feat: add zarf flavors for registry1 and upstream (#29)

* feat: add zarf flavors for registry1 and upstream * wip: update setup-zarf with v0.32.1 * wip: refactoring CI for handling multiple pkg flavors. * wip: updating tag and release just for testing. * wip: fixing yamllint errors * wip: refactoring CI with uds tasks for testing and publishing. * wip: fix yamllint errors * wip: fix setup task name; add login to registry1 for publish workflow * wip: removing flavor var from publish task * wip: updated uds cli version; placing task created packages into build/ dir * wip: moved variables to top of tasks.yaml; fixed publish task typo; remove use of build dir from tasks * wip: fixed create task * wip: added deploy and remove to tasks includes * wip: revert tag and release workflow to run only on push to main * wip: debug on deploy for troubleshooting * wip: broke values into registry1 and upstream values files * wip: remove debug from deploy task * Update zarf.yaml --------- Co-authored-by: Micah Nagel <micah.nagel@gmail.com>
defenseunicorns · Jan 8, 2024 · 504b759 · 504b759
1 parent 6c6399d
commit 504b759
Show file tree

Hide file tree

Showing 13 changed files with 178 additions and 106 deletions.
diff --git a/.github/actions/create-zarf-package/action.yaml b/.github/actions/create-zarf-package/action.yaml
diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -0,0 +1,34 @@
+# action.yml
+name: "Setup Environment"
+description: "UDS Environment Setup"
+
+inputs:
+  download-init-package:
+    description: "whether to download the zarf init package or not"
+    required: true
+  install-k3d:
+    description: "whether to install k3d or not"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Zarf
+      uses: defenseunicorns/setup-zarf@main
+      with:
+        # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
+        version: v0.32.1
+        download-init-package: ${{ inputs.download-init-package }}
+
+    - name: Install k3d
+      shell: bash
+      if: ${{ inputs.install-k3d == 'true' }}
+      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash
+
+    - name: Set up Homebrew
+      uses: Homebrew/actions/setup-homebrew@master
+
+    - name: Install UDS CLI
+      shell: bash
+      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+      run: brew install defenseunicorns/tap/uds@0.5.2
diff --git a/.github/workflows/publish-package.yaml b/.github/workflows/publish-package.yaml
@@ -1,4 +1,4 @@
-name: Publish Package
+name: Publish
 
 # Will remove before merge and make it only tags
 on:
@@ -15,26 +15,18 @@ permissions:
 jobs:
   publish-package:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
     steps:
-      - name: Free GH runner space
-        run: |
-          df -h
-          sudo rm -rf /usr/share/dotnet
-          sudo rm -rf /usr/local/lib/android
-          sudo rm -rf /opt/ghc
-          sudo rm -rf /opt/hostedtoolcache/CodeQL
-          sudo docker image prune --all --force
-          df -h
-
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Create Package
-        uses: ./.github/actions/create-zarf-package
+      - name: Setup Environment
+        uses: ./.github/actions/setup
         with:
-          username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
-          password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
-          working-dir: ${{ inputs.working_dir }}
+          install-k3d: false
+          download-init-package: false
 
       - name: Login to GHCR
         uses: docker/login-action@v3
@@ -43,10 +35,18 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Publish Zarf Package
-        run: zarf package publish zarf-package-*.tar.zst oci://ghcr.io/defenseunicorns/packages
-        working-directory: ${{ inputs.working_dir }}
-        timeout-minutes: 60
+      - name: Login to Registry1
+        uses: docker/login-action@v3
+        with:
+          registry: registry1.dso.mil
+          username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Create Package Flavor
+        run: uds run create-pkg-flavor --set FLAVOR=${{ matrix.flavor }}
+
+      - name: Publish Zarf Package Flavor
+        run: uds run publish-pkg-flavor
 
