sclorg · phracek · Jan 20, 2026 · Jan 20, 2026
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -0,0 +1,55 @@
+name: Build and push container images to Quay.io registry
+on:
+  push:
+    branches:
+      - master
+  schedule:
+      - cron: '0 1 * * 3'
+
+jobs:
+  build-and-push:
+    if: github.repository_owner == 'sclorg'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: "Dockerfile.daily-tests"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN"
+            tag: "daily-tests"
+            image_name: "daily-tests:latest"
+
+          - dockerfile: "Dockerfile.daily-reports"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN"
+            tag: "daily-reports"
+            image_name: "daily-reports:latest"
+
+
+    steps:
+      - name: Build and push daily-tests image to quay.io registry
+        uses: sclorg/build-and-push-action@v4
+        with:
+          registry: "quay.io"
+          registry_namespace: "sclorg"
+          registry_username: ${{ secrets[matrix.quayio_username] }}
+          registry_token: ${{ secrets[matrix.quayio_token] }}
+          dockerfile: Dockerfile.daily-tests
+          tag: "daily-tests"
+          image_name: "daily-tests:latest"
+          quay_application_token: ${{ secrets.QUAY_IMAGE_SCLORG_UPDATE_DESC }}
+
+      - name: Build and push daily-reports image to quay.io registry
+        uses: sclorg/build-and-push-action@v4
+        with:
+          registry: "quay.io"
+          registry_namespace: "sclorg"
+          registry_username: ${{ secrets[matrix.quayio_username] }}
+          registry_token: ${{ secrets[matrix.quayio_token] }}
+          dockerfile: Dockerfile.daily-reports
+          tag: "daily-reports"
+          image_name: "daily-reports:latest"
+          quay_application_token: ${{ secrets.QUAY_IMAGE_SCLORG_UPDATE_DESC }}
diff --git a/.gitignore b/.gitignore
@@ -1 +1,3 @@
+.mypy_cache
 .idea
+.vscode
diff --git a/Containerfile.daily-reports b/Containerfile.daily-reports
@@ -0,0 +1,3 @@
+FROM quay.io/sclorg/daily-tests
+
+CMD ["/ci-scripts/daily_reports/daily_nightly_tests_report.py"]
diff --git a/Containerfile.daily-tests b/Containerfile.daily-tests
@@ -0,0 +1,28 @@
+FROM quay.io/fedora/fedora:42
+
+ENV WORK_DIR="/var/tmp" \
+    DOWNSTREAM_TMT_REPO="https://gitlab.cee.redhat.com/platform-eng-core-services/sclorg-tmt-plans" \
+    VERSION="42" \
+    DOWNSTREAM_TMT_DIR="sclorg-tmt-plans" \
+    UPSTREAM_TMT_REPO="https://github.com/sclorg/sclorg-testing-farm" \
+    UPSTREAM_TMT_DIR="sclorg-testing-farm"
+
+RUN mkdir -p ${WORK_DIR} && \
+    dnf install -y python3.13-pip git && \
+    git config --global http.sslVerify false && \
+    git clone "${DOWNSTREAM_TMT_REPO}" "${WORK_DIR}/${DOWNSTREAM_TMT_DIR}" && \
+    git clone "${UPSTREAM_TMT_REPO}" "${WORK_DIR}/${UPSTREAM_TMT_DIR}"
+
+# Add qa-tools repos that contain 1minutetip and QA tools
+RUN curl -o /etc/yum.repos.d/lpol-qa-tools.repo https://copr.devel.redhat.com/coprs/lpol/qa-tools/repo/fedora-${VERSION}/lpol-qa-tools-fedora-${VERSION}.repo && \
+    dnf copr -y enable copr.devel.redhat.com/lpol/qa-tools && \
+    dnf install -y python3.13-pip git tmt beaker-redhat qa-tools-workstation tmt-redhat-provision-minute tmt-provision-virtual && \
+    dnf clean all
+
+COPY . /ci-scripts
+
+WORKDIR /ci-scripts
+
+RUN pip install -r requirements.txt
+
+CMD ["/ci-scripts/run_nightly_tests.sh"]
diff --git a/Makefile b/Makefile
@@ -1,7 +1,11 @@
-.PHONY: run_daily_tests shellcheck
+.PHONY: run_daily_tests shellcheck build_images
 
 run_daily_tests:
 	bash daily_tests/daily_scl_tests.sh
 
 shellcheck:
 	./run-shellcheck.sh `git ls-files *.sh`
+
+build_images:
+	podman build -t quay.io/sclorg/daily-tests:latest -f Containerfile.daily-tests .
