MVP: Build, Validate and Push RP Container Image Steps

.pipelines/ci.yml

@@ -28,89 +28,255 @@
     - container: python
       image: registry.access.redhat.com/ubi8/python-39:latest
       options: --user=0
+    - container: ubi8
+      image: registry.access.redhat.com/ubi8/toolbox:8.8
+      options: --user=0 --privileged -v /dev/shm:/dev/shm --device /dev/net/tun --name vpn
 
 variables:
   - template: vars.yml
 
-jobs:
-  - job: Python_Unit_Tests
-    pool:
-      name: 1es-aro-ci-pool
-    variables:
-      HOME: $(Agent.BuildDirectory)
-
-    steps:
-      - template: ./templates/template-checkout.yml
-      - script: |
-          set -xe
-          make test-python
-          [[ -z "$(git status -s)" ]]
-        displayName: 🧪Run Python Unit Tests
-        target: python
-
-  - job: Golang_Unit_Tests
-    pool:
-      name: 1es-aro-ci-pool
-    variables:
-      GOCACHE: /tmp/gocache
-    steps:
-      - template: ./templates/template-checkout.yml
-
-      - script: |
-          set -xe
-          go version
-          go env
-        displayName: Print Go version & env
-        target: golang
-
-      - script: |
-          set -xe
-          make generate
-          [[ -z "$(git status -s)" ]]
-        displayName: ⚙️ Run Golang code generate
-        target: golang
-
-      - script: |
-          set -xe
-          make build-all
-          [[ -z "$(git status -s)" ]]
-        displayName: 🕵️ Build Golang code
-        target: golang
-
-      - script: |
-          set -xe
-          make unit-test-go
-        displayName: 🧪 Run Golang unit tests
-        target: golang
-
-      - task: PublishTestResults@2
-        displayName: 📊 Publish tests results
-        inputs:
-          testResultsFiles: $(System.DefaultWorkingDirectory)/**/report.xml
-        condition: succeededOrFailed()
-
-      - script: |
-          set -xe
-          go run github.com/axw/gocov/[email protected] convert cover.out | go run github.com/AlekSi/[email protected] > coverage.xml
-        displayName: ⚙️ Process Reports
-        condition: succeededOrFailed()
-        target: golang
-
-      - task: PublishCodeCoverageResults@1
-        displayName: 📈 Publish code coverage
-        inputs:
-          codeCoverageTool: Cobertura
-          summaryFileLocation: $(System.DefaultWorkingDirectory)/**/coverage.xml
-          failIfCoverageEmpty: false
-        condition: succeededOrFailed()
-        target: golang
-
-  - job: Lint_Admin_Portal
-    pool:
-      name: 1es-aro-ci-pool
-    steps:
-      - template: ./templates/template-checkout.yml
-      - script: |
-          set -xe
-          make lint-admin-portal
-        displayName: 🧹 Lint Admin Portal
+stages:
+- stage: NotContainerized
+  dependsOn: Containerized
+  jobs:
+    - job: Python_Unit_Tests
+      pool:
+        name: 1es-aro-ci-pool
+      variables:
+        HOME: $(Agent.BuildDirectory)
+
+      steps:
+        - template: ./templates/template-checkout.yml
+        - script: |
+            set -xe
+            make test-python
+            [[ -z "$(git status -s)" ]]
+          displayName: 🧪Run Python Unit Tests
+          target: python
+
+    - job: Golang_Unit_Tests
+      pool:
+        name: 1es-aro-ci-pool
+      variables:
+        GOCACHE: /tmp/gocache
+      steps:
+        - template: ./templates/template-checkout.yml
+
+        - script: |
+            set -xe
+            go version
+            go env
+          displayName: Print Go version & env
+          target: golang
+
+        - script: |
+            set -xe
+            make generate
+            [[ -z "$(git status -s)" ]]
+          displayName: ⚙️ Run Golang code generate
+          target: golang
+
+        - script: |
+            set -xe
+            make build-all
+            [[ -z "$(git status -s)" ]]
+          displayName: 🕵️ Build Golang code
+          target: golang
+
+        - script: |
+            set -xe
+            make unit-test-go
+          displayName: 🧪 Run Golang unit tests
+          target: golang
+
+        - task: PublishTestResults@2
+          displayName: 📊 Publish tests results
+          inputs:
+            testResultsFiles: $(System.DefaultWorkingDirectory)/**/report.xml
+          condition: succeededOrFailed()
+
+        - script: |
+            set -xe
+            go run github.com/axw/gocov/[email protected] convert cover.out | go run github.com/AlekSi/[email protected] > coverage.xml
+          displayName: ⚙️ Process Reports
+          condition: succeededOrFailed()
+          target: golang
+
+        - task: PublishCodeCoverageResults@1
+          displayName: 📈 Publish code coverage
+          inputs:
+            codeCoverageTool: Cobertura
+            summaryFileLocation: $(System.DefaultWorkingDirectory)/**/coverage.xml
+            failIfCoverageEmpty: false
+          condition: succeededOrFailed()
+          target: golang
+
+    - job: Lint_Admin_Portal
+      pool:
+        name: 1es-aro-ci-pool
+      steps:
+        - template: ./templates/template-checkout.yml
+        - script: |
+            set -xe
+            make lint-admin-portal
+          displayName: 🧹 Lint Admin Portal
+
+    - job: Pull_And_Push_Image_To_ACR
+      pool:
+        vmImage: 'ubuntu-latest'
+      variables:
+        ob_outputDirectory: '$(Build.SourcesDirectory)/out'
+        IMAGE_TAG: $(Build.SourceBranchName)
+        REPOSITORY: 'my-image-repo'
+        ACR_FQDN: 'arosvcdev.azurecr.io'  # ACR FQDN
+      steps:
+        - checkout: self
+
+        # Authenticate with Azure using the Managed Identity service connection
