v4.11 v4.12 v4.13" OPP_MIRROR_INDEX_MULTIARCH_POSTFIX: "s" OPP_MIRROR_INDEX_REGISTRY: "quay.io" OPP_MIRROR_INDEX_ORGANIZATION: "community-operators-pipeline" OPP_MIRROR_INDEX_NAME: "catalog" - IIB_INPUT_REGISTRY_USER: "framework_automation" + IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline" OPP_REGISTRY_MIRROR_USER: "framework_automation" #QUAY_API_TOKEN_OPENSHIFT_COMMUNITY_OP: ${{ secrets.QUAY_API_TOKEN_OPENSHIFT_COMMUNITY_OP }} @@ -51,7 +51,7 @@ jobs: timeout-minutes: 3600 strategy: matrix: - index-tag: [ latest ] + index-tag: [ v4.10-db, v4.11, v4.12, v4.13, v4.14-rc, v4.15-rc ] fail-fast: false steps: diff --git a/.github/workflows/operator_ci_labels.yaml b/.github/workflows/operator_ci_labels.yaml index 22291676d..04c4e4c37 100644 --- a/.github/workflows/operator_ci_labels.yaml +++ b/.github/workflows/operator_ci_labels.yaml @@ -6,7 +6,7 @@ on: types: [labeled] env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: diff --git a/.github/workflows/operator_convert.yaml b/.github/workflows/operator_convert.yaml index 06ae6595c..921e4aff8 100644 --- a/.github/workflows/operator_convert.yaml +++ b/.github/workflows/operator_convert.yaml @@ -28,7 +28,7 @@ env: ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0 ANSIBLE_STDOUT_CALLBACK: "yaml" OPP_TARGET_BRANCH: "${{ github.event.inputs.target_branch }}" - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: diff --git a/.github/workflows/operator_release.yaml b/.github/workflows/operator_release.yaml index a70531949..2122815ea 100644 --- a/.github/workflows/operator_release.yaml +++ b/.github/workflows/operator_release.yaml @@ -29,7 +29,7 @@ env: OPP_ANSIBLE_PULL_BRANCH: "upstream-community-dev" OPP_PROD: 1 OPP_MIRROR_LATEST_TAG: "" - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" OPP_RELEASE_BUNDLE_REGISTRY: "quay.io" OPP_RELEASE_BUNDLE_ORGANIZATION: "community-operators-pipeline" OPP_RELEASE_INDEX_REGISTRY: "quay.io" @@ -38,17 +38,17 @@ env: OPP_MIRROR_INDEX_REGISTRY: "quay.io" OPP_MIRROR_INDEX_ORGANIZATION: "community-operators-pipeline" OPP_MIRROR_INDEX_NAME: "catalog" - OPP_MIRROR_INDEX_ENABLED: "1" - OPP_MIRROR_INDEX_MULTIARCH_BASE: "quay.io/operator-framework/opm" - OPP_MULTIARCH_SUPPORTED_VERSIONS: "latest" + OPP_MIRROR_INDEX_ENABLED: "0" + OPP_MIRROR_INDEX_MULTIARCH_BASE: "registry.redhat.io/openshift4/ose-operator-registry" + OPP_MULTIARCH_SUPPORTED_VERSIONS: "v4.5 v4.6 v4.7 v4.8 v4.9 v4.10 v4.11 v4.12 v4.13" OPP_MIRROR_INDEX_MULTIARCH_POSTFIX: "s" - IIB_INPUT_REGISTRY_USER: "framework_automation" + IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline" OPP_REGISTRY_MIRROR_USER: "framework_automation" OPP_THIS_REPO_BASE: "https://github.com" OPP_THIS_REPO: "redhat-openshift-ecosystem/community-operators-pipeline" OPP_THIS_BRANCH: "main" - INDEX_PATH_TO_SIGN: "not-defined" - SIGNATURE_ENDPOINT: "https://not-defined" + INDEX_PATH_TO_SIGN: "quay.io/community-operators-pipeline/catalog" + SIGNATURE_ENDPOINT: "https://community-signing-pipeline-dev.apps.pipelines-stage.0ce8.p1.openshiftapps.com" OPP_REVIEWERS_ENABLED: 0 @@ -144,15 +144,15 @@ jobs: opp_release_delete_appreg: "${{ steps.op-traffic-light.outputs.opp_release_delete_appreg }}" opp_pr_title: "${{ steps.op-traffic-light.outputs.opp_pr_title }}" opp_auto_packagemanifest_cluster_version_label: "${{ steps.op-traffic-light.outputs.opp_auto_packagemanifest_cluster_version_label }}" - remove-k8s: - name: "Remove / k8s" + remove-ocp: + name: "Remove / ocp" needs: pr-check if: needs.pr-check.outputs.opp_release_ready == '1' runs-on: ubuntu-latest strategy: matrix: - index-tag: ['latest'] + index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] fail-fast: false steps: @@ -175,6 +175,7 @@ jobs: OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPP_IIB_INSTALL: 0 + IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} run: | echo "OPP_LABELS=$OPP_LABELS" @@ -186,9 +187,9 @@ jobs: echo "op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH" bash <(curl -sL $OPP_SCRIPT_URL) op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC - operators-k8s: - name: "Index check / k8s" - needs: [pr-check, remove-k8s ] + operators-ocp: + name: "Index check / ocp" + needs: [pr-check, remove-ocp ] if: needs.pr-check.outputs.opp_release_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1' ) runs-on: ubuntu-latest @@ -200,7 +201,7 @@ jobs: OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPP_IIB_INSTALL: 0 IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} - OPERATOR_INDEX_TAG: "orange_latest" + OPERATOR_INDEX_TAG: "orange_v4.10 orange_v4.11 orange_v4.12 orange_v4.13 orange_v4.14 orange_v4.15" OPP_INDEX_CHECK_ONLY: 1 run: | @@ -212,7 +213,12 @@ jobs: - name: Index check run: | echo "Operators : ${{ steps.operators.outputs.opp_uncomplete_operators }}" - echo "Operators (latest) : ${{ steps.operators.outputs.opp_uncomplete_operators_latest }}" + echo "Operators (v4.10) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}" + echo "Operators (v4.11) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}" + echo "Operators (v4.12) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}" + echo "Operators (v4.13) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}" + echo "Operators (v4.14) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}" + echo "Operators (v4.15) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}" - name: Operator info id: op-info @@ -243,7 +249,8 @@ jobs: echo $ANSIBLE_ARGS git clone $OPP_ANSIBLE_PULL_REPO -b $OPP_ANSIBLE_PULL_BRANCH operator-test-playbooks cd operator-test-playbooks - ansible-playbook -i localhost, -e ansible_connection=local -e run_upstream=true -e run_prepare_catalog_repo_upstream=true -e catalog_repo=$OPP_THIS_REPO_BASE/$OPP_THIS_REPO -e catalog_repo_branch=$OPP_THIS_BRANCH upstream/local.yml --tags reset_tools,operator_info -e operator_base_dir=/tmp/community-operators-for-catalog/operators -e operators=$OPP_FORCE_OPERATORS -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS + ansible-playbook -i localhost, -e ansible_connection=local -e run_upstream=true -e run_prepare_catalog_repo_upstream=true -e catalog_repo=$OPP_THIS_REPO_BASE/$OPP_THIS_REPO -e catalog_repo_branch=$OPP_THIS_BRANCH upstream/local.yml --tags reset_tools,operator_info -e operator_base_dir=/tmp/community-operators-for-catalog/operators -e operators=$OPP_FORCE_OPERATORS -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e stream_kind=openshift_upstream -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS + - name: Upload operator_info uses: actions/upload-artifact@v2 with: @@ -256,14 +263,20 @@ jobs: path: "/tmp/operator-test/operators" - shell: bash run: | - [ -f /tmp/operator-test/op_info.yaml ] && cat /tmp/operator-test/op_info.yaml || echo "opp_uncomplete_operators=" >> $GITHUB_OUTPUT + [ -f /tmp/operator-test/op_info.yaml ] && cat /tmp/operator-test/op_info.yaml || echo "opp_uncomplete_operators=" >> $GITHUB_OUTPUT outputs: opp_uncomplete_operators: "${{ steps.operators.outputs.opp_uncomplete_operators }}" - opp_uncomplete_operators_latest: "${{ steps.operators.outputs.opp_uncomplete_operators_latest }}" - bundles-k8s: - name: "Bundles / k8s" - needs: [ pr-check, remove-k8s, operators-k8s ] - if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-k8s.outputs.opp_uncomplete_operators != '' + opp_uncomplete_operators_v4_10: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}" + opp_uncomplete_operators_v4_11: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}" + opp_uncomplete_operators_v4_12: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}" + opp_uncomplete_operators_v4_13: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}" + opp_uncomplete_operators_v4_14: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}" + opp_uncomplete_operators_v4_15: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}" + + bundles-ocp: + name: "Bundles / ocp" + needs: [ pr-check, remove-ocp, operators-ocp ] + if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' runs-on: ubuntu-latest steps: @@ -282,10 +295,11 @@ jobs: OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPP_IIB_INSTALL: 0 + IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} OPERATOR_INDEX_TAG: latest OPP_SKIP_INDEX: 1 OPP_SKIP_BUNDLES: 0 - OPP_FORCE_OPERATORS: "${{ needs.operators-k8s.outputs.opp_uncomplete_operators }}" + OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}" run: | echo "OPP_LABELS=$OPP_LABELS" @@ -298,15 +312,15 @@ jobs: echo "orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH" bash <(curl -sL $OPP_SCRIPT_URL) orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC - release-k8s: - name: "Index / k8s" - needs: [ pr-check, operators-k8s, bundles-k8s ] - if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-k8s.outputs.opp_uncomplete_operators != '' + release-ocp: + name: "Index / ocp" + needs: [ pr-check, operators-ocp, bundles-ocp ] + if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' runs-on: ubuntu-latest strategy: matrix: - index-tag: ['latest'] + index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] fail-fast: false steps: @@ -330,15 +344,21 @@ jobs: env: OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" - OPP_IIB_INSTALL: 0 - #OPP_MIRROR_INDEX_ENABLED: 0 + OPP_IIB_INSTALL: 1 + OPP_FORCE_INDEX_UPDATE: 1 OPP_SKIP_BUNDLES: 1 IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} + IIB_OUTPUT_REGISTRY_TOKEN: ${{ secrets.IIB_OUTPUT_REGISTRY_TOKEN }} OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} - # OPP_FORCE_OPERATORS: "${{ needs.operators-k8s.outputs.opp_uncomplete_operators }}" + # OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}" OPP_FORCE_OPERATORS: "" - OPP_FORCE_OPERATORS_latest: "${{ needs.operators-k8s.outputs.opp_uncomplete_operators_latest }}" + OPP_FORCE_OPERATORS_v4_10: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_10 }}" + OPP_FORCE_OPERATORS_v4_11: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_11 }}" + OPP_FORCE_OPERATORS_v4_12: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_12 }}" + OPP_FORCE_OPERATORS_v4_13: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_13 }}" + OPP_FORCE_OPERATORS_v4_14: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_14 }}" + OPP_FORCE_OPERATORS_v4_15: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators_v4_15 }}" run: | echo "OPP_LABELS=$OPP_LABELS" @@ -358,15 +378,57 @@ jobs: docker exec -t op-test /bin/bash -c "podman images ; df -h" || true echo "local df:" df -h - index-verify-k8s: - name: "Index Verify / k8s" - needs: [ pr-check, operators-k8s, bundles-k8s, release-k8s] - if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-k8s.outputs.opp_uncomplete_operators != '' + + - name: Sign index + id: openshift-vars + env: + OPERATOR_INDEX_TAG_RAW: ${{ matrix.index-tag }} + OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" + run: | + docker login ${OPP_MIRROR_INDEX_REGISTRY} -u $OPP_REGISTRY_MIRROR_USER -p $REGISTRY_MIRROR_PW + OPERATOR_INDEX_TAG=$(echo ${OPERATOR_INDEX_TAG_RAW} |cut -d'-' -f1) + echo "OPERATOR_INDEX_TAG=$OPERATOR_INDEX_TAG" + OPERATOR_INDEX="${INDEX_PATH_TO_SIGN}:${OPERATOR_INDEX_TAG}" + MANIFEST_LIST=${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}:${OPERATOR_INDEX_TAG} + echo "MANIFEST_LIST=$MANIFEST_LIST" + + SIGNATURE_PAYLOAD=$( + docker manifest inspect ${MANIFEST_LIST} | jq -r '.manifests[]|.digest' \ + | awk -v pullspec=${OPERATOR_INDEX} \ + -v requester=${{ secrets.SIGNATURE_WEBHOOK_REQUESTER_EMAIL }} \ + -v 'body={"manifest_digest": "@DIGESTS@", "reference": "@REFERENCES@", "requester": "@REQUESTER@"}' \ + ' + /^sha/ { + digests=digests "," $1; + references=references "," pullspec + } + END { + sub(/^,/, "", digests); + sub(/^,/, "", references); + sub(/@DIGESTS@/, digests, body); + sub(/@REFERENCES@/, references, body); + sub(/@REQUESTER@/, requester, body); + print body + } + ' + ) + echo "SIGNATURE_PAYLOAD=$SIGNATURE_PAYLOAD" + + curl --connect-timeout 10 --max-time 20 --fail --retry-all-errors --retry 5 --retry-delay 3 \ + ${SIGNATURE_ENDPOINT} -d "${SIGNATURE_PAYLOAD}" -u "community-op-cert:${{ secrets.SIGNATURE_WEBHOOK_PASSWD }}" + + # skopeo inspect docker://$MANIFEST_LIST > /dev/null # error out if needed + # OPERATOR_INDEX_DIGEST=$(skopeo inspect docker://$MANIFEST_LIST | jq -r ".Digest") + #OPERATOR_INDEX_RESOLVED="${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}@${OPERATOR_INDEX_DIGEST}" + index-verify-ocp: + name: "Index Verify / ocp" + needs: [ pr-check, operators-ocp, bundles-ocp, release-ocp] + if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' runs-on: ubuntu-latest strategy: matrix: - index-tag: ['latest'] + index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] fail-fast: false steps: @@ -390,3 +452,59 @@ jobs: echo "MY_INDEXES=$MY_INDEXES" echo "$REGISTRY_MIRROR_PW" | $OPP_CONTAINER_TOOL login $OPP_MIRROR_INDEX_REGISTRY -u $OPP_REGISTRY_MIRROR_USER --password-stdin || { echo "Problem to login to '$OPP_MIRROR_INDEX_REGISTRY' !!!"; exit 1; } ansible-pull -U $OPP_ANSIBLE_PULL_REPO -C $OPP_ANSIBLE_PULL_BRANCH -i localhost, -e run_upstream=true -e run_prepare_catalog_repo_upstream=false -e container_tool=$OPP_CONTAINER_TOOL upstream/local.yml --tags reset_tools,index_verify -e iv_indexes="$MY_INDEXES" + + slack-notification: + name: "Monitoring notification" + needs: [ pr-check, remove-ocp, operators-ocp, bundles-ocp, release-ocp , index-verify-ocp ] + + if: failure() + runs-on: ubuntu-latest + steps: + - name: Report Status to a Slack + uses: ravsamhq/notify-slack-action@master + with: + notification_title: 'Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}' + footer: 'monitoring' +# status: ${{ needs.pr-check.result }} + status: 'failure' + notify_when: 'failure' + env: + SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }} + continue-on-error: true + + - name: Google Chat Notification + run: | + echo "title: Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}" + echo "subtitle: failure" + curl --location --request POST '${{ secrets.GCHAT_WEBHOOK }}' \ + --header 'Content-Type: application/json' \ + --data-raw '{ + "cards": [ + { + "header": { + "title": "Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}", + "subtitle": "failure" + }, + "sections": [ + { + "widgets": [ + { + "buttons": [ + { + "textButton": { + "text": "Open the release queue", + "onClick": { + "openLink": { + "url": "https://github.com/${{ github.repository }}/actions/workflows/operator_release.yaml" + } + } + } + } + ] + } + ] + } + ] + } + ] + }' diff --git a/.github/workflows/operator_release_manual.yaml b/.github/workflows/operator_release_manual.yaml index 6a26bd0b5..46582a863 100644 --- a/.github/workflows/operator_release_manual.yaml +++ b/.github/workflows/operator_release_manual.yaml @@ -19,15 +19,19 @@ on: index: - description: 'Target index (as a JSON list, e.g. ["latest", "latest-db"])' + description: 'Target index (as a JSON list, e.g. ["v4.10-db", "v4.11"])' required: true - default: '["latest"]' + default: '["v4.10-db", "v4.11", "v4.12", "v4.13", "v4.14-rc", "v4.15-rc"]' list_of_operators: description: 'List of operators to be synced in the index, list has to be devided by spaces (e.g. aqua ripsaw)' required: true default: '' + mirror_index_to_final_location: + description: 'Push final index to production' + required: true + default: '0' env: OPP_DEBUG: 1 @@ -42,7 +46,7 @@ env: OPP_ANSIBLE_PULL_BRANCH: "upstream-community-dev" OPP_PROD: 1 OPP_MIRROR_LATEST_TAG: "" - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" OPP_RELEASE_BUNDLE_REGISTRY: "quay.io" OPP_RELEASE_BUNDLE_ORGANIZATION: "community-operators-pipeline" OPP_RELEASE_INDEX_REGISTRY: "quay.io" @@ -51,17 +55,17 @@ env: OPP_MIRROR_INDEX_REGISTRY: "quay.io" OPP_MIRROR_INDEX_ORGANIZATION: "community-operators-pipeline" OPP_MIRROR_INDEX_NAME: "catalog" - OPP_MIRROR_INDEX_ENABLED: "1" - OPP_MIRROR_INDEX_MULTIARCH_BASE: "quay.io/operator-framework/opm" - OPP_MULTIARCH_SUPPORTED_VERSIONS: "latest" + OPP_MIRROR_INDEX_ENABLED: "0" + OPP_MIRROR_INDEX_MULTIARCH_BASE: "registry.redhat.io/openshift4/ose-operator-registry" + OPP_MULTIARCH_SUPPORTED_VERSIONS: "v4.5 v4.6 v4.7 v4.8 v4.9 v4.10 v4.11 v4.12 v4.13" OPP_MIRROR_INDEX_MULTIARCH_POSTFIX: "s" - IIB_INPUT_REGISTRY_USER: "framework_automation" + IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline" OPP_REGISTRY_MIRROR_USER: "framework_automation" OPP_THIS_REPO_BASE: "https://github.com" OPP_THIS_REPO: "redhat-openshift-ecosystem/community-operators-pipeline" OPP_THIS_BRANCH: "main" - INDEX_PATH_TO_SIGN: "not-defined" - SIGNATURE_ENDPOINT: "https://not-defined" + INDEX_PATH_TO_SIGN: "quay.io/community-operators-pipeline/catalog" + SIGNATURE_ENDPOINT: "https://community-signing-pipeline-dev.apps.pipelines-stage.0ce8.p1.openshiftapps.com" OPP_REVIEWERS_ENABLED: 0 @@ -145,8 +149,8 @@ jobs: opp_release_delete_appreg: "${{ steps.op-traffic-light.outputs.opp_release_delete_appreg }}" opp_pr_title: "${{ steps.op-traffic-light.outputs.opp_pr_title }}" opp_auto_packagemanifest_cluster_version_label: "${{ steps.op-traffic-light.outputs.opp_auto_packagemanifest_cluster_version_label }}" - remove-k8s: - name: "Remove / k8s" + remove-ocp: + name: "Remove / ocp" needs: pr-check if: needs.pr-check.outputs.opp_release_ready == '1' @@ -180,6 +184,7 @@ jobs: OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPP_IIB_INSTALL: 0 + IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} run: | echo "OPP_LABELS=$OPP_LABELS" @@ -189,9 +194,9 @@ jobs: echo "op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH" bash <(curl -sL $OPP_SCRIPT_URL) op_delete_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }} $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC - operators-k8s: - name: "Index check / k8s" - needs: [pr-check, remove-k8s ] + operators-ocp: + name: "Index check / ocp" + needs: [pr-check, remove-ocp ] if: needs.pr-check.outputs.opp_release_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1' ) runs-on: ubuntu-latest @@ -203,7 +208,7 @@ jobs: OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPP_IIB_INSTALL: 0 IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} - OPERATOR_INDEX_TAG: "orange_latest" + OPERATOR_INDEX_TAG: "orange_v4.10 orange_v4.11 orange_v4.12 orange_v4.13 orange_v4.14 orange_v4.15" OPP_INDEX_CHECK_ONLY: 1 run: | @@ -214,12 +219,17 @@ jobs: export OPP_FORCE_OPERATORS_$TARGET_INDEX_UNDERLINE="${{ github.event.inputs.list_of_operators }}" echo "opp_uncomplete_operators_$TARGET_INDEX_UNDERLINE=${{ github.event.inputs.list_of_operators }}" >> $GITHUB_OUTPUT done - echo "opp_uncomplete_operators=${{ github.event.inputs.list_of_operators }}" >> $GITHUB_OUTPUT + echo "opp_uncomplete_operators=${{ github.event.inputs.list_of_operators }}" >> $GITHUB_OUTPUT - name: Index check run: | echo "Operators : ${{ steps.operators.outputs.opp_uncomplete_operators }}" - echo "Operators (latest) : ${{ steps.operators.outputs.opp_uncomplete_operators_latest }}" + echo "Operators (v4.10) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}" + echo "Operators (v4.11) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}" + echo "Operators (v4.12) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}" + echo "Operators (v4.13) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}" + echo "Operators (v4.14) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}" + echo "Operators (v4.15) : ${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}" - name: Operator info id: op-info @@ -244,7 +254,8 @@ jobs: echo $ANSIBLE_ARGS git clone $OPP_ANSIBLE_PULL_REPO -b $OPP_ANSIBLE_PULL_BRANCH operator-test-playbooks cd operator-test-playbooks - ansible-playbook -i localhost, -e ansible_connection=local -e run_upstream=true -e run_prepare_catalog_repo_upstream=true -e catalog_repo=$OPP_THIS_REPO_BASE/$OPP_THIS_REPO -e catalog_repo_branch=$OPP_THIS_BRANCH upstream/local.yml --tags reset_tools,operator_info -e operator_base_dir=/tmp/community-operators-for-catalog/operators -e operators=$OPP_FORCE_OPERATORS -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS + ansible-playbook -i localhost, -e ansible_connection=local -e run_upstream=true -e run_prepare_catalog_repo_upstream=true -e catalog_repo=$OPP_THIS_REPO_BASE/$OPP_THIS_REPO -e catalog_repo_branch=$OPP_THIS_BRANCH upstream/local.yml --tags reset_tools,operator_info -e operator_base_dir=/tmp/community-operators-for-catalog/operators -e operators=$OPP_FORCE_OPERATORS -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e stream_kind=openshift_upstream -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS + - name: Upload operator_info uses: actions/upload-artifact@v2 with: @@ -257,14 +268,20 @@ jobs: path: "/tmp/operator-test/operators" - shell: bash run: | - [ -f /tmp/operator-test/op_info.yaml ] && cat /tmp/operator-test/op_info.yaml || echo "opp_uncomplete_operators=" >> $GITHUB_OUTPUT + [ -f /tmp/operator-test/op_info.yaml ] && cat /tmp/operator-test/op_info.yaml || echo "opp_uncomplete_operators=" >> $GITHUB_OUTPUT outputs: opp_uncomplete_operators: "${{ steps.operators.outputs.opp_uncomplete_operators }}" - opp_uncomplete_operators_latest: "${{ steps.operators.outputs.opp_uncomplete_operators_latest }}" - bundles-k8s: - name: "Bundles / k8s" - needs: [ pr-check, remove-k8s, operators-k8s ] - if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-k8s.outputs.opp_uncomplete_operators != '' + opp_uncomplete_operators_v4_10: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_10 }}" + opp_uncomplete_operators_v4_11: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_11 }}" + opp_uncomplete_operators_v4_12: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_12 }}" + opp_uncomplete_operators_v4_13: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_13 }}" + opp_uncomplete_operators_v4_14: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_14 }}" + opp_uncomplete_operators_v4_15: "${{ steps.operators.outputs.opp_uncomplete_operators_v4_15 }}" + + bundles-ocp: + name: "Bundles / ocp" + needs: [ pr-check, remove-ocp, operators-ocp ] + if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' runs-on: ubuntu-latest steps: @@ -283,10 +300,11 @@ jobs: OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPP_IIB_INSTALL: 0 + IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} OPERATOR_INDEX_TAG: latest OPP_SKIP_INDEX: 1 OPP_SKIP_BUNDLES: 0 - OPP_FORCE_OPERATORS: "${{ needs.operators-k8s.outputs.opp_uncomplete_operators }}" + OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}" run: | echo "OPP_LABELS=$OPP_LABELS" @@ -297,10 +315,10 @@ jobs: echo "orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH" bash <(curl -sL $OPP_SCRIPT_URL) orange_${OPERATOR_INDEX_TAG} operators/sync $OPP_THIS_REPO $OPP_THIS_BRANCH || $FAKE_RC - release-k8s: - name: "Index / k8s" - needs: [ pr-check, operators-k8s, bundles-k8s ] - if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-k8s.outputs.opp_uncomplete_operators != '' + release-ocp: + name: "Index / ocp" + needs: [ pr-check, operators-ocp, bundles-ocp ] + if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' runs-on: ubuntu-latest strategy: @@ -330,13 +348,16 @@ jobs: env: OPP_LABELS: "${{ needs.pr-check.outputs.opp_labels }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" - OPP_IIB_INSTALL: 0 - #OPP_MIRROR_INDEX_ENABLED: 0 + OPP_IIB_INSTALL: 1 + + OPP_MIRROR_INDEX_ENABLED: ${{ github.event.inputs.mirror_index_to_final_location }} + OPP_FORCE_INDEX_UPDATE: 1 OPP_SKIP_BUNDLES: 1 IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} + IIB_OUTPUT_REGISTRY_TOKEN: ${{ secrets.IIB_OUTPUT_REGISTRY_TOKEN }} OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} - # OPP_FORCE_OPERATORS: "${{ needs.operators-k8s.outputs.opp_uncomplete_operators }}" + # OPP_FORCE_OPERATORS: "${{ needs.operators-ocp.outputs.opp_uncomplete_operators }}" OPP_FORCE_OPERATORS: "" run: | @@ -361,10 +382,52 @@ jobs: docker exec -t op-test /bin/bash -c "podman images ; df -h" || true echo "local df:" df -h - index-verify-k8s: - name: "Index Verify / k8s" - needs: [ pr-check, operators-k8s, bundles-k8s, release-k8s] - if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-k8s.outputs.opp_uncomplete_operators != '' + + - name: Sign index + id: openshift-vars + env: + OPERATOR_INDEX_TAG_RAW: ${{ matrix.index-tag }} + OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" + run: | + docker login ${OPP_MIRROR_INDEX_REGISTRY} -u $OPP_REGISTRY_MIRROR_USER -p $REGISTRY_MIRROR_PW + OPERATOR_INDEX_TAG=$(echo ${OPERATOR_INDEX_TAG_RAW} |cut -d'-' -f1) + echo "OPERATOR_INDEX_TAG=$OPERATOR_INDEX_TAG" + OPERATOR_INDEX="${INDEX_PATH_TO_SIGN}:${OPERATOR_INDEX_TAG}" + MANIFEST_LIST=${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}:${OPERATOR_INDEX_TAG} + echo "MANIFEST_LIST=$MANIFEST_LIST" + + SIGNATURE_PAYLOAD=$( + docker manifest inspect ${MANIFEST_LIST} | jq -r '.manifests[]|.digest' \ + | awk -v pullspec=${OPERATOR_INDEX} \ + -v requester=${{ secrets.SIGNATURE_WEBHOOK_REQUESTER_EMAIL }} \ + -v 'body={"manifest_digest": "@DIGESTS@", "reference": "@REFERENCES@", "requester": "@REQUESTER@"}' \ + ' + /^sha/ { + digests=digests "," $1; + references=references "," pullspec + } + END { + sub(/^,/, "", digests); + sub(/^,/, "", references); + sub(/@DIGESTS@/, digests, body); + sub(/@REFERENCES@/, references, body); + sub(/@REQUESTER@/, requester, body); + print body + } + ' + ) + echo "SIGNATURE_PAYLOAD=$SIGNATURE_PAYLOAD" + + curl --connect-timeout 10 --max-time 20 --fail --retry-all-errors --retry 5 --retry-delay 3 \ + ${SIGNATURE_ENDPOINT} -d "${SIGNATURE_PAYLOAD}" -u "community-op-cert:${{ secrets.SIGNATURE_WEBHOOK_PASSWD }}" + + # skopeo inspect docker://$MANIFEST_LIST > /dev/null # error out if needed + # OPERATOR_INDEX_DIGEST=$(skopeo inspect docker://$MANIFEST_LIST | jq -r ".Digest") + #OPERATOR_INDEX_RESOLVED="${OPP_MIRROR_INDEX_REGISTRY}/${OPP_MIRROR_INDEX_ORGANIZATION}/${OPP_MIRROR_INDEX_NAME}@${OPERATOR_INDEX_DIGEST}" + index-verify-ocp: + name: "Index Verify / ocp" + needs: [ pr-check, operators-ocp, bundles-ocp, release-ocp] + if: needs.pr-check.outputs.opp_release_ready == '1' && needs.operators-ocp.outputs.opp_uncomplete_operators != '' runs-on: ubuntu-latest strategy: @@ -394,3 +457,59 @@ jobs: echo "MY_INDEXES=$MY_INDEXES" echo "$REGISTRY_MIRROR_PW" | $OPP_CONTAINER_TOOL login $OPP_MIRROR_INDEX_REGISTRY -u $OPP_REGISTRY_MIRROR_USER --password-stdin || { echo "Problem to login to '$OPP_MIRROR_INDEX_REGISTRY' !!!"; exit 1; } ansible-pull -U $OPP_ANSIBLE_PULL_REPO -C $OPP_ANSIBLE_PULL_BRANCH -i localhost, -e run_upstream=true -e run_prepare_catalog_repo_upstream=false -e container_tool=$OPP_CONTAINER_TOOL upstream/local.yml --tags reset_tools,index_verify -e iv_indexes="$MY_INDEXES" + + slack-notification: + name: "Monitoring notification" + needs: [ pr-check, remove-ocp, operators-ocp, bundles-ocp, release-ocp , index-verify-ocp ] + + if: failure() + runs-on: ubuntu-latest + steps: + - name: Report Status to a Slack + uses: ravsamhq/notify-slack-action@master + with: + notification_title: 'Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}' + footer: 'monitoring' +# status: ${{ needs.pr-check.result }} + status: 'failure' + notify_when: 'failure' + env: + SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }} + continue-on-error: true + + - name: Google Chat Notification + run: | + echo "title: Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}" + echo "subtitle: failure" + curl --location --request POST '${{ secrets.GCHAT_WEBHOOK }}' \ + --header 'Content-Type: application/json' \ + --data-raw '{ + "cards": [ + { + "header": { + "title": "Release pipeline failed: ${{ needs.pr-check.outputs.opp_pr_title }}", + "subtitle": "failure" + }, + "sections": [ + { + "widgets": [ + { + "buttons": [ + { + "textButton": { + "text": "Open the release queue", + "onClick": { + "openLink": { + "url": "https://github.com/${{ github.repository }}/actions/workflows/operator_release.yaml" + } + } + } + } + ] + } + ] + } + ] + } + ] + }' diff --git a/.github/workflows/operator_test.yaml b/.github/workflows/operator_test.yaml index 39f8d9981..b04a2d05b 100644 --- a/.github/workflows/operator_test.yaml +++ b/.github/workflows/operator_test.yaml @@ -28,17 +28,17 @@ env: OPP_RELEASE_INDEX_REGISTRY: "quay.io" OPP_RELEASE_INDEX_ORGANIZATION: "community-operators-pipeline" OPP_RELEASE_INDEX_NAME: "catalog_tmp" - OPP_MIRROR_INDEX_MULTIARCH_BASE: "quay.io/operator-framework/opm" - OPP_MULTIARCH_SUPPORTED_VERSIONS: "latest" + OPP_MIRROR_INDEX_MULTIARCH_BASE: "registry.redhat.io/openshift4/ose-operator-registry" + OPP_MULTIARCH_SUPPORTED_VERSIONS: "v4.5 v4.6 v4.7 v4.8 v4.9 v4.10 v4.11 v4.12 v4.13" OPP_MIRROR_INDEX_MULTIARCH_POSTFIX: "s" - IIB_INPUT_REGISTRY_USER: "framework_automation" + IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline" OPP_PROD: 0 OPP_DRY_RUN: 0 # TODO handle config OPP_PACKAGEMANIFEST_DISABLED: "0" - KIND_VERSION: "v0.18.0" - KIND_KUBE_VERSION_LATEST: "v1.26.3" - OPP_PRODUCTION_TYPE: "k8s" + KIND_VERSION: "v0.20.0" + KIND_KUBE_VERSION_LATEST: "v1.27.2" + OPP_PRODUCTION_TYPE: "ocp" OPP_REVIEWERS_ENABLED: 0 OPP_FORCE_DEPLOY_ON_K8S_OPENSHIFT_VERSION: 4.10 # ARTEFACT_PATH: "/tmp/operator-test" #hardcoded for now @@ -121,6 +121,8 @@ jobs: [ "$OPP_AUTO_LABEL" = '1' ] && ANSIBLE_ARGS="-e automatic_cluster_version_label=true" || ANSIBLE_ARGS="-e automatic_cluster_version_label=false" [ "$OPP_PACKAGEMANIFEST_DISABLED" = '1' ] && ANSIBLE_ARGS="-e manifest_format_disabled=true" || ANSIBLE_ARGS="$ANSIBLE_ARGS --e manifest_format_disabled=false" + ANSIBLE_ARGS="$ANSIBLE_ARGS -e stream_kind=openshift_upstream" + echo $ANSIBLE_ARGS ansible-pull -U $OPP_ANSIBLE_PULL_REPO -C $OPP_ANSIBLE_PULL_BRANCH -i localhost, -e run_upstream=true -e run_prepare_catalog_repo_upstream=false -e run_remove_catalog_repo=false upstream/local.yml --tags reset_tools,operator_info -e operator_dir=$PWD/operators/operators/${{ steps.op-traffic-light.outputs.opp_name }} -e cluster_type=$OPP_PRODUCTION_TYPE -e strict_cluster_version_labels=true -e strict_k8s_bundles=true -e production_registry_namespace=$OPP_RELEASE_BUNDLE_REGISTRY/$OPP_RELEASE_BUNDLE_ORGANIZATION $ANSIBLE_ARGS @@ -128,14 +130,11 @@ jobs: id: op-info-result if: always() && (steps.op-traffic-light.outputs.opp_op_delete == '0' || steps.op-traffic-light.outputs.opp_is_new_operatror == '1' || steps.op-traffic-light.outputs.opp_recreate == '1' ) && (steps.op-traffic-light.outputs.opp_ci_yaml_only == '0') run: | - echo "opp_check_err_k8s_bundles=0" >> $GITHUB_OUTPUT - echo "opp_check_err_k8s_bundles_value=" >> $GITHUB_OUTPUT + echo "opp_check_err_cluster_version_autolabel=0" >> $GITHUB_OUTPUT echo "opp_check_err_package_manifest=" >> $GITHUB_OUTPUT - [ -f /tmp/operator-test/op_failed_k8s_bundles.yaml ] && echo "opp_check_err_k8s_bundles=1" >> $GITHUB_OUTPUT || true - [ -f /tmp/operator-test/op_failed_k8s_bundles.yaml ] && echo "opp_check_err_k8s_bundles_value=$(cat /tmp/operator-test/op_failed_k8s_bundles.yaml | yq -r '.operators | @csv' | tr -d '"')" >> $GITHUB_OUTPUT || true + [ -f /tmp/operator-test/op_auto_labels.yaml ] && echo "opp_check_err_cluster_version_autolabel=1" >> $GITHUB_OUTPUT || true [ -f /tmp/operator-test/format_failed ] && echo "opp_check_err_package_manifest=1" >> $GITHUB_OUTPUT || true - - + - name: Operator info (packagemanifest format failed) id: op-info-comment-format if: always() && steps.op-info-result.outputs.opp_check_err_package_manifest == '1' && (steps.op-traffic-light.outputs.opp_op_delete == '0' || steps.op-traffic-light.outputs.opp_is_new_operatror == '1' || steps.op-traffic-light.outputs.opp_recreate == '1' ) && (steps.op-traffic-light.outputs.opp_ci_yaml_only == '0') @@ -150,16 +149,21 @@ jobs: - name: Operator info (comment) id: op-info-comment - if: always() && steps.op-info-result.outputs.opp_check_err_k8s_bundles == '1' && (steps.op-traffic-light.outputs.opp_op_delete == '0' || steps.op-traffic-light.outputs.opp_is_new_operatror == '1' || steps.op-traffic-light.outputs.opp_recreate == '1' ) && (steps.op-traffic-light.outputs.opp_ci_yaml_only == '0') + if: always() && steps.op-info-result.outputs.opp_check_err_cluster_version_autolabel == '1' && (steps.op-traffic-light.outputs.opp_op_delete == '0' || steps.op-traffic-light.outputs.opp_is_new_operatror == '1' ) uses: mshick/add-pr-comment@v1 with: message: | - Dear @${{ github.event.pull_request.user.login }}, - There are some operators version that are using **deprecated api** and kubernetes max versions (`operatorhub.io/ui-metadata-max-k8s-version`) is **NOT** set correctly under annotation field in CSV file. - - Affected versions : `${{ steps.op-info-result.outputs.opp_check_err_k8s_bundles_value }}` - - More info in 'Kubernetes max version in CSV' section [here](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/operator-ci-yaml/#kubernetes-max-version-in-csv). + ## Automatic Cluster Version Label (OCP) - packagemanifest only + + Starting OCP v4.9 (based on k8s 1.22) some old API were deprecated([Deprecated API Migration Guide from v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22), [OKD/OpenShift Catalogs criteria and options](./packaging-required-criteria-ocp.md)). User can set `com.redhat.openshift.versions: `in its bundle `annotations.yaml` file to limit specific operator version to be visible on certain cluster. + Users can set label only when the operator is in bundle format. For packagemanifest format it is not possible to set this lablel, but community-operators pipeline can automatically set such label to the bundle. User have to allow it by putting packagemanifestClusterVersionLabel: auto in ci.yaml file + + ``` + $ cat /ci.yaml + packagemanifestClusterVersionLabel: auto + ``` + More info [here](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/operator-ci-yaml/#automatic-cluster-version-label-ocp-packagemanifest-only). + repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens allow-repeats: true @@ -318,14 +322,14 @@ jobs: allow-repeats: true - test-lemon: + test-lemon-openshift: name: "lemon / Deploy from scratch" needs: pr-check if: needs.pr-check.outputs.opp_test_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1') && needs.pr-check.outputs.opp_ci_yaml_only == '0' runs-on: ubuntu-latest strategy: matrix: - index-tag: ['latest'] + index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] fail-fast: false steps: @@ -333,12 +337,26 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} + - name: Download operator_info + uses: actions/download-artifact@v2 + with: + name: operator_info + path: /tmp/operator-test/ + - name: Download converted operators + uses: actions/download-artifact@v2 + with: + name: operators_converted + path: /tmp/operator-test/operators + - name: Debug artefacts + shell: bash + run: | + ls /tmp/operator-test/operators + head /tmp/operator-test/op_info.yaml - name: Operator test env: OPP_LABELS: "${{ join(github.event.pull_request.labels.*.name, ' ') }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} - KIND_KUBE_VERSION: "${{ needs.pr-check.outputs.kind_kube_version }}" run: | bash <(curl -sL $OPP_SCRIPT_CLEANUP_URL) echo "lemon_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }}" @@ -346,14 +364,14 @@ jobs: - test-orange-latest: - name: "orange / Deploy k8s" + test-orange-openshift: + name: "orange / Deploy o7t" needs: pr-check - if: needs.pr-check.outputs.opp_test_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1' ) && needs.pr-check.outputs.opp_ci_yaml_only == '0' + if: needs.pr-check.outputs.opp_test_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1') && needs.pr-check.outputs.opp_ci_yaml_only == '0' runs-on: ubuntu-latest strategy: matrix: - index-tag: ['latest'] + index-tag: ['v4.10-db', 'v4.11', 'v4.12', 'v4.13', 'v4.14-rc', 'v4.15-rc'] fail-fast: false steps: @@ -361,16 +379,30 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} + - name: Download operator_info + uses: actions/download-artifact@v2 + with: + name: operator_info + path: /tmp/operator-test/ + - name: Download converted operators + uses: actions/download-artifact@v2 + with: + name: operators_converted + path: /tmp/operator-test/operators + - name: Debug artefacts + shell: bash + run: | + ls /tmp/operator-test/operators + head /tmp/operator-test/op_info.yaml - name: Operator test env: OPP_LABELS: "${{ join(github.event.pull_request.labels.