From 2aead592c023b199e7651d3a4dcb938b06ddf44d Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque Date: Fri, 26 Jun 2026 17:42:37 -0400 Subject: [PATCH 1/2] Add CI configs for upstream k8snetworkplumbingwg PTP repos Onboard k8snetworkplumbingwg/ptp-operator and k8snetworkplumbingwg/linuxptp-daemon into OpenShift CI so that upstream-built images are available for telco5g PTP e2e tests. Both repos build from their upstream Dockerfiles (public base images) and promote to the ptp-upstream namespace, enabling the telco5g test infrastructure to deploy upstream PTP images without rebuilding from source during test execution. --- ...etworkplumbingwg-linuxptp-daemon-main.yaml | 19 ++++++ ...8snetworkplumbingwg-ptp-operator-main.yaml | 19 ++++++ ...ngwg-linuxptp-daemon-main-postsubmits.yaml | 64 +++++++++++++++++++ ...ingwg-linuxptp-daemon-main-presubmits.yaml | 59 +++++++++++++++++ ...mbingwg-ptp-operator-main-postsubmits.yaml | 64 +++++++++++++++++++ ...umbingwg-ptp-operator-main-presubmits.yaml | 59 +++++++++++++++++ 6 files changed, 284 insertions(+) create mode 100644 ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main.yaml create mode 100644 ci-operator/config/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main.yaml create mode 100644 ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-postsubmits.yaml create mode 100644 ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-presubmits.yaml create mode 100644 ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-postsubmits.yaml create mode 100644 ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-presubmits.yaml diff --git a/ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main.yaml b/ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main.yaml new file mode 100644 index 0000000000000..cfec633579761 --- /dev/null +++ b/ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main.yaml @@ -0,0 +1,19 @@ +build_root: + from_repository: true +images: + items: + - dockerfile_path: Dockerfile + to: ptp +promotion: + to: + - namespace: ptp-upstream + tag: latest +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +zz_generated_metadata: + branch: main + org: k8snetworkplumbingwg + repo: linuxptp-daemon diff --git a/ci-operator/config/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main.yaml b/ci-operator/config/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main.yaml new file mode 100644 index 0000000000000..a7bb32fb8ce8f --- /dev/null +++ b/ci-operator/config/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main.yaml @@ -0,0 +1,19 @@ +build_root: + from_repository: true +images: + items: + - dockerfile_path: Dockerfile + to: ptp-operator +promotion: + to: + - namespace: ptp-upstream + tag: latest +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +zz_generated_metadata: + branch: main + org: k8snetworkplumbingwg + repo: ptp-operator diff --git a/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-postsubmits.yaml b/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-postsubmits.yaml new file mode 100644 index 0000000000000..990319415547b --- /dev/null +++ b/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-postsubmits.yaml @@ -0,0 +1,64 @@ +postsubmits: + k8snetworkplumbingwg/linuxptp-daemon: + - agent: kubernetes + always_run: true + branches: + - ^main$ + cluster: build01 + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile + labels: + ci-operator.openshift.io/is-promotion: "true" + ci.openshift.io/generator: prowgen + max_concurrency: 1 + name: branch-ci-k8snetworkplumbingwg-linuxptp-daemon-main-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-presubmits.yaml b/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-presubmits.yaml new file mode 100644 index 0000000000000..443c8b494f7cd --- /dev/null +++ b/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/k8snetworkplumbingwg-linuxptp-daemon-main-presubmits.yaml @@ -0,0 +1,59 @@ +presubmits: + k8snetworkplumbingwg/linuxptp-daemon: + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/images + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-k8snetworkplumbingwg-linuxptp-daemon-main-images + rerun_command: /test images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )images,?