+	podman build -t quay.io/sclorg/daily-reports:latest -f Containerfile.daily-reports .
diff --git a/openshift/core-services-ocp--nightly-devel.yaml b/openshift/core-services-ocp--nightly-devel.yaml
@@ -0,0 +1,9 @@
+apiVersion: tenant.paas.redhat.com/v1alpha1
+kind: TenantNamespace
+metadata:
+  name: nightly-devel
+  namespace: core-services-ocp--config
+spec:
+  type: runtime
+  network:
+    security-zone: internal
diff --git a/openshift/core-services-ocp--nightly-egress.yaml b/openshift/core-services-ocp--nightly-egress.yaml
@@ -0,0 +1,25 @@
+apiVersion: tenant.paas.redhat.com/v1alpha1
+kind: TenantEgress
+metadata:
+    name: default
+    namespace: core-services-ocp--nightly-devel
+spec:
+  egress:
+  - to:
+      dnsName: github.com
+    type: Allow
+  - to:
+      cidrSelector: 172.0.0.0/8
+    type: Allow
+  - to:
+      cidrSelector: 10.0.0.0/9
+    type: Allow
+  - to:
+      cidrSelector: 52.218.128.0/17
+    type: Allow
+  - to:
+      cidrSelector: 52.92.128.0/17
+    type: Allow
+  - to:
+      cidrSelector: 52.216.0.0/15
+    type: Allow
diff --git a/openshift/cronjob-nightly-builds.yml b/openshift/cronjob-nightly-builds.yml
@@ -0,0 +1,47 @@
+---
+apiVersion: v1
+kind: Template
+metadata:
+  creationTimestamp: null
+  generation: 1
+  labels:
+    component: nightly-builds
+  name: nightly-builds-pod
+objects:
+- apiVersion: batch/v2alpha1
+  kind: CronJob
+  metadata:
+    name: nightly-builds-cronjob
+  spec:
+    schedule: "0 1 * * 1-5"  # At 01:00 on every day-of-week from Monday through Friday.
+    jobTemplate:
+      spec:
+        template:
+          metadata:
+            labels:
+              parent: "cronjobnightlybuilds"
+          spec:
+            containers:
+            - name: nightly-builds-pod-fedora-test-s2i
+              image: "quay.io/sclorg/daily-tests:latest"
+              command: ["/ci-scripts/run_nightly_tests.sh"]
+              restartPolicy: OnFailure
+              env:
+              - name: TARGET
+                value: "fedora"
+              - name: TESTS
+                value: "test"
+              - name: SET_TEST
+                value: "S2I"
+              volumeMounts:
+              - mountPath: /var/tmp/daily_scl_tests
+                name: nightly-builds-daily-logs
+              - mountPath: /var/tmp/daily_reports_dir
+                name: nightly-builds-results-logs
+            volumes:
+            - name: nightly-builds-daily-logs
+              persistentVolumeClaim:
+                claimName: claim.nighly-builds-daily-logs
+            - name: nightly-builds-results-logs
+              persistentVolumeClaim:
+                claimName: claim.nighly-builds-results-logs
diff --git a/openshift/deploy.yml b/openshift/deploy.yml
@@ -0,0 +1,41 @@
+---
+- name: Bots deployment
+  hosts: localhost
+  vars:
+    deployment: "{{ lookup('env', 'DEPLOYMENT') }}"
+  tasks:
+    - name: include variables
+      include_vars: ../vars/{{ deployment }}.yml
+
+    # - name: Deploy templates (need to be processed)
+    #   k8s:
+    #     namespace: "{{ project }}"
+    #     definition: "{{ item }}"
+    #     host: "{{ host }}"
+    #     api_key: "{{ api_key }}"
+    #     validate_certs: "{{ validate_certs }}"
+    #   loop:
+    #     - "{{ lookup('template', '../secret-testing-farm-api-keys.yml.j2') | from_yaml }}"
+
+    - name: Deploy resource configs (no need to process them)
+      k8s:
+        namespace: "{{ project }}"
+        src: "{{ item }}"
+        host: "{{ host }}"
+        api_key: "{{ api_key }}"
+        validate_certs: "{{ validate_certs }}"
+      loop:
+        - ../imagestream-nightly-builds.yml
+        - ../pvc-daily-logs.yml
+        - ../pvc-results-logs.yml
+        - ../deployment.yml
+
+    - name: Deploy cronjobs for nightly builds
+      k8s:
+        namespace: "{{ project }}"
+        src: "{{ item }}"
+        host: "{{ host }}"
+        api_key: "{{ api_key }}"
+        validate_certs: "{{ validate_certs }}"
+      loop:
+        - "./cronjob-nightly-builds.yml"
diff --git a/openshift/deployment.yml b/openshift/deployment.yml
@@ -0,0 +1,67 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    description: Deploy CI scripts to OpenShift
+    template.alpha.openshift.io/wait-for-ready: "true"
