-
Notifications
You must be signed in to change notification settings - Fork 6
288 lines (269 loc) · 14.2 KB
/
release-operator.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
name: Operator Release
# Creates a release for push event to matching operator-*, i.e. v1.0, v20.15.10
# The release created is a draft - this means it has to be checked and published manually afterwards to enforce manual check.
on:
workflow_dispatch:
inputs:
new_version:
description: 'New version (ignored for patch branches)'
required: true
env:
CARGO_TERM_COLOR: always
TARGET_LINUX: x86_64-unknown-linux-gnu
RELEASED_ARTIFACT_NAME: h2o-operator
OPERATOR_NAME: h2o-operator
jobs:
build-linux:
name: Tests & Linux binary
runs-on: ubuntu-latest
steps:
- name: Install cross-platform compile dependencies
run: sudo apt install pkg-config libssl-dev -y
- name: Start K3S
uses: debianmaster/actions-k3s@v1.0.1
id: k3s
with:
version: 'latest'
- uses: actions/checkout@v2
- name: Find out current version
id: current-ver
run: |
VERSION=$(cat operator/Cargo.toml | sed -n "s/^version\s*=\s*\"\([0-9]*\.[0-9]*\.[0-9]*\)\"$/\1/p")
echo "::set-output name=version::$VERSION"
- name: Cargo test
run: |
# 🄿🅁🄴🄿🄰🅁🄰🅃🄸🄾🄽🅂
# debianmaster/actions-k3s sets owner of the Kubeconfig output to a different user.
# To generate kubeconfigs for specific service accounts, current user must have read rights to the cluster-admin kubeconfig folder
sudo chown $(id -u):$(id -g) /tmp/output/
export CLUSTER_ADMIN_KUBECONFIG=$KUBECONFIG
# Create cluster role and a service account with permissions and related kubeconfig for CLI module
kubectl apply -f cli/tests/permissions/cluster_role.yaml
bash tests_common/k8s_cluster_setup/kubeconfig.sh h2o-cli default
# Create cluster role and a service account with permissions and related kubeconfig for DEPLOYMENT MODULE
kubectl apply -f deployment/tests/permissions/cluster_role.yaml
bash tests_common/k8s_cluster_setup/kubeconfig.sh h2o-deployment default
# Create cluster role and a service account with permissions and related kubeconfig for OPERATOR
kubectl apply -f operator/tests/permissions/cluster_role.yaml
kubectl apply -f operator/crd/h2os.h2o.ai.crd.yaml
bash tests_common/k8s_cluster_setup/kubeconfig.sh h2o-operator default
# 🅃🄴🅂🅃🅂
# Each module is tested with kubeconfig reflecting service account with just enough permissions
# for the given module.
#Test CLI module
export KUBECONFIG=$(pwd)/kubeconfigs-generated/kubeconfig-h2o-cli-default.yaml
cargo test -p h2ok --verbose
# Test DEPLOYMENT module
export KUBECONFIG=$(pwd)/kubeconfigs-generated/kubeconfig-h2o-deployment-default.yaml
cargo test -p deployment --verbose
# Test OPERATOR module
export KUBECONFIG=$(pwd)/kubeconfigs-generated/kubeconfig-h2o-operator-default.yaml
cargo test -p h2o-operator --verbose
# Create new service account for OPERATOR with CRD v1beta1
# Permissions are on purpose expected to be the same for v1beta1 H2O CRD, therefore the same ClusterRole is used
export KUBECONFIG=$CLUSTER_ADMIN_KUBECONFIG
kubectl apply -f operator/bundle/manifests/h2os.h2o.ai.crd.yaml # Overrides previous H2O CRDs
# Test OPERATOR module with CRD v1beta1 to test out the Red Hat version of the H2O custom resource
export KUBECONFIG=$(pwd)/kubeconfigs-generated/kubeconfig-h2o-operator-default.yaml
cargo test -p h2o-operator --verbose
- name: Release build
run: rustup target add ${{ env.TARGET_LINUX }} && cargo build -p ${{ env.RELEASED_ARTIFACT_NAME }} --release --target ${{ env.TARGET_LINUX }}
- name: Create ${{ env.TARGET_LINUX }} ZIP package
run: zip -j ${{ env.RELEASED_ARTIFACT_NAME }}_${{ env.TARGET_LINUX }}.zip target/${{ env.TARGET_LINUX }}/release/${{ env.RELEASED_ARTIFACT_NAME }} LICENSE
- name: Upload ${{ env.TARGET_LINUX }}
uses: actions/upload-artifact@v2
with:
name: ${{ env.TARGET_LINUX }}
path: ${{ env.RELEASED_ARTIFACT_NAME }}_${{ env.TARGET_LINUX }}.zip
release-docker-images:
needs: [build-linux]
name: Release OpenShift specific Docker images
runs-on: ubuntu-latest
timeout-minutes: 300
steps:
- uses: actions/checkout@v2
- name: Find out current version
id: current-ver
run: |
VERSION=$(cat operator/Cargo.toml | sed -n "s/^version\s*=\s*\"\([0-9]*\.[0-9]*\.[0-9]*\)\"$/\1/p")
echo "::set-output name=version::$VERSION"
- name: Build Operator Dockerfile
run: |
# Push and publish Docker image with H2O Operator binary first, as this is required for the bundle step to pass validation tests.
