diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1c735ffb..53250d29 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -48,7 +48,7 @@ jobs: - name: Check for changed files id: check - uses: stackabletech/actions/detect-changes@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + uses: stackabletech/actions/detect-changes@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: patterns: | - '.github/workflows/build.yaml' @@ -166,16 +166,16 @@ jobs: - name: Build Container Image id: build - uses: stackabletech/actions/build-container-image@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + uses: stackabletech/actions/build-container-image@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: image-name: ${{ env.OPERATOR_NAME }} image-index-manifest-tag: ${{ steps.version.outputs.OPERATOR_VERSION }} build-arguments: VERSION=${{ steps.version.outputs.OPERATOR_VERSION }} container-file: docker/Dockerfile - - name: Publish Container Image + - name: Publish Container Image (oci.stackable.tech) if: ${{ !github.event.pull_request.head.repo.fork }} - uses: stackabletech/actions/publish-image@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + uses: stackabletech/actions/publish-image@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: image-registry-uri: oci.stackable.tech image-registry-username: robot$sdp+github-action-build @@ -184,6 +184,17 @@ jobs: image-manifest-tag: ${{ steps.build.outputs.image-manifest-tag }} source-image-uri: ${{ steps.build.outputs.image-manifest-uri }} + - name: Publish Container Image (quay.io) + if: ${{ !github.event.pull_request.head.repo.fork }} + uses: stackabletech/actions/publish-image@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased + with: + image-registry-uri: quay.io + image-registry-username: stackable+robot_sdp_test_github_action_build + image-registry-password: ${{ secrets.QUAY_ROBOT_SDP_TEST_GITHUB_ACTION_BUILD_SECRET }} + image-repository: stackable/sdp-test/${{ env.OPERATOR_NAME }} + image-manifest-tag: ${{ steps.build.outputs.image-manifest-tag }} + source-image-uri: ${{ steps.build.outputs.image-manifest-uri }} + publish-index-manifest: name: Publish/Sign ${{ needs.build-container-image.outputs.operator-version }} Index if: | @@ -202,8 +213,8 @@ jobs: with: persist-credentials: false - - name: Publish and Sign Image Index - uses: stackabletech/actions/publish-image-index-manifest@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + - name: Publish and Sign Image Index (oci.stackable.tech) + uses: stackabletech/actions/publish-image-index-manifest@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: image-registry-uri: oci.stackable.tech image-registry-username: robot$sdp+github-action-build @@ -211,6 +222,15 @@ jobs: image-repository: sdp/${{ env.OPERATOR_NAME }} image-index-manifest-tag: ${{ needs.build-container-image.outputs.operator-version }} + - name: Publish and Sign Image Index (quay.io) + uses: stackabletech/actions/publish-image-index-manifest@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased + with: + image-registry-uri: quay.io + image-registry-username: stackable+robot_sdp_test_github_action_build + image-registry-password: ${{ secrets.QUAY_ROBOT_SDP_TEST_GITHUB_ACTION_BUILD_SECRET }} + image-repository: stackable/sdp-test/${{ env.OPERATOR_NAME }} + image-index-manifest-tag: ${{ needs.build-container-image.outputs.operator-version }} + publish-helm-chart: name: Package/Publish ${{ needs.build-container-image.outputs.operator-version }} Helm Chart if: | @@ -229,8 +249,8 @@ jobs: persist-credentials: false submodules: recursive - - name: Package, Publish, and Sign Helm Chart - uses: stackabletech/actions/publish-helm-chart@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + - name: Package, Publish, and Sign Helm Chart (oci.stackable.tech) + uses: stackabletech/actions/publish-helm-chart@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: chart-registry-uri: oci.stackable.tech chart-registry-username: robot$sdp-charts+github-action-build @@ -241,6 +261,18 @@ jobs: app-version: ${{ needs.build-container-image.outputs.operator-version }} publish-and-sign: ${{ !github.event.pull_request.head.repo.fork }} + - name: Package, Publish, and Sign Helm Chart (quay.io) + uses: stackabletech/actions/publish-helm-chart@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased + with: + chart-registry-uri: quay.io + chart-registry-username: stackable+robot_sdp_charts_test_github_action_build + chart-registry-password: ${{ secrets.QUAY_ROBOT_SDP_CHARTS_TEST_GITHUB_ACTION_BUILD_SECRET }} + chart-repository: stackable/sdp-charts-test + chart-directory: deploy/helm/${{ env.OPERATOR_NAME }} + chart-version: ${{ needs.build-container-image.outputs.operator-version }} + app-version: ${{ needs.build-container-image.outputs.operator-version }} + publish-and-sign: ${{ !github.event.pull_request.head.repo.fork }} + openshift-preflight-check: name: Run OpenShift Preflight Check for ${{ needs.build-container-image.outputs.operator-version }}-${{ matrix.arch }} if: | @@ -259,12 +291,18 @@ jobs: - arm64 runs-on: ubuntu-latest steps: - - name: Run OpenShift Preflight Check - uses: stackabletech/actions/run-openshift-preflight@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + - name: Run OpenShift Preflight Check (oci.stackable.tech) + uses: stackabletech/actions/run-openshift-preflight@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: image-index-uri: oci.stackable.tech/sdp/${{ env.OPERATOR_NAME }}:${{ needs.build-container-image.outputs.operator-version }} image-architecture: ${{ matrix.arch }} + - name: Run OpenShift Preflight Check (quay.io) + uses: stackabletech/actions/run-openshift-preflight@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased + with: + image-index-uri: quay.io/stackable/sdp-test/${{ env.OPERATOR_NAME }}:${{ needs.build-container-image.outputs.operator-version }} + image-architecture: ${{ matrix.arch }} + # This job is a required check in GitHub Settings for this repository. # It saves us having to list many required jobs, or work around dynamically # named jobs (since there is no concept of required settings). @@ -300,7 +338,7 @@ jobs: persist-credentials: false - name: Send Notification - uses: stackabletech/actions/send-slack-notification@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1 + uses: stackabletech/actions/send-slack-notification@b4f7b1301d2e46e623cd04a22994a327470d4743 # unreleased with: publish-helm-chart-result: ${{ needs.publish-helm-chart.result }} publish-manifests-result: ${{ needs.publish-index-manifest.result }} diff --git a/Makefile b/Makefile index 32f2bcad..6a0a9ff3 100644 --- a/Makefile +++ b/Makefile @@ -76,3 +76,9 @@ run-dev: check-nix check-kubernetes stop-dev: check-nix check-kubernetes nix run --extra-experimental-features "nix-command flakes" -f. tilt -- down + +helm-install: + helm install \ + --values deploy/helm/airflow-operator/values.yaml \ + --values deploy/helm/airflow-operator/values/$(OCI_REGISTRY_HOSTNAME).yaml \ + airflow-operator deploy/helm/airflow-operator diff --git a/Tiltfile b/Tiltfile index 53c3a8e4..d3ff819f 100644 --- a/Tiltfile +++ b/Tiltfile @@ -1,16 +1,18 @@ -# If tilt_options.json exists read it and load the default_registry value from it +# Load the metadata first, so that we immediately get access to the operator name +meta = read_json('nix/meta.json') +operator_name = meta['operator']['name'] + +# If tilt_options.json exists read it and load the default_registry and default_repository value from it settings = read_json('tilt_options.json', default={}) -registry = settings.get('default_registry', 'oci.stackable.tech/sandbox') +registry = settings.get('default_registry', 'oci.stackable.tech') +repository = settings.get('default_repository', 'sandbox' + '/' + operator_name) # Configure default registry either read from config file above, or with default value of "oci.stackable.tech/sandbox" default_registry(registry) -meta = read_json('nix/meta.json') -operator_name = meta['operator']['name'] - custom_build( - registry + '/' + operator_name, - 'make regenerate-nix && nix-build . -A docker --argstr dockerName "${EXPECTED_REGISTRY}/' + operator_name + '" && ./result/load-image | docker load', + registry + '/' + repository, + 'make regenerate-nix && nix-build . -A docker --argstr dockerName "${EXPECTED_REGISTRY}/' + repository + '" && ./result/load-image | docker load', deps=['rust', 'Cargo.toml', 'Cargo.lock', 'default.nix', "nix", 'build.rs', 'vendor'], ignore=['*.