Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update release process for webhook certificate #1384

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ jobs:
- name: Install Ko
uses: ko-build/[email protected]
with:
version: v0.13.0
version: v0.14.1
- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
Expand Down Expand Up @@ -111,7 +111,12 @@ jobs:
kubectl -n tekton-pipelines rollout status deployment tekton-pipelines-webhook --timeout=1m
- name: Test
run: |
# host.docker.internal does not work in a GitHub action
docker exec kind-control-plane bash -c "echo '172.17.0.1 host.docker.internal' >>/etc/hosts"

# Build and load the Git image
export GIT_CONTAINER_IMAGE="$(KO_DOCKER_REPO=kind.local ko publish ./cmd/git)"

make test-integration

e2e:
Expand Down Expand Up @@ -175,10 +180,9 @@ jobs:
- name: Install Ko
uses: ko-build/[email protected]
with:
version: v0.13.0
version: v0.14.1
- name: Install Shipwright Build
run: |
make prepare-conversion
make install-controller-kind
kubectl -n shipwright-build rollout status deployment shipwright-build-controller --timeout=1m || true
kubectl -n shipwright-build rollout status deployment shipwright-build-webhook --timeout=1m || true
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/nightly.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
# Install tools
- uses: ko-build/[email protected]
with:
version: v0.13.0
version: v0.14.1
- uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4
- uses: sigstore/cosign-installer@v3

Expand All @@ -55,6 +55,9 @@ jobs:
mv sample-strategies.yaml nightly-${{ steps.date.outputs.date }}-sample-strategies.yaml
gh release upload nightly nightly-${{ steps.date.outputs.date }}-sample-strategies.yaml

echo ${{ steps.date.outputs.date }} > /tmp/latest.txt
gh release upload nightly /tmp/latest.txt --clobber

- name: Update latest tag of supporting images
working-directory: ./cmd
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
# Install tools
- uses: ko-build/[email protected]
with:
version: v0.13.0
version: v0.14.1
- uses: sigstore/cosign-installer@v3

- name: Build Release Changelog
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/verify.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,10 @@ jobs:
- name: Install Counterfeiter
run: |
make -C go/src/github.com/shipwright-io/build install-counterfeiter
- name: Install Spruce
run: |
make -C go/src/github.com/shipwright-io/build install-spruce
- name: Run verify-generate
run: |
export GOPATH="${GITHUB_WORKSPACE}"/go
make -C $GOPATH/src/github.com/shipwright-io/build verify-generate
make -C go/src/github.com/shipwright-io/build verify-generate
22 changes: 14 additions & 8 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ TEST_NAMESPACE ?= default
TEKTON_VERSION ?= v0.44.0

# E2E test flags
TEST_E2E_FLAGS ?= --fail-fast -p --randomize-all -timeout=1h -trace -vv
TEST_E2E_FLAGS ?= -p --randomize-all -timeout=1h -trace -v

# E2E test service account name to be used for the build runs, can be set to generated to use the generated service account feature
TEST_E2E_SERVICEACCOUNT_NAME ?= pipeline
Expand Down Expand Up @@ -113,11 +113,6 @@ generate:
hack/generate-copyright.sh
hack/install-controller-gen.sh
"$(CONTROLLER_GEN)" crd rbac:roleName=manager-role webhook paths="./..." output:crd:dir=deploy/crds

.PHONY: prepare-conversion
prepare-conversion:
hack/generate-cert.sh
hack/install-spruce.sh
hack/patch-crds-with-conversion.sh

.PHONY: verify-generate
Expand Down Expand Up @@ -209,14 +204,14 @@ test-unit-ginkgo: ginkgo
# Based on https://github.com/kubernetes/community/blob/master/contributors/devel/sig-testing/integration-tests.md
.PHONY: test-integration
test-integration: install-apis ginkgo
./hack/setup-webhook-cert-integration-test.sh
$(GINKGO) \
--randomize-all \
--randomize-suites \
--fail-on-pending \
-trace \
test/integration/...


.PHONY: test-e2e
test-e2e: install-strategies test-e2e-plain

Expand All @@ -242,7 +237,17 @@ install-with-pprof:
GOOS=$(GO_OS) GOARCH=$(GO_ARCH) GOFLAGS="$(GO_FLAGS) -tags=pprof_enabled" ko apply -R -f deploy/ -- --server-side

install-apis:
kubectl apply -f deploy/crds/ --server-side
for resource in buildruns builds buildstrategies clusterbuildstrategies ; do \
if kubectl get crd "$${resource}.shipwright.io" >/dev/null 2>&1 ; then \
if [ "$$(kubectl get crd "$${resource}.shipwright.io" -o go-template='{{.spec.conversion.webhook.clientConfig.caBundle}}')" == "<no value>" ] ; then \
kubectl replace -f "deploy/crds/shipwright.io_$${resource}.yaml" ; \
else \
kubectl apply -f "deploy/crds/shipwright.io_$${resource}.yaml" --server-side ; \
fi ; \
else \
kubectl create -f "deploy/crds/shipwright.io_$${resource}.yaml" ; \
fi ; \
done
for i in 1 2 3 ; do \
kubectl wait --timeout=$(TIMEOUT) --for="condition=Established" crd/clusterbuildstrategies.shipwright.io && \
break ; \
Expand All @@ -261,6 +266,7 @@ install-controller-kind: install-apis
ko apply \
--platform=$(GO_OS)/$(GO_ARCH) \
--filename=deploy
./hack/setup-webhook-cert.sh

