Skip to content

INSTA-16607-main-pipeline-changes #329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nagaraj-kandoor wants to merge 20 commits into
base: main
Choose a base branch
from
Open

INSTA-16607-main-pipeline-changes #329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
050c83f
INSTA-16607-main-pipeline-changes
nagaraj-kandoor Sep 10, 2025
c0cf40c
INSTA-16607-added-publish-artifactes-task
nagaraj-kandoor Sep 17, 2025
d38abd5
INSTA-16607-olm-release-task-added
nagaraj-kandoor Sep 29, 2025
fea340e
INSTA-16607-olm-release-task-added
nagaraj-kandoor Sep 29, 2025
ad03ba5
INSTA-16607-fedramp-sps-changes
nagaraj-kandoor Oct 1, 2025
9aab48f
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 13, 2025
463b7dc
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 15, 2025
d67e5e5
INSTA-16607-fedramp-promotion-pipeline-added
nagaraj-kandoor Oct 15, 2025
0148680
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 15, 2025
1c7a980
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 16, 2025
1dedb83
INSTA-16607-added-push-fedramp-version-task
nagaraj-kandoor Oct 16, 2025
feadc62
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 17, 2025
5e4bf66
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 21, 2025
dddade5
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Oct 28, 2025
b4af3be
Merge branch 'main' into INSTA-16607-main-pipeline-change
nagaraj-kandoor Nov 19, 2025
e334c40
INSTA-16607-refactored-pr-to-ci-changes.
nagaraj-kandoor Nov 25, 2025
4f1af3e
INSTA-16607-refactor-ci-pipeline-to-cilistener
nagaraj-kandoor Nov 26, 2025
99ee17b
INSTA-16607-refactor-fedramp-to-cilistener
nagaraj-kandoor Nov 26, 2025
437881a
INSTA-16607-Added-env
nagaraj-kandoor Dec 1, 2025
a7e585a
INSTA-16607-public-repo-changes
nagaraj-kandoor Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .fedramp-promotion-pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#
# (c) Copyright IBM Corp. 2025
#
version: "2"

tasks:
code-checks:
include:
- dind
steps:
- name: detect-secrets
include:
- docker-socket
- name: compliance-checks
include:
- docker-socket
- name: static-scan
include:
- docker-socket

code-build:
include:
- dind
steps:
- name: detect-secrets
include:
- docker-socket
- name: compliance-checks
include:
- docker-socket
- name: static-scan
include:
- docker-socket

deploy-checks:
displayName: promote-artifacts
runtimeClassName: x86-xlarge
onError: stopAndFail
include:
- dind
steps:
- name: deploy
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
./ci/sps-scripts/fedramp-promotion.sh
- name: dynamic-scan
include:
- docker-socket
onError: continue
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
when: false
- name: acceptance-test
onError: continue
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
when: false
code-ci-finish:
steps:
- name: evaluate
when: 'false'
- name: prepare
when: 'false'
- name: run-stage
when: 'false'
158 changes: 142 additions & 16 deletions .pipeline-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,36 @@
version: "2"

tasks:
pr-code-checks:
code-checks:
include:
- dind
steps:
- name: detect-secrets
include:
- docker-socket
- name: compliance-checks
include:
- docker-socket
- name: static-scan
include:
- docker-socket

code-build:
displayName: build-images-and-e2e
runtimeClassName: large
onError: stopAndFail
include:
- dind
steps:
- name: unit-test
onError: stopAndFail
include:
- docker-socket
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
script: |
#!/usr/bin/env bash
echo "tests are executed in go-lang-unit-test"
- name: build-artifact
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
Expand All @@ -23,12 +45,11 @@ tasks:
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/sps-build-multiarch-images.sh
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/vm-janitor.sh
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/ephemeral-k8s-e2e.sh
- name: detect-secrets
include:
- docker-socket
- name: sign-artifact
when: false

