diff --git a/.github/workflows/main_test.yaml b/.github/workflows/main_test.yaml new file mode 100644 index 00000000..2d099b15 --- /dev/null +++ b/.github/workflows/main_test.yaml @@ -0,0 +1,23 @@ +name: Build and test + +on: + push: + branches: + - main + +jobs: + check-unit: + name: Run unit tests + uses: ./.github/workflows/subflow_run_unit_tests.yaml + + check-e2e: + name: Run e2e tests + needs: + - check-unit + uses: ./.github/workflows/subflow_run_e2e_tests.yaml + + check-compat: + name: Run compat tests + needs: + - check-e2e + uses: ./.github/workflows/subflow_run_compat_tests.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bc74eaeb..e67f4738 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,76 +9,6 @@ on: jobs: release: name: Run release - runs-on: ubuntu-latest - - steps: - - name: checkout sources - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - - - name: Set up Helm - uses: azure/setup-helm@v1 - with: - version: v3.11.2 - - - name: Build - shell: bash - run: | - make build - - - name: Run tests - shell: bash - run: | - make test - - - name: Docker Hub login - shell: bash - run: | - echo '${{ secrets.DOCKER_HUB_PASSWORD }}' | docker login --username ${{ secrets.DOCKER_HUB_LOGIN}} --password-stdin - - # Uses the `docker/login-action` action to log in to the Container registry - # using the account and password that will publish the packages. - # Once published, the packages are scoped to the account defined here. - - name: Guthub Packages Login - uses: docker/login-action@v3.1.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Parse tag - id: tag - run: | - echo "RELEASE_VERSION=$(echo ${GITHUB_REF#refs/*/release/})" >> $GITHUB_OUTPUT - - - name: Release - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - make release RELEASE_VERSION=${{ steps.tag.outputs.RELEASE_VERSION }} - - send-notifications: - name: Send notifications - runs-on: ubuntu-latest - if: ${{ failure() }} - steps: - - name: Send telegram message - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHAT_ID }} - token: ${{ secrets.TELEGRAM_TOKEN }} - disable_web_page_preview: true - format: markdown - message: | - Workflow *${{github.workflow}}* failed: ${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}. Commit: - ``` - ${{github.event.head_commit.message}} - ``` - + uses: ./.github/workflows/subflow_release.yaml + with: + release_version: ${GITHUB_REF#refs/*/release/} diff --git a/.github/workflows/release_nightly.yaml b/.github/workflows/release_nightly.yaml new file mode 100644 index 00000000..d00bd50e --- /dev/null +++ b/.github/workflows/release_nightly.yaml @@ -0,0 +1,15 @@ +name: Build and test + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + release: + name: Run release + uses: ./.github/workflows/subflow_release.yaml + with: + release_version: 0.0.$(git rev-list --count HEAD)-dev-${GITHUB_SHA} + release_suffix: "-nightly" diff --git a/.github/workflows/check_main.yaml b/.github/workflows/subflow_release.yaml similarity index 63% rename from .github/workflows/check_main.yaml rename to .github/workflows/subflow_release.yaml index 6e3626d2..888df197 100644 --- a/.github/workflows/check_main.yaml +++ b/.github/workflows/subflow_release.yaml @@ -1,39 +1,41 @@ -name: Build and test - on: - push: - branches: - - main + workflow_call: + inputs: + release_version: + required: true + type: string + release_suffix: + required: false + type: string jobs: - check-unit: - name: Run unit tests - uses: ./.github/workflows/subflow_run_unit_tests.yaml - - check-e2e: - name: Run e2e tests - needs: - - check-unit - uses: ./.github/workflows/subflow_run_e2e_tests.yaml - - check-compat: - name: Run compat tests - needs: - - check-e2e - uses: ./.github/workflows/subflow_run_compat_tests.yaml - - release-nightly: - name: Release nightly image - needs: - - check-compat + release: + name: Run release runs-on: ubuntu-latest + steps: - - name: Checkout sources + - name: checkout sources uses: actions/checkout@v3 with: fetch-depth: 0 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + + - name: Set up Helm + uses: azure/setup-helm@v1 + with: + version: v3.11.2 + + - name: Build + shell: bash + run: | + make build + - name: Docker Hub login + shell: bash run: | echo '${{ secrets.DOCKER_HUB_PASSWORD }}' | docker login --username ${{ secrets.DOCKER_HUB_LOGIN}} --password-stdin @@ -47,17 +49,15 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker + - name: Release shell: bash env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - make release RELEASE_VERSION=0.0.$(git rev-list --count HEAD)-dev-${GITHUB_SHA} OPERATOR_IMAGE=ytsaurus/k8s-operator-nightly OPERATOR_CHART_NAME=ytop-chart-nightly + make release RELEASE_VERSION=${{ inputs.release_version }} RELEASE_SUFFIX=${{ inputs.release_suffix }} send-notifications: name: Send notifications - needs: - - release-nightly runs-on: ubuntu-latest if: ${{ failure() }} steps: @@ -69,9 +69,8 @@ jobs: disable_web_page_preview: true format: markdown message: | - Workflow *${{github.workflow}}* failed: ${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}. - Commit: ${{github.event.head_commit.sha}} - Message: + Workflow *${{github.workflow}}* failed: ${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}. Commit: ``` ${{github.event.head_commit.message}} ``` + diff --git a/Makefile b/Makefile index eb33ecb0..173533a1 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,13 @@ OPERATOR_CHART_NAME = ytop-chart OPERATOR_CHART_CRDS = $(OPERATOR_CHART)/templates/crds OPERATOR_INSTANCE = ytsaurus-dev +ifdef RELEASE_SUFFIX + OPERATOR_IMAGE_RELEASE=$(OPERATOR_IMAGE)$(RELEASE_SUFFIX) + OPERATOR_CHART_NAME_RELEASE=$(OPERATOR_CHART_NAME)$(RELEASE_SUFFIX) +else + OPERATOR_IMAGE_RELEASE=$(OPERATOR_IMAGE) + OPERATOR_CHART_NAME_RELEASE=$(OPERATOR_CHART_NAME) +endif ## K8s namespace for YTsaurus operator. OPERATOR_NAMESPACE = ytsaurus-operator @@ -296,7 +303,7 @@ docker-push: ## Push docker image with the manager. .PHONY: helm-chart helm-chart: manifests kustomize envsubst kubectl-slice ## Generate helm chart. $(KUSTOMIZE) build config/helm | name="$(OPERATOR_CHART)" $(ENVSUBST) | $(KUBECTL_SLICE) -q -o $(OPERATOR_CHART_CRDS) -t "{{.metadata.name}}.yaml" --prune - name="$(OPERATOR_CHART_NAME)" version="$(RELEASE_VERSION)" $(ENVSUBST) < config/helm/Chart.yaml > $(OPERATOR_CHART)/Chart.yaml + name="$(OPERATOR_CHART_NAME_RELEASE)" version="$(RELEASE_VERSION)" $(ENVSUBST) < config/helm/Chart.yaml > $(OPERATOR_CHART)/Chart.yaml ##@ Deployment @@ -328,16 +335,18 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - -release: kustomize ## Release operator docker image and helm chart. - docker build ${DOCKER_BUILD_ARGS} -t $(OPERATOR_IMAGE):${RELEASE_VERSION} . - docker push $(OPERATOR_IMAGE):${RELEASE_VERSION} - docker tag $(OPERATOR_IMAGE):${RELEASE_VERSION} ghcr.io/$(OPERATOR_IMAGE):${RELEASE_VERSION} - docker push