($|\s.*) diff --git a/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-postsubmits.yaml b/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-postsubmits.yaml new file mode 100644 index 0000000000000..41c68e046d09d --- /dev/null +++ b/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-postsubmits.yaml @@ -0,0 +1,64 @@ +postsubmits: + k8snetworkplumbingwg/ptp-operator: + - agent: kubernetes + always_run: true + branches: + - ^main$ + cluster: build01 + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile + labels: + ci-operator.openshift.io/is-promotion: "true" + ci.openshift.io/generator: prowgen + max_concurrency: 1 + name: branch-ci-k8snetworkplumbingwg-ptp-operator-main-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-presubmits.yaml b/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-presubmits.yaml new file mode 100644 index 0000000000000..7a468d63594fa --- /dev/null +++ b/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/k8snetworkplumbingwg-ptp-operator-main-presubmits.yaml @@ -0,0 +1,59 @@ +presubmits: + k8snetworkplumbingwg/ptp-operator: + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/images + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-k8snetworkplumbingwg-ptp-operator-main-images + rerun_command: /test images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )images,?($|\s.*) From 78654c09a83a594ea2c26e33b0cb3da340edbb69 Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque Date: Fri, 26 Jun 2026 17:50:46 -0400 Subject: [PATCH 2/2] Refactor telco5g PTP tests to use CI-built images Replace the build_images() function (~200 lines, ~12 min) that spawns a privileged pod to clone and build PTP components from source with get_ci_images() that resolves pullspecs from either the release payload (downstream) or ci-operator dependency injection (upstream). Changes: - Remove build_images() privileged pod, oc client download, and Go version setup (only needed for source builds) - Add get_ci_images() with two paths: downstream extracts images from the release payload via oc adm release info; upstream uses images injected by ci-operator dependencies - Always pass all three image overrides (IMG, LINUXPTP_DAEMON_IMAGE, SIDECAR_EVENT_IMAGE) to make deploy for both upstream and downstream - Add base_images and dependencies for upstream PTP images to the 4.22, 4.23, and 5.0 nightly configs - Declare PTP_OPERATOR_IMAGE and PTP_DAEMON_IMAGE dependencies in the telco5g-ptp-tests ref YAML - Update prow-status dashboard phase parsing to match new log anchors --- .../linuxptp-daemon/OWNERS | 21 ++ .../k8snetworkplumbingwg/ptp-operator/OWNERS | 23 ++ .../linuxptp-daemon/OWNERS | 21 ++ .../k8snetworkplumbingwg/ptp-operator/OWNERS | 23 ++ .../ptp/tests/telco5g-ptp-tests-commands.sh | 309 ++---------------- .../ptp/tests/telco5g-ptp-tests-ref.yaml | 5 + .../linuxptp-daemon/_pluginconfig.yaml | 9 + .../ptp-operator/_pluginconfig.yaml | 9 + 8 files changed, 136 insertions(+), 284 deletions(-) create mode 100644 ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/OWNERS create mode 100644 ci-operator/config/k8snetworkplumbingwg/ptp-operator/OWNERS create mode 100644 ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/OWNERS create mode 100644 ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/OWNERS create mode 100644 core-services/prow/02_config/k8snetworkplumbingwg/linuxptp-daemon/_pluginconfig.yaml create mode 100644 core-services/prow/02_config/k8snetworkplumbingwg/ptp-operator/_pluginconfig.yaml diff --git a/ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/OWNERS b/ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/OWNERS new file