chore: update NIC conf operator CRDs #44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker, Helm, and OCP CI | ||
| on: | ||
| push: | ||
| branches: | ||
| - "master" | ||
| - "v*.x" | ||
| tags: | ||
| - "v*" | ||
| # note: various environment variable names are set to match expectation from the Makefile; do not change without comparing | ||
| env: | ||
| DEFAULT_BRANCH: master | ||
| REGISTRY: nvcr.io/nvstaging/mellanox | ||
| IMAGE_NAME: network-operator | ||
| jobs: | ||
| docker-build-push: | ||
| runs-on: linux-amd64-cpu4 | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Setup Go Proxy | ||
| id: setup-go-proxy | ||
| uses: nv-gha-runners/setup-artifactory-go-proxy@main | ||
| - name: Determine docker tags | ||
| id: docker-tags | ||
| run: | | ||
| git_sha=$(git rev-parse --short=12 HEAD) # short git commit hash | ||
| git_tag=${{ github.ref_type == 'tag' && github.ref_name || '' }} # git tag, if triggered by tag event | ||
| latest=${{ github.ref_name == env.DEFAULT_BRANCH && 'latest' || '' }} # 'latest', if branch is master | ||
| # Build comma-separated tags for docker/build-push-action | ||
| tags="" | ||
| for tag in $git_sha $git_tag $latest; do | ||
| if [ -n "$tag" ]; then | ||
| if [ -z "$tags" ]; then | ||
| tags="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$tag" | ||
| else | ||
| tags="$tags,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$tag" | ||
| fi | ||
| fi | ||
| done | ||
| echo "tags=$tags" | tee -a $GITHUB_OUTPUT | ||
| - uses: docker/setup-qemu-action@v3 | ||
| - uses: docker/setup-buildx-action@v3 | ||
| with: | ||
| buildkitd-config: /etc/buildkit/buildkitd.toml | ||
| - uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ secrets.NVCR_USERNAME }} | ||
| password: ${{ secrets.NVCR_TOKEN }} | ||
| - uses: docker/build-push-action@v6 | ||
| env: | ||
| GOPROXY: ${{ steps.setup-go-proxy.outputs.goproxy-url || 'direct' }} | ||
| with: | ||
| context: . | ||
| file: ./Dockerfile | ||
| platforms: linux/amd64,linux/arm64 | ||
| tags: ${{ steps.docker-tags.outputs.tags }} | ||
| push: true | ||
| build-args: | | ||
| GOPROXY=${{ env.GOPROXY }} | ||
| outputs: | ||
| default_branch: ${{ env.DEFAULT_BRANCH }} # we output this here, to use in the following job's conditioning (due to github actions environment variable scope limitations). | ||
| helm-package-publish: | ||
| if: github.ref_type == 'tag' || github.ref_name == ${{ needs.docker-build-push.outputs.default_branch }} | ||
|
Check warning on line 71 in .github/workflows/ci.yaml
|
||
| needs: | ||
| - docker-build-push | ||
| runs-on: linux-amd64-cpu4 | ||
| env: | ||
| NGC_REPO: nvstaging/mellanox/network-operator | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: NGC setup and authentication | ||
| run: | | ||
| wget \ | ||
| --no-verbose \ | ||
| --content-disposition \ | ||
| -O ngccli_linux.zip \ | ||
| https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/3.160.1/files/ngccli_linux.zip | ||
| unzip -q ngccli_linux.zip | ||
| echo "./ngc-cli" >> $GITHUB_PATH | ||
| ngc-cli/ngc config set <<EOF | ||
| ${{ secrets.NVCR_TOKEN }} | ||
| json | ||
| nvstaging | ||
| mellanox | ||
| no-ace | ||
| EOF | ||
| - name: Make package and push (`current_version+git_sha` as chart version) | ||
| run: | | ||
| git_sha=$(git rev-parse --short=12 HEAD) # short git commit hash | ||
| current_chart_version=$(yq '.version' deployment/network-operator/Chart.yaml) | ||
| APP_VERSION=$git_sha VERSION=$current_chart_version-$git_sha make chart-build chart-push \ | ||
| 2> >(tee error.log) || grep 'already exists in the repository' error.log # catches any errors to `error.log`; if there is a specific error - passes (exit 0) | ||
| - name: Make package and push (`git_tag` as chart version) | ||
| if: github.ref_type == 'tag' | ||
