mirror of
https://github.com/cloudnative-pg/plugin-barman-cloud.git
synced 2026-01-11 13:23:09 +01:00
7c218a2235
| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | docker | golang | 1.24.0 | 1.24.1 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
438 lines
17 KiB
YAML
438 lines
17 KiB
YAML
version: 3
|
|
|
|
# We have multiple parallel tasks that run for a long time. Prefix their output with the task name so we can understand
|
|
# what task is writing.
|
|
output: prefixed
|
|
|
|
# Variables that are shared across tasks.
|
|
vars:
|
|
# renovate: datasource=docker depName=kindest/node versioning=semver
|
|
E2E_KUBERNETES_VERSION: v1.32.2
|
|
E2E_CLUSTER_NAME: barman-cloud-plugin-e2e-{{.E2E_KUBERNETES_VERSION}}
|
|
REGISTRY_NETWORK: barman-cloud-plugin
|
|
REGISTRY_NAME: registry.barman-cloud-plugin
|
|
REGISTRY_PORT: 5000
|
|
DAGGER_ENGINE_CONTAINER_NAME: e2e-dagger-engine
|
|
|
|
tasks:
|
|
lint:
|
|
desc: Run golangci-lint
|
|
env:
|
|
# renovate: datasource=git-refs depName=golangci-lint lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main
|
|
DAGGER_GOLANGCI_LINT_SHA: a2a82eaee0a9f6668ee7f191de08c9fc61d7b3dc
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/sagikazarmark/daggerverse/golangci-lint@${DAGGER_GOLANGCI_LINT_SHA}
|
|
with-linter-cache --cache golangci-lint
|
|
with-build-cache --cache go-build
|
|
with-module-cache --cache go-mod
|
|
run --source . --config .golangci.yml stdout
|
|
sources:
|
|
- ./**/*.go
|
|
|
|
spellcheck:
|
|
desc: Run spellcheck
|
|
env:
|
|
# renovate: datasource=git-refs depName=spellcheck lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
|
|
DAGGER_SPELLCHECK_SHA: a20e0c26fbaed660d9970eecb9f1381149b90f01
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/spellcheck@${DAGGER_SPELLCHECK_SHA}
|
|
spellcheck --source . with-exec --use-entrypoint --args="" stdout
|
|
sources:
|
|
- ./**/*.md
|
|
- .spellcheck.yaml
|
|
- .wordlist.txt
|
|
|
|
commitlint:
|
|
desc: Check for conventional commits
|
|
env:
|
|
# renovate: datasource=git-refs depName=commitlint lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
|
|
DAGGER_COMMITLINT_SHA: a20e0c26fbaed660d9970eecb9f1381149b90f01
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/commitlint@${DAGGER_COMMITLINT_SHA}
|
|
lint --source . --args "--from=origin/main" stdout
|
|
|
|
uncommitted:
|
|
desc: Check for uncommitted changes
|
|
deps:
|
|
- manifest-main
|
|
env:
|
|
# renovate: datasource=git-refs depName=uncommitted lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
|
|
DAGGER_UNCOMMITTED_SHA: a20e0c26fbaed660d9970eecb9f1381149b90f01
|
|
cmds:
|
|
- GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/uncommitted@${DAGGER_UNCOMMITTED_SHA} check-uncommitted --source . stdout
|
|
sources:
|
|
- ./**
|
|
|
|
go-test:
|
|
desc: Run go test
|
|
env:
|
|
# renovate: datasource=docker depName=golang versioning=semver
|
|
GOLANG_IMAGE_VERSION: 1.24.1
|
|
# renovate: datasource=git-refs depname=kubernetes packageName=https://github.com/kubernetes/kubernetes versioning=semver
|
|
K8S_VERSION: 1.31.0
|
|
# renovate: datasource=git-refs depName=controller-runtime packageName=https://github.com/kubernetes-sigs/controller-runtime versioning=semver
|
|
SETUP_ENVTEST_VERSION: 0.20.2
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m ./dagger/gotest
|
|
--go-version ${GOLANG_IMAGE_VERSION}
|
|
--kube-version ${K8S_VERSION}
|
|
--setup-envtest-version ${SETUP_ENVTEST_VERSION}
|
|
unit-test --src .
