Skip to content

Commit

Permalink
Merge branch 'main' into feat/base-cluster/tetragon
Browse files Browse the repository at this point in the history
  • Loading branch information
marvinWolff authored Aug 22, 2024
2 parents 04aed55 + 6574454 commit 6487ac4
Show file tree
Hide file tree
Showing 84 changed files with 2,094 additions and 689 deletions.
2 changes: 1 addition & 1 deletion .github/release-please/manifest.json
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"charts/base-cluster":"6.5.1","charts/teuto-portal-k8s-worker":"3.1.1","charts/t8s-cluster":"8.1.0","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0","charts/common":"1.2.0","charts/ckan":"1.1.4"}
{"charts/base-cluster":"6.6.3","charts/teuto-portal-k8s-worker":"3.1.1","charts/t8s-cluster":"8.3.2","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0","charts/common":"1.2.1","charts/ckan":"1.1.7"}
24 changes: 7 additions & 17 deletions .github/scripts/create-values-diff.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ if [[ -v 3 ]]; then
dryRun=true
;;
*)
echo "Option '$3' not supported" >/dev/stderr
echo "Option '$3' not supported" >&2
exit 1
;;
esac
Expand All @@ -23,7 +23,7 @@ else
fi

if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
echo "Skipping library chart '$chart'" >/dev/stderr
echo "Skipping library chart '$chart'" >&2
exit 0
fi

Expand Down Expand Up @@ -89,6 +89,7 @@ function generateComment() {
sleep 2
done

echo "<!--helm-diff-->"
echo :robot: I have diffed this *beep* *boop*
echo ---
# shellcheck disable=SC2016
Expand All @@ -112,20 +113,15 @@ function createComment() {
local issue="$1"
local body="$2"

jq -cn --rawfile body <(echo "$body") '{body: $body}' |
curl --silent --fail-with-body \
-X POST \
-H 'Accept: application/vnd.github+json' \
-H "Authorization: token ${GITHUB_TOKEN}" \
"${GITHUB_API_REPO_URL}/issues/${issue}/comments" \
-d @-
gh pr comment "${issue}" -b "$body"
}

function updateComment() {
local issue="$1"
local commentId="$2"
local body="$3"

# needs to use the "manual" way, as `gh` doesn't support updating a specifc comment; https://github.com/cli/cli/issues/3613
jq -cn --rawfile body <(echo "$body") '{body: $body}' |
curl --silent --fail-with-body \
-X PATCH \
Expand All @@ -138,14 +134,8 @@ function updateComment() {
body=$(generateComment "$chart")

if [[ "$dryRun" == false ]]; then
existingCommentId="$(
curl --silent --fail-with-body \
-H 'Accept: application/vnd.github+json' \
-H "Authorization: token ${GITHUB_TOKEN}" \
"${GITHUB_API_REPO_URL}/issues/${issue}/comments" |
jq -r 'map(select(.body | contains(":robot: I have diffed this *beep* *boop*")))[0].id'
)"
if [[ "$existingCommentId" != null ]]; then
# cannot use `gh pr/issue view --json comments` as the returned id is incorrect
if existingCommentId="$(gh api "repos/${GITHUB_REPOSITORY}/issues/${issue}/comments" | jq -er 'map(select(.body | contains("<!--helm-diff-->")))[0].id')"; then
updateComment "$issue" "$existingCommentId" "$body"
else
createComment "$issue" "$body"
Expand Down
10 changes: 5 additions & 5 deletions .github/scripts/enforce-trusted-registries.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ function getUntrustedImages() {
local chart="${1?}"
local trustedImagesRegex

trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq <.github/trusted_registries.yaml)"
trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq .github/trusted_registries.yaml)"

yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" |
yq -r '.[] | .image' |
Expand All @@ -22,18 +22,18 @@ function enforceTrustedImages() {
local chart="${1?}"
local untrustedImages=()
if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
echo "Skipping library chart '$chart'" >/dev/stderr
echo "Skipping library chart '$chart'" >&2
return 0
fi

