Skip to content

Commit

Permalink
📂 update Red Hat specific files
Browse files Browse the repository at this point in the history
  • Loading branch information
lance committed Aug 28, 2023
1 parent 9bd68ba commit 277f4a1
Show file tree
Hide file tree
Showing 4 changed files with 129 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM golang:1.20.6@sha256:cfc9d1b07b1ef4f7a4571f0b60a99646a92ef76adb7d9943f4cb7b606c6554e2 AS builder
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 AS builder
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT

Expand All @@ -28,7 +28,7 @@ RUN go build -o server main.go
RUN CGO_ENABLED=1 go build -gcflags "all=-N -l" -o server_debug main.go

# Multi-Stage production build
FROM golang:1.20.6@sha256:cfc9d1b07b1ef4f7a4571f0b60a99646a92ef76adb7d9943f4cb7b606c6554e2 as deploy
FROM golang:1.20.6@shregistry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 as deploy

# Retrieve the binary from the previous stage
COPY --from=builder /opt/app-root/src/server /usr/local/bin/fulcio-server
Expand Down
11 changes: 11 additions & 0 deletions OWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# The OWNERS file is used by prow to automatically merge approved PRs.

approvers:
- lance
- cooktheryan
- lkatalin
- sallom

reviewers:
- JasonPowr
- tommyd450
22 changes: 22 additions & 0 deletions redhat/patches/0001-dockerfile.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
diff --git a/Dockerfile b/Dockerfile
index 2e3a82f..5e63c3c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

-FROM golang:1.20.6@sha256:cfc9d1b07b1ef4f7a4571f0b60a99646a92ef76adb7d9943f4cb7b606c6554e2 AS builder
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 AS builder
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT

@@ -28,7 +28,7 @@ RUN go build -o server main.go
RUN CGO_ENABLED=1 go build -gcflags "all=-N -l" -o server_debug main.go

# Multi-Stage production build
-FROM golang:1.20.6@sha256:cfc9d1b07b1ef4f7a4571f0b60a99646a92ef76adb7d9943f4cb7b606c6554e2 as deploy
+FROM golang:1.20.6@shregistry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 as deploy

# Retrieve the binary from the previous stage
COPY --from=builder /opt/app-root/src/server /usr/local/bin/fulcio-server
94 changes: 94 additions & 0 deletions redhat/release/update-to-head.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
#!/usr/bin/env bash

# Copyright 2023 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# The local git repo must have a remote "upstream" pointing
# to upstream sigstore/fulcio, and a remote "origin"
# pointing to securesign/fulcio

# Synchs the release-next branch to either the upstream `main` branch
# or a provided git-ref (typically an upstream release tag) and then triggers CI.
#
# NOTE: This requires a corresponding midstream branch to exist in the securesign fork
# with the same name as the upstream branch/ref, but prefixed with "midstream-".
#
# Usage: update-to-head.sh [<git-ref>]

if [ "$#" -ne 1 ]; then
upstream_ref="main"
midstream_ref="main"
redhat_ref="release-next"
else
upstream_ref=$1
midstream_ref="midstream-${upstream_ref}" # The overlays and patches for the given version
redhat_ref="redhat-${upstream_ref}" # The midstream repo with overlays and patches applied
fi

echo "Synchronizing ${redhat_ref} to upstream/${upstream_ref}..."

set -e
REPO_NAME=$(basename $(git rev-parse --show-toplevel))

# Custom files
custom_files=$(cat <<EOT | tr '\n' ' '
redhat
OWNERS
EOT
)
redhat_files_msg=":open_file_folder: update Red Hat specific files"
robot_trigger_msg=":robot: triggering CI on branch '${redhat_ref}' after synching from upstream/${upstream_ref}"

# Reset release-next to upstream main or <git-ref>.
git fetch upstream $upstream_ref
if [[ "$upstream_ref" == "main" ]]; then
git checkout upstream/main -B ${redhat_ref}
else
git checkout $upstream_ref -B ${redhat_ref}
fi

# Update redhat's main and take all needed files from there.
git fetch origin $midstream_ref
git checkout origin/$midstream_ref $custom_files

# Apply midstream patches
if [[ -d redhat/patches ]]; then
git apply redhat/patches/*
fi

git add . # Adds applied patches
git add $custom_files # Adds custom files
git commit -m "${redhat_files_msg}"

# Push the release-next branch
git push -f origin "${redhat_ref}"

# Trigger CI
# TODO: Set up openshift or github CI to run on release-next-ci
git checkout "${redhat_ref}" -B "${redhat_ref}"-ci
date > ci
git add ci
git commit -m "${robot_trigger_msg}"
git push -f origin "${redhat_ref}-ci"

if hash hub 2>/dev/null; then
# Test if there is already a sync PR in
COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/securesign/${REPO_NAME}/pulls --flat \
| grep -c "${robot_trigger_msg}") || true
if [ "$COUNT" = "0" ]; then
hub pull-request --no-edit -l "kind/sync-fork-to-upstream" -b securesign/${REPO_NAME}:${redhat_ref} -h securesign/${REPO_NAME}:${redhat_ref}-ci -m "${robot_trigger_msg}"
fi
else
echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually."
fi

0 comments on commit 277f4a1

Please sign in to comment.