Skip to content

Commit

Permalink
Remove deprecated images from operator
Browse files Browse the repository at this point in the history 
Those images have been deprecated when KCP was abandonned.
The content used for local development and has been moved to the
'developer' directory.

* Remove access-setup image.
* Remove cluster-setup image.
* OpenShift GitOps operator updated to 1.5.10.
* Refactor dev_setup.sh:
    * Split the content into multiple files (one file per app).
    * Use a 'local' folder as the template to deploy pipeline-service
  • Loading branch information
@Roming22
Roming22 committed Oct 10, 2023
1 parent c694ce1 commit ab8dc49
Show file tree
Hide file tree
Showing 26 changed files with 304 additions and 1,081 deletions.
80 changes: 0 additions & 80 deletions .github/workflows/build-push-images.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,10 @@ jobs:
id: filter
with:
filters: |
access-setup:
- '.github/workflows/build-push-images.yaml'
- 'operator/images/access-setup/**'
- 'shared/**'
ci-runner:
- '.github/workflows/build-push-images.yaml'
- 'ci/images/ci-runner/**'
- 'shared/**'
cluster-setup:
- '.github/workflows/build-push-images.yaml'
- 'operator/images/cluster-setup/**'
- 'shared/**'
dependencies-update:
- '.github/workflows/build-push-images.yaml'
- 'developer/images/dependencies/**'
Expand All @@ -57,42 +49,6 @@ jobs:
- '.github/workflows/build-push-images.yaml'
- 'ci/images/vulnerability-scan/**'
# Build and push access-setup image, tagged with latest and the commit SHA.
- name: Build access-setup Image
id: build-image-access-setup
if: steps.filter.outputs.access-setup == 'true'
uses: redhat-actions/buildah-build@v2
with:
image: access-setup
context: .
tags: latest ${{ steps.vars.outputs.sha_short }} ${{ github.ref_name }}
containerfiles: |
./operator/images/access-setup/Dockerfile
- name: Push to quay.io
id: push-to-quay-access-setup
if: steps.filter.outputs.access-setup == 'true'
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image-access-setup.outputs.image }}
tags: ${{ steps.build-image-access-setup.outputs.tags }} ${{ github.ref_name }}
registry: quay.io/redhat-pipeline-service
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Print image url
if: steps.filter.outputs.access-setup == 'true'
run: |
echo "Image pushed to ${{ steps.push-to-quay-access-setup.outputs.registry-paths }}"
- name: Tag latest commit ID to quay.io
id: tag-commit-quay-access-setup
if: steps.filter.outputs.access-setup != 'true'
env:
image: access-setup
registry: quay.io/redhat-pipeline-service
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
run: |
./ci/images/quay-upload/image-upload.sh --debug
# Build and push ci-runner image, tagged with latest and the commit SHA.
- name: Build ci-runner Image
id: build-image-ci-runner
Expand Down Expand Up @@ -129,42 +85,6 @@ jobs:
run: |
