updated suite_mongocfg.yml.j2 #9549

Workflow file for this run

.github/workflows/build-cli.yml at bcf1b8e

	name: Build CLI
	on:
	workflow_dispatch:
	repository_dispatch:
	push:
	branches: [ "**" ]
	tags-ignore: [ "**" ]
	release:
	types: [ published ]

	# References:
	# - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
	# - https://docs.github.com/en/actions/learn-github-actions/expressions#functions

	jobs:
	build-tekton:
	name: Build Tekton Definitions
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.head_commit.message, '[doc]') }}
	steps:
	# 1. Initialize the build
	# -------------------------------------------------------------------------------------------
	- name: Checkout
	uses: actions/checkout@v4
	# Without this option, we don't get the tag information
	with:
	fetch-depth: 0

	- name: Initialise the build system
	run: \|
	chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh
	$GITHUB_WORKSPACE/build/bin/initbuild.sh
	source $GITHUB_WORKSPACE/build/bin/.functions.sh

	# 2. Tekton
	# -------------------------------------------------------------------------------------------
	- name: Build the Tekton definitions
	run: $GITHUB_WORKSPACE/build/bin/build-tekton.sh

	- name: Upload the Tekton definitions
	uses: actions/upload-artifact@v4
	with:
	name: ibm-mas-tekton.yaml
	path: ${{ github.workspace }}/tekton/target/ibm-mas-tekton.yaml
	retention-days: 30

	- name: Upload the Tekton definitions (FVT)
	uses: actions/upload-artifact@v4
	with:
	name: ibm-mas-tekton-fvt.yaml
	path: ${{ github.workspace }}/tekton/target/ibm-mas-tekton-fvt.yaml
	retention-days: 30

	- name: Upload definition to Artifactory
	env:
	ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }}
	ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
	run: \|
	$GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton.yaml
	$GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton-fvt.yaml

	build-python:
	name: Build Python Package
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.head_commit.message, '[doc]') }}
	needs: build-tekton
	steps:
	# 1. Initialize the build
	# -------------------------------------------------------------------------------------------
	- name: Checkout
	id: checkout
	uses: actions/checkout@v4
	# Without this option, we don't get the tag information
	with:
	fetch-depth: 0

	- name: Initialise the build system
	id: init
	run: \|
	chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh
	$GITHUB_WORKSPACE/build/bin/initbuild.sh
	source $GITHUB_WORKSPACE/build/bin/.functions.sh

	# 2. Build Python Package
	# -------------------------------------------------------------------------------------------
	- name: Download tekton definitions
	id: download-tekton
	uses: actions/download-artifact@v4
	with:
	name: ibm-mas-tekton.yaml
	path: ${{ github.workspace }}/python/src/mas/cli/templates/

	- name: Install
	id: install
	run: \|
	cd $GITHUB_WORKSPACE/python
	sed -i "s#__version__ = \"100.0.0\"#__version__ = \"${{ env.VERSION_NOPREREL }}\"#g" ${GITHUB_WORKSPACE}/python/src/mas/cli/__init__.py
	sed -i "s#self.version = \"100.0.0-pre.local\"#self.version = \"${{ env.VERSION }}\"#g" ${GITHUB_WORKSPACE}/python/src/mas/cli/cli.py
	cat ${GITHUB_WORKSPACE}/python/src/mas/cli/__init__.py

	python -m pip install --upgrade pip
	pip install .[dev]

	- name: Lint
	id: lint
	run: \|
	cd $GITHUB_WORKSPACE/python
	flake8 src --count --select=E9,F63,F7,F82 --show-source --statistics
	flake8 src --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics

	- name: Test
	id: test
	run: \|
	cd $GITHUB_WORKSPACE/python
	pytest

	- name: Build
	id: build
	run: \|
	cd $GITHUB_WORKSPACE/python
	python -m build
	cp $GITHUB_WORKSPACE/python/dist/mas_cli-${{ env.VERSION_NOPREREL }}.tar.gz $GITHUB_WORKSPACE/mas_cli.tar.gz

	# 3. Upload and Publish
	# -------------------------------------------------------------------------------------------
	- name: Upload
	id: upload
	uses: actions/upload-artifact@v4
	with:
	name: mas_cli.tar.gz
	path: ${{ github.workspace }}/mas_cli.tar.gz
	retention-days: 30

	- name: Publish package
	id: publish
	if: github.event_name == 'release'
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	user: __token__
	password: ${{ secrets.PYPI_API_TOKEN }}
	packages-dir: python/dist

	build-container-amd64:
	name: Build Container Image
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.head_commit.message, '[doc]') }}
	needs:
	- build-tekton
	- build-python
	steps:
	# 1. Initialize the build
	# -------------------------------------------------------------------------------------------
	- name: Checkout
	id: checkout
	uses: actions/checkout@v4
	# Without this option, we don't get the tag information
	with:
	fetch-depth: 0

	- name: Initialise the build system
	id: init
	run: \|
	chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh
	$GITHUB_WORKSPACE/build/bin/initbuild.sh
	source $GITHUB_WORKSPACE/build/bin/.functions.sh

	# 2. Download Ansible collection from Artifactory
	# -------------------------------------------------------------------------------------------
	- name: Download Ansible collection from Artifactory
	id: download-ansible
	if: contains(fromJson('["push", "workflow_dispatch", "repository_dispatch"]'), github.event_name)
	env:
	ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }}
	ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
	run: \|
	if [[ -e $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz ]]; then
	echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz! Skip download from Artifactory..."
	else
	echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz"
	wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz
	fi

