diff --git a/.gitignore b/.gitignore index 9da6ba232..9c96824f7 100644 --- a/.gitignore +++ b/.gitignore @@ -63,5 +63,5 @@ bundle/ faq _artifacts -bundle.Dockerfile +artifacts tmp diff --git a/Makefile b/Makefile index 511bdd3dc..3db2843ed 100644 --- a/Makefile +++ b/Makefile @@ -205,6 +205,12 @@ test/e2e/testrunner-openshift-packaging: test/openshift-package --action_env=APP_VERSION=$(APP_VERSION) \ --action_env=DOCKER_REGISTRY=$(DOCKER_REGISTRY) +# Run preflight checks for OpenShift. This expects a running OpenShift cluster. +# Eg. make test/preflight- +test/preflight-%: CONTAINER=$* +test/preflight-%: release/generate-bundle + @bazel run //hack:redhat-preflight -- $(CONTAINER) + # # Different dev targets # @@ -262,6 +268,7 @@ dev/up: dev/down .PHONY: dev/down dev/down: + @bazel build //hack/bin:k3d @hack/dev.sh down # # Targets that allow to install the operator on an existing cluster diff --git a/WORKSPACE b/WORKSPACE index 2d16e6fd8..24fde6992 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -108,9 +108,9 @@ container_pull( ################################ http_archive( name = "io_bazel_rules_k8s", - sha256 = "51f0977294699cd547e139ceff2396c32588575588678d2054da167691a227ef", - strip_prefix = "rules_k8s-0.6", - urls = ["https://github.com/bazelbuild/rules_k8s/archive/v0.6.tar.gz"], + strip_prefix = "rules_k8s-0.5", + urls = ["https://github.com/bazelbuild/rules_k8s/archive/v0.5.tar.gz"], + sha256 = "773aa45f2421a66c8aa651b8cecb8ea51db91799a405bd7b913d77052ac7261a", ) load("@io_bazel_rules_k8s//k8s:k8s.bzl", "k8s_repositories") diff --git a/build/release/teamcity-publish-openshift-bundle.sh b/build/release/teamcity-publish-openshift-bundle.sh index ca2b6a5a2..91dd3aa8d 100755 --- a/build/release/teamcity-publish-openshift-bundle.sh +++ b/build/release/teamcity-publish-openshift-bundle.sh @@ -17,38 +17,54 @@ set -euxo pipefail source "$(dirname "${0}")/teamcity-support.sh" +# Default values are defined for the certified bundle. +RH_PROJECT="5f5a433f9d6546ed7aa8634d" +RH_REGISTRY="scan.connect.redhat.com" +RH_REPO="ospid-857fe786-3eb7-4508-aafd-cc74c1b1dc24/cockroachdb-operator-bundle" +BUNDLE_DIR="bundle/cockroachdb-certified" -tc_start_block "Variable Setup" -VERSION="v"$(cat version.txt) -# Matching the version name regex from within the cockroach code except -# for the `metadata` part at the end because Docker tags don't support -# `+` in the tag name. -# https://github.com/cockroachdb/cockroach/blob/4c6864b44b9044874488cfedee3a31e6b23a6790/pkg/util/version/version.go#L75 -image_tag="$(echo "${VERSION}" | grep -E -o '^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[-.0-9A-Za-z]+)?$')" -# ^major ^minor ^patch ^preRelease - -if [[ -z "$image_tag" ]] ; then - echo "Invalid VERSION \"${VERSION}\". Must be of the format \"vMAJOR.MINOR.PATCH(-PRERELEASE)?