This repository has been archived by the owner on May 3, 2024. It is now read-only.
forked from cert-manager/webhook-example
-
Notifications
You must be signed in to change notification settings - Fork 42
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11 from hexa-solutions/big-updates
Big updates, Thank for the "big" PR. Merged.
- Loading branch information
Showing
30 changed files
with
1,943 additions
and
483 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,21 @@ | ||
.git | ||
.gitignore | ||
.idea | ||
LICENSE | ||
.dockerignore | ||
.github | ||
Makefile | ||
README.* | ||
__main__ | ||
LICENSE | ||
CHANGELOG.* | ||
_test | ||
_out | ||
apiserver.local.config | ||
cert-manager-webhook-gandi | ||
deploy | ||
main_test.go | ||
scripts | ||
testdata | ||
examples | ||
*.yaml | ||
Dockerfile | ||
charts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,172 @@ | ||
name: Container-image | ||
on: [push] | ||
name: CI | ||
|
||
on: | ||
push: | ||
tags: | ||
- 'v*.*.*' | ||
- '!v0.1.*' | ||
|
||
jobs: | ||
base: | ||
runs-on: ubuntu-latest | ||
|
||
outputs: | ||
go_version: ${{ steps.get_versions.outputs.go_version }} | ||
build_version: ${{ steps.get_versions.outputs.build_version }} | ||
chart_version: ${{ steps.get_versions.outputs.chart_version }} | ||
go_updated: ${{ steps.file_updates.outputs.go }} | ||
yaml_updated: ${{ steps.file_updates.outputs.yaml }} | ||
|
||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Get versions | ||
id: get_versions | ||
run: | | ||
echo ::set-output name=go_version::$(go mod edit -json | grep -Po '"Go":\s+"([0-9.]+)"' | sed -E 's/.+"([0-9.]+)"/\1/') | ||
echo ::set-output name=build_version::${GITHUB_REF#refs/tags/v} | ||
echo ::set-output name=chart_version::${GITHUB_REF#refs/tags/} | ||
- name: Get last release | ||
id: last_release | ||
shell: bash | ||
run: | | ||
tag=$(gh release list | sed -n '1 p' | awk '{print $(NF -1);}') | ||
sha=$(git show-ref --tags | grep $tag | awk '{print $1;}') | ||
echo ::set-output name=sha::$sha | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Check updated files | ||
id: file_updates | ||
uses: dorny/paths-filter@v2 | ||
with: | ||
base: ${{ steps.last_release.outputs.sha }} | ||
filters: | | ||
go: | ||
- '*.go' | ||
- 'go.*' | ||
yaml: | ||
- 'deploy/cert-manager-webhook-gandi/*.yaml' | ||
- 'deploy/cert-manager-webhook-gandi/templates/*.yaml' | ||
build: | ||
name: Build docker image | ||
needs: base | ||
if: ${{ needs.base.outputs.go_updated == 'true' }} | ||
|
||
runs-on: ubuntu-latest | ||
|
||
outputs: | ||
tag_commit: ${{ steps.update_image.outputs.commit }} | ||
|
||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v2 | ||
|
||
- name: Login to Docker Hub | ||
uses: docker/login-action@v1 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
||
- name: Set up Docker buildx | ||
uses: docker/setup-buildx-action@v1 | ||
|
||
- name: Cache Docker layers | ||
uses: actions/cache@v2 | ||
with: | ||
path: /tmp/.buildx-cache | ||
key: ${{ runner.os }}-buildx-${{ github.sha }} | ||
restore-keys: | | ||
${{ runner.os }}-buildx- | ||
- name: Build and push | ||
uses: docker/build-push-action@v2 | ||
with: | ||
context: ./ | ||
file: ./Dockerfile | ||
platforms: linux/amd64 | ||
target: image | ||
push: true | ||
build-args: GO_VERSION=${{ needs.base.outputs.go_version }} | ||
tags: bwolf/cert-manager-webhook-gandi:latest,bwolf/cert-manager-webhook-gandi:${{ needs.base.outputs.build_version }} | ||
