-
Notifications
You must be signed in to change notification settings - Fork 25
328 lines (292 loc) · 12.5 KB
/
Copy pathreusable-build-operator.yaml
File metadata and controls
328 lines (292 loc) · 12.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
# We tag each operator with 3 tags:
# 1) Git commit sha: This is useful to lookup the bundle images with SHA's
# based on the gomod entries
# 2) the branch name, or 'latest' tag
# 3) the digest: this is useful because we reference images by SHA256 digests
# in the bundles now for offline/air gapped installation support
name: Operator image builder
on:
workflow_call:
inputs:
operator_name:
required: true
type: string
go_version:
required: true
type: string
operator_sdk_version:
required: true
type: string
bundle_dockerfile: # openstack-operator uses a custom ./custom-bundle.Dockerfile.pinned
required: false
type: string
default: ./bundle.Dockerfile
operator_version: # Example: 0.4.0 for openstack-operator, all other operators use 0.0.1. This corresponds to the CSV version
description: 'The operator_version to use (optional). Overrides other logic.'
required: false
type: string
secrets:
IMAGENAMESPACE:
required: true
QUAY_USERNAME:
required: true
QUAY_PASSWORD:
required: true
REDHATIO_USERNAME:
required: true
REDHATIO_PASSWORD:
required: true
env:
imageregistry: 'quay.io'
imagenamespace: ${{ secrets.IMAGENAMESPACE || secrets.QUAY_USERNAME }}
latesttag: latest
jobs:
check-secrets:
runs-on: ubuntu-latest
steps:
- name: Check secrets are set
id: check
if: "${{ env.imagenamespace == '' }}"
run: |
echo "::error title=Missing required secrets::See https://github.com/openstack-k8s-operators/dev-docs/blob/main/image_build.md#creating-images-using-github-actions"
echo "missing=true">>$GITHUB_OUTPUT
outputs:
missing-secrets: ${{ steps.check.outputs.missing }}
build-operator:
needs: check-secrets
name: Build ${{ inputs.operator_name }}-operator image using buildah
runs-on: ubuntu-latest
if: needs.check-secrets.outputs.missing-secrets != 'true'
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- name: Set latest tag for non main branch
if: github.ref_name != 'main'
env:
BRANCH_NAME: ${{ github.ref_name }}
run: |
latesttag="${BRANCH_NAME}-latest"
echo "latesttag=${latesttag@L}" >> $GITHUB_ENV
- name: Buildah Action
id: build-operator
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
with:
image: ${{ inputs.operator_name }}-operator
tags: ${{ env.latesttag }} ${{ github.sha }}
containerfiles: |
./Dockerfile
- name: Push ${{ inputs.operator_name }}-operator To ${{ env.imageregistry }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
image: ${{ steps.build-operator.outputs.image }}
tags: ${{ steps.build-operator.outputs.tags }}
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
digestfile: digest.txt
- name: Set OPERATOR_IMAGE_DIGEST for Operator and tag
shell: bash
run: |
DIGEST=$(cat digest.txt | sed -e 's|sha256:||')
echo "OPERATOR_IMAGE_DIGEST=$DIGEST" >> $GITHUB_ENV
podman tag "localhost/${IMAGE}:${GITHUB_SHA}" "${REGISTRY}/${IMAGE}:${DIGEST}"
env:
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }}
IMAGE: ${{ inputs.operator_name }}-operator
GITHUB_SHA: ${{ github.sha }}
- name: Push tag with digest ${{ env.OPERATOR_IMAGE_DIGEST }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
image: ${{ steps.build-operator.outputs.image }}
tags: ${{ env.OPERATOR_IMAGE_DIGEST }}
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
build-operator-bundle:
needs: build-operator
name: ${{ inputs.operator_name }}-operator-bundle
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6
with:
go-version: ${{ inputs.go_version }}
cache: false
- name: Checkout ${{ inputs.operator_name }}-operator repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- name: Install operator-sdk
uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
with:
source: github
operator-sdk: ${{ inputs.operator_sdk_version }}
- name: Log in to Quay Registry
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
with:
registry: ${{ env.imageregistry }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Log in to Red Hat Registry
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
with:
registry: registry.redhat.io
username: ${{ secrets.REDHATIO_USERNAME }}
password: ${{ secrets.REDHATIO_PASSWORD }}
- name: Create bundle image
shell: bash
run: |
USE_IMAGE_DIGESTS=true IMG=${REGISTRY}/${BASE_IMAGE}:${GITHUB_SHA} make bundle
env:
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }}
GITHUB_SHA: ${{ github.sha }}
BASE_IMAGE: ${{ inputs.operator_name }}-operator
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set latest tag for non main branch
if: github.ref_name != 'main'
env:
BRANCH_NAME: ${{ github.ref_name }}
run: |
latesttag="${BRANCH_NAME}-latest"
echo "latesttag=${latesttag@L}" >> $GITHUB_ENV
- name: Build operator-bundle using buildah
id: build-operator-bundle
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
with:
image: ${{ inputs.operator_name }}-operator-bundle
