From db629c5bbc8f34e68c1c453ec4c3bd6a101aa534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Wei=C3=9Fe?= Date: Wed, 29 May 2024 11:15:25 +0200 Subject: [PATCH] release: embed image replacements --- .github/workflows/release.yml | 5 ++++- cli/cmd/assets/image-replacements.txt | 1 + cli/cmd/common.go | 2 ++ cli/cmd/generate.go | 6 ++++++ internal/kuberesource/lookup.go | 2 +- packages/by-name/contrast/package.nix | 1 + 6 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 cli/cmd/assets/image-replacements.txt diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e7580c6ba5..7ae3cf2912 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -244,10 +244,13 @@ jobs: 'select(.kind == "Deployment") | .spec.template.metadata.annotations["io.katacontainers.config.agent.policy"]' | base64 -d | sha256sum | cut -d " " -f1 > cli/cmd/assets/coordinator-policy-hash + cp image-replacements.txt cli/cmd/assets/image-replacements.txt + git config --global user.name "edgelessci" git config --global user.email "edgelessci@users.noreply.github.com" git add cli/cmd/assets/coordinator-policy-hash - git diff --staged --quiet || git commit -m "release: update coordinator policy hash" + git add cli/cmd/assets/image-replacements.txt + git diff --staged --quiet || git commit -m "release: update cli assets" - name: Build CLI run: | nix build -L .#cli-release diff --git a/cli/cmd/assets/image-replacements.txt b/cli/cmd/assets/image-replacements.txt new file mode 100644 index 0000000000..c3b521ca2a --- /dev/null +++ b/cli/cmd/assets/image-replacements.txt @@ -0,0 +1 @@ +# THIS FILE IS REPLACED DURING RELEASE BUILD TO INCLUDE UPDATED IMAGE REFERENCES diff --git a/cli/cmd/common.go b/cli/cmd/common.go index 0b2f4e0a0c..df8b12116b 100644 --- a/cli/cmd/common.go +++ b/cli/cmd/common.go @@ -33,6 +33,8 @@ var ( defaultGenpolicySettings []byte //go:embed assets/genpolicy-rules.rego defaultRules []byte + //go:embed assets/image-replacements.txt + releaseImageReplacements []byte // DefaultCoordinatorPolicyHash is derived from the coordinator release candidate and injected at release build time. // // It is intentionally left empty for dev builds. diff --git a/cli/cmd/generate.go b/cli/cmd/generate.go index 4a636f3b34..80522c27b8 100644 --- a/cli/cmd/generate.go +++ b/cli/cmd/generate.go @@ -252,6 +252,7 @@ func generatePolicies(ctx context.Context, regoRulesPath, policySettingsPath str func injectInitializer(paths []string, imageReplacementsFile string, logger *slog.Logger) error { var replacements map[string]string + var err error if imageReplacementsFile != "" { f, err := os.Open(imageReplacementsFile) if err != nil { @@ -263,6 +264,11 @@ func injectInitializer(paths []string, imageReplacementsFile string, logger *slo if err != nil { return fmt.Errorf("could not parse image definition file %s: %w", imageReplacementsFile, err) } + } else { + replacements, err = kuberesource.ImageReplacementsFromFile(bytes.NewReader(releaseImageReplacements)) + if err != nil { + return fmt.Errorf("could not parse release image definitions %s: %w", releaseImageReplacements, err) + } } for _, path := range paths { data, err := os.ReadFile(path) diff --git a/internal/kuberesource/lookup.go b/internal/kuberesource/lookup.go index c80eca8f63..5b1e71e1d9 100644 --- a/internal/kuberesource/lookup.go +++ b/internal/kuberesource/lookup.go @@ -17,7 +17,7 @@ var replacementRE = regexp.MustCompile(`(?P[^\s=]+)\s*=\s*(?P