cache-from: type=local,src=/tmp/.buildx-cache | ||
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | ||
|
||
# Temp fix | ||
# https://github.com/docker/build-push-action/issues/252 | ||
# https://github.com/moby/buildkit/issues/1896 | ||
- name: Move cache | ||
run: | | ||
rm -rf /tmp/.buildx-cache | ||
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | ||
- name: Update Helm image tag | ||
id: update_image | ||
uses: fjogeleit/yaml-update-action@master | ||
with: | ||
valueFile: 'deploy/cert-manager-webhook-gandi/values.yaml' | ||
propertyPath: 'image.tag' | ||
value: ${{ needs.base.outputs.build_version }} | ||
message: 'Update image tag to ${{ needs.base.outputs.build_version }}' | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
release: | ||
needs: | ||
- base | ||
- build | ||
|
||
if: | | ||
always() && needs.base.result == 'success' && | ||
((needs.build.result == 'success' && needs.build.outputs.tag_commit != '' ) || (needs.build.result == 'skipped' && needs.base.outputs.yaml_updated == 'true')) | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v1 | ||
- name: Build and Publish to Registry | ||
uses: elgohr/Publish-Docker-Github-Action@master | ||
with: | ||
name: bwolf/cert-manager-webhook-gandi | ||
username: '${{ secrets.DOCKER_USERNAME }}' | ||
password: '${{ secrets.DOCKER_PASSWORD }}' | ||
buildoptions: "--compress --force-rm" | ||
tag_names: true | ||
- name: Retrieve commit ref | ||
id: commit_ref | ||
run: | | ||
if [[ '${{ needs.build.outputs.tag_commit }}' = '' ]]; then | ||
sha=${{ github.sha }} | ||
else | ||
sha=${{ needs.build.outputs.tag_commit }} | ||
fi | ||
echo ::set-output name=sha::$sha | ||
- name: Check out repo | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
ref: ${{ steps.commit_ref.outputs.sha }} | ||
|
||
- name: Configure Git | ||
run: | | ||
git config user.name github-actions | ||
git config user.email [email protected] | ||
- name: Update Helm chart version | ||
uses: fjogeleit/yaml-update-action@master | ||
with: | ||
valueFile: 'deploy/cert-manager-webhook-gandi/Chart.yaml' | ||
propertyPath: 'version' | ||
value: ${{ needs.base.outputs.chart_version }} | ||
message: 'Update chart version to ${{ needs.base.outputs.chart_version }}' | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
updateFile: true | ||
|
||
- name: Install Helm | ||
uses: azure/setup-helm@v1 | ||
with: | ||
version: v3.4.0 | ||
|
||
- name: Run chart-releaser | ||
uses: helm/[email protected] | ||
with: | ||
charts_dir: deploy | ||
env: | ||
CR_RELEASE_NAME_TEMPLATE: '{{ .Version }}' | ||
CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# CHANGELOG | ||
| Date | Version | Description | | ||
| ------ | ------ | ------ | | ||
| 2021-10-11 | v0.2.0 | add chart-releaser GitHub action | | ||
| 2021-10-06 | v0.2.0 | update cert-manager to 1.5.4<br>update k8s API version to 0.22.2<br>migrate to new LiveDNS API (https://api.gandi.net)<br>add Helm repo with GitHub pages<br>simplify Dockerfile & switch to Buildx<br>update make test target (remove shell script)<br>update README.md with changes made<br>update GitHub workflow with Buildx<br>add k8s APF support (k8s >= 1.20) | | ||
| 2020-02-26 | v0.1.1 | switch to Docker Hub | | ||
| 2020-02-26 | v0.1.0 | initial release | |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,23 @@ | ||
FROM golang:1.13-alpine AS build_deps | ||
# syntax=docker/dockerfile:1.3 | ||
ARG GO_VERSION | ||
FROM --platform=${TARGETPLATFORM} golang:${GO_VERSION}-alpine AS base | ||
