Skip to content
This repository has been archived by the owner on Jul 4, 2024. It is now read-only.

Commit

Permalink
Merge pull request #2 from ODA-CANVAS-FORK/odaa-26-ghactions
Browse files Browse the repository at this point in the history 
Odaa 26 ghactions
  • Loading branch information
@ferenc-hechler
ferenc-hechler authored Jun 10, 2024
2 parents bf9e9a1 + d27fa0a commit c840227
Show file tree
Hide file tree
Showing 15 changed files with 272 additions and 21 deletions.
28 changes: 21 additions & 7 deletions ...s/build-secretsmanagement-operator-rc.yml → ...prerelease-secretsmanagement-operator.yml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,25 @@
name: Build SecretsManagement-Operator Dockerimage
run-name: Build SecretsManagement-Operator Dockerimage
name: Build SecretsManagement-Operator Prerelease Dockerimage
run-name: Build SecretsManagement-Operator Prerelease Dockerimage
on:
push:
branches:
- feature/*
- odaa-*
paths:
- source/operators/secretsmanagementOperator-hc/docker/**/*
jobs:
build-secrets-management-operator-dockerfile-job:
build-secrets-management-operator-prerelease-dockerfile-job:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: read image of secretsmanagement-operator from values.yaml
id: get_smanop_image
uses: mikefarah/yq@master
with:
cmd: yq '.secretsmanagement-operator.image' charts/canvas-oda/values.yaml

- name: read versionnumber of secretsmanagement-operator from values.yaml
id: get_smanop_version
uses: mikefarah/yq@master
Expand All @@ -39,18 +46,25 @@ jobs:
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get Git commit timestamps
run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
run: |
echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
echo "GIT_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "CICD_BUILD_TIME=$(date -Iseconds)" >> $GITHUB_ENV
- name: Build and push
uses: docker/build-push-action@v5
with:
context: source/operators/secretsmanagementOperator-hc/docker
build-args: |
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
GIT_COMMIT_SHA=${{ env.GIT_COMMIT_SHA }}
CICD_BUILD_TIME=${{ env.CICD_BUILD_TIME }}
# arm64 has problems building cffi python wheel
#platforms: linux/amd64,linux/arm64
platforms: linux/amd64
push: true
tags: |
ocfork/secretsmanagement-operator:latest
ocfork/secretsmanagement-operator:${{ steps.get_smanop_version.outputs.result }}
${{ steps.get_smanop_image.outputs.result }}:latest
${{ steps.get_smanop_image.outputs.result }}:${{ steps.get_smanop_version.outputs.result }}
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
68 changes: 68 additions & 0 deletions .github/workflows/build-prerelease-secretsmanagement-sidecar.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: Build SecretsManagement-Sidecar Prerelease Dockerimage
run-name: Build SecretsManagement-Sidecar Prerelease Dockerimage
on:
push:
branches:
- feature/*
- odaa-*
paths:
- source/operators/secretsmanagementOperator-hc/sidecar/docker/**/*
jobs:
build-secrets-management-sidecar-prerelease-dockerfile-job:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: read image of secretsmanagement-sidecar from values.yaml
id: get_smansidecar_image
uses: mikefarah/yq@master
with:
cmd: yq '.secretsmanagement-operator.sidecarImage' charts/canvas-oda/values.yaml

- name: read versionnumber of secretsmanagement-sidecar from values.yaml
id: get_smansidecar_version
uses: mikefarah/yq@master
with:
cmd: yq '[.secretsmanagement-operator.sidecarVersion, .secretsmanagement-operator.sidecarPrereleaseSuffix] | filter(.!=null and .!="") | join("-")' charts/canvas-oda/values.yaml

