Skip to content

Commit

Permalink
Add docker registry operator (#1)
Browse files Browse the repository at this point in the history
* Extract docker-registry source code from serverless module.

* prapare images to be usable in ADO build jobs

---------

Co-authored-by: Marcin Dobrochowski <[email protected]>
  • Loading branch information
MichalKalke and anoipm authored Apr 30, 2024
1 parent 7f43a37 commit 39d4875
Show file tree
Hide file tree
Showing 166 changed files with 10,724 additions and 233 deletions.
28 changes: 28 additions & 0 deletions .github/actions/setup-libgit2/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: 'Setup libgit2'
description: 'Action for the libgit2 setup'

inputs:
version:
description: 'libgit2 version to checkout'
required: true
default: 'v1.5.2'

runs:
using: 'composite'
steps:
- name: Install libssh2
run: |
sudo apt update
sudo apt install libssh2-1-dev -y
shell: bash

- name: Install libgit2
run: |
git clone https://github.com/libgit2/libgit2.git
cd libgit2
git checkout ${{ inputs.version }}
cmake . -DBUILD_TESTS=OFF -DBUILD_CLI=OFF -DUSE_SSH=ON
sudo make install
sudo ldconfig
shell: bash

38 changes: 38 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2
updates:
- package-ecosystem: "gomod"
directory: "/"
labels:
- "area/dependency"
- "kind/chore"
schedule:
interval: "weekly"
commit-message:
prefix: "gomod"
include: "scope"
ignore:
# ignore minor k8s updates, e.g. 1.27.x -> 1.28.x
- dependency-name: "k8s.io/*"
update-types: ["version-update:semver-minor"]
- dependency-name: "sigs.k8s.io/*"
update-types: ["version-update:semver-minor"]
- dependency-name: "helm.sh/helm/v3"
update-types: ["version-update:semver-minor"]
groups:
k8s-io:
patterns:
- "k8s.io/*"

- package-ecosystem: "docker"
directory: "/components/operator"
labels:
- "area/dependency"
- "kind/chore"
schedule:
interval: "weekly"
commit-message:
prefix: "operator"
include: "scope"

56 changes: 56 additions & 0 deletions .github/scripts/create_changelog.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
#!/usr/bin/env bash

PREVIOUS_RELEASE=$2 # for testability

# standard bash error handling
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

RELEASE_TAG=$1

REPOSITORY=${REPOSITORY:-kyma-project/docker-registry}
GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}"
CHANGELOG_FILE="CHANGELOG.md"

if [ "${PREVIOUS_RELEASE}" == "" ]
then
PREVIOUS_RELEASE=$(git describe --tags --abbrev=0)
fi

echo "## What has changed" >> ${CHANGELOG_FILE}

git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit
do
COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login')
if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then
git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >> ${CHANGELOG_FILE}
fi
done

NEW_CONTRIB=$$.new

join -v2 \
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB}

if [ -s ${NEW_CONTRIB} ]
then
echo -e "\n## New contributors" >> ${CHANGELOG_FILE}
while read -r user
do
REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true)
if [ -n "${REF_PR}" ] #reference found
then
REF_PR=" in ${REF_PR}"
fi
echo "* @${user} made first contribution${REF_PR}" >> ${CHANGELOG_FILE}
done <${NEW_CONTRIB}
fi

echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >> ${CHANGELOG_FILE}

# cleanup
rm ${NEW_CONTRIB} || echo "cleaned up"
37 changes: 37 additions & 0 deletions .github/scripts/create_draft_release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/usr/bin/env bash

# This script returns the id of the draft release

# standard bash error handling
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

RELEASE_TAG=$1

REPOSITORY=${REPOSITORY:-kyma-project/docker-registry}
GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
CHANGELOG_FILE=$(cat CHANGELOG.md)

JSON_PAYLOAD=$(jq -n \
--arg tag_name "$RELEASE_TAG" \
--arg name "$RELEASE_TAG" \
--arg body "$CHANGELOG_FILE" \
'{
"tag_name": $tag_name,
"name": $name,
"body": $body,
"draft": true
}')

CURL_RESPONSE=$(curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "${GITHUB_AUTH_HEADER}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${GITHUB_URL}/releases \
-d "$JSON_PAYLOAD")

echo "$(echo $CURL_RESPONSE | jq -r ".id")"
24 changes: 24 additions & 0 deletions .github/scripts/publish_release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/usr/bin/env bash

# This script publishes a draft release

# standard bash error handling
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

RELEASE_ID=$1
IS_LATEST_RELEASE=$2

REPOSITORY=${REPOSITORY:-kyma-project/docker-registry}
GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"

CURL_RESPONSE=$(curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "${GITHUB_AUTH_HEADER}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${GITHUB_URL}/releases/${RELEASE_ID} \
-d '{"draft": false, "make_latest": '"$IS_LATEST_RELEASE"'}')
66 changes: 66 additions & 0 deletions .github/scripts/release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/env bash

