From c54b427411b5c2242f55482b1d3c2b26e4cb43a7 Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Thu, 23 Nov 2023 13:19:07 +0000 Subject: [PATCH 1/4] Fix bugs in release workflow --- .github/workflows/build-images.yaml | 4 ++-- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 4 ++-- Makefile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 13b90b2a..9098e283 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -122,7 +122,7 @@ jobs: run: make bundle REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} IMAGE_TAG=${{ github.sha }} - name: Run make bundle (release) if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} - run: make bundle fix-csv-replaces REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} VERSION=${TAG_NAME/v/} AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} CHANNELS=${{ github.event.inputs.channels }} + run: make bundle fix-csv-replaces REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} VERSION=${TAG_NAME/v/} AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} CHANNELS=${{ github.event.inputs.channels }} DEFAULT_CHANNEL=stable - name: Git diff run: git diff - name: Verify manifests and bundle (main) @@ -130,7 +130,7 @@ jobs: run: make verify-manifests verify-bundle REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} IMAGE_TAG=${{ github.sha }} - name: Verify manifests and bundle (release) if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} - run: make verify-manifests verify-bundle REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} VERSION=${TAG_NAME/v/} AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} CHANNELS=${{ github.event.inputs.channels }} + run: make verify-manifests verify-bundle REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} VERSION=${TAG_NAME/v/} AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} CHANNELS=${{ github.event.inputs.channels }} DEFAULT_CHANNEL=stable - name: Build Image id: build-image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cc46a8ed..e7a55bb3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -49,7 +49,7 @@ jobs: VERSION=${{ github.event.inputs.operatorVersion }} \ AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} \ CHANNELS=${{ github.event.inputs.channels }} \ - DEFAULT_CHANNEL=${{ github.event.inputs.channels }} \ + DEFAULT_CHANNEL=stable \ make prepare-release - name: Commit and push run: | diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 8bf203e6..6de4346a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -34,9 +34,9 @@ jobs: id: go - name: Check out code uses: actions/checkout@v3 - - name: Run make verify-bundle + - name: Verify the bundle run: | - make verify-bundle + make bundle verify-bundle verify-fmt: name: Verify fmt diff --git a/Makefile b/Makefile index 8e528252..8df86622 100644 --- a/Makefile +++ b/Makefile @@ -312,7 +312,7 @@ verify-manifests: manifests $(YQ) ## Verify manifests update. yq e -e '.metadata.annotations.containerImage == "$(OPERATOR_IMAGE)"' config/manifests/bases/authorino-operator.clusterserviceversion.yaml .PHONY: verify-bundle -verify-bundle: bundle $(YQ) ## Verify bundle update. +verify-bundle: $(YQ) ## Verify bundle update. git diff -I'^ containerImage:' -I'^ image:' --exit-code ./bundle [ -z "$$(git ls-files --other --exclude-standard --directory --no-empty-directory ./bundle)" ] yq e -e '.metadata.annotations.containerImage == "$(OPERATOR_IMAGE)"' bundle/manifests/authorino-operator.clusterserviceversion.yaml From 8014f829d761d13b4b25e486115bb5b0eef6bfde Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Thu, 