[CI] Fix upload GCS job #257
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test, Publish Image & Manifest | |
on: | |
push: | |
branches: [ "main", "test-ci/*"] | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
- 'LICENSE.txt' | |
- 'PROJECT' | |
- 'hack/**' | |
tags: [ "v*" ] | |
env: | |
GO_VERSION: '1.22.x' # Require Go 1.22 minor | |
jobs: | |
golangci: | |
name: Run Linter | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout code | |
- uses: actions/setup-go@v5 | |
name: Install Go | |
with: | |
go-version: 'stable' | |
- name: Run Golang Linter | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: latest | |
args: --timeout=5m | |
unit_integration_tests: | |
name: Unit and Integration tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
check-latest: true | |
- name: Unit tests | |
run: make install-tools kubebuilder-assets just-unit-tests | |
- name: Integration tests | |
run: make integration-tests | |
- name: Notify Google Chat | |
if: failure() | |
uses: SimonScholz/google-chat-action@main | |
with: | |
webhookUrl: '${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }}' | |
jobStatus: ${{ job.status }} | |
title: Messaging Topology Operator - Unit and Integration tests | |
build_operator: | |
name: Build Operator image | |
runs-on: ubuntu-latest | |
needs: unit_integration_tests | |
permissions: | |
contents: 'write' | |
id-token: 'write' | |
outputs: | |
image_tag: ${{ steps.meta.outputs.version }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
check-latest: true | |
- name: OCI Metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: rabbitmqoperator/messaging-topology-operator | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=sha | |
type=semver,pattern={{version}} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
platforms: linux/amd64, linux/arm64 | |
provenance: false | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Build to TAR | |
id: build_tar | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
provenance: false | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
outputs: | | |
type=docker,dest=./operator.tar | |
- name: Upload Operator artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: operator_image | |
path: ./operator.tar | |
- name: Build manifest | |
env: | |
RELEASE_VERSION: ${{ steps.meta.outputs.version }} | |
run: | | |
make install-tools | |
pushd config/installation | |
kustomize edit set image \ | |
rabbitmqoperator/messaging-topology-operator-dev=rabbitmqoperator/messaging-topology-operator:"${RELEASE_VERSION}" | |
popd | |
pushd config/installation/cert-manager | |
kustomize edit set image \ | |
rabbitmqoperator/messaging-topology-operator-dev=rabbitmqoperator/messaging-topology-operator:"${RELEASE_VERSION}" | |
popd | |
make generate-manifests | |
echo -n "messaging-topology-operator-with-certmanager-${{ steps.meta.outputs.version }}.yaml" > "latest-topology-operator-dev-manifest.txt" | |
- name: Upload operator manifests | |
uses: actions/upload-artifact@v4 | |
with: | |
name: operator-manifests | |
path: releases/messaging-topology-operator*.yaml | |
retention-days: 2 | |
if-no-files-found: error | |
build_operator_single_arch_amd64: | |
name: Build single-arch AMD64 image | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
runs-on: ubuntu-latest | |
needs: unit_integration_tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: OCI Metadata for single-arch AMD64 image | |
id: single_arch_meta_amd64 | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
rabbitmqoperator/messaging-topology-operator | |
flavor: | | |
latest=false | |
tags: | | |
type=semver,pattern={{version}},suffix=-amd64,latest=false | |
- name: Build and push single-arch AMD64 image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: linux/amd64 | |
provenance: false | |
push: true | |
tags: ${{ steps.single_arch_meta_amd64.outputs.tags }} | |
labels: ${{ steps.single_arch_meta_amd64.outputs.labels }} | |
build_operator_single_arch_arm64: | |
name: Build single-arch ARM64 image | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
runs-on: ubuntu-latest | |
needs: unit_integration_tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: OCI Metadata for single-arch arm64 image | |
id: single_arch_meta_arm64 | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
rabbitmqoperator/messaging-topology-operator | |
flavor: | | |
latest=false | |
tags: | | |
type=semver,pattern={{version}},suffix=-arm64,latest=false | |
- name: Build and push single-arch arm64 image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: linux/arm64 | |
provenance: false | |
push: true | |
tags: ${{ steps.single_arch_meta_arm64.outputs.tags }} | |