~undo-tree~'], # ignore=['result*', 'Cargo.nix', 'target', *.yaml], @@ -28,13 +30,15 @@ k8s_kind('DaemonSet', image_json_path='{.spec.template.metadata.annotations.inte # supported by helm(set). helm_values = settings.get('helm_values', None) -helm_override_image_repository = 'image.repository=' + registry + '/' + operator_name +helm_override_image_registry = 'image.registry=' + registry +helm_override_image_repository = 'image.repository=' + repository k8s_yaml(helm( 'deploy/helm/' + operator_name, name=operator_name, namespace="stackable-operators", set=[ + helm_override_image_registry, helm_override_image_repository, ], values=helm_values, diff --git a/deploy/helm/airflow-operator/.helmignore b/deploy/helm/airflow-operator/.helmignore index fef44b7e..0f7e0c9a 100644 --- a/deploy/helm/airflow-operator/.helmignore +++ b/deploy/helm/airflow-operator/.helmignore @@ -6,6 +6,8 @@ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. +# Ignore the file itself +.helmignore .DS_Store # Common VCS dirs .git/ @@ -26,3 +28,5 @@ .idea/ *.tmproj .vscode/ +# Partial, unmerged, registry specific values files +values/ diff --git a/deploy/helm/airflow-operator/templates/_helpers.tpl b/deploy/helm/airflow-operator/templates/_helpers.tpl index 1096ffc6..80f2848b 100644 --- a/deploy/helm/airflow-operator/templates/_helpers.tpl +++ b/deploy/helm/airflow-operator/templates/_helpers.tpl @@ -77,3 +77,10 @@ Labels for Kubernetes objects created by helm test {{- define "operator.testLabels" -}} helm.sh/test: {{ include "operator.chart" . }} {{- end }} + +{{/* +Build the full container image reference. +*/}} +{{- define "operator.image" -}} +{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) -}} +{{- end }} diff --git a/deploy/helm/airflow-operator/templates/deployment.yaml b/deploy/helm/airflow-operator/templates/deployment.yaml index 0f4d902e..5d42cffc 100644 --- a/deploy/helm/airflow-operator/templates/deployment.yaml +++ b/deploy/helm/airflow-operator/templates/deployment.yaml @@ -15,7 +15,7 @@ spec: template: metadata: annotations: - internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + internal.stackable.tech/image: {{ include "operator.image" . }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -37,7 +37,7 @@ spec: - name: {{ include "operator.appname" . }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: {{ include "operator.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{- toYaml .Values.resources | nindent 12 }} @@ -70,6 +70,15 @@ spec: - name: OPERATOR_SERVICE_NAME value: {{ include "operator.fullname" . }} + # The URI of the image registry, like "oci.stackable.tech". Used to derive product image + # name. + - name: IMAGE_REGISTRY_URI + value: {{ .Values.image.registry }} + + # The image repository, like "sdp/airflow-operator" + - name: IMAGE_REPOSITORY + value: {{ .Values.image.repository }} + # Operators need to know the node name they are running on, to e.g. discover the # Kubernetes domain name from the kubelet API. - name: KUBERNETES_NODE_NAME diff --git a/deploy/helm/airflow-operator/values.yaml b/deploy/helm/airflow-operator/values.yaml index 89b8a10d..194b3a73 100644 --- a/deploy/helm/airflow-operator/values.yaml +++ b/deploy/helm/airflow-operator/values.yaml @@ -1,7 +1,6 @@ # Default values for airflow-operator. --- image: - repository: oci.stackable.tech/sdp/airflow-operator pullPolicy: IfNotPresent pullSecrets: [] diff --git a/deploy/helm/airflow-operator/values/oci.stackable.tech.yaml b/deploy/helm/airflow-operator/values/oci.stackable.tech.yaml new file mode 100644 index 00000000..06f5dd12 --- /dev/null +++ b/deploy/helm/airflow-operator/values/oci.stackable.tech.yaml @@ -0,0 +1,5 @@ +--- +# Values overlay for chart packages published to oci.stackable.tech. +image: + registry: oci.stackable.tech + repository: sdp/airflow-operator diff --git a/deploy/helm/airflow-operator/values/quay.io.yaml b/deploy/helm/airflow-operator/values/quay.io.yaml new file mode 100644 index 00000000..2288c22f --- /dev/null +++ b/deploy/helm/airflow-operator/values/quay.io.yaml @@ -0,0 +1,5 @@ +--- +# Values overlay for chart packages published to quay.io. +image: + registry: quay.io + repository: stackable/sdp-test/airflow-operator