mode 100644 index 0000000000000..8a5ac60edb910 --- /dev/null +++ b/ci-operator/config/k8snetworkplumbingwg/linuxptp-daemon/OWNERS @@ -0,0 +1,21 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/k8snetworkplumbingwg/linuxptp-daemon root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 +options: {} +reviewers: +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 diff --git a/ci-operator/config/k8snetworkplumbingwg/ptp-operator/OWNERS b/ci-operator/config/k8snetworkplumbingwg/ptp-operator/OWNERS new file mode 100644 index 0000000000000..d447e0f83b01c --- /dev/null +++ b/ci-operator/config/k8snetworkplumbingwg/ptp-operator/OWNERS @@ -0,0 +1,23 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/k8snetworkplumbingwg/ptp-operator root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- edcdavid +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 +options: {} +reviewers: +- edcdavid +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 diff --git a/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/OWNERS b/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/OWNERS new file mode 100644 index 0000000000000..8a5ac60edb910 --- /dev/null +++ b/ci-operator/jobs/k8snetworkplumbingwg/linuxptp-daemon/OWNERS @@ -0,0 +1,21 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/k8snetworkplumbingwg/linuxptp-daemon root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 +options: {} +reviewers: +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 diff --git a/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/OWNERS b/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/OWNERS new file mode 100644 index 0000000000000..d447e0f83b01c --- /dev/null +++ b/ci-operator/jobs/k8snetworkplumbingwg/ptp-operator/OWNERS @@ -0,0 +1,23 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/k8snetworkplumbingwg/ptp-operator root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- edcdavid +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 +options: {} +reviewers: +- edcdavid +- josephdrichard +- jzding +- lack +- nocturnalastro +- sebsoto +- vitus133 diff --git a/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-commands.sh b/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-commands.sh index 5e1b8852e75ab..ccd3f3877b210 100644 --- a/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-commands.sh +++ b/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-commands.sh @@ -5,216 +5,29 @@ set -o nounset set -o errexit set -o pipefail -build_images(){ -oc delete namespace openshift-ptp || true -oc create namespace openshift-ptp -o yaml | oc label -f - pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged || true -# copy pull secrets in openshift-ptp namespace -oc get secret pull-secret --namespace=openshift-config -oyaml | grep -v '^\s*namespace:\s' | oc apply --namespace=openshift-ptp -f - -echo $KUBECONFIG -jobdefinition='--- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: privileged-rights - namespace: openshift-ptp -rules: -- apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - managedFields: - name: privileged-rights - namespace: openshift-ptp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: privileged-rights -subjects: -- kind: ServiceAccount - name: builder - namespace: openshift-ptp ---- -apiVersion: v1 -kind: Pod -metadata: - name: podman - namespace: openshift-ptp -spec: - restartPolicy: Never - serviceAccountName: builder - containers: - - name: priv - image: quay.io/podman/stable:v4.9.4 - command: - - /bin/bash - - -c - - | - set -xe - yum install jq git wget podman-docker -y - yum group install "development-tools" -y - wget https://go.dev/dl/go1.20.4.linux-amd64.tar.gz - rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.4.linux-amd64.tar.gz - export PATH=$PATH:/usr/local/go/bin - go version - - # set +x here to hide pass from log - set +xe - - echo "podman login with serviceaccount" - - # Used for 4.16 and newer releases. - pass=$( jq .