Add common workflow

astrolabsoftware · Feb 7, 2024 · b7ac96b · b7ac96b
1 parent 1dc433a
commit b7ac96b
Show file tree

Hide file tree

Showing 3 changed files with 203 additions and 177 deletions.
diff --git a/.github/workflows/e2e-common.yml b/.github/workflows/e2e-common.yml
@@ -0,0 +1,193 @@
+name: "Reusable workflow for Fink self-hosted e2e tests"
+
+on:
+  workflow_call:
+    inputs:
+      suffix:
+        required: true
+        type: string
+      ci_repo:
+        required: true
+        type: string
+    secrets:
+      registry_username:
+        required: true
+      registry_token:
+        required: true
+env:
+  CIUXCONFIG: /tmp/ciux.sh
+  CIUX_VERSION: 927153e3f
+  GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+  SUFFIX: ${{ inputs.suffix }}
+  CI_REPO: ${{ inputs.ci_repo }}
+jobs:
+  build:
+    name: Build image
+    runs-on: ubuntu-22.04
+    outputs:
+      image: ${{ steps.export.outputs.IMAGE }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.4'
+      - name: Install ciux
+        run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
+      - name: Build fink-broker image for k8s
+        run: |
+          ./build.sh -s "${{ env.SUFFIX }}" -r "${{ env.CI_REPO }}"
+      - name: Export fink-broker image
+        id: export
+        run: |
+          # Cannot use CIUXCONFIG because it may not have been created yet
+          # TODO make it simpler!
+          $(ciux get image --check $PWD --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}" --env)
+          mkdir -p artifacts
+          if [ $CIUX_BUILD = true ]; then
+            if [ -n "${{ env.CI_REPO }}" ]; then
+              # Self-hosted runner
+              docker push $CIUX_IMAGE_URL
+              touch artifacts/empty
+            else
+              # GHA runner
+              echo "Export $CIUX_IMAGE_URL to archive"
+              docker save "$CIUX_IMAGE_URL" > artifacts/image.tar
+            fi
+          else
+            echo "Using existing image $CIUX_IMAGE_URL"
+            touch artifacts/empty
+          fi
+          echo "IMAGE=$CIUX_IMAGE_URL" >> "$GITHUB_OUTPUT"
+      - uses: actions/upload-artifact@v2
+        with:
+          name: docker-artifact
+          path: artifacts
+  integration-tests:
+    name: Run integration tests
+    runs-on: ubuntu-22.04
+    needs: build
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.4'
+      - name: Install ciux
+        run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
+      - name: Ciux project ignition
+        run: |
+          ciux ignite --selector ci --branch="$GHA_BRANCH_NAME" $PWD --suffix noscience
+      - name: Create k8s (kind) cluster
+        run: |
+          ktbx install kind
+          ktbx install kubectl
+          ktbx create -s
+      - name: Install olm and argocd operators
+        run: |
+          ktbx install olm
+          ktbx install argocd
+      - name: Run argoCD
+        run: |
+          ./e2e/argocd.sh
+      - name: Download image
+        uses: actions/download-artifact@v3
+        with:
+          name: docker-artifact
+          path: artifacts
+      - name: Load container image inside kind
+        run: |
+          if [ -f artifacts/image.tar ]; then
+            echo "Loading image from archive"
+            docker load --input artifacts/image.tar
+          else
+            echo "Using existing image"
+          fi
+      - name: Install fink-alert-simulator pre-requisites (argo-workflows)
+        run: |
+          . "$CIUXCONFIG"
+          .  "$FINK_ALERT_SIMULATOR_DIR"/prereq-install.sh
+      - name: Run fink-alert-simulator
+        run: |
+          . "$CIUXCONFIG"
+          "$FINK_ALERT_SIMULATOR_DIR"/argo-submit.sh
+          argo watch @latest
+      # - name: Setup tmate session
+      # uses: mxschmitt/action-tmate@v3
+      - name: Install fink-broker pre-requisites (JDK, Spark)
+        run: |
+          sudo apt-get -y update
+          sudo apt-get -y install openjdk-8-jdk-headless
+          ./e2e/prereq-install.sh
+      - name: Run fink-broker
+        run: |
+          ./e2e/fink-start.sh
+      - name: Check results
+        run: |
+          ./e2e/check-results.sh
