-
Notifications
You must be signed in to change notification settings - Fork 56
215 lines (202 loc) · 9.01 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
name: Docker, Helm and OCP CI
on:
push:
branches:
- "master"
- "v*.x"
tags:
- "v*"
# note: various environment variable names are set to match expectation from the Makefile; do not change without comparing
env:
DEFAULT_BRANCH: master
REGISTRY: nvcr.io/nvstaging/mellanox
IMAGE_NAME: network-operator
jobs:
docker-build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Determine docker tags
run: |
git_sha=$(git rev-parse --short HEAD) # short git commit hash
git_tag=${{ github.ref_type == 'tag' && github.ref_name || '' }} # git tag, if triggered by tag event
latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master
echo DOCKER_TAGS=""$git_sha $git_tag $latest"" | tee -a $GITHUB_ENV
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Make build and push
env:
TAG: mellanox/${{ env.IMAGE_NAME }}
run: |
echo "Docker tags will be: $DOCKER_TAGS"
for docker_tag in $DOCKER_TAGS; do
make VERSION=$docker_tag image-build-multiarch image-push-multiarch
done
outputs:
default_branch: ${{ env.DEFAULT_BRANCH }} # we output this here, to use in the following job's conditioning (due to github actions environment variable scope limitations).
helm-package-publish:
if: github.ref_type == 'tag' || github.ref_name == ${{ needs.docker-build-push.outputs.default_branch }}
needs:
- docker-build-push
runs-on: ubuntu-latest
env:
NGC_REPO: nvstaging/mellanox/network-operator
steps:
- uses: actions/checkout@v4
- name: NGC setup and authentication
run: |
wget \
--no-verbose \
--content-disposition \
-O ngccli_linux.zip \
https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip
unzip -q ngccli_linux.zip
echo "./ngc-cli" >> $GITHUB_PATH
ngc-cli/ngc config set <<EOF
${{ secrets.NVCR_TOKEN }}
json
nvstaging
mellanox
no-ace
EOF
- name: Make package and push (`current_version+git_sha` as chart version)
run: |
git_sha=$(git rev-parse --short HEAD) # short git commit hash
current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml)
APP_VERSION=$git_sha VERSION=$current_chart_version-$git_sha make chart-build chart-push \
2> >(tee error.log) || grep 'already exists in the repository' error.log # catches any errors to `error.log`; if there is a specific error - passes (exit 0)
- name: Make package and push (`git_tag` as chart version)
if: github.ref_type == 'tag'
run: |
git_tag=${{ github.ref_name }}
APP_VERSION=$git_tag VERSION=${git_tag:1} make chart-build chart-push # VERSION as 'v' prefix removed
ocp-bundle:
needs:
- docker-build-push
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }}
DOWNSTREAM_REPO_OWNER: nvidia-ci-cd
UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
- name: Set is_push flag
id: set-is-push
run: |
if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
echo "is_push=false" >> $GITHUB_ENV
else
echo "is_push=true" >> $GITHUB_ENV
fi
- name: Determine version, tag, and base branch - Process based on is_push flag
run: |
if [[ "$is_push" == "true" ]]; then
echo "Setting VERSION_WITH_PREFIX to git commit hash."