\"image-registry.openshift-image-registry.svc:5000\".auth /var/run/secrets/openshift.io/push/.dockercfg ) - pass=`echo ${pass:1:-1} | base64 -d` - podman login -u serviceaccount -p ${pass:8} image-registry.openshift-image-registry.svc:5000 --tls-verify=false - - # Used for 4.15 and older releases. - if ! podman login --get-login image-registry.openshift-image-registry.svc:5000 &> /dev/null; then - pass=$( jq .\"image-registry.openshift-image-registry.svc:5000\".password /var/run/secrets/openshift.io/push/.dockercfg ) - podman login -u serviceaccount -p ${pass:1:-1} image-registry.openshift-image-registry.svc:5000 --tls-verify=false - fi - - set -x - - export IMG=PTP_IMAGE - export DAEMON_IMG="DAEMON_IMAGE" - export SIDECAR_IMG="SIDECAR_IMAGE" - - export T5CI_VERSION="T5CI_VERSION_VAL" - export USE_UPSTREAM="USE_UPSTREAM_VAL" - - # run latest release on upstream main branch - if [[ "${USE_UPSTREAM:-false}" == "true" ]]; then - echo "Running on upstream main branch" - git clone --single-branch --branch main https://github.com/k8snetworkplumbingwg/ptp-operator.git - else - git clone --single-branch --branch OPERATOR_VERSION https://github.com/openshift/ptp-operator.git - fi - cd ptp-operator - # OCPBUGS-52327 fix build due to libresolv.so link error - sed -i "s/\(CGO_ENABLED=\${CGO_ENABLED}\) \(GOOS=\${GOOS}\)/\1 CC=\"gcc -fuse-ld=gold\" \2/" hack/build.sh - # For UPSTREAM use Dockerfile for upstream contents - if [[ "$T5CI_VERSION" =~ 4.1[2-8]+ || "${USE_UPSTREAM:-false}" == "true" ]]; then - sed -i "/ENV GO111MODULE=off/ a\ENV GOMAXPROCS=20" Dockerfile - make docker-build - else - # Dockerfile is updated to upstream in 4.19+. Use .ocp or .ci versions for non-UPSTREAM runs - if [ -f "Dockerfile.ocp" ]; then - DOCKERFILE="Dockerfile.ocp" - else - DOCKERFILE="Dockerfile.ci" - fi - sed -i "/ENV GO111MODULE=off/ a\ENV GOMAXPROCS=20" "$DOCKERFILE" - podman build -t "${IMG}" -f "$DOCKERFILE" - fi - podman push ${IMG} --tls-verify=false - cd .. - - if [[ "${USE_UPSTREAM:-false}" == "false" ]]; then - # If we a running a downstream run we are done - exit 0 - fi - - # If were running upstream we should also use the upstream daemon! - echo "Running on upstream main branch of linuxptp-daemon" - git clone --single-branch --branch main https://github.com/k8snetworkplumbingwg/linuxptp-daemon.git - cd linuxptp-daemon - # Split DAEMON_IMG into IMAGE_TAG_BASE and VERSION because - # hack/build-image.sh unconditionally overwrites IMG from these two vars. - IMAGE_TAG_BASE="${DAEMON_IMG%:*}" VERSION="${DAEMON_IMG##*:}" make image - podman push ${DAEMON_IMG} --tls-verify=false - cd .. - - echo "Running on main branch of cloud-event-proxy" - git clone --single-branch --branch main https://github.com/redhat-cne/cloud-event-proxy.git - cd cloud-event-proxy - IMG=${SIDECAR_IMG} make podman-build - podman push ${SIDECAR_IMG} --tls-verify=false - cd .. - - securityContext: - privileged: true - volumeMounts: - - mountPath: /var/run/secrets/openshift.io/push - name: dockercfg - readOnly: true - - name: secret-volume - mountPath: /root/.docker - volumes: - - name: secret-volume - secret: - secretName: pull-secret - items: - - key: .dockerconfigjson - path: config.json - - - name: dockercfg - secret: - secretName: BUILDER_DOCKERCFG - defaultMode: 384 -' - - jobdefinition=$(sed "s#OPERATOR_VERSION#${PTP_UNDER_TEST_BRANCH}#" <<<"$jobdefinition") - jobdefinition=$(sed "s#PTP_IMAGE#${IMG}#" <<<"$jobdefinition") - jobdefinition=$(sed "s#DAEMON_IMAGE#${DAEMON_IMG}#" <<<"$jobdefinition") - jobdefinition=$(sed "s#SIDECAR_IMAGE#${SIDECAR_IMG}#" <<<"$jobdefinition") - jobdefinition=$(sed "s#T5CI_VERSION_VAL#${T5CI_VERSION}#" <<<"$jobdefinition") - jobdefinition=$(sed "s#USE_UPSTREAM_VAL#${T5CI_DEPLOY_UPSTREAM:-false}#" <<<"$jobdefinition") - #oc label ns openshift-ptp --overwrite pod-security.kubernetes.io/enforce=privileged - - retry_with_timeout 400 5 oc -n openshift-ptp get