ci(template): Publish to quay.io

.github/workflows/pr_pre-commit.yml

@@ -18,7 +18,7 @@ jobs:
         with:
           persist-credentials: false
           fetch-depth: 0
-      - uses: stackabletech/actions/run-pre-commit@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+      - uses: stackabletech/actions/run-pre-commit@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           hadolint: ${{ env.HADOLINT_VERSION }}

template/.github/workflows/build.yaml.j2

@@ -48,7 +48,7 @@ jobs:
 
       - name: Check for changed files
         id: check
-        uses: stackabletech/actions/detect-changes@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+        uses: stackabletech/actions/detect-changes@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           patterns: |
             - '.github/workflows/build.yaml'
@@ -166,16 +166,16 @@ jobs:
 
       - name: Build Container Image
         id: build
-        uses: stackabletech/actions/build-container-image@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+        uses: stackabletech/actions/build-container-image@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           image-name: ${{ env.OPERATOR_NAME }}
           image-index-manifest-tag: ${{ steps.version.outputs.OPERATOR_VERSION }}
           build-arguments: VERSION=${{ steps.version.outputs.OPERATOR_VERSION }}
           container-file: docker/Dockerfile
 
-      - name: Publish Container Image
+      - name: Publish Container Image (oci.stackable.tech)
         if: ${{ !github.event.pull_request.head.repo.fork }}
-        uses: stackabletech/actions/publish-image@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+        uses: stackabletech/actions/publish-image@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           image-registry-uri: oci.stackable.tech
           image-registry-username: robot$sdp+github-action-build
@@ -184,6 +184,17 @@ jobs:
           image-manifest-tag: ${{ steps.build.outputs.image-manifest-tag }}
           source-image-uri: ${{ steps.build.outputs.image-manifest-uri }}
 
+      - name: Publish Container Image (quay.io)
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        uses: stackabletech/actions/publish-image@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
+        with:
+          image-registry-uri: quay.io
+          image-registry-username: stackable+robot_sdp_github_action_build # Doesn't exist yet
+          image-registry-password: ${{ secrets.QUAY_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} # Doesn't exist yet
+          image-repository: stackable/sdp/${{ env.OPERATOR_NAME }}
+          image-manifest-tag: ${{ steps.build.outputs.image-manifest-tag }}
+          source-image-uri: ${{ steps.build.outputs.image-manifest-uri }}
+
   publish-index-manifest:
     name: Publish/Sign ${{ needs.build-container-image.outputs.operator-version }} Index
     if: |
@@ -202,15 +213,24 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Publish and Sign Image Index
-        uses: stackabletech/actions/publish-image-index-manifest@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+      - name: Publish and Sign Image Index (oci.stackable.tech)
+        uses: stackabletech/actions/publish-image-index-manifest@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           image-registry-uri: oci.stackable.tech
           image-registry-username: robot$sdp+github-action-build
           image-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
           image-repository: sdp/${{ env.OPERATOR_NAME }}
           image-index-manifest-tag: ${{ needs.build-container-image.outputs.operator-version }}
 
+      - name: Publish and Sign Image Index (quay.io)
+        uses: stackabletech/actions/publish-image-index-manifest@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
+        with:
+          image-registry-uri: quay.io
+          image-registry-username: stackable+robot_sdp_github_action_build # Doesn't exist yet
+          image-registry-password: ${{ secrets.QUAY_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} # Doesn't exist yet
+          image-repository: stackable/sdp/${{ env.OPERATOR_NAME }}
+          image-index-manifest-tag: ${{ needs.build-container-image.outputs.operator-version }}
+
   publish-helm-chart:
     name: Package/Publish ${{ needs.build-container-image.outputs.operator-version }} Helm Chart
     if: |
@@ -229,8 +249,8 @@ jobs:
           persist-credentials: false
           submodules: recursive
 
-      - name: Package, Publish, and Sign Helm Chart
-        uses: stackabletech/actions/publish-helm-chart@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+      - name: Package, Publish, and Sign Helm Chart (coi.stackable.tech)
+        uses: stackabletech/actions/publish-helm-chart@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           chart-registry-uri: oci.stackable.tech
           chart-registry-username: robot$sdp-charts+github-action-build
@@ -241,6 +261,18 @@ jobs:
           app-version: ${{ needs.build-container-image.outputs.operator-version }}
           publish-and-sign: ${{ !github.event.pull_request.head.repo.fork }}
 