*.name, ' ') }}" OPP_AUTO_PACKAGEMANIFEST_CLUSTER_VERSION_LABEL: "${{ needs.pr-check.outputs.opp_auto_packagemanifest_cluster_version_label }}" + OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} OPP_MIRROR_INDEX_ENABLED: 1 - OPP_IIB_INSTALL: 0 + OPP_IIB_INSTALL: 1 IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} - OPERATOR_INDEX_TAG: ${{ matrix.index-tag }} OPP_INSTALLATION_SKIP: "${{ needs.pr-check.outputs.opp_installation_skipped }}" - KIND_KUBE_VERSION: "${{ needs.pr-check.outputs.kind_kube_version }}" run: | bash <(curl -sL $OPP_SCRIPT_CLEANUP_URL) echo "orange_${OPERATOR_INDEX_TAG} operators/${{ needs.pr-check.outputs.opp_name }}/${{ needs.pr-check.outputs.opp_version }}" @@ -379,8 +411,8 @@ jobs: test-summary: name: "Summary" - - needs: [ pr-check, test-kiwi, test-lemon, test-orange-latest] + + needs: [ pr-check, test-kiwi, test-lemon-openshift, test-orange-openshift ] if: always() runs-on: ubuntu-latest diff --git a/.github/workflows/operator_test_report_openshift_status.yaml b/.github/workflows/operator_test_report_openshift_status.yaml index 03e49d883..b220b0622 100644 --- a/.github/workflows/operator_test_report_openshift_status.yaml +++ b/.github/workflows/operator_test_report_openshift_status.yaml @@ -8,7 +8,7 @@ on: - openshift-test-status env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: @@ -72,9 +72,15 @@ jobs: uses: actions/github-script@v6 if: | - (!contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-failed-atest')) && + (!contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-failed-4.10')) && + (!contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-failed-4.11')) && + (!contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-failed-4.12')) && + (!contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-failed-4.13')) && - (contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-validated-atest')) + (contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-validated-4.10')) && + (contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-validated-4.11')) && + (contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-validated-4.12')) && + (contains(fromJSON(steps.labels.outputs.result).*.name, 'installation-validated-4.13')) continue-on-error: true with: diff --git a/.github/workflows/operator_verify.yaml b/.github/workflows/operator_verify.yaml index ff2749639..848eb03e2 100644 --- a/.github/workflows/operator_verify.yaml +++ b/.github/workflows/operator_verify.yaml @@ -12,7 +12,7 @@ on: tags: description: 'List of tags' required: true - default: 'latest latests' + default: 'v4.11 v4.11s' image_prod_base: description: 'Base production image' @@ -22,7 +22,7 @@ on: tags_prod: required: false default: '' - description: 'List of prod tags (eg. latest)' + description: 'List of prod tags (eg. v4.11)' repo: description: 'Source repsitory' diff --git a/.github/workflows/operator_workflow_complete.yaml b/.github/workflows/operator_workflow_complete.yaml index b4be87443..38bbcd487 100644 --- a/.github/workflows/operator_workflow_complete.yaml +++ b/.github/workflows/operator_workflow_complete.yaml @@ -7,7 +7,7 @@ on: types: [completed] env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: @@ -117,37 +117,6 @@ jobs: body: '/merge possible' }) - - name: "Set installation-validated" - uses: actions/github-script@v6 - continue-on-error: true - env: - PR: "${{ needs.pr.outputs.pr }}" - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - github.rest.issues.addLabels({ - issue_number: process.env.PR, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ['installation-validated'] - }) - - uses: actions/github-script@v6 - if: | - (!contains(fromJson(steps.pr-labels.outputs.result).*.name, 'do-not-merge/work-in-progress')) && - (!contains(fromJson(steps.pr-labels.outputs.result).*.name, 'do-not-merge/hold')) - continue-on-error: true - env: - PR: "${{ needs.pr.outputs.pr }}" - with: - github-token: ${{ secrets.FRAMEWORK_MERGE }} - script: | - github.rest.issues.createComment({ - issue_number: process.env.PR, - owner: context.repo.owner, - repo: context.repo.repo, - body: '/merge possible' - }) - on-failure: runs-on: ubuntu-latest if: github.event.workflow_run.conclusion == 'failure' diff --git a/.github/workflows/prepare_test_index.yaml b/.github/workflows/prepare_test_index.yaml index e7013efd8..c1b7434a7 100644 --- a/.github/workflows/prepare_test_index.yaml +++ b/.github/workflows/prepare_test_index.yaml @@ -8,7 +8,7 @@ on: - index-for-openshift-test env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" OPP_IMAGE: "quay.io/operator_testing/operator-test-playbooks:dev" @@ -58,7 +58,7 @@ jobs: OPP_OPRT_REPO: ${{ steps.variables.outputs.opp_repo }} OPP_OPRT_SHA: ${{ steps.variables.outputs.opp_commit }} IIB_INPUT_REGISTRY_TOKEN: ${{ secrets.IIB_INPUT_REGISTRY_TOKEN }} - IIB_INPUT_REGISTRY_USER: "framework_automation" + IIB_INPUT_REGISTRY_USER: "12742415|community-operators-pipeline" OPP_MIRROR_INDEX_MULTIARCH_IMAGE: "quay.io/operator-framework/opm:latest" OPP_SCRIPT_ENV_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/dev/ci/scripts/opp-osr-run.sh" OPP_OPRT_SRC_BASE: "https://github.com" diff --git a/.github/workflows/stale_issues.yaml b/.github/workflows/stale_issues.yaml index 2c12666ba..0f56c8eb8 100644 --- a/.github/workflows/stale_issues.yaml +++ b/.github/workflows/stale_issues.yaml @@ -6,7 +6,7 @@ on: - cron: "30 1 * * *" env: - OPP_PRODUCTION_TYPE: "k8s" + OPP_PRODUCTION_TYPE: "ocp" jobs: diff --git a/.github/workflows/upgrade.yaml b/.github/workflows/upgrade.yaml index 29ce0ccd6..d1221947a 100644 --- a/.github/workflows/upgrade.yaml +++ b/.github/workflows/upgrade.yaml @@ -22,7 +22,7 @@ on: cluster: description: 'Cluster type (k8s, ocp)' required: true - default: 'k8s' + default: 'ocp' index_from: description: 'From index (quay.io/operator_testing/index_empty:latest)' diff --git a/config.yaml b/config.yaml index 1d82ecf05..3835a4139 100644 --- a/config.yaml +++ b/config.yaml @@ -1,2 +1 @@ organization: community-operators -cluster: k8s