sa builder - dockercgf="" - for i in $(seq 1 80); do - dockercgf=$(oc --request-timeout=10s -n openshift-ptp get secret \ - -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' \ - | grep '^builder-dockercfg-' | head -1 || true) - if [[ -n "${dockercgf}" ]]; then - break - fi - echo "Waiting for builder-dockercfg secret (attempt ${i}/80)..." - sleep 5 - done - if [[ -z "${dockercgf}" ]]; then - echo "[ERROR] builder-dockercfg secret not found after 400s" - exit 1 - fi - jobdefinition=${jobdefinition//BUILDER_DOCKERCFG/${dockercgf}} - echo "$jobdefinition" - echo "$jobdefinition" | oc apply -f - - - success=0 - iterations=0 - sleep_time=10 - max_iterations=72 # results in 12 minutes timeout - until [[ $success -eq 1 ]] || [[ $iterations -eq $max_iterations ]]; do - run_status=$(oc -n openshift-ptp get pod podman -o json | jq '.status.phase' | tr -d '"') - if [ "$run_status" == "Succeeded" ]; then - success=1 - break - fi - iterations=$((iterations + 1)) - sleep $sleep_time - done - - # print the build logs - oc -n openshift-ptp logs podman - - if [[ $success -eq 1 ]]; then - echo "[INFO] index build succeeded" +get_ci_images() { + if [[ "${T5CI_DEPLOY_UPSTREAM:-false}" == "true" ]]; then + export IMG="${PTP_OPERATOR_IMAGE:?PTP_OPERATOR_IMAGE not set by ci-operator dependency}" + export DAEMON_IMG="${PTP_DAEMON_IMAGE:?PTP_DAEMON_IMAGE not set by ci-operator dependency}" + local release_image + release_image=$(oc get clusterversion version -o jsonpath='{.status.desired.image}') + SIDECAR_IMG=$(oc adm release info "${release_image}" --image-for=cloud-event-proxy) + export SIDECAR_IMG else - echo "[ERROR] index build failed" - exit 1 + local release_image + release_image=$(oc get clusterversion version -o jsonpath='{.status.desired.image}') + IMG=$(oc adm release info "${release_image}" --image-for=ptp-operator) + export IMG + DAEMON_IMG=$(oc adm release info "${release_image}" --image-for=ptp) + export DAEMON_IMG + SIDECAR_IMG=$(oc adm release info "${release_image}" --image-for=cloud-event-proxy) + export SIDECAR_IMG fi + echo "[INFO] IMG=${IMG}" + echo "[INFO] DAEMON_IMG=${DAEMON_IMG}" + echo "[INFO] SIDECAR_IMG=${SIDECAR_IMG}" } -# Define the function to retry a command with a timeout retry_with_timeout() { local timeout=$1 local interval=$2 @@ -224,27 +37,18 @@ retry_with_timeout() { start_time=$(date +%s) local end_time=$((start_time + timeout)) while true; do - # Run the command ${command} && return 0 - - # Check if the timeout has expired local current_time current_time=$(date +%s) if [ "${current_time}" -gt "${end_time}" ]; then return 1 fi - - # Sleep for the specified interval before retrying sleep "${interval}" done } -# print RTC logs print_time() { - # Get the list of nodes in the cluster NODES=$(oc get nodes -l node-role.kubernetes.io/worker -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}') - - # Loop through each node for node in $NODES; do echo "Processing node: $node" oc debug node/"$node" -- chroot /host sh -c "date;sudo hwclock" @@ -272,20 +76,16 @@ fi export CNF_E2E_TESTS export CNF_ORIGIN_TESTS -# always use the latest test code export TEST_BRANCH="main" -# run latest release on upstream main branch if [[ "${T5CI_DEPLOY_UPSTREAM:-false}" == "true" ]]; then export PTP_UNDER_TEST_BRANCH="main" else export PTP_UNDER_TEST_BRANCH="release-${T5CI_VERSION}" fi -export IMG_VERSION="release-${T5CI_VERSION}" export KUBECONFIG=$SHARED_DIR/kubeconfig -# Fail fast if any node is not Ready echo "************ Checking node readiness ************" oc get nodes -owide NOT_READY_NODES=$(oc get nodes -o jsonpath='{range .items[*]}{.metadata.name}{" "}{.status.conditions[?