version: 3 # We have multiple parallel tasks that run for a long time. Prefix their output with the task name so we can understand # what task is writing. output: prefixed # Variables that are shared across tasks. vars: # renovate: datasource=docker depName=kindest/node versioning=semver E2E_KUBERNETES_VERSION: v1.33.2 E2E_CLUSTER_NAME: barman-cloud-plugin-e2e-{{.E2E_KUBERNETES_VERSION}} REGISTRY_NETWORK: barman-cloud-plugin REGISTRY_NAME: registry.barman-cloud-plugin REGISTRY_PORT: 5000 DAGGER_ENGINE_CONTAINER_NAME: e2e-dagger-engine tasks: lint: desc: Run golangci-lint env: # renovate: datasource=git-refs depName=golangci-lint lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main DAGGER_GOLANGCI_LINT_SHA: ceffda4aebd349a24fc00e591b4ed9b801535b65 # renovate: datasource=docker depName=golangci/golangci-lint versioning=semver GOLANGCI_LINT_VERSION: v2.4.0 cmds: - > GITHUB_REF= dagger -s call -m github.com/sagikazarmark/daggerverse/golangci-lint@${DAGGER_GOLANGCI_LINT_SHA} --version ${GOLANGCI_LINT_VERSION} run --source . --config .golangci.yml stdout sources: - ./**/*.go wordlist-ordered: desc: Order the word list file cmds: - LANG=C LC_ALL=C sort .wordlist.txt > .wordlist.txt.new - mv -f .wordlist.txt.new .wordlist.txt sources: - .wordlist.txt spellcheck: desc: Run spellcheck deps: - wordlist-ordered env: # renovate: datasource=git-refs depName=spellcheck lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_SPELLCHECK_SHA: 2081731b52e85a8996fd5138c316215857a93415 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/spellcheck@${DAGGER_SPELLCHECK_SHA} spellcheck --source . with-exec --use-entrypoint --args="" stdout sources: - ./**/*.md - .spellcheck.yaml - .wordlist.txt commitlint: desc: Check for conventional commits env: # renovate: datasource=git-refs depName=commitlint lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_COMMITLINT_SHA: 2081731b52e85a8996fd5138c316215857a93415 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/commitlint@${DAGGER_COMMITLINT_SHA} lint --source . --args "--from=origin/main" stdout uncommitted: desc: Check for uncommitted changes deps: - manifest-main - apidoc - wordlist-ordered env: # renovate: datasource=git-refs depName=uncommitted lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_UNCOMMITTED_SHA: 2081731b52e85a8996fd5138c316215857a93415 cmds: - GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/uncommitted@${DAGGER_UNCOMMITTED_SHA} check-uncommitted --source . stdout sources: - ./** apidoc: desc: Update the API Reference section of the documentation deps: - controller-gen env: # renovate: datasource=git-refs depName=crd-gen-refs lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_CRDGENREF_SHA: 2081731b52e85a8996fd5138c316215857a93415 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/crd-ref-docs@${DAGGER_CRDGENREF_SHA} generate --src . --source-path api/v1 --config-file hack/crd-gen-refs/config.yaml --renderer markdown --templates-dir hack/crd-gen-refs/markdown file --path out.md export --path web/docs/plugin-barman-cloud.v1.md sources: - ./api/**/*.go - ./hack/docs/crd-gen-refs/**/* - ./Taskfile.yml docusaurus-build-test: desc: Check that the documentation builds deps: - apidoc env: # renovate: datasource=git-refs depName=docusaurus lookupName=https://github.com/levlaz/daggerverse currentValue=main DAGGER_DOCUSAURUS_SHA: 3b7d706c741b2d91d4f2ad8d0f4c4eb921cb18d6 cmds: - GITHUB_REF= dagger -s call -m github.com/levlaz/daggerverse/docusaurus@${DAGGER_DOCUSAURUS_SHA} --src web --yarn build src: - ./web/**/* docusaurus-version-is-aligned: desc: Verify that a documentation version exists for the current version of the plugin cmds: - $(dagger -s call -m dagger/check-doc-version has-version-documentation --src .) src: - .release-please-manifest.json - ./web/versions.json go-test: desc: Run go test env: # renovate: datasource=docker depName=golang versioning=semver GOLANG_IMAGE_VERSION: 1.25.0 # renovate: datasource=git-refs depname=kubernetes packageName=https://github.com/kubernetes/kubernetes versioning=semver K8S_VERSION: 1.31.0 # renovate: datasource=git-refs depName=controller-runtime packageName=https://github.com/kubernetes-sigs/controller-runtime versioning=semver SETUP_ENVTEST_VERSION: 0.21.0 cmds: - > GITHUB_REF= dagger -s call -m ./dagger/gotest --go-version ${GOLANG_IMAGE_VERSION} --kube-version ${K8S_VERSION} --setup-envtest-version ${SETUP_ENVTEST_VERSION} unit-test --src . stdout sources: - ./**/*.go generate-certs: desc: Generate certificates for the local registry run: once cmds: - > mkdir -p certs && docker volume create certs && docker run -v certs:/certs -w /certs --name certs --entrypoint=/bin/sh alpine/openssl -c ' openssl genrsa -out ca-key.pem 4096 && openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \ -subj "/O=CloudNativePG/OU=Barman Cloud Plugin Testing" && openssl genrsa -out server-key.pem 4096 && openssl req -subj "/CN={{ .REGISTRY_NAME }}" -sha256 -new -key server-key.pem -out server.csr && echo subjectAltName = DNS:{{ .REGISTRY_NAME }},IP:127.0.0.1 >> extfile.cnf && echo extendedKeyUsage = serverAuth >> extfile.cnf && openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out server-cert.pem -extfile extfile.cnf' docker cp certs:/certs/ca.pem certs/ca.pem && docker rm certs status: - docker volume inspect certs - test -f certs/ca.pem start-build-network: desc: Create a docker network for image building used by the dagger engine and the registry run: once cmds: - docker network create {{ .REGISTRY_NETWORK}} status: - docker network inspect {{ .REGISTRY_NETWORK }} start-registry: desc: Start a container registry run: once deps: - generate-certs - start-build-network env: # TODO: renovate REGISTRY_VERSION: 2 cmds: - > docker run -d --name {{ .REGISTRY_NAME }} -p {{ .REGISTRY_PORT }}:5000 --network {{ .REGISTRY_NETWORK }} -v certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-cert.pem -e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem registry:${REGISTRY_VERSION} status: - \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "{{ .REGISTRY_NAME }}" 2> /dev/null )" == 'true' \] # Start a dagger engine that mounts the CA certificate for the local registry. start-dagger-engine-for-local-builds: desc: Start a dagger engine mounting the CA run: once deps: - generate-certs - start-build-network vars: # renovate: datasource=github-tags depName=dagger/dagger versioning=semver DAGGER_VERSION: 0.18.5 DAGGER_ENGINE_IMAGE: registry.dagger.io/engine:v{{ .DAGGER_VERSION }} cmds: - > docker run -d -v /var/lib/dagger --name "{{ .DAGGER_ENGINE_CONTAINER_NAME }}" --network={{ .REGISTRY_NETWORK }} -v certs:/usr/local/share/ca-certificates/ --privileged {{ .DAGGER_ENGINE_IMAGE }} status: - \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "{{ .DAGGER_ENGINE_CONTAINER_NAME }}" 2> /dev/null )" == 'true' \] # We build an image and push it to a local registry. # The name is always `plugin-barman-cloud:testing`. build-plugin-image: desc: Build the operator container image for the plugin deps: - start-registry - start-dagger-engine-for-local-builds env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bba3a4ee46fd663a5577337e2221db56c646a0b7 _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }} cmds: - > GITHUB_REF= dagger -s call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} build --dir . --file containers/Dockerfile.plugin --platform linux/amd64 publish --ref {{ .REGISTRY_NAME }}:{{ .REGISTRY_PORT }}/plugin-barman-cloud --tags testing # We build an image and push it to a local registry. # The name is always `sidecar-barman-cloud:testing`. build-sidecar-image: desc: Build the sidecar container image for the plugin deps: - start-registry - start-dagger-engine-for-local-builds env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bba3a4ee46fd663a5577337e2221db56c646a0b7 _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }} cmds: - > GITHUB_REF= dagger -s call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 publish --ref {{ .REGISTRY_NAME }}:{{ .REGISTRY_PORT }}/sidecar-barman-cloud --tags testing build-images: desc: Build the container images for the plugin deps: - build-plugin-image - build-sidecar-image # Install kind if not at the expected version. install-kind: desc: Install kind run: once vars: # renovate: datasource=git-refs depName=kind lookupName=https://github.com/kubernetes-sigs/kind versioning=semver KIND_VERSION: v0.29.0 cmds: - go install sigs.k8s.io/kind@{{.KIND_VERSION}} - kind version | grep -q {{.KIND_VERSION}} status: - kind version | grep -q {{.KIND_VERSION}} start-kind-cluster: desc: Start a kind cluster deps: - install-kind - start-build-network - generate-certs run: once cmds: - > kind create cluster --name {{ .E2E_CLUSTER_NAME }} --image kindest/node:{{ .E2E_KUBERNETES_VERSION }} --config hack/kind-config.yaml --wait 5m - > for node in $(kind get nodes --name {{ .E2E_CLUSTER_NAME }} ); do docker network connect {{ .REGISTRY_NETWORK }} $node; docker exec $node sh -c "update-ca-certificates"; done status: - kind get clusters | grep -q {{ .E2E_CLUSTER_NAME }} # TODO: see if it is possible to daggerize this. It will have to manage docker to make kind work. # TODO: add a task to clean up the kind cluster for new test runs. # Run the e2e tests. This task will start a kind cluster, deploy the plugin, and run the tests. # Running the e2e tests requires: # * The registry to have a valid TLS certificate. # * The registry to be in the same network of the dagger-engine. # * The dagger-engine to mount the CA. # * The kind cluster to mount the CA. e2e-external-kind: desc: Run e2e tests in a local kind cluster deps: - build-images - start-kind-cluster vars: # renovate: datasource=docker depName=golang versioning=semver GOLANG_IMAGE_VERSION: 1.25.0 KUBECONFIG_PATH: sh: mktemp -t kubeconfig-XXXXX env: _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }} cmds: - kind get kubeconfig --internal --name {{ .E2E_CLUSTER_NAME }} > {{ .KUBECONFIG_PATH }} - > GITHUB_REF= dagger call -m dagger/e2e/ run --source . --kubeconfig {{.KUBECONFIG_PATH}} --go-version {{ .GOLANG_IMAGE_VERSION }} e2e-ephemeral: desc: Run e2e tests in an ephemeral k3s cluster deps: - build-images vars: # renovate: datasource=docker depName=golang versioning=semver GOLANG_IMAGE_VERSION: 1.25.0 env: _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }} cmds: - > GITHUB_REF= dagger call -m dagger/e2e/ run-ephemeral --source . --ca certs/ca.pem --registry {{.REGISTRY_NAME}}:{{.REGISTRY_PORT}} --go-version {{ .GOLANG_IMAGE_VERSION }} ci: desc: Run the CI pipeline deps: - spellcheck - commitlint - uncommitted - lint - go-test - e2e-ephemeral - docusaurus-build-test - docusaurus-version-is-aligned publish: desc: Build and publish a container image for the plugin requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME - REGISTRY_USER - REGISTRY_PASSWORD vars: PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} # remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs, # where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs. IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}' env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bba3a4ee46fd663a5577337e2221db56c646a0b7 cmds: - > dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} --registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD build --dir . --file containers/Dockerfile.plugin --platform linux/amd64 --platform linux/arm64 publish --ref {{.PLUGIN_IMAGE_NAME}} --tags {{.IMAGE_VERSION}} - > dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} --registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64 publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}} publish-barman-base: desc: Build and publish a barman-cloud base container image vars: BARMAN_BASE_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-base{{if not (hasPrefix "refs/heads/main" .GITHUB_REF)}}-testing{{end}} BARMAN_VERSION: sh: grep "^barman" containers/sidecar-requirements.in | sed -E 's/.