Skip to content

WIP

WIP #336

Workflow file for this run

name: "Release"
on:
pull_request_target:
types: [labeled]
branches:
- main
- mirror-registry-*
# Allows us to run release manually from the Actions tab
workflow_dispatch:
inputs:
version:
description: 'Version to release'
required: true
commit:
description: 'Commit to release'
required: true
concurrency:
group: limit-to-one
jobs:
build-install-zip:
name: "Build Installer"
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') || github.event.inputs.version
strategy:
matrix:
installer-type: ["online", "offline"]
steps:
# Checkout source branch for testing
- name: Checkout PR
uses: actions/checkout@v3
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
with:
ref: ${{ github.event.pull_request.head.sha }}
# Checkout target branch for release build
- name: Checkout
uses: actions/checkout@v3
if: github.event.inputs.version
- name: Set up Go 1.x
uses: actions/setup-go@v4
with:
go-version: ^1.13
id: go
- name: Get dependencies
run: |
go get -v -t -d ./...
if [ -f Gopkg.toml ]; then
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
dep ensure
fi
- name: Log into docker for registry.redhat.io
uses: docker/login-action@v2
with:
registry: registry.redhat.io
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Install ansible builder
run: sudo pip install ansible-builder
- name: Build tarfile
run: CLIENT=docker make build-${{ matrix.installer-type }}-zip
- name: Upload tarfile
uses: actions/upload-artifact@v3
with:
name: mirror-registry-${{ matrix.installer-type }}-installer
path: mirror-registry.tar.gz
retention-days: 1
test-remote-install:
name: "Remote Install"
needs: ["build-install-zip"]
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') # Skip on release
strategy:
fail-fast: false
matrix:
installer-type: ["online", "offline"]
env:
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
TF_VAR_SSH_PUBLIC_KEY: ${{ secrets.TF_VAR_SSH_PUBLIC_KEY }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install oc
uses: redhat-actions/oc-installer@v1
with:
oc_version: "4.6"
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
# terraform_version: 0.13.0:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Install SSH Key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}
- name: Write SSH Key id_rsa
run: |
echo "$SSH_KEY" > /home/runner/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
env:
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}
- name: Write SSH Key staging.key
run: |
mkdir -p ~/.ssh/
echo "$SSH_KEY" > ~/.ssh/staging.key
chmod 600 ~/.ssh/staging.key
cat >>~/.ssh/config <<END
Host quay
HostName quay
User jonathan
IdentityFile ~/.ssh/staging.key
StrictHostKeyChecking no
END
env:
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}
- name: Initialize VM
uses: ./.github/actions/setup-terraform
with:
terraform-context: ".github/workflows/remote-${{ matrix.installer-type }}-installer"
- name: Wait for VM
uses: jakejarvis/wait-action@master
with:
time: "60s"
- name: Download tarfile
uses: actions/download-artifact@v3
with:
name: mirror-registry-${{ matrix.installer-type }}-installer
- name: Extract tarfile
run: tar -xf mirror-registry.tar.gz
- name: Add quay to /etc/hosts
run: ssh jonathan@quay 'echo "127.0.0.1 quay" | sudo tee -a /etc/hosts'
- name: Install podman
run: ssh jonathan@quay 'sudo subscription-manager refresh; sudo yum -y install podman'
- name: Log into podman for registry.redhat.io
run: ssh jonathan@quay "podman login -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} registry.redhat.io"
if: matrix.installer-type == 'online'
- name: Install Registry
run: ./mirror-registry install -u jonathan -r /home/jonathan/quay-install -H quay -v --initPassword password -k /home/runner/.ssh/id_rsa
- name: Mirror Images
uses: ./.github/actions/mirror
with:
quay-hostname: "quay:8443"
pull-secret: ${{ secrets.PULL_SECRET }}
- name: Upgrade Registry
run: ./mirror-registry upgrade -u jonathan -r /home/jonathan/quay-install -H quay -v --initPassword password -k /home/runner/.ssh/id_rsa
- name: Uninstall Registry