23 Nov 2023 16:22:23 +0000 Subject: [PATCH 2/4] Store replaces version in file --- .github/workflows/build-images.yaml | 2 +- .github/workflows/test.yaml | 2 +- Makefile | 55 +++++++++++++++++++---------- 3 files changed, 38 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 9098e283..3b77568a 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -122,7 +122,7 @@ jobs: run: make bundle REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} IMAGE_TAG=${{ github.sha }} - name: Run make bundle (release) if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} - run: make bundle fix-csv-replaces REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} VERSION=${TAG_NAME/v/} AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} CHANNELS=${{ github.event.inputs.channels }} DEFAULT_CHANNEL=stable + run: make bundle REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} VERSION=${TAG_NAME/v/} AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} CHANNELS=${{ github.event.inputs.channels }} DEFAULT_CHANNEL=stable - name: Git diff run: git diff - name: Verify manifests and bundle (main) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6de4346a..1d083ad2 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@v3 - name: Verify the bundle run: | - make bundle verify-bundle + make verify-bundle verify-fmt: name: Verify fmt diff --git a/Makefile b/Makefile index 8df86622..1597efab 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,9 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) # Operator manifests (RBAC & CRD) OPERATOR_MANIFESTS ?= $(PROJECT_DIR)/config/install/manifests.yaml +# Bundle CSV +BUNDLE_CSV = bundle/manifests/authorino-operator.clusterserviceversion.yaml + # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false" @@ -83,8 +86,10 @@ AUTHORINO_BRANCH = v$(AUTHORINO_VERSION) AUTHORINO_IMAGE_TAG = v$(AUTHORINO_VERSION) endif -AUTHORINO_IMAGE_FILE ?= authorino_image -DEFAULT_AUTHORINO_IMAGE ?= $(shell cat $(AUTHORINO_IMAGE_FILE) || echo $(DEFAULT_REGISTRY)/$(DEFAULT_ORG)/authorino:latest) +# Build file used to store replaces/authorinoImage options. +BUILD_CONFIG_FILE ?= build.yaml +DEFAULT_AUTHORINO_IMAGE ?= $(shell $(YQ) e -e '.config.authorinoImage' $(BUILD_CONFIG_FILE) || echo $(DEFAULT_REGISTRY)/$(DEFAULT_ORG)/authorino:latest) +EXPECTED_DEFAULT_AUTHORINO_IMAGE = $(DEFAULT_REGISTRY)/$(DEFAULT_ORG)/authorino:$(AUTHORINO_IMAGE_TAG) all: build @@ -236,13 +241,16 @@ deploy-manifest: .PHONY: bundle bundle: export IMAGE_TAG := $(IMAGE_TAG) bundle: export BUNDLE_VERSION := $(BUNDLE_VERSION) -bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. +bundle: manifests kustomize operator-sdk $(YQ) ## Generate bundle manifests and metadata, then validate generated files. $(OPERATOR_SDK) generate kustomize manifests -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE) envsubst \ < config/manifests/bases/authorino-operator.clusterserviceversion.template.yaml \ > config/manifests/bases/authorino-operator.clusterserviceversion.yaml $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --version $(BUNDLE_VERSION) $(BUNDLE_METADATA_OPTS) --package authorino-operator + ($(YQ) e -e '.config.replaces' $(BUILD_CONFIG_FILE) && \ + V="$(shell $(YQ) e -e '.config.replaces' $(BUILD_CONFIG_FILE))" $(YQ) eval '.spec.replaces = strenv(V)' -i $(BUNDLE_CSV)) || \ + ($(YQ) eval '.' -i $(BUNDLE_CSV) && echo "no replaces added") $(OPERATOR_SDK) bundle validate ./bundle # Roll back edit cd config/manager && $(KUSTOMIZE) edit