sync: rc-2023-09-26.1 to stage (#1304)

* Use Openshift golang-1.20 builder image (#1275) * Add kind cluster type (#1256) * Refactor operator config to use field.Error (#1276) * fix typo causing skip of DNS creation on restore (#1277) * ROX-19718: Add flag for fleetmanager gitops (#1283) * Specify reconcile interval in workers (#1265) * Add request body to rotate-secrets endpoint (#1272) * Disable automounting for egress proxy (#1286) * ROX-19808: Remove GitOps admin handler (#1290) Remove GitOps admin handler * ROX-19692: Add a release preparation workflow. (#1284) Prepare release workflow. * ROX-19735 - add operator configs to gitops (#1278) * ROX-19692: New workflow to auto-create production merge PRs. (#1291) New workflow to auto-create production merge PRs. * ROX-19810: Bump controller-runtime and stackrox deps (#1292) * Bump controller-runtime and stackrox deps * Bump openshift/api * Call /current_account before reserving quota (#1289) * Remove multi target build (#1259) * fixed restore endpoint (#1298) * ROX-19281: Fix nil pointer dereference in E2E tests when Central is not ready (#1216) * Rename ACSMS -> ACSCS in dev scripts (#1252) * Log result of current_account call execution (#1297) * Cleanup errors.go (#1299) --------- Co-authored-by: Vlad Bologa <[email protected]> Co-authored-by: Simon Bäumer <[email protected]> Co-authored-by: Johannes Malsam <[email protected]> Co-authored-by: Ludovic Cleroux <[email protected]> Co-authored-by: Ivan Degtiarenko <[email protected]> Co-authored-by: Alex Rukletsov <[email protected]> Co-authored-by: Marcin Owsiany <[email protected]> Co-authored-by: Aleksandr Kurlov <[email protected]> Co-authored-by: Yury Kovalev <[email protected]>
stackrox · Sep 26, 2023 · bd236b1 · bd236b1
1 parent 0498c81
commit bd236b1
Show file tree

Hide file tree

Showing 83 changed files with 963 additions and 932 deletions.
diff --git a/.github/workflows/create-prod-pr.yaml b/.github/workflows/create-prod-pr.yaml
@@ -0,0 +1,18 @@
+name: Create PR to merge stage into production
+on:
+  push:
+    branches:
+      - stage
+
+jobs:
+  prepare-prod-pr:
+    runs-on: ubuntu-latest
+    name: Prepare production PR
+    steps:
+
+    - name: Open a pull request
+      uses: tretuna/[email protected]
+      with:
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        FROM_BRANCH: 'stage'
+        TO_BRANCH: 'production'
diff --git a/.github/workflows/start-release.yaml b/.github/workflows/start-release.yaml
@@ -0,0 +1,45 @@
+name: Start release
+on:
+  workflow_dispatch:
+    inputs:
+      commit:
+        description: 'Commit to merge into the stage branch (branch name, tag name or SHA)'
+        required: true
+        default: 'main'
+        type: string
+      release_version:
+        description: 'Release version in the format YYYY-MM-DD.N'
+        required: true
+        default: 'YYYY-MM-DD.1'
+        type: string
+
+jobs:
+  prepare-stage-pr:
+    runs-on: ubuntu-latest
+    name: Prepare stage PR
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    # action-create-branch does not accept symbolic refs, so we need to parse it here.
+    - name: Canonicalize the commit ID
+      run: |
+        echo "commit_hash=$(git rev-parse --verify --quiet 'remotes/origin/${{ inputs.commit }}' || git rev-parse --verify --quiet '${{ inputs.commit }}')" >> "$GITHUB_ENV"
+
+    - name: Create Release Candidate branch
+      uses: peterjgrainger/[email protected]
+      env:
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      with:
+        branch: 'rc-${{ inputs.release_version }}'
+        sha: '${{ env.commit_hash }}'
+
+    - name: Open a pull request
+      uses: tretuna/[email protected]
+      with:
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        FROM_BRANCH: 'rc-${{ inputs.release_version }}'
+        TO_BRANCH: 'stage'
diff --git a/.openshift-ci/e2e-runtime/Dockerfile b/.openshift-ci/e2e-runtime/Dockerfile
@@ -5,7 +5,7 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 
 RUN dnf update -y --disablerepo=\* --enablerepo=baseos,appstream && dnf -y install make which git gettext jq gcc && dnf clean all && rm -rf /var/cache/dnf
 
-COPY --from=registry.ci.openshift.org/stolostron/builder:go1.20-linux /usr/local/go /usr/local/go
+COPY --from=registry.ci.openshift.org/openshift/release:golang-1.20 /usr/local/go /usr/local/go
 COPY --from=quay.io/openshift/origin-cli:4.13 /usr/bin/oc /usr/bin
 COPY --from=quay.io/operator-framework/operator-sdk:v1.25 /usr/local/bin/operator-sdk /usr/local/bin
 

diff --git a/.openshift-ci/image-push/entrypoint.sh b/.openshift-ci/image-push/entrypoint.sh
@@ -41,7 +41,7 @@ if [[ -z "$QUAY_RHACS_ENG_RW_PASSWORD" ]]; then
 fi
 
 log
-log "** Entrypoint for ACS MS Image Push **"
+log "** Entrypoint for ACSCS Image Push **"
 log
 
 registry_host=$(echo "$IMAGE_PUSH_REGISTRY" | cut -d / -f 1)

