From 07dce990e8ef1c9a617b9cfad327887fc1efdcbc Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Tue, 28 Jan 2025 15:41:26 -0600 Subject: [PATCH] Add optional CI jobs for testing Compliance Operator on ARM64 The `ipi-aws` workflow allows us to request ARM64 architecture for the control plane and worker nodes. Let's use it so we can start building out CI for the Compliance Operator on ARM64. This job is optional for now until we smooth out failures in the compliance operator running on ARM. Once we have stable jobs, we'll make this a required. --- ...anceAsCode-compliance-operator-master.yaml | 74 ++++++++- ...ompliance-operator-master-postsubmits.yaml | 3 +- ...compliance-operator-master-presubmits.yaml | 153 +++++++++++++++++- 3 files changed, 225 insertions(+), 5 deletions(-) diff --git a/ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml b/ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml index 93c035c92141..4cf1f26b74cd 100644 --- a/ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml +++ b/ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml @@ -21,16 +21,22 @@ build_root: namespace: openshift tag: rhel-9-release-golang-1.23-openshift-4.19 images: -- dockerfile_path: Dockerfile.ci +- additional_architectures: + - arm64 + dockerfile_path: Dockerfile.ci from: base inputs: openshift_release_rhel-9-release-golang-1.23-openshift-4.19: as: - registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.23-openshift-4.19 to: compliance-operator -- dockerfile_path: images/testcontent/Dockerfile.ci +- additional_architectures: + - arm64 + dockerfile_path: images/testcontent/Dockerfile.ci to: testcontent -- dockerfile_path: images/openscap/Dockerfile +- additional_architectures: + - arm64 + dockerfile_path: images/openscap/Dockerfile to: testopenscap promotion: to: @@ -40,6 +46,12 @@ promotion: name: "4.17" namespace: ComplianceAsCode releases: + arm64-latest: + candidate: + architecture: arm64 + product: ocp + stream: nightly + version: "4.17" initial: integration: name: "4.17" @@ -138,6 +150,62 @@ tests: requests: cpu: 100m workflow: rosa-aws-sts-hcp +- always_run: false + as: e2e-aws-parallel-arm + skip_if_only_changed: ^.*(md|adoc)$|^LICENSE$|^.github/workflows/* + steps: + cluster_profile: quay-aws + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:arm64-latest + env: + BASE_DOMAIN: quay.devcluster.openshift.com + COMPUTE_ARCH: arm64 + CONTROL_ARCH: arm64 + OCP_ARCH: arm64 + test: + - as: test + cli: latest + commands: make e2e-parallel + dependencies: + - env: IMAGE_FROM_CI + name: compliance-operator + - env: CONTENT_IMAGE_FROM_CI + name: testcontent + - env: OPENSCAP_IMAGE_FROM_CI + name: testopenscap + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +- always_run: false + as: e2e-aws-serial-arm + skip_if_only_changed: ^.*(md|adoc)$|^LICENSE$|^.github/workflows/* + steps: + cluster_profile: quay-aws + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:arm64-latest + env: + BASE_DOMAIN: quay.devcluster.openshift.com + COMPUTE_ARCH: arm64 + CONTROL_ARCH: arm64 + OCP_ARCH: arm64 + test: + - as: test + cli: latest + commands: make e2e-serial + dependencies: + - env: IMAGE_FROM_CI + name: compliance-operator + - env: CONTENT_IMAGE_FROM_CI + name: testcontent + - env: OPENSCAP_IMAGE_FROM_CI + name: testopenscap + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws zz_generated_metadata: branch: master org: ComplianceAsCode diff --git a/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-postsubmits.yaml b/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-postsubmits.yaml index 7b4e9d224f01..1f06ebd3070b 100644 --- a/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-postsubmits.yaml +++ b/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-postsubmits.yaml @@ -4,11 +4,12 @@ postsubmits: always_run: true branches: - ^master$ - cluster: build06 + cluster: build01 decorate: true decoration_config: skip_cloning: true labels: + capability/arm64: arm64 ci-operator.openshift.io/is-promotion: "true" ci.openshift.io/generator: prowgen max_concurrency: 1 diff --git a/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-presubmits.yaml b/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-presubmits.yaml index c006f54696c3..93c1ba1fb491 100644 --- a/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-presubmits.yaml +++ b/ci-operator/jobs/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-presubmits.yaml @@ -75,6 +75,81 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-parallel,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build10 + context: ci/prow/e2e-aws-parallel-arm + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: quay-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-ComplianceAsCode-compliance-operator-master-e2e-aws-parallel-arm + rerun_command: /test e2e-aws-parallel-arm + skip_if_only_changed: ^.*(md|adoc)$|^LICENSE$|^.github/workflows/* + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-parallel-arm + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-parallel-arm,?($|\s.*) - agent: kubernetes always_run: false branches: @@ -150,6 +225,81 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-serial,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build10 + context: ci/prow/e2e-aws-serial-arm + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: quay-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-ComplianceAsCode-compliance-operator-master-e2e-aws-serial-arm + rerun_command: /test e2e-aws-serial-arm + skip_if_only_changed: ^.*(md|adoc)$|^LICENSE$|^.github/workflows/* + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-serial-arm + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-serial-arm,?($|\s.*) - agent: kubernetes always_run: false branches: @@ -286,12 +436,13 @@ presubmits: branches: - ^master$ - ^master- - cluster: build09 + cluster: build10 context: ci/prow/images decorate: true decoration_config: skip_cloning: true labels: + capability/arm64: arm64 ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-ComplianceAsCode-compliance-operator-master-images