chore: update ansible-automation-platform images #404
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Release" | |
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
pull_request_target: | |
types: [labeled] | |
branches: | |
- main | |
- mirror-registry-* | |
# Allows us to run release manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version to release (tag name)' | |
required: true | |
concurrency: | |
group: limit-to-one | |
jobs: | |
build-install-zip: | |
name: "Build Installer" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'ok-to-test') || github.event.inputs.version | |
strategy: | |
matrix: | |
installer-type: ["online", "offline"] | |
steps: | |
# Checkout source branch for testing | |
- name: Checkout PR | |
uses: actions/checkout@v4 | |
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
# Checkout target branch for release build | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: refs/tags/${{ github.event.inputs.version }} | |
if: github.event.inputs.version | |
- name: Set version from tag/branch | |
run: | | |
echo "RELEASE_VERSION=$GITHUB_REF_NAME" >>"$GITHUB_ENV" | |
if: github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'ok-to-test') | |
- name: Set version from input | |
run: | | |
echo "RELEASE_VERSION=${{ github.event.inputs.version }}" >>"$GITHUB_ENV" | |
if: github.event.inputs.version | |
- name: Set up Go 1.x | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ^1.13 | |
id: go | |
- name: Get dependencies | |
run: | | |
go get -v -t -d ./... | |
if [ -f Gopkg.toml ]; then | |
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh | |
dep ensure | |
fi | |
- name: Log into docker for registry.redhat.io | |
uses: docker/login-action@v2 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Install ansible builder | |
run: sudo pip install ansible-builder | |
- name: Build tarfile | |
run: CLIENT=docker make build-${{ matrix.installer-type }}-zip | |
- name: Upload tarfile | |
uses: actions/upload-artifact@v3 | |
with: | |
name: mirror-registry-${{ matrix.installer-type }}-installer | |
path: mirror-registry.tar.gz | |
retention-days: 1 | |
test-remote-install: | |
name: "Remote Install" | |
needs: ["build-install-zip"] | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') # Skip on release | |
strategy: | |
fail-fast: false | |
matrix: | |
installer-type: ["online", "offline"] | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
TF_VAR_SSH_PUBLIC_KEY: ${{ secrets.TF_VAR_SSH_PUBLIC_KEY }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install oc | |
uses: redhat-actions/oc-installer@v1 | |
with: | |
oc_version: "4.6" | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
# terraform_version: 0.13.0: | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
terraform_wrapper: false | |
- name: Install SSH Key | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
- name: Write SSH Key id_rsa | |
run: | | |
echo "$SSH_KEY" > /home/runner/.ssh/id_rsa | |
chmod 600 ~/.ssh/id_rsa | |
env: | |
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
- name: Write SSH Key staging.key | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_KEY" > ~/.ssh/staging.key | |
chmod 600 ~/.ssh/staging.key | |
cat >>~/.ssh/config <<END | |
Host quay | |
HostName quay | |
User jonathan | |
IdentityFile ~/.ssh/staging.key | |
StrictHostKeyChecking no | |
END | |
env: | |
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
- name: Initialize VM | |
uses: ./.github/actions/setup-terraform | |
with: | |
terraform-context: ".github/workflows/remote-${{ matrix.installer-type }}-installer" | |
- name: Wait for VM | |
uses: jakejarvis/wait-action@master | |
with: | |
time: "60s" | |
- name: Download tarfile | |
uses: actions/download-artifact@v3 | |
with: | |
name: mirror-registry-${{ matrix.installer-type }}-installer | |
- name: Extract tarfile | |
run: tar -xf mirror-registry.tar.gz | |
- name: Add quay to /etc/hosts | |
run: ssh jonathan@quay 'echo "127.0.0.1 quay" | sudo tee -a /etc/hosts' | |
- name: Install podman | |
run: ssh jonathan@quay 'sudo subscription-manager refresh; sudo yum -y install podman' | |
- name: Log into podman for registry.redhat.io | |
run: ssh jonathan@quay "podman login -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} registry.redhat.io" | |
if: matrix.installer-type == 'online' | |
- name: Install Registry | |
run: ./mirror-registry install -u jonathan -r /home/jonathan/quay-install -H quay -v --initPassword password -k /home/runner/.ssh/id_rsa | |
- name: Mirror Images | |
uses: ./.github/actions/mirror | |
with: | |
quay-hostname: "quay:8443" | |
pull-secret: ${{ secrets.PULL_SECRET }} | |
- name: Upgrade Registry | |
run: ./mirror-registry upgrade -u jonathan -r /home/jonathan/quay-install -H quay -v --initPassword password -k /home/runner/.ssh/id_rsa | |
