From 864d96b2fbd297ddc016f1d04f4653f6826158a7 Mon Sep 17 00:00:00 2001 From: Zack Zlotnik Date: Tue, 5 Jul 2022 11:50:53 -0400 Subject: [PATCH 1/2] reenable nightly rhcos build --- .../os/openshift-os-master__periodic.yaml | 117 ++++++++++++++++++ .../os/openshift-os-master-periodics.yaml | 57 +++++++++ .../os/openshift-os-master-postsubmits.yaml | 57 +++++++++ .../os/openshift-os-master-presubmits.yaml | 52 ++++++++ 4 files changed, 283 insertions(+) create mode 100644 ci-operator/config/openshift/os/openshift-os-master__periodic.yaml create mode 100644 ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml diff --git a/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml new file mode 100644 index 0000000000000..4eb701d70367c --- /dev/null +++ b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml @@ -0,0 +1,117 @@ +base_images: + coreos_coreos-assembler_latest: + name: coreos-assembler + namespace: coreos + tag: latest +build_root: + image_stream_tag: + name: fcos-buildroot + namespace: coreos + tag: testing-devel +images: +- dockerfile_literal: | + # COSA + source code + FROM registry.svc.ci.openshift.org/coreos/coreos-assembler:latest + WORKDIR /src + # Tell the build scripts that we have setup a directory for unprivileged build + ENV COSA_DIR=/tmp/cosa + RUN mkdir -p "${COSA_DIR}" + # Prow doesn't support emptydir for jobs today + ENV COSA_SKIP_OVERLAY=1 + # Copy the source code + COPY . . + # We need to make sure that root can read / write to the COSA_DIR so that + # when this container is actually run, we have permissions to read and + # write to the COSA_DIR and the /src dir. + USER root + RUN chgrp -Rf root "${COSA_DIR}" && \ + chmod -Rf g+w "${COSA_DIR}" && \ + chown -R builder:builder /src + # Go back to unprivileged user for COSA + USER builder + WORKDIR /tmp/cosa + inputs: + coreos_coreos-assembler_latest: + as: + - registry.svc.ci.openshift.org/coreos/coreos-assembler:latest + to: build-image +- build_args: + - name: RHELVER + value: rhel-8.6 + dockerfile_literal: | + # This performs the RHCOS build itself. + # TODO: Move this Dockerfile into the openshift/os repository so we can + # easily reuse it for all RHCOS / SCOS versions via setting the build arg. + FROM build-image:latest AS base + ARG RHELVER="rhel-8.6" + ENV RHELVER=$RHELVER + ENV COSA_NO_KVM=1 + # We need to reduce the size of this image because we can run out of space + # on the underlying volume when the layer is committed. All we care about + # is the rhcos.x86_64.ociarchive file. + RUN /src/ci/prow-entrypoint.sh build && \ + /src/ci/simplify-ociarchive-path.sh && \ + mv /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive /tmp/cosa/rhcos.x86_64.ociarchive && \ + rm -rf /tmp/cosa/builds /tmp/cosa/cache + + # We don't need the rest of the build-image container, so we copy the OCI + # archive into its own scratch image in preparation for extraction. + FROM scratch + COPY --from=base /tmp/cosa/rhcos.x86_64.ociarchive /tmp/cosa/rhcos.x86_64.ociarchive + inputs: + build-image: + as: + - build-image:latest + to: rhcos-8.6-build +- dockerfile_literal: | + # This extracts the OCI archive from the rhcos-8.6-build image build, injects it + # into the build context, and then uses that OCI archive as this image. + # This makes use of the following: + # - OpenShift Image Builds allows one to pass in a path from another container + # image. It places this under /tmp/build/inputs/. See: + # https://github.com/openshift/builder/blob/37525a77fa07e26c420962dee47193d672ef0b35/pkg/build/builder/common.go#L72 + # - Buildah allows one to use oci-archive as a transport. See: + # https://www.redhat.com/sysadmin/7-transports-features + # - Utilizing the above features in concert with one another and using an + # absolute path to refer to the OCI archive in the build context allows us + # to "import" the OCI archive into the CI ImageStream. + FROM oci-archive:/tmp/build/inputs/magic/cosa/rhcos.x86_64.ociarchive + inputs: + rhcos-8.6-build: + paths: + - destination_dir: magic + source_path: /tmp/cosa + to: machine-os-oci-content-rhel-8.6 +promotion: + additional_images: + rhel-coreos: machine-os-oci-content-rhel-8.6 + excluded_images: + - '*' + namespace: rhcos-devel + tag: latest +releases: + initial: + integration: + name: "4.12" + namespace: ocp + latest: + integration: + include_built_images: true + name: "4.12" + namespace: ocp +resources: + '*': + requests: + cpu: 2000m + memory: 4Gi +tests: +- as: validate-built-image-rhel-8.6 + commands: