-
-
Notifications
You must be signed in to change notification settings - Fork 6
156 lines (154 loc) · 5.75 KB
/
preflight.yaml
File metadata and controls
156 lines (154 loc) · 5.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Manual job to run the preflight checks and possibly submit the results
# to the RedHat Technology Portal.
#
# This job used to be part of the dev and release workflow but now it's an
# independent manually triggered workflow.
#
# The primary reason for this is that it made the release process unnecessary
# chaotic. The RH tech portal is notoriously unstable, and in cases where it
# failed to respond, a way to re-run the preflight checks was necessary.
# But the preflight checks were trigerred only after a successful release
# workflow, which it's self was only triggered by a new tag.
#
# As you can imagine, retagging this repository just to force a new round
# of possibly unsuccessful checks was not very productive.
#
---
name: Preflight checks
run-name: |
Preflight checks (attempt #${{ github.run_attempt }})
on:
workflow_dispatch:
inputs:
tag:
description: "Image version (0.0.0-dev, 23.11.0, etc)"
required: true
default: "0.0.0-dev"
type: string
submit:
description: "Submit results to the RH portal"
required: true
default: false
type: boolean
registry:
description: "Image repository."
required: true
default: "oci.stackable.tech"
type: string
organization:
description: "Organization name within the given registry"
required: true
default: "sdp"
type: string
jobs:
preflight:
name: ${{ matrix.product }} preflight checks
# Run preflight checks and submit results to the RH certification portal.
# This job only runs if the "release" job was successful
# See: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds
runs-on: ubuntu-latest
strategy:
fail-fast: true
# This setting can be changed to throttle the build load
# Another reason to have no parallelism is that the RedHat portal is not reliable and
# and preflight submissions are not idempotent. This means that if one of the products below
# fails, we need to clean up everything that was done for all other products in the failed run.
max-parallel: 1
matrix:
product:
- airflow
- druid
- hadoop
- hbase
- hive
- kafka
- nifi
- omid
- opa
- opensearch
- opensearch-dashboards
- spark-k8s
- superset
- trino
- tools
- zookeeper
env:
GITHUB_REF_NAME: ${{ github.ref_name }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: "3.x"
- run: pip install image-tools-stackabletech==0.0.17
- name: Install preflight
run: |
wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.10.0/preflight-linux-amd64
chmod +x preflight-linux-amd64
- name: Submit preflight checks
if: ${{ inputs.submit == true }}
env:
REGISTRY: ${{ inputs.registry }}
ORGANIZATION: ${{ inputs.organization }}
IMAGE_VERSION: ${{ inputs.tag }}
run: |
ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')"
check-container --product "${{ matrix.product }}" \
--image-version "$IMAGE_VERSION" \
--registry "$REGISTRY" \
--organization "$ORGANIZATION" \
--architecture "linux/${ARCH_FOR_PREFLIGHT}" \
--executable ./preflight-linux-amd64 \
--token "${{ secrets.RH_PYXIS_API_TOKEN }}" \
--submit
- name: Run preflight checks (no submit)
if: ${{ inputs.submit == false }}
env:
REGISTRY: ${{ inputs.registry }}
ORGANIZATION: ${{ inputs.organization }}
IMAGE_VERSION: ${{ inputs.tag }}
run: |
ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')"
check-container --product "${{ matrix.product }}" \
--image-version "$IMAGE_VERSION" \
--registry "$REGISTRY" \
--organization "$ORGANIZATION" \
--architecture "linux/${ARCH_FOR_PREFLIGHT}" \
--executable ./preflight-linux-amd64 \
--token "${{ secrets.RH_PYXIS_API_TOKEN }}" \
notify:
name: Failure Notification
needs: [preflight]
runs-on: ubuntu-latest
if: failure()
steps:
- uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
with:
channel-id: "C07UG6JH44F" # notifications-container-images
payload: |
{
"text": "*${{ github.workflow }}* failed (attempt ${{ github.run_attempt }})",
"attachments": [
{
"pretext": "See the details below for a summary of which job(s) failed.",
"color": "#aa0000",
"fields": [
{
"title": "Preflight",
"short": true,
"value": "${{ needs.preflight.result }}"
}
],
"actions": [
{
"type": "button",
"text": "Go to workflow run",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}"
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_CONTAINER_IMAGE_TOKEN }}