+  image-analysis:
+    name: Analyze image
+    runs-on: ubuntu-22.04
+    permissions:
+      security-events: write
+    needs: build
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Download image
+        uses: actions/download-artifact@v3
+        with:
+          name: docker-artifact
+          path: artifacts
+      - name: Load image in local registry
+        run: |
+          if [ -f artifacts/image.tar ]; then
+            echo "Loading image ${{ needs.build.outputs.image }} from archive"
+            docker load --input artifacts/image.tar
+          else
+            echo "Using existing image ${{ needs.build.outputs.image }}"
+          fi
+      - name: Scan fink-broker image
+        uses: anchore/scan-action@v3
+        id: scan
+        with:
+          image: "${{ needs.build.outputs.image }}"
+          fail-build: false
+      - name: Display SARIF report
+        run: |
+          cat ${{ steps.scan.outputs.sarif }}
+      - name: upload Anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+  push:
+    name: Push fink-broker image to IN2P3 registry
+    runs-on: ubuntu-22.04
+    needs: [build, integration-tests]
+    steps:
+      - name: Download image
+        uses: actions/download-artifact@v3
+        with:
+          name: docker-artifact
+          path: artifacts
+      - name: Load image in local registry
+        run: |
+          if [ -f artifacts/image.tar ]; then
+              echo "Loading image ${{ needs.build.outputs.image }} from archive"
+              docker load --input artifacts/image.tar
+            else
+              echo "Using existing image ${{ needs.build.outputs.image }}"
+            fi
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          registry: gitlab-registry.in2p3.fr
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Push image to IN2P3 registry
+        run: |
+          docker push "${{ needs.build.outputs.image }}"
diff --git a/.github/workflows/e2e-gha.yml b/.github/workflows/e2e-gha.yml
@@ -4,179 +4,12 @@ on:
   pull_request:
     branches:
       - master
-env:
-  CIUXCONFIG: /tmp/ciux.sh
-  CIUX_VERSION: 927153e3f
-  GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
-  SUFFIX: noscience
 jobs:
-  build:
-    name: Build image
-    runs-on: ubuntu-22.04
-    outputs:
-      image: ${{ steps.export.outputs.IMAGE }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '1.21.4'
-      - name: Install ciux
-        run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
-      - name: Build fink-broker image for k8s
-        run: |
-          ./build.sh -s "${{ env.SUFFIX }}" -r "${{ env.CI_REPO }}"
-      - name: Export fink-broker image
-        id: export
-        run: |
-          # Cannot use CIUXCONFIG because it may not have been created yet
-          # TODO make it simpler!
-          $(ciux get image --check $PWD --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}" --env)
-          mkdir -p artifacts
-          if [ $CIUX_BUILD = true ]; then
-            if [ -n "${{ env.CI_REPO }}" ]; then
-              # Self-hosted runner
-              docker push $CIUX_IMAGE_URL
-              touch artifacts/empty
-            else
-              # GHA runner
-              echo "Export $CIUX_IMAGE_URL to archive"
-              docker save "$CIUX_IMAGE_URL" > artifacts/image.tar
-            fi
-          else
-            echo "Using existing image $CIUX_IMAGE_URL"
-            touch artifacts/empty
-          fi
-          echo "IMAGE=$CIUX_IMAGE_URL" >> "$GITHUB_OUTPUT"
-      - uses: actions/upload-artifact@v2
-        with:
-          name: docker-artifact
-          path: artifacts
-  integration-tests:
-    name: Run integration tests
-    runs-on: ubuntu-22.04
-    needs: build
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '1.21.4'
-      - name: Install ciux
-        run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
-      - name: Ciux project ignition
-        run: |
-          ciux ignite --selector ci --branch="$GHA_BRANCH_NAME" $PWD --suffix noscience
-      - name: Create k8s (kind) cluster
-        run: |
-          ktbx install kind
-          ktbx install kubectl
-          ktbx create -s
