Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the policy-controller release build process #6672

Merged
merged 23 commits into from
Aug 13, 2021
Merged

Update the policy-controller release build process #6672

Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
422ef7a
policy-controller: Update kube, k8s-openapi dependencies
olix0r Aug 11, 2021
5c28f0e
fixup tests
olix0r Aug 11, 2021
6f3f486
release: Use a temporary file-system for docker builds
olix0r Aug 12, 2021
04df5bc
only use fs hack with the policy controller
olix0r Aug 12, 2021
b13e516
restore dockerfile caching
olix0r Aug 12, 2021
fcafc31
better step name
olix0r Aug 12, 2021
ed8bb52
well, just wait for effing ever instead
olix0r Aug 13, 2021
7dab63c
try cross-building and packaging a multiarch manifest
olix0r Aug 13, 2021
4357884
debug
olix0r Aug 13, 2021
163503b
Use buildx
olix0r Aug 13, 2021
8c61485
fix dependencies
olix0r Aug 13, 2021
4682194
split manifest steps
olix0r Aug 13, 2021
86f297a
fixup manifest-create
olix0r Aug 13, 2021
59ba51a
fixup docker-build-policy-controller
olix0r Aug 13, 2021
a96a88e
fixup cargo deny for rustls
olix0r Aug 13, 2021
fb7ba71
enable log compatibility
olix0r Aug 13, 2021
c8a2d91
Merge branch 'ver/update-kube' into ver/dockerfs
olix0r Aug 13, 2021
3c76905
fixup tls dep
olix0r Aug 13, 2021
97deb73
Remove this branch from the release workflow
olix0r Aug 13, 2021
a4156dc
Merge branch 'main' into ver/dockerfs
olix0r Aug 13, 2021
6d41aff
Update the policy-controller release build process
olix0r Aug 13, 2021
22d4e5e
integration_tests needs to depend on policy_controller_manifest
olix0r Aug 13, 2021
3f83a1c
Windows CLI tests don't depend on the policy controller
olix0r Aug 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 62 additions & 3 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
strategy:
matrix:
# Keep in sync with integration_tests.yaml matrix build
target: [proxy, controller, policy-controller, metrics-api, web, cni-plugin, debug, cli-bin, grafana, jaeger-webhook, tap]
target: [proxy, controller, metrics-api, web, cni-plugin, debug, cli-bin, grafana, jaeger-webhook, tap]
name: Docker build (${{ matrix.target }})
timeout-minutes: 30
steps:
Expand Down Expand Up @@ -68,12 +68,65 @@ jobs:
with:
name: image-archives
path: /home/runner/archives

policy_controller_build:
runs-on: ubuntu-20.04
timeout-minutes: 30
strategy:
matrix:
arch: [amd64, arm64, arm]
name: Policy controller build (${{ matrix.arch }})
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0
- name: Checkout code
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- run: |
. bin/_tag.sh
echo "TAG=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> $GITHUB_ENV
- name: Build ${{ matrix.arch }}
run: |
echo "${{ secrets.DOCKER_GHCR_PAT }}" | docker login ghcr.io -u "${{ secrets.DOCKER_GHCR_USERNAME }}" --password-stdin
docker buildx build --push ./policy-controller/ \
-f ./policy-controller/${{ matrix.arch }}.dockerfile \
-t ghcr.io/linkerd/policy-controller:$TAG-${{ matrix.arch }}