+      - name: Package, Publish, and Sign Helm Chart (quay.io)
+        uses: stackabletech/actions/publish-helm-chart@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
+        with:
+          chart-registry-uri: quay.io
+          chart-registry-username: stackable+robot_sdp_charts_github_action_build # Doesn't exist yet
+          chart-registry-password: ${{ secrets.QUAY_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }} # Doesn't exist yet
+          chart-repository: stackable/sdp-charts
+          chart-directory: deploy/helm/${{ env.OPERATOR_NAME }}
+          chart-version: ${{ needs.build-container-image.outputs.operator-version }}
+          app-version: ${{ needs.build-container-image.outputs.operator-version }}
+          publish-and-sign: ${{ !github.event.pull_request.head.repo.fork }}
+
   openshift-preflight-check:
     name: Run OpenShift Preflight Check for ${{ needs.build-container-image.outputs.operator-version }}-${{ matrix.arch }}
     if: |
@@ -259,12 +291,18 @@ jobs:
           - arm64
     runs-on: ubuntu-latest
     steps:
-      - name: Run OpenShift Preflight Check
-        uses: stackabletech/actions/run-openshift-preflight@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+      - name: Run OpenShift Preflight Check (oci.stackable.tech)
+        uses: stackabletech/actions/run-openshift-preflight@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           image-index-uri: oci.stackable.tech/sdp/${{ env.OPERATOR_NAME }}:${{ needs.build-container-image.outputs.operator-version }}
           image-architecture: ${{ matrix.arch }}
 
+      - name: Run OpenShift Preflight Check (quay.io)
+        uses: stackabletech/actions/run-openshift-preflight@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
+        with:
+          image-index-uri: quay.io/stackable/sdp/${{ env.OPERATOR_NAME }}:${{ needs.build-container-image.outputs.operator-version }}
+          image-architecture: ${{ matrix.arch }}
+
   # This job is a required check in GitHub Settings for this repository.
   # It saves us having to list many required jobs, or work around dynamically
   # named jobs (since there is no concept of required settings).
@@ -300,7 +338,7 @@ jobs:
           persist-credentials: false
 
       - name: Send Notification
-        uses: stackabletech/actions/send-slack-notification@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+        uses: stackabletech/actions/send-slack-notification@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           publish-helm-chart-result: ${{ needs.publish-helm-chart.result }}
           publish-manifests-result: ${{ needs.publish-index-manifest.result }}

template/.github/workflows/integration-test.yml

@@ -41,7 +41,7 @@ jobs:
       # TODO: Enable the scheduled runs which hard-code what profile to use
       - name: Run Integration Test
         id: test
-        uses: stackabletech/actions/run-integration-test@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+        uses: stackabletech/actions/run-integration-test@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           replicated-api-token: ${{ secrets.REPLICATED_API_TOKEN }}
           test-mode-input: ${{ inputs.test-mode-input }}
@@ -51,7 +51,7 @@ jobs:
 
       - name: Send Notification
         if: ${{ failure() || github.run_attempt > 1 }}
-        uses: stackabletech/actions/send-slack-notification@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+        uses: stackabletech/actions/send-slack-notification@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           slack-token: ${{ secrets.SLACK_INTEGRATION_TEST_TOKEN }}
           failed-tests: ${{ steps.test.outputs.failed-tests }}

template/.github/workflows/pr_pre-commit.yaml.j2

@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
           submodules: recursive
           fetch-depth: 0
-      - uses: stackabletech/actions/run-pre-commit@9848c5593dff4793aacba240116a648c02f20fa4 # v0.13.1
+      - uses: stackabletech/actions/run-pre-commit@ac6f1d3b87f68826b9a5838d13864ef8e88dcf40 # v0.14.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           rust: ${{ env.RUST_TOOLCHAIN_VERSION }}

template/Makefile.j2

@@ -76,3 +76,9 @@ run-dev: check-nix check-kubernetes
 
 stop-dev: check-nix check-kubernetes
 	nix run --extra-experimental-features "nix-command flakes" -f. tilt -- down
+
+helm-install:
+	helm install \
+		--values deploy/helm/airflow-operator/values.yaml \
+		--values deploy/helm/airflow-operator/values/$(OCI_REGISTRY_HOSTNAME).yaml \
+		airflow-operator deploy/helm/airflow-operator

template/Tiltfile

@@ -1,16 +1,18 @@
+# Load the metadata first, so that we immediately get access to the operator name
+meta = read_json('nix/meta.json')
+operator_name = meta['operator']['name']
+
 # If tilt_options.json exists read it and load the default_registry value from it
 settings = read_json('tilt_options.json', default={})
-registry = settings.get('default_registry', 'oci.stackable.tech/sandbox')
+registry = settings.get('default_registry', 'oci.stackable.tech')
+repository = settings.get('default_repository', 'sandbox' + '/' + operator_name)
 
