diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 597c7998..bfa0ab15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,6 +24,8 @@ jobs: build: name: Build Image runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.vars.outputs.version }} permissions: contents: write # for lucacome/draft-release to create a draft release security-events: write # for github/codeql-action/upload-sarif to upload SARIF results @@ -148,16 +150,57 @@ jobs: - OpenShift {{openshift_version}} or newer. if: github.event_name != 'pull_request' + certify: + name: Certify for Red Hat OpenShift + runs-on: ubuntu-22.04 + needs: build + if: ${{ github.ref_type == 'tag' }} + steps: - name: Certify Images continue-on-error: true run: | - curl -fsSL https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.6.9/preflight-linux-amd64 --output preflight + curl -fsSL https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.7.0/preflight-linux-amd64 --output preflight chmod +x preflight IFS=',' read -ra arch_list <<< "${{ env.platforms }}" for arch in "${arch_list[@]}"; do architecture=("${arch#*/}") - ./preflight check container quay.io/nginx/nginx-ingress-operator:${{ steps.meta.outputs.version }} --pyxis-api-token ${{ secrets.PYXIS_API_TOKEN }} --certification-project-id ${{ secrets.CERTIFICATION_PROJECT_ID }} --platform $architecture --submit + ./preflight check container quay.io/nginx/nginx-ingress-operator:${{ needs.build.outputs.version }} --pyxis-api-token ${{ secrets.PYXIS_API_TOKEN }} --certification-project-id ${{ secrets.CERTIFICATION_PROJECT_ID }} --platform $architecture --submit done - if: ${{ github.ref_type == 'tag' }} + + - name: Make + run: | + make bundle USE_IMAGE_DIGESTS=true + + - name: Checkout certified-operators repo + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + token: ${{ secrets.NGINX_PAT }} + repository: nginx-bot/certified-operators + path: certified-operators + + - name: Update certified-operators repo + working-directory: certified-operators/operators/nginx-ingress-operator + run: | + mkdir v${{ needs.build.outputs.version }} + cp -R ../../../bundle/manifests v${{ needs.build.outputs.version }}/ + cp -R ../../../bundle/metadata v${{ needs.build.outputs.version }}/ + + - name: Commit changes + uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 + with: + commit_message: operator nginx-ingress-operator (v${{ needs.build.outputs.version }}) + commit_author: nginx-bot + commit_user_name: nginx-bot + commit_user_email: integrations@nginx.com + create_branch: true + branch: update-nginx-ingress-operator-to-v${{ needs.build.outputs.version }} + repository: certified-operators + + - name: Create PR + working-directory: certified-operators + run: | + gh pr create --title "operator nginx-ingress-operator (v${{ needs.build.outputs.version }})" --body "Update nginx-ingress-operator to v${{ needs.build.outputs.version }}" --head nginx-bot:update-nginx-ingress-operator-to-v${{ needs.build.outputs.version }} --base main --repo redhat-openshift-ecosystem/certified-operators + env: + GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} diff --git a/.github/workflows/pr-certified.yml b/.github/workflows/pr-certified.yml deleted file mode 100644 index 35ad3625..00000000 --- a/.github/workflows/pr-certified.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Certify Operator - -on: - workflow_dispatch: - -permissions: - contents: read - -jobs: - sync: - runs-on: ubuntu-22.04 - permissions: - contents: write - steps: - - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - with: - token: ${{ secrets.NGINX_PAT }} - - - name: Make - run: | - make bundle USE_IMAGE_DIGESTS=true - - - name: Checkout certified-operators repo - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - with: - token: ${{ secrets.NGINX_PAT }} - repository: nginx-bot/certified-operators - path: certified-operators - - - name: Sync fork with upstream - run: | - git fetch upstream - git merge upstream/main - git push - - - name: Update certified-operators repo - working-directory: certified-operators/operators/nginx-ingress-operator - run: | - mkdir v2.0.1 - cd v2.0.1 - cp -R ../../../bundle/manifests . - cp -R ../../../bundle/metadata . - - - name: Commit changes - id: commit - uses: stefanzweifel/git-auto-commit-action@v4.16.0 - with: - commit_message: operator nginx-ingress-operator (v2.0.1) - create_branch: true - branch: update-nginx-ingress-operator-to-v2.0.1 - repository: certified-operators - - - name: Create PR - working-directory: certified-operators - run: | - gh pr create --title "operator nginx-ingress-operator (v2.0.1)" --body "Update nginx-ingress-operator to v2.0.1" --head nginx-bot:update-nginx-ingress-operator-to-v2.0.1 --base main --repo redhat-openshift-ecosystem/certified-operators diff --git a/Makefile b/Makefile index 4e752af4..f7467aef 100644 --- a/Makefile +++ b/Makefile @@ -231,8 +231,3 @@ catalog-build: opm ## Build a catalog image. .PHONY: catalog-push catalog-push: ## Push a catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) - -# Get medatada to prepare the bundle to be submitted at https://github.com/redhat-openshift-ecosystem/certified-operators/ -.PHONY: get-metadata-certification -get-metadata-certification: - @./hack/get_image_info.sh ${IMAGE_TAG_BASE} ${VERSION} diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt deleted file mode 100644 index 45dbbbbc..00000000 --- a/hack/boilerplate.go.txt +++ /dev/null @@ -1,15 +0,0 @@ -/* -Copyright 2021. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file diff --git a/hack/get_image_info.sh b/hack/get_image_info.sh deleted file mode 100755 index 20398b7d..00000000 --- a/hack/get_image_info.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -image="${1#quay.io/}" -version=$2 - -response=$(curl -sSfL -w '%{header_json}' -H "Accept: application/vnd.oci.image.index.v1+json" "https://quay.io/v2/${image}/manifests/${version}" | jq -s) - -image_digest=$(jq -r '.[1]."docker-content-digest"[]' <<<$response) -manifest_digest=$(jq -r '.[0].manifests[0].digest' <<<$response) - -digest="$(curl -sSfL -H "Accept: application/vnd.oci.image.manifest.v1+json" "https://quay.io/v2/${image}/manifests/${manifest_digest}" | jq -r '.config.digest')" - -created=$(curl -sSfL -H "Accept: application/vnd.oci.image.config.v1+json" "https://quay.io/v2/${image}/blobs/${digest}" | jq -r '.config.Labels."org.opencontainers.image.created"') - -proxy="./config/default/manager_auth_proxy_patch.yaml" -kube_proxy=$(yq e '.spec.template.spec.containers.[0].image' $proxy) -full_image=${kube_proxy%:*} -kube_image=${full_image#*/} -kube_version=${kube_proxy#*:} - -kube_digest=$(curl -sSfL -I -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" "https://gcr.io/v2/${kube_image}/manifests/${kube_version}" | awk 'BEGIN {FS=": "}/^docker-content-digest/{gsub(/"/, "", $2); print $2}') - -printf "%s\n\n" "Manually repleace the following values in bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml" -printf "%s\n" "metadata.annotations.createdAt: ${created}" -printf "%s\n" "metadata.annotations.containerImage: quay.io/${image}@${image_digest}" -printf "%s\n" "spec.install.spec.deployments[0].spec.template.spec.containers[1].image (nginx-ingress-operator): quay.io/${image}@${image_digest}" -printf "%s\n" "spec.install.spec.deployments[0].spec.template.spec.containers[0].image (kube-rbac-proxy): ${full_image}@${kube_digest}"