mapfile -t untrustedImages < <(getUntrustedImages "$chart")
if [[ "${#untrustedImages[@]}" -gt 0 ]]; then
echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >/dev/stderr
echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >&2
for untrustedImage in "${untrustedImages[@]}"; do
echo " > $untrustedImage, found in the following resources:" >/dev/stderr
echo " > $untrustedImage, found in the following resources:" >&2
# shellcheck disable=SC2016
yq --arg image "$untrustedImage" -r '.annotations["artifacthub.io/images"] | split("\n")[] | select(contains($image))' "$chart/Chart.yaml" |
awk '{print " - " $NF}' >/dev/stderr
awk '{print " - " $NF}' >&2
done
return 1
fi
Expand Down
14 changes: 7 additions & 7 deletions .github/scripts/extract-artifacthub-images.sh
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ function getImages() {
rm -f -- */HelmRelease/*.yaml
grep -Er '\s+image: \S+$' |
grep -v 'artifacthub-ignore' |
awk '{print $3 " # " $1}' |
awk '{print ($2 == "-" ? $4 : $3) " # " $1}' |
tr -d '"' |
sed 's#:$##' |
sort -k1 -k2 |
Expand All @@ -45,7 +45,7 @@ function updateChartYaml() {
(
echo "artifacthub.io/images: |"
getImages "$chart" "$existingDir" | awk '{print " " $0}'
) | tee "$tmpDir/images.yaml" >/dev/stderr
) | tee "$tmpDir/images.yaml" >&2

if yq -e .annotations "$chart/Chart.yaml" >/dev/null; then
yq -y '.annotations | del(.["artifacthub.io/images"])' "$chart/Chart.yaml" >"$tmpDir/annotations.yaml"
Expand All @@ -66,19 +66,19 @@ function updateChartYaml() {

if [[ "$#" -ge 1 ]]; then
if ! [[ -d "$1" ]]; then
echo "Invalid chart directory '$1', exiting" >/dev/stderr
echo "Invalid chart directory '$1', exiting" >&2
exit 1
fi
if yq -e '.type == "library"' "$1/Chart.yaml" >/dev/null; then
echo "Skipping library chart '$1'" >/dev/stderr
echo "Skipping library chart '$1'" >&2
exit 0
fi
if ! [[ -f "$1/ci/artifacthub-values.yaml" ]]; then
echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >/dev/stderr
echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >&2
exit 1
fi
if [[ -v 2 ]] && ! [[ -d "$2/artifacthub-values" ]]; then
echo "Missing artifacthub-values directory '$2', exiting" >/dev/stderr
echo "Missing artifacthub-values directory '$2', exiting" >&2
exit 1
fi
updateChartYaml "$1" "${2:-}"
Expand All @@ -88,7 +88,7 @@ else
[[ -f "$chart/ci/artifacthub-values.yaml" ]] || continue

if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
echo "Skipping library chart '$chart'" >/dev/stderr
echo "Skipping library chart '$chart'" >&2
exit 0
fi
updateChartYaml "$chart"
Expand Down
4 changes: 2 additions & 2 deletions .github/scripts/prepare-values.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@ function prepare-values() {
values="$chart/values.yaml"
mergeYaml "$values" "$commonValues" | sponge "$values"
if [[ "$RUNNER_DEBUG" == 1 ]]; then
cat "$values" >/dev/stderr
cat "$values" >&2
fi
fi
for valuesScript in "$chart/ci/"*-gen-values.sh; do
[[ -f "$valuesScript" ]] || continue
values="${valuesScript/.sh/.yaml}"
"$valuesScript" | yq -y | sponge "$values"
if [[ "$RUNNER_DEBUG" == 1 ]]; then
cat "$values" >/dev/stderr
cat "$values" >&2
fi
done
}
Expand Down
2 changes: 1 addition & 1 deletion .github/scripts/splitYamlIntoDir
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ function splitYamlIntoDir() {

resourceName="$dir/$namespace/$kind/$name.yaml"
if [[ -f "$resourceName" ]]; then
echo "'$resourceName' shouldn't already exist" >/dev/stderr
echo "'$resourceName' shouldn't already exist" >&2
return 1
fi
mkdir -p "$(dirname "$resourceName")"
Expand Down
16 changes: 8 additions & 8 deletions .github/scripts/templateHelmChart.sh
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,15 @@ function templateHelmRelease() {
namespace=$(yq <<<"$helmReleaseYaml" -er '.spec.targetNamespace // .metadata.namespace')
releaseName=$(yq <<<"$helmReleaseYaml" -er '.spec.releaseName // .metadata.name')
values=$(yq <<<"$helmReleaseYaml" -y -r .spec.values)
echo "Templating '$namespace/$releaseName'" >/dev/stderr
echo "Templating '$namespace/$releaseName'" >&2

sourceNamespace=$(yq <<<"$helmReleaseYaml" -er ".spec.chart.spec.sourceRef.namespace // \"$namespace\"")
sourceName=$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.sourceRef.name)
sourceKind=$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.sourceRef.kind)
sourceYaml=$(yq <<<"$yaml" -rys '[.[] | select(.kind == "'"$sourceKind"'")][]')
sourceResource=$(yq <<<"$sourceYaml" -rys "[.[] | select( (.metadata.namespace == \"$sourceNamespace\") and (.metadata.name == \"$sourceName\") )][0]")
if [[ "$sourceResource" =~ .*"null".* ]]; then
echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >/dev/stderr
echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >&2
return 0
fi
chartName="$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.chart)"
Expand All @@ -83,15 +83,15 @@ function templateHelmRelease() {
args+=("$helmRepositoryUrl/$chartName")
;;
*)
echo "'$helmRepositoryUrl' is not supported" >/dev/stderr
echo "'$helmRepositoryUrl' is not supported" >&2
return 1
;;
esac
chartVersion="$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.version)"
helm <<<"$values" template --namespace "$namespace" "${args[@]}" --version "$chartVersion" --values -
;;
*)
echo "'$sourceKind' is not implemented" >/dev/stderr
echo "'$sourceKind' is not implemented" >&2
;;
esac
}
Expand All @@ -103,7 +103,7 @@ function templateLocalHelmChart() {
chart="$(basename "$chartPath")"
local tmpDir
tmpDir=$(mktemp -d -p "$TMP_DIR")
echo "Templating '$chart' with '$values'" >/dev/stderr
echo "Templating '$chart' with '$values'" >&2
cp -r "$chartPath" "$tmpDir/$chart"
helm dependency update "$tmpDir/$chart" >/dev/null
helm template "$chart" "$tmpDir/$chart" --values "$values"
Expand Down Expand Up @@ -133,7 +133,7 @@ function templateRemoteHelmChart() {
local chart="${2?}"
local values="${3:-charts/$chart/ci/artifacthub-values.yaml}"

echo "Templating '$repo/$chart' with '$values'" >/dev/stderr
echo "Templating '$repo/$chart' with '$values'" >&2

helm template --repo "$repo" "$chart" "$chart" --values "$values"
}
Expand All @@ -144,7 +144,7 @@ function templateGitHelmChart() {
local branch="${3?}"
local values="${4:-charts/$path/ci/artifacthub-values.yaml}"

echo "Templating '$repo/$path' with '$values'" >/dev/stderr
echo "Templating '$repo/$path' with '$values'" >&2

templateGitHelmRelease "$repo" "$branch" "$path" "" "$(basename "$path")" "$values"
}
Expand All @@ -171,7 +171,7 @@ case "$script" in
templateHelmRelease "$@"
;;
*)
echo "Wrong script: '$0'" >/dev/stderr
echo "Wrong script: '$0'" >&2
exit 1
;;
esac | (if [[ "$recursive" == true ]]; then templateSubHelmCharts; else cat -; fi)
2 changes: 1 addition & 1 deletion .github/scripts/templateHelmChartRecursivelyToFolder.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ chart=${1?You need to provide the chart name}
targetDir=${2?You need to provide the target directory}

if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
echo "Skipping library chart '$chart'" >/dev/stderr
echo "Skipping library chart '$chart'" >&2
[[ -v GITHUB_OUTPUT ]] && [[ -f "$GITHUB_OUTPUT" ]] && echo "skipped=true" | tee -a "$GITHUB_OUTPUT"
exit 0
else
Expand Down
2 changes: 1 addition & 1 deletion .github/scripts/trusted_images_regex.jq
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[
.registries | paths(scalars) as $p | $p + [getpath($p)] |
paths(scalars) as $p | $p + [getpath($p)] |
.[-1] as $type |
if $type == "ALL_IMAGES" then
"\(.[0:-1] | join("/"))/.*"
Expand Down
91 changes: 47 additions & 44 deletions .github/trusted_registries.yaml
Original file line number Diff line number Diff line change
@@ -1,44 +1,47 @@
registries:
docker.io:
aelbakry:
kdave-server: ALL_TAGS
bats:
bats: ALL_TAGS
bitnami: ALL_IMAGES
busybox: ALL_TAGS
confluentinc:
cp-kafka: ALL_TAGS
curlimages:
curl: ALL_TAGS
fluxcd: ALL_IMAGES
grafana: ALL_IMAGES
hjacobs:
kube-janitor: ALL_TAGS
stellio: ALL_IMAGES
velero: ALL_IMAGES
vladgh:
gpg: ALL_TAGS
otel:
opentelemetry-collector-contrib: ALL_TAGS
ghcr.io:
aquasecurity: ALL_IMAGES
kyverno: ALL_IMAGES
teutonet: ALL_IMAGES
quay.io:
cilium: ALL_IMAGES
jetstack: ALL_IMAGES
kiwigrid:
k8s-sidecar: ALL_TAGS
prometheus: ALL_IMAGES
prometheus-operator: ALL_IMAGES
registry.k8s.io:
descheduler: ALL_IMAGES
ingress-nginx: ALL_IMAGES
kube-state-metrics: ALL_IMAGES
sig-storage:
nfs-provisioner: ALL_TAGS
etcd: ALL_TAGS
provider-os: ALL_IMAGES
k8s.gcr.io:
sig-storage: ALL_IMAGES
registry-gitlab.teuto.net: ALL_IMAGES
docker.io:
aelbakry:
kdave-server: ALL_TAGS
bats:
bats: ALL_TAGS
bitnami: ALL_IMAGES
busybox: ALL_TAGS
confluentinc:
cp-kafka: ALL_TAGS
curlimages:
curl: ALL_TAGS
emberstack:
kubernetes-reflector: ALL_TAGS
fluxcd: ALL_IMAGES
grafana: ALL_IMAGES
hjacobs:
kube-janitor: ALL_TAGS
stellio: ALL_IMAGES
velero: ALL_IMAGES
vladgh:
gpg: ALL_TAGS
otel:
opentelemetry-collector-contrib: ALL_TAGS
ckan:
ckan-base-datapusher: ALL_TAGS
ghcr.io:
aquasecurity: ALL_IMAGES
kyverno: ALL_IMAGES
teutonet: ALL_IMAGES
quay.io:
cilium: ALL_IMAGES
jetstack: ALL_IMAGES
kiwigrid:
k8s-sidecar: ALL_TAGS
prometheus: ALL_IMAGES
prometheus-operator: ALL_IMAGES
registry.k8s.io:
descheduler: ALL_IMAGES
ingress-nginx: ALL_IMAGES
kube-state-metrics: ALL_IMAGES
sig-storage:
nfs-provisioner: ALL_TAGS
etcd: ALL_TAGS
provider-os: ALL_IMAGES
k8s.gcr.io:
sig-storage: ALL_IMAGES
registry-gitlab.teuto.net: ALL_IMAGES
9 changes: 4 additions & 5 deletions .github/workflows/create-release-prs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,10 @@ jobs:
if: ${{ steps.release-please.outputs.prs_created == 'true' }}
- name: Set PRs to auto-merge
if: ${{ steps.release-please.outputs.prs_created == 'true' }}
env:
GH_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
run: |
for pr_number in ${PR_NUMBERS};do
PRs=( ${{ join(fromJSON(steps.release-please.outputs.prs).*.number, ' ') }} )
for pr_number in "${PRs[@]}";do
gh pr merge --auto --squash "$pr_number"
done
env:
GH_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
PR_NUMBERS: ${{ join(fromJSON(steps.release-please.outputs.prs).*.number, ' ') }}
merge-method: squash
5 changes: 5 additions & 0 deletions .github/workflows/get-changed-chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,9 @@ jobs:
exit 1
fi
if ((num_changed < 1)); then
echo "This PR has seemingly no changes to any charts?"
exit 1
fi
echo chart="$changed" | tee -a "$GITHUB_OUTPUT"
2 changes: 1 addition & 1 deletion .github/workflows/linter.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
- name: Lint chart
run: |
if ! [[ -f "charts/$CHART/values.yaml" ]]; then
echo "No values.yaml found for $CHART, skipping 'ct lint'" >/dev/stderr
echo "No values.yaml found for $CHART, skipping 'ct lint'" >&2
helm lint "charts/$CHART"
else
ct lint --check-version-increment=false
Expand Down
Loading

0 comments on commit 6487ac4

Please sign in to comment.