Skip to content

Commit

Permalink
enhance the bundle release action (#686)
Browse files Browse the repository at this point in the history 
* enhance the bundle release action

* fix ci
  • Loading branch information
@freeznet
freeznet authored Aug 25, 2023
1 parent 65a9793 commit 26f75b5
Show file tree
Hide file tree
Showing 2 changed files with 223 additions and 3 deletions.
39 changes: 36 additions & 3 deletions .github/workflows/bundle-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,13 @@ jobs:
export BRANCH=function-mesh-operator-$VERSION
echo $BRANCH
git push -d origin $BRANCH || echo 'Skip branch deletion'
# sync with the upstream repo https://github.com/k8s-operatorhub/community-operators.git
git remote add upstream https://github.com/k8s-operatorhub/community-operators.git
git fetch upstream
git checkout -b upstream upstream/main
git pull
git checkout -b $BRANCH
export TARGET_DIR=operators/function-mesh/$VERSION
Expand Down Expand Up @@ -229,18 +236,37 @@ jobs:
docker run -i --rm --security-opt=label=disable --env PFLT_LOGLEVEL=trace --env PFLT_ARTIFACTS=/artifacts --env PFLT_LOGFILE=/artifacts/preflight.log --env PFLT_CERTIFICATION_PROJECT_ID=$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN --env PFLT_DOCKERCONFIG=/temp-authfile.json -v $TARGET_DIR:/artifacts -v $AUTHFILE:/temp-authfile.json:ro quay.io/opdev/preflight:stable check container quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION --submit
sleep 60s
- name: Label the image as latest
- name: Wait for Scan to Complete
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: registry.connect.redhat.com/streamnative
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }}
TIMEOUT_IN_MINS: 10
run: |
echo $VERSION
source hack/publish-rhel.sh
wait_for_container_scan "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" "$TIMEOUT_IN_MINS"
- name: Wait for image release
env:
VERSION: ${{ inputs.tag }}
DOCKER_REPO: registry.connect.redhat.com/streamnative
IMAGE_TAG_BASE: registry.connect.redhat.com/streamnative/function-mesh
CATALOG_BRANCH_TAG: latest
CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID: ${{ secrets.CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.PFLT_PYXIS_API_TOKEN }}
TIMEOUT_IN_MINS: 10
run: |
echo $VERSION
curl -H "X-API-KEY: $PFLT_PYXIS_API_TOKEN" -s "https://catalog.redhat.com/api/containers/v1/projects/certification/id/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID/images?filter=repositories.tags.name==$VERSION"
curl -H "X-API-KEY: $PFLT_PYXIS_API_TOKEN" -s "https://catalog.redhat.com/api/containers/v1/projects/certification/id/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID/images?filter=repositories.tags.name==$VERSION" | jq --exit-status '.data[0]' >/dev/null
source hack/publish-rhel.sh
publish_the_image "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN"
wait_for_container_publish "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN" "$TIMEOUT_IN_MINS"
sync_tags "$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID" "$VERSION" "$PFLT_PYXIS_API_TOKEN"
docker rmi quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION
docker pull registry.connect.redhat.com/streamnative/function-mesh:$VERSION
docker inspect registry.connect.redhat.com/streamnative/function-mesh:$VERSION
Expand Down Expand Up @@ -276,6 +302,13 @@ jobs:
export BRANCH=function-mesh-operator-$VERSION
echo $BRANCH
git push -d origin $BRANCH || echo 'Skip branch deletion'
# sync with the upstream repo https://github.com/redhat-openshift-ecosystem/certified-operators.git
git remote add upstream https://github.com/redhat-openshift-ecosystem/certified-operators.git
git fetch upstream
git checkout -b upstream upstream/main
git pull
git checkout -b $BRANCH
export TARGET_DIR=operators/function-mesh/$VERSION
Expand Down
187 changes: 187 additions & 0 deletions hack/publish-rhel.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#

get_image()
{
local PUBLISHED=$1
local RHEL_PROJECT_ID=$2
local VERSION=$3
local RHEL_API_KEY=$4

if [[ $PUBLISHED == "published" ]]; then
local PUBLISHED_FILTER="repositories.published==true"
elif [[ $PUBLISHED == "not_published" ]]; then
local PUBLISHED_FILTER="repositories.published!=true"
else
echo "Need first parameter as 'published' or 'not_published'." ; return 1
fi

local FILTER="filter=deleted==false;${PUBLISHED_FILTER}"
local INCLUDE="include=total,data.repositories.tags.name,data.scan_status,data._id"

local RESPONSE=$( \
curl --silent \
--request GET \
--header "X-API-KEY: ${RHEL_API_KEY}" \
"https://catalog.redhat.com/api/containers/v1/projects/certification/id/${RHEL_PROJECT_ID}/images?${FILTER}&${INCLUDE}")

