From f975c12a4dfcc25519b7cab98663013f2c374127 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Tue, 19 Apr 2022 09:31:30 +0200 Subject: [PATCH 01/19] add package-and-push-oci command --- src/commands/package-and-push-oci.yaml | 94 ++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 src/commands/package-and-push-oci.yaml diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml new file mode 100644 index 00000000..10312484 --- /dev/null +++ b/src/commands/package-and-push-oci.yaml @@ -0,0 +1,94 @@ +parameters: + app_catalog: + type: "string" + description: | + Set this to an OCI registry with a specific subpath, e.g. + `oci://giantswarmpublic.azurecr.io/charts/`. Last slash is mandatory. + app_catalog_test: + type: "string" + description: | + Set this to an OCI registry with a specific subpath, e.g. + `oci://giantswarmpublic.azurecr.io/test_charts/`. Last slash is mandatory. + chart: + type: "string" + on_tag: + type: boolean + default: true + description: | + When this is `false`, commits to `master` will be pushed to `app_catalog` instead of `app_catalog_test`. + Set this to `false` for deployments that follow a a master branch for production releases rather than + using tags (the default). + explicit_allow_chart_name_mismatch: + type: boolean + default: false + description: | + If 'explicit_allow_chart_name_mismatch' is set to true, the name of the chart can be anything. + Otherwise the name set in the 'chart' parameter must start with the repository name and optionally continue with '-app'. + Does not have any effect for 'executor: app-build-suite'. + persist_chart_archive: + type: boolean + default: false + description: | + When this is `true`, the packaged chart archive will be persisted to the workspace. + Set this to `true`, if you're planning to execute tests using app-test-suite. +steps: + - when: + condition: << parameters.on_tag >> + steps: + - run: + name: "architect/package-and-push: Determine target app catalog based on presence of tag" + command: | + [ -z ${CIRCLE_TAG} ] && echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name + echo -n ${CIRCLE_TAG} | tee .reference + - unless: + condition: << parameters.on_tag >> + steps: + - run: + name: "architect/package-and-push: Determine target app catalog based on branch name" + command: | + [[ ${CIRCLE_BRANCH} == master ]] && echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name + echo -n ${CIRCLE_SHA1} | tee .reference + - unless: + condition: << parameters.explicit_allow_chart_name_mismatch >> + steps: + - run: + name: Verify chart parameters + command: | + CHART_NAME="<< parameters.chart >>" + [[ ${CHART_NAME%-app} == ${CIRCLE_PROJECT_REPONAME%-app} ]] && exit 0 || echo "chart parameter value should match ${CIRCLE_PROJECT_REPONAME%-app} or ${CIRCLE_PROJECT_REPONAME%-app}-app" ; exit 1 + - run: + name: Package the chart archive + command: | + mkdir build && helm package ./helm/<< parameters.chart >> --destination ./build + - when: + condition: << parameters.persist_chart_archive >> + steps: + - persist_to_workspace: + root: build + paths: + - "<< parameters.chart >>*.tgz" + - run: + name: Push chart archive to OCI registy app catalog + command: | + readonly app_catalog_name="$(cat .app_catalog_name)" + readonly reference="$(cat .reference)" + + ret=1 + tries=4 + for i in $(seq 1 $tries) ; do + echo "====> Attempt $i: Running: helm push ../build/*.tgz $app_catalog_name" + set +e + helm push ../build/*.tgz $app_catalog_name + ret=$? + set -e + + [[ $ret -eq 0 ]] && exit $ret + + sleep 5 + done + + echo "Giving up after $tries failures." >&2 + echo "Error pushing changes. See known errors in:" >&2 + echo "https://github.com/giantswarm/architect-orb/blob/master/README.md#push-to-app-catalog" >&2 + + exit $ret From b2562166a308702e069a8f9bb55721aba5b3290b Mon Sep 17 00:00:00 2001 From: kubasobon Date: Tue, 19 Apr 2022 09:32:08 +0200 Subject: [PATCH 02/19] update CHANGELOG --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c3a06f5..75b2fbd5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Add `package-and-push-oci` command. + ## [4.16.0] - 2022-04-13 ### Changed @@ -54,7 +58,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update `architect` version to [`v6.3.0`](https://github.com/giantswarm/architect/releases/tag/v6.3.0). - Updates Go version to 1.17.8. -- Update Go version used in `machine install` command to 1.17.8. +- Update Go version used in `machine install` command to 1.17.8. ## [4.13.0] - 2022-02-18 From 63f6f45865b9dbcc4146072964528b9bd56ec2d2 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Tue, 19 Apr 2022 13:39:42 +0200 Subject: [PATCH 03/19] add default values --- src/commands/package-and-push-oci.