# Build, push, wait for validations and publish
pip install requests argparse
echo "${{ secrets.OPERATOR_RED_HAT_REGISTRY_KEY }}" | docker login -u unused scan.connect.redhat.com --password-stdin
docker build -t ${{ secrets.OPERATOR_RED_HAT_SCAN_TAG_PREFIX }}${{ env.OPERATOR_NAME }}:${{steps.current-ver.outputs.version}} -f operator/docker/Dockerfile-operator . --build-arg OPERATOR_VERSION=${{ steps.current-ver.outputs.version }} --no-cache
OPERATOR_DIGEST=$(docker push ${{ secrets.OPERATOR_RED_HAT_SCAN_TAG_PREFIX }}${{ env.OPERATOR_NAME }}:${{ steps.current-ver.outputs.version }} | sed -n 's/.*\(sha256:[a-zA-Z0-9]*\).*$/\1/p')
echo $OPERATOR_DIGEST
python operator/release/red_hat_docker_certification.py --api_key ${{ secrets.RED_HAT_CONNECT_API_KEY }} --pid ${{ secrets.OPERATOR_RED_HAT_PID }} --tag ${{ steps.current-ver.outputs.version }} $OPERATOR_DIGEST
docker logout
# Build and push H2O Operator bundle, wait for validations to pass and publish it
echo "${{ secrets.OPERATOR_BUNDLE_RED_HAT_REGISTRY_KEY }}" | docker login -u unused scan.connect.redhat.com --password-stdin
CREATED_DATE=$(date --utc +%FT%T%Z)
sed -i "s/<created-date>/$CREATED_DATE/g" operator/bundle/manifests/h2o-operator.clusterserviceversion.yaml
sed -i "s/<version>/${{ steps.current-ver.outputs.version }}/g" operator/bundle/manifests/h2o-operator.clusterserviceversion.yaml
cat operator/bundle/manifests/h2o-operator.clusterserviceversion.yaml
docker build -t ${{ secrets.OPERATOR_BUNDLE_RED_HAT_SCAN_TAG_PREFIX }}${{ env.OPERATOR_NAME }}-bundle:${{steps.current-ver.outputs.version}} -f operator/docker/Dockerfile-operator-bundle . --no-cache
BUNDLE_DIGEST=$(docker push ${{ secrets.OPERATOR_BUNDLE_RED_HAT_SCAN_TAG_PREFIX }}${{ env.OPERATOR_NAME }}-bundle:${{ steps.current-ver.outputs.version }} | sed -n 's/.*\(sha256:[a-zA-Z0-9]*\).*$/\1/p')
echo $BUNDLE_DIGEST
echo "H2O Operator Bundle uploaded. Red Hat doesn't support automated publishing of bundle images yet - publish manually !"