.PHONY: install-strategies
install-strategies: install-apis
Expand Down
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ Shipwright supports any tool that can build container images in Kubernetes clust
```bash
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.0/release.yaml
```

If you are using OpenShift cluster refer [Running on OpenShift](#running-on-openshift) for some more configurations.

- Install the Shipwright deployment. To install the latest version, run:
Expand All @@ -51,12 +52,25 @@ Shipwright supports any tool that can build container images in Kubernetes clust
kubectl apply --filename https://github.com/shipwright-io/build/releases/download/v0.11.0/release.yaml
```

To install the latest nightly release, run:

```bash
kubectl apply --filename "https://github.com/shipwright-io/build/releases/download/nightly/nightly-$(curl --silent https://github.com/shipwright-io/build/releases/download/nightly/latest.txt).yaml" --server-side
curl --silent --location https://raw.githubusercontent.com/shipwright-io/build/main/hack/setup-webhook-cert.sh | bash
```

- Install the Shipwright strategies. To install the latest version, run:

```bash
kubectl apply --filename https://github.com/shipwright-io/build/releases/download/v0.11.0/sample-strategies.yaml
```

To install the latest nightly release, run:

```bash
kubectl apply --filename "https://github.com/shipwright-io/build/releases/download/nightly/nightly-$(curl --silent https://github.com/shipwright-io/build/releases/download/nightly/latest.txt)-sample-strategies.yaml" --server-side
```

- Generate a secret to access your container registry, such as one on [Docker Hub](https://hub.docker.com/) or [Quay.io](https://quay.io/):

```bash
Expand Down
12 changes: 11 additions & 1 deletion deploy/crds/shipwright.io_buildruns.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand All @@ -7,6 +6,16 @@ metadata:
creationTimestamp: null
name: buildruns.shipwright.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: shp-build-webhook
namespace: shipwright-build
path: /convert
conversionReviewVersions:
- v1
group: shipwright.io
names:
kind: BuildRun
Expand Down Expand Up @@ -12246,3 +12255,4 @@ spec:
storage: false
subresources:
status: {}

12 changes: 11 additions & 1 deletion deploy/crds/shipwright.io_builds.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand All @@ -7,6 +6,16 @@ metadata:
creationTimestamp: null
name: builds.shipwright.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: shp-build-webhook
namespace: shipwright-build
path: /convert
conversionReviewVersions:
- v1
group: shipwright.io
names:
kind: Build
Expand Down Expand Up @@ -4090,3 +4099,4 @@ spec:
storage: false
subresources:
status: {}

12 changes: 11 additions & 1 deletion deploy/crds/shipwright.io_buildstrategies.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand All @@ -7,6 +6,16 @@ metadata:
creationTimestamp: null
name: buildstrategies.shipwright.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: shp-build-webhook
namespace: shipwright-build
path: /convert
conversionReviewVersions:
- v1
group: shipwright.io
names:
kind: BuildStrategy
Expand Down Expand Up @@ -4875,3 +4884,4 @@ spec:
storage: false
subresources:
status: {}

12 changes: 11 additions & 1 deletion deploy/crds/shipwright.io_clusterbuildstrategies.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand All @@ -7,6 +6,16 @@ metadata:
creationTimestamp: null
name: clusterbuildstrategies.shipwright.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: shp-build-webhook
namespace: shipwright-build
path: /convert
conversionReviewVersions:
- v1
group: shipwright.io
names:
kind: ClusterBuildStrategy
Expand Down Expand Up @@ -4875,3 +4884,4 @@ spec:
storage: false
subresources:
status: {}

1 change: 0 additions & 1 deletion hack/customization/conversion_webhook_block.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ spec:
strategy: Webhook
webhook:
clientConfig:
caBundle: CA_BUNDLE
service:
namespace: shipwright-build
name: shp-build-webhook
Expand Down
19 changes: 9 additions & 10 deletions hack/patch-crds-with-conversion.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,27 @@
set -euo pipefail

DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd)"
TARGET_DIR=/tmp/

if ! hash spruce > /dev/null 2>&1 ; then
echo "[ERROR] spruce binary is not installed, see the install-spruce target"
fi

echo "[INFO] Going to patch the Build CRD"
spruce merge $DIR/hack/customization/conversion_webhook_block.yaml $DIR/deploy/crds/shipwright.io_builds.yaml > /tmp/shipwright.io_builds.yaml
mv /tmp/shipwright.io_builds.yaml "${DIR}"/deploy/crds/shipwright.io_builds.yaml
spruce merge "${DIR}/hack/customization/conversion_webhook_block.yaml" "${DIR}/deploy/crds/shipwright.io_builds.yaml" > /tmp/shipwright.io_builds.yaml
mv /tmp/shipwright.io_builds.yaml "${DIR}/deploy/crds/shipwright.io_builds.yaml"
echo "[INFO] Build CRD successfully patched"

echo "[INFO] Going to patch the BuildRun CRD"
spruce merge $DIR/hack/customization/conversion_webhook_block.yaml $DIR/deploy/crds/shipwright.io_buildruns.yaml > /tmp/shipwright.io_buildruns.yaml
mv /tmp/shipwright.io_buildruns.yaml "${DIR}"/deploy/crds/shipwright.io_buildruns.yaml
spruce merge "${DIR}/hack/customization/conversion_webhook_block.yaml" "${DIR}/deploy/crds/shipwright.io_buildruns.yaml" > /tmp/shipwright.io_buildruns.yaml
mv /tmp/shipwright.io_buildruns.yaml "${DIR}/deploy/crds/shipwright.io_buildruns.yaml"
echo "[INFO] BuildRun CRD successfully patched"

echo "[INFO] Going to patch the BuildStrategy CRD"
spruce merge $DIR/hack/customization/conversion_webhook_block.yaml $DIR/deploy/crds/shipwright.io_buildstrategies.yaml > /tmp/shipwright.io_buildstrategies.yaml
mv /tmp/shipwright.io_buildstrategies.yaml "${DIR}"/deploy/crds/shipwright.io_buildstrategies.yaml
spruce merge "${DIR}/hack/customization/conversion_webhook_block.yaml" "${DIR}/deploy/crds/shipwright.io_buildstrategies.yaml" > /tmp/shipwright.io_buildstrategies.yaml
mv /tmp/shipwright.io_buildstrategies.yaml "${DIR}/deploy/crds/shipwright.io_buildstrategies.yaml"
echo "[INFO] BuildStrategy CRD successfully patched"

echo "[INFO] Going to patch the ClusterBuildStrategy CRD"
spruce merge $DIR/hack/customization/conversion_webhook_block.yaml $DIR/deploy/crds/shipwright.io_clusterbuildstrategies.yaml > /tmp/shipwright.io_clusterbuildstrategies.yaml
mv /tmp/shipwright.io_clusterbuildstrategies.yaml "${DIR}"/deploy/crds/shipwright.io_clusterbuildstrategies.yaml
echo "[INFO] ClusterBuildStrategy CRD successfully patched"
spruce merge "${DIR}/hack/customization/conversion_webhook_block.yaml" "${DIR}/deploy/crds/shipwright.io_clusterbuildstrategies.yaml" > /tmp/shipwright.io_clusterbuildstrategies.yaml
mv /tmp/shipwright.io_clusterbuildstrategies.yaml "${DIR}/deploy/crds/shipwright.io_clusterbuildstrategies.yaml"
echo "[INFO] ClusterBuildStrategy CRD successfully patched"
15 changes: 12 additions & 3 deletions hack/release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,28 @@ echo "Building container image"

echo "Adding io.shipwright.vcs-ref label with value: ${GITHUB_SHA}"

PLATFORM="${PLATFORM:-all}"

echo "[INFO] Building images and release.yaml"
KO_DOCKER_REPO="${IMAGE_HOST}/${IMAGE_NAMESPACE}" GOFLAGS="${GO_FLAGS}" ko resolve \
--base-import-paths \
--recursive \
--tags "${TAG}" \
--image-label "io.shipwright.vcs-ref=${GITHUB_SHA}" \
--platform=all -R -f deploy/ > release.yaml
--platform "${PLATFORM}" \
--filename deploy/ > release.yaml

echo "[INFO] Building debug images and release-debug.yaml"
KO_DOCKER_REPO="${IMAGE_HOST}/${IMAGE_NAMESPACE}" GOFLAGS="${GO_FLAGS} -tags=pprof_enabled" ko resolve \
--base-import-paths \
--recursive \
--tags "${TAG}-debug" \
--image-label "io.shipwright.vcs-ref=${GITHUB_SHA}" \
--platform=all -R -f deploy/ > release-debug.yaml
--platform "${PLATFORM}" \
--filename deploy/ > release-debug.yaml

# Bundle the sample cluster build strategies, remove namespace strategies first
echo "[INFO] Bundling sample build strategies"
find samples/buildstrategy -type f -print0 | xargs -0 grep -l "kind: BuildStrategy" | xargs rm -f
ko resolve -R -f samples/buildstrategy/ > sample-strategies.yaml
KO_DOCKER_REPO=dummy ko resolve --recursive --filename samples/buildstrategy/ > sample-strategies.yaml
git restore samples/buildstrategy
Loading