From 277707722baab2c30391e7780717f1fa2170f8d2 Mon Sep 17 00:00:00 2001 From: Theo Barber-Bany Date: Mon, 22 Apr 2024 11:25:27 +0100 Subject: [PATCH] Builds ACR, GCR credential providers in CI This change builds the GCR and ACR credential providers in CI. This is due to bug OCPBUGS-30970. Initially, we did not think we needed builds in 4.15, but due to RHEL workers not always being upgraded before the cluster, we do (see bug). This builds the RPMs in CI to ensure no 4.15 backports break the RPM builds. --- ...ift-cloud-provider-azure-release-4.15.yaml | 47 +++++++++++++++++- ...shift-cloud-provider-gcp-release-4.15.yaml | 48 +++++++++++++++++-- ...ovider-azure-release-4.15-postsubmits.yaml | 3 ++ ...rovider-azure-release-4.15-presubmits.yaml | 16 ++++++- ...provider-gcp-release-4.15-postsubmits.yaml | 1 + ...-provider-gcp-release-4.15-presubmits.yaml | 2 +- 6 files changed, 109 insertions(+), 8 deletions(-) diff --git a/ci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15.yaml b/ci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15.yaml index a2ed915a939ea..94f20c1e92830 100644 --- a/ci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15.yaml +++ b/ci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15.yaml @@ -1,4 +1,8 @@ base_images: + base-machine: + name: centos + namespace: openshift + tag: stream9 commitchecker: name: commitchecker namespace: ci @@ -11,9 +15,16 @@ base_images: name: builder namespace: ocp tag: rhel-9-golang-1.20-openshift-4.15 + rhel-coreos-base: + name: "4.15" + namespace: ocp + tag: rhel-coreos binary_build_commands: make binaries build_root: - from_repository: true + image_stream_tag: + name: builder + namespace: ocp + tag: rhel-9-golang-1.20-openshift-4.15 canonical_go_repository: github.com/kubernetes-sigs/cloud-provider-azure images: - dockerfile_path: openshift-hack/images/cloud-controller-manager-openshift.Dockerfile @@ -34,10 +45,40 @@ images: as: - registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.20-openshift-4.15 to: azure-cloud-node-manager +- dockerfile_literal: | + # This uses the new rhel-coreos base image + # https://github.com/openshift/enhancements/blob/master/enhancements/ocp-coreos-layering/ocp-coreos-layering.md + FROM quay.io/centos/centos:stream9 as build + # Sadly rpm-ostree in rhel8 right now doesn't support e.g. `rpm-ostree upgrade openshift-hyperkube` + # in a container https://github.com/coreos/rpm-ostree/issues/4034 + RUN ls -al /etc/yum.repos.d && dnf -y install dnf-utils && dnf --disablerepo='*' --enablerepo=built download acr-credential-provider + # See also https://issues.redhat.com/browse/ART-4352 + FROM registry.ci.openshift.org/rhcos-devel/rhel-coreos + COPY --from=build /*.rpm / + # Also delete leftover RPM files; see https://issues.redhat.com/browse/OCPBUGS-6505. + # use -F rather than -U as we otherwise conflict with the production build in rhel-coreos + RUN rpm -Fvh --oldpackage /*.rpm && rm -vf /*.rpm /usr/share/rpm/__db.* /usr/share/rpm/.*.lock + inputs: + base-machine-with-rpms: + as: + - quay.io/centos/centos:stream9 + rhel-coreos-base: + as: + - registry.ci.openshift.org/rhcos-devel/rhel-coreos + to: rhel-coreos promotion: to: - - name: "4.15" + - additional_images: + cloud-provider-azure-rpms: rpms + disabled: true + excluded_images: + - rhel-coreos + name: "4.15" namespace: ocp +raw_steps: +- rpm_image_injection_step: + from: base-machine + to: base-machine-with-rpms releases: initial: integration: @@ -55,6 +96,8 @@ resources: requests: cpu: 100m memory: 200Mi +rpm_build_commands: openshift-hack/build-rpms.sh 4.15.0 +rpm_build_location: _output/RPMS/x86_64 tests: - as: verify-git-history commands: make verify-history diff --git a/ci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15.yaml b/ci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15.yaml index 013c09859e134..f7d86e5751479 100644 --- a/ci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15.yaml +++ b/ci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15.yaml @@ -1,4 +1,8 @@ base_images: + base-machine: + name: centos + namespace: openshift + tag: stream9 commitchecker: name: commitchecker namespace: ci @@ -11,12 +15,16 @@ base_images: name: builder namespace: ocp tag: rhel-9-golang-1.20-openshift-4.15 + rhel-coreos-base: + name: "4.15" + namespace: ocp + tag: rhel-coreos binary_build_commands: go build ./cmd/cloud-controller-manager build_root: image_stream_tag: - name: release - namespace: openshift - tag: golang-1.17 + name: builder + namespace: ocp + tag: rhel-9-golang-1.20-openshift-4.15 canonical_go_repository: k8s.io/cloud-provider-gcp images: - dockerfile_path: openshift-hack/images/Dockerfile.openshift @@ -28,10 +36,40 @@ images: as: - registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.20-openshift-4.15 to: gcp-cloud-controller-manager +- dockerfile_literal: | + # This uses the new rhel-coreos base image + # https://github.com/openshift/enhancements/blob/master/enhancements/ocp-coreos-layering/ocp-coreos-layering.md + FROM quay.io/centos/centos:stream9 as build + # Sadly rpm-ostree in rhel8 right now doesn't support e.g. `rpm-ostree upgrade openshift-hyperkube` + # in a container https://github.com/coreos/rpm-ostree/issues/4034 + RUN ls -al /etc/yum.repos.d && dnf -y install dnf-utils && dnf --disablerepo='*' --enablerepo=built download gcr-credential-provider + # See also https://issues.redhat.com/browse/ART-4352 + FROM registry.ci.openshift.org/rhcos-devel/rhel-coreos + COPY --from=build /*.rpm / + # Also delete leftover RPM files; see https://issues.redhat.com/browse/OCPBUGS-6505. + # use -F rather than -U as we otherwise conflict with the production build in rhel-coreos + RUN rpm -Fvh --oldpackage /*.rpm && rm -vf /*.rpm /usr/share/rpm/__db.