version: 3 # Environment variables that are shared across tasks. env: REGISTRY_NETWORK: barman-cloud-plugin REGISTRY_NAME: registry.barman-cloud-plugin REGISTRY_PORT: 5000 DAGGER_ENGINE_CONTAINER_NAME: e2e-dagger-engine tasks: lint: desc: Run golangci-lint env: # renovate: datasource=git-refs depName=golangci-lint lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main DAGGER_GOLANGCI_LINT_SHA: 9ee6739db1b1cc4c806ed9389ecd534bf9f5705a cmds: - > GITHUB_REF= dagger -s call -m github.com/sagikazarmark/daggerverse/golangci-lint@${DAGGER_GOLANGCI_LINT_SHA} with-linter-cache --cache golangci-lint with-build-cache --cache go-build with-module-cache --cache go-mod run --source . --config .golangci.yml stdout sources: - ./**/*.go spellcheck: desc: Run spellcheck env: # renovate: datasource=git-refs depName=spellcheck lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_SPELLCHECK_SHA: f2acc8d99c16422193b59859048ecca98ffb9334 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/spellcheck@${DAGGER_SPELLCHECK_SHA} spellcheck --source . with-exec --use-entrypoint --args="" stdout sources: - ./**/*.md - .spellcheck.yaml - .wordlist.txt commitlint: desc: Check for conventional commits env: # renovate: datasource=git-refs depName=commitlint lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_COMMITLINT_SHA: f2acc8d99c16422193b59859048ecca98ffb9334 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/commitlint@${DAGGER_COMMITLINT_SHA} lint --source . --args "--from=origin/main" stdout uncommitted: desc: Check for uncommitted changes deps: - manifest-main env: # renovate: datasource=git-refs depName=uncommitted lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_UNCOMMITTED_SHA: f2acc8d99c16422193b59859048ecca98ffb9334 cmds: - GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/uncommitted@${DAGGER_UNCOMMITTED_SHA} check-uncommitted --source . stdout sources: - ./** go-test: desc: Run go test env: # renovate: datasource=docker depName=golang versioning=semver GOLANG_IMAGE_VERSION: 1.23.4 # renovate: datasource=git-refs depname=kubernetes packageName=https://github.com/kubernetes/kubernetes versioning=semver K8S_VERSION: 1.31.0 # renovate: datasource=git-refs depName=controller-runtime packageName=https://github.com/kubernetes-sigs/controller-runtime versioning=semver SETUP_ENVTEST_VERSION: 0.19.2 cmds: - > GITHUB_REF= dagger -s call -m ./dagger/gotest --go-version ${GOLANG_IMAGE_VERSION} --kube-version ${K8S_VERSION} --setup-envtest-version ${SETUP_ENVTEST_VERSION} unit-test --src . sources: - ./**/*.go generate-certs: desc: Generate certificates for the local registry run: once cmds: - > mkdir -p certs && pushd certs && openssl genrsa -out ca-key.pem 4096 && openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \ -subj "/O=CloudNativePG/OU=Barman Cloud Plugin Testing" && openssl genrsa -out server-key.pem 4096 && openssl req -subj "/CN=${REGISTRY_NAME}" -sha256 -new -key server-key.pem -out server.csr && echo subjectAltName = DNS:${REGISTRY_NAME},IP:127.0.0.1 >> extfile.cnf && echo extendedKeyUsage = serverAuth >> extfile.cnf && openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out server-cert.pem -extfile extfile.cnf && popd status: - test -f certs/ca-key.pem - test -f certs/ca.pem - test -f certs/server-key.pem - test -f certs/server.csr - test -f certs/server-cert.pem start-build-network: desc: Create a docker network for image building used by the dagger engine and the registry run: once cmds: - docker network create ${REGISTRY_NETWORK} status: - docker network inspect ${REGISTRY_NETWORK} start-registry: desc: Start a container registry run: once deps: - generate-certs - start-build-network env: # TODO: renovate REGISTRY_VERSION: 2 cmds: - > docker run -d --name ${REGISTRY_NAME} -p ${REGISTRY_PORT}:5000 --network ${REGISTRY_NETWORK} -v $(pwd)/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-cert.pem -e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem registry:${REGISTRY_VERSION} status: - \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "${REGISTRY_NAME}" 2> /dev/null )" == 'true' \] # Start a dagger engine that mounts the CA certificate for the local registry. start-dagger-engine-for-local-builds: desc: Start a dagger engine mounting the CA run: once deps: - generate-certs - start-build-network vars: # renovate: datasource=github-tags depName=dagger/dagger versioning=semver DAGGER_VERSION: 0.14.0 DAGGER_ENGINE_IMAGE: registry.dagger.io/engine:v{{ .DAGGER_VERSION }} cmds: - > docker run -d -v /var/lib/dagger --name "${DAGGER_ENGINE_CONTAINER_NAME}" --network=${REGISTRY_NETWORK} -v $(pwd)/certs/ca.pem:/usr/local/share/ca-certificates/ca.crt --privileged {{ .DAGGER_ENGINE_IMAGE }} status: - \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "${DAGGER_ENGINE_CONTAINER_NAME}" 2> /dev/null )" == 'true' \] # We build an image and push it to a local registry. # The name is always `plugin-barman-cloud:testing`. build-plugin-image: desc: Build the operator container image for the plugin deps: - start-registry - start-dagger-engine-for-local-builds env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bd405d35e41180483a520e5a7f94d0e1069178c5 _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{.DAGGER_ENGINE_CONTAINER_NAME}} cmds: - > GITHUB_REF= dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} build --dir . --file containers/Dockerfile.plugin --platform linux/amd64 publish --ref ${REGISTRY_NAME}:${REGISTRY_PORT}/plugin-barman-cloud --tags testing # We build an image and push it to a local registry. # The name is always `sidecar-barman-cloud:testing`. build-sidecar-image: desc: Build the sidecar container image for the plugin deps: - start-registry - start-dagger-engine-for-local-builds env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bd405d35e41180483a520e5a7f94d0e1069178c5 _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{.DAGGER_ENGINE_CONTAINER_NAME}} cmds: - > GITHUB_REF= dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 publish --ref ${REGISTRY_NAME}:${REGISTRY_PORT}/sidecar-barman-cloud --tags testing build-images: desc: Build the container images for the plugin deps: - build-plugin-image - build-sidecar-image # TODO: see if it is possible to daggerize this. It will have to manage docker to make kind work. # TODO: add a task to clean up the kind cluster for new test runs. # Run the e2e tests. This task will start a kind cluster, deploy the plugin, and run the tests. # Running the e2e tests requires: # * The registry to have a valid TLS certificate. # * The registry to be in the same network of the dagger-engine. # * The dagger-engine to mount the CA. # * The kind cluster to mount the CA. e2e: desc: Run e2e tests deps: - build-images cmds: - > go run github.com/onsi/ginkgo/v2/ginkgo --procs=8 --randomize-all --randomize-suites --fail-on-pending --fail-on-empty --keep-going --timeout=30m --github-output ./test/e2e ci: desc: Run the CI pipeline deps: - spellcheck - commitlint - uncommitted - lint - go-test - e2e publish: desc: Build and publish a container image for the plugin requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME - REGISTRY_USER - REGISTRY_PASSWORD vars: PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} # remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs, # where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs. IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}' env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bd405d35e41180483a520e5a7f94d0e1069178c5 cmds: - > dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} --registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD build --dir . --file containers/Dockerfile.plugin --platform linux/amd64 --platform linux/arm64 publish --ref {{.PLUGIN_IMAGE_NAME}} --tags {{.IMAGE_VERSION}} - > dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} --registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64 publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}} controller-gen: desc: Run controller-gen env: # renovate: datasource=git-refs depName=controller-gen lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_CONTROLLER_GEN_SHA: f2acc8d99c16422193b59859048ecca98ffb9334 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA} controller-gen --source . --args object:headerFile=hack/boilerplate.go.txt --args paths=./api/... file --path api/v1/zz_generated.deepcopy.go export --path api/v1/zz_generated.deepcopy.go - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA} controller-gen --source . --args rbac:roleName=plugin-barman-cloud --args crd --args webhook --args paths=./api/... --args output:crd:artifacts:config=config/crd/bases directory --path config/crd/bases export --path config/crd/bases sources: - ./api/**/*.go generates: - ./api/v1/zz_generated.deepcopy.go manifest-main: deps: - controller-gen desc: Generate the manifest for the main branch vars: GITHUB_REPOSITORY: '{{ default "cloudnative-pg/plugin-barman-cloud" .GITHUB_REPOSITORY }}' GITHUB_REF: main GITHUB_REF_NAME: main cmds: - task: manifest-internal vars: GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}' GITHUB_REF: '{{.GITHUB_REF}}' GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}' manifest: desc: Generate the manifest to be uploaded to the release or as a workflow artifact deps: - controller-gen requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME cmds: - task: manifest-internal vars: GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}' GITHUB_REF: '{{.GITHUB_REF}}' GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}' manifest-internal: desc: Update the image in the Kustomization label: manifest-internal-{{.GITHUB_REF_NAME}} internal: true requires: vars: - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME vars: PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} # remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs, # where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs. IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}' env: # renovate: datasource=git-refs depName=kustomize lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main DAGGER_KUSTOMIZE_SHA: 32b01ce09db8bfc7ef06dec92ea20d42855cbf81 # TODO: go back to upstream module once the PR is merged cmds: - > dagger -s call -m https://github.com/fcanovai/sagikazarmark-daggerverse/kustomize@kustomize-secrets edit --source . --dir kubernetes set image --image plugin-barman-cloud={{.PLUGIN_IMAGE_NAME}}:{{.IMAGE_VERSION}} set secret --secret plugin-barman-cloud --from-literal SIDECAR_IMAGE={{.SIDECAR_IMAGE_NAME}}:{{.IMAGE_VERSION}} directory directory --path kubernetes export --path manifest-build - > dagger -s call -m github.com/sagikazarmark/daggerverse/kustomize@${DAGGER_KUSTOMIZE_SHA} build --source . --dir manifest-build export --path manifest.yaml sources: - ./config/**/*.yaml - ./kubernetes/**/*.yaml generates: - ./manifest.yaml upload-manifest-to-release: desc: Upload the manifest to the release requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME - GITHUB_TOKEN env: # renovate: datasource=git-refs depName=gh lookupName=https://github.com/sagikazarmark/daggerverse DAGGER_GH_SHA: 32b01ce09db8bfc7ef06dec92ea20d42855cbf81 preconditions: - sh: "[[ {{.GITHUB_REF}} =~ 'refs/tags/v.*' ]]" msg: not a tag, failing cmds: - > dagger -s call -m github.com/sagikazarmark/daggerverse/gh@${DAGGER_GH_SHA} with-source --source . run --repo {{.GITHUB_REPOSITORY}} --token env:GITHUB_TOKEN --cmd "release upload {{.GITHUB_REF_NAME}} manifest.yaml" clean: desc: Remove autogenerated artifacts cmds: - rm -rf .task/