| run: | | ||
| git_tag=${{ github.ref_name }} | ||
| APP_VERSION=$git_tag VERSION=${git_tag:1} make chart-build chart-push # VERSION as 'v' prefix removed | ||
| ocp-bundle: | ||
| needs: | ||
| - docker-build-push | ||
| runs-on: ubuntu-24.04 | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} | ||
| DOWNSTREAM_REPO_OWNER: nvidia-ci-cd | ||
| UPSTREAM_REPO_OWNER: redhat-openshift-ecosystem | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| with: | ||
| token: ${{ secrets.GH_TOKEN_NVIDIA_CI_CD }} # token must be explicitly set here for push to work in following step | ||
| - name: Determine version, tag, and base branch | ||
| run: | | ||
| if [[ "${{ github.ref_type }}" == "tag" ]]; then | ||
| git_tag=${{ github.ref_name }} | ||
| echo VERSION_WITH_PREFIX=$git_tag | tee -a $GITHUB_ENV | ||
| echo VERSION_WITHOUT_PREFIX=${git_tag:1} | tee -a $GITHUB_ENV # without the 'v' prefix | ||
| if echo $git_tag | grep beta; then | ||
| base_branch=$DEFAULT_BRANCH | ||
| else | ||
| v_major_minor=$(echo $git_tag | grep -Eo '^v[0-9]+\.[0-9]+') | ||
| base_branch=$v_major_minor.x | ||
| fi | ||
| echo BASE_BRANCH=$base_branch | tee -a $GITHUB_ENV | ||
| elif [[ "${{ github.ref_type }}" == "branch" ]]; then | ||
| echo VERSION_WITH_PREFIX=$(git rev-parse --short=12 HEAD) | tee -a $GITHUB_ENV | ||
| fi | ||
| - uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ secrets.NVCR_USERNAME }} | ||
| password: ${{ secrets.NVCR_TOKEN }} | ||
| - name: Lookup image digest | ||
| run: | | ||
| network_operator_digest=$(skopeo inspect docker://$REGISTRY/$IMAGE_NAME:$VERSION_WITH_PREFIX | jq -r .Digest) | ||
| echo $network_operator_digest | wc -w | grep 1 # verifies value not empty | ||
| echo NETWORK_OPERATOR_DIGEST=$network_operator_digest | tee -a $GITHUB_ENV | ||
| - name: Make bundle | ||
| env: | ||
| TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ env.NETWORK_OPERATOR_DIGEST }} | ||
| BUNDLE_IMG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:${{ env.VERSION_WITH_PREFIX }} | ||
| NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }} | ||
| run: | | ||
| if [[ "${{ github.ref_type }}" == "tag" ]]; then | ||
| version_major_minor=$(echo $VERSION_WITH_PREFIX | grep -Eo 'v[0-9]+\.[0-9]+') | ||
| export CHANNELS=stable,$version_major_minor | ||
| export DEFAULT_CHANNEL=stable | ||
| export VERSION=${{ env.VERSION_WITHOUT_PREFIX }} | ||
| elif [[ "${{ github.ref_type }}" == "branch" ]]; then | ||
| export CHANNELS=stable,v1.1 # hard coded | ||
| export DEFAULT_CHANNEL=stable # hard coded | ||
| export VERSION=1.1.0-${{ env.VERSION_WITH_PREFIX }} # using the commit hash | ||
| export NETWORK_OPERATOR_VERSION=${{ env.VERSION_WITH_PREFIX }} # for push use commit sha | ||
| fi | ||
| make bundle bundle-build bundle-push | ||
| if [[ "${{ github.ref_type }}" == "branch" ]]; then | ||
| export BUNDLE_IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-bundle:latest # hard coded | ||
| make bundle-build bundle-push | ||
| fi | ||
| - name: Create PR with bundle to Network Operator | ||
| if: github.ref_type == 'tag' | ||
| env: | ||
| FEATURE_BRANCH: update-ocp-bundle-to-${{ env.VERSION_WITH_PREFIX }} | ||
| run: | | ||
| git config user.name nvidia-ci-cd | ||
| git config user.email svc-cloud-orch-gh@nvidia.com | ||
| git checkout -b $FEATURE_BRANCH | ||
| git status | ||
| git add bundle | ||
| git add bundle.Dockerfile | ||
| git commit -sm "task: update bundle to $VERSION_WITH_PREFIX" | ||
| git push -u origin $FEATURE_BRANCH | ||
| gh pr create \ | ||
| --head $FEATURE_BRANCH \ | ||
| --base $BASE_BRANCH \ | ||
| --title "task: update bundle to $VERSION_WITH_PREFIX" \ | ||
| --body "Created by the *${{ github.job }}* job in [${{ github.repository }} OCP bundle CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." | ||
