Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

publish image nightly #50

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .github/workflows/nightly.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: Nightly Release

on:
workflow_dispatch: # Manual trigger
schedule:
- cron: '0 5 * * *' # 5 AM UTC = Midnight EST

jobs:
nightly:
if: ${{ github.repository == 'shipwright-io/triggers' }}
runs-on: ubuntu-latest
permissions:
id-token: write # To be able to get OIDC ID token to sign images.
contents: write # To be able to update releases.
packages: write # To be able to push images and signatures.

env:
IMAGE_HOST: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository }}

steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: '1.19.x'
check-latest: true

# Install tools
- uses: ko-build/[email protected]
with:
version: v0.13.0
- uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4
- uses: sigstore/cosign-installer@v3

- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d-%s')" >> $GITHUB_OUTPUT

- name: Generate and upload release YAMLs
env:
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
REGISTRY_USERNAME: ${{ github.repository_owner }}
TAG: "nightly-${{ steps.date.outputs.date }}"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
make release

mv release.yaml nightly-${{ steps.date.outputs.date }}.yaml
mv release-debug.yaml nightly-${{ steps.date.outputs.date }}-debug.yaml
# gh release upload nightly nightly-${{ steps.date.outputs.date }}.yaml
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pending for a release of nightly.

# gh release upload nightly nightly-${{ steps.date.outputs.date }}-debug.yaml

- name: Update latest tag of supporting images
run: |
crane copy "${IMAGE_HOST}/${IMAGE_NAMESPACE}/triggers:nightly-${{ steps.date.outputs.date }}" "${IMAGE_HOST}/${IMAGE_NAMESPACE}/triggers:latest"

- name: Sign released images
run: |
for f in \
nightly-${{ steps.date.outputs.date }}.yaml \
nightly-${{ steps.date.outputs.date }}-debug.yaml; do
grep -o "ghcr.io[^\"]*" $f | xargs cosign sign --yes \
-a sha=${{ github.sha }} \
-a run_id=${{ github.run_id }} \
-a run_attempt=${{ github.run_attempt }}
done
8 changes: 6 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,9 @@ $(CONTROLLER_GEN):
.PHONY: manifests
manifests: controller-gen
$(CONTROLLER_GEN) \
rbac:roleName=shipwright-trigger crd paths="./..." \
output:dir=$(MANIFEST_DIR)
rbac:roleName=shipwright-triggers webhook paths="./..." \
output:dir=deploy/
mv deploy/role.yaml deploy/200-role.yaml

# runs the manager from your host
.PHONY: run
Expand All @@ -99,6 +100,9 @@ deploy:
$(CHART_DIR) | \
ko apply $(KO_OPTS) $(ARGS) --filename -

release: manifests
hack/release.sh

# runs the unit tests, with optional arguments
.PHONY: test-unit
test-unit: CGO_ENABLED=1
Expand Down
5 changes: 5 additions & 0 deletions deploy/100-namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: shipwright-build
Copy link
Author

@liangyuanpeng liangyuanpeng May 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Necessary? when delete the release of triggers, it will be delete the namespace of shipwright-build.

like:

kubectl delete -f release-triggers.yaml

2 changes: 1 addition & 1 deletion chart/generated/role.yaml → deploy/200-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: shipwright-trigger
name: shipwright-triggers
rules:
- apiGroups:
- shipwright.io
Expand Down
28 changes: 28 additions & 0 deletions deploy/300-rolebinding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: shipwright-triggers
subjects:
- kind: ServiceAccount
name: shipwright-triggers
namespace: shipwright-build
roleRef:
kind: ClusterRole
name: shipwright-triggers
apiGroup: rbac.authorization.k8s.io

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: shipwright-triggers
namespace: shipwright-build
subjects:
- kind: ServiceAccount
name: shipwright-triggers
namespace: shipwright-build
roleRef:
kind: Role
name: shipwright-triggers
apiGroup: rbac.authorization.k8s.io
6 changes: 6 additions & 0 deletions deploy/400-serviceaccount.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: shipwright-triggers
namespace: shipwright-build
52 changes: 52 additions & 0 deletions deploy/500-controller.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: shipwright-triggers
namespace: shipwright-build
spec:
replicas: 1
selector:
matchLabels:
name: shipwright-triggers
template:
metadata:
labels:
name: shipwright-triggers
spec:
serviceAccountName: shipwright-triggers
containers:
- name: shipwright-trigger
image: ko://github.com/shipwright-io/triggers
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: BUILD_CONTROLLER_LEADER_ELECTION_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTROLLER_NAME
value: "shipwright-build"
- name: GIT_ENABLE_REWRITE_RULE
value: "false"
ports:
- containerPort: 8080
name: metrics-port
livenessProbe:
httpGet:
path: /metrics
port: metrics-port
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /metrics
port: metrics-port
initialDelaySeconds: 5
periodSeconds: 10
28 changes: 28 additions & 0 deletions hack/release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash

# Copyright The Shipwright Contributors
#
# SPDX-License-Identifier: Apache-2.0

set -euo pipefail

GO_FLAGS=${GO_FLAGS:-""}

echo "Logging into container registry $IMAGE_HOST"
echo "$REGISTRY_PASSWORD" | ko login -u "$REGISTRY_USERNAME" --password-stdin "$IMAGE_HOST"

echo "Building container image"

echo "Adding io.shipwright.vcs-ref label with value: ${GITHUB_SHA}"

KO_DOCKER_REPO="${IMAGE_HOST}/${IMAGE_NAMESPACE}" GOFLAGS="${GO_FLAGS}" ko resolve \
--base-import-paths \
--tags "${TAG}" \
--image-label "io.shipwright.vcs-ref=${GITHUB_SHA}" \
--platform=all -R -f deploy/ > release.yaml

KO_DOCKER_REPO="${IMAGE_HOST}/${IMAGE_NAMESPACE}" GOFLAGS="${GO_FLAGS} -tags=pprof_enabled" ko resolve \
--base-import-paths \
--tags "${TAG}-debug" \
--image-label "io.shipwright.vcs-ref=${GITHUB_SHA}" \
--platform=all -R -f deploy/ > release-debug.yaml