VERSION_WITH_PREFIX=$(git rev-parse --short HEAD)
echo VERSION_WITH_PREFIX=$VERSION_WITH_PREFIX >> $GITHUB_ENV
else
git_tag=${{ github.ref_name }}
echo VERSION_WITH_PREFIX=$git_tag >> $GITHUB_ENV
echo VERSION_WITHOUT_PREFIX=${git_tag:1} >> $GITHUB_ENV # without the 'v' prefix
if echo $git_tag | grep beta; then
base_branch=$DEFAULT_BRANCH
else
v_major_minor=$(echo $git_tag | grep -Eo '^v[0-9]+\.[0-9]+')
base_branch=$v_major_minor.x
fi
echo BASE_BRANCH=$base_branch >> $GITHUB_ENV
fi
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Lookup image digest
run: |
if [[ "$is_push" == "false" && "$VERSION_WITH_PREFIX" != *-* ]]; then
IMAGE_REGISTRY="nvcr.io/nvidia/cloud-native" # GA release
else
IMAGE_REGISTRY=$REGISTRY
fi
network_operator_digest=$(skopeo inspect docker://$IMAGE_REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest)
echo $network_operator_digest | wc -w | grep 1 # verifies value not empty
echo NETWORK_OPERATOR_DIGEST=$network_operator_digest >> $GITHUB_ENV
echo IMAGE_REGISTRY=$IMAGE_REGISTRY >> $GITHUB_ENV
- name: Make bundle
env:
TAG: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }}
BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }}
NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }}
run: |
if [[ "$is_push" == "false" ]]; then
export VERSION=${{ env.VERSION_WITHOUT_PREFIX }}
version_major_minor=$(echo $VERSION_WITH_PREFIX | grep -Eo 'v[0-9]+\.[0-9]+')
export CHANNELS=stable,$version_major_minor
export DEFAULT_CHANNEL=$version_major_minor
else
export DEFAULT_CHANNEL=v1.1 # hard coded
export CHANNELS=stable,v1.1 # hard coded
export VERSION=1.1.0-${{ env.VERSION_WITH_PREFIX }} # using the commit hash
fi
make bundle bundle-build bundle-push
if [[ "$is_push" == "true" ]]; then
export BUNDLE_IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:latest # hard coded
make bundle-build bundle-push
fi
- name: Create PR with bundle to Network Operator
if: github.ref_type == 'tag'
env:
FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }}
run: |
git config user.name nvidia-ci-cd
git config user.email [email protected]
git checkout -b $FEATURE_BRANCH
git status
git add bundle
git add bundle.Dockerfile
git commit -sm "task: update bundle to $VERSION_WITH_PREFIX"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $FEATURE_BRANCH \
--base $BASE_BRANCH \
--title "task: update bundle to $VERSION_WITH_PREFIX" \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
- name: Determine if to send bundle to RedHat
if: github.ref_type == 'tag'
run: |
echo SEND_BUNDLE_TO_REDHAT=$(echo ${{ github.ref_name}} | grep -qE "v[0-9]+.[0-9]+.[0-9]+$" && echo true || echo false) >> $GITHUB_ENV
- if: ${{ github.ref_type == 'tag' && env.SEND_BUNDLE_TO_REDHAT == 'true' }}
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
repository: ${{ env.UPSTREAM_REPO_OWNER }}/certified-operators
path: certified-operators
- if: ${{ github.ref_type == 'tag' && env.SEND_BUNDLE_TO_REDHAT == 'true' }}
name: Create PR with bundle to RedHat
env:
UPSTREAM_DEFAULT_BRANCH: main
FEATURE_BRANCH: network-operator-bundle-${{ env.VERSION_WITHOUT_PREFIX }}
NEW_BUNDLE_DIR: operators/nvidia-network-operator/${{ env.VERSION_WITHOUT_PREFIX }}
run: |
pushd certified-operators
git config user.name nvidia-ci-cd
git config user.email [email protected]
gh repo fork --remote --default-branch-only
gh repo sync $DOWNSTREAM_REPO_OWNER/certified-operators --source $UPSTREAM_REPO_OWNER/certified-operators --branch $UPSTREAM_DEFAULT_BRANCH
git checkout -b $FEATURE_BRANCH
mkdir -p $NEW_BUNDLE_DIR
cp -r ../bundle/* $NEW_BUNDLE_DIR
git add $NEW_BUNDLE_DIR
git commit -sm "operator nvidia-network-operator ($VERSION_WITHOUT_PREFIX)"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $DOWNSTREAM_REPO_OWNER:$FEATURE_BRANCH \
--base $UPSTREAM_DEFAULT_BRANCH \
--fill \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
popd