ghcr.io/$(OPERATOR_IMAGE):${RELEASE_VERSION} - cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE):${RELEASE_VERSION} +release: kustomize yq ## Release operator docker image and helm chart. + docker build ${DOCKER_BUILD_ARGS} -t $(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} . + docker push $(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} + docker tag $(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} ghcr.io/$(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} + docker push ghcr.io/$(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} + + cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE_RELEASE):${RELEASE_VERSION} $(MAKE) helm-chart + $(YQ) -i -P '.controllerManager.manager.image.repository = "$(OPERATOR_IMAGE_RELEASE)"' ytop-chart/values.yaml helm package $(OPERATOR_CHART) - helm push $(OPERATOR_CHART_NAME)-${RELEASE_VERSION}.tgz oci://registry-1.docker.io/ytsaurus - helm push $(OPERATOR_CHART_NAME)-${RELEASE_VERSION}.tgz oci://ghcr.io/ytsaurus + helm push $(OPERATOR_CHART_NAME_RELEASE)-${RELEASE_VERSION}.tgz oci://registry-1.docker.io/ytsaurus + helm push $(OPERATOR_CHART_NAME_RELEASE)-${RELEASE_VERSION}.tgz oci://ghcr.io/ytsaurus ##@ Build Dependencies @@ -358,6 +367,7 @@ CRD_REF_DOCS ?= $(LOCALBIN)/crd-ref-docs-$(CRD_REF_DOCS_VERSION) KIND ?= $(LOCALBIN)/kind-$(KIND_VERSION) ENVSUBST ?= $(LOCALBIN)/envsubst-$(ENVSUBST_VERSION) KUBECTL_SLICE ?= $(LOCALBIN)/kubectl-slice-$(KUBECTL_SLICE_VERSION) +YQ ?= $(LOCALBIN)/yq-$(YQ_VERSION) # Tool Versions KUSTOMIZE_VERSION ?= v5.3.0 @@ -372,6 +382,7 @@ KIND_VERSION ?= v0.22.0 CERT_MANAGER_VERSION ?= v1.14.4 ENVSUBST_VERSION ?= v1.4.2 KUBECTL_SLICE_VERSION ?= v1.3.1 +YQ_VERSION ?= v4.44.3 .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. @@ -418,6 +429,11 @@ kubectl-slice: $(KUBECTL_SLICE) ## Download kubectl-slice locally if necessary. $(KUBECTL_SLICE): $(LOCALBIN) $(call go-install-tool,$(KUBECTL_SLICE),github.com/patrickdappollonio/kubectl-slice,$(KUBECTL_SLICE_VERSION)) +.PHONY: yq +yq: $(YQ) +$(YQ): $(LOCALBIN) + $(call go-install-tool,$(YQ),github.com/mikefarah/yq/v4,$(YQ_VERSION)) + # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist # $1 - target path with name of binary (ideally with version) # $2 - package url which can be installed diff --git a/ytop-chart/values.yaml b/ytop-chart/values.yaml index 59dac2ee..fa46be89 100644 --- a/ytop-chart/values.yaml +++ b/ytop-chart/values.yaml @@ -1,17 +1,17 @@ controllerManager: kubeRbacProxy: args: - - --secure-listen-address=:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --tls-cert-file=/etc/certs/tls/tls.crt - - --tls-private-key-file=/etc/certs/tls/tls.key - - --v=0 + - --secure-listen-address=:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --tls-cert-file=/etc/certs/tls/tls.crt + - --tls-private-key-file=/etc/certs/tls/tls.key + - --v=0 containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL image: repository: gcr.io/kubebuilder/kube-rbac-proxy tag: v0.13.0 @@ -24,14 +24,14 @@ controllerManager: memory: 64Mi manager: args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: watchNamespace: "" ytLogLevel: DEBUG @@ -80,14 +80,14 @@ managerConfig: # leaderElectionReleaseOnCancel: true metricsService: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https type: ClusterIP webhookService: ports: - - port: 443 - protocol: TCP - targetPort: 9443 + - port: 443 + protocol: TCP + targetPort: 9443 type: ClusterIP