- name: Uninstall Registry | |
run: ./mirror-registry uninstall -u jonathan -H quay --autoApprove -v -k /home/runner/.ssh/id_rsa | |
- name: Terraform Destroy | |
run: terraform destroy --auto-approve | |
shell: bash | |
working-directory: ".github/workflows/remote-${{ matrix.installer-type }}-installer" | |
if: always() | |
test-local-install: | |
name: "Local Install" | |
needs: ["build-install-zip"] | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') # Skip on release | |
strategy: | |
fail-fast: false | |
matrix: | |
installer-type: ["online", "offline"] | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
TF_VAR_SSH_PUBLIC_KEY: ${{ secrets.TF_VAR_SSH_PUBLIC_KEY }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install oc | |
uses: redhat-actions/oc-installer@v1 | |
with: | |
oc_version: "4.6" | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
# terraform_version: 0.13.0: | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
terraform_wrapper: false | |
- name: Install SSH Key | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
- name: Write SSH Key id_rsa | |
run: | | |
echo "$SSH_KEY" > /home/runner/.ssh/id_rsa | |
chmod 600 ~/.ssh/id_rsa | |
env: | |
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
- name: Write SSH Key staging.key | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_KEY" > ~/.ssh/staging.key | |
chmod 600 ~/.ssh/staging.key | |
cat >>~/.ssh/config <<END | |
Host quay | |
HostName quay | |
User jonathan | |
IdentityFile ~/.ssh/staging.key | |
StrictHostKeyChecking no | |
END | |
env: | |
SSH_KEY: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
- name: Initialize VM | |
uses: ./.github/actions/setup-terraform | |
with: | |
terraform-context: ".github/workflows/local-${{ matrix.installer-type }}-installer" | |
- name: Wait for VM | |
uses: jakejarvis/wait-action@master | |
with: | |
time: "60s" | |
- name: Download tarfile | |
uses: actions/download-artifact@v3 | |
with: | |
name: mirror-registry-${{ matrix.installer-type }}-installer | |
- name: SCP tarball to VM | |
run: scp mirror-registry.tar.gz jonathan@quay:~/mirror-registry.tar.gz | |
- name: Add quay to /etc/hosts | |
run: ssh jonathan@quay 'echo "127.0.0.1 quay" | sudo tee -a /etc/hosts' | |
- name: Install podman | |
run: ssh jonathan@quay 'sudo subscription-manager refresh; sudo yum -y install podman' | |
- name: Log into podman for registry.redhat.io | |
run: ssh jonathan@quay "podman login -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} registry.redhat.io" | |
if: matrix.installer-type == 'online' | |
- name: Disable outbound network traffic | |
run: ssh jonathan@quay 'sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT; sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=22 -j ACCEPT; sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=8443 -j ACCEPT; sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -j DROP' | |
if: matrix.installer-type == 'offline' | |
- name: Install Registry | |
run: ssh jonathan@quay 'tar -xf mirror-registry.tar.gz; ./mirror-registry install -v --quayHostname quay:8443 --initPassword password' | |
- name: Mirror Images | |
uses: ./.github/actions/mirror | |
with: | |
quay-hostname: "quay:8443" | |
pull-secret: ${{ secrets.PULL_SECRET }} | |
- name: Upgrade Quay | |
run: ssh jonathan@quay './mirror-registry upgrade -v' | |
- name: Uninstall Quay | |
run: ssh jonathan@quay './mirror-registry uninstall --autoApprove -v' | |
- name: Terraform Destroy | |
run: terraform destroy --auto-approve | |
shell: bash | |
working-directory: ".github/workflows/local-${{ matrix.installer-type }}-installer" | |
if: always() | |
publish-release: | |
name: "Publish Release" | |
needs: ["build-install-zip"] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
if: github.event_name == 'push' || github.event.inputs.version | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download offline tarfile | |
uses: actions/download-artifact@v3 | |
with: | |
name: mirror-registry-offline-installer | |
- name: Rename offline tarfile | |
run: mv mirror-registry.tar.gz mirror-registry-offline.tar.gz | |
- name: Download online tarfile | |
uses: actions/download-artifact@v3 | |
with: | |
name: mirror-registry-online-installer | |
- name: Rename online tarfile | |
run: mv mirror-registry.tar.gz mirror-registry-online.tar.gz | |
- uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "*.tar.gz,README.md" | |
allowUpdates: true | |
prerelease: true | |
tag: ${{ github.ref_name }} | |
if: github.event_name == 'push' | |
- uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "*.tar.gz,README.md" | |
allowUpdates: true | |
prerelease: true | |
tag: ${{ github.event.inputs.version }} | |
if: github.event.inputs.version |