Add a workflow to test OLM bundle upgrades

closes: pulp#986

.ci/scripts/kind_with_registry.sh

@@ -0,0 +1,83 @@
+#!/bin/sh
+
+###
+### This script is based on https://kind.sigs.k8s.io/docs/user/local-registry/
+### the only addition is the node config patch "seccomp-default: false"
+###
+
+set -o errexit
+
+# 1. Create registry container unless it already exists
+reg_name='kind-registry'
+reg_port='5001'
+if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
+  docker run \
+    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --name "${reg_name}" \
+    registry:2
+fi
+
+# 2. Create kind cluster with containerd registry config dir enabled
+# TODO: kind will eventually enable this by default and this patch will
+# be unnecessary.
+#
+# See:
+# https://github.com/kubernetes-sigs/kind/issues/2875
+# https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
+# See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
+#
+# We had to set seccomp-default to false because olm catalog pods were crashing
+# See: https://github.com/containers/skopeo/issues/1501
+#      https://kubernetes.io/docs/tutorials/security/seccomp/
+cat <<EOF | kind create cluster --config=-
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
+nodes:
+  - role: control-plane
+    image: kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac
+    kubeadmConfigPatches:
+      - |
+        kind: JoinConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            seccomp-default: "false"
+EOF
+
+# 3. Add the registry config to the nodes
+#
+# This is necessary because localhost resolves to loopback addresses that are
+# network-namespace local.
+# In other words: localhost in the container is not localhost on the host.
+#
+# We want a consistent name that works from both ends, so we tell containerd to
+# alias localhost:${reg_port} to the registry container when pulling images
+REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"
+for node in $(kind get nodes); do
+  docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
+  cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+[host."http://${reg_name}:5000"]
+EOF
+done
+
+# 4. Connect the registry to the cluster network if not already connected
+# This allows kind to bootstrap the network but ensures they're on the same network
+if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
+  docker network connect "kind" "${reg_name}"
+fi
+
+# 5. Document the local registry
+# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: local-registry-hosting
+  namespace: kube-public
+data:
+  localRegistryHosting.v1: |
+    host: "localhost:${reg_port}"
+    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
+EOF

.github/workflows/ci.yml

@@ -63,6 +63,52 @@ jobs:
         run: |
           .ci/scripts/bundle_check.sh
         shell: bash
+  bundle-upgrade:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Setup Go environment
+        uses: actions/setup-go@v3.2.0
+        with:
+          go-version: '1.18.3'
+          cache: true
+      - name: Install kind
+        run: |
+          .ci/scripts/kind_with_registry.sh
+        shell: bash
+      - name: Install OLM
+        run: |
+          make sdkbin OPERATOR_SDK_VERSION=v1.29.0 LOCALBIN=/tmp
+          /tmp/operator-sdk olm install
+        shell: bash
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          repository: pulp/pulp-operator
+          ref: 1.0.0-alpha.8
+      - name: Install Pulp CRD
+        run: |
+          make install
+        shell: bash
+      - name: Build bundle image
+        run: |
+          make bundle-build bundle-push BUNDLE_IMG=localhost:5001/pulp-operator-bundle:old
+        shell: bash
+      - name: Install the operator
+        run: |
+          /tmp/operator-sdk run bundle --skip-tls localhost:5001/pulp-operator-bundle:old
+        shell: bash
+      - uses: actions/checkout@v2
+      - name: Build bundle image
+        run: |
+          make bundle-build  bundle-push BUNDLE_IMG=localhost:5001/pulp-operator-bundle:new
+        shell: bash
+      - name: Upgrade the operator
+        run: |
+          /tmp/operator-sdk run bundle-upgrade --use-http localhost:5001/pulp-operator-bundle:new
+        shell: bash
   envtest:
     runs-on: ubuntu-latest
     steps:

CHANGES/986.misc

@@ -0,0 +1 @@
+Added a pipeline workflow to check OLM bundle upgrades.

Makefile

@@ -198,7 +198,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
 .PHONY: docker-build
-docker-build: test ## Build docker image with the manager.
+docker-build: ## Build docker image with the manager.
 	$(CONTAINER_TOOL) build -t ${IMG} .
 
 .PHONY: docker-push
@@ -213,7 +213,7 @@ docker-push: ## Push docker image with the manager.
 # To properly provided solutions that supports more than one platform you should use this option.
 PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
 .PHONY: docker-buildx
-docker-buildx: test ## Build and push docker image for the manager for cross-platform support
+docker-buildx: ## Build and push docker image for the manager for cross-platform support
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
 	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
 	- docker buildx create --name project-v3-builder
@@ -268,6 +268,7 @@ SDK_BIN = $(LOCALBIN)/operator-sdk
 KUSTOMIZE_VERSION ?= v3.8.7
 CONTROLLER_TOOLS_VERSION ?= v0.9.2
 CRD_MARKDOWN_VERSION ?= v0.0.3
+OPERATOR_SDK_VERSION ?= v1.25.2
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
@@ -298,7 +299,7 @@ ifeq (,$(shell which operator-sdk 2>/dev/null))
 	set -e ;\
 	mkdir -p $(dir $(SDK_BIN)) ;\
 	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
-	curl -sSLo $(SDK_BIN) https://github.com/operator-framework/operator-sdk/releases/download/v1.25.2/operator-sdk_$${OS}_$${ARCH} ;\
+	curl -sSLo $(SDK_BIN) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$${OS}_$${ARCH} ;\
 	chmod +x $(SDK_BIN) ;\
 	}
 else