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 10312484..6fc611f4 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -1,11 +1,13 @@ parameters: app_catalog: type: "string" + default: "oci://giantswarmpublic.azurecr.io/charts/" description: | Set this to an OCI registry with a specific subpath, e.g. `oci://giantswarmpublic.azurecr.io/charts/`. Last slash is mandatory. app_catalog_test: type: "string" + default: "oci://giantswarmpublic.azurecr.io/test_charts/" description: | Set this to an OCI registry with a specific subpath, e.g. `oci://giantswarmpublic.azurecr.io/test_charts/`. Last slash is mandatory. From e7b95efb987e58fac991610e1fa742366485f5cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kuba=20Sobo=C5=84?= Date: Tue, 19 Apr 2022 14:59:54 +0200 Subject: [PATCH 04/19] fix typos Co-authored-by: Ross Fairbanks --- src/commands/package-and-push-oci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 6fc611f4..fde66483 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -70,7 +70,7 @@ steps: paths: - "<< parameters.chart >>*.tgz" - run: - name: Push chart archive to OCI registy app catalog + name: Push chart archive to OCI registry app catalog command: | readonly app_catalog_name="$(cat .app_catalog_name)" readonly reference="$(cat .reference)" From f2179957e5d1d811b45083dee3a86c5ae8a4da3d Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 12:21:43 +0200 Subject: [PATCH 05/19] auth to AzureCR --- src/commands/package-and-push-oci.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 6fc611f4..c674f359 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -69,6 +69,16 @@ steps: root: build paths: - "<< parameters.chart >>*.tgz" + - when: + condition: + or: + - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} + - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} + steps: + - run: + name: "architect/package-and-push-oci: Authenticate to AzureCR" + command: | + helm registry login giantswarmpublic.azurecr.io --username ${AZURE_CLIENTID} --password ${AZURE_CLIENTSECRET} - run: name: Push chart archive to OCI registy app catalog command: | From 0a2af48f5f37e47181deffa550da9ebc2d36f0b5 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 12:22:58 +0200 Subject: [PATCH 06/19] fix command names --- src/commands/package-and-push-oci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index c674f359..f6b020cd 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -38,7 +38,7 @@ steps: condition: << parameters.on_tag >> steps: - run: - name: "architect/package-and-push: Determine target app catalog based on presence of tag" + name: "architect/package-and-push-oci: Determine target app catalog based on presence of tag" command: | [ -z ${CIRCLE_TAG} ] && echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name echo -n ${CIRCLE_TAG} | tee .reference @@ -46,7 +46,7 @@ steps: condition: << parameters.on_tag >> steps: - run: - name: "architect/package-and-push: Determine target app catalog based on branch name" + name: "architect/package-and-push-oci: Determine target app catalog based on branch name" command: | [[ ${CIRCLE_BRANCH} == master ]] && echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name echo -n ${CIRCLE_SHA1} | tee .reference From ebd268ac0a15664b160284da373bc74c1b865ffd Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 12:25:35 +0200 Subject: [PATCH 07/19] quote username and password --- src/commands/package-and-push-oci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 356d30cb..42e8b720 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -78,7 +78,7 @@ steps: - run: name: "architect/package-and-push-oci: Authenticate to AzureCR" command: | - helm registry login giantswarmpublic.azurecr.io --username ${AZURE_CLIENTID} --password ${AZURE_CLIENTSECRET} + helm registry login giantswarmpublic.azurecr.io --username "${AZURE_CLIENTID}" --password "${AZURE_CLIENTSECRET}" - run: name: Push chart archive to OCI registry app catalog command: | From 90777938eaead7ab5b1d4bc94c6a90677bf5ed34 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 12:28:02 +0200 Subject: [PATCH 08/19] fix conditions --- src/commands/package-and-push-oci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 42e8b720..6bb99342 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -70,7 +70,6 @@ steps: paths: - "<< parameters.chart >>*.tgz" - when: - condition: or: - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} From 0997c5f47477273a15a69085ddea512ca8cd5f32 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 12:39:50 +0200 Subject: [PATCH 09/19] fix formatting --- src/commands/package-and-push-oci.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 6bb99342..b96a1bb8 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -70,14 +70,15 @@ steps: paths: - "<< parameters.chart >>*.tgz" - when: - or: - - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} - - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} - steps: - - run: - name: "architect/package-and-push-oci: Authenticate to AzureCR" - command: | - helm registry login giantswarmpublic.azurecr.io --username "${AZURE_CLIENTID}" --password "${AZURE_CLIENTSECRET}" + condition: + or: + - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} + - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} + steps: + - run: + name: "architect/package-and-push-oci: Authenticate to AzureCR" + command: | + helm registry login giantswarmpublic.azurecr.io --username "${AZURE_CLIENTID}" --password "${AZURE_CLIENTSECRET}" - run: name: Push chart archive to OCI registry app catalog command: | From 32a6c3713e195a3990a94a57b2d74c4f46310965 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 12:55:12 +0200 Subject: [PATCH 10/19] parameterize Azure credentials --- src/commands/package-and-push-oci.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index b96a1bb8..3ec6486d 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -33,6 +33,12 @@ parameters: description: | When this is `true`, the packaged chart archive will be persisted to the workspace. Set this to `true`, if you're planning to execute tests using app-test-suite. + password_envar: + type: "string" + default: AZURE_CLIENTSECRET + username_envar: + type: "string" + default: AZURE_CLIENTID steps: - when: condition: << parameters.on_tag >> @@ -78,7 +84,7 @@ steps: - run: name: "architect/package-and-push-oci: Authenticate to AzureCR" command: | - helm registry login giantswarmpublic.azurecr.io --username "${AZURE_CLIENTID}" --password "${AZURE_CLIENTSECRET}" + helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: name: Push chart archive to OCI registry app catalog command: | From 9d90269c20ce0c2fe0f54e4a912cf05101faecdc Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 13:00:51 +0200 Subject: [PATCH 11/19] add package-and-push-oci-with-abs command --- .../package-and-push-oci-with-abs.yaml | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 src/commands/package-and-push-oci-with-abs.yaml diff --git a/src/commands/package-and-push-oci-with-abs.yaml b/src/commands/package-and-push-oci-with-abs.yaml new file mode 100644 index 00000000..4b852a61 --- /dev/null +++ b/src/commands/package-and-push-oci-with-abs.yaml @@ -0,0 +1,112 @@ +parameters: + app_catalog: + type: "string" + default: "oci://giantswarmpublic.azurecr.io/charts/" + description: | + Set this to an OCI registry with a specific subpath, e.g. + `oci://giantswarmpublic.azurecr.io/charts/`. Last slash is mandatory. + app_catalog_test: + type: "string" + default: "oci://giantswarmpublic.azurecr.io/test_charts/" + description: | + Set this to an OCI registry with a specific subpath, e.g. + `oci://giantswarmpublic.azurecr.io/test_charts/`. Last slash is mandatory. + chart: + type: "string" + on_tag: + type: boolean + default: true + description: | + When this is `false`, commits to `master` will be pushed to `app_catalog` instead of `app_catalog_test`. + Set this to `false` for deployments that follow a a master branch for production releases rather than + using tags (the default). + skip_conftest_deprek8ion: + type: boolean + default: false + description: | + When this is `true`, checking for deprecated