	# 3. Download Built Artifacts
	# -------------------------------------------------------------------------------------------
	- name: Download the tekton file built in the other job
	id: download-tekton
	uses: actions/download-artifact@v4
	with:
	name: ibm-mas-tekton.yaml
	path: ${{ github.workspace }}/image/cli/mascli/templates/

	- name: Download the python package
	id: download-python
	uses: actions/download-artifact@v4
	with:
	name: mas_cli.tar.gz
	path: ${{ github.workspace }}/image/cli/install/

	# 4. CLI container image
	# -------------------------------------------------------------------------------------------
	- name: Build the container image
	id: docker-build
	run: \|
	docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io
	$GITHUB_WORKSPACE/build/bin/docker-build.sh -n ibmmas -i cli --target-platform amd64
	docker images

	- name: Push the container image
	id: docker-push
	run: \|
	docker tag ibmmas/cli:${{ env.DOCKER_TAG }}-amd64 quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-amd64
	docker images
	docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io
	docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-amd64

	- name: Push the container image (latest)
	id: docker-push-latest
	if: github.event_name == 'release'
	run: \|
	docker tag ibmmas/cli quay.io/ibmmas/cli:latest
	docker images
	docker push quay.io/ibmmas/cli:latest

	# 5. OWASP Dependency Check
	# -------------------------------------------------------------------------------------------
	- name: Perform dependency check
	id: owasp
	uses: dependency-check/Dependency-Check_Action@main
	with:
	project: 'cli'
	path: '.'
	format: 'HTML'
	args: >
	--failOnCVSS 7
	--enableRetired

	- name: Upload dependency check results
	id: upload-owasp
	uses: actions/upload-artifact@v4
	with:
	name: OWASP dependency check report
	path: ${{github.workspace}}/reports
	retention-days: 30

	build-container-s390x:
	name: Build Container Image
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.head_commit.message, '[doc]') }}
	needs:
	- build-tekton
	- build-python
	steps:
	# 1. Initialize the build
	# -------------------------------------------------------------------------------------------
	- name: Checkout
	id: checkout
	uses: actions/checkout@v4
	# Without this option, we don't get the tag information
	with:
	fetch-depth: 0

	- name: Initialise the build system
	id: init
	run: \|
	chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh
	$GITHUB_WORKSPACE/build/bin/initbuild.sh
	source $GITHUB_WORKSPACE/build/bin/.functions.sh

	# 2. Download Ansible collection from Artifactory
	# -------------------------------------------------------------------------------------------
	- name: Download Ansible collection from Artifactory
	id: download-ansible
	if: contains(fromJson('["push", "workflow_dispatch", "repository_dispatch"]'), github.event_name)
	env:
	ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }}
	ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
	run: \|
	if [[ -e $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz ]]; then
	echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz! Skip download from Artifactory..."
	else
	echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz"
	wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install/ibm-mas_devops.tar.gz
	fi

	# 3. Download Built Artifacts
	# -------------------------------------------------------------------------------------------
	- name: Download the tekton file built in the other job
	id: download-tekton
	uses: actions/download-artifact@v4
	with:
	name: ibm-mas-tekton.yaml
	path: ${{ github.workspace }}/image/cli/mascli/templates/

	- name: Download the python package
	id: download-python
	uses: actions/download-artifact@v4
	with:
	name: mas_cli.tar.gz
	path: ${{ github.workspace }}/image/cli/install/

	# 4. CLI container image
	# -------------------------------------------------------------------------------------------
	- name: Build the container image
	id: docker-build
	run: \|
	$GITHUB_WORKSPACE/build/bin/docker-build.sh -n ibmmas -i cli --target-platform s390x

	- name: Push the container image
	id: docker-push
	run: \|
	docker images
	docker tag ibmmas/cli:${{ env.DOCKER_TAG }}-s390x quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-s390x
	docker images
	docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io
	docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}-s390x

	- name: Push the container image (latest)
	id: docker-push-latest
	if: github.event_name == 'release'
	run: \|
	docker tag ibmmas/cli quay.io/ibmmas/cli:latest
	docker images
	docker push quay.io/ibmmas/cli:latest

	build-cli-manifest:
	runs-on: ubuntu-latest
	needs: [ build-container-amd64, build-container-s390x ]
	steps:
	# 1. Setup
	# -------------------------------------------------------------------------------------------
	- name: Checkout
	uses: actions/checkout@v4
	# Without this option, we don't get the tag information
	with:
	fetch-depth: 0
	- name: Initialise the build system
	run: \|
	chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh
	$GITHUB_WORKSPACE/build/bin/initbuild.sh
	source $GITHUB_WORKSPACE/build/bin/.functions.sh
	# 3. Manifest and publish release base container image of cli
	# -------------------------------------------------------------------------------------------
	- name: Publish release cli
	run: \|
	docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io
	$GITHUB_WORKSPACE/build/bin/docker-manifest.sh -n ibmmas -i cli --target-platforms amd64,s390x

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

updated suite_mongocfg.yml.j2 #9549

Workflow file

updated suite_mongocfg.yml.j2 #9549

Jobs

Run details

Workflow file for this run