ROX-27209: Add kubernetes.io/dockerconfigjson secret type to quay ima… #8135
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- stage | |
pull_request: | |
types: [opened, synchronize, reopened, ready_for_review] | |
paths-ignore: | |
- '*.md' | |
- '*.sh' | |
- '.github/*.md' | |
- '.github/workflows/openapi_update.yaml' | |
- '.github/CODEOWNERS' | |
- 'templates/**' | |
- '.openapi-generator-ignore' | |
- 'openapi/**' | |
- 'docs/**' | |
- 'pkg/api/openapi/docs/**' | |
- 'pkg/api/openapi/.openapi-generator-ignore' | |
jobs: | |
# This runs all pre-commit hooks defined within .pre-commit-config.yaml. | |
pre-commit: | |
name: "Run pre-commit hooks" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
- uses: pre-commit/[email protected] | |
- uses: pre-commit/[email protected] | |
name: Verify generated files are up-to-date | |
with: | |
extra_args: --hook-stage=manual --all-files | |
verify-test: | |
name: "Verify & Test" | |
runs-on: ubuntu-latest | |
env: | |
OCM_ENV: integration | |
# Dummy SSO variables | |
SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }} | |
SSO_CLIENT_SECRET: ${{ secrets.SSO_CLIENT_SECRET }} | |
OSD_IDP_SSO_CLIENT_ID: ${{ secrets.OSD_IDP_SSO_CLIENT_ID }} | |
OSD_IDP_SSO_CLIENT_SECRET: ${{ secrets.OSD_IDP_SSO_CLIENT_SECRET }} | |
# Dummy AWS credentials | |
AWS_ACCOUNT_ID: aws_accountid | |
AWS_ACCESS_KEY: aws_accesskey | |
AWS_SECRET_ACCESS_KEY: aws_secretaccesskey # pragma: allowlist secret - dummy value | |
ROUTE53_ACCESS_KEY: aws_route53_access_key # pragma: allowlist secret - dummy value | |
ROUTE53_SECRET_ACCESS_KEY: aws_route53_secret_access_key # pragma: allowlist secret - dummy value | |
# Dummy Central TLS env variables | |
CENTRAL_TLS_CERT: central_tls_cert # pragma: allowlist secret - dummy value | |
CENTRAL_TLS_KEY: central_tls_key # pragma: allowlist secret - dummy value | |
TEST_TIMEOUT: 30m | |
services: | |
postgres: | |
image: postgres:11 | |
env: | |
POSTGRES_PASSWORD: foobar-bizz-buzz # pragma: allowlist secret - dummy value | |
POSTGRES_USER: fleet_manager | |
POSTGRES_DB: serviceapitests | |
ports: | |
- 5432:5432 | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Cancel Previous Runs | |
uses: n1hility/cancel-previous-runs@v3 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
- name: Cache go module | |
uses: actions/cache@v4 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Go mod tidy | |
run: | | |
go mod tidy | |
- name: Clean and generate files | |
run: | | |
make clean/go-generated && make generate | |
- name: Test that there were no changes | |
run: | | |
git diff --exit-code | |
- name: Setup tests secrets | |
run: | | |
make ocm/setup aws/setup redhatsso/setup centralcert/setup secrets/touch | |
- name: Run Migration Script | |
run: make db/migrate | |
- name: Verify & Test | |
run: | | |
GOPATH=$(go env GOPATH) | |
export GOPATH | |
export PATH=${PATH}:$GOPATH/bin | |
make verify binary test test/integration | |
timeout-minutes: 14 | |
build-push-images: | |
name: "Build and push fleet* images to quay.io" | |
runs-on: ubuntu-latest | |
needs: [pre-commit, verify-test] | |
# Skip for external contributions. | |
if: | | |
github.event_name == 'push' || !github.event.pull_request.head.repo.fork | |
steps: | |
- name: Login to Quay.io | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_RHACS_ENG_FM_RW_USERNAME }} | |
password: ${{ secrets.QUAY_RHACS_ENG_FM_RW_PASSWORD }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Critical for correct image detection in Makefile | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
- name: Build and push fleet-manager-tools image to quay.io | |
if: github.event_name == 'push' | |
env: | |
TAG: ${{ github.ref_name }} | |
run: make image/push/fleet-manager-tools | |
- name: Build and push fleetshard-operator image to quay.io | |
run: make image/push/fleetshard-operator |