manifest versions will be skipped. + persist_chart_archive: + type: boolean + default: false + description: | + When this is `true`, the packaged chart archive will be persisted to the workspace. + Set this to `true`, if you're planning to execute tests using app-test-suite. + password_envar: + type: "string" + default: AZURE_CLIENTSECRET + username_envar: + type: "string" + default: AZURE_CLIENTID +steps: + - when: + condition: << parameters.on_tag >> + steps: + - run: + name: "architect/package-and-push-oci-with-abs: Determine target app catalog based on presence of tag" + command: | + [ -z ${CIRCLE_TAG} ] && echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name + echo -n ${CIRCLE_TAG} | tee .reference + - unless: + condition: << parameters.on_tag >> + steps: + - run: + name: "architect/package-and-push-oci-with-abs: Determine target app catalog based on branch name" + command: | + [[ ${CIRCLE_BRANCH} == master ]] && echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name + echo -n ${CIRCLE_SHA1} | tee .reference + - run: + name: Verify chart parameters + command: | + CHART_NAME="<< parameters.chart >>" + [[ ${CHART_NAME%-app} == ${CIRCLE_PROJECT_REPONAME%-app} ]] && exit 0 || echo "chart parameter value should match ${CIRCLE_PROJECT_REPONAME%-app} or ${CIRCLE_PROJECT_REPONAME%-app}-app" ; exit 1 + - run: + name: Execute App Build Suite + command: | + mkdir build && python -m app_build_suite --chart-dir ./helm/<< parameters.chart >> --destination build --generate-metadata --catalog-base-url "https://giantswarm.github.io/$(cat .app_catalog_name)/" --keep-chart-changes + - when: + condition: << parameters.persist_chart_archive >> + steps: + - persist_to_workspace: + root: build + paths: + - "<< parameters.chart >>*.tgz" + - unless: + condition: << parameters.skip_conftest_deprek8ion >> + steps: + - helm-conftest: + chart: "<< parameters.chart >>" + - when: + condition: + or: + - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} + - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} + steps: + - run: + name: "architect/package-and-push-oci-with-abs: Authenticate to AzureCR" + command: | + helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" + - run: + name: Push chart archive to OCI registry app catalog + command: | + readonly app_catalog_name="$(cat .app_catalog_name)" + readonly reference="$(cat .reference)" + + ret=1 + tries=4 + for i in $(seq 1 $tries) ; do + echo "====> Attempt $i: Running: helm push ../build/*.tgz $app_catalog_name" + set +e + helm push ../build/*.tgz $app_catalog_name + ret=$? + set -e + + [[ $ret -eq 0 ]] && exit $ret + + sleep 5 + done + + echo "Giving up after $tries failures." >&2 + echo "Error pushing changes. See known errors in:" >&2 + echo "https://github.com/giantswarm/architect-orb/blob/master/README.md#push-to-app-catalog" >&2 + + exit $ret From 06aafe36ec818ddd3c6ea7a1255f996edbd6653d Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 13:44:31 +0200 Subject: [PATCH 12/19] update executor to bundle git and oci --- src/jobs/push-to-app-catalog.yaml | 82 +++++++++++++++++++++++++------ 1 file changed, 68 insertions(+), 14 deletions(-) diff --git a/src/jobs/push-to-app-catalog.yaml b/src/jobs/push-to-app-catalog.yaml index b6c637c8..ada60c3e 100644 --- a/src/jobs/push-to-app-catalog.yaml +++ b/src/jobs/push-to-app-catalog.yaml @@ -39,6 +39,16 @@ parameters: and packaging through https://github.com/giantswarm/app-build-suite The `app-build-suite` executor also enables metadata generation. Default: `architect` + push_to_appcatalog: + default: true + description: | + Push the chart to App Catalog git repository if this is `true`. + type: boolean + push_to_oci_registry: + default: false + description: | + Push the chart to OCI registry if this is `true`. + type: boolean resource_class: default: "small" description: | @@ -58,6 +68,16 @@ parameters: description: | When this is `true`, the packaged chart archive will be persisted to the workspace. Set this to `true`, if you're planning to execute tests using app-test-suite. + password_envar: + default: AZURE_CLIENTSECRET + description: | + Required if `push_to_oci_registry` is set to `true`. + type: "string" + username_envar: + default: AZURE_CLIENTID + description: | + Required if `push_to_oci_registry` is