- name: Check Version
id: check-tag
run: |
echo
if [[ ${{ steps.get_smansidecar_version.outputs.result }} =~ ^[0-9]+\.[0-9]+\.[0-9]+-.*$ ]]; then
echo "Version ${{ steps.get_smansidecar_version.outputs.result }} matches prerelease format <n>.<n>.<n>-<prerelease>"
else
echo "::error::Version ${{ steps.get_smansidecar_version.outputs.result }} does not matche prerelease format <n>.<n>.<n>-<prerelease>" && exit 1
fi
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get Git commit timestamps
run: |
echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
echo "GIT_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "CICD_BUILD_TIME=$(date -Iseconds)" >> $GITHUB_ENV
- name: Build and push
uses: docker/build-push-action@v5
with:
context: source/operators/secretsmanagementOperator-hc/sidecar/docker
build-args: |
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
GIT_COMMIT_SHA=${{ env.GIT_COMMIT_SHA }}
CICD_BUILD_TIME=${{ env.CICD_BUILD_TIME }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ steps.get_smansidecar_image.outputs.result }}:latest
${{ steps.get_smansidecar_image.outputs.result }}:${{ steps.get_smansidecar_version.outputs.result }}
env:
SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
69 changes: 69 additions & 0 deletions .github/workflows/build-release-secretsmanagement-operator.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Build SecretsManagement-Operator Release Dockerimage
run-name: Build SecretsManagement-Operator Release Dockerimage
on:
push:
branches:
- testmain
paths:
- source/operators/secretsmanagementOperator-hc/docker/**/*
jobs:
build-secrets-management-operator-release-dockerfile-job:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: read image of secretsmanagement-operator from values.yaml
id: get_smanop_image
uses: mikefarah/yq@master
with:
cmd: yq '.secretsmanagement-operator.image' charts/canvas-oda/values.yaml

- name: read versionnumber of secretsmanagement-operator from values.yaml
id: get_smanop_version
uses: mikefarah/yq@master
with:
cmd: yq '[.secretsmanagement-operator.version, .secretsmanagement-operator.prereleaseSuffix] | filter(.!=null and .!="") | join("-")' charts/canvas-oda/values.yaml

- name: Check Version
id: check-tag
run: |
echo
if [[ ${{ steps.get_smanop_version.outputs.result }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Version ${{ steps.get_smanop_version.outputs.result }} matches release format <n>.<n>.<n>"
else
echo "::error::Version ${{ steps.get_smanop_version.outputs.result }} does not matche release format <n>.<n>.<n>" && exit 1
fi
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get Git commit timestamps
run: |
echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
echo "GIT_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "CICD_BUILD_TIME=$(date -Iseconds)" >> $GITHUB_ENV
- name: Build and push
uses: docker/build-push-action@v5
with:
context: source/operators/secretsmanagementOperator-hc/docker
build-args: |
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
GIT_COMMIT_SHA=${{ env.GIT_COMMIT_SHA }}
CICD_BUILD_TIME=${{ env.CICD_BUILD_TIME }}
# arm64 has problems building cffi python wheel
#platforms: linux/amd64,linux/arm64
platforms: linux/amd64
push: true
tags: |
${{ steps.get_smanop_image.outputs.result }}:latest
${{ steps.get_smanop_image.outputs.result }}:${{ steps.get_smanop_version.outputs.result }}
env:
SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
67 changes: 67 additions & 0 deletions .github/workflows/build-release-secretsmanagement-sidecar.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Build SecretsManagement-Sidecar Release Dockerimage
run-name: Build SecretsManagement-Sidecar Release Dockerimage
on:
push:
branches:
- testmain
paths:
- source/operators/secretsmanagementOperator-hc/sidecar/docker/**/*
jobs:
build-secrets-management-sidecar-release-dockerfile-job:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: read image of secretsmanagement-sidecar from values.yaml
id: get_smansidecar_image
uses: mikefarah/yq@master
with:
cmd: yq '.secretsmanagement-operator.sidecarImage' charts/canvas-oda/values.yaml

- name: read versionnumber of secretsmanagement-sidecar from values.yaml
id: get_smansidecar_version
uses: mikefarah/yq@master
with:
cmd: yq '[.secretsmanagement-operator.sidecarVersion, .secretsmanagement-operator.sidecarPrereleaseSuffix] | filter(.!=null and .!="") | join("-")' charts/canvas-oda/values.yaml

