From 702cdfa09abc11e22e69fc6779f1de8a8bb7bfd8 Mon Sep 17 00:00:00 2001 From: Roy Golan Date: Sun, 14 Jul 2024 17:14:00 +0300 Subject: [PATCH] Use the Makefile to build and push in GH actions With this change we make sure all the build and push goes through the make. A failure in CI would likely indicate that developers fail to build images, and vice versa, given CI and local users use the same buidlah version - currently github runner ubuntu 22 uses buildah 1.23.1 which is bit dated. The remaining bits that don't use the makefile is the generation of the PR to the CD repo. The current github actions have specific code to push stuff for workflows in helm format, and the makefile invokes a script that does it for kustomize format. We should unit the two behaviours to the scripts can handle both, or just make all workflows use a single format, and then use that from the action. Signed-off-by: Roy Golan --- .github/workflows/jira-listener.yml | 2 +- .github/workflows/main.yml | 96 ++++++++++------------------- 2 files changed, 33 insertions(+), 65 deletions(-) diff --git a/.github/workflows/jira-listener.yml b/.github/workflows/jira-listener.yml index 3d3b5d75..ab02e7d9 100644 --- a/.github/workflows/jira-listener.yml +++ b/.github/workflows/jira-listener.yml @@ -17,4 +17,4 @@ jobs: with: workflow_id: escalation application_id: jira-listener - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 587c8f45..51dff54d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,6 +6,11 @@ on: workflow_id: required: true type: string + # application is those auxilary application we deploy with a workflow to complete some part of it with specialized code, like for exaple the jira-listener for the escaplation flow. + application_id: + required: false + type: string + default: 'UNDEFINED' it_mode: type: boolean default: false @@ -28,21 +33,18 @@ jobs: username: ${{ secrets.REGISTRY_REDHAT_IO_USER }} password: ${{ secrets.REGISTRY_REDHAT_IO_PASSWORD }} - - name: Buildah Action + - name: Build Image id: build-image uses: redhat-actions/buildah-build@v2 if: ${{ ! inputs.it_mode }} - with: - image: serverless-workflow-${{ inputs.workflow_id }} - tags: latest ${{ github.sha }} - extra-args: --ulimit nofile=4096:4096 - containerfiles: | - pipeline/workflow-builder.Dockerfile - build-args: | - WF_RESOURCES=${{ inputs.workflow_id }} - FLOW_NAME=${{ inputs.workflow_id }} - FLOW_SUMMARY=${{ inputs.workflow_id }} - FLOW_DESCRIPTION=${{ inputs.workflow_id }} + run: | + make WORKFLOW_ID=${{ inputs.workflow_id }} \ + APPLICATION_ID=${{ inputs.application_id }} \ + GIT_TOKEN=${{ env.GH_TOKEN }} \ + REGISTRY_REPO=${{ env.REGISTRY_REPO }} \ + REGISTRY_USERNAME=${{ secrets.NEW_QUAY_USERNAME }} \ + REGISTRY_PASSWORD=${{ secrets.NEW_QUAY_PASSWORD }} \ + build-image - name: Buildah Action for testing id: build-dev-image @@ -75,70 +77,36 @@ jobs: - name: Push To quay.io id: push-to-quay if: ${{ ! inputs.it_mode }} - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: quay.io/orchestrator - username: ${{ secrets.NEW_QUAY_USERNAME }} - password: ${{ secrets.NEW_QUAY_PASSWORD }} - - - name: Print image url - run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" + run: | + make WORKFLOW_ID=${{ inputs.workflow_id }} \ + APPLICATION_ID=${{ inputs.application_id }} \ + GIT_TOKEN=${{ env.GH_TOKEN }} \ + REGISTRY_REPO=${{ env.REGISTRY_REPO }} \ + REGISTRY_USERNAME=${{ secrets.NEW_QUAY_USERNAME }} \ + REGISTRY_PASSWORD=${{ secrets.NEW_QUAY_PASSWORD }} \ + push-image generate-manifests: needs: build runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write steps: - uses: actions/checkout@v4 - - - name: Add auto DB migration in props - run: echo -e "\nquarkus.flyway.migrate-at-start=true" >> ${{ inputs.workflow_id }}/application.properties - - - name: Setup kn-workflow - run: | - KN_CLI_URL="https://mirror.openshift.com/pub/openshift-v4/clients/serverless/1.11.2/kn-linux-amd64.tar.gz" - curl -L "$KN_CLI_URL" | tar -xz && chmod +x kn-linux-amd64 && mv kn-linux-amd64 kn - - - name: Use kn-workflow to generate manifests - run: cd ${{ inputs.workflow_id }} && ../kn workflow gen-manifest --namespace "" - - - name: Set prod profile - run: yq --inplace eval '.metadata.annotations["sonataflow.org/profile"] = "prod"' ${{ inputs.workflow_id }}/manifests/01-sonataflow*.yaml - - - name: Set container image ref in SonataFlow resource - run: yq --inplace '.spec.podTemplate.container.image="quay.io/orchestrator/serverless-workflow-${{ inputs.workflow_id }}:${{ github.sha }}"' ${{ inputs.workflow_id }}/manifests/01-sonataflow*.yaml - - - name: Set persistence spec in SonataFlow resource + - name: Generate Manifests + id: generate-manifests run: | - yq --inplace '.spec |= ( - . + { - "persistence": { - "postgresql": { - "secretRef": { - "name": "sonataflow-psql-postgresql", - "userKey": "postgres-username", - "passwordKey": "postgres-password" - }, - "serviceRef": { - "name": "sonataflow-psql-postgresql", - "port": 5432, - "databaseName": "sonataflow", - "databaseSchema": "${{ inputs.workflow_id }}" - } - } - } - } - )' ${{ inputs.workflow_id }}/manifests/01-sonataflow*.yaml + WORKDIR=${{ runner.temp }}/serverless-workflows + make WORKFLOW_ID=${{ inputs.workflow_id }} \ + WORKDIR=${WORKDIR} \ + APPLICATION_ID=${{ inputs.application_id }} \ + PR_OR_COMMIT_URL=${PR_OR_COMMIT_URL} \ + gen-manifests + echo manifests-dir=${{ runner.temp }}/serverless-workflows/${{ inputs.workflow_id }}/manifests >> "$GITHUB_OUTPUT" - name: Archive manifests uses: actions/upload-artifact@v4 with: name: serverless-workflow-${{ inputs.workflow_id }}-manifests - path: ${{ inputs.workflow_id }}/manifests + path: ${{ steps.generate-manifests.manifests-dir }} - uses: actions/github-script@v7 id: get_pr_data