generated from kyma-project/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Extract docker-registry source code from serverless module. * prapare images to be usable in ADO build jobs --------- Co-authored-by: Marcin Dobrochowski <[email protected]>
- Loading branch information
1 parent
7f43a37
commit 39d4875
Showing
166 changed files
with
10,724 additions
and
233 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
name: 'Setup libgit2' | ||
description: 'Action for the libgit2 setup' | ||
|
||
inputs: | ||
version: | ||
description: 'libgit2 version to checkout' | ||
required: true | ||
default: 'v1.5.2' | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Install libssh2 | ||
run: | | ||
sudo apt update | ||
sudo apt install libssh2-1-dev -y | ||
shell: bash | ||
|
||
- name: Install libgit2 | ||
run: | | ||
git clone https://github.com/libgit2/libgit2.git | ||
cd libgit2 | ||
git checkout ${{ inputs.version }} | ||
cmake . -DBUILD_TESTS=OFF -DBUILD_CLI=OFF -DUSE_SSH=ON | ||
sudo make install | ||
sudo ldconfig | ||
shell: bash | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "gomod" | ||
directory: "/" | ||
labels: | ||
- "area/dependency" | ||
- "kind/chore" | ||
schedule: | ||
interval: "weekly" | ||
commit-message: | ||
prefix: "gomod" | ||
include: "scope" | ||
ignore: | ||
# ignore minor k8s updates, e.g. 1.27.x -> 1.28.x | ||
- dependency-name: "k8s.io/*" | ||
update-types: ["version-update:semver-minor"] | ||
- dependency-name: "sigs.k8s.io/*" | ||
update-types: ["version-update:semver-minor"] | ||
- dependency-name: "helm.sh/helm/v3" | ||
update-types: ["version-update:semver-minor"] | ||
groups: | ||
k8s-io: | ||
patterns: | ||
- "k8s.io/*" | ||
|
||
- package-ecosystem: "docker" | ||
directory: "/components/operator" | ||
labels: | ||
- "area/dependency" | ||
- "kind/chore" | ||
schedule: | ||
interval: "weekly" | ||
commit-message: | ||
prefix: "operator" | ||
include: "scope" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#!/usr/bin/env bash | ||
|
||
PREVIOUS_RELEASE=$2 # for testability | ||
|
||
# standard bash error handling | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
RELEASE_TAG=$1 | ||
|
||
REPOSITORY=${REPOSITORY:-kyma-project/docker-registry} | ||
GITHUB_URL=https://api.github.com/repos/${REPOSITORY} | ||
GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" | ||
CHANGELOG_FILE="CHANGELOG.md" | ||
|
||
if [ "${PREVIOUS_RELEASE}" == "" ] | ||
then | ||
PREVIOUS_RELEASE=$(git describe --tags --abbrev=0) | ||
fi | ||
|
||
echo "## What has changed" >> ${CHANGELOG_FILE} | ||
|
||
git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit | ||
do | ||
COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login') | ||
if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then | ||
git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >> ${CHANGELOG_FILE} | ||
fi | ||
done | ||
|
||
NEW_CONTRIB=$$.new | ||
|
||
join -v2 \ | ||
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \ | ||
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB} | ||
|
||
if [ -s ${NEW_CONTRIB} ] | ||
then | ||
echo -e "\n## New contributors" >> ${CHANGELOG_FILE} | ||
while read -r user | ||
do | ||
REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true) | ||
if [ -n "${REF_PR}" ] #reference found | ||
then | ||
REF_PR=" in ${REF_PR}" | ||
fi | ||
echo "* @${user} made first contribution${REF_PR}" >> ${CHANGELOG_FILE} | ||
done <${NEW_CONTRIB} | ||
fi | ||
|
||
echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >> ${CHANGELOG_FILE} | ||
|
||
# cleanup | ||
rm ${NEW_CONTRIB} || echo "cleaned up" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
#!/usr/bin/env bash | ||
|
||
# This script returns the id of the draft release | ||
|
||
# standard bash error handling | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
RELEASE_TAG=$1 | ||
|
||
REPOSITORY=${REPOSITORY:-kyma-project/docker-registry} | ||
GITHUB_URL=https://api.github.com/repos/${REPOSITORY} | ||
GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}" | ||
CHANGELOG_FILE=$(cat CHANGELOG.md) | ||
|
||
JSON_PAYLOAD=$(jq -n \ | ||
--arg tag_name "$RELEASE_TAG" \ | ||
--arg name "$RELEASE_TAG" \ | ||
--arg body "$CHANGELOG_FILE" \ | ||
'{ | ||
"tag_name": $tag_name, | ||
"name": $name, | ||
"body": $body, | ||
"draft": true | ||
}') | ||
|
||
CURL_RESPONSE=$(curl -L \ | ||
-X POST \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "${GITHUB_AUTH_HEADER}" \ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
${GITHUB_URL}/releases \ | ||
-d "$JSON_PAYLOAD") | ||
|
||
echo "$(echo $CURL_RESPONSE | jq -r ".id")" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#!/usr/bin/env bash | ||
|
||
# This script publishes a draft release | ||
|
||
# standard bash error handling | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
RELEASE_ID=$1 | ||
IS_LATEST_RELEASE=$2 | ||
|
||
REPOSITORY=${REPOSITORY:-kyma-project/docker-registry} | ||
GITHUB_URL=https://api.github.com/repos/${REPOSITORY} | ||
GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}" | ||
|
||
CURL_RESPONSE=$(curl -L \ | ||
-X POST \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "${GITHUB_AUTH_HEADER}" \ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
${GITHUB_URL}/releases/${RELEASE_ID} \ | ||
-d '{"draft": false, "make_latest": '"$IS_LATEST_RELEASE"'}') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#!/usr/bin/env bash | ||
|
||
# standard bash error handling | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
# Expected variables: | ||
IMG=${IMG?"Define IMG env"} # operator image | ||
PULL_BASE_REF=${PULL_BASE_REF?"Define PULL_BASE_REF env"} # name of the tag | ||
GITHUB_TOKEN=${GITHUB_TOKEN?"Define GITHUB_TOKEN env"} # github token used to upload the template yaml | ||
|
||
uploadFile() { | ||
filePath=${1} | ||
ghAsset=${2} | ||
|
||
echo "Uploading ${filePath} as ${ghAsset}" | ||
response=$(curl -s -o output.txt -w "%{http_code}" \ | ||
--request POST --data-binary @"$filePath" \ | ||
-H "Authorization: token $GITHUB_TOKEN" \ | ||
-H "Content-Type: text/yaml" \ | ||
$ghAsset) | ||
if [[ "$response" != "201" ]]; then | ||
echo "Unable to upload the asset ($filePath): " | ||
echo "HTTP Status: $response" | ||
cat output.txt | ||
exit 1 | ||
else | ||
echo "$filePath uploaded" | ||
fi | ||
} | ||
|
||
echo "IMG: ${IMG}" | ||
IMG=${IMG} make -C components/operator/ render-manifest | ||
|
||
echo "Generated dockerregistry-operator.yaml:" | ||
cat dockerregistry-operator.yaml | ||
|
||
echo "Fetching releases" | ||
CURL_RESPONSE=$(curl -w "%{http_code}" -sL \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer $GITHUB_TOKEN"\ | ||
https://api.github.com/repos/kyma-project/docker-registry/releases) | ||
JSON_RESPONSE=$(sed '$ d' <<< "${CURL_RESPONSE}") | ||
HTTP_CODE=$(tail -n1 <<< "${CURL_RESPONSE}") | ||
if [[ "${HTTP_CODE}" != "200" ]]; then | ||
echo "${CURL_RESPONSE}" | ||
exit 1 | ||
fi | ||
|
||
echo "Finding release id for: ${PULL_BASE_REF}" | ||
RELEASE_ID=$(jq <<< ${JSON_RESPONSE} --arg tag "${PULL_BASE_REF}" '.[] | select(.tag_name == $ARGS.named.tag) | .id') | ||
|
||
echo "Got '${RELEASE_ID}' release id" | ||
if [ -z "${RELEASE_ID}" ] | ||
then | ||
echo "No release with tag = ${PULL_BASE_REF}" | ||
exit 1 | ||
fi | ||
|
||
echo "Updating github release with assets" | ||
UPLOAD_URL="https://uploads.github.com/repos/kyma-project/docker-registry/releases/${RELEASE_ID}/assets" | ||
|
||
uploadFile "dockerregistry-operator.yaml" "${UPLOAD_URL}?name=dockerregistry-operator.yaml" | ||
uploadFile "config/samples/default-dockerregistry-cr.yaml" "${UPLOAD_URL}?name=default-dockerregistry-cr.yaml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/bin/sh | ||
|
||
IMG_VERSION=${IMG_VERSION?"Define IMG_VERSION env"} | ||
|
||
yq eval-all --inplace ' | ||
select(fileIndex == 0).protecode=[ | ||
select(fileIndex == 1) | ||
| .global.containerRegistry.path as $registryPath | ||