(@.type=="Ready")].status}{"\n"}{end}' | grep -v "True$" || true) @@ -303,36 +103,13 @@ fi echo "[INFO] All ${TOTAL_NODES} nodes are Ready." echo "***************************************************" -# Set go version -if [[ "$T5CI_VERSION" =~ 4.1[2-5]+ ]]; then - source "$HOME"/golang-1.20 -else - source "$HOME"/golang-1.22.4 -fi - temp_dir=$(mktemp -d -t cnf-XXXXX) cd "$temp_dir" || exit 1 -# deploy ptp echo "deploying ptp-operator on branch ${PTP_UNDER_TEST_BRANCH}" -# build ptp operator and create catalog - -export REGISTRY="image-registry.openshift-image-registry.svc:5000" -export IMG="${REGISTRY}/openshift-ptp/ptp-operator:${T5CI_VERSION}" -export DAEMON_IMG="${REGISTRY}/openshift-ptp/linuxptp-daemon:${T5CI_VERSION}" -export SIDECAR_IMG="${REGISTRY}/openshift-ptp/cloud-event-proxy:${T5CI_VERSION}" -build_images - -# Get an updated version of oc -mkdir ~/bin -wget https://openshift-mirror-list.ci-systems.workers.dev/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz -tar -zxvf openshift-client-linux.tar.gz -C ~/bin -export PATH=$HOME/bin:$PATH +get_ci_images -oc version --client - -# deploy ptp-operator if [[ "${T5CI_DEPLOY_UPSTREAM:-false}" == "true" ]]; then echo "Running on upstream main branch" git clone https://github.com/k8snetworkplumbingwg/ptp-operator.git -b "${PTP_UNDER_TEST_BRANCH}" ptp-operator-under-test @@ -342,23 +119,15 @@ fi cd ptp-operator-under-test -# force downloading fresh images grep -r "imagePullPolicy: IfNotPresent" --files-with-matches | awk '{print "sed -i -e \"s@imagePullPolicy: IfNotPresent@imagePullPolicy: Always@g\" " $1 }' | bash -# deploy ptp-operator -if [[ "${T5CI_DEPLOY_UPSTREAM:-false}" == "true" ]]; then - make deploy \ - IMG=${IMG} \ - LINUXPTP_DAEMON_IMAGE=${DAEMON_IMG} \ - SIDECAR_EVENT_IMAGE=${SIDECAR_IMG} -else - make deploy IMG=${IMG} -fi +make deploy \ + IMG="${IMG}" \ + LINUXPTP_DAEMON_IMAGE="${DAEMON_IMG}" \ + SIDECAR_EVENT_IMAGE="${SIDECAR_IMG}" -# wait until the linuxptp-daemon pods are ready retry_with_timeout 400 5 kubectl rollout status daemonset linuxptp-daemon -nopenshift-ptp -# patching to add events if [[ "$T5CI_VERSION" =~ 4.1[2-5]+ ]]; then export EVENT_API_VERSION="1.0" oc patch ptpoperatorconfigs.ptp.openshift.io default -nopenshift-ptp --patch '{"spec":{"ptpEventConfig":{"enableEventPublisher":true, "storageType":"emptyDir"}, "daemonNodeSelector": {"node-role.kubernetes.io/worker":""}}}' --type=merge @@ -375,18 +144,13 @@ fi if [[ "$T5CI_VERSION" =~ 4.1[2-8]+ ]]; then echo "Version is less than 4.19" - # release-4.18 consumer image supports event API v1 export CONSUMER_IMG="quay.io/redhat-cne/cloud-event-consumer:release-4.18" TEST_MODES=("dualnicbc" "dualnicbcha" "bc" "oc") - # DualNICBoundaryClockHA test mode is only supported from 4.16 onwards, - # so if the version is less than 4.16, remove it from the list if [[ "$T5CI_VERSION" =~ 4.1[2-5] ]]; then TEST_MODES=("${TEST_MODES[@]/dualnicbcha}") fi - # DualNICBoundaryClock test mode is only supported from 4.13 onwards, - # so if the version is less than 4.13, remove it from the list if [[ "$T5CI_VERSION" == 4.12 ]]; then TEST_MODES=("${TEST_MODES[@]/dualnicbc}") fi @@ -394,22 +158,17 @@ if [[ "$T5CI_VERSION" =~ 4.1[2-8]+ ]]; then else echo "Version is 4.19 or greater" export CONSUMER_IMG="quay.io/redhat-cne/cloud-event-consumer:latest" - # Only run tgm and dualfollower tests from 4.19 onwards TEST_MODES=("tgm" "dualfollower" "dualnicbc" "dualnicbcha" "bc" "oc") fi -# wait for the linuxptp-daemon to be deployed retry_with_timeout 400 5 kubectl rollout status daemonset linuxptp-daemon -nopenshift-ptp -# Run ptp conformance test cd - echo "running conformance tests from branch ${TEST_BRANCH}" -# always run test from latest upstream git clone https://github.com/k8snetworkplumbingwg/ptp-operator.git -b "${TEST_BRANCH}" ptp-operator-conformance-test cd ptp-operator-conformance-test -# configuration cat <<'EOF' >"${SHARED_DIR}"/test-config.yaml --- global: @@ -459,27 +218,21 @@ soaktest: EOF -# Setup log collection with test markers export COLLECT_POD_LOGS=${COLLECT_POD_LOGS:-true} export LOG_TEST_MARKERS=true export LOG_ARTIFACTS_DIR="${ARTIFACT_DIR}/pod-logs" mkdir -p $LOG_ARTIFACTS_DIR -# Set output directory export