From 43e3be192b352b3cb11df92c9e1bbb8a5c4c88cc Mon Sep 17 00:00:00 2001 From: Lewis Denny Date: Mon, 26 Aug 2024 20:05:47 +1000 Subject: [PATCH] Add cifmw client container This patch adds a new containerfile defining the container we will use with the upcoming CLI, maybe in CI jobs soon as well. With every merge into the ci-framework repo the container will be build using the ref content and tagged with the Git SHA. If the PR is merged into the main branch the "latest" tag will be updated. Jira: https://issues.redhat.com/browse/OSPRH-9458 --- .ansible-lint | 1 + .../build-and-push-client-container.yml | 49 +++++++++++++++++++ Makefile | 4 ++ ci/playbooks/build_push_container.yml | 7 +++ ci/playbooks/build_push_container_runner.yml | 13 +++++ ci/templates/projects.yaml | 4 ++ containerfiles/Containerfile.client | 26 ++++++++++ zuul.d/pods.yaml | 27 ++++++++++ zuul.d/projects.yaml | 4 ++ 9 files changed, 135 insertions(+) create mode 100644 .github/workflows/build-and-push-client-container.yml create mode 100644 ci/playbooks/build_push_container.yml create mode 100644 ci/playbooks/build_push_container_runner.yml create mode 100644 containerfiles/Containerfile.client diff --git a/.ansible-lint b/.ansible-lint index bd1400abf5..bba0013e10 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -4,6 +4,7 @@ exclude_paths: - ../ - .cache/ - .venv/ + - .github/ # Not Ansible, just YAML - build/ - containerfiles/ - docs/ diff --git a/.github/workflows/build-and-push-client-container.yml b/.github/workflows/build-and-push-client-container.yml new file mode 100644 index 0000000000..96e03554c2 --- /dev/null +++ b/.github/workflows/build-and-push-client-container.yml @@ -0,0 +1,49 @@ +name: Build and Push Image +on: [ push ] +env: + IMAGE_NAME: cifmw-client + IMAGE_REGISTRY: quay.rdoproject.org/ci-framework + REGISTRY_USER: ${{ secrets.QUAY_RDO_CI_FRAMEWORK_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.QUAY_RDO_CI_FRAMEWORK_PASSWORD }} + +jobs: + build: + name: Build and push image + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + + - name: Get branch name + id: branch-name + uses: tj-actions/branch-names@v7 + + # Overriding the LATEST_TAG var allows us to track latest + # tags for other branches, "latest" won't move unless code + # is merged into the main branch. + - name: Set latest tag for non main branch + if: "${{ steps.branch-name.outputs.current_branch != 'main' }}" + run: | + echo "LATEST_TAG=${{ steps.branch-name.outputs.current_branch }}-latest" >> $GITHUB_ENV + + - name: Build Image + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.IMAGE_NAME }} + tags: ${{ env.LATEST_TAG }} ${{ github.sha }} + containerfiles: | + containerfiles/Containerfile.client + + - name: Push To quay.rdoproject.org + id: push-to-quay + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build-image.outputs.image }} + tags: ${{ steps.build-image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + - name: Print image url + run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" diff --git a/Makefile b/Makefile index a85ec9e668..239e8631c9 100644 --- a/Makefile +++ b/Makefile @@ -248,3 +248,7 @@ plugin-development-disable: # Revert all changes and delete .env if no longer ne grep -lEr --include=\*.py --exclude-dir=.venv 'from (?:plugins|tests)' | xargs gsed -i -e 's/from plugins/from ansible_collections\.cifmw\.general\.plugins/g' -e 's/from tests/from ansible_collections\.cifmw\.general\.tests/g' gsed -i '/PYTHONPATH=/d' .env [ -s .env ] || rm .env + +.PHONY: build-cifmw-client-container +build-cifmw-client-container: # Locally build cifmw-client container + podman build --security-opt label=disable -t localhost/cifmw-client:latest -f containerfiles/Containerfile.client . diff --git a/ci/playbooks/build_push_container.yml b/ci/playbooks/build_push_container.yml new file mode 100644 index 0000000000..7373811969 --- /dev/null +++ b/ci/playbooks/build_push_container.yml @@ -0,0 +1,7 @@ +--- +- name: Run build_push_container role + hosts: "{{ cifmw_target_host | default('localhost') }}" + tasks: + - name: Run build_push_container role + ansible.builtin.include_role: + name: build_push_container diff --git a/ci/playbooks/build_push_container_runner.yml b/ci/playbooks/build_push_container_runner.yml new file mode 100644 index 0000000000..76077ebcad --- /dev/null +++ b/ci/playbooks/build_push_container_runner.yml @@ -0,0 +1,13 @@ +--- +- name: Run build_push_container role + hosts: "controller" + tasks: + - name: Run build_push_container role + vars: + ci_framework_src_dir: "{{ ansible_user_dir }}/src/github.com/openstack-k8s-operators/ci-framework" + ansible.builtin.command: + chdir: "{{ ci_framework_src_dir }}" + cmd: >- + ~/test-python/bin/ansible-playbook ci/playbooks/build_push_container.yml + -i {{ ansible_user_dir }}/ci-framework-data/artifacts/zuul_inventory.yml + -e "@{{ ansible_user_dir }}/ci-framework-data/artifacts/parameters/zuul-params.yml" diff --git a/ci/templates/projects.yaml b/ci/templates/projects.yaml index 44d5c0b266..e88d47df93 100644 --- a/ci/templates/projects.yaml +++ b/ci/templates/projects.yaml @@ -24,4 +24,8 @@ - cifmw-tcib - cifmw-architecture-validate-hci - ci-framework-openstack-meta-content-provider + - cifmw-client-build-push-container-ci-framework + github-post: + jobs: + - cifmw-client-build-push-container-ci-framework # Start generated content diff --git a/containerfiles/Containerfile.client b/containerfiles/Containerfile.client new file mode 100644 index 0000000000..ec4aedf6bc --- /dev/null +++ b/containerfiles/Containerfile.client @@ -0,0 +1,26 @@ +FROM quay.io/centos/centos:stream9 + +LABEL summary="CI-Framework client image" \ + maintainer="CI Framework" + +# USER root +RUN dnf update -y && \ + dnf install -y git python3.11 python3.11-pip \ + python3-netaddr make gcc sudo rsync vim && \ + dnf clean all + +RUN adduser cifmw + +RUN echo "cifmw ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/cifmw + +ENV PATH="/home/cifmw/test-python/bin:$PATH:/home/cifmw/.local/bin" + +USER cifmw + +COPY --chown=cifmw:cifmw . /home/cifmw/ci-framework + +WORKDIR /home/cifmw/ci-framework + +RUN /usr/bin/make -C /home/cifmw/ci-framework setup_molecule USE_VENV=yes + +RUN /home/cifmw/test-python/bin/pre-commit install --install-hooks diff --git a/zuul.d/pods.yaml b/zuul.d/pods.yaml index ff47e07869..eb09e658d4 100644 --- a/zuul.d/pods.yaml +++ b/zuul.d/pods.yaml @@ -38,3 +38,30 @@ run_test: "check_k8s_snippets_comment" files: - ^roles/ci_gen_kustomize_values/templates/.* + +- job: + name: cifmw-client-build-push-container-build + description: | + Build cifmw-client container + parent: build-push-container-base + nodeset: centos-stream-9 + pre-run: + - ci/playbooks/molecule-prepare.yml + - ci/playbooks/dump_zuul_data.yml + run: ci/playbooks/build_push_container_runner.yml + vars: + cifmw_zuul_target_host: controller + +- job: + name: cifmw-client-build-push-container-ci-framework + description: | + Build and push cifmw-client container to + quay.rdoproject.com registry + parent: cifmw-client-build-push-container-build + vars: + ansible_user_dir: "{{ lookup('env', 'HOME') }}" + cifmw_ci_framework_src: "{{ ansible_user_dir }}/src/github.com/openstack-k8s-operators/ci-framework" + cifmw_build_push_container_push: true + cifmw_build_push_container_name: cifmw-client + cifmw_build_push_container_containerfile_path: "{{ (cifmw_ci_framework_src, 'containerfiles', 'Containerfile.client') | ansible.builtin.path_join }}" + cifmw_build_push_container_registry_name: quay.rdoproject.org/ci-framework/cifmw-client diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 775596265d..35da3fa0f7 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -12,6 +12,7 @@ - cifmw-tcib - cifmw-architecture-validate-hci - ci-framework-openstack-meta-content-provider + - cifmw-client-build-push-container-ci-framework - cifmw-molecule-artifacts - cifmw-molecule-build_containers - cifmw-molecule-build_openstack_packages @@ -93,6 +94,9 @@ github-experimental-trigger: jobs: - downstream-va-hci-trigger-job + github-post: + jobs: + - cifmw-client-build-push-container-ci-framework name: openstack-k8s-operators/ci-framework templates: - podified-multinode-edpm-ci-framework-pipeline