cat /etc/os-release + container: + from: machine-os-oci-content-rhel-8.6 + cron: '@daily' +zz_generated_metadata: + branch: master + org: openshift + repo: os + variant: periodic diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml new file mode 100644 index 0000000000000..fc38ecaed6f01 --- /dev/null +++ b/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml @@ -0,0 +1,57 @@ +periodics: +- agent: kubernetes + cluster: build01 + cron: 51 1 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-validate-built-image-rhel-8.6 + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=validate-built-image-rhel-8.6 + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml index e6d2c29dcf552..e51a7833c537a 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml @@ -54,3 +54,60 @@ postsubmits: - name: result-aggregator secret: secretName: result-aggregator + - agent: kubernetes + always_run: true + branches: + - ^master$ + cluster: build03 + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/is-promotion: "true" + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + max_concurrency: 1 + name: branch-ci-openshift-os-master-periodic-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + - --target=machine-os-oci-content-rhel-8.6 + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml index 761e24e37d374..503c97de7d384 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml @@ -50,6 +50,58 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build03 + context: ci/prow/periodic-images + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-periodic-images + rerun_command: /test periodic-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + - --target=machine-os-oci-content-rhel-8.6 + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )periodic-images,?($|\s.*) - agent: kubernetes always_run: false branches: From 81df8303e3d83bcafa76aeb23c949f04a98d70f0 Mon Sep 17 00:00:00 2001 From: Joseph Marrero Date: Thu, 7 Jul 2022 10:53:05 -0400 Subject: [PATCH 2/2] openshift/os/periodic: Add extentions container build --- .../os/openshift-os-master__periodic.yaml | 11 ++++ .../os/openshift-os-master-postsubmits.yaml | 1 + .../os/openshift-os-master-presubmits.yaml | 52 +++++++++++++++++++ 3 files changed, 64 insertions(+) diff --git a/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml index 4eb701d70367c..b86f5fcfc6bfd 100644 --- a/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml +++ b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml @@ -82,9 +82,16 @@ images: - destination_dir: magic source_path: /tmp/cosa to: machine-os-oci-content-rhel-8.6 +- dockerfile_path: extensions/Dockerfile + inputs: + machine-os-oci-content-rhel-8.6: + as: + - registry.ci.openshift.org/rhcos-devel/rhel-coreos:latest + to: rhcos-extensions-8.6 promotion: additional_images: rhel-coreos: machine-os-oci-content-rhel-8.6 + rhel-coreos-extensions: rhcos-extensions-8.6 excluded_images: - '*' namespace: rhcos-devel @@ -110,6 +117,10 @@ tests: container: from: machine-os-oci-content-rhel-8.6 cron: '@daily' +- as: validate-built-extensions-8.6 + commands: cat /etc/os-release + container: + from: rhcos-extensions-8.6 zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml index e51a7833c537a..ec75a0d9bf6c2 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml @@ -78,6 +78,7 @@ postsubmits: - --report-credentials-file=/etc/report/credentials - --target=[images] - --target=machine-os-oci-content-rhel-8.6 + - --target=rhcos-extensions-8.6 - --variant=periodic command: - ci-operator diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml index 503c97de7d384..81211fea9603e 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml @@ -74,6 +74,7 @@ presubmits: - --report-credentials-file=/etc/report/credentials - --target=[images] - --target=machine-os-oci-content-rhel-8.6 + - --target=rhcos-extensions-8.6 - --variant=periodic command: - ci-operator @@ -102,6 +103,57 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )periodic-images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build03 + context: ci/prow/periodic-validate-built-extensions-8.6 + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-periodic-validate-built-extensions-8.6 + rerun_command: /test periodic-validate-built-extensions-8.6 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=validate-built-extensions-8.6 + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )periodic-validate-built-extensions-8.6,?($|\s.*) - agent: kubernetes always_run: false branches: