diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 00000000..8337548a --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,5 @@ +--- +self-hosted-runner: + # Ubicloud machines we are using + labels: + - ubicloud-standard-8-arm diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 203c2083..2b44c8c4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,18 +88,18 @@ jobs: TRIGGER: ${{ github.event_name }} GITHUB_REF: ${{ github.ref }} run: | - if [[ $TRIGGER == "pull_request" ]]; then + if [[ "$TRIGGER" == "pull_request" ]]; then echo "exporting test as target helm repo: ${{ env.TEST_REPO_HELM_URL }}" - echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ ( $TRIGGER == "push" || $TRIGGER == "schedule" || $TRIGGER == "workflow_dispatch" ) && $GITHUB_REF == "refs/heads/main" ]]; then + echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" + elif [[ ( "$TRIGGER" == "push" || "$TRIGGER" == "schedule" || "$TRIGGER" == "workflow_dispatch" ) && "$GITHUB_REF" == "refs/heads/main" ]]; then echo "exporting dev as target helm repo: ${{ env.DEV_REPO_HELM_URL }}" - echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ $TRIGGER == "push" && $GITHUB_REF == refs/tags/* ]]; then + echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" + elif [[ "$TRIGGER" == "push" && $GITHUB_REF == refs/tags/* ]]; then echo "exporting stable as target helm repo: ${{ env.STABLE_REPO_HELM_URL }}" - echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> $GITHUB_OUTPUT + echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" else echo "Unknown trigger and ref combination encountered, skipping publish step: $TRIGGER $GITHUB_REF" - echo "helm_repo=skip" >> $GITHUB_OUTPUT + echo "helm_repo=skip" >> "$GITHUB_OUTPUT" fi run_cargodeny: @@ -379,7 +379,7 @@ jobs: - id: printtag name: Output image name and tag if: ${{ !github.event.pull_request.head.repo.fork }} - run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT + run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" create_manifest_list: name: Build and publish manifest list @@ -437,4 +437,4 @@ jobs: ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" ./preflight-linux-amd64 check container "$IMAGE_TAG" --platform "${ARCH_FOR_PREFLIGHT}" > preflight.out - name: "Passed?" - run: '[ "$(cat preflight.out | jq -r .passed)" == true ]' + run: '[ "$(jq -r .passed < preflight.out)" == true ]' diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml index c7df5b40..5050dc05 100644 --- a/.github/workflows/pr_pre-commit.yaml +++ b/.github/workflows/pr_pre-commit.yaml @@ -16,6 +16,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 + submodules: recursive - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' @@ -39,6 +40,7 @@ jobs: chmod 700 "${LOCATION_BIN}" echo "$LOCATION_DIR" >> "$GITHUB_PATH" + - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 with: extra_args: "--from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4b1c512f..f30ef3ab 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -66,13 +66,13 @@ repos: - id: regenerate-charts name: regenerate-charts language: system - entry: make regenerate-charts + entry: nix-shell --run 'make regenerate-charts' stages: [commit, merge-commit, manual] pass_filenames: false - id: cargo-test name: cargo-test language: system - entry: cargo test + entry: nix-shell --run 'cargo test' stages: [commit, merge-commit, manual] pass_filenames: false diff --git a/docker/Dockerfile b/docker/Dockerfile index e165376b..7bc7b4d5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,40 +1,109 @@ +# syntax=docker/dockerfile:1.10.0@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5 +# NOTE: The syntax directive needs to be the first line in a Dockerfile + # ============= # This file is automatically generated from the templates in stackabletech/operator-templating # DON'T MANUALLY EDIT THIS FILE # ============= -FROM oci.stackable.tech/sdp/ubi9-rust-builder AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal AS operator +# https://docs.docker.com/build/checks/#fail-build-on-check-violations +# check=error=true + +# We want to automatically use the latest. We also don't tag our images with a version. +# hadolint ignore=DL3007 +FROM oci.stackable.tech/sdp/ubi9-rust-builder:latest AS builder + + +# We want to automatically use the latest. +# hadolint ignore=DL3007 +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS operator ARG VERSION ARG RELEASE="1" -LABEL name="Stackable Operator for Apache Spark-on-Kubernetes" \ - maintainer="info@stackable.tech" \ - vendor="Stackable GmbH" \ - version="${VERSION}" \ - release="${RELEASE}" \ - summary="Deploy and manage Apache Spark-on-Kubernetes clusters." \ - description="Deploy and manage Apache Spark-on-Kubernetes clusters." +# These are chosen at random and are this high on purpose to have very little chance to clash with an existing user or group on the host system +ARG STACKABLE_USER_GID="574654813" +ARG STACKABLE_USER_UID="782252253" + +# These labels have mostly been superceded by the OpenContainer spec annotations below but it doesn't hurt to include them +# http://label-schema.org/rc1/ +LABEL name="Stackable Operator for Apache Spark-on-Kubernetes" +LABEL maintainer="info@stackable.tech" +LABEL vendor="Stackable GmbH" +LABEL version="${VERSION}" +LABEL release="${RELEASE}" +LABEL summary="Deploy and manage Apache Spark-on-Kubernetes clusters." +LABEL description="Deploy and manage Apache Spark-on-Kubernetes clusters." + +# Overwriting/Pinning UBI labels +# https://github.com/projectatomic/ContainerApplicationGenericLabels +LABEL vcs-ref="" +LABEL distribution-scope="public" +LABEL url="https://stackable.tech" +ARG TARGETARCH +LABEL architecture="${TARGETARCH}" +LABEL com.redhat.component="" +# It complains about it being an invalid label but RedHat uses it and we want to override it and it works.... +# hadolint ignore=DL3048 +LABEL com.redhat.license_terms="" +LABEL io.buildah.version="" +LABEL io.openshift.expose-services="" +# https://github.com/opencontainers/image-spec/blob/036563a4a268d7c08b51a08f05a02a0fe74c7268/annotations.md#annotations +LABEL org.opencontainers.image.authors="info@stackable.tech" +LABEL org.opencontainers.image.url="https://stackable.tech" +LABEL org.opencontainers.image.vendor="Stackable GmbH" +LABEL org.opencontainers.image.licenses="OSL-3.0" +LABEL org.opencontainers.image.documentation="https://docs.stackable.tech/home/stable/spark-k8s/" +LABEL org.opencontainers.image.version="${VERSION}" +LABEL org.opencontainers.image.revision="${RELEASE}" +LABEL org.opencontainers.image.title="Stackable Operator for Apache Spark-on-Kubernetes" +LABEL org.opencontainers.image.description="Deploy and manage Apache Spark-on-Kubernetes clusters." + +# https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata +# https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md +LABEL io.openshift.tags="ubi9,stackable,sdp,spark-k8s" +LABEL io.k8s.description="Deploy and manage Apache Spark-on-Kubernetes clusters." +LABEL io.k8s.display-name="Stackable Operator for Apache Spark-on-Kubernetes" + +RUN <