Skip to content

Commit

Permalink
Reformat release yaml (for later linting) (#8514)
Browse files Browse the repository at this point in the history 
* Reformat release.yml by passing through yq
* Rearrange/reformat/refactor release.yml
* Try adding yaml linting workflow to github
  • Loading branch information
@danudey
danudey committed Jun 12, 2024
1 parent 1d93621 commit 367b376
Show file tree
Hide file tree
Showing 3 changed files with 140 additions and 69 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/yamllint.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
name: Yaml Lint
on: [push] # yamllint disable-line rule:truthy
jobs:
lintAllTheThings:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: yaml-lint
uses: ibiqlik/action-yamllint@v3
with:
file_or_dir: .semaphore/**/*.yml
config_file: .semaphore/.yamllint.yml

- run: echo ${{ steps.yaml-lint.outputs.logfile }}

- uses: actions/upload-artifact@v2
if: always()
with:
name: yamllint-logfile
path: ${{ steps.yaml-lint.outputs.logfile }}
8 changes: 8 additions & 0 deletions .semaphore/.yamllint.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
extends: default

rules:
line-length:
max: 120
level: warning
indentation:
indent-sequences: whatever
180 changes: 111 additions & 69 deletions .semaphore/release/release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
---
version: v1.0
name: Publish official release
agent:
machine:
type: e1-standard-8
os_image: ubuntu2004

execution_time_limit:
minutes: 800

blocks:
- name: "Publish official release"
dependencies: []
Expand All @@ -23,53 +22,75 @@ blocks:
- name: openstack-signing-publishing
prologue:
commands:
# Load the github access secrets. First fix the permissions.
- chmod 0600 /home/semaphore/.keys/git_ssh_rsa
- ssh-add /home/semaphore/.keys/git_ssh_rsa
# For some reason, /mnt is 100 GB and has a qemu-nbd image file.
# Let's delete it and use it for our own purposes (building calico
# without running out of space)
- sudo killall qemu-nbd || true
- sudo rm -f /mnt/docker.qcow2
- sudo chown $(id -u):$(id -g) /mnt/
- mkdir calico
- sudo mount --bind /mnt calico
# Checkout the code and unshallow it.
# (this is going to throw an error because it can't remove
# the `calico` directory, which is a mount, but it will
# continue anyway)
- checkout
- retry git fetch --quiet --unshallow
# Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
# some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
# how much we churn docker containers during the build. Disable it.
- sudo systemctl stop docker
- sudo umount /var/lib/docker && sudo killall qemu-nbd || true
- sudo systemctl start docker
# Free up space on the build machine.
- sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
# Log in to container registries needed for release.
- echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
- echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
# Credentials for accessing gcloud, needed to push images to gcr
- export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
- gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
# Manually log in to GCR until we can test the gcr credentials helper
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://eu.gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://asia.gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
jobs:
- name: "Release on Semaphore VM"
execution_time_limit:
minutes: 360
env_vars:
- name: VAR_FILE
value: /home/semaphore/secrets/release.tfvars
commands:
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release; fi
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release-publish; fi
# Load the github access secrets. First fix the permissions.
- chmod 0600 /home/semaphore/.keys/git_ssh_rsa
- ssh-add /home/semaphore/.keys/git_ssh_rsa

# Semaphore mounts a copy-on-write FS as /var/lib/docker in
# order to provide a pre-loaded cache of some images. However,
# the cache is not useful to us and the copy-on-write FS is a
# big problem given how much we churn docker containers during
# the build. Disable it.
- sudo systemctl stop docker
- sudo umount /var/lib/docker && sudo killall qemu-nbd || true
- sudo systemctl start docker

# /mnt is 100 GB and has a qemu-nbd image file storing the COW
# filesystem for Docker (above). Let's delete it and use it
# for our own purposes (building calico without running out of space)
- sudo killall qemu-nbd || true
- sudo rm -f /mnt/docker.qcow2
- sudo chown $(id -u):$(id -g) /mnt/
- mkdir calico
- sudo mount --bind /mnt calico

# Checkout the code and unshallow it.
# (this is going to throw an error because it can't remove
# the `calico` directory, which is a mount, but it will
# continue anyway)
- checkout
- retry git fetch --quiet --unshallow

# Free up space on the build machine by removing extraneous
# libraries, configurations, runtimes, etc.
- |
sudo rm -rf \
~/.kerl \
~/.kiex \
~/.npm \
~/.nvm \
~/.phpbrew \
~/.rbenv \
~/.sbt \
/opt/apache-maven* \
/opt/firefox* \
/opt/scala \
/usr/lib/jvm \
/usr/local/golang
# Log in to container registries needed for release.
- echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
- echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io

# Credentials for accessing gcloud, needed to push images to gcr
- export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
- gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}

# Manually log in to GCR until we can test the gcr credentials helper
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://eu.gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://asia.gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
jobs:
- name: "Release on Semaphore VM"
execution_time_limit:
minutes: 360
env_vars:
- name: VAR_FILE
value: /home/semaphore/secrets/release.tfvars
commands:
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release; fi
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release-publish; fi
- name: "Build Openstack Packages"
dependencies: ["Publish official release"]
skip:
Expand All @@ -83,34 +104,55 @@ blocks:
- name: openstack-signing-publishing
prologue:
commands:
# Load the github access secrets. First fix the permissions.
- chmod 0600 /home/semaphore/.keys/git_ssh_rsa
- ssh-add /home/semaphore/.keys/git_ssh_rsa
# Checkout the code and unshallow it.
- checkout
# Free up space on the build machine.
- sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
# Sign in to google cloud
- export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
- gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
# Install more tools
- sudo apt update
- sudo apt install -y moreutils
# Load the github access secrets. First fix the permissions.
- chmod 0600 /home/semaphore/.keys/git_ssh_rsa
- ssh-add /home/semaphore/.keys/git_ssh_rsa

# Checkout the code and unshallow it.
- checkout

# Free up space on the build machine by removing extraneous
# libraries, configurations, runtimes, etc.
- |
sudo rm -rf \
~/.kerl \
~/.kiex \
~/.npm \
~/.nvm \
~/.phpbrew \
~/.rbenv \
~/.sbt \
/opt/apache-maven* \
/opt/firefox* \
/opt/scala \
/usr/lib/jvm \
/usr/local/golang
# Sign in to google cloud
- export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
- gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}

# Install more tools
- sudo apt update
- sudo apt install -y moreutils

jobs:
- name: "Build Openstack Packages"
execution_time_limit:
minutes: 60
env_vars:
- name: SECRET_KEY
value: /home/semaphore/secrets/launchpad-gpg-key-dfox.key
- name: GCLOUD_ARGS
value: --zone us-east1-c --project tigera-wp-tcp-redirect
- name: HOST
value: ubuntu@binaries-projectcalico-org
- name: SECRET_KEY
value: /home/semaphore/secrets/launchpad-gpg-key-dfox.key
- name: GCLOUD_ARGS
value: --zone us-east1-c --project tigera-wp-tcp-redirect
- name: HOST
value: ubuntu@binaries-projectcalico-org
commands:
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make publish-openstack; fi
epilogue:
always:
commands:
- test -d hack/release/packaging/output && mv -v hack/release/packaging/output hack/release/packaging/openstack
- artifact push workflow hack/release/packaging/openstack
- |
test -d hack/release/packaging/output && \
mv -v hack/release/packaging/output hack/release/packaging/openstack
- artifact push workflow hack/release/packaging/openstack

0 comments on commit 367b376

Please sign in to comment.