Skip to content

Commit

Permalink
Generated commit to update templated files based on rev 09cb1e7 in st…
Browse files Browse the repository at this point in the history
…ackabletech/operator-templating repo. (#388)

Triggered by:
Manual run triggered by: dervoeti with message [Push artifacts to Harbor]
  • Loading branch information
stackable-bot authored Aug 11, 2023
1 parent d40a2ab commit 885d50d
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 0 deletions.
16 changes: 16 additions & 0 deletions .github/ISSUE_TEMPLATE/normal-issue.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
name: Normal issue
about: This is just a normal empty issue with a simple checklist
title: ''
labels: ''
assignees: ''

---

## Issue checklist

This is a simple checklist of things to bear in mind when creating a new issue.

- [ ] Describe the use-case, as far is possible. For instance, using the pattern "As a XXXX, I would like XXXX to be able to do XXXX" helps to identify the feature as well as the problem it is intended to address.
- [ ] Indicate an approximate level of importance and urgency.
- [ ] Indicate if there is a known work-around until such time as the issue has been implemented.
2 changes: 2 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,8 @@ jobs:
env:
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
HELM_REPO: ${{ needs.select_helm_repo.outputs.helm_repository }}
OCI_REGISTRY_PASSWORD: ${{ secrets.HARBOR_ROBOT_STACKABLE_GITHUB_ACTION_BUILD_SECRET }}
OCI_REGISTRY_USERNAME: "robot$stackable+github-action-build"
if: needs.select_helm_repo.outputs.helm_repository != 'skip'
outputs:
IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
Expand Down
36 changes: 36 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,12 @@ VERSION := $(shell cargo metadata --format-version 1 | jq -r '.packages[] | sele

DOCKER_REPO := docker.stackable.tech
ORGANIZATION := stackable
OCI_REGISTRY_HOSTNAME := oci.stackable.tech
OCI_REGISTRY_PROJECT_IMAGES := ${ORGANIZATION}/images
OCI_REGISTRY_PROJECT_CHARTS := ${ORGANIZATION}/charts
# this will be overwritten by an environmental variable if called from the github action
HELM_REPO := https://repo.stackable.tech/repository/helm-dev
HELM_CHART_NAME := ${OPERATOR_NAME}
HELM_CHART_ARTIFACT := target/helm/${OPERATOR_NAME}-${VERSION}.tgz

SHELL=/usr/bin/env bash -euo pipefail
Expand All @@ -27,8 +31,10 @@ render-readme:
## Docker related targets
docker-build:
docker build --force-rm --build-arg VERSION=${VERSION} -t "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}" -f docker/Dockerfile .
docker tag "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}" "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}"

docker-publish:
# push to Nexus
echo "${NEXUS_PASSWORD}" | docker login --username github --password-stdin "${DOCKER_REPO}"
DOCKER_OUTPUT=$$(docker push --all-tags "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}");\
# Obtain the digest of the pushed image from the output of `docker push`, because signing by tag is deprecated and will be removed from cosign in the future\
Expand All @@ -41,15 +47,44 @@ docker-publish:
# Uses the keyless signing flow with Github Actions as identity provider\
cosign sign -y ${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:@$$REPO_DIGEST_OF_IMAGE

# push to Harbor
# we need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
docker login --username '${value OCI_REGISTRY_USERNAME}' --password '${OCI_REGISTRY_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
DOCKER_OUTPUT=$$(docker push --all-tags '${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}');\
# Obtain the digest of the pushed image from the output of `docker push`, because signing by tag is deprecated and will be removed from cosign in the future\
REPO_DIGEST_OF_IMAGE=$$(echo "$$DOCKER_OUTPUT" | awk '/^${VERSION}: digest: sha256:[0-9a-f]{64} size: [0-9]+$$/ { print $$3 }');\
if [ -z "$$REPO_DIGEST_OF_IMAGE" ]; then\
echo 'Could not find repo digest for container image: ${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}';\
exit 1;\
fi;\
# This generates a signature and publishes it to the registry, next to the image\
# Uses the keyless signing flow with Github Actions as identity provider\
cosign sign -y ${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:@$$REPO_DIGEST_OF_IMAGE

# TODO remove if not used/needed
docker: docker-build docker-publish

print-docker-tag:
@echo "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}"

helm-publish:
# push to Nexus
curl --fail -u "github:${NEXUS_PASSWORD}" --upload-file "${HELM_CHART_ARTIFACT}" "${HELM_REPO}/"

# push to Harbor
# we need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
helm registry login --username '${value OCI_REGISTRY_USERNAME}' --password '${OCI_REGISTRY_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
# Obtain the digest of the pushed artifact from the output of `helm push`, because signing by tag is deprecated and will be removed from cosign in the future\
HELM_OUTPUT=$$(helm push '${HELM_CHART_ARTIFACT}' 'oci://${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}' 2>&1);\
REPO_DIGEST_OF_ARTIFACT=$$(echo "$$HELM_OUTPUT" | awk '/^Digest: sha256:[0-9a-f]{64}$$/ { print $$2 }');\
if [ -z "$$REPO_DIGEST_OF_ARTIFACT" ]; then\
echo 'Could not find repo digest for helm chart: ${HELM_CHART_NAME}';\
exit 1;\
fi;\
# This generates a signature and publishes it to the registry, next to the chart artifact\
# Uses the keyless signing flow with Github Actions as identity provider\
cosign sign -y ${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}/${HELM_CHART_NAME}:@$$REPO_DIGEST_OF_ARTIFACT

helm-package:
mkdir -p target/helm && helm package --destination target/helm deploy/helm/${OPERATOR_NAME}

Expand Down Expand Up @@ -80,6 +115,7 @@ chart-lint: compile-chart
clean: chart-clean
cargo clean
docker rmi --force "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}:${VERSION}"
docker rmi --force '${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}'

regenerate-charts: chart-clean compile-chart

Expand Down

0 comments on commit 885d50d

Please sign in to comment.