pr-code-checks-2:
from: pr-code-checks
code-build-2:
from: code-build
displayName: go-lang-unit-test
runtimeClassName: large
onError: stopAndFail
Expand All @@ -41,34 +62,139 @@ tasks:
- docker-socket
script: |
#!/usr/bin/env bash
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/unit-test.sh
- name: detect-secrets
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/unit-test.sh
- name: build-artifact
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket

pr-code-checks-3:
from: pr-code-checks
displayName: operator-olm-build
script: |
#!/usr/bin/env bash
echo "build are executed in build-images-and-e2e"
- name: sign-artifact
when: false

code-build-3:
from: code-build
displayName: build-multiarch-manifest
runtimeClassName: large
runAfter:
- code-build
include:
- dind
steps:
- name: unit-test
onError: stopAndFail
include:
- docker-socket
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
script: |
#!/usr/bin/env bash
echo "tests are executed in go-lang-unit-test"
- name: build-artifact
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/olm-build.sh
- name: detect-secrets
$WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/build-multiarch-manifest.sh
- name: sign-artifact
when: false

code-build-4:
from: code-build
displayName: redhat-preflight-scans
runtimeClassName: large
runAfter:
- code-build
include:
- dind
steps:
- name: unit-test
onError: stopAndFail
include:
- docker-socket
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
script: |
#!/usr/bin/env bash
echo "tests are executed in go-lang-unit-test"
- name: build-artifact
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
$WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/pre-flight.sh
- name: sign-artifact
when: false


deploy-release:
displayName: operator-olm-github-release
runtimeClassName: large
runAfter:
- code-build
- code-build-2
- code-build-3
include:
- dind
steps:
- name: run-stage
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/olm-github-release.sh

code-pr-finish:
deploy-release-1:
from: deploy-release
displayName: tag-release
runtimeClassName: large
runAfter:
- code-build
- code-build-2
include:
- dind
steps:
- name: run-stage
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
$WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/tag-new-release.sh

deploy-checks:
displayName: push-fedramp-version
runtimeClassName: large
runAfter:
- code-build
include:
- dind
steps:
- name: deploy
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
$WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/push-fedramp-version.sh
- name: dynamic-scan
include:
- docker-socket
onError: continue
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
when: false
- name: acceptance-test
onError: continue
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
when: false

code-ci-finish:
steps:
- name: evaluate
when: 'false'
- name: prepare
when: 'false'
- name: run-stage
when: 'false'
when: 'false'
74 changes: 74 additions & 0 deletions .pr-pipeline-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
#
# (c) Copyright IBM Corp. 2025
#
version: "2"

tasks:
pr-code-checks:
displayName: build-images-and-e2e
runtimeClassName: large
onError: stopAndFail
include:
- dind
steps:
- name: unit-test
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
export TASK_NAME="pr-code-checks"
export SKIP_INSTALL_GCLOUD="false"
source "${WORKSPACE}/${APP_REPO_FOLDER}/ci/sps-scripts/setup.sh"
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/sps-build-multiarch-images.sh
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/vm-janitor.sh
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/ephemeral-k8s-e2e.sh
- name: detect-secrets
include:
- docker-socket

pr-code-checks-2:
from: pr-code-checks
displayName: go-lang-unit-test
runtimeClassName: large
onError: stopAndFail
include:
- dind
steps:
- name: unit-test
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/unit-test.sh
- name: detect-secrets
include:
- docker-socket

pr-code-checks-3:
from: pr-code-checks
displayName: operator-olm-build
runtimeClassName: large
include:
- dind
steps:
- name: unit-test
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
include:
- docker-socket
script: |
#!/usr/bin/env bash
source $WORKSPACE/$APP_REPO_FOLDER/ci/sps-scripts/olm-build.sh
- name: detect-secrets
include:
- docker-socket

code-pr-finish:
steps:
- name: evaluate
when: 'false'
- name: prepare
when: 'false'
- name: run-stage
when: 'false'
Loading