# standard bash error handling
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

# Expected variables:
IMG=${IMG?"Define IMG env"} # operator image
PULL_BASE_REF=${PULL_BASE_REF?"Define PULL_BASE_REF env"} # name of the tag
GITHUB_TOKEN=${GITHUB_TOKEN?"Define GITHUB_TOKEN env"} # github token used to upload the template yaml

uploadFile() {
filePath=${1}
ghAsset=${2}

echo "Uploading ${filePath} as ${ghAsset}"
response=$(curl -s -o output.txt -w "%{http_code}" \
--request POST --data-binary @"$filePath" \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: text/yaml" \
$ghAsset)
if [[ "$response" != "201" ]]; then
echo "Unable to upload the asset ($filePath): "
echo "HTTP Status: $response"
cat output.txt
exit 1
else
echo "$filePath uploaded"
fi
}

echo "IMG: ${IMG}"
IMG=${IMG} make -C components/operator/ render-manifest

echo "Generated dockerregistry-operator.yaml:"
cat dockerregistry-operator.yaml

echo "Fetching releases"
CURL_RESPONSE=$(curl -w "%{http_code}" -sL \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN"\
https://api.github.com/repos/kyma-project/docker-registry/releases)
JSON_RESPONSE=$(sed '$ d' <<< "${CURL_RESPONSE}")
HTTP_CODE=$(tail -n1 <<< "${CURL_RESPONSE}")
if [[ "${HTTP_CODE}" != "200" ]]; then
echo "${CURL_RESPONSE}"
exit 1
fi

echo "Finding release id for: ${PULL_BASE_REF}"
RELEASE_ID=$(jq <<< ${JSON_RESPONSE} --arg tag "${PULL_BASE_REF}" '.[] | select(.tag_name == $ARGS.named.tag) | .id')

echo "Got '${RELEASE_ID}' release id"
if [ -z "${RELEASE_ID}" ]
then
echo "No release with tag = ${PULL_BASE_REF}"
exit 1
fi

echo "Updating github release with assets"
UPLOAD_URL="https://uploads.github.com/repos/kyma-project/docker-registry/releases/${RELEASE_ID}/assets"

uploadFile "dockerregistry-operator.yaml" "${UPLOAD_URL}?name=dockerregistry-operator.yaml"
uploadFile "config/samples/default-dockerregistry-cr.yaml" "${UPLOAD_URL}?name=default-dockerregistry-cr.yaml"
22 changes: 22 additions & 0 deletions .github/scripts/upgrade-sec-scanners-config.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/sh

IMG_VERSION=${IMG_VERSION?"Define IMG_VERSION env"}

yq eval-all --inplace '
select(fileIndex == 0).protecode=[
select(fileIndex == 1)
| .global.containerRegistry.path as $registryPath
| (
{
"dockerregistry_operator" : {
"name" : "dockerregistry-operator",
"directory" : "prod",
"version" : env(IMG_VERSION)
}
}
+ .global.images
)[]
| $registryPath + "/" + .directory + "/" + .name + ":" + .version
]
| select(fileIndex == 0)
' sec-scanners-config.yaml config/docker-registry/values.yaml
26 changes: 26 additions & 0 deletions .github/scripts/verify-actions-status.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/usr/bin/env bash

echo "Checking status of github actions for docker-registry"

REF_NAME="${1:-"main"}"
RAW_EXPECTED_SHA=$(git log "${REF_NAME}" --max-count 1 --format=format:%H)
REPOSITORY_ID="563346860"

STATUS_URL="https://api.github.com/repositories/${REPOSITORY_ID}/actions/workflows/gardener-integration.yaml/runs?head_sha=${RAW_EXPECTED_SHA}"
GET_STATUS_JQ_QUERY=".workflow_runs[0] | \"\(.status)-\(.conclusion)\""
GET_COUNT_JQ_QUERY=".total_count"

response=`curl -s ${STATUS_URL}`

count=`echo $response | jq -r "${GET_COUNT_JQ_QUERY}"`
if [[ "$count" == "0" ]]; then
echo "No actions to verify"
else
fullstatus=`echo $response | jq -r "${GET_STATUS_JQ_QUERY}"`
if [[ "$fullstatus" == "completed-success" ]]; then
echo "All actions succeeded"
else
echo "Actions failed or pending - Check github actions status"
exit 1
fi
fi
34 changes: 34 additions & 0 deletions .github/scripts/verify-docker-registry-jobs-status.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash

### Verify post-submit prow jobs status
#
# Optional input args:
# - REF_NAME - branch/tag/commit
# Return status:
# - return 0 - if status is "success"
# - return 1 - if status is "failure" or after timeout (~25min)

# wait until Prow trigger pipelines
sleep 10

echo "Checking status of POST Jobs for docker-registry"

REF_NAME="${1:-"main"}"
STATUS_URL="https://api.github.com/repos/kyma-project/docker-registry/commits/${REF_NAME}/status"

function verify_github_jobs_status () {
local number=1
while [[ $number -le 100 ]] ; do
echo ">--> checking docker-registry job status #$number"
local STATUS=`curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL} | jq -r .state `
echo "jobs status: ${STATUS:='UNKNOWN'}"
[[ "$STATUS" == "success" ]] && return 0
[[ "$STATUS" == "failure" ]] && return 1
sleep 15
((number = number + 1))
done

exit 1
}

verify_github_jobs_status
20 changes: 20 additions & 0 deletions .github/scripts/verify-image-changes.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash

MAIN_IMAGES=(${MAIN_IMAGES?"Define MAIN_IMAGES env"})
PR_NOT_MAIN_IMAGES=(${PR_NOT_MAIN_IMAGES?"Define PR_NOT_MAIN_IMAGES env"})

FAIL=false
for main_image in "${MAIN_IMAGES[@]}"; do
echo "${main_image} checking..."

for pr_image in "${PR_NOT_MAIN_IMAGES[@]}"; do
if [ "${main_image}" == "${pr_image}" ]; then
echo " warning: ${pr_image} tag/version seems to be modified (should be main)!"
FAIL=true
fi
done
done

if $FAIL; then
exit 1
fi
19 changes: 19 additions & 0 deletions .github/stale.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 60
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Label to use when marking an issue as stale
staleLabel: lifecycle/stale
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- lifecycle/frozen
- lifecycle/active
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: |
This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
Thank you for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: |
This issue has been automatically closed due to the lack of recent activity.
/lifecycle rotten
Loading

0 comments on commit 39d4875

Please sign in to comment.