Skip to content

Commit

Permalink
draft
Browse files Browse the repository at this point in the history
  • Loading branch information
liangyuanpeng committed May 25, 2023
1 parent 8075c09 commit d4007c5
Show file tree
Hide file tree
Showing 8 changed files with 193 additions and 3 deletions.
67 changes: 67 additions & 0 deletions .github/workflows/nightly.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Nightly Release

on:
workflow_dispatch: # Manual trigger
schedule:
- cron: '0 5 * * *' # 5 AM UTC = Midnight EST
pull_request:

jobs:
nightly:
if: ${{ github.repository == 'liangyuanpeng/shipwright-triggers' }}
runs-on: ubuntu-latest
permissions:
id-token: write # To be able to get OIDC ID token to sign images.
contents: write # To be able to update releases.
packages: write # To be able to push images and signatures.

env:
IMAGE_HOST: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository }}

steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: '1.19.x'
check-latest: true

# Install tools
- uses: ko-build/[email protected]
with:
version: v0.13.0
- uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4
- uses: sigstore/cosign-installer@v3

- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d-%s')" >> $GITHUB_OUTPUT

- name: Generate and upload release YAMLs
env:
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
REGISTRY_USERNAME: ${{ github.repository_owner }}
TAG: "nightly-${{ steps.date.outputs.date }}"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
make release
mv release.yaml nightly-${{ steps.date.outputs.date }}.yaml
mv release-debug.yaml nightly-${{ steps.date.outputs.date }}-debug.yaml
# gh release upload nightly nightly-${{ steps.date.outputs.date }}.yaml
# gh release upload nightly nightly-${{ steps.date.outputs.date }}-debug.yaml

- name: Update latest tag of supporting images
run: |
crane copy "${IMAGE_HOST}/${IMAGE_NAMESPACE}/triggers:nightly-${{ steps.date.outputs.date }}" "${IMAGE_HOST}/${IMAGE_NAMESPACE}/triggers:latest"
- name: Sign released images
run: |
for f in \
nightly-${{ steps.date.outputs.date }}.yaml \
nightly-${{ steps.date.outputs.date }}-debug.yaml; do
grep -o "ghcr.io[^\"]*" $f | xargs cosign sign --yes \
-a sha=${{ github.sha }} \
-a run_id=${{ github.run_id }} \
-a run_attempt=${{ github.run_attempt }}
done
8 changes: 6 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,9 @@ $(CONTROLLER_GEN):
.PHONY: manifests
manifests: controller-gen
$(CONTROLLER_GEN) \
rbac:roleName=shipwright-trigger crd paths="./..." \
output:dir=$(MANIFEST_DIR)
rbac:roleName=shipwright-triggers webhook paths="./..." \
output:dir=deploy/
mv deploy/role.yaml deploy/200-role.yaml

# runs the manager from your host
.PHONY: run
Expand All @@ -99,6 +100,9 @@ deploy:
$(CHART_DIR) | \
ko apply $(KO_OPTS) $(ARGS) --filename -

release: manifests
hack/release.sh

# runs the unit tests, with optional arguments
.PHONY: test-unit
test-unit: CGO_ENABLED=1
Expand Down
5 changes: 5 additions & 0 deletions deploy/100-namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: shipwright-build
2 changes: 1 addition & 1 deletion chart/generated/role.yaml → deploy/200-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: shipwright-trigger
name: shipwright-triggers
rules:
- apiGroups:
- shipwright.io
Expand Down
28 changes: 28 additions & 0 deletions deploy/300-rolebinding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: shipwright-triggers
subjects:
- kind: ServiceAccount
name: shipwright-triggers
namespace: shipwright-build
roleRef:
kind: ClusterRole
name: shipwright-triggers
apiGroup: rbac.authorization.k8s.io

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: shipwright-triggers
namespace: shipwright-build
subjects:
- kind: ServiceAccount
name: shipwright-triggers
namespace: shipwright-build
roleRef:
kind: Role
name: shipwright-triggers
apiGroup: rbac.authorization.k8s.io
6 changes: 6 additions & 0 deletions deploy/400-serviceaccount.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: shipwright-triggers
namespace: shipwright-build
52 changes: 52 additions & 0 deletions deploy/500-controller.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: shipwright-triggers
namespace: shipwright-build
spec:
replicas: 1
selector:
matchLabels:
name: shipwright-triggers
template:
metadata:
labels:
name: shipwright-triggers
spec:
serviceAccountName: shipwright-triggers
containers:
- name: shipwright-trigger
image: ko://github.com/shipwright-io/triggers
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: BUILD_CONTROLLER_LEADER_ELECTION_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTROLLER_NAME
value: "shipwright-build"
- name: GIT_ENABLE_REWRITE_RULE
value: "false"
ports:
- containerPort: 8080
name: metrics-port
livenessProbe:
httpGet:
path: /metrics
port: metrics-port
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /metrics
port: metrics-port
initialDelaySeconds: 5
periodSeconds: 10
28 changes: 28 additions & 0 deletions hack/release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash

# Copyright The Shipwright Contributors
#
# SPDX-License-Identifier: Apache-2.0

set -euo pipefail

GO_FLAGS=${GO_FLAGS:-""}

echo "Logging into container registry $IMAGE_HOST"
echo "$REGISTRY_PASSWORD" | ko login -u "$REGISTRY_USERNAME" --password-stdin "$IMAGE_HOST"

echo "Building container image"

echo "Adding io.shipwright.vcs-ref label with value: ${GITHUB_SHA}"

KO_DOCKER_REPO="${IMAGE_HOST}/${IMAGE_NAMESPACE}" GOFLAGS="${GO_FLAGS}" ko resolve \
--base-import-paths \
--tags "${TAG}" \
--image-label "io.shipwright.vcs-ref=${GITHUB_SHA}" \
--platform=all -R -f deploy/ > release.yaml

KO_DOCKER_REPO="${IMAGE_HOST}/${IMAGE_NAMESPACE}" GOFLAGS="${GO_FLAGS} -tags=pprof_enabled" ko resolve \
--base-import-paths \
--tags "${TAG}-debug" \
--image-label "io.shipwright.vcs-ref=${GITHUB_SHA}" \
--platform=all -R -f deploy/ > release-debug.yaml

0 comments on commit d4007c5

Please sign in to comment.