Skip to content

Commit aa5c84d

Browse files
JunAr7112JunAr7112
committed
added staging test job
1 parent 413524d commit aa5c84d

File tree

1 file changed

+264
-37
lines changed

1 file changed

+264
-37
lines changed

.nvidia-ci.yml

Lines changed: 264 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,210 @@ image-rhel9:
160160
- .image-pull
161161
- .dist-rhel9
162162

163+
# The .scan step forms the base of the image scan operation performed before releasing
164+
# images.
165+
.scan-generic:
166+
stage: scan
167+
image: "${PULSE_IMAGE}"
168+
variables:
169+
IMAGE_NAME: "${CI_REGISTRY_IMAGE}"
170+
VERSION: "${STAGING_VERSION}"
171+
rules:
172+
- if: $CI_COMMIT_MESSAGE =~ /\[skip[ _-]scans?\]/i
173+
when: never
174+
- if: $SKIP_SCANS && $SKIP_SCANS == "yes"
175+
when: never
176+
before_script:
177+
- !reference [.regctl-setup, before_script]
178+
# We ensure that the DRIVER_VERSION and PLATFORM are set
179+
- 'if [[ "${PRECOMPILED}" != "true" ]]; then echo DRIVER_VERSION: ${DRIVER_VERSION} ; [[ -n "${DRIVER_VERSION}" ]] || exit 1; fi'
180+
- 'echo PLATFORM: ${PLATFORM} ; [[ -n "${PLATFORM}" ]] || exit 1'
181+
- apk add --no-cache make bash
182+
- docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
183+
- if [[ "${PRECOMPILED}" == "true" ]]; then ./scripts/precompiled.sh pull; else make pull-${DIST}-${DRIVER_VERSION}; fi
184+
- if [[ "${PRECOMPILED}" == "true" ]]; then ./scripts/precompiled.sh archive; else make archive-${DIST}-${DRIVER_VERSION}; fi
185+
- AuthHeader=$(echo -n $SSA_CLIENT_ID:$SSA_CLIENT_SECRET | base64 -w0)
186+
- >
187+
export SSA_TOKEN=$(curl --request POST --header "Authorization: Basic $AuthHeader" --header "Content-Type: application/x-www-form-urlencoded" ${SSA_ISSUER_URL} | jq ".access_token" | tr -d '"')
188+
- if [ -z "$SSA_TOKEN" ]; then exit 1; else echo "SSA_TOKEN set!"; fi
189+
script:
190+
- pulse-cli -n $NSPECT_ID --ssa $SSA_TOKEN scan -i "archive.tar" -p $CONTAINER_POLICY -o
191+
artifacts:
192+
when: always
193+
expire_in: 1 week
194+
paths:
195+
- pulse-cli.log
196+
- licenses.json
197+
- sbom.json
198+
- vulns.json
199+
- policy_evaluation.json
200+
201+
.scan-rules-common:
202+
rules:
203+
- if: $CI_COMMIT_MESSAGE =~ /\[skip[ _-]scans?\]/i
204+
when: never
205+
- if: $SKIP_SCANS && $SKIP_SCANS == "yes"
206+
when: never
207+
208+
.scan:
209+
# Repeat for each DRIVER_VERSION
210+
extends:
211+
- .driver-versions
212+
- .scan-generic
213+
rules:
214+
- !reference [.scan-rules-common, rules]
215+
- if: $CI_PIPELINE_SOURCE == "schedule"
216+
when: never
217+
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
218+
- !reference [.pipeline-trigger-rules, rules]
219+
220+
.scan-ubuntu22.04:
221+
# Repeat for each DRIVER_VERSION
222+
extends:
223+
- .driver-versions
224+
- .scan-generic
225+
rules:
226+
- !reference [.scan-rules-common, rules]
227+
- if: $CI_PIPELINE_SOURCE == "schedule"
228+
when: never
229+
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
230+
- !reference [.pipeline-trigger-rules, rules]
231+
232+
.scan-ubuntu24.04:
233+