diff --git a/.openshift-ci/tests/e2e-test.sh b/.openshift-ci/tests/e2e-test.sh
@@ -18,7 +18,7 @@ up.sh
 log "Environment up and running"
 log "Waiting for fleet-manager to complete leader election..."
 # Don't have a better way yet to wait until fleet-manager has completed the leader election.
-$KUBECTL -n "$ACSMS_NAMESPACE" logs -l application=fleet-manager -c fleet-manager -f --tail=-1 |
+$KUBECTL -n "$ACSCS_NAMESPACE" logs -l application=fleet-manager -c fleet-manager -f --tail=-1 |
     grep -q --line-buffered --max-count=1 'Running as the leader and starting' || true
 sleep 1
 

diff --git a/.openshift-ci/tests/e2e.sh b/.openshift-ci/tests/e2e.sh
@@ -43,7 +43,7 @@ export RUN_AUTH_E2E=${RUN_AUTH_E2E:-$RUN_AUTH_E2E_DEFAULT}
 export RUN_CENTRAL_E2E=${RUN_CENTRAL_E2E:-$RUN_CENTRAL_E2E_DEFAULT}
 
 log
-log "** Entrypoint for ACS MS E2E Tests **"
+log "** Entrypoint for ACSCS E2E Tests **"
 log
 
 log "Cluster type: ${CLUSTER_TYPE}"
@@ -97,7 +97,7 @@ if [[ "$SPAWN_LOGGER" == "true" ]]; then
     apply "${MANIFESTS_DIR}/rhacs-operator/00-namespace.yaml"
     sleep 2
     log "Spawning logger, log directory is ${LOG_DIR}"
-    stern -n "$ACSMS_NAMESPACE" '.*' --color=never --template '[{{.ContainerName}}] {{.Message}}{{"\n"}}' >"${LOG_DIR}/namespace-${ACSMS_NAMESPACE}.txt" 2>&1 &
+    stern -n "$ACSCS_NAMESPACE" '.*' --color=never --template '[{{.ContainerName}}] {{.Message}}{{"\n"}}' >"${LOG_DIR}/namespace-${ACSCS_NAMESPACE}.txt" 2>&1 &
     stern -n "$STACKROX_OPERATOR_NAMESPACE" '.*' --color=never --template '[{{.ContainerName}}] {{.Message}}{{"\n"}}' >"${LOG_DIR}/namespace-${STACKROX_OPERATOR_NAMESPACE}.txt" 2>&1 &
 fi
 
@@ -137,10 +137,10 @@ if [[ "$DUMP_LOGS" == "true" ]]; then
         log
     fi
 
-    log "** BEGIN ACSMS PODS **"
-    $KUBECTL -n "$ACSMS_NAMESPACE" get pods || true
-    $KUBECTL -n "$ACSMS_NAMESPACE" describe pods || true
-    log "** END ACSMS PODS **"
+    log "** BEGIN ACSCS PODS **"
+    $KUBECTL -n "$ACSCS_NAMESPACE" get pods || true
+    $KUBECTL -n "$ACSCS_NAMESPACE" describe pods || true
+    log "** END ACSCS PODS **"
     log
 
     log "** BEGIN OPERATOR STATE **"

diff --git a/Dockerfile b/Dockerfile
@@ -1,31 +1,14 @@
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS build
-
-ENV GOFLAGS="-mod=mod"
+FROM registry.ci.openshift.org/openshift/release:golang-1.20 AS build
 
 RUN mkdir /rds_ca
 ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /rds_ca/aws-rds-ca-global-bundle.pem
 
 RUN mkdir /src
 WORKDIR /src
-RUN CGO_ENABLED=0 go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/cmd/dlv@latest
-COPY go.*  ./
-RUN go mod download
 COPY . ./
 
-FROM build as build-debug
-RUN GOARGS="-gcflags 'all=-N -l'" make binary
-
-FROM build as build-standard
 RUN make binary
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as debug
-COPY --from=build-debug /go/bin/dlv /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
-COPY --from=build-debug /src /src
-COPY --from=build /rds_ca /usr/local/share/ca-certificates
-EXPOSE 8000
-WORKDIR /
-ENTRYPOINT [ "/usr/local/bin/dlv" , "--listen=:40000", "--headless=true", "--api-version=2", "--accept-multiclient", "exec", "/usr/local/bin/fleet-manager", "serve"]
-
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as standard
 
 RUN microdnf install shadow-utils
@@ -34,8 +17,9 @@ RUN useradd -u 1001 unprivilegeduser
 # Switch to non-root user
 USER unprivilegeduser
 
-COPY --chown=unprivilegeduser --from=build-standard /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
+COPY --chown=unprivilegeduser --from=build /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
 COPY --chown=unprivilegeduser --from=build /rds_ca /usr/local/share/ca-certificates
+
 EXPOSE 8000
 WORKDIR /
 ENTRYPOINT ["/usr/local/bin/fleet-manager", "serve"]

diff --git a/Dockerfile.hybrid → Dockerfile.local b/Dockerfile.hybrid → Dockerfile.local
@@ -1,12 +1,26 @@
+# This dockerfile is used for local builds to support architectures like arm64.
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
 
+RUN microdnf install shadow-utils
+
+RUN useradd -u 1001 unprivilegeduser
+# Switch to non-root user
+
+RUN mkdir /rds_ca
 ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /usr/local/share/ca-certificates/aws-rds-ca-global-bundle.pem
 
 COPY \
     fleet-manager \
     fleetshard-sync \
     /usr/local/bin/
 
+RUN chown unprivilegeduser /usr/local/bin/fleet-manager
+RUN chown unprivilegeduser /usr/local/bin/fleetshard-sync
+RUN chown unprivilegeduser /rds_ca
+RUN chown unprivilegeduser /usr/local/share/ca-certificates
+
+USER unprivilegeduser
+
 EXPOSE 8000
 
 ENTRYPOINT ["/usr/local/bin/fleet-manager", "serve"]