Merge branch 'master' into mng-att-prov-choices #10960
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build CLI | |
on: | |
workflow_dispatch: | |
repository_dispatch: | |
push: | |
branches: [ "**" ] | |
tags-ignore: [ "**" ] | |
release: | |
types: [ published ] | |
# Ensure only one build at a time for any branch, cancelling any in-progress builds | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
# References: | |
# - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows | |
# - https://docs.github.com/en/actions/learn-github-actions/expressions#functions | |
jobs: | |
build-tekton: | |
name: Build Tekton Definitions | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Without this option, we don't get the tag information | |
with: | |
fetch-depth: 0 | |
- name: Initialise the build system | |
run: | | |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
$GITHUB_WORKSPACE/build/bin/initbuild.sh | |
source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
# 2. Tekton | |
# ------------------------------------------------------------------------------------------- | |
- name: Build the Tekton definitions | |
run: $GITHUB_WORKSPACE/build/bin/build-tekton.sh | |
- name: Upload the Tekton definitions | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/tekton/target/ibm-mas-tekton.yaml | |
retention-days: 30 | |
- name: Upload the Tekton definitions (FVT) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ibm-mas-tekton-fvt.yaml | |
path: ${{ github.workspace }}/tekton/target/ibm-mas-tekton-fvt.yaml | |
retention-days: 30 | |
- name: Upload definition to Artifactory | |
env: | |
ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }} | |
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }} | |
run: | | |
$GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton.yaml | |
$GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton-fvt.yaml | |
build-python: | |
name: Build Python Package | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: build-tekton | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# Without this option, we don't get the tag information | |
with: | |
fetch-depth: 0 | |
- name: Initialise the build system | |
id: init | |
run: | | |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
$GITHUB_WORKSPACE/build/bin/initbuild.sh | |
source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
# 2. Build Python Package | |
# ------------------------------------------------------------------------------------------- | |
- name: Download tekton definitions | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/python/src/mas/cli/templates/ | |
- name: Install | |
id: install | |
run: | | |
cd $GITHUB_WORKSPACE/python | |
sed -i "s#__version__ = \"100.0.0\"#__version__ = \"${{ env.VERSION_NOPREREL }}\"#g" ${GITHUB_WORKSPACE}/python/src/mas/cli/__init__.py | |
sed -i "s#self.version = \"100.0.0-pre.local\"#self.version = \"${{ env.VERSION }}\"#g" ${GITHUB_WORKSPACE}/python/src/mas/cli/cli.py | |
cat ${GITHUB_WORKSPACE}/python/src/mas/cli/__init__.py | |
python -m pip install --upgrade pip | |
pip install .[dev] | |
if [[ -e $GITHUB_WORKSPACE/image/cli/install/mas_devops.tar.gz ]]; then | |
echo "Found local Python package ($GITHUB_WORKSPACE/image/cli/install/mas_devops.tar.gz) in this PR." | |
python -m pip install $GITHUB_WORKSPACE/image/cli/install/mas_devops.tar.gz | |
fi | |
- name: Lint | |
id: lint | |
run: | | |
cd $GITHUB_WORKSPACE/python | |
flake8 src --count --select=E9,F63,F7,F82 --show-source --statistics | |
flake8 src --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics | |
- name: Test | |
id: test | |
run: | | |
cd $GITHUB_WORKSPACE/python | |
pytest | |
- name: Build | |
id: build | |
run: | | |
cd $GITHUB_WORKSPACE/python | |
python -m build | |
cp $GITHUB_WORKSPACE/python/dist/mas_cli-${{ env.VERSION_NOPREREL }}.tar.gz $GITHUB_WORKSPACE/mas_cli.tar.gz | |
# 3. Upload and Publish | |
# ------------------------------------------------------------------------------------------- | |
- name: Upload | |
id: upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/mas_cli.tar.gz | |
retention-days: 30 | |
- name: Publish package | |
id: publish | |
if: github.event_name == 'release' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
packages-dir: python/dist | |
build-arm64-container: | |
name: Build Container Image (arm64) | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: | |
- build-tekton | |
- build-python | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# Without this option, we don't get the tag information | |
with: | |
fetch-depth: 0 | |
- name: Initialise the build system | |
id: init | |
run: | | |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
$GITHUB_WORKSPACE/build/bin/initbuild.sh | |
source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
# 2. Download Ansible collection from Artifactory | |
# ------------------------------------------------------------------------------------------- | |
- name: Download Ansible collection from Artifactory | |
id: download-ansible | |
if: contains(fromJson('["push", "workflow_dispatch", "repository_dispatch"]'), github.event_name) | |
env: | |
ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }} | |
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }} | |
run: | | |
if [[ -e $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz ]]; then | |
echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz! Skip download from Artifactory..." | |
else | |
echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz" | |
wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz | |
fi | |
# 3. Download Built Artifacts | |
# ------------------------------------------------------------------------------------------- | |
- name: Download the tekton file built in the other job | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/image/cli/mascli/templates/ | |
- name: Download the python package | |
id: download-python | |