       - name: Publish Zarf Skeleton
         run: zarf package publish . oci://ghcr.io/defenseunicorns/packages

diff --git a/.github/workflows/test-k3d-package.yaml b/.github/workflows/test-k3d-package.yaml
@@ -14,58 +14,34 @@ permissions:
 jobs:
   test-clean-install:
     runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
     steps:
-      - name: Free GH runner space
-        run: |
-          df -h
-          sudo rm -rf /usr/share/dotnet
-          sudo rm -rf /usr/local/lib/android
-          sudo rm -rf /opt/ghc
-          sudo rm -rf /opt/hostedtoolcache/CodeQL
-          sudo docker image prune --all --force
-          df -h
-
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - uses: ./.github/actions/create-zarf-package
+      - name: Setup Environment
+        uses: ./.github/actions/setup
+        with:
+          install-k3d: true
+          download-init-package: true
+
+      - name: Login to Registry1
+        uses: docker/login-action@v3
         with:
+          registry: registry1.dso.mil
           username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
-          working-dir: ${{ inputs.working_dir }}
-          download-init-package: true
-          timeout-minutes: 60
 
       - name: Create k3d cluster
-        id: create-cluster
-        # renovate: datasource=github-tags depName=defenseunicorns/uds-aws-ci-k3d versioning=semver
-        uses: defenseunicorns/uds-aws-ci-k3d@swf_additions
-        with:
-          cluster-action: create
-          aws-assume-role: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
-          aws-region: us-west-2
+        run: uds run create-k3d-cluster
 
-      - name: Zarf init
-        run: zarf init -a amd64 --components=git-server --confirm
+      - name: Create Pkg Flavor
+        run: uds run create-pkg-flavor --set FLAVOR=${{ matrix.flavor }}
 
-      - name: Deploy Package on k3d cluster
-        run: |
-          zarf package deploy zarf-package-*.tar.zst \
-            --set CERT_MANAGER_VALUES=./.github/ci-values/values-override.yaml \
-            --confirm
-        working-directory: ${{ inputs.working_dir }}
-        timeout-minutes: 60
+      - name: Deploy Pkg Flavor
+        run: uds run deploy-pkg-flavor --set CERT_MANAGER_VALUES=./.github/ci-values/values-override.yaml
 
