Merge pull request #641 from securesign/konflux/references/release-1.0 #510

Workflow file for this run

.github/workflows/upgrade.yml at bd0f662

	name: Operator Upgrade
	on:
	workflow_dispatch:
	push:
	branches: [ "main", "release*" ]
	tags: [ "*" ]
	pull_request:
	branches: [ "main", "release*" ]

	env:
	GO_VERSION: 1.21

	jobs:
	upgrade:
	name: Upgrade operator test
	runs-on: ubuntu-20.04
	env:
	IMG: ttl.sh/securesign/operator-upgrade-${{github.run_number}}:1h
	BUNDLE_IMG: ttl.sh/securesign/bundle-upgrade-${{github.run_number}}:1h
	CATALOG_IMG: ttl.sh/securesign/catalog-upgrade-${{github.run_number}}:1h
	steps:
	- name: Free Disk Space (Ubuntu)
	uses: jlumbroso/free-disk-space@main
	with:
	tool-cache: true
	- name: Checkout source
	uses: actions/checkout@v2

	- name: Install Go
	uses: actions/setup-go@v3
	with:
	go-version: ${{ env.GO_VERSION }}

	- uses: actions/cache@v3
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-

	- name: Log in to registry.redhat.io
	uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1
	with:
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}
	registry: registry.redhat.io
	auth_file_path: /tmp/config.json

	- name: Install OPM
	run: \|
	make opm
	echo "OPM=${{ github.workspace }}/bin/opm" >> $GITHUB_ENV

	- name: Remove rhel9 suffix from images.go
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "-rhel9@"
	replace: "@"
	include: "**images.go"
	regex: false

	- name: Replace trillian images
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/trillian-"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/trillian/"
	include: "**images.go"
	regex: false

	- name: replace Fulcio images
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/fulcio"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/fulcio/fulcio-server"
	include: "**images.go"
	regex: false

	- name: replace Rekor-search images
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/rekor-search-ui"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/rekor-search/rekor-search"
	include: "**images.go"
	regex: false

	- name: replace Rekor images
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: 'registry.redhat.io/rhtas/rekor-'
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-"
	include: "**images.go"
	regex: false

	- name: replace Tuf images
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/tuf-"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/scaffold/tuf-"
	include: "**images.go"
	regex: false

	- name: replace CTL images
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/certificate-transparency"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/certificate-transparency-go/certificate-transparency-go"
	include: "**images.go"
	regex: false

	- name: replace server-cg image
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/client-server-cg"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/cli/client-server-cg"
	include: "**images.go"
	regex: false
	- name: replace server-re image
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/client-server-re"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/cli/client-server-re"
	include: "**images.go"
	regex: false

	- name: replace segment job image
	uses: jacobtomlinson/gha-find-replace@v3
	with:
	find: "registry.redhat.io/rhtas/segment-reporting"
	replace: "quay.io/redhat-user-workloads/rhtas-tenant/segment-backup-job/segment-backup-job"
	include: "**images.go"
	regex: false

	- name: Print Resulting images.go file
	run: cat controllers/constants/images.go

	- name: Build operator container
	run: make docker-build docker-push

	- name: Build operator bundle
	run: make bundle bundle-build bundle-push

	- name: Checkout FBC source
	uses: actions/checkout@v2
	with:
	repository: "securesign/fbc"
	path: fbc

	- name: Build catalog
	run: \|
	cd fbc
	chmod +x ./generate-fbc.sh && OPM_CMD=${{ env.OPM }} ./generate-fbc.sh --init-basic v4.14 jq
	cat << EOF >> v4.14/graph.json
	{
	"schema": "olm.bundle",
	"image": "$BUNDLE_IMG"
	}
	EOF
	#TODO: versions needs to be maintained - try to eliminate
	cat <<< $(jq 'select(.schema == "olm.channel" and .name == "stable").entries += [{"name":"rhtas-operator.v1.0.2", "replaces": "rhtas-operator.v1.0.1"}]' v4.14/graph.json) > v4.14/graph.json
	cat v4.14/graph.json
	${{ env.OPM }} alpha render-template basic v4.14/graph.json > v4.14/catalog/rhtas-operator/catalog.json
	${{ env.OPM }} validate v4.14/catalog/rhtas-operator
	docker build v4.14 -f v4.14/catalog.Dockerfile -t $CATALOG_IMG
	docker push $CATALOG_IMG

	- name: Image prune
	run: docker image prune -af

	- name: Install Cluster
	uses: container-tools/[email protected]
	with:
	version: v0.20.0
	node_image: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
	cpu: 3
	registry: false
	config: ./ci/config.yaml

	- name: Configure cluster
	run: \|
	kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
	kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s

	#install OLM
	kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml
	# wait for a while to be sure CRDs are installed
	sleep 1
	kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml

	kubectl create --kustomize ci/keycloak/operator/overlay/kind
	until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ]
	do
	echo "Waiting for keycloak operator. Pods in keycloak-system namespace:"
	kubectl get pods -n keycloak-system
	sleep 10
	done
	kubectl create --kustomize ci/keycloak/resources/overlay/kind
	until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]]
	do
	printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system)
	sleep 10
	done

	# HACK - expose keycloak under the same name as the internal SVC has so it will be accessible:
	# - within the cluster (where the localhost does not work)
	# - outside the cluster (resolved from /etc/hosts and redirect to the localhost)
	kubectl create -n keycloak-system -f - <<EOF
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: keycloak
	spec:
	rules:
	- host: keycloak-internal.keycloak-system.svc
	http:
	paths:
	- backend:
	service:
	name: keycloak-internal
	port:
	number: 80
	path: /
	pathType: Prefix
	EOF
	shell: bash

	- name: Add service hosts to /etc/hosts
	run: \|
	sudo echo "127.0.0.1 fulcio-server.local tuf.local rekor-server.local keycloak-internal.keycloak-system.svc rekor-search-ui.local cli-server.local" \| sudo tee -a /etc/hosts
	- name: Install cosign
	run: go install github.com/sigstore/cosign/v2/cmd/[email protected]

	- name: Run tests
	run: TEST_BASE_CATALOG=registry.redhat.io/redhat/redhat-operator-index:v4.14 TEST_TARGET_CATALOG=$CATALOG_IMG OPENSHIFT=false go test ./e2e/... -tags=upgrade -timeout 20m

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #641 from securesign/konflux/references/release-1.0 #510

Workflow file

Merge pull request #641 from securesign/konflux/references/release-1.0 #510

Jobs

Run details

Workflow file for this run