\"." - exit 1 +# If this is the marketplace bundle, update accordingly. +if ! [[ -z "${MARKETPLACE}" ]]; then + RH_PROJECT="61765afbdd607bfc82e643b8" + RH_REPO="ospid-61765afbdd607bfc82e643b8/cockroachdb-operator-bundle-marketplace" + BUNDLE_DIR="bundle/cockroachdb-certified-rhmp" fi -rhel_registry="scan.connect.redhat.com" -rh_bundle_image_repository="ospid-857fe786-3eb7-4508-aafd-cc74c1b1dc24/cockroachdb-operator-bundle" -image="$rhel_registry/$rh_bundle_image_repository:$image_tag" +# If it's a dry run, add -dryrun to the image +if ! [[ -z "${DRY_RUN}" ]]; then RH_REPO="${RH_REPO}-dryrun"; fi -if ! [[ -z "${DRY_RUN}" ]] ; then - image="${image}-dryrun" -fi -tc_end_block "Variable Setup" +IMAGE="${RH_REGISTRY}/${RH_REPO}:${TAG}" + +main() { + docker_login "${RH_REGISTRY}" "${OPERATOR_REDHAT_REGISTRY_USER}" "${OPERATOR_REDHAT_REGISTRY_KEY}" + + generate_bundle + publish_bundle_image + run_preflight +} + +generate_bundle() { + # create the certified and marketplace bundles + tc_start_block "Generate bundle" + make release/generate-bundle + tc_end_block "Generate bundle" +} + +publish_bundle_image() { + tc_start_block "Make and push bundle image" + pushd "${BUNDLE_DIR}" + docker build -t "${IMAGE}" . + docker push "${IMAGE}" + popd -tc_start_block "Make and push docker images" -configure_docker_creds -docker_login "$rhel_registry" "$OPERATOR_BUNDLE_REDHAT_REGISTRY_USER" "$OPERATOR_BUNDLE_REDHAT_REGISTRY_KEY" + tc_end_block "Make and push bundle image" +} -# TODO(rail): switch to bazel generated images when it supports "FROM: scratch" -cd deploy/certified-metadata-bundle/cockroach-operator -docker build -t $image -f bundle.Dockerfile . -docker push $image +run_preflight() { + bazel build //hack/bin:preflight + PFLT_PYXIS_API_TOKEN="${REDHAT_API_TOKEN}" bazel-bin/hack/bin/preflight \ + check operator "${IMAGE}" --docker-config ~/.docker/config.json +} -tc_end_block "Make and push docker images" +main "$@" diff --git a/build/release/teamcity-publish-openshift.sh b/build/release/teamcity-publish-openshift.sh index f461a6ffc..d63b820fa 100755 --- a/build/release/teamcity-publish-openshift.sh +++ b/build/release/teamcity-publish-openshift.sh @@ -17,41 +17,37 @@ set -euxo pipefail source "$(dirname "${0}")/teamcity-support.sh" +RH_PROJECT_ID="5e6027425c5456060d5f6084" +RH_REGISTRY="scan.connect.redhat.com" +RH_OPERATOR_IMG="${RH_REGISTRY}/ospid-cf721588-ad8a-4618-938c-5191c5e10ae4/cockroachdb-operator:${TAG}" -tc_start_block "Variable Setup" -VERSION="v"$(cat version.txt) -# Matching the version name regex from within the cockroach code except -# for the `metadata` part at the end because Docker tags don't support -# `+` in the tag name. -# https://github.com/cockroachdb/cockroach/blob/4c6864b44b9044874488cfedee3a31e6b23a6790/pkg/util/version/version.go#L75 -image_tag="$(echo "${VERSION}" | grep -E -o '^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[-.0-9A-Za-z]+)?$')" -# ^major ^minor ^patch ^preRelease - -if [[ -z "$image_tag" ]] ; then - echo "Invalid VERSION \"${VERSION}\". Must be of the format \"vMAJOR.MINOR.PATCH(-PRERELEASE)?\"." - exit 1 -fi - -rhel_registry="scan.connect.redhat.com" - -dh_operator_image="docker.io/cockroachdb/cockroach-operator:$image_tag" -rh_operator_image_repository="$rhel_registry/ospid-cf721588-ad8a-4618-938c-5191c5e10ae4/cockroachdb-operator" - +OPERATOR_IMG="docker.io/cockroachdb/cockroach-operator:${TAG}" if ! [[ -z "${DRY_RUN}" ]] ; then - # The operator image doesn't use the "-dryrun" suffix, it's published in a - # separate repository. - dh_operator_image="docker.io/cockroachdb/cockroach-operator-misc:$image_tag" - image_tag="${image_tag}-dryrun" + OPERATOR_IMG="docker.io/cockroachdb/cockroach-operator-misc:${TAG}-dryrun" fi -tc_end_block "Variable Setup" - - -tc_start_block "Make and push docker images" -configure_docker_creds -docker_login "$rhel_registry" "$OPERATOR_REDHAT_REGISTRY_USER" "$OPERATOR_REDHAT_REGISTRY_KEY" - -docker pull "$dh_operator_image" -docker tag "$dh_operator_image" "$rh_operator_image_repository:$image_tag" -docker push "$rh_operator_image_repository:$image_tag" -tc_end_block "Make and push docker images" +main() { + docker_login "${RH_REGISTRY}" "${OPERATOR_REDHAT_REGISTRY_USER}" "${OPERATOR_REDHAT_REGISTRY_KEY}" + + publish_to_redhat + run_preflight +} + +publish_to_redhat() { + tc_start_block "Tag and release docker image" + docker pull "${OPERATOR_IMG}" + docker tag "${OPERATOR_IMG}" "${RH_OPERATOR_IMG}" + docker push "${RH_OPERATOR_IMG}" + tc_end_block "Tag and release docker image" +} + +run_preflight() { + bazel build //hack/bin:preflight + PFLT_PYXIS_API_TOKEN="${REDHAT_API_TOKEN}" bazel-bin/hack/bin/preflight \ + check container "${RH_OPERATOR_IMG}" \ + --certification-project-id="${RH_PROJECT_ID}" \ + --docker-config=/home/agent/.docker/config.json \ + --submit +} + +main "$@" diff --git a/build/release/teamcity-publish-release.sh b/build/release/teamcity-publish-release.sh index 233c65c9e..78430d80c 100755 --- a/build/release/teamcity-publish-release.sh +++ b/build/release/teamcity-publish-release.sh @@ -17,45 +17,45 @@ set -euxo pipefail source "$(dirname "${0}")/teamcity-support.sh" -tc_start_block "Variable Setup" -VERSION="v"$(cat version.txt) -# Matching the version name regex from within the cockroach code except -# for the `metadata` part at the end because Docker tags don't support -# `+` in the tag name. -# https://github.com/cockroachdb/cockroach/blob/4c6864b44b9044874488cfedee3a31e6b23a6790/pkg/util/version/version.go#L75 -image_tag="$(echo "${VERSION}" | grep -E -o '^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[-.0-9A-Za-z]+)?$')" -# ^major ^minor ^patch ^preRelease - -if [[ -z "$image_tag" ]] ; then - echo "Invalid VERSION \"${VERSION}\". Must be of the format \"vMAJOR.MINOR.PATCH(-PRERELEASE)?\"." - exit 1 -fi - -docker_registry="docker.io" -operator_image_repository="cockroachdb/cockroach-operator" - -if ! [[ -z "${DRY_RUN}" ]] ; then - operator_image_repository="cockroachdb/cockroach-operator-misc" -fi - -tc_end_block "Variable Setup" - -tc_start_block "Make and push docker images" -configure_docker_creds -docker_login "$docker_registry" "$OPERATOR_DOCKER_ID" "$OPERATOR_DOCKER_ACCESS_TOKEN" - -if docker_image_exists "$docker_registry/$operator_image_repository:$image_tag"; then - echo "Docker image $docker_registry/$operator_image_repository:$image_tag already exists" - if [[ -z "${FORCE}" ]] ; then - echo "Use FORCE=1 to force push the docker image." - echo "Alternatively you can delete the tag in Docker Hub." - exit 1 +REGISTRY="docker.io" +REPO="cockroachdb/cockroach-operator" +if ! [[ -z "${DRY_RUN}" ]] ; then REPO="${REPO}-misc"; fi + +OPERATOR_IMG="${REGISTRY}/${REPO}:${TAG}" + +main() { + docker_login "${REGISTRY}" "${OPERATOR_DOCKER_ID}" "${OPERATOR_DOCKER_ACCESS_TOKEN}" + + validate_image + publish_to_registry +} + +validate_image() { + tc_start_block "Ensure image should be pushed" + + if docker_image_exists "${OPERATOR_IMG}"; then + echo "Docker image ${OPERATOR_IMG} already exists!" + + if [[ -z "${FORCE}" ]] ; then + echo "Use FORCE=1 to force push the docker image." + echo "Alternatively you can delete the tag in Docker Hub." + exit 1 + fi + echo "Forcing docker push..." fi - echo "Forcing docker push..." -fi - -make \ - DOCKER_REGISTRY="$docker_registry" \ - DOCKER_IMAGE_REPOSITORY="$operator_image_repository" \ - release/image -tc_end_block "Make and push docker images" + + tc_end_block "Ensure image should be pushed" +} + +publish_to_registry() { + tc_start_block "Make and push docker image" + + make \ + DOCKER_REGISTRY="${REGISTRY}" \ + DOCKER_IMAGE_REPOSITORY="${REPO}" \ + release/image + + tc_end_block "Make and push docker image" +} + +main "$@" diff --git a/build/release/teamcity-support.sh b/build/release/teamcity-support.sh index 3a7d9e8b2..5bd3454db 100644 --- a/build/release/teamcity-support.sh +++ b/build/release/teamcity-support.sh @@ -12,6 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# Set below with call to ensure_valid_tag +export TAG="" + # Common helpers for teamcity-*.sh scripts. remove_files_on_exit() { @@ -29,10 +32,12 @@ tc_end_block() { } docker_login() { - local registry=$1 - local registry_user=$2 - local registry_token=$3 - echo "${registry_token}" | docker login --username "${registry_user}" --password-stdin $registry + configure_docker_creds + + local registry="${1}" + local registry_user="${2}" + local registry_token="${3}" + echo "${registry_token}" | docker login --username "${registry_user}" --password-stdin "${registry}" } configure_docker_creds() { @@ -55,3 +60,24 @@ docker_image_exists() { docker pull "$1" return $? } + +ensure_valid_tag() { + tc_start_block "Extracting image tag" + local version="v$(cat version.txt)" + + # Matching the version name regex from within the cockroach code except + # for the `metadata` part at the end because Docker tags don't support + # `+` in the tag name. + # https://github.com/cockroachdb/cockroach/blob/4c6864b44b9044874488cfedee3a31e6b23a6790/pkg/util/version/version.go#L75 + TAG="$(echo -n "${version}" | grep -E -o '^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[-.0-9A-Za-z]+)?$')" + # ^major ^minor ^patch ^preRelease + + if [[ -z "${TAG}" ]] ; then + echo "Invalid VERSION \"${version}\". Must be of the format \"vMAJOR.MINOR.PATCH(-PRERELEASE)?\"." + exit 1 + fi + + tc_end_block "Extracting image tag" +} + +ensure_valid_tag diff --git a/config/default/BUILD.bazel b/config/default/BUILD.bazel index ee54a426e..ea7ad4aab 100644 --- a/config/default/BUILD.bazel +++ b/config/default/BUILD.bazel @@ -34,6 +34,7 @@ k8s_deploy( # when running locally, use the image from the local codebase "cockroachdb/cockroach-operator:$(APP_VERSION)": "//cmd/cockroach-operator:operator_image", }, + resolver_args = ["--allow_unused_images"], template = ":manifest", ) diff --git a/config/manifests/bases/cockroach-operator.clusterserviceversion.yaml b/config/manifests/bases/cockroach-operator.clusterserviceversion.yaml index 5f932d754..93b255df1 100644 --- a/config/manifests/bases/cockroach-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/cockroach-operator.clusterserviceversion.yaml @@ -178,6 +178,7 @@ spec: - email: support@cockroachlabs.com name: Cockroach Labs Support maturity: stable + minKubeVersion: 1.18.0 provider: name: Cockroach Labs version: 0.0.0 diff --git a/config/templates/csv.yaml.in b/config/templates/csv.yaml.in index f46cf837d..30474b097 100644 --- a/config/templates/csv.yaml.in +++ b/config/templates/csv.yaml.in @@ -178,6 +178,7 @@ spec: - email: support@cockroachlabs.com name: Cockroach Labs Support maturity: stable + minKubeVersion: 1.18.0 provider: name: Cockroach Labs version: 0.0.0 diff --git a/hack/BUILD.bazel b/hack/BUILD.bazel index 0529b61b7..1e72dd7d2 100644 --- a/hack/BUILD.bazel +++ b/hack/BUILD.bazel @@ -129,6 +129,17 @@ sh_binary( ], ) +sh_binary( + name = "redhat-preflight", + srcs = ["redhat.sh"], + data = [ + JQ, + OPM, + "//hack/bin:preflight", + "@//:all-srcs", + ], +) + filegroup( name = "package-srcs", srcs = glob(["**"]), diff --git a/hack/bin/BUILD.bazel b/hack/bin/BUILD.bazel index 9fc2bc241..085909c03 100644 --- a/hack/bin/BUILD.bazel +++ b/hack/bin/BUILD.bazel @@ -38,6 +38,16 @@ genrule( visibility = ["//visibility:public"], ) +genrule( + name = "fetch_preflight", + srcs = select({ + ":k8": ["@preflight_linux//file"], + }), + outs = ["preflight"], + cmd = "cp $(SRCS) $@", + visibility = ["//visibility:public"], +) + genrule( name = "fetch_faq", srcs = select({ @@ -203,9 +213,9 @@ genrule( genrule( name = "fetch_opm", srcs = select({ - ":m1": ["@opm_darwin//file"], - ":darwin": ["@opm_darwin//file"], - ":k8": ["@opm_linux//file"], + ":m1": ["@opm_darwin//:file"], + ":darwin": ["@opm_darwin//:file"], + ":k8": ["@opm_linux//:file"], }), outs = ["opm"], cmd = "cp $(SRCS) $@", diff --git a/hack/bin/deps.bzl b/hack/bin/deps.bzl index 45bdebd20..3f3795db9 100644 --- a/hack/bin/deps.bzl +++ b/hack/bin/deps.bzl @@ -17,39 +17,46 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_pull") load("@bazel_gazelle//:deps.bzl", "go_repository") # This controls the version for all openshift binaries (opm, oc, opernshift-install, etc.) -OPENSHIFT_VERSION = "4.9.17" +OPENSHIFT_VERSION = "4.10.18" OPENSHIFT_REPO = "https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/{}".format(OPENSHIFT_VERSION) # filenames and versions from ${OPENSHIFT_REPO}/sha256sum.txt OPENSHIFT_BINS = { + "preflight": { + # currently, preflight is only available on linux + "preflight_linux": { + "url": "https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.2.1/preflight-linux-amd64", + "sha": "e5754a81d4baae4f4956fc0842179a3daeac4778e202450f886a9afb05d218ba", + }, + }, "oc": { "oc_darwin": { "url": "{}/openshift-client-mac-{}.tar.gz".format(OPENSHIFT_REPO, OPENSHIFT_VERSION), - "sha": "2b06b400ab929275b55d3dbb8d7c54b9f1dd17df0b50247b8fc24b9efc8b1566", + "sha": "285c307491d8ffd19c065a942515fda78e53f95289d4b4985aa4c92439f7f339", }, "oc_linux": { "url": "{}/openshift-client-linux-{}.tar.gz".format(OPENSHIFT_REPO, OPENSHIFT_VERSION), - "sha": "390268a64029f2aea7492f493034b75d4979f676f98762dbbf33eb0da5b294db", + "sha": "101bc7e11604b829157b3b314de3760eec857e55f51eeca978825307ff61c190", }, }, "openshift-install": { "openshift_darwin": { "url": "{}/openshift-install-mac-{}.tar.gz".format(OPENSHIFT_REPO, OPENSHIFT_VERSION), - "sha": "0c51934bfff15f8a8bf666bb9b15c894994afd87d838ffc5579e998f56110738", + "sha": "3a36acb92a