+  labels:
+    io.openshift.tags: ci-scripts
+  name: ci-scripts
+spec:
+  template:
+    metadata:
+      labels:
+        io.openshift.tags: ci-scripts
+        name: ci-scripts
+      name: ci-scripts
+    spec:
+      containers:
+        - name: ci-scripts
+          # get latest from image stream
+          image: "quay.io/sclorg/ci-scripts:latest"
+          env:
+            - name: TESTING_FARM_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: testing-farm-api-keys
+                  key: testing_farm_api_key
+            - name: SLACK_WEBHOOK_URL
+              valueFrom:
+                secretKeyRef:
+                  name: ci-scripts-slack-webhook
+                  key: slack_webhook_url
+            - name: NAMESPACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ci-scripts-config
+                  key: namespace
+          volumeMounts:
+            - name: nightly-builds-daily-logs
+              mountPath: /var/tmp/daily_scl_tests
+            - name: nightly-builds-results-logs
+              mountPath: /var/tmp/daily_reports_dir
+          resources:
+            requests:
+              memory: "400Mi"
+              cpu: "200m"
+            limits:
+              memory: "800Mi"
+              cpu: "400m"
+      serviceAccountName: ci-scripts
+      volumes:
+        - name: nightly-builds-daily-logs
+          persistentVolumeClaim:
+            claimName: claim.nighly-builds-daily-logs
+        - name: nightly-builds-results-logs
+          persistentVolumeClaim:
+            claimName: claim.nighly-builds-results-logs
+      restartPolicy: Always
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingParams:
+      intervalSeconds: 1
+  selector:
+    matchLabels:
+      name: ci-scripts
diff --git a/openshift/imagestream-nightlybuild.yml b/openshift/imagestream-nightlybuild.yml
@@ -0,0 +1,17 @@
+---
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: nightly-builds
+spec:
+  tags:
+    - name: latest
+      from:
+        kind: DockerImage
+        # populate from quay.io/sclorg/cwt
+        name: quay.io/sclorg/nighly-builds
+      importPolicy:
+        # periodically query registry to synchronize tag and image metadata
+        scheduled: true
+  lookupPolicy:
+    local: true
diff --git a/openshift/pvc-daily-logs.yml b/openshift/pvc-daily-logs.yml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: claim.nighly-builds-daily-logs
+  annotations:
+    trident.netapp.io/reclaimPolicy: Delete
+  labels:
+    paas.redhat.com/appcode: CORE-005
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 4Gi
+  storageClassName: netapp-nfs
+  volumeMode: Filesystem
diff --git a/openshift/pvc-results-logs.yml b/openshift/pvc-results-logs.yml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: claim.nighly-builds-results-logs
+  annotations:
+    trident.netapp.io/reclaimPolicy: Delete
+  labels:
+    paas.redhat.com/appcode: CORE-005
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 4Gi
+  storageClassName: netapp-nfs
+  volumeMode: Filesystem
diff --git a/openshift/vars/template.yml b/openshift/vars/template.yml
@@ -0,0 +1,29 @@
+# Don't modify this file. Copy it to e.g. dev.yml or stage.yml and modify that one.
+
+# -------------------------------------------------------------------
+# Variables needed by Ansible playbook in playbooks/deploy.yml
+# -------------------------------------------------------------------
+
+# Openshift project/namespace name (needs to be created beforehand)
+# e.g. ci-scripts/ci-scripts-devel
+project:
+
+# Openshift cluster url
+
+# To deploy to "oc cluster up" running locally (or on host when this runs in container)
+host: https://172.17.0.1:8443
+
+# In Openshift web GUI click on your login in top right corner
+# 'Copy Login Command'
+# Take the part after --token=
+api_key: ""
+
+# To work-around 'SSL: CERTIFICATE_VERIFY_FAILED' when deploying to localhost
+validate_certs: false
+
+# To deploy to Testing Farm
+# https://src.osci.redhat.com/settings#nav-api-tab (for prod.yml)
+testing_farm_api_key: ""
+
+# To send notifications to Slack
+slack_webhook_url: ""
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		FROM quay.io/sclorg/daily-tests

		CMD ["/ci-scripts/daily_reports/daily_nightly_tests_report.py"]