ci: skeleton #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenShift Operator certification pipeline | |
| on: | |
| push: | |
| workflow_dispatch: | |
| inputs: | |
| aws_region: | |
| description: 'AWS region' | |
| default: 'eu-central-1' | |
| type: choice | |
| options: | |
| - 'us-east-1' | |
| - 'us-east-2' | |
| - 'us-west-2' | |
| - 'us-west-1' | |
| - 'eu-west-1' | |
| - 'eu-central-1' | |
| - 'sa-east-1' | |
| - 'ap-northeast-1' | |
| - 'ap-southeast-1' | |
| - 'ap-southeast-2' | |
| - 'ap-northeast-2' | |
| ocp_version: | |
| description: 'Openshift version' | |
| default: 'ocp-4-17' | |
| type: choice | |
| options: | |
| - 'ocp-4-14' | |
| - 'ocp-4-15' | |
| - 'ocp-4-16' | |
| - 'ocp-4-17' | |
| cilium_version: | |
| description: 'Cilium Version to use (ex: 1.16.4)' | |
| default: "1.16.4" | |
| required: true | |
| is_released: | |
| description: 'Is this version released ? No: `-ci` will be added to cilium_version' | |
| required: false | |
| type: boolean | |
| default: false | |
| run_tests: | |
| description: 'Run tests on the deployed cluster' | |
| required: false | |
| type: boolean | |
| default: false | |
| do_not_destroy: | |
| description: 'Do not destroy the cluster' | |
| required: false | |
| type: boolean | |
| default: false | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: read | |
| statuses: write | |
| env: | |
| TERRAFORM_VERSION: 1.10.3 | |
| TEKTON_VERSION: 0.39.0 | |
| OC_VERSION: 4.17.0 | |
| OCP_VERSION: ocp-4-17 | |
| PULL_SECRET_FILE: pull_secret.json | |
| REGION: eu-west-3 | |
| AVAILABILITY_ZONES: '["eu-west-3a", "eu-west-3b", "eu-west-3c"]' | |
| CLUSTER_NAME: ocp-cert | |
| OWNER: ci | |
| BASE_DOMAIN: ci.covalent.lol | |
| WORKER_INSTANCE_TYPE: m5.xlarge | |
| WORKER_COUNT: 2 | |
| CILIUM_ENABLED: true | |
| CILIUM_OLM_REPO_BRANCH: main-ce | |
| CILIUM_VERSION: v1.16.3 | |
| OPENSHIFT_VERSION: 4.14.2 | |
| INSTALL_TETRAGON: false | |
| CREATE_SUBSCRIPTION: false | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 120 | |
| steps: | |
| - name: Checkout workflow context branch | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # 3.1.2 | |
| with: | |
| terraform_version: "${{ env.TERRAFORM_VERSION }}" | |
| terraform_wrapper: false | |
| - name: Install Tekton CLI | |
| run: | | |
| curl -LO https://github.com/tektoncd/cli/releases/download/v${{ env.TEKTON_VERSION }}/tkn_${{ env.TEKTON_VERSION }}_Linux_x86_64.tar.gz | |
| sudo tar xvzf tkn_${{ env.TEKTON_VERSION }}_Linux_x86_64.tar.gz -C /usr/local/bin/ tkn | |
| - name: Checkout OpenShift CuTE repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: isovalent/cute-openshift-aws | |
| token: ${{ secrets.READ_PRIVATE_REPOSITORIES }} # TODO: replace with ISOVALENT_BOT_READ_PRIVATE_REPOSITORIES | |
| path: ocp | |
| - name: Configure Git | |
| run: | | |
| # TODO: replace with ISOVALENT_BOT_READ_PRIVATE_REPOSITORIES | |
| git config --global url."https://oauth2:${{ secrets.READ_PRIVATE_REPOSITORIES }}@github.com".insteadOf ssh://[email protected] | |
| git config --global url."https://oauth2::${{ secrets.READ_PRIVATE_REPOSITORIES }}@github.com".insteadOf [email protected] | |
| git config --global --list | |
| - name: Install OpenShift CLI tools | |
| uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1.13.1 | |
| with: | |
| source: "mirror" | |
| oc: "${{ env.OC_VERSION }}" | |
| - name: Set up AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::478566851380:role/CuTE_CIAccessRole | |
| aws-region: ${{ env.REGION }} | |
| role-duration-seconds: 43200 # 12 hours | |
| - name: Configure terraform variables | |
| working-directory: ./ocp/${{ env.OCP_VERSION }} | |
| run: | | |
| # TODO: replace RH_PULL_SECRET secret | |
| echo '${{ secrets.RH_PULL_SECRET }}' | python -m json.tool > ${{ env.PULL_SECRET_FILE }} | |
| # Use less loaded region | |
| cat > terraform.tfvars<<EOF | |
| region = "${{ env.REGION }}" | |
| availability_zones = ${{ env.AVAILABILITY_ZONES }} | |
| cluster_name = "${{ env.CLUSTER_NAME }}" | |
| owner = "${{ env.OWNER }}" | |
| base_domain = "${{ env.BASE_DOMAIN }}" | |
| pull_secret_path = "${{ env.PULL_SECRET_FILE }}" | |
| worker_instance_type = "${{ env.WORKER_INSTANCE_TYPE }}" | |
| workers_count = ${{ env.WORKER_COUNT }} | |
| cilium_enabled = ${{ env.CILIUM_ENABLED }} | |
| cilium_olm_repo_branch = "${{ env.CILIUM_OLM_REPO_BRANCH }}" | |
| cilium_version = "${{ env.CILIUM_VERSION }}" | |
| openshift_version = "${{ env.OPENSHIFT_VERSION }}" | |
| install_tetragon = ${{ env.INSTALL_TETRAGON }} | |
| create_subscription = ${{ env.CREATE_SUBSCRIPTION }} | |
| EOF | |
| cat terraform.tfvars | |
| - name: Provision OpenShift cluster | |
| working-directory: ./ocp/${{ env.OCP_VERSION }} | |
| timeout-minutes: 60 | |
| run: | | |
| make apply AUTO_APPROVE=true | |
| export KUBECONFIG=$(terraform output -json | jq .path_to_kubeconfig_file.value -r) | |
| - name: Test OC CLI | |
| working-directory: ./ocp/${{ env.OCP_VERSION }} | |
| run: | | |
| oc get nodes | |
| cat $KUBECONFIG | |
| admpass=$(echo ${KUBECONFIG/kubeconfig/kubeadmin-password}) | |
| echo "kubeadmin-password: $admpass" | |
| echo "sleeping..." | |
| sleep 180 | |
| - name: Clean | |
| if: always() | |
| working-directory: ./ocp/${{ env.OCP_VERSION }} | |
| timeout-minutes: 60 | |
| run: | | |
| make destroy AUTO_APPROVE=true | |
| - name: Remove sensitive data | |
| if: always() | |
| working-directory: ./ocp/${{ env.OCP_VERSION }} | |
| run: | | |
| rm -f ${{ env.PULL_SECRET_FILE }} |