run: ./mirror-registry uninstall -u jonathan -H quay --autoApprove -v -k /home/runner/.ssh/id_rsa
- name: Terraform Destroy
run: terraform destroy --auto-approve
shell: bash
working-directory: ".github/workflows/remote-${{ matrix.installer-type }}-installer"
if: always()
test-local-install:
name: "Local Install"
needs: ["build-install-zip"]
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') # Skip on release
strategy:
fail-fast: false
matrix:
installer-type: ["online", "offline"]
env:
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
TF_VAR_SSH_PUBLIC_KEY: ${{ secrets.TF_VAR_SSH_PUBLIC_KEY }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install oc
uses: redhat-actions/oc-installer@v1
with:
oc_version: "4.6"
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
# terraform_version: 0.13.0:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Install SSH Key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}
- name: Write SSH Key id_rsa
run: |
echo "$SSH_KEY" > /home/runner/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
env:
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}
- name: Write SSH Key staging.key
run: |
mkdir -p ~/.ssh/
echo "$SSH_KEY" > ~/.ssh/staging.key
chmod 600 ~/.ssh/staging.key
cat >>~/.ssh/config <<END
Host quay
HostName quay
User jonathan
IdentityFile ~/.ssh/staging.key
StrictHostKeyChecking no
END
env:
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}
- name: Initialize VM
uses: ./.github/actions/setup-terraform
with:
terraform-context: ".github/workflows/local-${{ matrix.installer-type }}-installer"
- name: Wait for VM
uses: jakejarvis/wait-action@master
with:
time: "60s"
- name: Download tarfile
uses: actions/download-artifact@v3
with:
name: mirror-registry-${{ matrix.installer-type }}-installer
- name: SCP tarball to VM
run: scp mirror-registry.tar.gz jonathan@quay:~/mirror-registry.tar.gz
- name: Add quay to /etc/hosts
run: ssh jonathan@quay 'echo "127.0.0.1 quay" | sudo tee -a /etc/hosts'
- name: Install podman
run: ssh jonathan@quay 'sudo subscription-manager refresh; sudo yum -y install podman'
- name: Log into podman for registry.redhat.io
run: ssh jonathan@quay "podman login -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} registry.redhat.io"
if: matrix.installer-type == 'online'
- name: Disable outbound network traffic
run: ssh jonathan@quay 'sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT; sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=22 -j ACCEPT; sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=8443 -j ACCEPT; sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -j DROP'
if: matrix.installer-type == 'offline'
- name: Install Registry
run: ssh jonathan@quay 'tar -xf mirror-registry.tar.gz; ./mirror-registry install -v --quayHostname quay:8443 --initPassword password'
- name: Mirror Images
uses: ./.github/actions/mirror
with:
quay-hostname: "quay:8443"
pull-secret: ${{ secrets.PULL_SECRET }}
- name: Upgrade Quay
run: ssh jonathan@quay './mirror-registry upgrade -v'
- name: Uninstall Quay
run: ssh jonathan@quay './mirror-registry uninstall --autoApprove -v'
- name: Terraform Destroy
run: terraform destroy --auto-approve
shell: bash
working-directory: ".github/workflows/local-${{ matrix.installer-type }}-installer"
if: always()
publish-release:
name: "Publish Release"
needs: ["build-install-zip"]
runs-on: ubuntu-latest
if: github.event.inputs.version && github.event.inputs.commit
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Download offline tarfile
uses: actions/download-artifact@v3
with:
name: mirror-registry-offline-installer
- name: Rename offline tarfile
run: mv mirror-registry.tar.gz mirror-registry-offline.tar.gz
- name: Download online tarfile
uses: actions/download-artifact@v3
with:
name: mirror-registry-online-installer
- name: Rename online tarfile
run: mv mirror-registry.tar.gz mirror-registry-online.tar.gz
- uses: ncipollo/release-action@v1
with:
artifacts: "*.tar.gz,README.md"
allowUpdates: true
prerelease: true
commit: ${{ github.event.inputs.commit }}
name: ${{ github.event.inputs.version }}
tag: ${{ github.event.inputs.version }}
token: ${{ secrets.GITHUB_TOKEN }}