Separate wf for release and test + fix nighly chart (#340)

.github/workflows/main_test.yaml

@@ -0,0 +1,23 @@
+name: Build and test
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  check-unit:
+    name: Run unit tests
+    uses: ./.github/workflows/subflow_run_unit_tests.yaml
+
+  check-e2e:
+    name: Run e2e tests
+    needs:
+      - check-unit
+    uses: ./.github/workflows/subflow_run_e2e_tests.yaml
+
+  check-compat:
+    name: Run compat tests
+    needs:
+      - check-e2e
+    uses: ./.github/workflows/subflow_run_compat_tests.yaml

.github/workflows/release.yaml

@@ -9,76 +9,6 @@ on:
 jobs:
   release:
     name: Run release
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: checkout sources
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v1
-        with:
-          version: v3.11.2
-
-      - name: Build
-        shell: bash
-        run: |
-          make build
-
-      - name: Run tests
-        shell: bash
-        run: |
-          make test
-
-      - name: Docker Hub login
-        shell: bash
-        run: |
-          echo '${{ secrets.DOCKER_HUB_PASSWORD }}' | docker login --username ${{ secrets.DOCKER_HUB_LOGIN}} --password-stdin
-
-      # Uses the `docker/login-action` action to log in to the Container registry
-      # using the account and password that will publish the packages.
-      # Once published, the packages are scoped to the account defined here.
-      - name: Guthub Packages Login
-        uses: docker/login-action@v3.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Parse tag
-        id: tag
-        run: |
-          echo "RELEASE_VERSION=$(echo ${GITHUB_REF#refs/*/release/})" >> $GITHUB_OUTPUT
-
-      - name: Release
-        shell: bash
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          make release RELEASE_VERSION=${{ steps.tag.outputs.RELEASE_VERSION }}
-
-  send-notifications:
-    name: Send notifications
-    runs-on: ubuntu-latest
-    if: ${{ failure() }}
-    steps:
-      - name: Send telegram message
-        uses: appleboy/telegram-action@master
-        with:
-          to: ${{ secrets.TELEGRAM_CHAT_ID }}
-          token: ${{ secrets.TELEGRAM_TOKEN }}
-          disable_web_page_preview: true
-          format: markdown
-          message: |
-            Workflow *${{github.workflow}}* failed: ${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}. Commit:
-            ```
-            ${{github.event.head_commit.message}}
-            ```
-
+    uses: ./.github/workflows/subflow_release.yaml
+    with:
+      release_version: ${GITHUB_REF#refs/*/release/}

.github/workflows/release_nightly.yaml

@@ -0,0 +1,15 @@
+name: Build and test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    name: Run release
+    uses: ./.github/workflows/subflow_release.yaml
+    with:
+      release_version: 0.0.$(git rev-list --count HEAD)-dev-${GITHUB_SHA}
+      release_suffix: "-nightly"

.github/workflows/check_main.yaml → .github/workflows/subflow_release.yaml

@@ -1,39 +1,41 @@
-name: Build and test
-
 on:
-  push:
-    branches:
-      - main
+  workflow_call:
+    inputs:
+      release_version:
+        required: true
+        type: string
+      release_suffix:
+        required: false
+        type: string
 
 jobs:
-  check-unit:
-    name: Run unit tests
-    uses: ./.github/workflows/subflow_run_unit_tests.yaml
-
-  check-e2e:
-    name: Run e2e tests
-    needs:
-      - check-unit
-    uses: ./.github/workflows/subflow_run_e2e_tests.yaml
-
-  check-compat:
-    name: Run compat tests
-    needs:
-      - check-e2e
-    uses: ./.github/workflows/subflow_run_compat_tests.yaml
-
-  release-nightly:
-    name: Release nightly image
-    needs:
-      - check-compat
+  release:
+    name: Run release
     runs-on: ubuntu-latest
+
     steps:
-      - name: Checkout sources
+      - name: checkout sources
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.11.2
+
+      - name: Build
+        shell: bash
+        run: |
+          make build
+
       - name: Docker Hub login
+        shell: bash
         run: |
           echo '${{ secrets.DOCKER_HUB_PASSWORD }}' | docker login --username ${{ secrets.DOCKER_HUB_LOGIN}} --password-stdin
 
@@ -47,17 +49,15 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Docker
+      - name: Release
         shell: bash
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          make release RELEASE_VERSION=0.0.$(git rev-list --count HEAD)-dev-${GITHUB_SHA} OPERATOR_IMAGE=ytsaurus/k8s-operator-nightly OPERATOR_CHART_NAME=ytop-chart-nightly
+          make release RELEASE_VERSION=${{ inputs.release_version }} RELEASE_SUFFIX=${{ inputs.release_suffix }}
 
   send-notifications:
     name: Send notifications
-    needs:
-      - release-nightly
     runs-on: ubuntu-latest
     if: ${{ failure() }}
     steps:
@@ -69,9 +69,8 @@ jobs:
           disable_web_page_preview: true
           format: markdown
           message: |
-            Workflow *${{github.workflow}}* failed: ${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}.
-            Commit: ${{github.event.head_commit.sha}}
-            Message:
+            Workflow *${{github.workflow}}* failed: ${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}. Commit:
             ```
             ${{github.event.head_commit.message}}
             ```
+

Makefile

@@ -32,6 +32,13 @@ OPERATOR_CHART_NAME = ytop-chart
 OPERATOR_CHART_CRDS = $(OPERATOR_CHART)/templates/crds
 OPERATOR_INSTANCE = ytsaurus-dev
 
+ifdef RELEASE_SUFFIX
+	OPERATOR_IMAGE_RELEASE=$(OPERATOR_IMAGE)$(RELEASE_SUFFIX)
+	OPERATOR_CHART_NAME_RELEASE=$(OPERATOR_CHART_NAME)$(RELEASE_SUFFIX)
+else
+	OPERATOR_IMAGE_RELEASE=$(OPERATOR_IMAGE)
+	OPERATOR_CHART_NAME_RELEASE=$(OPERATOR_CHART_NAME)
+endif
 ## K8s namespace for YTsaurus operator.
 OPERATOR_NAMESPACE = ytsaurus-operator
 
@@ -296,7 +303,7 @@ docker-push: ## Push docker image with the manager.
 .PHONY: helm-chart
 helm-chart: manifests kustomize envsubst kubectl-slice ## Generate helm chart.
 	$(KUSTOMIZE) build config/helm | name="$(OPERATOR_CHART)" $(ENVSUBST) | $(KUBECTL_SLICE) -q -o $(OPERATOR_CHART_CRDS) -t "{{.metadata.name}}.yaml" --prune
-	name="$(OPERATOR_CHART_NAME)" version="$(RELEASE_VERSION)" $(ENVSUBST) < config/helm/Chart.yaml > $(OPERATOR_CHART)/Chart.yaml
+	name="$(OPERATOR_CHART_NAME_RELEASE)" version="$(RELEASE_VERSION)" $(ENVSUBST) < config/helm/Chart.yaml > $(OPERATOR_CHART)/Chart.yaml
 
 ##@ Deployment
 
@@ -328,16 +335,18 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
-release: kustomize ## Release operator docker image and helm chart.
-	docker build ${DOCKER_BUILD_ARGS} -t $(OPERATOR_IMAGE):${RELEASE_VERSION} .
-	docker push $(OPERATOR_IMAGE):${RELEASE_VERSION}
-	docker tag $(OPERATOR_IMAGE):${RELEASE_VERSION} ghcr.io/$(OPERATOR_IMAGE):${RELEASE_VERSION}
-	docker push ghcr.io/$(OPERATOR_IMAGE):${RELEASE_VERSION}
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE):${RELEASE_VERSION}
+release: kustomize yq  ## Release operator docker image and helm chart.
+	docker build ${DOCKER_BUILD_ARGS} -t $(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} .
+	docker push $(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION}
+	docker tag $(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} ghcr.io/$(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION}
+	docker push ghcr.io/$(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION}
+
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION}
 	$(MAKE) helm-chart
+	$(YQ) -i -P '.controllerManager.manager.image.repository = "$(OPERATOR_IMAGE_RELEASE)"' ytop-chart/values.yaml
 	helm package $(OPERATOR_CHART)
-	helm push $(OPERATOR_CHART_NAME)-${RELEASE_VERSION}.tgz oci://registry-1.docker.io/ytsaurus
-	helm push $(OPERATOR_CHART_NAME)-${RELEASE_VERSION}.tgz oci://ghcr.io/ytsaurus
+	helm push $(OPERATOR_CHART_NAME_RELEASE)-${RELEASE_VERSION}.tgz oci://registry-1.docker.io/ytsaurus
+	helm push $(OPERATOR_CHART_NAME_RELEASE)-${RELEASE_VERSION}.tgz oci://ghcr.io/ytsaurus
 