 # Configure default registry either read from config file above, or with default value of "oci.stackable.tech/sandbox"
 default_registry(registry)
 
-meta = read_json('nix/meta.json')
-operator_name = meta['operator']['name']
-
 custom_build(
-    registry + '/' + operator_name,
-    'make regenerate-nix && nix-build . -A docker --argstr dockerName "${EXPECTED_REGISTRY}/' + operator_name + '" && ./result/load-image | docker load',
+    registry + '/' + repository,
+    'make regenerate-nix && nix-build . -A docker --argstr dockerName "${EXPECTED_REGISTRY}/' + repository + '" && ./result/load-image | docker load',
     deps=['rust', 'Cargo.toml', 'Cargo.lock', 'default.nix', "nix", 'build.rs', 'vendor'],
     ignore=['*.~undo-tree~'],
     # ignore=['result*', 'Cargo.nix', 'target', *.yaml],
@@ -28,13 +30,15 @@ k8s_kind('DaemonSet', image_json_path='{.spec.template.metadata.annotations.inte
 # supported by helm(set).
 helm_values = settings.get('helm_values', None)
 
-helm_override_image_repository = 'image.repository=' + registry + '/' + operator_name
+helm_override_image_registry = 'image.registry=' + registry
+helm_override_image_repository = 'image.repository=' + repository
 
 k8s_yaml(helm(
    'deploy/helm/' + operator_name,
    name=operator_name,
    namespace="stackable-operators",
    set=[
+      helm_override_image_registry,
       helm_override_image_repository,
    ],
    values=helm_values,

template/deploy/helm/[[operator]]/.helmignore

@@ -6,6 +6,8 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
+# Ignore the file itself
+.helmignore
 .DS_Store
 # Common VCS dirs
 .git/
@@ -26,3 +28,5 @@
 .idea/
 *.tmproj
 .vscode/
+# Partial, unmerged, registry-specific values files
+values/

template/deploy/helm/[[operator]]/templates/_helpers.tpl

@@ -77,3 +77,10 @@ Labels for Kubernetes objects created by helm test
 {{- define "operator.testLabels" -}}
 helm.sh/test: {{ include "operator.chart" . }}
 {{- end }}
+
+{{/*
+Build the full container image reference.
+*/}}
+{{- define "operator.image" -}}
+{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) -}}
+{{- end }}

template/deploy/helm/[[operator]]/templates/deployment.yaml.j2

@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        internal.stackable.tech/image: {{ include "operator.image" . }}
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
@@ -38,7 +38,7 @@ spec:
         - name: {{ include "operator.appname" . }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: {{ include "operator.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
@@ -71,6 +71,15 @@ spec:
             - name: OPERATOR_SERVICE_NAME
               value: {{ include "operator.fullname" . }}
 
+            # The URI of the image registry, like "oci.stackable.tech". Used to derive product image
+            # name.
+            - name: IMAGE_REGISTRY_URI
+              value: {{ .Values.image.registry }}
+
+            # The image repository, like "sdp/airflow-operator"
+            - name: IMAGE_REPOSITORY
+              value: {{ .Values.image.repository }}
+
             # Operators need to know the node name they are running on, to e.g. discover the
             # Kubernetes domain name from the kubelet API.
             - name: KUBERNETES_NODE_NAME

template/deploy/helm/[[operator]]/values/oci.stackable.tech.yaml

@@ -0,0 +1,5 @@
+---
+# Values overlay for chart packages published to oci.stackable.tech.
+image:
+  registry: oci.stackable.tech
+  repository: sdp/airflow-operator

template/deploy/helm/[[operator]]/values/quay.io.yaml

@@ -0,0 +1,5 @@
+---
+# Values overlay for chart packages published to quay.io.
+image:
+  registry: quay.io
+  repository: stackable/sdp/airflow-operator