6759d964a1af62512c747e075a2937a6368203d0598d804db10da2", }, "openshift_linux": { "url": "{}/openshift-install-linux-{}.tar.gz".format(OPENSHIFT_REPO, OPENSHIFT_VERSION), - "sha": "4213bf060c25a6f38f86f2245f1f28060185e8baa7431f272e726d50f0044604", + "sha": "27e6ccb60ce2c7dfe611e1639642277572af78a21c622a7443d5a19006b2e45b", }, }, "opm": { "opm_darwin": { "url": "{}/opm-mac-{}.tar.gz".format(OPENSHIFT_REPO, OPENSHIFT_VERSION), - "sha": "f6fb6205f242ffef62ac0f4db738b1c099d3302ebb98b23d94926ef2903ed5d8", + "sha": "36d7104b1fd29e77a880b63e3e1aa67639a48cca1fdf537411b40a0c36140dba", }, "opm_linux": { "url": "{}/opm-linux-{}.tar.gz".format(OPENSHIFT_REPO, OPENSHIFT_VERSION), - "sha": "f88d3dcc18950d8cd8512e460de5addcf11e8eb8f31ae675f0dd879908843747", + "sha": "6d422682fd688cbebc7818247005e2baf87675efef4931d2f0a2e744dc613b88", }, }, } @@ -71,6 +78,7 @@ def install(): install_operator_sdk() install_opm() install_openshift() + install_preflight() # Install golang.org/x/build as kubernetes/repo-infra requires it for the # build-tar bazel target. @@ -388,12 +396,18 @@ def install_opm(): versions = OPENSHIFT_BINS["opm"] for k, v in versions.items(): - http_file( - name = k, - executable = 1, - sha256 = v["sha"], - urls = [v["url"]], - ) + http_archive( + name = k, + sha256 = v["sha"], + urls = [v["url"]], + build_file_content = """ +filegroup( + name = "file", + srcs = ["opm"], + visibility = ["//visibility:public"], +) +""" + ) ## Fetch openshift-installer def install_openshift(): @@ -413,6 +427,17 @@ filegroup( """ ) +def install_preflight(): + versions = OPENSHIFT_BINS["preflight"] + + for k, v in versions.items(): + http_file( + name = k, + executable = 1, + sha256 = v["sha"], + urls = [v["url"]] + ) + ## Fetch crdb used in our container def install_crdb(): http_archive( diff --git a/hack/bundle.sh b/hack/bundle.sh index e46e1ae19..5646848a1 100755 --- a/hack/bundle.sh +++ b/hack/bundle.sh @@ -85,10 +85,19 @@ generate_bundle() { mv "${dir}/metadata/annotations.yaml.new" "${dir}/metadata/annotations.yaml" # add supported openshift versions - echo " com.redhat.openshift.versions: 4.7-4.9" >> "${dir}/metadata/annotations.yaml" + echo " com.redhat.openshift.versions: 4.7-4.10" >> "${dir}/metadata/annotations.yaml" # Update CSV with correct images, and timestamps adapt_csv "${dir}" "${img}" + + # move the dockerfile into the bundle directory and make it valid + sed \ + -e "/\s*tests\/scorecard/d" \ + -e "s+${dir}/++g" \ + bundle.Dockerfile > "${dir}/Dockerfile" + + rm bundle.Dockerfile + rm "${dir}/manifests/cockroach-operator-webhook-service_v1_service.yaml" } adapt_csv() { diff --git a/hack/redhat.sh b/hack/redhat.sh new file mode 100755 index 000000000..ba252a344 --- /dev/null +++ b/hack/redhat.sh @@ -0,0 +1,118 @@ +#!/usr/bin/env bash + +# Copyright 2022 The Cockroach Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -euo pipefail + +# include bazel binaries in the path +PATH="bazel-bin/hack/bin:${PATH}" + +# Global preflight settings +export PFLT_DOCKERCONFIG="${HOME}/.docker/config.json" +export PFLT_LOGLEVEL=debug + +OPERATOR="cockroachdb/cockroach-operator" +REGISTRY="gcr.io/${GCP_PROJECT}" +VERSION="$(cat