set to `true`. + type: "string" executor: "<< parameters.executor >>" resource_class: "<< parameters.resource_class >>" steps: @@ -85,13 +105,30 @@ steps: steps: - helm-conftest: chart: "<< parameters.chart >>" - - package-and-push: - app_catalog: << parameters.app_catalog >> - app_catalog_test: << parameters.app_catalog_test >> - chart: << parameters.chart >> - on_tag: << parameters.on_tag >> - explicit_allow_chart_name_mismatch: << parameters.explicit_allow_chart_name_mismatch >> - persist_chart_archive: << parameters.persist_chart_archive >> + - when: + condition: + equal: [<< parameters.push_to_appcatalog >>, true] + steps: + - package-and-push: + app_catalog: << parameters.app_catalog >> + app_catalog_test: << parameters.app_catalog_test >> + chart: << parameters.chart >> + on_tag: << parameters.on_tag >> + explicit_allow_chart_name_mismatch: << parameters.explicit_allow_chart_name_mismatch >> + persist_chart_archive: << parameters.persist_chart_archive >> + - when: + condition: + equal: [<< parameters.push_to_oci_registry >>, true] + steps: + - package-and-push-oci: + app_catalog: << parameters.app_catalog >> + app_catalog_test: << parameters.app_catalog_test >> + chart: << parameters.chart >> + on_tag: << parameters.on_tag >> + explicit_allow_chart_name_mismatch: << parameters.explicit_allow_chart_name_mismatch >> + persist_chart_archive: << parameters.persist_chart_archive >> + password_envar: << parameters.password_envar >> + username_envar: << parameters.username_envar >> - when: condition: equal: ["<< parameters.executor >>", "app-build-suite"] @@ -101,10 +138,27 @@ steps: show_go_version: false show_abs_version: true - prepare-catalogbot-git-ssh - - package-and-push-with-abs: - app_catalog: << parameters.app_catalog >> - app_catalog_test: << parameters.app_catalog_test >> - chart: << parameters.chart >> - on_tag: << parameters.on_tag >> - skip_conftest_deprek8ion: << parameters.skip_conftest_deprek8ion >> - persist_chart_archive: << parameters.persist_chart_archive >> + - when: + condition: + equal: [<< parameters.push_to_appcatalog >>, true] + steps: + - package-and-push-with-abs: + app_catalog: << parameters.app_catalog >> + app_catalog_test: << parameters.app_catalog_test >> + chart: << parameters.chart >> + on_tag: << parameters.on_tag >> + skip_conftest_deprek8ion: << parameters.skip_conftest_deprek8ion >> + persist_chart_archive: << parameters.persist_chart_archive >> + - when: + condition: + equal: [<< parameters.push_to_oci_registry >>, true] + steps: + - package-and-push-oci-with-abs: + app_catalog: << parameters.app_catalog >> + app_catalog_test: << parameters.app_catalog_test >> + chart: << parameters.chart >> + on_tag: << parameters.on_tag >> + skip_conftest_deprek8ion: << parameters.skip_conftest_deprek8ion >> + persist_chart_archive: << parameters.persist_chart_archive >> + password_envar: << parameters.password_envar >> + username_envar: << parameters.username_envar >> From 28948580d44d5b303fdd97bd86bf846f23c2f9ad Mon Sep 17 00:00:00 2001 From: kubasobon Date: Wed, 20 Apr 2022 13:47:59 +0200 Subject: [PATCH 13/19] rename old command --- ...-push-with-abs.yaml => package-and-push-git-with-abs.yaml} | 4 ++-- .../{package-and-push.yaml => package-and-push-git.yaml} | 4 ++-- src/jobs/push-to-app-catalog.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) rename src/commands/{package-and-push-with-abs.yaml => package-and-push-git-with-abs.yaml} (94%) rename src/commands/{package-and-push.yaml => package-and-push-git.yaml} (95%) diff --git a/src/commands/package-and-push-with-abs.yaml b/src/commands/package-and-push-git-with-abs.yaml similarity index 94% rename from src/commands/package-and-push-with-abs.yaml rename to src/commands/package-and-push-git-with-abs.yaml index f3b42d5e..07afa0b0 100644 --- a/src/commands/package-and-push-with-abs.yaml +++ b/src/commands/package-and-push-git-with-abs.yaml @@ -28,14 +28,14 @@ steps: condition: << parameters.on_tag >> steps: - run: - name: "architect/package-and-push: Determine target app catalog based on presence of tag" + name: "architect/package-and-push-git-with-abs: Determine target app catalog based on presence of tag" command: | [ -z ${CIRCLE_TAG} ] && echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name - unless: condition: << parameters.on_tag >> steps: - run: - name: "architect/package-and-push: Determine target app catalog based on branch name" + name: "architect/package-and-push-git-with-abs: Determine target app catalog based on branch name" command: | [[ ${CIRCLE_BRANCH} == master ]] && echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name - run: diff --git a/src/commands/package-and-push.yaml b/src/commands/package-and-push-git.yaml similarity index 95% rename from src/commands/package-and-push.yaml rename to src/commands/package-and-push-git.yaml index 4ece57cd..d0c5f4b3 100644 --- a/src/commands/package-and-push.yaml +++ b/src/commands/package-and-push-git.yaml @@ -30,14 +30,14 @@ steps: condition: << parameters.on_tag >> steps: - run: - name: "architect/package-and-push: Determine target app catalog based on presence of tag" + name: "architect/package-and-push-git: Determine target app catalog based on presence of tag" command: | [ -z ${CIRCLE_TAG} ] && echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name - unless: condition: << parameters.on_tag >> steps: - run: - name: "architect/package-and-push: Determine target app catalog based on branch name" + name: "architect/package-and-push-git: Determine target app catalog based on branch name" command: | [[ ${CIRCLE_BRANCH} == master ]] && echo -n '<< parameters.app_catalog >>' | tee .app_catalog_name || echo -n '<< parameters.app_catalog_test >>' | tee .app_catalog_name - unless: diff --git a/src/jobs/push-to-app-catalog.yaml b/src/jobs/push-to-app-catalog.yaml index ada60c3e..b96d8ec4 100644 --- a/src/jobs/push-to-app-catalog.yaml +++ b/src/jobs/push-to-app-catalog.yaml @@ -109,7 +109,7 @@ steps: condition: equal: [<< parameters.push_to_appcatalog >>, true] steps: - - package-and-push: + - package-and-push-git: app_catalog: << parameters.app_catalog >> app_catalog_test: << parameters.app_catalog_test >> chart: << parameters.chart >> @@ -142,7 +142,7 @@ steps: condition: equal: [<< parameters.push_to_appcatalog >>, true] steps: - - package-and-push-with-abs: + - package-and-push-git-with-abs: app_catalog: << parameters.app_catalog >> app_catalog_test: << parameters.app_catalog_test >> chart: << parameters.chart >> From bf14abf81d5d7847e073a0515c5a029509716c41 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Thu, 21 Apr 2022 11:40:59 +0200 Subject: [PATCH 14/19] always auth to AzureCR for OCI; build catalog name --- .../package-and-push-oci-with-abs.yaml | 24 ++++--------------- src/commands/package-and-push-oci.yaml | 24 ++++--------------- 2 files changed, 10 insertions(+), 38 deletions(-) diff --git a/src/commands/package-and-push-oci-with-abs.yaml b/src/commands/package-and-push-oci-with-abs.yaml index 4b852a61..92d690af 100644 --- a/src/commands/package-and-push-oci-with-abs.yaml +++ b/src/commands/package-and-push-oci-with-abs.yaml @@ -1,16 +1,8 @@ parameters: app_catalog: type: "string" - default: "oci://giantswarmpublic.azurecr.io/charts/" - description: | - Set this to an OCI registry with a specific subpath, e.g. - `oci://giantswarmpublic.azurecr.io/charts/`. Last slash is mandatory. app_catalog_test: type: "string" - default: "oci://giantswarmpublic.azurecr.io/test_charts/" - description: | - Set this to an OCI registry with a specific subpath, e.g. - `oci://giantswarmpublic.azurecr.io/test_charts/`. Last slash is mandatory. chart: type: "string" on_tag: @@ -75,20 +67,14 @@ steps: steps: - helm-conftest: chart: "<< parameters.chart >>" - - when: - condition: - or: - - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} - - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} - steps: - - run: - name: "architect/package-and-push-oci-with-abs: Authenticate to AzureCR" - command: | - helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" + - run: + name: "architect/package-and-push-oci-with-abs: Authenticate to AzureCR" + command: | + helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: name: Push chart archive to OCI registry app catalog command: | - readonly app_catalog_name="$(cat .app_catalog_name)" + readonly app_catalog_name="oci://giantswarmpublic.azurecr.io/$(cat .app_catalog_name)/" readonly reference="$(cat .reference)" ret=1 diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 3ec6486d..3dd4f70f 