replace (bump) serverless images with name function_* (#637)

Co-authored-by: Filip Strozik <[email protected]>
kyma-project · Jan 26, 2024 · fe95d80 · fe95d80
1 parent 97056f8
commit fe95d80
Show file tree

Hide file tree

Showing 9 changed files with 143 additions and 30 deletions.
diff --git a/.github/scripts/upgrade-sec-scanners-config.sh b/.github/scripts/upgrade-sec-scanners-config.sh
@@ -2,4 +2,21 @@
 
 IMG_VERSION=${IMG_VERSION?"Define IMG_VERSION env"}
 
-yq -i ".protecode[] |= sub(\":main\", \":${IMG_VERSION}\")" sec-scanners-config.yaml
+yq eval-all --inplace '
+    select(fileIndex == 0).protecode=[
+        select(fileIndex == 1)
+        | .global.containerRegistry.path as $registryPath
+        | (
+            {
+                "serverless_operator" : {
+                    "name" : "serverless-operator",
+                    "directory" : "prod",
+                    "version" : env(IMG_VERSION)
+                }
+            }
+            + .global.images
+          )[]
+        | $registryPath + "/" + .directory + "/" + .name + ":" + .version
+    ]
+    | select(fileIndex == 0)
+    ' sec-scanners-config.yaml config/serverless/values.yaml
diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
@@ -35,18 +35,18 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
-      - name: Bump sec-scanners-config.yaml
-        run: ./.github/scripts/upgrade-sec-scanners-config.sh
-        env:
-          IMG_VERSION: ${{ github.event.inputs.name }}
-
+
       - name: Bump values.yaml
         run: |
-          make -C components/operator/hack/ci replace-chart-images
+          make -C components/operator/hack/ci replace-function-chart-images
         env:
           IMG_DIRECTORY: "prod"
           IMG_VERSION: ${{ github.event.inputs.name }}
+
+      - name: Bump sec-scanners-config.yaml based on values.yaml
+        run: ./.github/scripts/upgrade-sec-scanners-config.sh
+        env:
+          IMG_VERSION: ${{ github.event.inputs.name }}
 
       - name: Commit&Push
         run: |

diff --git a/components/operator/Dockerfile.dev b/components/operator/Dockerfile.dev
@@ -1,3 +1,8 @@
+#
+# This Dockerfile is used to build serverless-operator image on every pre- and post-submit job
+# It's a copy of Dockerfile.release with additional logic bumping serverless images in the values.yaml
+#
+
 # Build the operator binary
 FROM golang:1.21.6 as builder
 
@@ -32,7 +37,7 @@ RUN apk update && apk add make yq
 COPY components/operator/hack components/operator/hack
 COPY config/serverless config/serverless
 
-RUN make -C components/operator/hack/ci replace-chart-images
+RUN make -C components/operator/hack/ci replace-function-chart-images
 
 # Use distroless as minimal base image to package the operator binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

diff --git a/components/operator/Dockerfile.local b/components/operator/Dockerfile.local
@@ -0,0 +1,51 @@
+#
+# This Dockerfile is used to build serverless-operator image locally
+# It's a copy of Dockerfile.release with additional logic bumping serverless images in the values.yaml
+#
+
+# Build the operator binary
+FROM golang:1.21.6 as builder
+
+WORKDIR /workspace
+
+# Copy the Go Modules manifests
+COPY go.mod go.sum ./
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY components/operator components/operator
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o operator ./components/operator/main.go
+
+# Replace main images in values.yaml
+FROM alpine:3.19.0 as replacer
+
+WORKDIR /workspace
+
+ARG IMG_DIRECTORY
+ARG IMG_VERSION
+
+ENV IMG_DIRECTORY=$IMG_DIRECTORY
+ENV IMG_VERSION=$IMG_VERSION
+
+RUN apk update && apk add make yq
+
+COPY components/operator/hack components/operator/hack
+COPY config/serverless config/serverless
+
+RUN make -C components/operator/hack/ci replace-only-main-chart-images
+
+# Use distroless as minimal base image to package the operator binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+
+WORKDIR /
+COPY --chown=65532:65532 --from=builder /workspace/operator .
+COPY --chown=65532:65532 --from=replacer /workspace/config/serverless /module-chart
+USER 65532:65532
+
+ENTRYPOINT ["/operator"]
diff --git a/components/operator/Makefile b/components/operator/Makefile
@@ -95,7 +95,11 @@ docker-build-release: manifests generate ## Build docker release image with the
 
