fix: update component to MofedStigFips and use local var in loop for … #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker, Helm and OCP CI | |
| on: | |
| push: | |
| branches: | |
| - "master" | |
| - "v*.x" | |
| tags: | |
| - "v*" | |
| # note: various environment variable names are set to match expectation from the Makefile; do not change without comparing | |
| env: | |
| DEFAULT_BRANCH: master | |
| REGISTRY: nvcr.io/nvstaging/mellanox | |
| IMAGE_NAME: network-operator | |
| jobs: | |
| docker-build-push: | |
| runs-on: linux-amd64-cpu4 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Determine docker tags | |
| run: | | |
| git_sha=$(git rev-parse --short=12 HEAD) # short git commit hash | |
| git_tag=${{ github.ref_type == 'tag' && github.ref_name || '' }} # git tag, if triggered by tag event | |
| latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master | |
| echo DOCKER_TAGS=""$git_sha $git_tag $latest"" | tee -a $GITHUB_ENV | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.NVCR_USERNAME }} | |
| password: ${{ secrets.NVCR_TOKEN }} | |
| - name: Make build and push | |
| env: | |
| TAG: mellanox/${{ env.IMAGE_NAME }} | |
| GOPROXY: ${{ secrets.GO_PROXY_URL }} | |
| run: | | |
| echo "Docker tags will be: $DOCKER_TAGS" | |
| for docker_tag in $DOCKER_TAGS; do | |
| make VERSION=$docker_tag image-build-multiarch image-push-multiarch | |
| done | |
| outputs: | |
| default_branch: ${{ env.DEFAULT_BRANCH }} # we output this here, to use in the following job's conditioning (due to github actions environment variable scope limitations). | |
| helm-package-publish: | |
| if: github.ref_type == 'tag' || github.ref_name == ${{ needs.docker-build-push.outputs.default_branch }} | |
| needs: | |
| - docker-build-push | |
| runs-on: linux-amd64-cpu4 | |
| env: | |
| NGC_REPO: nvstaging/mellanox/network-operator | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: NGC setup and authentication | |
| run: | | |
| wget \ | |
| --no-verbose \ | |
| --content-disposition \ | |
| -O ngccli_linux.zip \ | |
| https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.160.1/files/ngccli_linux.zip | |
| unzip -q ngccli_linux.zip | |
| echo "./ngc-cli" >> $GITHUB_PATH | |
| ngc-cli/ngc config set <<EOF | |
| ${{ secrets.NVCR_TOKEN }} | |
| json | |
| nvstaging | |
| mellanox | |
| no-ace | |
| EOF | |
| - name: Make package and push (`current_version+git_sha` as chart version) | |
| run: | | |
| git_sha=$(git rev-parse --short=12 HEAD) # short git commit hash | |
| current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml) | |
| APP_VERSION=$git_sha VERSION=$current_chart_version-$git_sha make chart-build chart-push \ | |
| 2> >(tee error.log) || grep 'already exists in the repository' error.log # catches any errors to `error.log`; if there is a specific error - passes (exit 0) | |
| - name: Make package and push (`git_tag` as chart version) | |
| if: github.ref_type == 'tag' | |
| run: | | |
| git_tag=${{ github.ref_name }} | |
| APP_VERSION=$git_tag VERSION=${git_tag:1} make chart-build chart-push # VERSION as 'v' prefix removed | |
| ocp-bundle: | |
| needs: | |
| - docker-build-push | |
| runs-on: ubuntu-24.04 | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} | |
| DOWNSTREAM_REPO_OWNER: nvidia-ci-cd | |
| UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step | |
| - name: Determine version, tag, and base branch | |
| run: | | |
| if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
| git_tag=${{ github.ref_name }} | |
| echo VERSION_WITH_PREFIX=$git_tag | tee -a $GITHUB_ENV | |
| echo VERSION_WITHOUT_PREFIX=${git_tag:1} | tee -a $GITHUB_ENV # without the 'v' prefix | |
| if echo $git_tag | grep beta; then | |
| base_branch=$DEFAULT_BRANCH | |
| else | |
| v_major_minor=$(echo $git_tag | grep -Eo '^v[0-9]+\.[0-9]+') | |
| base_branch=$v_major_minor.x | |
| fi | |
| echo BASE_BRANCH=$base_branch | tee -a $GITHUB_ENV | |
| elif [[ "${{ github.ref_type }}" == "branch" ]]; then | |
| echo VERSION_WITH_PREFIX=$(git rev-parse --short=12 HEAD) | tee -a $GITHUB_ENV | |
| fi | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.NVCR_USERNAME }} | |
| password: ${{ secrets.NVCR_TOKEN }} | |
| - name: Lookup image digest | |
| run: | | |
| network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest) | |
| echo $network_operator_digest | wc -w | grep 1 # verifies value not empty | |
| echo NETWORK_OPERATOR_DIGEST=$network_operator_digest | tee -a $GITHUB_ENV | |
| - name: Make bundle | |
| env: | |
| TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }} | |
| BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }} | |
| NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }} | |
| run: | | |
| if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
| version_major_minor=$(echo $VERSION_WITH_PREFIX | grep -Eo 'v[0-9]+\.[0-9]+') | |
| export CHANNELS=stable,$version_major_minor | |
| export DEFAULT_CHANNEL=stable | |
| export VERSION=${{ env.VERSION_WITHOUT_PREFIX }} | |
| elif [[ "${{ github.ref_type }}" == "branch" ]]; then | |
| export CHANNELS=stable,v1.1 # hard coded | |
| export DEFAULT_CHANNEL=stable # hard coded | |
| export VERSION=1.1.0-${{ env.VERSION_WITH_PREFIX }} # using the commit hash | |
| export NETWORK_OPERATOR_VERSION=${{ env.VERSION_WITH_PREFIX }} # for push use commit sha | |
| fi | |
| make bundle bundle-build bundle-push | |
| if [[ "${{ github.ref_type }}" == "branch" ]]; then | |
| export BUNDLE_IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:latest # hard coded | |
| make bundle-build bundle-push | |
| fi | |
| - name: Create PR with bundle to Network Operator | |
| if: github.ref_type == 'tag' | |
| env: | |
| FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }} | |
| run: | | |
| git config user.name nvidia-ci-cd | |
| git config user.email [email protected] | |
| git checkout -b $FEATURE_BRANCH | |
| git status | |
| git add bundle | |
| git add bundle.Dockerfile | |
| git commit -sm "task: update bundle to $VERSION_WITH_PREFIX" | |
| git push -u origin $FEATURE_BRANCH | |
| gh pr create \ | |
| --head $FEATURE_BRANCH \ | |
| --base $BASE_BRANCH \ | |
| --title "task: update bundle to $VERSION_WITH_PREFIX" \ | |
| --body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." |