./ci/images/quay-upload/image-upload.sh --debug
# Build and push cluster-setup image, tagged with latest and the commit SHA.
- name: Build cluster-setup Image
id: build-image-cluster-image
if: steps.filter.outputs.cluster-setup == 'true'
uses: redhat-actions/buildah-build@v2
with:
image: cluster-setup
context: .
tags: latest ${{ steps.vars.outputs.sha_short }} ${{ github.ref_name }}
containerfiles: |
./operator/images/cluster-setup/Dockerfile
- name: Push to quay.io
id: push-to-quay-cluster-setup
if: steps.filter.outputs.cluster-setup == 'true'
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image-cluster-image.outputs.image }}
tags: ${{ steps.build-image-cluster-image.outputs.tags }} ${{ github.ref_name }}
registry: quay.io/redhat-pipeline-service
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Print image url
if: steps.filter.outputs.cluster-setup == 'true'
run: |
echo "Image pushed to ${{ steps.push-to-quay-cluster-setup.outputs.registry-paths }}"
- name: Tag latest commit ID to quay.io
id: tag-commit-quay-cluster-setup
if: steps.filter.outputs.cluster-setup != 'true'
env:
image: cluster-setup
registry: quay.io/redhat-pipeline-service
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
run: |
./ci/images/quay-upload/image-upload.sh --debug
# Build and push quay-upload image, tagged with latest and the commit SHA.
- name: Build quay-upload Image
id: build-image-quay-upload
Expand Down
53 changes: 0 additions & 53 deletions .github/workflows/individual-image-scanner-quay.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,7 @@ jobs:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
outputs:
access-setup-output: ${{ steps.access-setup-scan.outputs.VULNERABILITIES_EXIST }}
ci-runner-output: ${{ steps.ci-runner-scan.outputs.VULNERABILITIES_EXIST }}
cluster-setup-output: ${{ steps.cluster-setup-scan.outputs.VULNERABILITIES_EXIST }}
dependencies-update-output: ${{ steps.dependencies-update-scan.outputs.VULNERABILITIES_EXIST }}
e2e-test-runner-output: ${{ steps.e2e-test-runner-scan.outputs.VULNERABILITIES_EXIST }}
devenv-output: ${{ steps.devenv-scan.outputs.VULNERABILITIES_EXIST }}
Expand All @@ -38,15 +36,9 @@ jobs:
id: filter
with:
filters: |
access-setup:
- 'operator/images/access-setup/**'
- 'shared/**'
ci-runner:
- 'ci/images/ci-runner/**'
- 'shared/**'
cluster-setup:
- 'operator/images/cluster-setup/**'
- 'shared/**'
dependencies-update:
- '.github/workflows/build-push-images.yaml'
- 'developer/images/dependencies/**'
Expand All @@ -65,16 +57,6 @@ jobs:
vulnerability:
- 'ci/images/vulnerability-scan/**'
- name: access-setup scan
continue-on-error: true
id: access-setup-scan
if: steps.filter.outputs.access-setup == 'true'
run: |
./ci/images/vulnerability-scan/scan-image.sh | tee /tmp/clair-scan.log
echo "VULNERABILITIES_EXIST=$(tail -1 /tmp/clair-scan.log)" >> $GITHUB_OUTPUT
env:
IMAGE_NAME: access-setup