 .PHONY: docker-build-dev
 docker-build-dev: manifests generate ## Build docker dev image with the operator.
-	docker build -t ${IMG} -f Dockerfile.dev $(PROJECT_ROOT) --build-arg=IMG_DIRECTORY="$(IMG_DIRECTORY)" --build-arg=IMG_VERSION="$(IMG_VERSION)" #TODO: Defaults
+	docker build -t ${IMG} -f Dockerfile.dev $(PROJECT_ROOT) --build-arg=IMG_DIRECTORY="$(IMG_DIRECTORY)" --build-arg=IMG_VERSION="$(IMG_VERSION)"
+
+.PHONY: docker-build-local
+docker-build-local: manifests generate ## Build docker local image with the operator.
+	docker build -t ${IMG} -f Dockerfile.local $(PROJECT_ROOT) --build-arg=IMG_DIRECTORY="$(IMG_DIRECTORY)" --build-arg=IMG_VERSION="$(IMG_VERSION)"
 
 .PHONY: docker-push
 docker-push: ## Push docker image with the operator.
@@ -137,6 +141,10 @@ module-image-release: docker-build-release docker-push ## Build the release Modu
 module-image-dev: docker-build-dev docker-push ## Build the dev Module Image and push it to a registry defined in IMG.
 	echo "built and pushed module image $(IMG)"
 
+.PHONY: module-image-local
+module-image-local: docker-build-local docker-push ## Build the local Module Image and push it to a registry defined in IMG.
+	echo "built and pushed module image $(IMG)"
+
 .PHONY: module-build
 module-build: ## Build the Module and push artifacts to the registry
 module-build: kyma kustomize render-manifest module-config-template configure-git-origin

diff --git a/components/operator/hack/ci/Makefile b/components/operator/hack/ci/Makefile
@@ -118,10 +118,25 @@ render-manifest:
 	@make -C ${OPERATOR_ROOT} render-manifest \
 		MODULE_VERSION=${MODULE_VERSION}
 
+# used only by prow (tests: pre-serverless-integration-k3s, pre-serverless-git-auth-integration-k3s)
 .PHONY: replace-chart-images
-replace-chart-images:
-	@IMG_VERSION=${IMG_VERSION} IMG_DIRECTORY=${IMG_DIRECTORY} \
- 		make -C ${PROJECT_COMMON} replace-chart-images
+replace-chart-images: replace-function-chart-images
+
+.PHONY: replace-only-main-chart-images
+replace-only-main-chart-images:
+	yq -i "(.global.images[] | select(.version == \"main\") | .directory) = \"${IMG_DIRECTORY}\"" ${PROJECT_ROOT}/config/serverless/values.yaml
+	yq -i "(.global.images[] | select(.version == \"main\") | .version) = \"${IMG_VERSION}\"" ${PROJECT_ROOT}/config/serverless/values.yaml
+	@echo "==== Local Changes ===="
+	yq '.global.images' ${PROJECT_ROOT}/config/serverless/values.yaml
+	@echo "==== End of Local Changes ===="
+
+.PHONY: replace-function-chart-images
+replace-function-chart-images:
+	yq -i "(.global.images[] | select(key == \"function_*\") | .directory) = \"${IMG_DIRECTORY}\"" ${PROJECT_ROOT}/config/serverless/values.yaml
+	yq -i "(.global.images[] | select(key == \"function_*\") | .version) = \"${IMG_VERSION}\"" ${PROJECT_ROOT}/config/serverless/values.yaml
+	@echo "==== Local Changes ===="
+	yq '.global.images' ${PROJECT_ROOT}/config/serverless/values.yaml
+	@echo "==== End of Local Changes ===="
 
 .PHONY: run-without-lm-on-k3d-cluster
 run-without-lm-on-k3d-cluster:

diff --git a/components/operator/hack/common/Makefile b/components/operator/hack/common/Makefile
@@ -168,6 +168,11 @@ module-image-dev:
 	@make -C ${OPERATOR_ROOT} module-image-dev \
 		IMG=localhost:${REGISTRY_PORT}/${OPERATOR_IMAGE_NAME}:${OPERATOR_IMAGE_TAG}
 