JUNIT_OUTPUT_DIR=${ARTIFACT_DIR} export PTP_LOG_LEVEL=debug export SKIP_INTERFACES=eno8303np0,eno8403np1,eno8503np2,eno8603np3,eno12409,eno8303,ens7f0np0,ens7f1np1,eno8403,ens6f0np0,ens6f1np1,eno8303np0,eno8403np1,eno8503np2,eno8603np3,eno12399 export PTP_TEST_CONFIG_FILE=${SHARED_DIR}/test-config.yaml -# wait before first run -# wait more to let openshift complete initialization sleep 300 -# get RTC logs print_time -# Run tests for mode in "${TEST_MODES[@]}"; do echo "Running tests for PTP_TEST_MODE=${mode}" @@ -487,20 +240,17 @@ for mode in "${TEST_MODES[@]}"; do export JUNIT_OUTPUT_FILE="test_results_${PTP_TEST_MODE}.xml" set_events_output_file - temp_status="temp_status_${mode}" # Convert to lowercase for variable naming + temp_status="temp_status_${mode}" exit_code=0 make functests || exit_code=$? declare "$temp_status=$exit_code" - # Get RTC logs print_time done status=0 -# Display all statuses for mode in "${TEST_MODES[@]}"; do temp_status="temp_status_${mode}" - # If the variable is not set return an error if [[ -z ${!temp_status+x} ]]; then echo "Error: Variable $temp_status is unset!" status=1 @@ -516,13 +266,10 @@ for mode in "${TEST_MODES[@]}"; do fi done -# allows commands to fail without returning set +e -# clean up, undeploy ptp-operator make undeploy -# publishing results cd - python3 -m venv "${SHARED_DIR}"/myenv @@ -539,25 +286,19 @@ if [[ ! -d "${SHARED_DIR}"/telco5gci ]]; then fi pip install -r "${SHARED_DIR}"/telco5gci/requirements.txt -# Create HTML reports for humans/aliens python "${SHARED_DIR}"/telco5gci/j2html.py "${ARTIFACT_DIR}"/test_results_*xml -o "${ARTIFACT_DIR}"/test_results_all.html for mode in "${TEST_MODES[@]}"; do python "${SHARED_DIR}"/telco5gci/j2html.py "${ARTIFACT_DIR}"/test_results_"${mode}".xml -o "${ARTIFACT_DIR}"/test_results_"${mode}".html done -# merge junit files in to one junitparser merge "${ARTIFACT_DIR}"/test_results_*xml "${ARTIFACT_DIR}"/test_results_all.xml && cp "${ARTIFACT_DIR}"/test_results_all.xml "${ARTIFACT_DIR}"/junit.xml -# Create JSON reports for robots python "${SHARED_DIR}"/telco5gci/junit2json.py "${ARTIFACT_DIR}"/test_results_all.xml -o "${ARTIFACT_DIR}"/test_results.json -# delete temp directory rm -rf "$temp_dir" -# cancel "allows commands to fail without returning" set -e -# return saved status exit "${status}" diff --git a/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-ref.yaml b/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-ref.yaml index bbc4c01a6503b..ac60573a03718 100644 --- a/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-ref.yaml +++ b/ci-operator/step-registry/telco5g/ptp/tests/telco5g-ptp-tests-ref.yaml @@ -10,6 +10,11 @@ ref: requests: cpu: 2000m memory: 4Gi + dependencies: + - name: ptp-operator-upstream + env: PTP_OPERATOR_IMAGE + - name: ptp-upstream + env: PTP_DAEMON_IMAGE env: - name: E2E_TESTS_CONFIG default: "" diff --git a/core-services/prow/02_config/k8snetworkplumbingwg/linuxptp-daemon/_pluginconfig.yaml b/core-services/prow/02_config/k8snetworkplumbingwg/linuxptp-daemon/_pluginconfig.yaml new file mode 100644 index 0000000000000..2435d60129851 --- /dev/null +++ b/core-services/prow/02_config/k8snetworkplumbingwg/linuxptp-daemon/_pluginconfig.yaml @@ -0,0 +1,9 @@ +plugins: + k8snetworkplumbingwg/linuxptp-daemon: + plugins: + - trigger +triggers: +- repos: + - k8snetworkplumbingwg/linuxptp-daemon + trusted_apps: + - openshift-merge-bot diff --git a/core-services/prow/02_config/k8snetworkplumbingwg/ptp-operator/_pluginconfig.yaml b/core-services/prow/02_config/k8snetworkplumbingwg/ptp-operator/_pluginconfig.yaml new file mode 100644 index 0000000000000..388eade2ef899 --- /dev/null +++ b/core-services/prow/02_config/k8snetworkplumbingwg/ptp-operator/_pluginconfig.yaml @@ -0,0 +1,9 @@ +plugins: + k8snetworkplumbingwg/ptp-operator: + plugins: + - trigger +triggers: +- repos: + - k8snetworkplumbingwg/ptp-operator + trusted_apps: + - openshift-merge-bot