# Repeat for each DRIVER_VERSION
234+
extends:
235+
- .driver-versions-ubuntu24.04
236+
- .scan-generic
237+
rules:
238+
- !reference [.scan-rules-common, rules]
239+
- if: $CI_PIPELINE_SOURCE == "schedule"
240+
when: never
241+
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
242+
- !reference [.pipeline-trigger-rules, rules]
243+
244+
.scan-precompiled-ubuntu24.04:
245+
variables:
246+
DIST: signed_ubuntu24.04
247+
BASE_TARGET: noble
248+
PRECOMPILED: "true"
249+
extends:
250+
- .driver-versions-precompiled-ubuntu24.04
251+
- .scan-generic
252+
rules:
253+
- !reference [.scan-rules-common, rules]
254+
- !reference [.precompiled-rules, rules]
255+
256+
.scan-precompiled-ubuntu22.04:
257+
variables:
258+
DIST: signed_ubuntu22.04
259+
BASE_TARGET: jammy
260+
PRECOMPILED: "true"
261+
extends:
262+
- .driver-versions-precompiled-ubuntu22.04
263+
- .scan-generic
264+
rules:
265+
- !reference [.scan-rules-common, rules]
266+
- !reference [.precompiled-rules, rules]
267+
268+
# Define the scan targets
269+
scan-ubuntu20.04-amd64:
270+
extends:
271+
- .scan
272+
- .dist-ubuntu20.04
273+
- .platform-amd64
274+
needs:
275+
- image-ubuntu20.04
276+
277+
scan-ubuntu20.04-arm64:
278+
extends:
279+
- .scan
280+
- .dist-ubuntu20.04
281+
- .platform-arm64
282+
needs:
283+
- image-ubuntu20.04
284+
285+
scan-ubuntu22.04-amd64:
286+
extends:
287+
- .scan-ubuntu22.04
288+
- .dist-ubuntu22.04
289+
- .platform-amd64
290+
needs:
291+
- image-ubuntu22.04
292+
293+
scan-ubuntu22.04-arm64:
294+
extends:
295+
- .scan-ubuntu22.04
296+
- .dist-ubuntu22.04
297+
- .platform-arm64
298+
needs:
299+
- image-ubuntu22.04
300+
301+
scan-ubuntu24.04-amd64:
302+
extends:
303+
- .scan-ubuntu24.04
304+
- .dist-ubuntu24.04
305+
- .platform-amd64
306+
needs:
307+
- image-ubuntu24.04
308+
309+
scan-ubuntu24.04-arm64:
310+
extends:
311+
- .scan-ubuntu24.04
312+
- .dist-ubuntu24.04
313+
- .platform-arm64
314+
needs:
315+
- image-ubuntu24.04
316+
317+
scan-precompiled-ubuntu24.04-amd64:
318+
variables:
319+
PLATFORM: linux/amd64
320+
extends:
321+
- .scan-precompiled-ubuntu24.04
322+
- .platform-amd64
323+
needs:
324+
- image-precompiled-ubuntu24.04
325+
326+
scan-precompiled-ubuntu22.04-amd64:
327+
variables:
328+
PLATFORM: linux/amd64
329+
extends:
330+
- .scan-precompiled-ubuntu22.04
331+
- .platform-amd64
332+
needs:
333+
- image-precompiled-ubuntu22.04
334+
335+
scan-rhel8-amd64:
336+
extends:
337+
- .scan
338+
- .dist-rhel8
339+
- .platform-amd64
340+
needs:
341+
- image-rhel8
342+
343+
scan-rhel8-arm64:
344+
extends:
345+
- .scan
346+
- .dist-rhel8
347+
- .platform-arm64
348+
needs:
349+
- image-rhel8
350+
351+
scan-rhel9-amd64:
352+
extends:
353+
- .scan
354+
- .dist-rhel9
355+
- .platform-amd64
356+
needs:
357+
- image-rhel9
358+
359+
scan-rhel9-arm64:
360+
extends:
361+
- .scan
362+
- .dist-rhel9
363+
- .platform-arm64
364+
needs:
365+
- image-rhel9
366+
163367
.release:ngc-variables:
164368
variables:
165369
OUT_REGISTRY_USER: "${NGC_REGISTRY_USER}"
@@ -291,18 +495,35 @@ release:ngc-rhel9.6:
291495
variables:
292496
OUT_DIST: "rhel9.6"
293497