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -1,16 +1,8 @@ parameters: app_catalog: type: "string" - default: "oci://giantswarmpublic.azurecr.io/charts/" - description: | - Set this to an OCI registry with a specific subpath, e.g. - `oci://giantswarmpublic.azurecr.io/charts/`. Last slash is mandatory. app_catalog_test: type: "string" - default: "oci://giantswarmpublic.azurecr.io/test_charts/" - description: | - Set this to an OCI registry with a specific subpath, e.g. - `oci://giantswarmpublic.azurecr.io/test_charts/`. Last slash is mandatory. chart: type: "string" on_tag: @@ -75,20 +67,14 @@ steps: root: build paths: - "<< parameters.chart >>*.tgz" - - when: - condition: - or: - - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog >>"} - - matches: {pattern: "^giantswarmpublic.azurecr.io/.*$", value: "<< parameters.app_catalog_test >>"} - steps: - - run: - name: "architect/package-and-push-oci: Authenticate to AzureCR" - command: | - helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" + - run: + name: "architect/package-and-push-oci: Authenticate to AzureCR" + command: | + helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: name: Push chart archive to OCI registry app catalog command: | - readonly app_catalog_name="$(cat .app_catalog_name)" + readonly app_catalog_name="oci://giantswarmpublic.azurecr.io/$(cat .app_catalog_name)/" readonly reference="$(cat .reference)" ret=1 From 2173c44f97266011750f381bdd74323ef258f2ef Mon Sep 17 00:00:00 2001 From: kubasobon Date: Thu, 21 Apr 2022 11:47:29 +0200 Subject: [PATCH 15/19] avoid "directory exists" error --- src/commands/package-and-push-oci-with-abs.yaml | 2 +- src/commands/package-and-push-oci.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/package-and-push-oci-with-abs.yaml b/src/commands/package-and-push-oci-with-abs.yaml index 92d690af..3d543daa 100644 --- a/src/commands/package-and-push-oci-with-abs.yaml +++ b/src/commands/package-and-push-oci-with-abs.yaml @@ -54,7 +54,7 @@ steps: - run: name: Execute App Build Suite command: | - mkdir build && python -m app_build_suite --chart-dir ./helm/<< parameters.chart >> --destination build --generate-metadata --catalog-base-url "https://giantswarm.github.io/$(cat .app_catalog_name)/" --keep-chart-changes + mkdir -p build && python -m app_build_suite --chart-dir ./helm/<< parameters.chart >> --destination build --generate-metadata --catalog-base-url "https://giantswarm.github.io/$(cat .app_catalog_name)/" --keep-chart-changes - when: condition: << parameters.persist_chart_archive >> steps: diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 3dd4f70f..f5cb4ec7 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -59,7 +59,7 @@ steps: - run: name: Package the chart archive command: | - mkdir build && helm package ./helm/<< parameters.chart >> --destination ./build + mkdir -p build && helm package ./helm/<< parameters.chart >> --destination ./build - when: condition: << parameters.persist_chart_archive >> steps: From d0a2074922a268a9756d02e0fa0967fbcb0b35e4 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Thu, 21 Apr 2022 11:59:21 +0200 Subject: [PATCH 16/19] fix relative path --- src/commands/package-and-push-oci-with-abs.yaml | 4 ++-- src/commands/package-and-push-oci.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/commands/package-and-push-oci-with-abs.yaml b/src/commands/package-and-push-oci-with-abs.yaml index 3d543daa..5625751f 100644 --- a/src/commands/package-and-push-oci-with-abs.yaml +++ b/src/commands/package-and-push-oci-with-abs.yaml @@ -80,9 +80,9 @@ steps: ret=1 tries=4 for i in $(seq 1 $tries) ; do - echo "====> Attempt $i: Running: helm push ../build/*.tgz $app_catalog_name" + echo "====> Attempt $i: Running: helm push build/*.tgz $app_catalog_name" set +e - helm push ../build/*.tgz $app_catalog_name + helm push build/*.tgz $app_catalog_name ret=$? set -e diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index f5cb4ec7..bcbe9f36 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -80,9 +80,9 @@ steps: ret=1 tries=4 for i in $(seq 1 $tries) ; do - echo "====> Attempt $i: Running: helm push ../build/*.tgz $app_catalog_name" + echo "====> Attempt $i: Running: helm push build/*.tgz $app_catalog_name" set +e - helm push ../build/*.tgz $app_catalog_name + helm push build/*.tgz $app_catalog_name ret=$? set -e From 447283ee8c9e0b86edfe8a964cc925eeef035578 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Thu, 21 Apr 2022 12:13:03 +0200 Subject: [PATCH 17/19] parameterize OCI registry url --- src/commands/package-and-push-oci-with-abs.yaml | 7 +++++-- src/commands/package-and-push-oci.yaml | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/commands/package-and-push-oci-with-abs.yaml b/src/commands/package-and-push-oci-with-abs.yaml index 5625751f..8f6b7439 100644 --- a/src/commands/package-and-push-oci-with-abs.yaml +++ b/src/commands/package-and-push-oci-with-abs.yaml @@ -29,6 +29,9 @@ parameters: username_envar: type: "string" default: AZURE_CLIENTID + registry_url: + type: "string" + default: "giantswarmpublic.azurecr.io" steps: - when: condition: << parameters.on_tag >> @@ -70,11 +73,11 @@ steps: - run: name: "architect/package-and-push-oci-with-abs: Authenticate to AzureCR" command: | - helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" + helm registry login << parameters.registry_url >> --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: name: Push chart archive to OCI registry app catalog command: | - readonly app_catalog_name="oci://giantswarmpublic.azurecr.io/$(cat .app_catalog_name)/" + readonly app_catalog_name="oci://<< parameters.registry_url >>/$(cat .app_catalog_name)/" readonly reference="$(cat .reference)" ret=1 diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index bcbe9f36..9f0719cd 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -31,6 +31,9 @@ parameters: username_envar: type: "string" default: AZURE_CLIENTID + registry_url: + type: "string" + default: "giantswarmpublic.azurecr.io" steps: - when: condition: << parameters.on_tag >> @@ -70,11 +73,11 @@ steps: - run: name: "architect/package-and-push-oci: Authenticate to AzureCR" command: | - helm registry login giantswarmpublic.azurecr.io --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" + helm registry login << parameters.registry_url >> --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: name: Push chart archive to OCI registry app catalog command: | - readonly app_catalog_name="oci://giantswarmpublic.azurecr.io/$(cat .app_catalog_name)/" + readonly app_catalog_name="oci://<< parameters.registry_url >>/$(cat .app_catalog_name)/" readonly reference="$(cat .reference)" ret=1 From 035b929f842d289f0f0f515795e828e725349bf9 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Thu, 21 Apr 2022 12:13:58 +0200 Subject: [PATCH 18/19] change step title --- src/commands/package-and-push-oci-with-abs.yaml | 2 +- src/commands/package-and-push-oci.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/package-and-push-oci-with-abs.yaml b/src/commands/package-and-push-oci-with-abs.yaml index 8f6b7439..9c898f59 100644 --- a/src/commands/package-and-push-oci-with-abs.yaml +++ b/src/commands/package-and-push-oci-with-abs.yaml @@ -71,7 +71,7 @@ steps: - helm-conftest: chart: "<< parameters.chart >>" - run: - name: "architect/package-and-push-oci-with-abs: Authenticate to AzureCR" + name: "architect/package-and-push-oci-with-abs: Authenticate to the OCI registry" command: | helm registry login << parameters.registry_url >> --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: diff --git a/src/commands/package-and-push-oci.yaml b/src/commands/package-and-push-oci.yaml index 9f0719cd..873bfb69 100644 --- a/src/commands/package-and-push-oci.yaml +++ b/src/commands/package-and-push-oci.yaml @@ -71,7 +71,7 @@ steps: paths: - "<< parameters.chart >>*.tgz" - run: - name: "architect/package-and-push-oci: Authenticate to AzureCR" + name: "architect/package-and-push-oci: Authenticate to the OCI registry" command: | helm registry login << parameters.registry_url >> --username "${<< parameters.username_envar >>}" --password "${<< parameters.password_envar >>}" - run: From 884f61400f1add625614911023f202bcec142329 Mon Sep 17 00:00:00 2001 From: kubasobon Date: Thu, 21 Apr 2022 16:48:05 +0200 Subject: [PATCH 19/19] update CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75b2fbd5..6ba2180d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- Add `package-and-push-oci` command. +- Add support for pushing to OCI-based App catalogs. ## [4.16.0] - 2022-04-13