- name: ci-runner scan
continue-on-error: true
id: ci-runner-scan
Expand All @@ -85,16 +67,6 @@ jobs:
env:
IMAGE_NAME: ci-runner

- name: cluster-setup scan
continue-on-error: true
id: cluster-setup-scan
if: steps.filter.outputs.cluster-setup == 'true'
run: |
./ci/images/vulnerability-scan/scan-image.sh | tee /tmp/clair-scan.log
echo "VULNERABILITIES_EXIST=$(tail -1 /tmp/clair-scan.log)" >> $GITHUB_OUTPUT
env:
IMAGE_NAME: cluster-setup

- name: dependencies-update scan
continue-on-error: true
id: dependencies-update-scan
Expand Down Expand Up @@ -160,18 +132,6 @@ jobs:
needs: scans
if: always()
steps:
- name: Check access-setup results
id: check-access-setup-results
if: always()
run: |
res=${{ needs.scans.outputs.access-setup-output }}
res=${res:=0}
if [[ $res != 0 ]]; then
echo "Vulnerabilities found with access-setup image. Please check scans job for more details."
exit 1
else
echo "No vulnerabilities found"
fi

- name: Check ci-runner results
id: check-ci-runner-results
Expand All @@ -186,19 +146,6 @@ jobs:
echo "No vulnerabilities found"
fi
- name: Check cluster-setup results
id: check-cluster-setup-results
if: always()
run: |
res=${{ needs.scans.outputs.cluster-setup-output }}
res=${res:=0}
if [[ $res != 0 ]]; then
echo "Vulnerabilities found with cluster-setup image. Please check scans job for more details."
exit 1
else
echo "No vulnerabilities found"
fi
- name: Check dependencies-update results
id: check-dependencies-update-results
if: always()
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/periodic-scanner-quay.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,7 @@ jobs:
env:
AUTH_BEARER_TOKEN: ${{ secrets.AUTH_BEARER_TOKEN }}
images: (
"access-setup"
"ci-runner"
"cluster-setup"
"dependencies-update"
"devenv"
"e2e-test-runner"
Expand Down
2 changes: 1 addition & 1 deletion DEPENDENCIES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
| **Component** | **Version** | **Purpose** | **Comments** |
|------------------------------|-----------------------------------------|-------------|--------------|
| OpenShift Pipelines Operator | openshift-pipelines-operator-rh.v1.12.0 | | |
| OpenShift GitOps Operator | openshift-gitops-operator.v1.5.6 | | |
| OpenShift GitOps Operator | openshift-gitops-operator.v1.5.10 | | |

### **Tools**

Expand Down
2 changes: 1 addition & 1 deletion ci/images/ci-runner/hack/sidecar/bin/plnsvc_setup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ git config --global --add safe.directory "$PWD"

# Checkout the branch we want to setup
git fetch origin "$REPO_REVISION"
git checkout "$REPO_REVISION"
git checkout --force "$REPO_REVISION"

OPENSHIFT_DIR=$(find "$PWD" -type f -name dev_setup.sh -exec dirname {} +)
CONFIG="$OPENSHIFT_DIR/../config.yaml"
Expand Down
2 changes: 1 addition & 1 deletion developer/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ git_ref: main
# Applications to be deployed on the cluster
apps:
- openshift-gitops # openshift-gitops is a pre-requisite for Pipeline Service
- pipeline_service # pipeline_service sets up Pipeline Service on the cluster.
- pipeline-service # pipeline-service sets up Pipeline Service on the cluster.

# Tekton results database credentials
tekton_results_db:
Expand Down
65 changes: 65 additions & 0 deletions developer/openshift/apps/openshift-gitops.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail

install() {
app="openshift-gitops"
local ns="$app"

#############################################################################
# Install the gitops operator
#############################################################################
echo -n "- OpenShift-GitOps: "
kubectl apply -k "$DEV_DIR/operators/$app" >/dev/null
echo "OK"

# Subscription information for potential debug
mkdir -p "$WORK_DIR/logs/$app"
kubectl get subscriptions $app-operator -n openshift-operators -o yaml >"$WORK_DIR/logs/$app/subscription.yaml"

#############################################################################
# Wait for the URL to be available
#############################################################################
echo -n "- Argo CD dashboard: "
test_cmd="kubectl get route/openshift-gitops-server --ignore-not-found -n $ns -o jsonpath={.spec.host}"
argocd_hostname="$(${test_cmd})"
until curl --fail --insecure --output /dev/null --silent "https://$argocd_hostname"; do
echo -n "."
sleep 2
argocd_hostname="$(${test_cmd})"
done
echo "OK"
echo "- Argo CD URL: https://$argocd_hostname"

#############################################################################
# Post install
#############################################################################
# Log into Argo CD
echo -n "- Argo CD Login: "
local argocd_password
argocd_password="$(kubectl get secret openshift-gitops-cluster -n $ns -o jsonpath="{.data.admin\.password}" | base64 --decode)"
argocd login "$argocd_hostname" --grpc-web --insecure --username admin --password "$argocd_password" >/dev/null
echo "OK"

# Register the host cluster as pipeline-cluster
local cluster_name="plnsvc"
if ! argocd cluster get "$cluster_name" >/dev/null 2>&1; then
echo "- Register host cluster to ArgoCD as '$cluster_name': "
argocd cluster add "$(yq e ".current-context" <"$KUBECONFIG")" --name="$cluster_name" --upsert --yes >/dev/null
echo " OK"
else
echo "- Register host cluster to ArgoCD as '$cluster_name': OK"
fi
}

main() {
if [ -n "${DEBUG:-}" ]; then
set -x
fi
install
}

if [ "${BASH_SOURCE[0]}" == "$0" ]; then
main "$@"
fi
Loading

0 comments on commit ab8dc49

Please sign in to comment.