From 98e3f8bc13e1da9f7c3bb66427bfc5365e97eec1 Mon Sep 17 00:00:00 2001 From: Rajagopalan Ranganathan Date: Wed, 22 May 2024 13:47:15 +0100 Subject: [PATCH 1/4] Update build_deploy.sh fix the new quay repo for kessel --- build_deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_deploy.sh b/build_deploy.sh index d8f6bfb..db237d1 100755 --- a/build_deploy.sh +++ b/build_deploy.sh @@ -1,6 +1,6 @@ set -exv -IMAGE="quay.io/cloudservices/spicedb-operator" +IMAGE="quay.io/cloudservices/kessel-spicedb-operator" IMAGE_TAG=$(git rev-parse --short=7 HEAD) GIT_COMMIT=$(git rev-parse --short HEAD) From 0d92c74b0711c50d815704e95d1689daae2a475a Mon Sep 17 00:00:00 2001 From: Rajagopalan Ranganathan Date: Wed, 22 May 2024 16:40:43 +0100 Subject: [PATCH 2/4] Create Jenkinsfile --- Jenkinsfile | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..992507f --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,53 @@ +def secrets = [ + [path: params.VAULT_PATH_SVC_ACCOUNT_EPHEMERAL, engineVersion: 1, secretValues: [ + [envVar: 'OC_LOGIN_TOKEN_DEV', vaultKey: 'oc-login-token-dev'], + [envVar: 'OC_LOGIN_SERVER_DEV', vaultKey: 'oc-login-server-dev']]], + [path: params.VAULT_PATH_QUAY_PUSH, engineVersion: 1, secretValues: [ + [envVar: 'QUAY_USER', vaultKey: 'user'], + [envVar: 'QUAY_TOKEN', vaultKey: 'token']]], + [path: params.VAULT_PATH_RHR_PULL, engineVersion: 1, secretValues: [ + [envVar: 'RH_REGISTRY_USER', vaultKey: 'user'], + [envVar: 'RH_REGISTRY_TOKEN', vaultKey: 'token']]] +] + +def configuration = [vaultUrl: params.VAULT_ADDRESS, vaultCredentialId: params.VAULT_CREDS_ID, engineVersion: 1] + +pipeline { + agent { label 'rhel8' } + options { + timestamps() + } + environment { + // -------------------------------------------- + // Options that must be configured by app owner + // -------------------------------------------- + APP_NAME="kessel" // name of app-sre "application" folder this component lives in + COMPONENT_NAME="spicedb-operator" // name of app-sre "resourceTemplate" in deploy.yaml for this component + IMAGE="quay.io/cloudservices/kessel-spicedb-operator" // image location on quay + RUN_PLATSEC=true // optional step to run vulnerability checks + CICD_URL="https://raw.githubusercontent.com/RedHatInsights/cicd-tools/main" + } + stages { + stage('Build the PR commit image') { + steps { + withVault([configuration: configuration, vaultSecrets: secrets]) { + sh './build_deploy.sh' + } + + sh 'mkdir -p artifacts' + } + } + } + post { + always{ + withVault([configuration: configuration, vaultSecrets: secrets]) { + sh ''' + curl -s $CICD_URL/bootstrap.sh > .cicd_bootstrap.sh + source ./.cicd_bootstrap.sh + + source "${CICD_ROOT}/post_test_results.sh" + ''' + } + } + } +} From c73388b2dc5009b5670dc4309122c4ff4b1074c8 Mon Sep 17 00:00:00 2001 From: Rajagopalan Ranganathan Date: Wed, 22 May 2024 16:43:38 +0100 Subject: [PATCH 3/4] Update build_deploy.sh to use openshift dockerfile --- build_deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_deploy.sh b/build_deploy.sh index db237d1..916f64a 100755 --- a/build_deploy.sh +++ b/build_deploy.sh @@ -18,5 +18,5 @@ DOCKER_CONF="$PWD/.docker" mkdir -p "$DOCKER_CONF" docker --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io docker --config="$DOCKER_CONF" login -u="$RH_REGISTRY_USER" -p="$RH_REGISTRY_TOKEN" registry.redhat.io -docker --config="$DOCKER_CONF" build --build-arg GIT_COMMIT=$GIT_COMMIT --no-cache -t "${IMAGE}:${IMAGE_TAG}" . +docker --config="$DOCKER_CONF" build --build-arg GIT_COMMIT=$GIT_COMMIT --no-cache -t "${IMAGE}:${IMAGE_TAG}" . -f ./Dockerfile.openshift docker --config="$DOCKER_CONF" push "${IMAGE}:${IMAGE_TAG}" From 7ee82d825f562037802804659e25a56d8c51cb40 Mon Sep 17 00:00:00 2001 From: Rajagopalan Ranganathan Date: Wed, 22 May 2024 16:47:18 +0100 Subject: [PATCH 4/4] Delete .github/workflows/release.yaml Pushing the release image is done in build and deploy.sh as a part of app-interface (RH_Internal) CI integrations --- .github/workflows/release.yaml | 64 ---------------------------------- 1 file changed, 64 deletions(-) delete mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index 40735dd..0000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -name: "Release" -on: # yamllint disable-line rule:truthy - push: - tags: - - "*" -permissions: - contents: "write" - packages: "write" -env: - GO_VERSION: "~1.20" -jobs: - goreleaser: - runs-on: "ubuntu-latest" - env: - KUSTOMIZER_ARTIFACT: "oci://ghcr.io/${{github.repository_owner}}/${{github.event.repository.name}}-manifests" - steps: - - uses: "actions/checkout@v4" - with: - fetch-depth: 0 - - uses: "authzed/actions/setup-go@main" - with: - go-version: "${{ env.GO_VERSION }}" - - uses: "authzed/actions/docker-login@main" - with: - quayio_token: "${{ secrets.QUAYIO_PASSWORD }}" - github_token: "${{ secrets.GITHUB_TOKEN }}" - dockerhub_token: "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" - - uses: "docker/setup-qemu-action@v3" - - uses: "docker/setup-buildx-action@v3" - # the release directory is gitignored, which keeps goreleaser from - # complaining about a dirty tree - - name: "Copy manifests to release directory" - run: | - mkdir release - cp -R config release - - name: "Set operator image in release manifests" - uses: "mikefarah/yq@master" - with: - cmd: | - yq eval '.images[0].newTag="${{ github.ref_name }}"' -i ./release/config/kustomization.yaml - - name: "Build release bundle.yaml" - uses: "karancode/kustomize-github-action@master" - with: - kustomize_build_dir: "release/config" - kustomize_output_file: "release/bundle.yaml" - - uses: "goreleaser/goreleaser-action@v5" - with: - distribution: "goreleaser-pro" - version: "latest" - args: "release --rm-dist" - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}" - - name: "Setup Kustomizer CLI" - uses: "stefanprodan/kustomizer/action@main" - - name: "Push release manifests" - run: | - kustomizer push artifact ${KUSTOMIZER_ARTIFACT}:${{ github.ref_name }} -k ./release/config \ - --source=${{ github.repositoryUrl }} \ - --revision="${{ github.ref_name }}/${{ github.sha }}" - - name: "Tag latest release manifests" - run: | - kustomizer tag artifact ${KUSTOMIZER_ARTIFACT}:${GITHUB_REF_NAME} latest