Configure CI/CD to use a latest image build

Allda · Allda · commit 83320c93fbf1 · 2021-12-17T15:56:34.000+01:00
The deploy action was extended with a build configuration and the
individual steps of release use the image with a latest commit sha.

JIRA: ISV-1363, ISV-1364
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -7,13 +7,48 @@ on:  # yamllint disable-line rule:truthy
       - E2E-CI
     branches:
       - main
+      - ci-cd
     types:
       - completed
+  push:
+    branches:
+      - ci-cd
   workflow_dispatch:
 
 jobs:
+  build:
+    name: Build and push image
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build Image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: operator-pipelines-images
+          tags: latest ${{ github.sha }}
+          dockerfiles: |
+            ./operator-pipeline-images/Dockerfile
+
+      - name: Push To quay.io
+        id: push-to-quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: quay.io/redhat-isv
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Print image url
+        run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
   deploy-dev:
     runs-on: ubuntu-latest
+    needs:
+      - build
     environment:
       name: dev
     steps:
@@ -30,12 +65,14 @@ jobs:
           vault_password: ${{secrets.VAULT_PASSWORD}}
           options: |
             --inventory inventory/operator-pipeline
-            --extra-vars env=dev
+            --extra-vars "env=dev operator_pipeline_image_tag=${{ github.sha }}"
             --skip-tags ci
             --verbose
 
   deploy-qa:
     runs-on: ubuntu-latest
+    needs:
+      - build
     environment:
       name: qa
     steps:
@@ -52,55 +89,94 @@ jobs:
           vault_password: ${{secrets.VAULT_PASSWORD}}
           options: |
             --inventory inventory/operator-pipeline
-            --extra-vars env=qa
+            --extra-vars "env=qa operator_pipeline_image_tag=${{ github.sha }}"
             --skip-tags ci
             --verbose
 
-  deploy-stage:
+  # deploy-stage:
+  #   runs-on: ubuntu-latest
+  #   environment:
+  #     name: stage
+  #   needs:
+  #     - deploy-qa
+  #     - deploy-dev
+  #   steps:
+  #     - uses: actions/checkout@v1
+  #     - name: Install dependencies
+  #       run: |
+  #         pip install --user openshift
+  #     - name: Deploy stage environment
+  #       uses: dawidd6/action-ansible-playbook@v2
+  #       with:
+  #         playbook: playbooks/deploy.yml
+  #         directory: ./ansible
+  #         requirements: playbooks/requirements.yml
+  #         vault_password: ${{secrets.VAULT_PASSWORD}}
+  #         options: |
+  #           --inventory inventory/operator-pipeline
+  #           --extra-vars "env=stage operator_pipeline_image_tag=${{ github.sha }}"
+  #           --skip-tags ci
+  #           --verbose
+
+  # deploy-prod:
+  #   runs-on: ubuntu-latest
+  #   environment:
+  #     name: prod
+  #   needs:
+  #     - deploy-stage
+  #   steps:
+  #     - uses: actions/checkout@v1
+  #     - name: Install dependencies
+  #       run: |
+  #         pip install --user openshift
+  #     - name: Deploy prod environment
+  #       uses: dawidd6/action-ansible-playbook@v2
+  #       with:
+  #         playbook: playbooks/deploy.yml
+  #         directory: ./ansible
+  #         requirements: playbooks/requirements.yml
+  #         vault_password: ${{secrets.VAULT_PASSWORD}}
+  #         options: |
+  #           --inventory inventory/operator-pipeline
+  #           --extra-vars "env=prod operator_pipeline_image_tag=${{ github.sha }}"
+  #           --skip-tags ci
+  #           --verbose
+  release:
+    name: Github release
     runs-on: ubuntu-latest
-    environment:
-      name: stage
     needs:
       - deploy-dev
-      - deploy-qa
     steps:
-      - uses: actions/checkout@v1
-      - name: Install dependencies
-        run: |
-          pip install --user openshift
-      - name: Deploy stage environment
-        uses: dawidd6/action-ansible-playbook@v2
+      - uses: actions/checkout@v2
+
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v5.6
         with:
-          playbook: playbooks/deploy.yml
-          directory: ./ansible
-          requirements: playbooks/requirements.yml
-          vault_password: ${{secrets.VAULT_PASSWORD}}
-          options: |
-            --inventory inventory/operator-pipeline
-            --extra-vars env=stage
-            --skip-tags ci
-            --verbose
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
-  deploy-prod:
-    runs-on: ubuntu-latest
-    environment:
-      name: prod
-    needs:
-      - deploy-stage
-    steps:
-      - uses: actions/checkout@v1
-      - name: Install dependencies
-        run: |
-          pip install --user openshift
-      - name: Deploy prod environment
-        uses: dawidd6/action-ansible-playbook@v2
+      - name: Create a GitHub release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          playbook: playbooks/deploy.yml
-          directory: ./ansible
-          requirements: playbooks/requirements.yml
-          vault_password: ${{secrets.VAULT_PASSWORD}}
-          options: |
-            --inventory inventory/operator-pipeline
-            --extra-vars env=prod
-            --skip-tags ci
-            --verbose
+          tag_name: ${{ steps.tag_version.outputs.new_tag }}
+          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+
+      - name: Log in to Quay.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          registry: quay.io
+
+      - name: Pull and tag image
+        run: |
+          podman pull quay.io/redhat-isv/operator-pipelines-images:${{ github.sha }}
+
+          podman tag quay.io/redhat-isv/operator-pipelines-images:${{ github.sha }} quay.io/redhat-isv/operator-pipelines-images:released
+          podman tag quay.io/redhat-isv/operator-pipelines-images:${{ github.sha }} quay.io/redhat-isv/operator-pipelines-images:${{ steps.tag_version.outputs.new_tag }}
+
+          podman push quay.io/redhat-isv/operator-pipelines-images:released
+          podman push quay.io/redhat-isv/operator-pipelines-images:${{ steps.tag_version.outputs.new_tag }}
diff --git a/.github/workflows/main-image.yml b/.github/workflows/main-image.yml
@@ -4,16 +4,6 @@ on:  # yamllint disable-line rule:truthy
   - pull_request
 
 jobs:
-  test-lint:
-    name: Run unit tests and linters
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: fedora-python/tox-github-action@v0.4
-        with:
-          tox_env: black,test
-          dnf_install: krb5-devel krb5-workstation
-
   build:
     name: Build and push image
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml
@@ -6,9 +6,19 @@ on:  # yamllint disable-line rule:truthy
   - pull_request
 
 jobs:
-  linting:
+  yaml-lint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: yaml-lint
         uses: ibiqlik/action-yamllint@v3
+
+  tox:
+    name: Run unit tests and linters
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: fedora-python/tox-github-action@v0.4
+        with:
+          tox_env: black,test
+          dnf_install: krb5-devel krb5-workstation
