-
Notifications
You must be signed in to change notification settings - Fork 54
194 lines (182 loc) · 7.67 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
name: Docker, Helm and OCP CI
on:
push:
branches:
- "master"
- "v*.x"
tags:
- "v*"
# note: various environment variable names are set to match expectation from the Makefile; do not change without comparing
env:
DEFAULT_BRANCH: master
REGISTRY: nvcr.io/nvstaging/mellanox
IMAGE_NAME: network-operator
jobs:
docker-build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- if: github.ref_type == 'branch'
name: Determine docker tags (when git branch)
run: |
git_sha=$(git rev-parse --short HEAD) # short git commit hash
latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master
echo DOCKER_TAGS=""$git_sha $latest"" >> $GITHUB_ENV
- if: github.ref_type == 'tag'
name: Determine docker tags (when git tag)
run: |
git_tag=${{ github.ref_name }}
echo DOCKER_TAGS=""$git_tag"" >> $GITHUB_ENV
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Make build and push
env:
TAG: mellanox/${{ env.IMAGE_NAME }}
run: |
echo "Docker tags will be: $DOCKER_TAGS"
for docker_tag in $DOCKER_TAGS; do
make VERSION=$docker_tag image-build-multiarch image-push-multiarch
done
helm-package-publish:
needs:
- docker-build-push
runs-on: ubuntu-latest
steps:
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
uses: actions/checkout@v4
- if: github.ref_name == env.DEFAULT_BRANCH
name: Determine versions (when git branch)
run: |
app_version=$(git rev-parse --short HEAD) # short git commit hash
current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml)
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV
echo VERSION=""$current_chart_version-$app_version"" >> $GITHUB_ENV
- if: github.ref_type == 'tag'
name: Determine versions (when git tag)
run: |
git_tag=${{ github.ref_name }}
app_version=$git_tag
chart_version=${git_tag:1} # without the 'v' prefix
echo APP_VERSION=""$app_version"" >> $GITHUB_ENV
echo VERSION=""$chart_version"" >> $GITHUB_ENV
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
name: NGC setup and authentication
run: |
wget \
--no-verbose \
--content-disposition \
-O ngccli_linux.zip \
https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.41.4/files/ngccli_linux.zip
unzip -q ngccli_linux.zip
echo "./ngc-cli" >> $GITHUB_PATH
ngc-cli/ngc config set <<EOF
${{ secrets.NVCR_TOKEN }}
json
nvstaging
mellanox
no-ace
EOF
- if: github.ref_name == env.DEFAULT_BRANCH || github.ref_type == 'tag'
name: Make package and push
env:
NGC_REPO: nvstaging/mellanox/network-operator
run: |
make chart-build chart-push
ocp-bundle:
if: github.ref_type == 'tag'
needs:
- docker-build-push
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }}
DOWNSTREAM_REPO_OWNER: nvidia-ci-cd
UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.NVCR_USERNAME }}
password: ${{ secrets.NVCR_TOKEN }}
- name: Determine version, tag, and base branch
run: |
git_tag=${{ github.ref_name }}
echo VERSION_WITH_PREFIX=$git_tag >> $GITHUB_ENV
echo VERSION_WITHOUT_PREFIX=${git_tag:1} >> $GITHUB_ENV # without the 'v' prefix
if echo $git_tag | grep beta; then
base_branch=$DEFAULT_BRANCH
else
v_major_minor=$(echo $git_tag | grep -Eo '^v[0-9]+\.[0-9]+')
base_branch=$v_major_minor.x
fi
echo BASE_BRANCH=$base_branch >> $GITHUB_ENV
- name: Lookup image digest
run: |
network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest)
echo $network_operator_digest | wc -w | grep 1 # verifies value not empty
echo NETWORK_OPERATOR_DIGEST=$network_operator_digest >> $GITHUB_ENV
- name: Make bundle
env:
TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }}
BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }}
VERSION: ${{ env.VERSION_WITHOUT_PREFIX }}
NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }}
run: |
version_major_minor=$(echo $VERSION_WITH_PREFIX | grep -Eo 'v[0-9]+\.[0-9]+')
export CHANNELS=stable,$version_major_minor
export DEFAULT_CHANNEL=$version_major_minor
make bundle bundle-build bundle-push
- name: Create PR with bundle to Network Operator
env:
FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }}
run: |
git config user.name nvidia-ci-cd
git config user.email svc-cloud-orch-gh@nvidia.com
git checkout -b $FEATURE_BRANCH
git status
git add bundle
git commit -sm "task: update bundle to $VERSION_WITH_PREFIX"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $FEATURE_BRANCH \
--base $BASE_BRANCH \
--title "task: update bundle to $VERSION_WITH_PREFIX" \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
- name: Determine if to send bundle to RedHat
run: |
echo SEND_BUNDLE_TO_REDHAT=$(echo ${{ github.ref_name}} | grep -qE "v[0-9]+.[0-9]+.[0-9]+$" && echo true || echo false) >> $GITHUB_ENV
- if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }}
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step
repository: ${{ env.UPSTREAM_REPO_OWNER }}/certified-operators
path: certified-operators
- if: ${{ env.SEND_BUNDLE_TO_REDHAT == 'true' }}
name: Create PR with bundle to RedHat
env:
UPSTREAM_DEFAULT_BRANCH: main
FEATURE_BRANCH: network-operator-bundle-${{ env.VERSION_WITHOUT_PREFIX }}
NEW_BUNDLE_DIR: operators/nvidia-network-operator/${{ env.VERSION_WITHOUT_PREFIX }}
run: |
pushd certified-operators
git config user.name nvidia-ci-cd
git config user.email svc-cloud-orch-gh@nvidia.com
gh repo fork --remote --default-branch-only
gh repo sync $DOWNSTREAM_REPO_OWNER/certified-operators --source $UPSTREAM_REPO_OWNER/certified-operators --branch $UPSTREAM_DEFAULT_BRANCH
git checkout -b $FEATURE_BRANCH
mkdir -p $NEW_BUNDLE_DIR
cp -r ../bundle/* $NEW_BUNDLE_DIR
git add $NEW_BUNDLE_DIR
git commit -sm "operator nvidia-network-operator ($VERSION_WITHOUT_PREFIX)"
git push -u origin $FEATURE_BRANCH
gh pr create \
--head $DOWNSTREAM_REPO_OWNER:$FEATURE_BRANCH \
--base $UPSTREAM_DEFAULT_BRANCH \
--fill \
--body "Created by the *${{ github.job }}* job in [${{ github.repository }} CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
popd