labels: ${{ steps.single_arch_meta_arm64.outputs.labels }} | |
upload_gcs: | |
# TODO: nuke this after refactoring carvel CI | |
runs-on: ubuntu-latest | |
name: Upload manifests to GCS | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
needs: | |
- build_operator | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
env: | |
image_version: ${{ needs.build_operator.outputs.image_tag }} | |
steps: | |
- name: Rename manifest for GCS | |
run: mv releases/messaging-topology-operator-with-certmanager.yaml messaging-topology-operator-with-certmanager-${{ env.image_version }}.yaml | |
- id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
# using workload identity provider to authenticate with GCP | |
# workload identity provider configurations can be viewed in GCP console and gcloud cli | |
# doc: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions | |
workload_identity_provider: ${{ secrets.GCP_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_SA }} | |
- name: Upload manifests to GCS | |
uses: 'google-github-actions/upload-cloud-storage@v2' | |
with: | |
path: messaging-topology-operator-with-certmanager-${{ env.image_version }}.yaml | |
destination: operator-manifests-dev | |
process_gcloudignore: false | |
- name: Update carvel-packaging-dev pipeline trigger | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
path: latest-topology-operator-dev-manifest.txt | |
destination: operator-manifests-dev | |
process_gcloudignore: false | |
- name: Notify Google Chat | |
if: failure() | |
uses: SimonScholz/google-chat-action@main | |
with: | |
webhookUrl: '${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }}' | |
jobStatus: ${{ job.status }} | |
title: Messaging Topology Operator - Build and Push operator | |
system_tests: | |
name: Local system tests (stable k8s) | |
runs-on: ubuntu-latest | |
permissions: | |
contents: 'write' | |
id-token: 'write' | |
needs: build_operator | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
name: Install Go | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
check-latest: true | |
- name: Get operator manifest | |
uses: actions/download-artifact@v4 | |
with: | |
name: operator-manifests | |
- name: Create KinD | |
uses: helm/kind-action@v1 | |
with: | |
cluster_name: system-testing | |
node_image: ${{ env.KIND_NODE_IMAGE }} | |
- name: Download Operator manifest | |
uses: actions/download-artifact@v4 | |
# This manifest was generated by the build_operator job, and it has the image tag for this specific execution. | |
# Thanks to that, we don't have to make YAML modifications to deploy the right image. | |
with: | |
name: operator-manifests | |
path: tmp/ | |
- name: Download Operator artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: operator_image | |
path: /tmp | |
- name: Install Carvel | |
uses: carvel-dev/[email protected] | |
with: | |
only: ytt | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install Ginkgo | |
uses: ci-tasks/setup-ginkgo@main | |
- name: Install cert-manager and cluster operator | |
run: | | |
make cert-manager cmctl cluster-operator | |
./bin/cmctl check api --wait=3m | |
- name: Install operator from build | |
run: | | |
kind load image-archive /tmp/operator.tar --name system-testing | |
ytt -f tmp/messaging-topology-operator-with-certmanager.yaml -f config/ytt_overlays/never_pull.yml | kubectl apply -f- | |
kubectl --namespace=rabbitmq-system wait --for=condition=Available deployment/messaging-topology-operator | |
- name: System tests | |
run: | | |
make system-tests | |
- name: Notify Google Chat | |
# TODO: remove before PR | |
if: failure() | |
uses: SimonScholz/google-chat-action@main | |
with: | |
webhookUrl: '${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }}' | |
jobStatus: ${{ job.status }} | |
title: Messaging Topology Operator - System tests | |
release: | |
name: Release to GitHub Releases | |
runs-on: ubuntu-latest | |
# triggered by git tags, not pushes | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: system_tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get operator manifest | |
uses: actions/download-artifact@v4 | |
with: | |
name: operator-manifests | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: | | |
messaging-topology-operator.yaml | |
messaging-topology-operator-with-certmanager.yaml | |
generate_release_notes: true | |
draft: true | |
fail_on_unmatched_files: true | |
- name: Notify Google Chat | |
if: failure() | |
uses: SimonScholz/google-chat-action@main | |
with: | |
webhookUrl: '${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }}' | |
jobStatus: ${{ job.status }} | |
title: Messaging Topology Operator - Release to GitHub releases |