 ##@ Build Dependencies
 
@@ -358,6 +367,7 @@ CRD_REF_DOCS ?= $(LOCALBIN)/crd-ref-docs-$(CRD_REF_DOCS_VERSION)
 KIND ?= $(LOCALBIN)/kind-$(KIND_VERSION)
 ENVSUBST ?= $(LOCALBIN)/envsubst-$(ENVSUBST_VERSION)
 KUBECTL_SLICE ?= $(LOCALBIN)/kubectl-slice-$(KUBECTL_SLICE_VERSION)
+YQ ?= $(LOCALBIN)/yq-$(YQ_VERSION)
 
 # Tool Versions
 KUSTOMIZE_VERSION ?= v5.3.0
@@ -372,6 +382,7 @@ KIND_VERSION ?= v0.22.0
 CERT_MANAGER_VERSION ?= v1.14.4
 ENVSUBST_VERSION ?= v1.4.2
 KUBECTL_SLICE_VERSION ?= v1.3.1
+YQ_VERSION ?= v4.44.3
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -418,6 +429,11 @@ kubectl-slice: $(KUBECTL_SLICE) ## Download kubectl-slice locally if necessary.
 $(KUBECTL_SLICE): $(LOCALBIN)
 	$(call go-install-tool,$(KUBECTL_SLICE),github.com/patrickdappollonio/kubectl-slice,$(KUBECTL_SLICE_VERSION))
 
+.PHONY: yq
+yq: $(YQ)
+$(YQ): $(LOCALBIN)
+	$(call go-install-tool,$(YQ),github.com/mikefarah/yq/v4,$(YQ_VERSION))
+
 # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
 # $1 - target path with name of binary (ideally with version)
 # $2 - package url which can be installed

ytop-chart/values.yaml

@@ -1,17 +1,17 @@
 controllerManager:
   kubeRbacProxy:
     args:
-    - --secure-listen-address=:8443
-    - --upstream=http://127.0.0.1:8080/
-    - --logtostderr=true
-    - --tls-cert-file=/etc/certs/tls/tls.crt
-    - --tls-private-key-file=/etc/certs/tls/tls.key
-    - --v=0
+      - --secure-listen-address=:8443
+      - --upstream=http://127.0.0.1:8080/
+      - --logtostderr=true
+      - --tls-cert-file=/etc/certs/tls/tls.crt
+      - --tls-private-key-file=/etc/certs/tls/tls.key
+      - --v=0
     containerSecurityContext:
       allowPrivilegeEscalation: false
       capabilities:
         drop:
-        - ALL
+          - ALL
     image:
       repository: gcr.io/kubebuilder/kube-rbac-proxy
       tag: v0.13.0
@@ -24,14 +24,14 @@ controllerManager:
         memory: 64Mi
   manager:
     args:
-    - --health-probe-bind-address=:8081
-    - --metrics-bind-address=127.0.0.1:8080
-    - --leader-elect
+      - --health-probe-bind-address=:8081
+      - --metrics-bind-address=127.0.0.1:8080
+      - --leader-elect
     containerSecurityContext:
       allowPrivilegeEscalation: false
       capabilities:
         drop:
-        - ALL
+          - ALL
     env:
       watchNamespace: ""
       ytLogLevel: DEBUG
@@ -80,14 +80,14 @@ managerConfig:
     # leaderElectionReleaseOnCancel: true
 metricsService:
   ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: https
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: https
   type: ClusterIP
 webhookService:
   ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 9443
+    - port: 443
+      protocol: TCP
+      targetPort: 9443
   type: ClusterIP