       - name: Remove Package from k3d cluster
-        if: always()
-        run: zarf package remove zarf-package-*.tar.zst --confirm
-        working-directory: ${{ inputs.working_dir }}
-        timeout-minutes: 60
-
-      - name: Teardown k3d cluster
-        if: always()
-        # renovate: datasource=github-tags depName=defenseunicorns/uds-aws-ci-k3d versioning=semver
-        uses: defenseunicorns/uds-aws-ci-k3d@swf_additions
-        with:
-          cluster-action: destroy
+        run: uds run remove-pkg-flavor
diff --git a/tasks.yaml b/tasks.yaml
@@ -0,0 +1,31 @@
+includes:
+  - setup: ./tasks/setup.yaml
+  - create: ./tasks/create.yaml
+  - deploy: ./tasks/deploy.yaml
+  - remove: ./tasks/remove.yaml
+  - publish: ./tasks/publish.yaml
+
+variables:
+  - name: FLAVOR
+  - name: CERT_MANAGER_VALUES
+
+tasks:
+  - name: create-k3d-cluster
+    actions:
+      - task: setup:create-k3d-cluster
+
+  - name: create-pkg-flavor
+    actions:
+      - task: create:cert-manager-pkg-flavor
+
+  - name: deploy-pkg-flavor
+    actions:
+      - task: deploy:cert-manager-pkg-flavor
+
+  - name: remove-pkg-flavor
+    actions:
+      - task: remove:cert-manager-pkg-flavor
+
+  - name: publish-pkg-flavor
+    actions:
+      - task: publish:cert-manager-pkg-flavor
diff --git a/tasks/create.yaml b/tasks/create.yaml
@@ -0,0 +1,5 @@
+tasks:
+  - name: cert-manager-pkg-flavor
+    description: "Create pkg flavor of Cert-Manager"
+    actions:
+      - cmd: zarf package create . --flavor=${FLAVOR} --confirm
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
@@ -0,0 +1,5 @@
+tasks:
+  - name: cert-manager-pkg-flavor
+    description: "Deploy pkg flavor of Cert-Manager"
+    actions:
+      - cmd: zarf package deploy zarf-package-*.zst --set CERT_MANAGER_VALUES=${CERT_MANAGER_VALUES} --confirm
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
@@ -0,0 +1,5 @@
+tasks:
+  - name: cert-manager-pkg-flavor
+    description: "Publish pkg flavor of Cert-Manager"
+    actions:
+      - cmd: zarf package publish zarf-package-cert-manager-*.tar.zst oci://ghcr.io/defenseunicorns/packages
diff --git a/tasks/remove.yaml b/tasks/remove.yaml
@@ -0,0 +1,5 @@
+tasks:
+  - name: cert-manager-pkg-flavor
+    description: "Remove pkg flavor of Cert-Manager"
+    actions:
+      - cmd: zarf package remove zarf-package-*.zst --confirm
diff --git a/tasks/setup.yaml b/tasks/setup.yaml
@@ -0,0 +1,10 @@
+tasks:
+  - name: create-k3d-cluster
+    actions:
+      - description: "Create the k3d cluster"
+        # renovate: datasource=github-tags depName=defenseunicorns/uds-k3d versioning=semver
+        cmd: "zarf package deploy oci://defenseunicorns/uds-k3d:0.1.12-multi --confirm"
+
+      - description: "Initialize the cluster with Zarf"
+        # renovate: datasource=github-tags depName=defenseunicorns/init versioning=semver
+        cmd: "zarf package deploy oci://defenseunicorns/init:v0.31.4-${UDS_ARCH} --confirm --components=git-server"
diff --git a/values/cert-manager-values.yaml → values/registry1-values.yaml b/values/cert-manager-values.yaml → values/registry1-values.yaml
diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml
@@ -0,0 +1,16 @@
+startupapicheck:
+  podLabels:
+    sidecar.istio.io/inject: "false"
+
+installCRDs: true
+
+# delete secret if certificate is deleted
+extraArgs:
+  - --enable-certificate-owner-ref=true
+
+securityContext:
+  runAsNonRoot: true
+
+prometheus:
+  servicemonitor:
+    enabled: true
diff --git a/zarf.yaml b/zarf.yaml
@@ -55,6 +55,8 @@ components:
 
   - name: deploy-chart
     required: true
+    only:
+      flavor: registry1
     charts:
       # renovate: datasource=helm
       - name: cert-manager
@@ -64,7 +66,7 @@ components:
         namespace: cert-manager
         releaseName: cert-manager
         valuesFiles:
-          - values/cert-manager-values.yaml
+          - values/registry1-values.yaml
             # user given values file goes last so helm gives it precedence over defaults
           - values/deploy-cert-manager-values.yaml
     images:
@@ -77,6 +79,32 @@ components:
       # renovate: datasource=docker versioning=semver
       - registry1.dso.mil/ironbank/jetstack/cert-manager-ctl:v1.13.2
 
+  - name: deploy-chart
+    required: true
+    only:
+      flavor: upstream
+    charts:
+      # renovate: datasource=helm
+      - name: cert-manager
+        url: https://charts.jetstack.io
+        version: v1.13.2
+        gitPath: jetstack/cert-manager
+        namespace: cert-manager
+        releaseName: cert-manager
+        valuesFiles:
+          - values/upstream-values.yaml
+            # user given values file goes last so helm gives it precedence over defaults
+          - values/deploy-cert-manager-values.yaml
+    images:
+      # renovate: datasource=docker versioning=semver
+      - quay.io/jetstack/cert-manager-cainjector:v1.13.2
+      # renovate: datasource=docker versioning=semver
+      - quay.io/jetstack/cert-manager-webhook:v1.13.2
+      # renovate: datasource=docker versioning=semver
+      - quay.io/jetstack/cert-manager-controller:v1.13.2
+      # renovate: datasource=docker versioning=semver
+      - quay.io/jetstack/cert-manager-ctl:v1.13.2
+
   - name: deploy-custom-manifests
     manifests:
       - name: custom-cert-manager-manifests