set image controller=${DEFAULT_OPERATOR_IMAGE} @@ -255,22 +263,29 @@ bundle-build: ## Build the bundle image. bundle-push: ## Push the bundle image. $(MAKE) docker-push OPERATOR_IMAGE=$(BUNDLE_IMG) -.PHONY: fix-csv-replaces -fix-csv-replaces: $(YQ) +.PHONY: create-build-file +create-build-file: $(YQ) + $(YQ) -n '.config' > $(BUILD_CONFIG_FILE) + +.PHONY: set-authorino-default-image +set-authorino-default-image: $(YQ) + @if [ "$(AUTHORINO_VERSION)" != "latest" ]; then\ + V="$(DEFAULT_REGISTRY)/$(DEFAULT_ORG)/authorino:$(AUTHORINO_IMAGE_TAG)" $(YQ) eval '.config.authorinoImage = strenv(V)' -i $(BUILD_CONFIG_FILE); \ + fi + +.PHONY: set-replaces-directive +set-replaces-directive: $(YQ) $(eval REPLACES_VERSION=$(shell curl -sSL -H "Accept: application/vnd.github+json" \ https://api.github.com/repos/Kuadrant/authorino-operator/releases/latest | \ jq -r '.name')) - V="authorino-operator.$(REPLACES_VERSION)" $(YQ) eval '.spec.replaces = strenv(V)' -i bundle/manifests/authorino-operator.clusterserviceversion.yaml + V="authorino-operator.$(REPLACES_VERSION)" $(YQ) e -i '.config.replaces = strenv(V)' $(BUILD_CONFIG_FILE) .PHONY: prepare-release prepare-release: + $(MAKE) create-build-file + $(MAKE) set-authorino-default-image + $(MAKE) set-replaces-directive $(MAKE) manifests bundle VERSION=$(VERSION) AUTHORINO_VERSION=$(AUTHORINO_VERSION) - @if [ "$(AUTHORINO_VERSION)" = "latest" ]; then\ - [ ! -e "$(AUTHORINO_IMAGE_FILE)" ] || rm $(AUTHORINO_IMAGE_FILE); \ - else \ - echo quay.io/kuadrant/authorino:$(AUTHORINO_IMAGE_TAG) > $(AUTHORINO_IMAGE_FILE); \ - fi - $(MAKE) fix-csv-replaces # A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). # These images MUST exist in a registry and be pull-able. @@ -306,17 +321,19 @@ catalog-push: ## Push a catalog image. .PHONY: verify-manifests verify-manifests: manifests $(YQ) ## Verify manifests update. - git diff -I'^ containerImage:' -I'^ image:' --exit-code ./config + git diff -I' containerImage:' -I' image:' --exit-code ./config [ -z "$$(git ls-files --other --exclude-standard --directory --no-empty-directory ./config)" ] - yq ea -e 'select([.][].kind == "Deployment").spec.template.spec.containers[0].image | . == "$(OPERATOR_IMAGE)"' config/deploy/manifests.yaml - yq e -e '.metadata.annotations.containerImage == "$(OPERATOR_IMAGE)"' config/manifests/bases/authorino-operator.clusterserviceversion.yaml + $(YQ) ea -e 'select([.][].kind == "Deployment") | select([.][].metadata.name == "authorino-operator").spec.template.spec.containers[0].image | . == "$(OPERATOR_IMAGE)"' config/deploy/manifests.yaml + $(YQ) ea -e 'select([.][].kind == "Deployment") | select([.][].metadata.name == "authorino-webhooks").spec.template.spec.containers[0].image | . == "$(EXPECTED_DEFAULT_AUTHORINO_IMAGE)"' config/deploy/manifests.yaml + $(YQ) e -e '.metadata.annotations.containerImage == "$(OPERATOR_IMAGE)"' config/manifests/bases/authorino-operator.clusterserviceversion.yaml .PHONY: verify-bundle -verify-bundle: $(YQ) ## Verify bundle update. - git diff -I'^ containerImage:' -I'^ image:' --exit-code ./bundle +verify-bundle: bundle $(YQ) ## Verify bundle update. + git diff -I' containerImage:' -I' image:' --exit-code ./bundle [ -z "$$(git ls-files --other --exclude-standard --directory --no-empty-directory ./bundle)" ] - yq e -e '.metadata.annotations.containerImage == "$(OPERATOR_IMAGE)"' bundle/manifests/authorino-operator.clusterserviceversion.yaml - yq e -e '.spec.install.spec.deployments[0].spec.template.spec.containers[0].image == "$(OPERATOR_IMAGE)"' bundle/manifests/authorino-operator.clusterserviceversion.yaml + $(YQ) e -e '.metadata.annotations.containerImage == "$(OPERATOR_IMAGE)"' $(BUNDLE_CSV) + $(YQ) e -e '.spec.install.spec.deployments[0].spec.template.spec.containers[0].image == "$(OPERATOR_IMAGE)"' $(BUNDLE_CSV) + $(YQ) e -e '.spec.install.spec.deployments[1].spec.template.spec.containers[0].image == "$(EXPECTED_DEFAULT_AUTHORINO_IMAGE)"' $(BUNDLE_CSV) .PHONY: verify-fmt verify-fmt: fmt ## Verify fmt update. From e7f9a2225fec7c748277c9f688ed5149671eed65 Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Fri, 24 Nov 2023 11:19:38 +0000 Subject: [PATCH 3/4] Update bundle CSV indentation --- ...horino-operator.clusterserviceversion.yaml | 764 +++++++++--------- 1 file changed, 382 insertions(+), 382 deletions(-) diff --git a/bundle/manifests/authorino-operator.clusterserviceversion.yaml b/bundle/manifests/authorino-operator.clusterserviceversion.yaml index 251865b4..d8cf8f64 100644 --- a/bundle/manifests/authorino-operator.clusterserviceversion.yaml +++ b/bundle/manifests/authorino-operator.clusterserviceversion.yaml @@ -38,408 +38,408 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: API to describe the desired protection for a service - displayName: AuthConfig - kind: AuthConfig - name: authconfigs.authorino.kuadrant.io - version: v1beta1 - - kind: AuthConfig - name: authconfigs.authorino.kuadrant.io - version: v1beta2 - - description: API to create instances of authorino - displayName: Authorino - kind: Authorino - name: authorinos.operator.authorino.kuadrant.io - version: v1beta1 + - description: API to describe the desired protection for a service + displayName: AuthConfig + kind: AuthConfig + name: authconfigs.authorino.kuadrant.io + version: v1beta1 + - kind: AuthConfig + name: authconfigs.authorino.kuadrant.io + version: v1beta2 + - description: API to create instances of authorino + displayName: Authorino + kind: Authorino + name: authorinos.operator.authorino.kuadrant.io + version: v1beta1 description: The operator to manage instances of Authorino displayName: Authorino Operator icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAHCklEQVR4nOzc72tWdQPH8e+tm/ecXGNO77mb3beZLgtkDxpCgT4IBBFqJT1YRqFS5oMS/BG5ioqhUc3IFKwHpqHSg9qDsCwIQeiBQoEotISyzcwa6bI5Nlyms8X4Lp1u1zzXub6f8/2ea+/XH3DO58GbXeec69opGhgYMIBrE3wPQGEiLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBR5HtAJI89uqytvT2fI2zetHnxkiXuFgn1d3eead44s3FLUXml7y3xpSOstvb24998m88Rurq63M0R6u/uPPlkw6VjZy+dbJi7uyW9bfFRGJBrVRljLh07++Mrz/heFB9hhWJ4VVbvgdZTL6z0Oio+wgrCyKqs7g+/+mX7855G5YWw/MtWldW5bf/5lh2Jj8oXYXk2dlVWR/POvtbDCY5ygLB8ilKVMeZq1+X2Dev7uzuT2uUAYXkTsSrrSltv+/o0XcgTlh85VWVd/PLUufdfU45yibA8iFGV1bF5X1outggraX2th+NVZZ1uesn1IgnCSlRf6+EfVj4duyr7RD4VT7YIKzm2qqtdl/M8Tue2/X/+dMLRKBXCSoirqqzTTc85OY4OYSXBbVX2DrH7iw9cHU2BsOScV2X9/NZ2twd0i7C0RFXZR6Yhf4dIWEK6qqyO5p3Bfs9DWCrqqux3iGf3btUdPx+EJZFAVdaFzw6pTxEPYbmXWFUhX2kRlmNJVmX9+t7exM4VHWG5lHxV9o9Wz5EDSZ4xCsJyxktV1rmP9iV/0rERlhseq7L/zxPacwfCcsBvVdbvH+/yePaRCCtfIVQ1GNbnB/0OuAlh5SWQquzvtIL6LQ1hxRdOVVb3oU98T7iOsGIKrarQPg0JK44Aq7KfhuHcGxJWzsKsyuo+2OJ7whDCyk3IVRljeo4f9T1hCGHl4HzLju8eXBVsVcaYi0dDuTEkrKjOt+w40xji7wiGu9LWG8hlFmFFkoqqrL4TX/ueYAgrkhRVNXiZdfSI7wmGsG4tXVUZY/7I7/XSrhDWWFJX1eBlVsdvvicYwhpLGquyj0l9TzCElVVKq7JCeNURYY0i1VUZY/p7LvieQFgjpL2qwev371t9TyCsGxVAVYPX7709vicQ1jCFUVUgCGtIIVUVwqMswjIFVpUx5q/ei74nEFbBVRWI8R4WVYmM67CoSmdchwWdcR3W9IY1M5vX+F5RmMZ1WLSlM97Doi0RwjKF19aEzBTfEwjrH4XU1uQ5c3xPIKxhCqkt7wjrBoXRVnGmzPcEwhqhANqafGet7wmENZq0t1VUNtX3BMLKItVtldYu9D2BsLJLaVsldVW+JxjCuoU0tlVc/R/fEwxh3Vrq2grhIRZhRZKutsrmL/A9wRBWVClqq3TePb4nGMLKQSraKq7JFJVX+l5hCCs30xvW3PXprokVk3wPyWrK/Hm+JwwhrNyU1i68Y8+7wbZVdvd83xOGEFbOQm6rfHGD7wlDCCuOMNsqqasK5AKLsOILsK1p9y/2PeE6woovtLbKFz3ke8J1hJWXcNoqqav6922h3BISlgOBtBXU5yBhuRFCW9MeXuXx7CMRlht+28rU14ZzP2gRljMe25rxyPLkTzo2wnLJS1vFNZmyBfVJnjEKwnIs+bb++9SKxM4VHWG5l2RbxTWZ6Q0h/uaCsCQSa2vqA4vUp4iHsFQSaGtixaSqFRt0x88HYQmp26puXB3aU4ZrCEtL11awV1cWYcmJ2vr/s2vdHtAtwkqC87am3De7fMnjro6mQFgJcdvWrKY3nRxHh7CS46qtynVLg/qFzKgIK1G2rXxer1BSV/W/tW84HSVBWEkrrV04d3dL7LZmNb3qepEEYXlQVF4Zr63ql5eH8IqiKAjLjxhtZeprZzzxonKUS4TlTU5tFddkbt/0jn6UM4TlU8S2JlZMmrP17WC/vRkVYXkWpa3qxtVpubS6hrD8G7utynVLQ/5OMBvCCkK2tsqX3ZuKp1YjEVYoRraVqa+d/foer6PiI6yADG+rpK4qXbeBNynyPSCSmrxf2FpRUeFoi5Zt60zzxpmNW9J1G3iTfw0MDPjegALERyEkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxI/B0AAP//uLJ9vDn6iowAAAAASUVORK5CYII= - mediatype: image/png + - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAHCklEQVR4nOzc72tWdQPH8e+tm/ecXGNO77mb3beZLgtkDxpCgT4IBBFqJT1YRqFS5oMS/BG5ioqhUc3IFKwHpqHSg9qDsCwIQeiBQoEotISyzcwa6bI5Nlyms8X4Lp1u1zzXub6f8/2ea+/XH3DO58GbXeec69opGhgYMIBrE3wPQGEiLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBR5HtAJI89uqytvT2fI2zetHnxkiXuFgn1d3eead44s3FLUXml7y3xpSOstvb24998m88Rurq63M0R6u/uPPlkw6VjZy+dbJi7uyW9bfFRGJBrVRljLh07++Mrz/heFB9hhWJ4VVbvgdZTL6z0Oio+wgrCyKqs7g+/+mX7855G5YWw/MtWldW5bf/5lh2Jj8oXYXk2dlVWR/POvtbDCY5ygLB8ilKVMeZq1+X2Dev7uzuT2uUAYXkTsSrrSltv+/o0XcgTlh85VWVd/PLUufdfU45yibA8iFGV1bF5X1outggraX2th+NVZZ1uesn1IgnCSlRf6+EfVj4duyr7RD4VT7YIKzm2qqtdl/M8Tue2/X/+dMLRKBXCSoirqqzTTc85OY4OYSXBbVX2DrH7iw9cHU2BsOScV2X9/NZ2twd0i7C0RFXZR6Yhf4dIWEK6qqyO5p3Bfs9DWCrqqux3iGf3btUdPx+EJZFAVdaFzw6pTxEPYbmXWFUhX2kRlmNJVmX9+t7exM4VHWG5lHxV9o9Wz5EDSZ4xCsJyxktV1rmP9iV/0rERlhseq7L/zxPacwfCcsBvVdbvH+/yePaRCCtfIVQ1GNbnB/0OuAlh5SWQquzvtIL6LQ1hxRdOVVb3oU98T7iOsGIKrarQPg0JK44Aq7KfhuHcGxJWzsKsyuo+2OJ7whDCyk3IVRljeo4f9T1hCGHl4HzLju8eXBVsVcaYi0dDuTEkrKjOt+w40xji7wiGu9LWG8hlFmFFkoqqrL4TX/ueYAgrkhRVNXiZdfSI7wmGsG4tXVUZY/7I7/XSrhDWWFJX1eBlVsdvvicYwhpLGquyj0l9TzCElVVKq7JCeNURYY0i1VUZY/p7LvieQFgjpL2qwev371t9TyCsGxVAVYPX7709vicQ1jCFUVUgCGtIIVUVwqMswjIFVpUx5q/ei74nEFbBVRWI8R4WVYmM67CoSmdchwWdcR3W9IY1M5vX+F5RmMZ1WLSlM97Doi0RwjKF19aEzBTfEwjrH4XU1uQ5c3xPIKxhCqkt7wjrBoXRVnGmzPcEwhqhANqafGet7wmENZq0t1VUNtX3BMLKItVtldYu9D2BsLJLaVsldVW+JxjCuoU0tlVc/R/fEwxh3Vrq2grhIRZhRZKutsrmL/A9wRBWVClqq3TePb4nGMLKQSraKq7JFJVX+l5hCCs30xvW3PXprokVk3wPyWrK/Hm+JwwhrNyU1i68Y8+7wbZVdvd83xOGEFbOQm6rfHGD7wlDCCuOMNsqqasK5AKLsOILsK1p9y/2PeE6woovtLbKFz3ke8J1hJWXcNoqqav6922h3BISlgOBtBXU5yBhuRFCW9MeXuXx7CMRlht+28rU14ZzP2gRljMe25rxyPLkTzo2wnLJS1vFNZmyBfVJnjEKwnIs+bb++9SKxM4VHWG5l2RbxTWZ6Q0h/uaCsCQSa2vqA4vUp4iHsFQSaGtixaSqFRt0x88HYQmp26puXB3aU4ZrCEtL11awV1cWYcmJ2vr/s2vdHtAtwkqC87am3De7fMnjro6mQFgJcdvWrKY3nRxHh7CS46qtynVLg/qFzKgIK1G2rXxer1BSV/W/tW84HSVBWEkrrV04d3dL7LZmNb3qepEEYXlQVF4Zr63ql5eH8IqiKAjLjxhtZeprZzzxonKUS4TlTU5tFddkbt/0jn6UM4TlU8S2JlZMmrP17WC/vRkVYXkWpa3qxtVpubS6hrD8G7utynVLQ/5OMBvCCkK2tsqX3ZuKp1YjEVYoRraVqa+d/foer6PiI6yADG+rpK4qXbeBNynyPSCSmrxf2FpRUeFoi5Zt60zzxpmNW9J1G3iTfw0MDPjegALERyEkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxI/B0AAP//uLJ9vDn6iowAAAAASUVORK5CYII= + mediatype: image/png install: spec: clusterPermissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps/status - verbs: - - delete - - get - - patch - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorino.kuadrant.io - resources: - - authconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authorino.kuadrant.io - resources: - - authconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - update - - apiGroups: - - operator.authorino.kuadrant.io - resources: - - authorinos - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - operator.authorino.kuadrant.io - resources: - - authorinos/finalizers - verbs: - - update - - apiGroups: - - operator.authorino.kuadrant.io - resources: - - authorinos/status - verbs: - - get - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - get - - list - - update - - watch - serviceAccountName: authorino-operator + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorino.kuadrant.io + resources: + - authconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorino.kuadrant.io + resources: + - authconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - operator.authorino.kuadrant.io + resources: + - authorinos + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.authorino.kuadrant.io + resources: + - authorinos/finalizers + verbs: + - update + - apiGroups: + - operator.authorino.kuadrant.io + resources: + - authorinos/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - update + - watch + serviceAccountName: authorino-operator deployments: - - label: - control-plane: authorino-operator - name: authorino-operator - spec: - replicas: 1 - selector: - matchLabels: - control-plane: authorino-operator - strategy: {} - template: - metadata: - labels: + - label: + control-plane: authorino-operator + name: authorino-operator + spec: + replicas: 1 + selector: + matchLabels: control-plane: authorino-operator - spec: - containers: - - args: - - --leader-elect - command: - - /manager - image: quay.io/kuadrant/authorino-operator:latest - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 300Mi - requests: - cpu: 200m - memory: 200Mi + strategy: {} + template: + metadata: + labels: + control-plane: authorino-operator + spec: + containers: + - args: + - --leader-elect + command: + - /manager + image: quay.io/kuadrant/authorino-operator:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 200m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false securityContext: - allowPrivilegeEscalation: false - securityContext: - runAsNonRoot: true - serviceAccountName: authorino-operator - terminationGracePeriodSeconds: 10 - - label: - app: authorino - authorino-component: authorino-webhooks - name: authorino-webhooks - spec: - selector: - matchLabels: - app: authorino - authorino-component: authorino-webhooks - strategy: {} - template: - metadata: - labels: + runAsNonRoot: true + serviceAccountName: authorino-operator + terminationGracePeriodSeconds: 10 + - label: + app: authorino + authorino-component: authorino-webhooks + name: authorino-webhooks + spec: + selector: + matchLabels: app: authorino authorino-component: authorino-webhooks - spec: - containers: - - command: - - authorino - - webhooks - image: quay.io/kuadrant/authorino:latest - name: webhooks - ports: - - containerPort: 9443 - name: webhooks - - containerPort: 8080 - name: metrics - - containerPort: 8081 - name: healthz - resources: {} - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: authorino-webhook-server-cert + strategy: {} + template: + metadata: + labels: + app: authorino + authorino-component: authorino-webhooks + spec: + containers: + - command: + - authorino + - webhooks + image: quay.io/kuadrant/authorino:latest + name: webhooks + ports: + - containerPort: 9443 + name: webhooks + - containerPort: 8080 + name: metrics + - containerPort: 8081 + name: healthz + resources: {} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: authorino-webhook-server-cert permissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - serviceAccountName: authorino-operator - - rules: - - apiGroups: - - authorino.kuadrant.io - resources: - - authconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authorino.kuadrant.io - resources: - - authconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - update - - apiGroups: - - "" - resources: - - configmaps - - events - verbs: - - create - - get - - list - - update - serviceAccountName: default + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: authorino-operator + - rules: + - apiGroups: + - authorino.kuadrant.io + resources: + - authconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorino.kuadrant.io + resources: + - authconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - get + - list + - update + serviceAccountName: default strategy: deployment installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - Authorino - - Authorino Operator - - Kuadrant - - Authorization - - Authentication + - Authorino + - Authorino Operator + - Kuadrant + - Authorization + - Authentication links: - - name: Authorino Operator - url: https://github.com/Kuadrant/authorino-operator - - name: Authorino - url: https://github.com/Kuadrant/authorino + - name: Authorino Operator + url: https://github.com/Kuadrant/authorino-operator + - name: Authorino + url: https://github.com/Kuadrant/authorino maintainers: - - email: dcesare@redhat.com - name: Didier Di Cesare - - email: eastizle@redhat.com - name: Eguzki Astiz Lezaun - - email: mcassola@redhat.com - name: Guilherme Cassolato + - email: dcesare@redhat.com + name: Didier Di Cesare + - email: eastizle@redhat.com + name: Eguzki Astiz Lezaun + - email: mcassola@redhat.com + name: Guilherme Cassolato maturity: alpha minKubeVersion: 1.8.0 provider: name: Red Hat version: 0.0.0 webhookdefinitions: - - admissionReviewVersions: - - v1beta1 - - v1beta2 - containerPort: 443 - conversionCRDs: - - authconfigs.authorino.kuadrant.io - deploymentName: authorino-webhooks - generateName: cauthconfigs.kb.io - sideEffects: None - targetPort: 9443 - type: ConversionWebhook - webhookPath: /convert + - admissionReviewVersions: + - v1beta1 + - v1beta2 + containerPort: 443 + conversionCRDs: + - authconfigs.authorino.kuadrant.io + deploymentName: authorino-webhooks + generateName: cauthconfigs.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert From a022b2cb14f0cb91a3b8ca12dee00c157e5af705 Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Fri, 24 Nov 2023 15:02:15 +0000 Subject: [PATCH 4/4] Set the authorinoImage in workflow --- .github/workflows/build-images.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 3b77568a..2915666d 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -22,6 +22,7 @@ env: IMG_REGISTRY_ORG: kuadrant MAIN_BRANCH_NAME: main OPERATOR_NAME: authorino-operator + BUILD_CONFIG_FILE: build.yaml jobs: build: @@ -52,9 +53,11 @@ jobs: run: | sudo apt-get update sudo apt-get install -y qemu-user-static + - name: Install yq dependency + run: make yq - name: Set default authorino image run: | - echo "DEFAULT_AUTHORINO_IMAGE=$(cat authorino_image || echo ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}/authorino:latest)" >> $GITHUB_ENV + echo "DEFAULT_AUTHORINO_IMAGE=$(./bin/yq e -e '.config.authorinoImage' ${{ env.BUILD_CONFIG_FILE }} || echo ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}/authorino:latest)" >> $GITHUB_ENV - name: Build Image id: build-image uses: redhat-actions/buildah-build@v2