uses: actions/download-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/image/cli/install/ | |
# 4. CLI Container Images | |
# ------------------------------------------------------------------------------------------- | |
- name: Build the container image | |
id: docker-build | |
run: | | |
echo "GITHUB_REF=$GITHUB_REF" | |
echo "GITHUB_EVENT_NAME=$GITHUB_EVENT_NAME" | |
# Login to quay.io | |
docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io | |
# Build the images | |
$GITHUB_WORKSPACE/build/bin/docker-build.sh -r quay.io/ibmmas/cli --target-platform arm64 -b image/cli | |
# List available images | |
docker images | |
# Push the images | |
docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-arm64 | |
build-amd64-container: | |
name: Build Container Image (amd64) | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: | |
- build-tekton | |
- build-python | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# Without this option, we don't get the tag information | |
with: | |
fetch-depth: 0 | |
- name: Initialise the build system | |
id: init | |
run: | | |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
$GITHUB_WORKSPACE/build/bin/initbuild.sh | |
source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
# 2. Download Ansible collection from Artifactory | |
# ------------------------------------------------------------------------------------------- | |
- name: Download Ansible collection from Artifactory | |
id: download-ansible | |
if: contains(fromJson('["push", "workflow_dispatch", "repository_dispatch"]'), github.event_name) | |
env: | |
ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }} | |
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }} | |
run: | | |
if [[ -e $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz ]]; then | |
echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz! Skip download from Artifactory..." | |
else | |
echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz" | |
wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz | |
fi | |
# 3. Download Built Artifacts | |
# ------------------------------------------------------------------------------------------- | |
- name: Download the tekton file built in the other job | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/image/cli/mascli/templates/ | |
- name: Download the python package | |
id: download-python | |
uses: actions/download-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/image/cli/install/ | |
# 4. CLI Container Images | |
# ------------------------------------------------------------------------------------------- | |
- name: Build the container image | |
id: docker-build | |
run: | | |
echo "GITHUB_REF=$GITHUB_REF" | |
echo "GITHUB_EVENT_NAME=$GITHUB_EVENT_NAME" | |
# Login to quay.io | |
docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io | |
# Build the images | |
$GITHUB_WORKSPACE/build/bin/docker-build.sh -r quay.io/ibmmas/cli --target-platform amd64 -b image/cli | |
# List available images | |
docker images | |
# Push the images | |
docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-amd64 | |
build-s390x-container: | |
name: Build Container Image (s390x) | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: | |
- build-tekton | |
- build-python | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# Without this option, we don't get the tag information | |
with: | |
fetch-depth: 0 | |
- name: Initialise the build system | |
id: init | |
run: | | |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
$GITHUB_WORKSPACE/build/bin/initbuild.sh | |
source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
# 2. Download Ansible collection from Artifactory | |
# ------------------------------------------------------------------------------------------- | |
- name: Download Ansible collection from Artifactory | |
id: download-ansible | |
if: contains(fromJson('["push", "workflow_dispatch", "repository_dispatch"]'), github.event_name) | |
env: | |
ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }} | |
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }} | |
run: | | |
if [[ -e $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz ]]; then | |
echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz! Skip download from Artifactory..." | |
else | |
echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz" | |
wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz | |
fi | |
# 3. Download Built Artifacts | |
# ------------------------------------------------------------------------------------------- | |
- name: Download the tekton file built in the other job | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/image/cli/mascli/templates/ | |
- name: Download the python package | |
id: download-python | |
uses: actions/download-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/image/cli/install/ | |
# 4. CLI Container Images | |
# ------------------------------------------------------------------------------------------- | |
- name: Build the container image | |
id: docker-build | |
run: | | |
echo "GITHUB_REF=$GITHUB_REF" | |
echo "GITHUB_EVENT_NAME=$GITHUB_EVENT_NAME" | |
# Login to quay.io | |
docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io | |
# Build the images | |
$GITHUB_WORKSPACE/build/bin/docker-build.sh -r quay.io/ibmmas/cli --target-platform s390x -b image/cli | |
# List available images | |
docker images | |
# Push the images | |
docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-s390x | |
build-manifest: | |
name: Build Manifest | |
runs-on: ubuntu-latest | |
needs: | |
- build-amd64-container | |
- build-s390x-container | |
- build-arm64-container | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Without this option, we don't get the tag information | |
with: | |
fetch-depth: 0 | |
- name: Initialise the build system | |
run: | | |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
$GITHUB_WORKSPACE/build/bin/initbuild.sh | |