- name: Check Version
id: check-tag
run: |
echo
if [[ ${{ steps.get_smansidecar_version.outputs.result }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Version ${{ steps.get_smansidecar_version.outputs.result }} matches release format <n>.<n>.<n>"
else
echo "::error::Version ${{ steps.get_smansidecar_version.outputs.result }} does not matche release format <n>.<n>.<n>" && exit 1
fi
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get Git commit timestamps
run: |
echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
echo "GIT_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "CICD_BUILD_TIME=$(date -Iseconds)" >> $GITHUB_ENV
- name: Build and push
uses: docker/build-push-action@v5
with:
context: source/operators/secretsmanagementOperator-hc/sidecar/docker
build-args: |
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
GIT_COMMIT_SHA=${{ env.GIT_COMMIT_SHA }}
CICD_BUILD_TIME=${{ env.CICD_BUILD_TIME }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ steps.get_smansidecar_image.outputs.result }}:latest
${{ steps.get_smansidecar_image.outputs.result }}:${{ steps.get_smansidecar_version.outputs.result }}
env:
SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
4 changes: 4 additions & 0 deletions TEMP/SETUP.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ helm dependency update
helm dependency build
cd ../..
helm upgrade --install canvas charts/canvas-oda -n canvas --create-namespace --set keycloak.service.type=ClusterIP
```

