feat(ci): clean up test images after closing PRs (#609) #919
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| concurrency: | |
| group: ci-${{ github.run_id }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - v[0-9]+ | |
| - v[0-9]+.[0-9]+ | |
| - cryostat-v[0-9]+.[0-9]+ | |
| pull_request_target: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - labeled | |
| - unlabeled | |
| branches: | |
| - main | |
| - v[0-9]+ | |
| - v[0-9]+.[0-9]+ | |
| - cryostat-v[0-9]+.[0-9]+ | |
| env: | |
| CI_USER: cryostat+bot | |
| CI_REGISTRY: quay.io/cryostat | |
| CI_OPERATOR_IMG: quay.io/cryostat/cryostat-operator | |
| CI_BUNDLE_IMG: quay.io/cryostat/cryostat-operator-bundle | |
| CI_SCORECARD_IMG: quay.io/cryostat/cryostat-operator-scorecard | |
| CI_PLATFORMS: linux/amd64,linux/arm64 | |
| REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }} | |
| REF: ${{ github.event.pull_request.head.ref }} | |
| OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key" | |
| OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04" | |
| jobs: | |
| controller-test: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.repository_owner == 'cryostatio' }} | |
| steps: | |
| - name: Fail if safe-to-test label NOT applied | |
| if: ${{ github.event_name == 'pull_request_target' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }} | |
| run: exit 1 | |
| - uses: actions/checkout@v2 | |
| with: | |
| repository: ${{ env.REPOSITORY }} | |
| ref: ${{ env.REF }} | |
| - uses: actions/setup-go@v2 | |
| with: | |
| go-version: '1.20.*' | |
| - uses: actions/cache@v2 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Run controller tests | |
| run: make test-envtest | |
| scorecard-test: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.repository_owner == 'cryostatio' }} | |
| steps: | |
| - name: Fail if safe-to-test label NOT applied | |
| if: ${{ github.event_name == 'pull_request_target' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }} | |
| run: exit 1 | |
| - uses: actions/checkout@v2 | |
| with: | |
| repository: ${{ env.REPOSITORY }} | |
| ref: ${{ env.REF }} | |
| - uses: jpkrohling/setup-operator-sdk@v1.1.0 | |
| with: | |
| operator-sdk-version: v1.28.0 | |
| - name: Install podman v4 | |
| run: | | |
| echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list | |
| curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg | |
| sudo apt update | |
| sudo apt install podman | |
| - name: Build scorecard image for test | |
| id: build-scorecard | |
| run: | | |
| CUSTOM_SCORECARD_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-scorecard:pr-${{ github.event.number }}-$GITHUB_SHA \ | |
| PLATFORMS=linux/amd64 \ | |
| MANIFEST_PUSH=false \ | |
| make scorecard-build | |
| echo "tag=ci-$GITHUB_SHA" >> $GITHUB_OUTPUT | |
| - name: Push scorecard image to ghcr.io for test | |
| id: push-scorecard-to-ghcr | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: cryostat-operator-scorecard | |
| tags: ${{ steps.build-scorecard.outputs.tag }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GHCR_PR_TOKEN }} | |
| - name: Build operator image for test | |
| id: build-operator | |
| run: | | |
| OPERATOR_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator:pr-${{ github.event.number }}-$GITHUB_SHA \ | |
| SKIP_TESTS=true \ | |
| make oci-build | |
| echo "tag=pr-${{ github.event.number }}-$GITHUB_SHA" >> $GITHUB_OUTPUT | |
| - name: Push operator image to ghcr.io for test | |
| id: push-operator-to-ghcr | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: cryostat-operator | |
| tags: ${{ steps.build-operator.outputs.tag }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GHCR_PR_TOKEN }} | |
| - name: Build bundle image for test | |
| id: build-bundle | |
| run: | | |
| yq -i '.spec.template.spec.imagePullSecrets = [{"name": "registry-key"}]' config/manager/manager.yaml | |
| OPERATOR_IMG=${{ steps.push-operator-to-ghcr.outputs.registry-path }} \ | |
| BUNDLE_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-bundle:pr-${{ github.event.number }}-$GITHUB_SHA \ | |
| make bundle bundle-build | |
| echo "tag=pr-${{ github.event.number }}-$GITHUB_SHA" >> $GITHUB_OUTPUT | |
| - name: Push bundle image to ghcr.io for test | |
| id: push-bundle-to-ghcr | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: cryostat-operator-bundle | |
| tags: ${{ steps.build-bundle.outputs.tag }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GHCR_PR_TOKEN }} | |
| - name: Set up Kind cluster | |
| run: | | |
| kind create cluster --config=".github/kind-config.yaml" -n ci-${{ github.run_id }} | |
| # Enabling Ingress | |
| kubectl apply -f https://github.com/raw/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml | |
| kubectl rollout status -w deployment/ingress-nginx-controller -n ingress-nginx --timeout 5m | |
| - name: Install Operator Lifecycle Manager | |
| run: curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.24.0/install.sh | bash -s v0.24.0 | |
| - name: Install Cert Manager | |
| run: make cert_manager | |
| - uses: redhat-actions/podman-login@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GHCR_PR_TOKEN }} | |
| auth_file_path: $HOME/.docker/config.json | |
| - name: Run scorecard tests | |
| run: | | |
| SCORECARD_REGISTRY_SERVER="ghcr.io" \ | |
| SCORECARD_REGISTRY_USERNAME="${{ github.repository_owner }}" \ | |
| SCORECARD_REGISTRY_PASSWORD="${{ secrets.GHCR_PR_TOKEN }}" \ | |
| BUNDLE_IMG="${{ steps.push-bundle-to-ghcr.outputs.registry-path }}" \ | |
| make test-scorecard | |
| - name: Clean up Kind cluster | |
| run: kind delete cluster -n ci-${{ github.run_id }} | |
| build-operator: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install podman v4 | |
| run: | | |
| echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list | |
| curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null | |
| sudo apt update | |
| sudo apt install podman | |
| - name: Build operator image | |
| run: | | |
| IMAGE_NAMESPACE=${{ env.CI_REGISTRY }} SKIP_TESTS=true PLATFORMS=${{ env.CI_PLATFORMS }} MANIFEST_PUSH=false make oci-buildx | |
| - name: Tag image | |
| id: tag-image | |
| run: | | |
| IMG_TAG="$(make --eval='print-img-ver: ; @echo $(IMAGE_VERSION)' print-img-ver)" | |
| if [ "$GITHUB_REF" == "refs/heads/main" ]; then | |
| podman tag \ | |
| ${{ env.CI_OPERATOR_IMG }}:$IMG_TAG \ | |
| ${{ env.CI_OPERATOR_IMG }}:latest | |
| echo "tags=$IMG_TAG latest" >> $GITHUB_OUTPUT | |
| else | |
| echo "tags=$IMG_TAG" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Push to quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: cryostat-operator | |
| tags: ${{ steps.tag-image.outputs.tags }} | |
| registry: ${{ env.CI_REGISTRY }} | |
| username: ${{ env.CI_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Print image URL | |
| run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
| build-bundle: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build bundle image | |
| run: IMAGE_NAMESPACE=${{ env.CI_REGISTRY }} make bundle-build | |
| - name: Tag image | |
| id: tag-image | |
| run: | | |
| IMG_TAG="$(make --eval='print-img-ver: ; @echo $(IMAGE_VERSION)' print-img-ver)" | |
| if [ "$GITHUB_REF" == "refs/heads/main" ]; then | |
| podman tag \ | |
| ${{ env.CI_BUNDLE_IMG }}:$IMG_TAG \ | |
| ${{ env.CI_BUNDLE_IMG }}:latest | |
| echo "tags=$IMG_TAG latest" >> $GITHUB_OUTPUT | |
| else | |
| echo "tags=$IMG_TAG" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Push to quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: cryostat-operator-bundle | |
| tags: ${{ steps.tag-image.outputs.tags }} | |
| registry: ${{ env.CI_REGISTRY }} | |
| username: ${{ env.CI_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Print image URL | |
| run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
| build-scorecard: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Get scorecard image tag | |
| id: get-image-tag | |
| run: | | |
| SCORECARD_TAG=$(yq '[.stages[0].tests[].image | capture("cryostat-operator-scorecard:(?P<tag>[\w.\-_]+)$")][0].tag' bundle/tests/scorecard/config.yaml) | |
| echo "tag=$SCORECARD_TAG" >> $GITHUB_OUTPUT | |
| - name: Check if scorecard image tag already exists | |
| id: check-tag-exists | |
| run: | | |
| EXIST=false | |
| if [ -n "$(podman search --list-tags ${CI_SCORECARD_IMG} --format json | jq --arg TAG ${{ steps.get-image-tag.outputs.tag }} '.[0].Tags[] | select( . == $TAG)')" ]; then | |
| EXIST=true | |
| fi | |
| echo "exist=$EXIST" >> $GITHUB_OUTPUT | |
| - name: Install podman v4 | |
| run: | | |
| echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list | |
| curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null | |
| sudo apt update | |
| sudo apt install podman | |
| - name: Build scorecard image | |
| run: | | |
| CUSTOM_SCORECARD_IMG=${CI_SCORECARD_IMG}:${{ steps.get-image-tag.outputs.tag }} \ | |
| PLATFORMS=${{ env.CI_PLATFORMS }} \ | |
| MANIFEST_PUSH=false \ | |
| make scorecard-build | |
| if: ${{ steps.check-tag-exists.outputs.exist == 'false' }} | |
| - name: Push to quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: cryostat-operator-scorecard | |
| tags: ${{ steps.get-image-tag.outputs.tag }} | |
| registry: ${{ env.CI_REGISTRY }} | |
| username: ${{ env.CI_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| if: ${{ steps.check-tag-exists.outputs.exist == 'false' }} | |
| - name: Print image URL | |
| run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
| if: ${{ steps.check-tag-exists.outputs.exist == 'false' }} |