Skip to content

Add rpms-signature-scan to the konflux builds #8016

Add rpms-signature-scan to the konflux builds

Add rpms-signature-scan to the konflux builds #8016

Workflow file for this run

name: CI
on:
push:
branches:
- main
- stage
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths-ignore:
- '*.md'
- '*.sh'
- '.github/*.md'
- '.github/workflows/openapi_update.yaml'
- '.github/CODEOWNERS'
- 'templates/**'
- '.openapi-generator-ignore'
- 'openapi/**'
- 'docs/**'
- 'pkg/api/openapi/docs/**'
- 'pkg/api/openapi/.openapi-generator-ignore'
jobs:
# This runs all pre-commit hooks defined within .pre-commit-config.yaml.
pre-commit:
name: "Run pre-commit hooks"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- uses: actions/setup-go@v5
with:
go-version: "1.21"
- uses: pre-commit/[email protected]
- uses: pre-commit/[email protected]
name: Verify generated files are up-to-date
with:
extra_args: --hook-stage=manual --all-files
verify-test:
name: "Verify & Test"
runs-on: ubuntu-latest
env:
OCM_ENV: integration
# Dummy SSO variables
SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}
SSO_CLIENT_SECRET: ${{ secrets.SSO_CLIENT_SECRET }}
OSD_IDP_SSO_CLIENT_ID: ${{ secrets.OSD_IDP_SSO_CLIENT_ID }}
OSD_IDP_SSO_CLIENT_SECRET: ${{ secrets.OSD_IDP_SSO_CLIENT_SECRET }}
# Dummy AWS credentials
AWS_ACCOUNT_ID: aws_accountid
AWS_ACCESS_KEY: aws_accesskey
AWS_SECRET_ACCESS_KEY: aws_secretaccesskey # pragma: allowlist secret - dummy value
ROUTE53_ACCESS_KEY: aws_route53_access_key # pragma: allowlist secret - dummy value
ROUTE53_SECRET_ACCESS_KEY: aws_route53_secret_access_key # pragma: allowlist secret - dummy value
# Dummy Central TLS env variables
CENTRAL_TLS_CERT: central_tls_cert # pragma: allowlist secret - dummy value
CENTRAL_TLS_KEY: central_tls_key # pragma: allowlist secret - dummy value
TEST_TIMEOUT: 30m
services:
postgres:
image: postgres:11
env:
POSTGRES_PASSWORD: foobar-bizz-buzz # pragma: allowlist secret - dummy value
POSTGRES_USER: fleet_manager
POSTGRES_DB: serviceapitests
ports:
- 5432:5432
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Cancel Previous Runs
uses: n1hility/cancel-previous-runs@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Go 1.21
uses: actions/setup-go@v5
with:
go-version: "1.21"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Cache go module
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Go mod tidy
run: |
go mod tidy
- name: Clean and generate files
run: |
make clean/go-generated && make generate
- name: Test that there were no changes
run: |
git diff --exit-code
- name: Setup tests secrets
run: |
make ocm/setup aws/setup redhatsso/setup centralcert/setup observatorium/setup secrets/touch
- name: Run Migration Script
run: make db/migrate
- name: Verify & Test
run: |
GOPATH=$(go env GOPATH)
export GOPATH
export PATH=${PATH}:$GOPATH/bin
make verify binary test test/integration
timeout-minutes: 14
build-push-images:
name: "Build and push fleet* images to quay.io"
runs-on: ubuntu-latest
needs: [pre-commit, verify-test]
# Skip for external contributions.
if: |
github.event_name == 'push' || !github.event.pull_request.head.repo.fork
steps:
- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_RHACS_ENG_FM_RW_USERNAME }}
password: ${{ secrets.QUAY_RHACS_ENG_FM_RW_PASSWORD }}
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Critical for correct image detection in Makefile
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up Go 1.21
uses: actions/setup-go@v5
with:
go-version: "1.21"
- name: Build and push fleet-manager-tools image to quay.io
if: github.event_name == 'push'
env:
TAG: ${{ github.ref_name }}
run: make image/push/fleet-manager-tools
- name: Build and push fleetshard-operator image to quay.io
run: make image/push/fleetshard-operator