```
helm upgrade --install canvas charts/canvas-oda -n canvas --create-namespace --set keycloak.service.type=ClusterIP --set=controller.configmap.loglevel=20 --set=controller.deployment.imagePullPolicy=Always --set=controller.deployment.compconImage=mtr.devops.telekom.de/magenta_canvas/public:component-istio-controller-0.4.2-sman --set=secretsmanagement-operator.logLevel=20 --set=secretsmanagement-operator.image=mtr.devops.telekom.de/magenta_canvas/public:secretsmanagement-operator-0.1.0-rc --set=secretsmanagement-operator.sidecarImage=mtr.devops.telekom.de/magenta_canvas/public:secretsmanagement-sidecar-0.1.0-rc
```

Expand Down
6 changes: 5 additions & 1 deletion charts/canvas-oda/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,11 @@ secretsmanagement-operator:
prereleaseSuffix: odaa-26
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always
sidecarImage: mtr.devops.telekom.de/magenta_canvas/public:secretsmanagement-sidecar-0.1.0

sidecarImage: ocfork/secretsmanagement-sidecar
sidecarVersion: 0.1.0
sidecarPrereleaseSuffix: odaa-26

# TODO: add TLS to canvas-vault-hc
vault_addr: "http://canvas-vault-hc.canvas-vault.svc.cluster.local:8200"
# the tempaltes can be used to generate cluster specific authenticator and key-value stores, here 'sman'.
Expand Down
16 changes: 14 additions & 2 deletions charts/secretsmanagement-operator/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,19 @@
build the full docker image name from image + version + prereleaseSuffix
*/}}
{{- define "secretsmanagementoperator.dockerimage" -}}
{{- .Values.image -}}:{{- .Values.version -}}
{{- if .Values.prereleaseSuffix -}}-{{- .Values.prereleaseSuffix -}}{{- end -}}
{{- .Values.image -}}:{{- .Values.version -}}
{{- if .Values.prereleaseSuffix -}}
-{{- .Values.prereleaseSuffix -}}
{{- end -}}
{{- end -}}


{{/*
build the full sidedcar docker image name from image + version + prereleaseSuffix
*/}}
{{- define "secretsmanagementoperator.sidecarDockerimage" -}}
{{- .Values.sidecarImage -}}:{{- .Values.sidecarVersion -}}
{{- if .Values.sidecarPrereleaseSuffix -}}
-{{- .Values.sidecarPrereleaseSuffix -}}
{{- end -}}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/secretsmanagement-operator/templates/smanop-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ spec:
value: "{{ .Values.audience }}"
{{- end }}
- name: SIDECAR_IMAGE
value: "{{ .Values.sidecarImage }}"
value: "{{ include "secretsmanagementoperator.sidecarDockerimage" . }}"
{{ if .Values.hvacTokenEnc -}}
- name: HVAC_TOKEN_ENC
value: "{{ .Values.hvacTokenEnc }}"
Expand Down
5 changes: 4 additions & 1 deletion charts/secretsmanagement-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@ prereleaseSuffix: odaa-26
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always

sidecarImage: mtr.devops.telekom.de/magenta_canvas/public:secretsmanagement-sidecar-0.1.0
sidecarImage: ocfork/secretsmanagement-sidecar
sidecarVersion: 0.1.0
sidecarPrereleaseSuffix: odaa-26

# TODO: add TLS to canvas-vault-hc
vault_addr: "http://canvas-vault-hc.canvas-vault.svc.cluster.local:8200"
# the tempaltes can be used to generate cluster specific authenticator and key-value stores, here 'sman'.
Expand Down
6 changes: 4 additions & 2 deletions source/operators/secretsmanagementOperator-hc/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,11 @@ RUN pip install -r requirements.txt && \

ADD *.py /src/

ARG CICD_BUILD_TIME
ENV CICD_BUILD_TIME $CICD_BUILD_TIME
ARG SOURCE_DATE_EPOCH
ENV SOURCE_DATE_EPOCH $SOURCE_DATE_EPOCH
ARG GIT_COMMIT_SHA
ENV GIT_COMMIT_SHA $GIT_COMMIT_SHA
ARG CICD_BUILD_TIME
ENV CICD_BUILD_TIME $CICD_BUILD_TIME

CMD kopf run --all-namespaces --verbose /src/secretsmanagementOperatorHC.py
9 changes: 6 additions & 3 deletions source/operators/secretsmanagementOperator-hc/docker/secretsmanagementOperatorHC.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,15 @@
logger.info(f"Logging set to %s", logging_level)
logger.debug(f"debug logging active")

CICD_BUILD_TIME = os.getenv("CICD_BUILD_TIME")
SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH")
GIT_COMMIT_SHA = os.getenv("GIT_COMMIT_SHA")
if CICD_BUILD_TIME:
logger.info(f"CICD_BUILD_TIME=%s", CICD_BUILD_TIME)
CICD_BUILD_TIME = os.getenv("CICD_BUILD_TIME")
if SOURCE_DATE_EPOCH:
logger.info(f"SOURCE_DATE_EPOCH=%s", SOURCE_DATE_EPOCH)
if GIT_COMMIT_SHA:
logger.info(f"GIT_COMMIT_SHA=%s", GIT_COMMIT_SHA)
if CICD_BUILD_TIME:
logger.info(f"CICD_BUILD_TIME=%s", CICD_BUILD_TIME)

# vault_addr = os.getenv('VAULT_ADDR', 'https://canvas-vault-hc.ihc-dt.cluster-3.de')
# vault_addr = os.getenv('VAULT_ADDR', 'https://canvas-vault-hc.k8s.cluster-1.de')
Expand Down
3 changes: 2 additions & 1 deletion source/operators/secretsmanagementOperator-hc/docker/trigger-build.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
Change this file to trigger a docker build of secretsmanagements-operator.
SMANOP
change to trigger build!
6 changes: 4 additions & 2 deletions source/operators/secretsmanagementOperator-hc/sidecar/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/src/component-vault-service ./
EXPOSE 5000/tcp

ARG CICD_BUILD_TIME
ENV CICD_BUILD_TIME $CICD_BUILD_TIME
ARG SOURCE_DATE_EPOCH
ENV SOURCE_DATE_EPOCH $SOURCE_DATE_EPOCH
ARG GIT_COMMIT_SHA
ENV GIT_COMMIT_SHA $GIT_COMMIT_SHA
ARG CICD_BUILD_TIME
ENV CICD_BUILD_TIME $CICD_BUILD_TIME

ENTRYPOINT ["./component-vault-service"]
3 changes: 2 additions & 1 deletion source/operators/secretsmanagementOperator-hc/sidecar/docker/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ import (
)

func main() {
fmt.Println("CICD_BUILD_TIME: ", getEnvVar("CICD_BUILD_TIME", "?"))
fmt.Println("SOURCE_DATE_EPOCH: ", getEnvVar("SOURCE_DATE_EPOCH", "?"))
fmt.Println("GIT_COMMIT_SHA: ", getEnvVar("GIT_COMMIT_SHA", "?"))
fmt.Println("CICD_BUILD_TIME: ", getEnvVar("CICD_BUILD_TIME", "?"))

init_vault()

Expand Down
1 change: 1 addition & 0 deletions source/operators/secretsmanagementOperator-hc/sidecar/docker/trigger-build.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Change this file to trigger a docker build of secretsmanagements-operator!!

0 comments on commit c840227

Please sign in to comment.