source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
- name: Publish the manifest | |
run: | | |
echo "GITHUB_REF=$GITHUB_REF" | |
echo "GITHUB_EVENT_NAME=$GITHUB_EVENT_NAME" | |
# Login to quay.io | |
docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io | |
# Publish the manifest | |
$GITHUB_WORKSPACE/build/bin/docker-manifest.sh -r quay.io/ibmmas/cli --target-platforms amd64,s390x,arm64 | |
# Re-issue the manifest under an alias where needed | |
# https://github.com/docker/buildx/issues/1744#issuecomment-1896645786 | |
if [[ "$GITHUB_REF" == "refs/heads/master" ]]; then | |
docker buildx imagetools create -t quay.io/ibmmas/cli:master quay.io/ibmmas/cli:${{ env.DOCKER_TAG }} | |
elif [[ "$GITHUB_EVENT_NAME" == "release" ]]; then | |
docker buildx imagetools create -t quay.io/ibmmas/cli:latest quay.io/ibmmas/cli:${{ env.DOCKER_TAG }} | |
fi | |
pyinstaller-windows: | |
name: Build Windows CLI | |
runs-on: windows-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: | |
- build-tekton | |
- build-python | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# 2. Run PyInstaller | |
# ------------------------------------------------------------------------------------------- | |
- name: Download the tekton file | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/python/src/mas/cli/templates/ | |
- name: Download the python package | |
id: download-python | |
uses: actions/download-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/ | |
- name: Build the Windows executable | |
id: build | |
run: | | |
python -m pip install --upgrade pip virtualenv | |
python -m venv .venv | |
.\.venv\Scripts\activate | |
python -m pip install "./mas_cli.tar.gz[dev]" | |
python -m pip list | |
pyinstaller --distpath python/dist --onefile --noconfirm --collect-data mas.devops --collect-data mas.cli python/src/mas-cli | |
# 3. Upload and Publish | |
# ------------------------------------------------------------------------------------------- | |
- name: Upload mas-cli | |
id: upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mas-cli-windows-amd64 | |
path: ${{ github.workspace }}/python/dist/mas-cli.exe | |
retention-days: 30 | |
- name: Publish the new cli | |
id: publish | |
if: github.event_name == 'release' | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ${{ github.workspace }}/python/dist/mas-cli.exe | |
asset_name: mas-cli-windows-amd64.exe | |
tag: ${{ github.ref }} | |
overwrite: true | |
pyinstaller-linux: | |
name: Build Linux CLI | |
# We intentionally run on the oldest available Ubuntu runner, as this will result in a binary | |
# usable on older and newer versions of linux. | |
runs-on: ubuntu-20.04 | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: | |
- build-tekton | |
- build-python | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# 2. Run PyInstaller | |
# ------------------------------------------------------------------------------------------- | |
- name: Download the tekton file | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/python/src/mas/cli/templates/ | |
- name: Download the python package | |
id: download-python | |
uses: actions/download-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/ | |
- name: Build the Linux executable | |
id: build | |
run: | | |
python -m pip install --upgrade pip virtualenv | |
python -m venv .venv | |
source .venv/bin/activate | |
python -m pip install ./mas_cli.tar.gz[dev] | |
python -m pip list | |
pyinstaller --distpath python/dist --onefile --noconfirm --collect-data mas.devops --collect-data mas.cli python/src/mas-cli | |
# 3. Upload and Publish | |
# ------------------------------------------------------------------------------------------- | |
- name: Upload mas-cli | |
id: upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mas-cli-linux-amd64 | |
path: ${{ github.workspace }}/python/dist/mas-cli | |
retention-days: 30 | |
- name: Publish the new cli | |
id: publish | |
if: github.event_name == 'release' | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ${{ github.workspace }}/python/dist/mas-cli | |
asset_name: mas-cli-linux-amd64 | |
tag: ${{ github.ref }} | |
overwrite: true | |
pyinstaller-macos: | |
name: Build MacOS CLI | |
runs-on: macos-latest | |
if: ${{ !contains(github.event.head_commit.message, '[doc]') }} | |
needs: | |
- build-tekton | |
- build-python | |
steps: | |
# 1. Initialize the build | |
# ------------------------------------------------------------------------------------------- | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
# 2. Run PyInstaller | |
# ------------------------------------------------------------------------------------------- | |
- name: Download the tekton file | |
id: download-tekton | |
uses: actions/download-artifact@v4 | |
with: | |
name: ibm-mas-tekton.yaml | |
path: ${{ github.workspace }}/python/src/mas/cli/templates/ | |
- name: Download the python package | |
id: download-python | |
uses: actions/download-artifact@v4 | |
with: | |
name: mas_cli.tar.gz | |
path: ${{ github.workspace }}/ | |
- name: Build the Linux executable | |
id: build | |
run: | | |
python -m pip install --upgrade pip virtualenv | |
python -m venv .venv | |
source .venv/bin/activate | |
python -m pip install ./mas_cli.tar.gz[dev] | |
python -m pip list | |
pyinstaller --distpath python/dist --onefile --noconfirm --collect-data mas.devops --collect-data mas.cli python/src/mas-cli | |
# 3. Upload and Publish | |
# ------------------------------------------------------------------------------------------- | |
- name: Upload mas-cli | |
id: upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mas-cli-macos-arm64 | |
path: ${{ github.workspace }}/python/dist/mas-cli | |
retention-days: 30 | |
- name: Publish the new cli | |
id: publish | |
if: github.event_name == 'release' | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ${{ github.workspace }}/python/dist/mas-cli | |
asset_name: mas-cli-macos-arm64 | |
tag: ${{ github.ref }} | |
overwrite: true |