From 66c8335bb9a213304ccfb50c8936fa1ecd1ed09d Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 25 Oct 2023 14:31:31 +0100 Subject: [PATCH] CI: Add a job to check whether all expected images are in Test Pulp --- .github/workflows/stackhpc-check-tags.yml | 48 +++++++++++++++++++ .github/workflows/stackhpc-pull-request.yml | 10 ++++ etc/kayobe/ansible/check-tags.yml | 39 +++++++++++++++ etc/kayobe/ansible/requirements.yml | 2 +- .../environments/ci-aio/stackhpc-ci.yml | 6 +++ 5 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/stackhpc-check-tags.yml create mode 100644 etc/kayobe/ansible/check-tags.yml diff --git a/.github/workflows/stackhpc-check-tags.yml b/.github/workflows/stackhpc-check-tags.yml new file mode 100644 index 000000000..1fdb01307 --- /dev/null +++ b/.github/workflows/stackhpc-check-tags.yml @@ -0,0 +1,48 @@ +--- +# This workflow queries the Test Pulp server to check that all image tags +# specified in kolla_image_tags are present. + +name: Check container image tags +on: + workflow_call: + inputs: + kayobe_image: + description: Kayobe container image + type: string + required: true + secrets: + KAYOBE_VAULT_PASSWORD: + required: true + +env: + ANSIBLE_FORCE_COLOR: True +jobs: + check-tags: + name: Check container image tags + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + runs-on: [self-hosted, stackhpc-kayobe-config-aio] + permissions: {} + env: + KAYOBE_ENVIRONMENT: ci-aio + KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} + KAYOBE_IMAGE: ${{ inputs.kayobe_image }} + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + # The same tag may be reused (e.g. pr-123), so ensure we have the latest image. + - name: Pull latest Kayobe image + run: | + sudo docker image pull $KAYOBE_IMAGE + + - name: Check container image tags + run: | + sudo -E docker run -t --rm \ + -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \ + -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \ + $KAYOBE_IMAGE \ + /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/playbook-run.sh \ + '$KAYOBE_CONFIG_PATH/ansible/check-tags.yml' + #env: + #KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }} diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 28f3623ac..7a1815cf8 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -41,6 +41,16 @@ jobs: uses: ./.github/workflows/stackhpc-build-kayobe-image.yml if: github.repository == 'stackhpc/stackhpc-kayobe-config' + check-tags: + name: Check container image tags + needs: + - build-kayobe-image + uses: ./.github/workflows/stackhpc-check-tags.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + secrets: inherit + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + all-in-one-ubuntu-jammy-ovs: name: aio (Ubuntu Jammy OVS) needs: diff --git a/etc/kayobe/ansible/check-tags.yml b/etc/kayobe/ansible/check-tags.yml new file mode 100644 index 000000000..3f0d22a68 --- /dev/null +++ b/etc/kayobe/ansible/check-tags.yml @@ -0,0 +1,39 @@ +--- +# This playbook queries the Pulp server to check that all image tags specified +# in kolla_image_tags are present. + +- name: Check whether tags exist in Pulp container registry + hosts: localhost + tasks: + - name: Query images and tags + command: + cmd: >- + {{ kayobe_config_path }}/../../tools/kolla-images.py list-tags + register: kolla_images_result + changed_when: false + + - name: Set a fact about images and tags + set_fact: + kolla_images: "{{ kolla_images_result.stdout | from_yaml }}" + + - name: Set a fact about the Pulp URL + set_fact: + pulp_url: "{{ stackhpc_repo_mirror_url }}" + + # Use state=read and allow_missing=false to check for missing tags in test pulp. + - import_role: + name: stackhpc.pulp.pulp_container_content + vars: + pulp_container_content: >- + {%- set contents = [] -%} + {%- for image, tags in kolla_images.items() -%} + {%- set repository = kolla_docker_namespace ~ "/" ~ image -%} + {%- set content = { + "allow_missing": False, + "repository": repository, + "state": "read", + "tags": tags, + } -%} + {%- set _ = contents.append(content) -%} + {%- endfor -%} + {{ contents }} diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 7eb767f34..d5ff48124 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -3,7 +3,7 @@ collections: - name: stackhpc.cephadm version: 1.14.0 - name: stackhpc.pulp - version: 0.5.2 + version: 0.5.4 - name: stackhpc.hashicorp version: 2.4.0 roles: diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index ec5a82578..f9f425f2b 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -62,3 +62,9 @@ stackhpc_docker_registry_password: !vault | 38333133393730633666613965653364316162353337313330346164303631313731646461363461 3963323635373866630a633533376339363734626664333765313665623662613764363038383735 38646138376438643533376161376634653439386230353365316239613430363338 + +# Override Pulp credentials to allow querying container image tags in the +# check-tags.yml custom playbook. +pulp_url: "{{ stackhpc_repo_mirror_url }}" +pulp_username: "{{ stackhpc_docker_registry_username }}" +pulp_password: "{{ stackhpc_docker_registry_password }}"