diff --git a/.github/workflows/pr_pre-commit.yml b/.github/workflows/pr_pre-commit.yml index e88d5eec..6e66b844 100644 --- a/.github/workflows/pr_pre-commit.yml +++ b/.github/workflows/pr_pre-commit.yml @@ -18,7 +18,7 @@ jobs: with: persist-credentials: false fetch-depth: 0 - - uses: stackabletech/actions/run-pre-commit@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 + - uses: stackabletech/actions/run-pre-commit@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 with: python-version: ${{ env.PYTHON_VERSION }} hadolint: ${{ env.HADOLINT_VERSION }} diff --git a/.yamllint.yaml b/.yamllint.yaml index 5b315dc4..fe477af6 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -14,6 +14,9 @@ rules: comments: min-spaces-from-content: 1 # Needed due to https://github.com/adrienverge/yamllint/issues/443 comments-indentation: disable # This is generally useless and interferes with commented example values + braces: + max-spaces-inside: 1 + max-spaces-inside-empty: 0 yaml-files: - '*.yaml' diff --git a/config/retired_files.yaml b/config/retired_files.yaml index 27fbe62f..374056ca 100644 --- a/config/retired_files.yaml +++ b/config/retired_files.yaml @@ -3,6 +3,5 @@ # This is uncommented as I had issues with everything being deleted when this was just present as an empty key. # May be something to investigate. retired_files: - - .github/ISSUE_TEMPLATE/bug_report.yml - .readme/static/borrowed/sdp_overview.png - - bors.toml + - .github/workflows/build.yml diff --git a/config/versions.yaml b/config/versions.yaml index 51e3dc8c..4f467198 100644 --- a/config/versions.yaml +++ b/config/versions.yaml @@ -30,3 +30,5 @@ python_version: 3.14 # Usually the latest version should just work and as such the version here can # be bumped without any constraints. nix_pkg_manager_version: 2.30.0 + +jinja2_cli_version: 0.8.2 diff --git a/template/.github/workflows/build.yaml.j2 b/template/.github/workflows/build.yaml.j2 new file mode 100644 index 00000000..d0a33e40 --- /dev/null +++ b/template/.github/workflows/build.yaml.j2 @@ -0,0 +1,238 @@ +# ============= +# This file is automatically generated from the templates in stackabletech/operator-templating +# DON'T MANUALLY EDIT THIS FILE +# ============= +--- +name: Build {[ operator.name }] Artifacts + +permissions: {} + +on: + push: + branches: + - main + tags: + - '[0-9][0-9].[0-9]+.[0-9]+-rc[0-9]+' + - '[0-9][0-9].[0-9]+.[0-9]+' + schedule: + # Run every Saturday morning: https://crontab.guru/#15_3_*_*_6 + - cron: '15 3 * * 6' + pull_request: + paths: + - '.github/workflows/build.yaml' + - 'rust-toolchain.toml' + - '.dockerignore' + - 'deploy/**' + - '.cargo/**' + - 'docker/**' + - 'Cargo.*' + - '*.rs' + +env: + OPERATOR_NAME: "{[ operator.name }]" + RUST_NIGHTLY_TOOLCHAIN_VERSION: "{[ rust_nightly_version }]" + NIX_PKG_MANAGER_VERSION: "{[ nix_pkg_manager_version }]" + RUST_TOOLCHAIN_VERSION: "{[ rust_version }]" + HADOLINT_VERSION: "{[ hadolint_version }]" + PYTHON_VERSION: "{[ python_version }]" + CARGO_TERM_COLOR: always + +jobs: + cargo-udeps: + name: Run cargo-udeps + runs-on: ubuntu-latest + env: + RUSTC_BOOTSTRAP: 1 + steps: + - name: Install host dependencies + uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + with: + packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https + version: ubuntu-latest + + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + submodules: recursive + + - name: Install Rust ${{ env.RUST_TOOLCHAIN_VERSION }} toolchain + uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + with: + toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} + + - name: Setup Rust Cache + uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 + with: + cache-all-crates: "true" + key: udeps + + - name: Install cargo-udeps + uses: stackabletech/cargo-install-action@8f7dbbcd2ebe22717efc132d0dd61e80841994b9 # cargo-udeps + + - name: Run cargo-udeps + run: cargo udeps --workspace --all-targets + + build-container-image: + name: Build/Publish ${{ matrix.runner.arch }} Image + needs: + - cargo-udeps + permissions: + id-token: write + strategy: + fail-fast: false + matrix: + runner: + - { name: "ubuntu-latest", arch: "amd64" } + - { name: "ubicloud-standard-8-arm", arch: "arm64" } + runs-on: ${{ matrix.runner.name }} + outputs: + operator-version: ${{ steps.version.outputs.OPERATOR_VERSION }} + steps: + - name: Install host dependencies + uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + with: + packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https + version: ${{ matrix.runner.name }} + + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + submodules: recursive + + - name: Update/Extract Operator Version + id: version + if: github.event_name == 'pull_request' + env: + PR_BASE_REF: ${{ github.event.pull_request.base.ref }} + PR_NUMBER: ${{ github.event.pull_request.number }} + GITHUB_DEBUG: ${{ runner.debug }} + shell: bash + run: | + set -euo pipefail + [ -n "$GITHUB_DEBUG" ] && set -x + CURRENT_VERSION=$(cargo metadata --format-version 1 --no-deps | jq -r '.packages[0].version') + if [ "$PR_BASE_REF" == 'main' ]; then + NEW_VERSION="0.0.0-pr$PR_NUMBER" + else + NEW_VERSION="$CURRENT_VERSION-pr$PR_NUMBER" + fi + sed -i "s/version = \"${CURRENT_VERSION}\"/version = \"${NEW_VERSION}\"/" Cargo.toml + echo "OPERATOR_VERSION=$NEW_VERSION" | tee -a "$GITHUB_OUTPUT" + - name: Install Nix + uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31.5.2 + + - name: Install Rust ${{ env.RUST_TOOLCHAIN_VERSION }} Toolchain + uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + with: + toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} + + - name: Build Container Image + id: build + uses: stackabletech/actions/build-container-image@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 + with: + image-name: ${{ env.OPERATOR_NAME }} + image-index-manifest-tag: ${{ steps.version.outputs.OPERATOR_VERSION }} + build-arguments: VERSION=${{ steps.version.outputs.OPERATOR_VERSION }} + container-file: docker/Dockerfile + + - name: Publish Container Image + uses: stackabletech/actions/publish-image@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 + with: + image-registry-uri: oci.stackable.tech + image-registry-username: robot$sdp+github-action-build + image-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} + image-repository: sdp/${{ env.OPERATOR_NAME }} + image-manifest-tag: ${{ steps.build.outputs.image-manifest-tag }} + source-image-uri: ${{ steps.build.outputs.image-manifest-uri }} + + publish-index-manifest: + name: Publish/Sign ${{ needs.build-container-image.outputs.operator-version }} Index + needs: + - build-container-image + permissions: + id-token: write + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: Publish and Sign Image Index + uses: stackabletech/actions/publish-image-index-manifest@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 + with: + image-registry-uri: oci.stackable.tech + image-registry-username: robot$sdp+github-action-build + image-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} + image-repository: sdp/${{ env.OPERATOR_NAME }} + image-index-manifest-tag: ${{ needs.build-container-image.outputs.operator-version }} + + publish-helm-chart: + name: Package/Publish ${{ needs.build-container-image.outputs.operator-version }} Helm Chart + needs: + - build-container-image + permissions: + id-token: write + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + submodules: recursive + + - name: Package, Publish, and Sign Helm Chart + uses: stackabletech/actions/publish-helm-chart@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 + with: + chart-registry-uri: oci.stackable.tech + chart-registry-username: robot$sdp-charts+github-action-build + chart-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }} + chart-repository: sdp-charts + chart-directory: deploy/helm/${{ env.OPERATOR_NAME }} + chart-version: ${{ needs.build-container-image.outputs.operator-version }} + app-version: ${{ needs.build-container-image.outputs.operator-version }} + + openshift-preflight-check: + name: Run OpenShift Preflight Check for ${{ needs.build-container-image.outputs.operator-version }}-${{ matrix.arch }} + needs: + - build-container-image + - publish-index-manifest + strategy: + fail-fast: false + matrix: + arch: + - amd64 + - arm64 + runs-on: ubuntu-latest + steps: + - name: Run OpenShift Preflight Check + uses: stackabletech/actions/run-openshift-preflight@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 + with: + image-index-uri: oci.stackable.tech/sdp/${{ env.OPERATOR_NAME }}:${{ needs.build-container-image.outputs.operator-version }} + image-architecture: ${{ matrix.arch }} + + notify: + name: Failure Notification + needs: + - build-container-image + - publish-index-manifest + - publish-helm-chart + runs-on: ubuntu-latest + if: failure() || github.run_attempt > 1 + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: Send Notification + uses: stackabletech/actions/send-slack-notification@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 + with: + publish-helm-chart-result: ${{ needs.publish-helm-chart.result }} + publish-manifests-result: ${{ needs.publish-index-manifest.result }} + build-result: ${{ needs.build-container-image.result }} + slack-token: ${{ secrets.SLACK_CONTAINER_IMAGE_TOKEN }} + channel-id: C07UG6JH44F # notifications-container-images + type: container-image-build diff --git a/template/.github/workflows/integration-test.yml b/template/.github/workflows/integration-test.yml index b49b7712..0f9f268e 100644 --- a/template/.github/workflows/integration-test.yml +++ b/template/.github/workflows/integration-test.yml @@ -41,7 +41,7 @@ jobs: # TODO: Enable the scheduled runs which hard-code what profile to use - name: Run Integration Test id: test - uses: stackabletech/actions/run-integration-test@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 + uses: stackabletech/actions/run-integration-test@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 with: replicated-api-token: ${{ secrets.REPLICATED_API_TOKEN }} test-mode-input: ${{ inputs.test-mode-input }} @@ -51,7 +51,7 @@ jobs: - name: Send Notification if: ${{ failure() || github.run_attempt > 1 }} - uses: stackabletech/actions/send-slack-notification@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 + uses: stackabletech/actions/send-slack-notification@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 with: slack-token: ${{ secrets.SLACK_INTEGRATION_TEST_TOKEN }} failed-tests: ${{ steps.test.outputs.failed-tests }} diff --git a/template/.github/workflows/pr_pre-commit.yaml.j2 b/template/.github/workflows/pr_pre-commit.yaml.j2 index 074df5c9..fb99204b 100644 --- a/template/.github/workflows/pr_pre-commit.yaml.j2 +++ b/template/.github/workflows/pr_pre-commit.yaml.j2 @@ -11,6 +11,7 @@ env: RUST_TOOLCHAIN_VERSION: "{[ rust_nightly_version }]" HADOLINT_VERSION: "{[ hadolint_version }]" PYTHON_VERSION: "{[ python_version }]" + JINJA2_CLI_VERSION: "{[ jinja2_cli_version }]" jobs: pre-commit: @@ -26,10 +27,11 @@ jobs: persist-credentials: false submodules: recursive fetch-depth: 0 - - uses: stackabletech/actions/run-pre-commit@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 + - uses: stackabletech/actions/run-pre-commit@29bea1b451c0c2e994bd495969286f95bf49ed6a # v0.11.0 with: python-version: ${{ env.PYTHON_VERSION }} rust: ${{ env.RUST_TOOLCHAIN_VERSION }} hadolint: ${{ env.HADOLINT_VERSION }} nix: ${{ env.NIX_PKG_MANAGER_VERSION }} nix-github-token: ${{ secrets.GITHUB_TOKEN }} + jinja2-cli: ${{ env.JINJA2_CLI_VERSION }} diff --git a/template/.yamllint.yaml b/template/.yamllint.yaml index 08bf167f..020cb5f0 100644 --- a/template/.yamllint.yaml +++ b/template/.yamllint.yaml @@ -13,3 +13,6 @@ rules: indentation: indent-sequences: consistent comments-indentation: disable # This is generally useless and interferes with commented example values + braces: + max-spaces-inside: 1 + max-spaces-inside-empty: 0 diff --git a/template/Makefile.j2 b/template/Makefile.j2 index fc128743..710e8200 100644 --- a/template/Makefile.j2 +++ b/template/Makefile.j2 @@ -9,17 +9,11 @@ .PHONY: build publish -TAG := $(shell git rev-parse --short HEAD) OPERATOR_NAME := {[ operator.name }] VERSION := $(shell cargo metadata --format-version 1 | jq -r '.packages[] | select(.name=="stackable-${OPERATOR_NAME}") | .version') -ARCH := $(shell uname -m | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#') OCI_REGISTRY_HOSTNAME := oci.stackable.tech OCI_REGISTRY_PROJECT_IMAGES := sdp -OCI_REGISTRY_PROJECT_CHARTS := sdp-charts -# This will be overwritten by an environmental variable if called from the github action -HELM_CHART_NAME := ${OPERATOR_NAME} -HELM_CHART_ARTIFACT := target/helm/${OPERATOR_NAME}-${VERSION}.tgz SHELL=/usr/bin/env bash -euo pipefail @@ -33,73 +27,6 @@ render-docs: docker-build: docker build --force-rm --build-arg VERSION=${VERSION} -t "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}" -f docker/Dockerfile . -docker-publish: - # Push to Harbor - # We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot) - docker login --username '${value OCI_REGISTRY_SDP_USERNAME}' --password '${OCI_REGISTRY_SDP_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}' - DOCKER_OUTPUT=$$(docker push --all-tags '${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}');\ - # Obtain the digest of the pushed image from the output of `docker push`, because signing by tag is deprecated and will be removed from cosign in the future\ - REPO_DIGEST_OF_IMAGE=$$(echo "$$DOCKER_OUTPUT" | awk '/^${VERSION}-${ARCH}: digest: sha256:[0-9a-f]{64} size: [0-9]+$$/ { print $$3 }');\ - if [ -z "$$REPO_DIGEST_OF_IMAGE" ]; then\ - echo 'Could not find repo digest for container image: ${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}';\ - exit 1;\ - fi;\ - # This generates a signature and publishes it to the registry, next to the image\ - # Uses the keyless signing flow with Github Actions as identity provider\ - cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ - # Generate the SBOM for the operator image, this leverages the already generated SBOM for the operator binary by cargo-cyclonedx\ - syft scan --output cyclonedx-json@1.5=sbom.json --select-catalogers "-cargo-auditable-binary-cataloger,+sbom-cataloger" --scope all-layers --source-name "${OPERATOR_NAME}" --source-version "${VERSION}-${ARCH}" "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ - # Determine the PURL for the container image\ - URLENCODED_REPO_DIGEST_OF_IMAGE=$$(echo "$$REPO_DIGEST_OF_IMAGE" | sed 's/:/%3A/g');\ - PURL="pkg:oci/${OPERATOR_NAME}@$$URLENCODED_REPO_DIGEST_OF_IMAGE?arch=${ARCH}&repository_url=${OCI_REGISTRY_HOSTNAME}%2F${OCI_REGISTRY_PROJECT_IMAGES}%2F${OPERATOR_NAME}";\ - # Get metadata from the image\ - IMAGE_DESCRIPTION=$$(docker inspect --format='{{.Config.Labels.description}}' "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}");\ - IMAGE_NAME=$$(docker inspect --format='{{.Config.Labels.name}}' "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}");\ - # Merge the SBOM with the metadata for the operator\ - jq -s '{"metadata":{"component":{"description":"'"$$IMAGE_NAME. $$IMAGE_DESCRIPTION"'","supplier":{"name":"Stackable GmbH","url":["https://stackable.tech/"]},"author":"Stackable GmbH","purl":"'"$$PURL"'","publisher":"Stackable GmbH"}}} * .