feat: cert-manager monorepo setup (#1528)

keptn · Jun 26, 2023 · 0156f15 · 0156f15
1 parent 6770912
commit 0156f15
Show file tree

Hide file tree

Showing 4 changed files with 207 additions and 97 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,8 +21,12 @@ jobs:
   release-please:
     runs-on: ubuntu-22.04
     outputs:
-      tag_name: ${{ steps.release.outputs.tag_name }}
-      releases_created: ${{ steps.release.outputs.releases_created }}
+      klt-release-created: ${{ steps.release.outputs.release_created }}
+      klt-tag-name: ${{ steps.release.outputs.tag_name }}
+      cert-manager-release-created: ${{ steps.release.outputs.klt-cert-manager--release_created }}
+      cert-manager-tag-name: ${{ steps.release.outputs.klt-cert-manager--tag_name }}
+      releases-created: ${{ steps.release.outputs.releases_created }}
+      build-matrix: ${{ steps.build-matrix.outputs.result }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -36,33 +40,83 @@ jobs:
           default-branch: main
           signoff: "keptn-bot <86361500+keptn-bot@users.noreply.github.com>"
 
+      - name: Release Info
+        run: |
+          echo "Release KLT:              ${{ steps.release.outputs.release_created }}"
+          echo "Release KLT Cert Manager: ${{ steps.release.outputs.klt-cert-manager--release_created }}"
+          echo "Anything to release:      ${{ steps.release.outputs.releases_created }}"
+          echo "Paths to be released:     ${{ steps.release.outputs.paths_released }}"
+
+      - name: Create build matrix
+        id: build-matrix
+        uses: actions/github-script@v6
+        env:
+          RELEASE_KLT: ${{ steps.release.outputs.release_created }}
+          RELEASE_CERT_MANAGER: ${{ steps.release.outputs.klt-cert-manager--release_created }}
+          KLT_TAG: ${{ steps.release.outputs.tag_name }}
+          CERT_MANAGER_TAG: ${{ steps.release.outputs.klt-cert-manager--tag_name }}
+        with:
+          script: |
+            const { RELEASE_KLT, RELEASE_CERT_MANAGER, KLT_TAG, CERT_MANAGER_TAG } = process.env
+            const kltMatrix = [
+              {
+                  name: "lifecycle-operator",
+                  folder: "operator/",
+                  tagName: KLT_TAG
+              },
+              {
+                  name: "metrics-operator",
+                  folder: "metrics-operator/",
+                  tagName: KLT_TAG
+              },
+              {
+                  name: "scheduler",
+                  folder: "scheduler/",
+                  tagName: KLT_TAG
+              },
+              {
+                  name: "functions-runtime",
+                  folder: "functions-runtime/",
+                  tagName: KLT_TAG
+              },
+              {
+                  name: "python-runtime",
+                  folder: "python-runtime/",
+                  tagName: KLT_TAG
+              }
+            ]
+
+            const certManagerMatrix = [
+              {
+                  name: "certificate-operator",
+                  folder: "klt-cert-manager/",
+                  tagName: CERT_MANAGER_TAG
+              }
+            ]
+
+            let result = {}
+            if (RELEASE_KLT === "true" && RELEASE_CERT_MANAGER === "true") {
+                result = { config: [...kltMatrix, ...certManagerMatrix]}
+            } else if (RELEASE_KLT === "true") {
+                result = { config: kltMatrix }
+            } else if (RELEASE_CERT_MANAGER === "true") {
+                result = { config: certManagerMatrix }
+            }
+            return result
+
   build-release:
-    if: needs.release-please.outputs.releases_created == 'true'
+    if: needs.release-please.outputs.releases-created == 'true'
     needs:
       - release-please
     strategy:
-      matrix:
-        config:
-          - name: "lifecycle-operator"
-            folder: "operator/"
-          - name: "metrics-operator"
-            folder: "metrics-operator/"
-          - name: "scheduler"
-            folder: "scheduler/"
-          - name: "functions-runtime"
-            folder: "functions-runtime/"
-          - name: "python-runtime"
-            folder: "python-runtime/"
-          - name: "certificate-operator"
-            folder: "klt-cert-manager/"
+      matrix: ${{ fromJson(needs.release-please.outputs.build-matrix) }}
     runs-on: ubuntu-22.04
     permissions:
       contents: write
       packages: write
       id-token: write
     env:
       IMAGE_NAME: ghcr.io/keptn/${{ matrix.config.name }}
-      IMAGE_TAG: ${{ needs.release-please.outputs.tag_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -83,6 +137,15 @@ jobs:
       - name: Set up Cosign
         uses: sigstore/cosign-installer@v3.0.5
 
