Skip to content

Commit

Permalink
Generated commit to update templated files based on rev f9c2c5b in st…
Browse files Browse the repository at this point in the history 
…ackabletech/operator-templating repo.

Triggered by:
Manual run triggered by: dervoeti with message [New Harbor project names / Dependency updates]
  • Loading branch information
@stackable-bot
stackable-bot committed Dec 18, 2023
1 parent 86cddc2 commit addae42
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 53 deletions.
86 changes: 48 additions & 38 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,18 +37,19 @@ jobs:
RUSTC_BOOTSTRAP: 1
steps:
- name: Install host dependencies
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
uses: awalsh128/cache-apt-pkgs-action@44c33b32f808cdddd5ac0366d70595ed63661ed8 # v1.3.1
with:
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
version: 1.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: dtolnay/[email protected]
- uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
- uses: Swatinem/rust-cache@3cf7f8cc28d1b4e7d01e3783be10a97d55d483c8 # v2.7.1
with:
key: udeps
cache-all-crates: "true"
- run: cargo install --locked cargo-udeps@0.1.39
- uses: stackabletech/cargo-install-action@cargo-udeps
- run: cargo udeps --workspace

# This job evaluates the github environment to determine why this action is running and selects the appropriate
Expand Down Expand Up @@ -110,7 +111,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1.5.4
- uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 # v1.5.5
with:
command: check ${{ matrix.checks }}

Expand All @@ -131,16 +132,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install host dependencies
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
uses: awalsh128/cache-apt-pkgs-action@44c33b32f808cdddd5ac0366d70595ed63661ed8 # v1.3.1
with:
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
version: 1.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: dtolnay/[email protected]
with:
components: clippy
- uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
- uses: Swatinem/rust-cache@3cf7f8cc28d1b4e7d01e3783be10a97d55d483c8 # v2.7.1
with:
key: clippy
cache-all-crates: "true"
Expand All @@ -164,16 +166,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install host dependencies
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
uses: awalsh128/cache-apt-pkgs-action@44c33b32f808cdddd5ac0366d70595ed63661ed8 # v1.3.1
with:
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
version: 1.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: dtolnay/[email protected]
with:
components: rustfmt
- uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
- uses: Swatinem/rust-cache@3cf7f8cc28d1b4e7d01e3783be10a97d55d483c8 # v2.7.1
with:
key: doc
cache-all-crates: "true"
Expand All @@ -184,14 +188,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install host dependencies
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
uses: awalsh128/cache-apt-pkgs-action@44c33b32f808cdddd5ac0366d70595ed63661ed8 # v1.3.1
with:
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
version: 1.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: dtolnay/[email protected]
- uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
- uses: Swatinem/rust-cache@3cf7f8cc28d1b4e7d01e3783be10a97d55d483c8 # v2.7.1
with:
key: test
cache-all-crates: "true"
Expand All @@ -209,7 +214,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # tag=v5.0.0
with:
python-version: '3.11'
- name: Install jinja2-cli
Expand All @@ -220,7 +225,7 @@ jobs:
run: git diff --exit-code
- name: Git Diff showed uncommitted changes
if: ${{ failure() }}
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
core.setFailed('Committed README are not up to date, please make sure to apply them to the templated partials, and re-commit!')
Expand All @@ -240,21 +245,21 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install host dependencies
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
uses: awalsh128/cache-apt-pkgs-action@44c33b32f808cdddd5ac0366d70595ed63661ed8 # v1.3.1
with:
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
version: 1.0
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.6.2
version: v3.13.3
- name: Set up cargo
uses: dtolnay/[email protected]
- name: Set up rust-cache
uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
- uses: Swatinem/rust-cache@3cf7f8cc28d1b4e7d01e3783be10a97d55d483c8 # v2.7.1
with:
key: charts
cache-all-crates: "true"
Expand All @@ -264,7 +269,7 @@ jobs:
run: git diff --exit-code
- name: Git Diff showed uncommitted changes
if: ${{ failure() }}
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
core.setFailed('Committed charts were not up to date, please regenerate and re-commit!')
Expand Down Expand Up @@ -296,16 +301,19 @@ jobs:
env:
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
HELM_REPO: ${{ needs.select_helm_repo.outputs.helm_repository }}
OCI_REGISTRY_PASSWORD: ${{ secrets.HARBOR_ROBOT_STACKABLE_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_USERNAME: "robot$stackable+github-action-build"
OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
if: needs.select_helm_repo.outputs.helm_repository != 'skip'
outputs:
IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
steps:
- name: Install host dependencies
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
uses: awalsh128/cache-apt-pkgs-action@44c33b32f808cdddd5ac0366d70595ed63661ed8 # v1.3.1
with:
packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
version: 1.0
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
Expand All @@ -316,23 +324,25 @@ jobs:
# This step checks if the current run was triggered by a push to a pr (or a pr being created).
# If this is the case it changes the version of this project in all Cargo.toml files to include the suffix
# "-pr<prnumber>" so that the published artifacts can be linked to this PR.
- uses: stackabletech/cargo-install-action@main
with:
crate: cargo-edit
bin: cargo-set-version
- name: Update version if PR
if: ${{ github.event_name == 'pull_request' }}
run: |
cargo install cargo-edit --version 0.11.11
cargo set-version --offline --workspace 0.0.0-pr${{ github.event.pull_request.number }}
run: cargo set-version --offline --workspace 0.0.0-pr${{ github.event.pull_request.number }}

# Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the
# default value in the makefile if called from this action, but not otherwise (i.e. when called locally).
# This is needed for the HELM_REPO variable.
- name: Set up Cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3
- uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # tag=v3.3.0
- name: Publish Docker image and Helm chart
run: make -e publish
# Output the name of the published image to the Job output for later use
- id: printtag
name: Output image name and tag
run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT

openshift_preflight:
name: Run the OpenShift Preflight check on the published images
needs:
Expand All @@ -343,7 +353,7 @@ jobs:
steps:
- name: Install preflight
run: |
wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.6.11/preflight-linux-amd64
wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.7.2/preflight-linux-amd64
chmod +x preflight-linux-amd64
- name: Check container
run: ./preflight-linux-amd64 check container "$IMAGE_TAG" > preflight.out
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/pr_reviewdog.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.6.1
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # tag=v5.0.0
with:
python-version: "3.11"
- uses: reviewdog/action-flake8@51c2708ac3e9463b4d27d0ba7d9e3ded608a6ad3 # v3.8.0
Expand Down Expand Up @@ -71,7 +71,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: reviewdog/action-misspell@cc799b020b057600b66eedf2b6e97ca26137de21 # v1.14.0
- uses: reviewdog/action-misspell@4348e72b9038b006ffc37b6b0dd4421a2e9a68ef # v1.14.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
locale: "US"
Expand All @@ -80,7 +80,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: reviewdog/action-languagetool@445dede243efc5b874724a31f5c4f486efddbc35 # v1.12.0
- uses: reviewdog/action-languagetool@0d1f05459d9d88744c06c58d389f0997bab95b59 # v1.13.2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
level: info
Expand Down
26 changes: 14 additions & 12 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ VERSION := $(shell cargo metadata --format-version 1 | jq -r '.packages[] | sele
DOCKER_REPO := docker.stackable.tech
ORGANIZATION := stackable
OCI_REGISTRY_HOSTNAME := oci.stackable.tech
OCI_REGISTRY_PROJECT_IMAGES := ${ORGANIZATION}/images
OCI_REGISTRY_PROJECT_CHARTS := ${ORGANIZATION}/charts
# this will be overwritten by an environmental variable if called from the github action
OCI_REGISTRY_PROJECT_IMAGES := sdp
OCI_REGISTRY_PROJECT_CHARTS := sdp-charts
# This will be overwritten by an environmental variable if called from the github action
HELM_REPO := https://repo.stackable.tech/repository/helm-dev
HELM_CHART_NAME := ${OPERATOR_NAME}
HELM_CHART_ARTIFACT := target/helm/${OPERATOR_NAME}-${VERSION}.tgz
Expand All @@ -34,7 +34,7 @@ docker-build:
docker tag "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}" "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}"