echo "${RESPONSE}" | jq ".data[] | select(.repositories[].tags[]?.name==\"${VERSION}\")" | jq -s '.[0] | select( . != null)' | jq -s '{data:., total: length}'
}

wait_for_container_scan()
{
local RHEL_PROJECT_ID=$1
local VERSION=$2
local RHEL_API_KEY=$3
local TIMEOUT_IN_MINS=$4

local IS_PUBLISHED=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total')
if [[ $IS_PUBLISHED == "1" ]]; then
echo "Image is already published, exiting"
return 0
fi

local NOF_RETRIES=$(( $TIMEOUT_IN_MINS / 2 ))
# Wait until the image is scanned
for i in `seq 1 ${NOF_RETRIES}`; do
local IMAGE=$(get_image not_published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
local SCAN_STATUS=$(echo "$IMAGE" | jq -r '.data[0].scan_status')

if [[ $SCAN_STATUS == "in progress" ]]; then
echo "Scanning in progress, waiting..."
elif [[ $SCAN_STATUS == "null" ]]; then
echo "Image is still not present in the registry!"
elif [[ $SCAN_STATUS == "passed" ]]; then
echo "Scan passed!" ; return 0
else
echo "Scan failed!" ; return 1
fi

sleep 120

if [[ $i == $NOF_RETRIES ]]; then
echo "Timeout! Scan could not be finished"
return 42
fi
done
}

publish_the_image()
{
local RHEL_PROJECT_ID=$1
local VERSION=$2
local RHEL_API_KEY=$3

echo "Starting publishing the image for $VERSION"

local IMAGE=$(get_image not_published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
local IMAGE_EXISTS=$(echo $IMAGE | jq -r '.total')
if [[ $IMAGE_EXISTS == "1" ]]; then
local SCAN_STATUS=$(echo $IMAGE | jq -r '.data[0].scan_status')
if [[ $SCAN_STATUS != "passed" ]]; then
echo "Image you are trying to publish did not pass the certification test, its status is \"${SCAN_STATUS}\""
return 1
fi
else
echo "Image you are trying to publish does not exist."
return 1
fi

local IMAGE_ID=$(echo "$IMAGE" | jq -r '.data[0]._id')

echo "Publishing the image $IMAGE_ID..."
RESPONSE=$( \
curl --silent \
--retry 5 --retry-all-errors \
--request POST \
--header "X-API-KEY: ${RHEL_API_KEY}" \
--header 'Cache-Control: no-cache' \
--header 'Content-Type: application/json' \
--data "{\"image_id\":\"${IMAGE_ID}\" , \"operation\" : \"publish\" }" \
"https://catalog.redhat.com/api/containers/v1/projects/certification/id/${RHEL_PROJECT_ID}/requests/images")
echo "Response: $RESPONSE"
echo "Created a publish request, please check if the image is published."
}


sync_tags()
{
local RHEL_PROJECT_ID=$1
local VERSION=$2
local RHEL_API_KEY=$3

echo "Starting sync tags for $VERSION"

local IMAGE=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
local IMAGE_EXISTS=$(echo $IMAGE | jq -r '.total')
if [[ $IMAGE_EXISTS != "0" ]]; then
local SCAN_STATUS=$(echo $IMAGE | jq -r '.data[0].scan_status')
if [[ $SCAN_STATUS != "passed" ]]; then
echo "Image you are trying to publish did not pass the certification test, its status is \"${SCAN_STATUS}\""
return 1
fi
else
echo "Image you are trying to publish does not exist."
return 1
fi

local IMAGE_ID=$(echo "$IMAGE" | jq -r '.data[0]._id')

echo "Syncing tags of the image $IMAGE_ID..."
RESPONSE=$( \
curl --silent \
--retry 5 --retry-all-errors \
--request POST \
--header "X-API-KEY: ${RHEL_API_KEY}" \
--header 'Cache-Control: no-cache' \
--header 'Content-Type: application/json' \
--data "{\"image_id\":\"${IMAGE_ID}\" , \"operation\" : \"sync-tags\" }" \
"https://catalog.redhat.com/api/containers/v1/projects/certification/id/${RHEL_PROJECT_ID}/requests/images")
echo "Response: $RESPONSE"
echo "Created a sync-tags request, please check if the tags image are in sync."
}

wait_for_container_publish()
{
local RHEL_PROJECT_ID=$1
local VERSION=$2
local RHEL_API_KEY=$3
local TIMEOUT_IN_MINS=$4

local NOF_RETRIES=$(( $TIMEOUT_IN_MINS * 2 ))
# Wait until the image is published
for i in `seq 1 ${NOF_RETRIES}`; do
local IS_PUBLISHED=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total')

if [[ $IS_PUBLISHED == "1" ]]; then
echo "Image is published, exiting."
return 0
else
echo "Image is still not published, waiting..."
fi

sleep 30

if [[ $i == $NOF_RETRIES ]]; then
echo "Timeout! Publish could not be finished"
return 42
fi
done
}

0 comments on commit 26f75b5

Please sign in to comment.