* /usr/share/rpm/.*.lock + inputs: + base-machine-with-rpms: + as: + - quay.io/centos/centos:stream9 + rhel-coreos-base: + as: + - registry.ci.openshift.org/rhcos-devel/rhel-coreos + to: rhel-coreos promotion: to: - - name: "4.15" + - additional_images: + cloud-provider-gcp-rpms: rpms + disabled: true + excluded_images: + - rhel-coreos + name: "4.15" namespace: ocp +raw_steps: +- rpm_image_injection_step: + from: base-machine + to: base-machine-with-rpms releases: initial: integration: @@ -49,6 +87,8 @@ resources: requests: cpu: 100m memory: 200Mi +rpm_build_commands: openshift-hack/build-rpms.sh 4.15.0 +rpm_build_location: _output/RPMS/x86_64 tests: - as: fmt commands: gofmt -l $(find . -type f -name '*.go'| grep -v "/vendor/") diff --git a/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-postsubmits.yaml b/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-postsubmits.yaml index 81940bd8aec43..18fd24442496c 100644 --- a/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-postsubmits.yaml +++ b/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-postsubmits.yaml @@ -6,6 +6,8 @@ postsubmits: - ^release-4\.15$ cluster: build03 decorate: true + decoration_config: + skip_cloning: true labels: ci-operator.openshift.io/is-promotion: "true" ci.openshift.io/generator: prowgen @@ -21,6 +23,7 @@ postsubmits: - --promote - --report-credentials-file=/etc/report/credentials - --target=[images] + - --target=rpms command: - ci-operator image: ci-operator:latest diff --git a/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-presubmits.yaml b/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-presubmits.yaml index ecd86d7a53368..e7bb71dc07398 100644 --- a/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-presubmits.yaml +++ b/ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-release-4.15-presubmits.yaml @@ -8,6 +8,8 @@ presubmits: cluster: build03 context: ci/prow/e2e-azure-ovn decorate: true + decoration_config: + skip_cloning: true labels: ci-operator.openshift.io/cloud: azure4 ci-operator.openshift.io/cloud-cluster-profile: azure4 @@ -88,6 +90,8 @@ presubmits: cluster: build03 context: ci/prow/e2e-azure-ovn-upgrade decorate: true + decoration_config: + skip_cloning: true labels: ci-operator.openshift.io/cloud: azure4 ci-operator.openshift.io/cloud-cluster-profile: azure4 @@ -168,6 +172,8 @@ presubmits: cluster: build03 context: ci/prow/images decorate: true + decoration_config: + skip_cloning: true labels: ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" @@ -181,7 +187,7 @@ presubmits: - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - --report-credentials-file=/etc/report/credentials - --target=[images] - - --target=[release:latest] + - --target=rpms command: - ci-operator image: ci-operator:latest @@ -223,6 +229,8 @@ presubmits: cluster: build03 context: ci/prow/unit decorate: true + decoration_config: + skip_cloning: true labels: ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" @@ -277,6 +285,8 @@ presubmits: cluster: build03 context: ci/prow/verify decorate: true + decoration_config: + skip_cloning: true labels: ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" @@ -331,6 +341,8 @@ presubmits: cluster: build03 context: ci/prow/verify-commits decorate: true + decoration_config: + skip_cloning: true labels: ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" @@ -386,6 +398,8 @@ presubmits: cluster: build03 context: ci/prow/verify-git-history decorate: true + decoration_config: + skip_cloning: true labels: ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" diff --git a/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-postsubmits.yaml b/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-postsubmits.yaml index c0809d3c9954e..1d7f27b8782d2 100644 --- a/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-postsubmits.yaml +++ b/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-postsubmits.yaml @@ -23,6 +23,7 @@ postsubmits: - --promote - --report-credentials-file=/etc/report/credentials - --target=[images] + - --target=rpms command: - ci-operator image: ci-operator:latest diff --git a/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-presubmits.yaml b/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-presubmits.yaml index c1bf873a4dc02..efcac16035c76 100644 --- a/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-presubmits.yaml +++ b/ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-release-4.15-presubmits.yaml @@ -251,7 +251,7 @@ presubmits: - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - --report-credentials-file=/etc/report/credentials - --target=[images] - - --target=[release:latest] + - --target=rpms command: - ci-operator image: ci-operator:latest