| ( | ||
{ | ||
"dockerregistry_operator" : { | ||
"name" : "dockerregistry-operator", | ||
"directory" : "prod", | ||
"version" : env(IMG_VERSION) | ||
} | ||
} | ||
+ .global.images | ||
)[] | ||
| $registryPath + "/" + .directory + "/" + .name + ":" + .version | ||
] | ||
| select(fileIndex == 0) | ||
' sec-scanners-config.yaml config/docker-registry/values.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
#!/usr/bin/env bash | ||
|
||
echo "Checking status of github actions for docker-registry" | ||
|
||
REF_NAME="${1:-"main"}" | ||
RAW_EXPECTED_SHA=$(git log "${REF_NAME}" --max-count 1 --format=format:%H) | ||
REPOSITORY_ID="563346860" | ||
|
||
STATUS_URL="https://api.github.com/repositories/${REPOSITORY_ID}/actions/workflows/gardener-integration.yaml/runs?head_sha=${RAW_EXPECTED_SHA}" | ||
GET_STATUS_JQ_QUERY=".workflow_runs[0] | \"\(.status)-\(.conclusion)\"" | ||
GET_COUNT_JQ_QUERY=".total_count" | ||
|
||
response=`curl -s ${STATUS_URL}` | ||
|
||
count=`echo $response | jq -r "${GET_COUNT_JQ_QUERY}"` | ||
if [[ "$count" == "0" ]]; then | ||
echo "No actions to verify" | ||
else | ||
fullstatus=`echo $response | jq -r "${GET_STATUS_JQ_QUERY}"` | ||
if [[ "$fullstatus" == "completed-success" ]]; then | ||
echo "All actions succeeded" | ||
else | ||
echo "Actions failed or pending - Check github actions status" | ||
exit 1 | ||
fi | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#!/usr/bin/env bash | ||
|
||
### Verify post-submit prow jobs status | ||
# | ||
# Optional input args: | ||
# - REF_NAME - branch/tag/commit | ||
# Return status: | ||
# - return 0 - if status is "success" | ||
# - return 1 - if status is "failure" or after timeout (~25min) | ||
|
||
# wait until Prow trigger pipelines | ||
sleep 10 | ||
|
||
echo "Checking status of POST Jobs for docker-registry" | ||
|
||
REF_NAME="${1:-"main"}" | ||
STATUS_URL="https://api.github.com/repos/kyma-project/docker-registry/commits/${REF_NAME}/status" | ||
|
||
function verify_github_jobs_status () { | ||
local number=1 | ||
while [[ $number -le 100 ]] ; do | ||
echo ">--> checking docker-registry job status #$number" | ||
local STATUS=`curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL} | jq -r .state ` | ||
echo "jobs status: ${STATUS:='UNKNOWN'}" | ||
[[ "$STATUS" == "success" ]] && return 0 | ||
[[ "$STATUS" == "failure" ]] && return 1 | ||
sleep 15 | ||
((number = number + 1)) | ||
done | ||
|
||
exit 1 | ||
} | ||
|
||
verify_github_jobs_status |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/bash | ||
|
||
MAIN_IMAGES=(${MAIN_IMAGES?"Define MAIN_IMAGES env"}) | ||
PR_NOT_MAIN_IMAGES=(${PR_NOT_MAIN_IMAGES?"Define PR_NOT_MAIN_IMAGES env"}) | ||
|
||
FAIL=false | ||
for main_image in "${MAIN_IMAGES[@]}"; do | ||
echo "${main_image} checking..." | ||
|
||
for pr_image in "${PR_NOT_MAIN_IMAGES[@]}"; do | ||
if [ "${main_image}" == "${pr_image}" ]; then | ||
echo " warning: ${pr_image} tag/version seems to be modified (should be main)!" | ||
FAIL=true | ||
fi | ||
done | ||
done | ||
|
||
if $FAIL; then | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Number of days of inactivity before an issue becomes stale | ||
daysUntilStale: 60 | ||
# Number of days of inactivity before a stale issue is closed | ||
daysUntilClose: 7 | ||
# Label to use when marking an issue as stale | ||
staleLabel: lifecycle/stale | ||
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable | ||
exemptLabels: | ||
- lifecycle/frozen | ||
- lifecycle/active | ||
# Comment to post when marking an issue as stale. Set to `false` to disable | ||
markComment: | | ||
This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. | ||
Thank you for your contributions. | ||
# Comment to post when closing a stale issue. Set to `false` to disable | ||
closeComment: | | ||
This issue has been automatically closed due to the lack of recent activity. | ||
/lifecycle rotten | ||
Oops, something went wrong.