+.PHONY: module-image-local
+module-image-local:
+	@make -C ${OPERATOR_ROOT} module-image-local \
+		IMG=localhost:${REGISTRY_PORT}/${OPERATOR_IMAGE_NAME}:${OPERATOR_IMAGE_TAG}
+
 .PHONY: module-build
 module-build:
 	@make -C ${OPERATOR_ROOT} module-build \
@@ -191,11 +196,3 @@ deploy-k3d:
 .PHONY: deploy-cluster
 deploy-cluster:
 	@make -C ${OPERATOR_ROOT} deploy
-
-.PHONY: replace-chart-images
-replace-chart-images:
-	yq -i "(.global.images[] | select(.version == \"main\") | .directory) = \"${IMG_DIRECTORY}\"" ${PROJECT_ROOT}/config/serverless/values.yaml
-	yq -i "(.global.images[] | select(.version == \"main\") | .version) = \"${IMG_VERSION}\"" ${PROJECT_ROOT}/config/serverless/values.yaml
-	@echo "==== Local Changes ===="
-	yq '.global.images' ${PROJECT_ROOT}/config/serverless/values.yaml
-	@echo "==== End of Local Changes ===="
diff --git a/components/operator/hack/local/Makefile b/components/operator/hack/local/Makefile
@@ -11,7 +11,7 @@ help: ## Display this help.
 .PHONY: deploy-k3d
 deploy-k3d: ## Build image and deploy operator on a k3d cluster.
 	@make -C ${PROJECT_COMMON} \
-		module-image-dev \
+		module-image-local \
 		deploy-k3d \
 		apply-serverless \
 		verify-serverless
@@ -29,12 +29,22 @@ stop: ## Delete k3d cluster and registry.
 
 .PHONY: run
 run: ## Create k3d cluster and deploy operator.
-	@IMG_VERSION="main" IMG_DIRECTORY="prod" make -C ${PROJECT_COMMON} run-without-lifecycle-manager
+	@IMG_VERSION="main" IMG_DIRECTORY="prod" make -C ${PROJECT_COMMON} \
+		kyma \
+		create-k3d \
+		module-image-local \
+		deploy \
+		apply-serverless \
+		verify-serverless
 
 .PHONY: run-for-img
 run-for-img: ## Create k3d cluster with operator using the IMG env.
 	@echo "this target requires IMG env"
-	@IMG=${IMG} make -C ${PROJECT_COMMON} create-k3d run-without-lm-on-cluster
+	@IMG=${IMG} make -C ${PROJECT_COMMON} \
+		create-k3d \
+		deploy-cluster \
+		apply-serverless \
+		verify-serverless
 
 .PHONY: build-and-run
 build-and-run: ## Create k3d cluster with operator using locally built images.
@@ -47,11 +57,21 @@ build-and-run: ## Create k3d cluster with operator using locally built images.
 	@${PROJECT_LOCAL}/build_local_images.sh
 
 	@IMG_VERSION="local" IMG_DIRECTORY="dev" \
-		make -C ${PROJECT_COMMON} module-image-dev \
+		make -C ${PROJECT_COMMON} module-image-local \
 		deploy \
 		apply-serverless \
 		verify-serverless
 
 .PHONY: run-with-lm
 run-with-lm: ## Create k3d cluster with module installed by the lifecycle-manager.
-	@IMG_VERSION="main" IMG_DIRECTORY="prod" make -C ${PROJECT_COMMON} run-with-lifecycle-manager
+	@IMG_VERSION="main" IMG_DIRECTORY="prod" make -C ${PROJECT_COMMON} \
+		kyma \
+		create-k3d \
+		module-image-local \
+		module-build \
+		fix-template \
+		install-kyma-with-lm \
+		patch-mod-mgr-role \
+		install-module-template \
+		enable-module \
+		verify-kyma
diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml
@@ -3,16 +3,16 @@ rc-tag: 1.3.0
 protecode:
   - europe-docker.pkg.dev/kyma-project/prod/serverless-operator:main
   - europe-docker.pkg.dev/kyma-project/prod/function-controller:main
-  - europe-docker.pkg.dev/kyma-project/prod/function-build-init:main
   - europe-docker.pkg.dev/kyma-project/prod/function-webhook:main
-  - europe-docker.pkg.dev/kyma-project/prod/tpi/registry:2.8.1-1ae4c190
-  - europe-docker.pkg.dev/kyma-project/prod/tpi/kaniko-executor:1.9.2-ea54c1c7
+  - europe-docker.pkg.dev/kyma-project/prod/function-build-init:main
   - europe-docker.pkg.dev/kyma-project/prod/function-runtime-nodejs16:main
   - europe-docker.pkg.dev/kyma-project/prod/function-runtime-nodejs18:main
   - europe-docker.pkg.dev/kyma-project/prod/function-runtime-python39:main
+  - europe-docker.pkg.dev/kyma-project/prod/tpi/kaniko-executor:1.9.2-ea54c1c7
+  - europe-docker.pkg.dev/kyma-project/prod/tpi/registry:2.8.1-1ae4c190
 whitesource:
   language: golang-mod
   subprojects: false
   exclude:
     - "**/test/**"
-    - "**/*_test.go"
+    - "**/*_test.go"