[0]' sbom.json > sbom.merged.json;\ - # Attest the SBOM to the image\ - cosign attest -y --predicate sbom.merged.json --type cyclonedx "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE" - -# This assumes "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-amd64 and "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-arm64 are built and pushed -docker-manifest-list-build: - docker manifest create "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}" --amend "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-amd64" --amend "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-arm64" - -docker-manifest-list-publish: - # Push to Harbor - # We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot) - docker login --username '${value OCI_REGISTRY_SDP_USERNAME}' --password '${OCI_REGISTRY_SDP_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}' - DIGEST_HARBOR=$$(docker manifest push "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}");\ - # Refer to image via its digest (oci.stackable.tech/sdp/airflow@sha256:0a1b2c...);\ - # This generates a signature and publishes it to the registry, next to the image\ - # Uses the keyless signing flow with Github Actions as identity provider\ - cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}@$$DIGEST_HARBOR" - -# TODO remove if not used/needed -docker: docker-build docker-publish - -print-docker-tag: - @echo "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}" - -helm-publish: - # Push to Harbor - # We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot) - helm registry login --username '${value OCI_REGISTRY_SDP_CHARTS_USERNAME}' --password '${OCI_REGISTRY_SDP_CHARTS_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}' - # Obtain the digest of the pushed artifact from the output of `helm push`, because signing by tag is deprecated and will be removed from cosign in the future\ - HELM_OUTPUT=$$(helm push '${HELM_CHART_ARTIFACT}' 'oci://${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}' 2>&1);\ - REPO_DIGEST_OF_ARTIFACT=$$(echo "$$HELM_OUTPUT" | awk '/^Digest: sha256:[0-9a-f]{64}$$/ { print $$2 }');\ - if [ -z "$$REPO_DIGEST_OF_ARTIFACT" ]; then\ - echo 'Could not find repo digest for helm chart: ${HELM_CHART_NAME}';\ - exit 1;\ - fi;\ - # Login to Harbor, needed for cosign to be able to push the signature for the Helm chart\ - docker login --username '${value OCI_REGISTRY_SDP_CHARTS_USERNAME}' --password '${OCI_REGISTRY_SDP_CHARTS_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}';\ - # This generates a signature and publishes it to the registry, next to the chart artifact\ - # Uses the keyless signing flow with Github Actions as identity provider\ - cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}/${HELM_CHART_NAME}@$$REPO_DIGEST_OF_ARTIFACT" - -helm-package: - mkdir -p target/helm && helm package --destination target/helm deploy/helm/${OPERATOR_NAME} - ## Chart related targets compile-chart: version crds config @@ -133,14 +60,7 @@ regenerate-charts: chart-clean compile-chart regenerate-nix: nix run --extra-experimental-features "nix-command flakes" -f . regenerateNixLockfiles -build: regenerate-charts regenerate-nix helm-package docker-build - -# This target is used by the CI -# It doesn't make use of any nix dependencies and thus aviods building the -# operator unnecessarily often. -build-ci: regenerate-charts helm-package docker-build - -publish: docker-publish helm-publish +build: regenerate-charts regenerate-nix docker-build check-nix: @which nix || (echo "Error: 'nix' is not installed. Please install it to proceed."; exit 1) diff --git a/template/docker/Dockerfile.j2 b/template/docker/Dockerfile.j2 index d6f3b595..9e3fbcf9 100644 --- a/template/docker/Dockerfile.j2 +++ b/template/docker/Dockerfile.j2 @@ -21,6 +21,8 @@ FROM oci.stackable.tech/sdp/ubi9-rust-builder:latest AS builder FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS operator ARG VERSION +# NOTE (@Techassi): This is required for OpenShift/Red Hat certification +# Keeping this as "1" seems to be fine since a couple of years /shrug ARG RELEASE="1" # These are chosen at random and are this high on purpose to have very little chance to clash with an existing user or group on the host system