*==([^ ]+)/\1/' BUILD_DATE: sh: date +"%Y%m%d%H%M" requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME - REGISTRY_USER - REGISTRY_PASSWORD env: # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main DAGGER_DOCKER_SHA: bba3a4ee46fd663a5577337e2221db56c646a0b7 cmds: - > dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA} --registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD build --dir . --file containers/Dockerfile.barmanbase --platform linux/amd64 --platform linux/arm64 publish --ref {{.BARMAN_BASE_IMAGE_NAME}} --tags "{{.BARMAN_VERSION}}-{{.BUILD_DATE}}" controller-gen: desc: Run controller-gen run: once env: # renovate: datasource=git-refs depName=controller-gen lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main DAGGER_CONTROLLER_GEN_SHA: 2081731b52e85a8996fd5138c316215857a93415 cmds: - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA} controller-gen --source . --args object:headerFile=hack/boilerplate.go.txt --args paths=./api/... file --path api/v1/zz_generated.deepcopy.go export --path api/v1/zz_generated.deepcopy.go - > GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA} controller-gen --source . --args rbac:roleName=plugin-barman-cloud --args crd --args webhook --args paths=./api/... --args paths=./internal/... --args output:crd:artifacts:config=config/crd/bases directory --path config/ filter --include crd/bases/,rbac/ export --path config/ sources: - ./api/**/*.go - ./internal/**/*.go generates: - ./api/v1/zz_generated.deepcopy.go - ./config/rbac/role.yaml - ./config/crd/bases/*.yaml manifest-main: deps: - controller-gen desc: Generate the manifest for the main branch vars: GITHUB_REPOSITORY: cloudnative-pg/plugin-barman-cloud GITHUB_REF: main GITHUB_REF_NAME: main cmds: - task: manifest-internal vars: GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}' GITHUB_REF: '{{.GITHUB_REF}}' GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}' manifest: desc: Generate the manifest to be uploaded to the release or as a workflow artifact deps: - controller-gen requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME cmds: - task: manifest-internal vars: GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}' GITHUB_REF: '{{.GITHUB_REF}}' GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}' manifest-internal: desc: Update the image in the Kustomization label: manifest-internal-{{.GITHUB_REF_NAME}} internal: true requires: vars: - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME vars: PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}} # remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs, # where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs. IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}' env: # renovate: datasource=git-refs depName=kustomize lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main DAGGER_KUSTOMIZE_SHA: ceffda4aebd349a24fc00e591b4ed9b801535b65 cmds: - > dagger -s call -m https://github.com/sagikazarmark/daggerverse/kustomize@${DAGGER_KUSTOMIZE_SHA} edit --source . --dir kubernetes set image --image plugin-barman-cloud={{.PLUGIN_IMAGE_NAME}}:{{.IMAGE_VERSION}} set secret --secret plugin-barman-cloud --from-literal SIDECAR_IMAGE={{.SIDECAR_IMAGE_NAME}}:{{.IMAGE_VERSION}} directory directory --path kubernetes export --path manifest-build - > dagger -s call -m github.com/sagikazarmark/daggerverse/kustomize@${DAGGER_KUSTOMIZE_SHA} build --source . --dir manifest-build export --path manifest.yaml sources: - ./config/**/*.yaml - ./kubernetes/**/*.yaml generates: - ./manifest.yaml upload-manifest-to-release: desc: Upload the manifest to the release requires: # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here # to prevent running this task locally by accident. vars: - CI - GITHUB_REPOSITORY - GITHUB_REF - GITHUB_REF_NAME - GITHUB_TOKEN env: # renovate: datasource=git-refs depName=gh lookupName=https://github.com/sagikazarmark/daggerverse DAGGER_GH_SHA: ceffda4aebd349a24fc00e591b4ed9b801535b65 preconditions: - sh: "[[ {{.GITHUB_REF}} =~ 'refs/tags/v.*' ]]" msg: not a tag, failing cmds: - > dagger -s call -m github.com/sagikazarmark/daggerverse/gh@${DAGGER_GH_SHA} with-source --source . run --repo {{.GITHUB_REPOSITORY}} --token env:GITHUB_TOKEN --cmd "release upload {{.GITHUB_REF_NAME}} manifest.yaml" clean: desc: Remove autogenerated artifacts cmds: - rm -rf .task/