+        - task: AzureCLI@2
+          inputs:
+            azureSubscription: 'ado-pipeline-dev-image-push'  # Service connection name
+            scriptType: 'bash'
+            scriptLocation: 'inlineScript'
+            inlineScript: |
+              az acr login --name ${ACR_FQDN%%.*}
+              docker login ${ACR_FQDN} -u "00000000-0000-0000-0000-000000000000" -p "$(az acr login --name ${ACR_FQDN%%.*} --expose-token --output tsv --query accessToken)"
+              mkdir -p "${ob_outputDirectory}"
+              docker pull ${ACR_FQDN}/${REPOSITORY}:${IMAGE_TAG} || echo "Image not found."
+              if [ -f "${ob_outputDirectory}/image.tar" ]; then
+                docker save ${ACR_FQDN}/${REPOSITORY}:${IMAGE_TAG} -o ${ob_outputDirectory}/image.tar
+              fi
+          displayName: 'Pulling Docker Image using Docker'
+
+        # Push the Docker image to ACR
+        - task: AzureCLI@2
+          inputs:
+            azureSubscription: 'ado-pipeline-dev-image-push'  # Service connection name
+            scriptType: 'bash'
+            scriptLocation: 'inlineScript'
+            inlineScript: |
+              if [ -f "${ob_outputDirectory}/image.tar" ]; then
+                docker load -i ${ob_outputDirectory}/image.tar
+                docker tag ${ACR_FQDN}/${REPOSITORY}:${IMAGE_TAG} ${ACR_FQDN}/${REPOSITORY}:latest
+                docker push ${ACR_FQDN}/${REPOSITORY}:${IMAGE_TAG}
+                docker push ${ACR_FQDN}/${REPOSITORY}:latest
+              else
+                echo "Image tar file not found, skipping push."
+              fi
+          displayName: 'Pushing Docker Image to ACR'
+
+- stage: Containerized
+  dependsOn: []
+  jobs:
+    - job: Build_Lint_Test_RP_And_Portal
+      pool:
+        name: 1es-aro-ci-pool
+      steps:
+        - template: ./templates/template-checkout.yml
+        - script: |
+            set -xe
+            export NO_CACHE=true
+
+            # Install podman
+            sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+            sudo dnf install -y podman make
+            which podman
+            podman --version
+            whoami
+
+            # Start podman service
+            . ./hack/e2e/utils.sh
+            run_podman
+            validate_podman_running
+
+            # run build
+            export PODMAN_REMOTE_ARGS="-r --url=tcp://localhost:8888"
+            make ci-rp
+
+            # Stop podman
+            kill_podman
+          target: ubi8
+
+    - job: Build_and_Test_Az_ARO_Extension
+      pool:
+        name: 1es-aro-ci-pool
+      steps:
+        - template: ./templates/template-checkout.yml
+        - script: |
+            set -xe
+            export NO_CACHE=true
+
+            # Install podman
+            sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+            sudo dnf install -y podman make
+            which podman
+            podman --version
+            whoami
+
+            # Start podman service
+            . ./hack/e2e/utils.sh
+            run_podman
+            validate_podman_running
+
+            # run build
+            export PODMAN_REMOTE_ARGS="-r --url=tcp://localhost:8888"
+            make azext-aro
+
+            # Stop podman
+            kill_podman
+          target: ubi8
+
+    - job: Lint_Az_ARO_Extension
+      pool:
+        name: 1es-aro-ci-pool
+      variables:
+        HOME: $(Agent.BuildDirectory)
+      steps:
+        - template: ./templates/template-checkout.yml
+        - script: |
+            set -xe
+            export AZDEV_CONFIG_DIR=$(Agent.BuildDirectory)/azdev-config
+            make test-python
+            [[ -z "$(git status -s)" ]]
+          target: python
+
+    - job: Extract_Coverage_Report
+      pool:
+        vmImage: 'ubuntu-latest'
+      variables:
+        ACR_FQDN: 'arosvcdev.azurecr.io'  # ACR FQDN
+        REPOSITORY: 'my-image-repo'
+        IMAGE_TAG: $(Build.SourceBranchName)
+      steps:
+        - checkout: self
+
+        # Authenticate with ACR using the Managed Identity service connection
+        - task: AzureCLI@2
+          inputs:
+            azureSubscription: 'ado-pipeline-dev-image-push'  # Service connection name
+            scriptType: 'bash'
+            scriptLocation: 'inlineScript'
+            inlineScript: |
+              az acr login --name ${ACR_FQDN%%.*}
+              docker login ${ACR_FQDN} -u "00000000-0000-0000-0000-000000000000" -p "$(az acr login --name ${ACR_FQDN%%.*} --expose-token --output tsv --query accessToken)"
+
+        - script: |
+            set -eux
+            if docker pull ${ACR_FQDN}/${REPOSITORY}:${IMAGE_TAG}; then
+              docker create --name coverage-container ${ACR_FQDN}/${REPOSITORY}:${IMAGE_TAG}
+              docker cp coverage-container:/go/src/ARO-RP/cover.out $(Build.SourcesDirectory)/cover.out || {
+                echo "Coverage file not found in container."
+                exit 1
+              }
+              docker rm coverage-container
+            else
+              echo "Image with tag ${IMAGE_TAG} not found in ${ACR_FQDN}/${REPOSITORY}"
+              exit 0  # Gracefully skip the coverage extraction if the image is not found
+            fi
+          displayName: 'Extract Coverage Report from Container'
+
+        - task: PublishCodeCoverageResults@1
+          inputs:
+            codeCoverageTool: Cobertura
+            summaryFileLocation: $(Build.SourcesDirectory)/cover.out
+          displayName: 'Publish Code Coverage Results'

