-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add image upload CI workflow #300
base: main
Are you sure you want to change the base?
Conversation
Cancelled CI as doesn't test this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs equivalent manifest build/upload and then manifest promote steps from azimuth-cloud/azimuth-images#28.
Builds on main
may still fail the functional tests even if they have passed in a feature branch, because package versions can shift underneath. Adding the "promote-manifest-on-tag" functionality means that we can tag only commits on main
that pass the functional tests, generate a manifest, then the manifest can be consumed by azimuth-ops.
I think its just a few more steps in the upload_image.yml
playbook to checksum the downloaded image, write a manifest.json that contains the checksum and the image URL and upload the manifest to the same bucket.
Maybe @mkjpryor has thoughts too?
run: | | ||
echo CI_CLOUD: ${{ vars.CI_CLOUD }} | ||
|
||
- name: Add bastion's ssh key to known_hosts |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this step needed?
Ah - the entire point here is that we do NOT rerun the build on main. The sequence is:
So the image build only ever runs in the branch, so it runs once, but it gets tested on main. |
I guess I should point out - the above / this PR is just replicating what I'm going to have to do manually before #298 is usable. So I'm open to making subsequent changes for better azimuth integration, but this seems like a good first step to me. |
If that is your plan, i.e. not rebuilding and retesting images when pushed to main, then you have to be very disciplined about making sure your branches are always rebased to the latest main before they are merged. Otherwise the branch might be building something that doesn't match main after it is merged. |
Personally I think it's ok; the image build happens on a merge checkout; the image test happens both on the merge checkout (in the PR) and then again actually on |
Allows images built on either CI cloud to be uploaded to Arcus S3. Either triggered manually, or via successful completion of main CI run after merging a PR to
main
branch.TODO: add secrets to repo before merging