version.txt)" +IMAGE="${OPERATOR}:v${VERSION}" +BUNDLE_IMAGE="${OPERATOR}-bundle:v${VERSION}" +BUNDLE_INDEX="${OPERATOR}-index:v${VERSION}" +RHMP_BUNDLE_IMAGE="${OPERATOR}-bundle-rhmp:v${VERSION}" +RHMP_BUNDLE_INDEX="${OPERATOR}-index-rhmp:v${VERSION}" + +main() { + # Switch to the build directory. The bundle directory is not part of source + # controller and therefore isn't a bazel target. This means when we run this + # script, there's no way to reference the Dockerfile created by the call to + # make release/generate-bundle (prerequisite of make test/preflight). By cd'ing + # into the build directory, we'll have access to _all_ the files. + if [[ -n "${BUILD_WORKSPACE_DIRECTORY}" ]]; then + cd "${BUILD_WORKSPACE_DIRECTORY}" + fi + + case "${1:-}" in + operator) + publish_operator_image + preflight_operator;; + bundle) + publish_bundle_image "${REGISTRY}/${BUNDLE_IMAGE}" "bundle/cockroachdb-certified" + publish_bundle_index "${REGISTRY}/${BUNDLE_IMAGE}" "${REGISTRY}/${BUNDLE_INDEX}" + preflight_bundle "${REGISTRY}/${BUNDLE_IMAGE}" "${REGISTRY}/${BUNDLE_INDEX}" + ensure_success;; + marketplace) + publish_bundle_image "${REGISTRY}/${RHMP_BUNDLE_IMAGE}" "bundle/cockroachdb-certified-rhmp" + publish_bundle_index "${REGISTRY}/${RHMP_BUNDLE_IMAGE}" "${REGISTRY}/${RHMP_BUNDLE_INDEX}" + preflight_bundle "${REGISTRY}/${RHMP_BUNDLE_IMAGE}" "${REGISTRY}/${RHMP_BUNDLE_INDEX}" + ensure_success;; + *) + echo "ERROR: Unknown command: ${1}" 1>&2 + echo "Usage bazel run //hack:redhat-preflight -- ." 1>&2 + exit 1;; + esac +} + +publish_operator_image() { + echo "Publishing operator image to local repo..." + APP_VERSION="v${VERSION}" \ + DOCKER_REGISTRY="${REGISTRY}" \ + DOCKER_IMAGE_REPOSITORY="${IMAGE%:*}" \ + bazel run --stamp --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 //:push_operator_image +} + +preflight_operator() { + echo "Running preflight checks on operator image..." + preflight check container "${REGISTRY}/${IMAGE}" \ + --docker-config "${HOME}/.docker/config.json" +} + +publish_bundle_image() { + local img="${1}" + local dir="${2}" + + echo "Publishing ${img}..." + pushd "${dir}" + docker build -t "${img}" . + docker push "${img}" + popd +} + +publish_bundle_index() { + local bundle_img="${1}" + local index_img="${2}" + + echo "Publishing ${index_img}..." + opm index add \ + --container-tool docker \ + --bundles "${bundle_img}" \ + --tag "${index_img}" +} + +preflight_bundle() { + local bundle_img="${1}" + local index_img="${2}" + + echo "Running preflight checks on bundle image..." + echo " IMAGE: ${bundle_img}" + + PFLT_INDEXIMAGE="${index_img}" preflight check operator "${bundle_img}" +} + +ensure_success() { + if [[ $(cat artifacts/results.json | jq -r .passed) == 'false' ]]; then + # error already displayed + exit 1 + fi +} + +main "$@" diff --git a/pkg/resource/BUILD.bazel b/pkg/resource/BUILD.bazel index f9d459125..34d3b85e1 100644 --- a/pkg/resource/BUILD.bazel +++ b/pkg/resource/BUILD.bazel @@ -57,8 +57,8 @@ go_library( go_test( name = "go_default_test", srcs = [ - "cluster_test.go", "certificate_test.go", + "cluster_test.go", "discovery_service_test.go", "pod_distruption_budget_test.go", "public_service_test.go", diff --git a/version.txt b/version.txt index 9aa34646d..24ba9a38d 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -2.7.0 \ No newline at end of file +2.7.0