From d5cfd807af8840af860d0d0ec4f33618af8b24e3 Mon Sep 17 00:00:00 2001 From: Andrew Date: Mon, 30 Sep 2024 11:53:09 -0400 Subject: [PATCH] verify operator uses webhook version and release is conditional --- .github/workflows/minimal-app.yml | 22 ++++++++++++------- .github/workflows/operator.yml | 10 +++++++-- .../verify_changes_update_version.sh | 0 .../shared/verify_current_webhook_img.sh | 14 ++++++++++++ .../scripts/verify_minimal_app_releasable.sh | 2 +- .../scripts/verify_operator_releasable.sh | 15 ++----------- .../scripts/verify_webhook_releasable.sh | 3 ++- .github/workflows/webhook.yml | 14 ++++++++++-- 8 files changed, 53 insertions(+), 27 deletions(-) rename .github/workflows/scripts/{ => shared}/verify_changes_update_version.sh (100%) create mode 100644 .github/workflows/scripts/shared/verify_current_webhook_img.sh diff --git a/.github/workflows/minimal-app.yml b/.github/workflows/minimal-app.yml index 62d771d..233ad60 100644 --- a/.github/workflows/minimal-app.yml +++ b/.github/workflows/minimal-app.yml @@ -6,6 +6,7 @@ on: paths: - minimal-app/** - .github/workflows/minimal-app.yml + - .github/workflows/scripts push: branches: - main @@ -60,36 +61,41 @@ jobs: IMAGE_NAME=$(mvn help:evaluate -Dexpression=image-name -q -DforceStdout) echo "REGISTRY=$REGISTRY" >> "$GITHUB_OUTPUT" echo "TAG_NAME=${{ env.GIT_TAG_PREFIX }}$VERSION" >> "$GITHUB_OUTPUT" - echo "IMAGE_NAME=$REGISTRY/$IMAGE_NAME:$VERSION" >> "$GITHUB_OUTPUT" + echo "FULL_IMAGE_NAME=$REGISTRY/$IMAGE_NAME:$VERSION" >> "$GITHUB_OUTPUT" cat $GITHUB_OUTPUT id: naming-selector name: generate names for artifacts - - run: | - ! docker manifest inspect ${{ steps.naming-selector.outputs.IMAGE_NAME }} - name: confirm image is not already pushed - - run: | git fetch --tags - ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}" - name: confirm git tag does not exist + if git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"; then + # confirm image exists + docker manifest inspect ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }} + else + echo "needs_release=true" >> $GITHUB_ENV + fi + name: check if release is needed - uses: actions/setup-java@v3 with: java-version: "${{ env.JAVA_VERSION }}" distribution: "temurin" - run: mvn --batch-mode --update-snapshots verify + if: env.needs_release == 'true' name: build image - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + if: env.needs_release == 'true' with: registry: ${{ steps.naming-selector.outputs.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - run: docker push ${{ steps.naming-selector.outputs.IMAGE_NAME }} + - run: docker push ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }} + if: env.needs_release == 'true' - uses: mathieudutour/github-tag-action@v6.1 + if: env.needs_release == 'true' id: tag_version with: custom_tag: ${{ steps.naming-selector.outputs.TAG_NAME }} diff --git a/.github/workflows/operator.yml b/.github/workflows/operator.yml index 45571b0..371d49b 100644 --- a/.github/workflows/operator.yml +++ b/.github/workflows/operator.yml @@ -6,6 +6,7 @@ on: - operator/** - "!operator/webhook/**" - .github/workflows/operator.yml + - .github/workflows/scripts push: branches: - main @@ -57,13 +58,17 @@ jobs: - run: | git fetch --tags - ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}" - name: confirm git tag does not exist + if ! git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"; then + echo "needs_release=true" >> $GITHUB_ENV + fi + name: check if release is needed - run: make prep-release + if: env.needs_release == 'true' name: generate release files - uses: mathieudutour/github-tag-action@v6.1 + if: env.needs_release == 'true' id: tag_version with: custom_tag: ${{ steps.naming-selector.outputs.TAG_NAME }} @@ -72,6 +77,7 @@ jobs: tag_prefix: "" - uses: ncipollo/release-action@v1 + if: env.needs_release == 'true' with: tag: ${{ steps.tag_version.outputs.new_tag }} name: Release ${{ steps.tag_version.outputs.new_tag }} diff --git a/.github/workflows/scripts/verify_changes_update_version.sh b/.github/workflows/scripts/shared/verify_changes_update_version.sh similarity index 100% rename from .github/workflows/scripts/verify_changes_update_version.sh rename to .github/workflows/scripts/shared/verify_changes_update_version.sh diff --git a/.github/workflows/scripts/shared/verify_current_webhook_img.sh b/.github/workflows/scripts/shared/verify_current_webhook_img.sh new file mode 100644 index 0000000..52529bb --- /dev/null +++ b/.github/workflows/scripts/shared/verify_current_webhook_img.sh @@ -0,0 +1,14 @@ +OPERATOR_DIR=operator +OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/integrationroute-controller.yaml + +verify_current_webhook_img() { + current_webhook_img=$(make --no-print-directory -C operator/webhook get-image-name) + webhook_image_used=$(yq eval '.spec.template.spec.containers[].image' $OPERATOR_CONTROLLER_YAML) + + test -n "$current_webhook_img" + test -n "$webhook_image_used" + + test "$webhook_image_used" = "$current_webhook_img" || (echo "Operator is not using current version of webhook image" && exit 1) +} + +verify_current_webhook_img diff --git a/.github/workflows/scripts/verify_minimal_app_releasable.sh b/.github/workflows/scripts/verify_minimal_app_releasable.sh index d5f6731..8fd36e4 100644 --- a/.github/workflows/scripts/verify_minimal_app_releasable.sh +++ b/.github/workflows/scripts/verify_minimal_app_releasable.sh @@ -5,7 +5,7 @@ MINIMAL_APP_DIR=minimal-app verify_version_bump() { version=$(mvn -f minimal-app/pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout) potential_tag="${GIT_TAG_PREFIX}${version}" - sh .github/workflows/scripts/verify_changes_update_version.sh $potential_tag $MINIMAL_APP_DIR + sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $MINIMAL_APP_DIR } verify_version_bump diff --git a/.github/workflows/scripts/verify_operator_releasable.sh b/.github/workflows/scripts/verify_operator_releasable.sh index 305de7c..cc4814e 100644 --- a/.github/workflows/scripts/verify_operator_releasable.sh +++ b/.github/workflows/scripts/verify_operator_releasable.sh @@ -1,22 +1,11 @@ set -eux OPERATOR_DIR=operator -OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/integrationroute-controller.yaml - -verify_current_webhook_img() { - current_webhook_img=$(make --no-print-directory -C operator/webhook get-image-name) - webhook_image_used=$(yq eval '.spec.template.spec.containers[].image' $OPERATOR_CONTROLLER_YAML) - - test -n "$current_webhook_img" - test -n "$webhook_image_used" - - test "$webhook_image_used" = "$current_webhook_img" || (echo "Operator is not using current version of webhook image" && exit 1) -} verify_version_bump() { potential_tag=$(make --no-print-directory -C $OPERATOR_DIR get-tag) - sh .github/workflows/scripts/verify_changes_update_version.sh $potential_tag $OPERATOR_DIR + sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $OPERATOR_DIR } -verify_current_webhook_img +sh .github/workflows/scripts/shared/verify_current_webhook_img.sh verify_version_bump diff --git a/.github/workflows/scripts/verify_webhook_releasable.sh b/.github/workflows/scripts/verify_webhook_releasable.sh index 06a76d0..ebf7769 100644 --- a/.github/workflows/scripts/verify_webhook_releasable.sh +++ b/.github/workflows/scripts/verify_webhook_releasable.sh @@ -4,7 +4,8 @@ WEBHOOK_DIR=operator/webhook verify_version_bump() { potential_tag=$(make --no-print-directory -C $WEBHOOK_DIR get-tag) - sh .github/workflows/scripts/verify_changes_update_version.sh $potential_tag $WEBHOOK_DIR + sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $WEBHOOK_DIR } +sh .github/workflows/scripts/shared/verify_current_webhook_img.sh verify_version_bump diff --git a/.github/workflows/webhook.yml b/.github/workflows/webhook.yml index 9ab6559..013046a 100644 --- a/.github/workflows/webhook.yml +++ b/.github/workflows/webhook.yml @@ -5,6 +5,7 @@ on: paths: - operator/webhook/** - .github/workflows/webhook.yml + - .github/workflows/scripts push: branches: - main @@ -82,8 +83,14 @@ jobs: name: generate names for artifacts - run: | - ! docker manifest inspect ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }} - name: confirm image is not already pushed + git fetch --tags + if git rev-parse -q --verify "refs/tags/${{ steps.naming-selector.outputs.TAG_NAME }}"; then + # confirm image exists + docker manifest inspect ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }} + else + echo "needs_release=true" >> $GITHUB_ENV + fi + name: check if release is needed - run: | git fetch --tags @@ -91,6 +98,7 @@ jobs: name: confirm git tag does not exist - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + if: env.needs_release == 'true' with: registry: ${{ steps.naming-selector.outputs.REGISTRY }} username: ${{ github.actor }} @@ -100,6 +108,7 @@ jobs: uses: docker/setup-buildx-action@v3 - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + if: env.needs_release == 'true' with: context: ${{ env.WORKING_DIR }} platforms: linux/amd64,linux/arm64 @@ -107,6 +116,7 @@ jobs: tags: ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }} - uses: mathieudutour/github-tag-action@v6.1 + if: env.needs_release == 'true' id: tag_version with: custom_tag: ${{ steps.naming-selector.outputs.TAG_NAME }}