tags: ${{ env.latesttag }} ${{ github.sha }}
containerfiles: ${{ inputs.bundle_dockerfile }}
- name: Push ${{ inputs.operator_name }}-operator To ${{ env.imageregistry }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
image: ${{ steps.build-operator-bundle.outputs.image }}
tags: ${{ steps.build-operator-bundle.outputs.tags }}
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
digestfile: digest.txt
- name: Set OPERATOR_BUNDLE_IMAGE_DIGEST for Operator and tag
shell: bash
run: |
DIGEST=$(cat digest.txt | sed -e 's|sha256:||')
echo "OPERATOR_BUNDLE_IMAGE_DIGEST=$DIGEST" >> $GITHUB_ENV
podman tag "localhost/${IMAGE}:${GITHUB_SHA}" "${REGISTRY}/${IMAGE}:${DIGEST}"
env:
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }}
IMAGE: ${{ inputs.operator_name }}-operator-bundle
GITHUB_SHA: ${{ github.sha }}
- name: Push tag with digest ${{ env.OPERATOR_BUNDLE_IMAGE_DIGEST }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
image: ${{ steps.build-operator-bundle.outputs.image }}
tags: ${{ env.OPERATOR_BUNDLE_IMAGE_DIGEST }}
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
build-operator-index:
needs: build-operator-bundle
name: operator-index
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6
with:
go-version: ${{ inputs.go_version }}
cache: false
- name: Checkout ${{ inputs.operator_name }}-operator repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- name: Set latest tag for non main branch
if: github.ref_name != 'main'
env:
BRANCH_NAME: ${{ github.ref_name }}
run: |
latesttag="${BRANCH_NAME}-latest"
echo "latesttag=${latesttag@L}" >> $GITHUB_ENV
- name: Install opm
uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
with:
source: github
opm: 'latest'
- name: Log in to Quay Registry
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
with:
registry: ${{ env.imageregistry }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Log in to Red Hat Registry
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
with:
registry: registry.redhat.io
username: ${{ secrets.REDHATIO_USERNAME }}
password: ${{ secrets.REDHATIO_PASSWORD }}
- name: Determine Version
id: get_csv_version
run: |
if [[ -n "${{ inputs.operator_version }}" ]]; then
echo "Using provided version: ${{ inputs.operator_version }}"
echo "version=${{ inputs.operator_version }}" >> $GITHUB_OUTPUT
elif [[ "${{ inputs.operator_name }}" == "openstack" ]]; then
echo "Operator is 'openstack', setting version to 0.4.0"
echo "version=0.4.0" >> $GITHUB_OUTPUT
else
echo "Defaulting version to 0.0.1"
echo "version=0.0.1" >> $GITHUB_OUTPUT
fi
- name: Create index image
shell: bash
run: |
set -x
pushd "${GITHUB_WORKSPACE}"
mkdir -p catalog
opm generate dockerfile ./catalog -i registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.18
opm init ${OPERATOR_NAME} --default-channel=alpha --output yaml > catalog/index.yaml
opm render "${REGISTRY}/${BUNDLE_IMAGE}:${GITHUB_SHA}" --output yaml >> catalog/index.yaml
cat >> catalog/index.yaml << EOF_CAT
---
schema: olm.channel
package: ${OPERATOR_NAME}
name: alpha
entries:
- name: ${OPERATOR_NAME}.${CSV_VERSION}
EOF_CAT
cat catalog/index.yaml
opm validate catalog
podman build -t "${REGISTRY}/${INDEX_IMAGE}:${GITHUB_SHA}" -f catalog.Dockerfile
podman tag "${REGISTRY}/${INDEX_IMAGE}:${GITHUB_SHA}" "${REGISTRY}/${INDEX_IMAGE}:${INDEX_IMAGE_TAG}"
popd
env:
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }}
GITHUB_SHA: ${{ github.sha }}
OPERATOR_NAME: ${{ inputs.operator_name }}-operator
BUNDLE_IMAGE: ${{ inputs.operator_name }}-operator-bundle
INDEX_IMAGE_TAG: ${{ env.latesttag }}
INDEX_IMAGE: ${{ inputs.operator_name }}-operator-index
CSV_VERSION: v${{ steps.get_csv_version.outputs.version }}
# opm uses containers/image which now rejects v1-format registries.conf
# shipped on ubuntu-latest runners. Safe to bypass since opm render
# pulls by fully-qualified reference and needs no registry aliases.
CONTAINERS_REGISTRIES_CONF: /dev/null
- name: Push ${{ inputs.operator_name }}-operator-index To ${{ env.imageregistry }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
image: ${{ inputs.operator_name }}-operator-index
tags: ${{ env.latesttag }} ${{ github.sha }}
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
digestfile: digest.txt
- name: Set OPERATOR_INDEX_IMAGE_DIGEST for Operator and tag
shell: bash
run: |
DIGEST=$(cat digest.txt | sed -e 's|sha256:||')
echo "OPERATOR_INDEX_IMAGE_DIGEST=$DIGEST" >> $GITHUB_ENV
podman tag "${REGISTRY}/${IMAGE}:${GITHUB_SHA}" "${REGISTRY}/${IMAGE}:${DIGEST}"
env:
REGISTRY: ${{ env.imageregistry }}/${{ env.imagenamespace }}
IMAGE: ${{ inputs.operator_name }}-operator-index
GITHUB_SHA: ${{ github.sha }}
- name: Push tag with digest ${{ env.OPERATOR_INDEX_IMAGE_DIGEST }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
image: ${{ inputs.operator_name }}-operator-index
tags: ${{ env.OPERATOR_INDEX_IMAGE_DIGEST }}
registry: ${{ env.imageregistry }}/${{ env.imagenamespace }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}