Makefile

@@ -206,13 +206,25 @@ ci-rp: fix-macos-vendor
 		--build-arg ARO_VERSION=$(VERSION) \
 		--no-cache=$(NO_CACHE) \
 		-t $(LOCAL_ARO_RP_IMAGE):$(VERSION)
-	podman $(PODMAN_REMOTE_ARGS) tag \
-		$(shell podman image ls --filter label=stage=portal-build-cache-layer --noheading --format "{{.Id}}" | tail -n 1) \
-		$(LOCAL_ARO_PORTAL_BUILD_IMAGE):$(VERSION)
-	podman $(PODMAN_REMOTE_ARGS) tag \
-		$(shell podman image ls --filter label=stage=rp-build-cache-layer --noheading --format "{{.Id}}" | tail -n 1) \
-		$(LOCAL_ARO_RP_BUILD_IMAGE):$(VERSION)
 
+	# Tag the portal build image if it exists
+	@PORTAL_IMAGE_ID=$(shell podman $(PODMAN_REMOTE_ARGS) image ls --filter label=stage=portal-build-cache-layer --noheading --format "{{.Id}}" | tail -n 1); \
+	if [ -n "$$PORTAL_IMAGE_ID" ]; then \
+		echo "Tagging Portal Image $$PORTAL_IMAGE_ID as $(LOCAL_ARO_PORTAL_BUILD_IMAGE):$(VERSION)"; \
+		podman $(PODMAN_REMOTE_ARGS) tag $$PORTAL_IMAGE_ID $(LOCAL_ARO_PORTAL_BUILD_IMAGE):$(VERSION); \
+	else \
+		echo "No Portal Image found with label stage=portal-build-cache-layer"; \
+	fi
+
+	# Tag the RP build image if it exists
+	@RP_IMAGE_ID=$(shell podman $(PODMAN_REMOTE_ARGS) image ls --filter label=stage=rp-build-cache-layer --noheading --format "{{.Id}}" | tail -n 1); \
+	if [ -n "$$RP_IMAGE_ID" ]; then \
+		echo "Tagging RP Image $$RP_IMAGE_ID as $(LOCAL_ARO_RP_BUILD_IMAGE):$(VERSION)"; \
+		podman $(PODMAN_REMOTE_ARGS) tag $$RP_IMAGE_ID $(LOCAL_ARO_RP_BUILD_IMAGE):$(VERSION); \
+	else \
+		echo "No RP Image found with label stage=rp-build-cache-layer"; \
+	fi
+
 .PHONY: ci-tunnel
 ci-tunnel: fix-macos-vendor
 	podman build . -f Dockerfile.ci-tunnel --ulimit=nofile=4096:4096 --build-arg REGISTRY=$(REGISTRY) --build-arg ARO_VERSION=$(VERSION) --no-cache=$(NO_CACHE) -t aro-tunnel:$(VERSION)
@@ -411,8 +423,13 @@ validate-fips:
 
 .PHONY: unit-test-go
 unit-test-go:
-	go run ${GOTESTSUM} --format pkgname --junitfile report.xml -- -coverprofile=cover.out ./...
-
+	docker build -t my-image:latest .
+	podman create --name test-container my-image:latest
+	podman start test-container
+	podman exec test-container go run ${GOTESTSUM} --format pkgname --junitfile report.xml -- -coverprofile=cover.out ./...
+	podman stop test-container
+	podman rm test-container
+
 .PHONY: unit-test-go-coverpkg
 unit-test-go-coverpkg:
 	go run ${GOTESTSUM} --format pkgname --junitfile report.xml -- -coverpkg=./... -coverprofile=cover_coverpkg.out ./...