Preflight checks (attempt #1) #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Manual job to run the preflight checks and possibly submit the results | |
| # to the RedHat Technology Portal. | |
| # | |
| # This job used to be part of the dev and release workflow but now it's an | |
| # independent manually triggered workflow. | |
| # | |
| # The primary reason for this is that it made the release process unnecessary | |
| # chaotic. The RH tech portal is notoriously unstable, and in cases where it | |
| # failed to respond, a way to re-run the preflight checks was necessary. | |
| # But the preflight checks were trigerred only after a successful release | |
| # workflow, which it's self was only triggered by a new tag. | |
| # | |
| # As you can imagine, retagging this repository just to force a new round | |
| # of possibly unsuccessful checks was not very productive. | |
| # | |
| --- | |
| name: Preflight checks | |
| run-name: | | |
| Preflight checks (attempt #${{ github.run_attempt }}) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Image version (0.0.0-dev, 23.11.0, etc)' | |
| required: true | |
| default: '0.0.0-dev' | |
| type: string | |
| submit: | |
| description: 'Submit results to the RH portal' | |
| required: true | |
| default: false | |
| type: boolean | |
| registry: | |
| description: 'Image repository.' | |
| required: true | |
| default: 'oci.stackable.tech' | |
| type: string | |
| organization: | |
| description: 'Organization name within the given registry' | |
| required: true | |
| default: 'sdp' | |
| type: string | |
| jobs: | |
| preflight: | |
| name: ${{ matrix.product }} preflight checks | |
| # Run preflight checks and submit results to the RH certification portal. | |
| # This job only runs if the "release" job was successful | |
| # See: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| # This setting can be changed to throttle the build load | |
| # Another reason to have no parallelism is that the RedHat portal is not reliable and | |
| # and preflight submissions are not idempotent. This means that if one of the products below | |
| # fails, we need to clean up everything that was done for all other products in the failed run. | |
| max-parallel: 1 | |
| matrix: | |
| product: | |
| - airflow | |
| - druid | |
| - hadoop | |
| - hbase | |
| - hive | |
| - kafka | |
| - nifi | |
| - omid | |
| - opa | |
| - spark-k8s | |
| - superset | |
| - trino | |
| - tools | |
| - zookeeper | |
| env: | |
| GITHUB_REF_NAME: ${{ github.ref_name }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: '3.x' | |
| - run: pip install image-tools-stackabletech==0.0.13 | |
| - name: Install preflight | |
| run: | | |
| wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.10.0/preflight-linux-amd64 | |
| chmod +x preflight-linux-amd64 | |
| - name: Submit preflight checks | |
| if: ${{ inputs.submit == true }} | |
| env: | |
| REGISTRY: ${{ inputs.registry }} | |
| ORGANIZATION: ${{ inputs.organization }} | |
| IMAGE_VERSION: ${{ inputs.tag }} | |
| run: | | |
| ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" | |
| check-container --product "${{ matrix.product }}" \ | |
| --image-version "$IMAGE_VERSION" \ | |
| --registry "$REGISTRY" \ | |
| --organization "$ORGANIZATION" \ | |
| --architecture "linux/${ARCH_FOR_PREFLIGHT}" \ | |
| --executable ./preflight-linux-amd64 \ | |
| --token "${{ secrets.RH_PYXIS_API_TOKEN }}" \ | |
| --submit | |
| - name: Run preflight checks (no submit) | |
| if: ${{ inputs.submit == false }} | |
| env: | |
| REGISTRY: ${{ inputs.registry }} | |
| ORGANIZATION: ${{ inputs.organization }} | |
| IMAGE_VERSION: ${{ inputs.tag }} | |
| run: | | |
| ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" | |
| check-container --product "${{ matrix.product }}" \ | |
| --image-version "$IMAGE_VERSION" \ | |
| --registry "$REGISTRY" \ | |
| --organization "$ORGANIZATION" \ | |
| --architecture "linux/${ARCH_FOR_PREFLIGHT}" \ | |
| --executable ./preflight-linux-amd64 \ | |
| --token "${{ secrets.RH_PYXIS_API_TOKEN }}" \ | |
| notify: | |
| name: Failure Notification | |
| needs: [preflight] | |
| runs-on: ubuntu-latest | |
| if: failure() | |
| steps: | |
| - uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 | |
| with: | |
| channel-id: "C07UG6JH44F" # notifications-container-images | |
| payload: | | |
| { | |
| "text": "*${{ github.workflow }}* failed (attempt ${{ github.run_attempt }})", | |
| "attachments": [ | |
| { | |
| "pretext": "See the details below for a summary of which job(s) failed.", | |
| "color": "#aa0000", | |
| "fields": [ | |
| { | |
| "title": "Preflight", | |
| "short": true, | |
| "value": "${{ needs.preflight.result }}" | |
| } | |
| ], | |
| "actions": [ | |
| { | |
| "type": "button", | |
| "text": "Go to workflow run", | |
| "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_CONTAINER_IMAGE_TOKEN }} |