docker-publish:
# push to Nexus
# Push to Nexus
echo "${NEXUS_PASSWORD}" | docker login --username github --password-stdin "${DOCKER_REPO}"
DOCKER_OUTPUT=$$(docker push --all-tags "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}");\
# Obtain the digest of the pushed image from the output of `docker push`, because signing by tag is deprecated and will be removed from cosign in the future\
Expand All @@ -47,14 +47,14 @@ docker-publish:
# Uses the keyless signing flow with Github Actions as identity provider\
cosign sign -y ${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:@$$REPO_DIGEST_OF_IMAGE

# push to Harbor
# we need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
docker login --username '${value OCI_REGISTRY_USERNAME}' --password '${OCI_REGISTRY_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
# Push to Harbor
# We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
docker login --username '${value OCI_REGISTRY_SDP_USERNAME}' --password '${OCI_REGISTRY_SDP_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
DOCKER_OUTPUT=$$(docker push --all-tags '${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}');\
# Obtain the digest of the pushed image from the output of `docker push`, because signing by tag is deprecated and will be removed from cosign in the future\
REPO_DIGEST_OF_IMAGE=$$(echo "$$DOCKER_OUTPUT" | awk '/^${VERSION}: digest: sha256:[0-9a-f]{64} size: [0-9]+$$/ { print $$3 }');\
if [ -z "$$REPO_DIGEST_OF_IMAGE" ]; then\
echo 'Could not find repo digest for container image: ${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}';\
echo 'Could not find repo digest for container image: ${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}';\
exit 1;\
fi;\
# This generates a signature and publishes it to the registry, next to the image\
Expand All @@ -68,19 +68,21 @@ print-docker-tag:
@echo "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}"

helm-publish:
# push to Nexus
# Push to Nexus
curl --fail -u "github:${NEXUS_PASSWORD}" --upload-file "${HELM_CHART_ARTIFACT}" "${HELM_REPO}/"

# push to Harbor
# we need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
helm registry login --username '${value OCI_REGISTRY_USERNAME}' --password '${OCI_REGISTRY_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
# Push to Harbor
# We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
helm registry login --username '${value OCI_REGISTRY_SDP_CHARTS_USERNAME}' --password '${OCI_REGISTRY_SDP_CHARTS_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
# Obtain the digest of the pushed artifact from the output of `helm push`, because signing by tag is deprecated and will be removed from cosign in the future\
HELM_OUTPUT=$$(helm push '${HELM_CHART_ARTIFACT}' 'oci://${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}' 2>&1);\
REPO_DIGEST_OF_ARTIFACT=$$(echo "$$HELM_OUTPUT" | awk '/^Digest: sha256:[0-9a-f]{64}$$/ { print $$2 }');\
if [ -z "$$REPO_DIGEST_OF_ARTIFACT" ]; then\
echo 'Could not find repo digest for helm chart: ${HELM_CHART_NAME}';\
exit 1;\
fi;\
# Login to Harbor, needed for cosign to be able to push the signature for the Helm chart\
docker login --username '${value OCI_REGISTRY_SDP_CHARTS_USERNAME}' --password '${OCI_REGISTRY_SDP_CHARTS_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}';\
# This generates a signature and publishes it to the registry, next to the chart artifact\
# Uses the keyless signing flow with Github Actions as identity provider\
cosign sign -y ${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}/${HELM_CHART_NAME}:@$$REPO_DIGEST_OF_ARTIFACT
Expand Down

0 comments on commit addae42

Please sign in to comment.