+      - name: Clean up image tag
+        id: clean-image-tag
+        env:
+          IMAGE_TAG: ${{ matrix.config.tagName }}
+        run: |
+          # Remove artifact prefix from tag so that we get clean image tags
+          temp="${IMAGE_TAG##klt-}"
+          echo "IMAGE_TAG=${temp##cert-manager-}" >> "$GITHUB_OUTPUT"
+
       - name: Build Docker Image
         id: docker_build_image
         uses: docker/build-push-action@v4
@@ -91,7 +154,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
           target: production
           tags: |
-            ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+            ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }}
           build-args: |
             GIT_HASH=${{ env.GIT_SHA }}
             RELEASE_VERSION=dev-${{ env.DATETIME }}
@@ -116,18 +179,18 @@ jobs:
       - name: Generate SBOM
         uses: anchore/sbom-action@v0.14.2
         with:
-          image: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          image: ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }}
           artifact-name: sbom-${{ matrix.config.name }}
           output-file: ./sbom-${{ matrix.config.name }}.spdx.json
 
       - name: Attach SBOM to release
         uses: softprops/action-gh-release@v1
         with:
-          tag_name: ${{ needs.release-please.outputs.tag_name }}
+          tag_name: ${{ matrix.config.tagName }}
           files: ./sbom-${{ matrix.config.name }}.spdx.json
 
   release-manifests:
-    if: needs.release-please.outputs.releases_created == 'true'
+    if: needs.release-please.outputs.releases-created == 'true'
     needs:
       - release-please
       - build-release
@@ -137,20 +200,31 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Cache build tools operator
+        if: needs.release-please.outputs.klt-release-created == 'true'
         id: cache-build-tools-operator
         uses: actions/cache@v3
         with:
           path: ./operator/bin
           key: build-tools-${{ github.ref_name }}
 
+      - name: Cache build tools metrics-operator
+        if: needs.release-please.outputs.klt-release-created == 'true'
+        id: cache-build-tools-metrics-operator
+        uses: actions/cache@v3
+        with:
+          path: ./metrics-operator/bin
+          key: build-tools-${{ github.ref_name }}
+
       - name: Cache build tools scheduler
+        if: needs.release-please.outputs.klt-release-created == 'true'
         id: cache-build-tools-scheduler
         uses: actions/cache@v3
         with:
           path: ./scheduler/bin
           key: build-tools-${{ github.ref_name }}
 
       - name: Cache build tools cert-manager
+        if: needs.release-please.outputs.cert-manager-release-created == 'true'
         id: cache-build-tools-klt-cert-manager
         uses: actions/cache@v3
         with:
@@ -163,10 +237,11 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
           check-latest: true
 