-      - name: Install olm and argocd operators
-        run: |
-          ktbx install olm
-          ktbx install argocd
-      - name: Run argoCD
-        run: |
-          ./e2e/argocd.sh
-      - name: Download image
-        uses: actions/download-artifact@v3
-        with:
-          name: docker-artifact
-          path: artifacts
-      - name: Load container image inside kind
-        run: |
-          if [ -f artifacts/image.tar ]; then
-            echo "Loading image from archive"
-            docker load --input artifacts/image.tar
-          else
-            echo "Using existing image"
-          fi
-      - name: Install fink-alert-simulator pre-requisites (argo-workflows)
-        run: |
-          . "$CIUXCONFIG"
-          .  "$FINK_ALERT_SIMULATOR_DIR"/prereq-install.sh
-      - name: Run fink-alert-simulator
-        run: |
-          . "$CIUXCONFIG"
-          "$FINK_ALERT_SIMULATOR_DIR"/argo-submit.sh
-          argo watch @latest
-      # - name: Setup tmate session
-      # uses: mxschmitt/action-tmate@v3
-      - name: Install fink-broker pre-requisites (JDK, Spark)
-        run: |
-          sudo apt-get -y update
-          sudo apt-get -y install openjdk-8-jdk-headless
-          ./e2e/prereq-install.sh
-      - name: Run fink-broker
-        run: |
-          ./e2e/fink-start.sh
-      - name: Check results
-        run: |
-          ./e2e/check-results.sh
-  image-analysis:
-    name: Analyze image
-    runs-on: ubuntu-22.04
-    permissions:
-      security-events: write
-    needs: build
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Download image
-        uses: actions/download-artifact@v3
-        with:
-          name: docker-artifact
-          path: artifacts
-      - name: Load image in local registry
-        run: |
-          if [ -f artifacts/image.tar ]; then
-            echo "Loading image ${{ needs.build.outputs.image }} from archive"
-            docker load --input artifacts/image.tar
-          else
-            echo "Using existing image ${{ needs.build.outputs.image }}"
-          fi
-      - name: Scan fink-broker image
-        uses: anchore/scan-action@v3
-        id: scan
-        with:
-          image: "${{ needs.build.outputs.image }}"
-          fail-build: false
-      - name: Display SARIF report
-        run: |
-          cat ${{ steps.scan.outputs.sarif }}
-      - name: upload Anchore scan SARIF report
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
-  push:
-    name: Push fink-broker image to IN2P3 registry
-    runs-on: ubuntu-22.04
-    needs: [build, integration-tests]
-    steps:
-      - name: Download image
-        uses: actions/download-artifact@v3
-        with:
-          name: docker-artifact
-          path: artifacts
-      - name: Load image in local registry
-        run: |
-          if [ -f artifacts/image.tar ]; then
-              echo "Loading image ${{ needs.build.outputs.image }} from archive"
-              docker load --input artifacts/image.tar
-            else
-              echo "Using existing image ${{ needs.build.outputs.image }}"
-            fi
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          registry: gitlab-registry.in2p3.fr
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-      - name: Push image to IN2P3 registry
-        run: |
-          docker push "${{ needs.build.outputs.image }}"
+  call-workflow-passing-data:
+    uses: ./.github/workflows/e2e-common.yml
+    with:
+      suffix: ""
+      ci_repo: ""
+    secrets:
+      registry_username: ${{ secrets.REGISTRY_USERNAME }}
+      registry_token: ${{ secrets.REGISTRY_TOKEN }}
diff --git a/.github/workflows/e2e-noscience.yml b/.github/workflows/e2e-noscience.yml
@@ -4,12 +4,12 @@ on:
   schedule:
     # At 03:00 UTC on every day-of-week from Monday through Friday.
     - cron:  '0 3 * * 1-5'
-
 jobs:
   call-workflow-passing-data:
-    uses: ./.github/workflows/e2e.yml
+    uses: ./.github/workflows/e2e-common.yml
     with:
       suffix: noscience
+      ci_repo: "docker-registry.docker-registry:5000"
     secrets:
       registry_username: ${{ secrets.REGISTRY_USERNAME }}
       registry_token: ${{ secrets.REGISTRY_TOKEN }}