docker logout
# Docker Hub contains the same operator binary as OpenShift repository
# Red Hat services are unstable and error-prone, push to docker hub last
docker tag ${{ secrets.OPERATOR_RED_HAT_SCAN_TAG_PREFIX }}${{ env.OPERATOR_NAME }}:${{steps.current-ver.outputs.version}} h2oai/h2o-k8s-operator:${{steps.current-ver.outputs.version}}
echo "${{ secrets.H2O_DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.H2O_DOCKER_HUB_LOGIN }} --password-stdin
docker push h2oai/h2o-k8s-operator:${{steps.current-ver.outputs.version}}
docker logout
github-release:
name: GitHub Release
runs-on: ubuntu-latest
needs: [ release-docker-images ]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Find out current version
id: current-ver
run: |
VERSION=$(cat operator/Cargo.toml | sed -n "s/^version\s*=\s*\"\([0-9]*\.[0-9]*\.[0-9]*\)\"$/\1/p")
echo "::set-output name=version::$VERSION"
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: operator-${{ steps.current-ver.outputs.version }}
release_name: H2O K8S Operator v${{ steps.current-ver.outputs.version }}
draft: false
prerelease: false
- name: Download ${{ env.TARGET_LINUX }} binary
uses: actions/download-artifact@v2
with:
name: ${{ env.TARGET_LINUX }}
- name: Upload ${{ env.TARGET_LINUX }} asset
id: upload-release-asset-linux
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./${{ env.RELEASED_ARTIFACT_NAME }}_${{ env.TARGET_LINUX }}.zip
asset_name: ${{ env.TARGET_LINUX }}
asset_content_type: application
- name: Upload v1 CRD # version of CRD resource, not H2O resource
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: operator/crd/h2os.h2o.ai.crd.yaml
asset_name: h2os.h2o.ai.crd.v1.yaml
asset_content_type: application/x-yaml
- name: Upload v1beta1 CRD # version of CRD resource, not H2O resource
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: operator/bundle/manifests/h2os.h2o.ai.crd.yaml
asset_name: h2os.h2o.ai.crd.v1beta1.yaml
asset_content_type: application/x-yaml
- name: Upload v1beta1 CRD # version of CRD resource, not H2O resource
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: operator/tests/permissions/cluster_role.yaml
asset_name: h2o-operator-role.yaml
asset_content_type: application/x-yaml
# If the build is triggered on master, create a patch branch for that release
create-patch-branch:
needs: [github-release]
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/master' }}
name: Create patch branch
steps:
- uses: actions/checkout@v2
- name: Find out current version
id: current-ver
run: |
VERSION=$(cat operator/Cargo.toml | sed -n "s/^version\s*=\s*\"\([0-9]*\.[0-9]*\.[0-9]*\)\"$/\1/p")
echo "::set-output name=version::$VERSION"
- name: Create Branch
uses: peterjgrainger/action-create-branch@v2.0.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
branch: operator-patch-${{ steps.current-ver.outputs.version }}
- name: Next SemVer for patch branch
uses: WyriHaximus/github-action-next-semvers@v1.0
id: next-patch
with:
version: ${{ steps.current-ver.outputs.version }}
- name: Bump up version for patch branch
run: sed -i "s/version\s=\s\"\(${{ steps.current-ver.outputs.version }}\)\"/version = \"${{ steps.next-patch.outputs.patch }}\"/g" operator/Cargo.toml
- name: Commit new version to patch branch
uses: EndBug/add-and-commit@v7.0.0
with:
author_name: 'Operator Release'
author_email: '<pavel.pscheidl@h2o.ai>'
message: Operator version ${{ steps.next-patch.outputs.patch }}
branch: operator-patch-${{ steps.current-ver.outputs.version }}
add: 'operator/Cargo.toml'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# If the builds is triggered in master branch, set new version on master according to user's input.
update-master-version:
needs: [github-release]
name: Update user-defined version in master branch
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/master' }}
steps:
- uses: actions/checkout@v2
- name: Find out current version
id: current-ver
run: |
VERSION=$(cat operator/Cargo.toml | sed -n "s/^version\s*=\s*\"\([0-9]*\.[0-9]*\.[0-9]*\)\"$/\1/p")
echo "::set-output name=version::$VERSION"
- name: Bump up operator version
run: sed -i "s/version\s=\s\"\(${{ steps.current-ver.outputs.version }}\)\"/version = \"${{ github.event.inputs.new_version }}\"/g" operator/Cargo.toml
- name: Commit new version to current branch
uses: EndBug/add-and-commit@v7.0.0
with:
author_name: 'Operator Release'
author_email: '<pavel.pscheidl@h2o.ai>'
message: Operator version ${{ github.event.inputs.new_version }}
add: 'operator/Cargo.toml'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# If the build is triggered on non-master branch (patch), update patch version on that branch after release.
update-patch-version:
needs: [github-release]
name: Update version in patch branch
runs-on: ubuntu-latest
if: ${{ github.ref != 'refs/heads/master' }}
steps:
- uses: actions/checkout@v2
- name: Find out current version
id: current-ver
run: |
VERSION=$(cat operator/Cargo.toml | sed -n "s/^version\s*=\s*\"\([0-9]*\.[0-9]*\.[0-9]*\)\"$/\1/p")
echo "::set-output name=version::$VERSION"
- name: Next SemVer for patch branch
uses: WyriHaximus/github-action-next-semvers@v1.0
id: next-patch
with:
version: ${{ steps.current-ver.outputs.version }}
- name: Bump up operator version
run: sed -i "s/version\s=\s\"\(${{ steps.current-ver.outputs.version }}\)\"/version = \"${{ steps.next-patch.outputs.patch }}\"/g" operator/Cargo.toml
- name: Commit new version to current branch
uses: EndBug/add-and-commit@v7.0.0
with:
author_name: 'Operator Release'
author_email: '<pavel.pscheidl@h2o.ai>'
message: Operator version ${{ steps.next-patch.outputs.patch }}
add: 'operator/Cargo.toml'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}