-      - name: Create manifests
+      - name: Create KLT manifest
+        if: needs.release-please.outputs.klt-release-created == 'true'
         env:
           RELEASE_REGISTRY: ghcr.io/keptn
-          CHART_APPVERSION: ${{ needs.release-please.outputs.tag_name }}
+          CHART_APPVERSION: ${{ needs.release-please.outputs.klt-tag-name }}
         run: |
           cd scheduler
           make release-manifests
@@ -189,33 +264,53 @@ jobs:
           ---
           EOF
           cat namespace.yaml \
-              operator/config/rendered/release.yaml \
-              scheduler/config/rendered/release.yaml \
-              klt-cert-manager/config/rendered/release.yaml \
-              metrics-operator/config/rendered/release.yaml > manifest.yaml
+            operator/config/rendered/release.yaml \
+            scheduler/config/rendered/release.yaml \
+            klt-cert-manager/config/rendered/release.yaml \
+            metrics-operator/config/rendered/release.yaml > klt-manifest.yaml
+
+      - name: Create Cert-Manager manifest
+        if: needs.release-please.outputs.cert-manager-release-created == 'true'
+        env:
+          RELEASE_REGISTRY: ghcr.io/keptn
+          CHART_APPVERSION: ${{ needs.release-please.outputs.cert-manager-tag-name }}
+        run: |
+          cd klt-cert-manager
+          make controller-gen release-manifests
+          cd ..
+          echo "---" >> klt-cert-manager/config/rendered/release.yaml
+          cat klt-cert-manager/config/rendered/release.yaml > cert-manager-manifest.yaml
+
+      - name: Attach KLT release assets
+        if: needs.release-please.outputs.klt-release-created == 'true'
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ needs.release-please.outputs.klt-tag-name }}
+          files: klt-manifest.yaml
 
-      - name: Attach release assets
+      - name: Attach Cert-Manager release assets
+        if: needs.release-please.outputs.cert-manager-release-created == 'true'
         uses: softprops/action-gh-release@v1
         with:
-          tag_name: ${{ needs.release-please.outputs.tag_name }}
-          files: manifest.yaml
+          tag_name: ${{ needs.release-please.outputs.cert-manager-tag-name }}
+          files: cert-manager-manifest.yaml
 
   update-docs:
     name: Update Documentation
     needs:
       - release-please
-    if: needs.release-please.outputs.releases_created == 'true'
+    if: needs.release-please.outputs.klt-release-created == 'true'
     with:
-      tag_name: ${{ needs.release-please.outputs.tag_name }}
+      tag_name: ${{ needs.release-please.outputs.klt-tag-name }}
     uses: keptn/docs-tooling/.github/workflows/release-docs.yml@v0.1.2
     secrets: inherit
 
   update-examples:
     name: Update examples
     needs:
       - release-please
-    if: needs.release-please.outputs.releases_created == 'true'
+    if: needs.release-please.outputs.klt-release-created == 'true'
     with:
-      tag_name: ${{ needs.release-please.outputs.tag_name }}
+      tag_name: ${{ needs.release-please.outputs.klt-tag-name }}
     uses: ./.github/workflows/release-examples.yml
     secrets: inherit
diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml
@@ -15,6 +15,6 @@ customRules:
   - "./docs/rules/max-one-sentence-per-line.js"
 
 ignores:
-  - "CHANGELOG.md"
+  - "**/CHANGELOG.md"
   - "node_modules"
   - "docs/tmp"
diff --git a/klt-cert-manager/Dockerfile b/klt-cert-manager/Dockerfile
@@ -36,7 +36,7 @@ FROM gcr.io/distroless/static-debian11:debug-nonroot AS debug
 
 LABEL org.opencontainers.image.source="https://github.com/keptn/lifecycle-toolkit" \
     org.opencontainers.image.url="https://keptn.sh" \
-    org.opencontainers.image.title="Keptn Lifecycle Certificate Manager" \
+    org.opencontainers.image.title="Keptn Lifecycle Toolkit Certificate Manager" \
     org.opencontainers.image.vendor="Keptn" \
     org.opencontainers.image.licenses="Apache-2.0"
 
@@ -49,7 +49,7 @@ FROM gcr.io/distroless/static-debian11:nonroot AS production
 
 LABEL org.opencontainers.image.source="https://github.com/keptn/lifecycle-toolkit/klt-cert-manager" \
     org.opencontainers.image.url="https://keptn.sh" \
-    org.opencontainers.image.title="Keptn Lifecycle Certificate Manager" \
+    org.opencontainers.image.title="Keptn Lifecycle Toolkit Certificate Manager" \
     org.opencontainers.image.vendor="Keptn" \
     org.opencontainers.image.licenses="Apache-2.0"