|
||
RUN apk add --no-cache git bzr | ||
WORKDIR /go/src/cert-manager-webhook-gandi | ||
COPY go.* . | ||
|
||
WORKDIR /workspace | ||
ENV GO111MODULE=on | ||
RUN --mount=type=cache,target=/go/pkg/mod \ | ||
apk add --no-cache git ca-certificates && \ | ||
go mod download | ||
|
||
COPY go.mod . | ||
COPY go.sum . | ||
FROM base AS build | ||
ARG TARGETOS | ||
ARG TARGETARCH | ||
|
||
RUN go mod download | ||
RUN --mount=readonly,target=. --mount=type=cache,target=/go/pkg/mod \ | ||
GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 go build -a -o /go/bin/webhook -ldflags '-w -extldflags "-static"' . | ||
|
||
FROM build_deps AS build | ||
FROM scratch AS image | ||
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt | ||
COPY --from=build /go/bin/webhook /usr/local/bin/webhook | ||
|
||
COPY . . | ||
|
||
RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' . | ||
|
||
FROM alpine:3.9 | ||
|
||
RUN apk add --no-cache ca-certificates | ||
|
||
COPY --from=build /workspace/webhook /usr/local/bin/webhook | ||
|
||
ENTRYPOINT ["webhook"] | ||
ENTRYPOINT ["/usr/local/bin/webhook"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,52 @@ | ||
IMAGE_NAME := "cert-manager-webhook-gandi" | ||
IMAGE_TAG := "latest" | ||
OS ?= $(shell go env GOOS) | ||
ARCH ?= $(shell go env GOARCH) | ||
|
||
ifeq (Darwin, $(shell uname)) | ||
GREP_PREGEX_FLAG := E | ||
else | ||
GREP_PREGEX_FLAG := P | ||
endif | ||
|
||
GO_VERSION ?= $(shell go mod edit -json | grep -${GREP_PREGEX_FLAG}o '"Go":\s+"([0-9.]+)"' | sed -E 's/.+"([0-9.]+)"/\1/') | ||
|
||
IMAGE_NAME := bwolf/cert-manager-webhook-gandi | ||
IMAGE_TAG := 0.2.0 | ||
|
||
OUT := $(shell pwd)/_out | ||
|
||
$(shell mkdir -p "$(OUT)") | ||
KUBEBUILDER_VERSION=2.3.2 | ||
|
||
$(shell mkdir -p "${OUT}") | ||
|
||
verify: | ||
test: _test/kubebuilder | ||
TEST_ASSET_ETCD=_test/kubebuilder/bin/etcd \ | ||
TEST_ASSET_KUBE_APISERVER=_test/kubebuilder/bin/kube-apiserver \ | ||
TEST_ASSET_KUBECTL=_test/kubebuilder/bin/kubectl \ | ||
go test -v . | ||
|
||
_test/kubebuilder: | ||
curl -fsSL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${KUBEBUILDER_VERSION}/kubebuilder_${KUBEBUILDER_VERSION}_${OS}_${ARCH}.tar.gz -o kubebuilder-tools.tar.gz | ||
mkdir -p _test/kubebuilder | ||
tar -xvf kubebuilder-tools.tar.gz | ||
mv kubebuilder_${KUBEBUILDER_VERSION}_${OS}_${ARCH}/bin _test/kubebuilder/ | ||
rm kubebuilder-tools.tar.gz | ||
rm -R kubebuilder_${KUBEBUILDER_VERSION}_${OS}_${ARCH} | ||
|
||
clean: clean-kubebuilder | ||
|
||
clean-kubebuilder: | ||
rm -Rf _test/kubebuilder | ||
|
||
build: | ||
docker build --rm -t "$(IMAGE_NAME):$(IMAGE_TAG)" . | ||
docker buildx build --target=image --platform=linux/amd64 --output=type=docker,name=${IMAGE_NAME}:${IMAGE_TAG} --tag=${IMAGE_NAME}:latest --build-arg=GO_VERSION=${GO_VERSION} . | ||
|
||
package: | ||
helm package deploy/cert-manager-webhook-gandi -d charts/ | ||
helm repo index charts/ --url https://bwolf.github.io/cert-manager-webhook-gandi | ||
|
||
.PHONY: rendered-manifest.yaml | ||
rendered-manifest.yaml: | ||
# --name cert-manager-webhook-gandi $BACKSLASH | ||
helm template \ | ||
--set image.repository=$(IMAGE_NAME) \ | ||
--set image.tag=$(IMAGE_TAG) \ | ||
deploy/cert-manager-webhook-gandi > "$(OUT)/rendered-manifest.yaml" | ||
--set image.repository=${IMAGE_NAME} \ | ||
--set image.tag=${IMAGE_TAG} \ | ||
deploy/cert-manager-webhook-gandi > "${OUT}/rendered-manifest.yaml" |
Oops, something went wrong.