policy_controller_manifest:
runs-on: ubuntu-20.04
timeout-minutes: 30
needs: [policy_controller_build]
name: Policy controller manifest
steps:
- name: Checkout code
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- run: |
. bin/_tag.sh
echo "TAG=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> $GITHUB_ENV
- name: Create multiarch manifest
run: |
docker manifest create ghcr.io/linkerd/policy-controller:${TAG} \
ghcr.io/linkerd/policy-controller:${TAG}-amd64 \
ghcr.io/linkerd/policy-controller:${TAG}-arm64 \
ghcr.io/linkerd/policy-controller:${TAG}-arm
- name: Annotate multiarch manifest
run: |
docker manifest annotate ghcr.io/linkerd/policy-controller:$TAG \
ghcr.io/linkerd/policy-controller:${TAG}-amd64 --os=linux --arch=amd64
docker manifest annotate ghcr.io/linkerd/policy-controller:$TAG \
ghcr.io/linkerd/policy-controller:${TAG}-arm64 --os=linux --arch=arm64
docker manifest annotate ghcr.io/linkerd/policy-controller:$TAG \
ghcr.io/linkerd/policy-controller:${TAG}-arm --os=linux --arch=arm
- name: Push multiarch manifest
run: |
echo "${{ secrets.DOCKER_GHCR_PAT }}" | docker login ghcr.io -u "${{ secrets.DOCKER_GHCR_USERNAME }}" --password-stdin
docker manifest push ghcr.io/linkerd/policy-controller:$TAG

# todo: Keep in sync with `integration_tests.yml`
windows_static_cli_tests:
name: Static CLI tests (windows)
timeout-minutes: 30
runs-on: windows-latest
needs: [docker_build]
needs: [docker_build, policy_controller_manifest]
steps:
- name: Checkout code
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
Expand Down Expand Up @@ -131,11 +184,12 @@ jobs:
# Validate the CLI version matches the current build tag.
[[ "$TAG" == "$($CMD version --short --client)" ]]
bin/tests --images preload --name ${{ matrix.integration_test }} "$CMD"

arm64_integration_tests:
name: ARM64 integration tests
timeout-minutes: 60
runs-on: ubuntu-20.04
needs: [docker_build]
needs: [docker_build, policy_controller_manifest]
steps:
- name: Checkout code
#if: startsWith(github.ref, 'refs/tags/stable')
Expand Down Expand Up @@ -180,6 +234,7 @@ jobs:
if: ${{ always() }}
# will fail if other steps didn't run, so ignore error
run: bin/test-cleanup "$CMD" || true

choco_pack:
# only runs for stable tags. The conditionals are at each step level instead of the job level
# otherwise the jobs below that depend on this one won't run
Expand Down Expand Up @@ -207,6 +262,7 @@ jobs:
with:
name: choco
path: ./linkerd.*.nupkg

gh_release:
name: Create GH release
timeout-minutes: 30
Expand Down Expand Up @@ -249,6 +305,7 @@ jobs:
./target/release/linkerd2-cli-*-linux-*
./target/release/linkerd2-cli-*-windows.*
./target/release/linkerd2-cli-*.nupkg

website_publish:
name: Linkerd website publish
timeout-minutes: 30
Expand All @@ -264,6 +321,7 @@ jobs:
token: ${{ secrets.RELEASE_TOKEN }}
repository: linkerd/website
event-type: release

website_publish_check:
name: Linkerd website publish check
timeout-minutes: 30
Expand Down Expand Up @@ -294,6 +352,7 @@ jobs:
echo "::error::The version '$TAG' was NOT found published in the website"
exit 1
fi

chart_deploy:
name: Helm chart deploy
timeout-minutes: 30
Expand Down
7 changes: 6 additions & 1 deletion bin/docker-build-policy-controller
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ bindir=$( cd "${BASH_SOURCE[0]%/*}" && pwd )
# shellcheck source=_tag.sh
. "$bindir"/_tag.sh

if [ -n "$DOCKER_MULTIARCH" ]; then
echo "DOCKER_MULTIARCH may not be set with $0" >&2
exit 1
fi

tag=$(head_root_tag)
ROOTDIR=$( cd "$bindir"/../policy-controller && pwd )
docker_build policy-controller "$tag" "$ROOTDIR/Dockerfile"
docker_build policy-controller "$tag" "$ROOTDIR/amd64.dockerfile"
Loading