294-
# First job to process build information
295-
process-build-info:
498+
.process-build-info:
296499
stage: ngc-publish
500+
allow_failure: true
501+
script:
502+
- |
503+
distributions="ubuntu20.04 ubuntu22.04 ubuntu24.04 rhel8 rhcos4.12 rhcos4.13 rhcos4.14 rhcos4.15 rhcos4.16 rhcos4.17 rhcos4.18 rhel8.8 rhel8.10"
504+
> combined-build-info.txt
505+
for dist in $distributions; do
506+
for driver_version in ${DRIVER_VERSIONS}; do
507+
if [ -f "build-info-${driver_version}-${dist}.txt" ]; then
508+
cat "build-info-${driver_version}-${dist}.txt" >> combined-build-info.txt
509+
fi
510+
done
511+
done
512+
# Verify we have data
513+
if [ ! -s combined-build-info.txt ]; then
514+
echo "Error: No build information was collected"
515+
exit 1
516+
fi
517+
artifacts:
518+
paths:
519+
- combined-build-info.txt
520+
521+
process-build-info-release:
522+
extends:
523+
- .process-build-info
524+
rules:
525+
- if: $CI_COMMIT_TAG
297526
needs:
298-
- job: release:staging-ubuntu20.04
299-
optional: true
300-
- job: release:staging-ubuntu22.04
301-
optional: true
302-
- job: release:staging-ubuntu24.04
303-
optional: true
304-
- job: release:staging-rhel8
305-
optional: true
306527
- job: release:ngc-ubuntu20.04
307528
optional: true
308529
- job: release:ngc-ubuntu22.04
@@ -327,39 +548,45 @@ process-build-info:
327548
optional: true
328549
- job: release:ngc-rhcos4.18
329550
optional: true
330-
script:
331-
- |
332-
distributions="ubuntu20.04 ubuntu22.04 ubuntu24.04 rhel8 rhcos4.12 rhcos4.13 rhcos4.14 rhcos4.15 rhcos4.16 rhcos4.17 rhcos4.18 rhel8.8 rhel8.10"
333-
> combined-build-info.txt
334-
for dist in $distributions; do
335-
for driver_version in ${DRIVER_VERSIONS}; do
336-
if [ -f "build-info-${driver_version}-${dist}.txt" ]; then
337-
cat "build-info-${driver_version}-${dist}.txt" >> combined-build-info.txt
338-
fi
339-
done
340-
done
341551

342-
# Verify we got some data
343-
if [ ! -s combined-build-info.txt ]; then
344-
echo "Error: No build information was collected"
345-
exit 1
346-
fi
347-
artifacts:
348-
paths:
349-
- combined-build-info.txt
350-
351-
# Second job to trigger downstream pipeline
352-
raise-publishing-merge-request:
353-
stage: ngc-publish
552+
process-build-info-staging:
553+
extends:
554+
- .process-build-info
354555
needs:
355-
- job: process-build-info
356-
artifacts: true
556+
- job: release:staging-ubuntu20.04
557+
optional: true
558+
- job: release:staging-ubuntu22.04
559+
optional: true
560+
- job: release:staging-ubuntu24.04
561+
optional: true
562+
- job: release:staging-rhel8
563+
optional: true
564+
565+
.raise-merge-request:
566+
stage: ngc-publish
357567
image:
358568
name: "${CNT_NGC_PUBLISH_IMAGE}"
359569
pull_policy: always
360570
variables:
361571
GITLAB_ACCESS_TOKEN: "${CNT_GITLAB_TOKEN}"
362-
NGC_PUBLISHING_PROJECT_PATH: "dl/container-dev/ngc-automation"
363572
script:
364573
- cnt-ngc-publish render --project-name "gpu-driver-container" --versions-file "combined-build-info.txt" --output gpu-driver-container.yaml
365-
- cnt-ngc-publish merge-request --files "gpu-driver-container.yaml
574+
- cnt-ngc-publish merge-request --files "gpu-driver-container.yaml"
575+
576+
raise-staging-merge-request:
577+
extends:
578+
- .raise-merge-request
579+
needs:
580+
- job: process-build-info-staging
581+
artifacts: true
582+
before_script:
583+
- export NGC_PUBLISHING_PROJECT_PATH="dl/container-dev/ngc-automation"
584+
585+
raise-publishing-merge-request:
586+
extends:
587+
- .raise-merge-request
588+
rules:
589+
- if: $CI_COMMIT_TAG
590+
needs:
591+
- job: process-build-info-release
592+
artifacts: true

0 commit comments

Comments
 (0)