|
|
sources:
|
|
- ./**/*.go
|
|
|
|
generate-certs:
|
|
desc: Generate certificates for the local registry
|
|
run: once
|
|
cmds:
|
|
- >
|
|
mkdir -p certs &&
|
|
pushd certs &&
|
|
openssl genrsa -out ca-key.pem 4096 &&
|
|
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \
|
|
-subj "/O=CloudNativePG/OU=Barman Cloud Plugin Testing" &&
|
|
openssl genrsa -out server-key.pem 4096 &&
|
|
openssl req -subj "/CN={{ .REGISTRY_NAME }}" -sha256 -new -key server-key.pem -out server.csr &&
|
|
echo subjectAltName = DNS:{{ .REGISTRY_NAME }},IP:127.0.0.1 >> extfile.cnf &&
|
|
echo extendedKeyUsage = serverAuth >> extfile.cnf &&
|
|
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
|
|
-CAcreateserial -out server-cert.pem -extfile extfile.cnf &&
|
|
popd
|
|
status:
|
|
- test -f certs/ca-key.pem
|
|
- test -f certs/ca.pem
|
|
- test -f certs/server-key.pem
|
|
- test -f certs/server.csr
|
|
- test -f certs/server-cert.pem
|
|
|
|
start-build-network:
|
|
desc: Create a docker network for image building used by the dagger engine and the registry
|
|
run: once
|
|
cmds:
|
|
- docker network create {{ .REGISTRY_NETWORK}}
|
|
status:
|
|
- docker network inspect {{ .REGISTRY_NETWORK }}
|
|
|
|
start-registry:
|
|
desc: Start a container registry
|
|
run: once
|
|
deps:
|
|
- generate-certs
|
|
- start-build-network
|
|
env:
|
|
# TODO: renovate
|
|
REGISTRY_VERSION: 2
|
|
cmds:
|
|
- >
|
|
docker run -d --name {{ .REGISTRY_NAME }}
|
|
-p {{ .REGISTRY_PORT }}:5000
|
|
--network {{ .REGISTRY_NETWORK }}
|
|
-v $(pwd)/certs:/certs
|
|
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-cert.pem -e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem
|
|
registry:${REGISTRY_VERSION}
|
|
status:
|
|
- \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "{{ .REGISTRY_NAME }}" 2> /dev/null )" == 'true' \]
|
|
|
|
|
|
# Start a dagger engine that mounts the CA certificate for the local registry.
|
|
start-dagger-engine-for-local-builds:
|
|
desc: Start a dagger engine mounting the CA
|
|
run: once
|
|
deps:
|
|
- generate-certs
|
|
- start-build-network
|
|
vars:
|
|
# renovate: datasource=github-tags depName=dagger/dagger versioning=semver
|
|
DAGGER_VERSION: 0.16.2
|
|
DAGGER_ENGINE_IMAGE: registry.dagger.io/engine:v{{ .DAGGER_VERSION }}
|
|
cmds:
|
|
- >
|
|
docker run -d -v /var/lib/dagger --name "{{ .DAGGER_ENGINE_CONTAINER_NAME }}"
|
|
--network={{ .REGISTRY_NETWORK }}
|
|
-v $(pwd)/certs/ca.pem:/usr/local/share/ca-certificates/ca.crt
|
|
--privileged {{ .DAGGER_ENGINE_IMAGE }}
|
|
status:
|
|
- \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "{{ .DAGGER_ENGINE_CONTAINER_NAME }}" 2> /dev/null )" == 'true' \]
|
|
|
|
# We build an image and push it to a local registry.
|
|
# The name is always `plugin-barman-cloud:testing`.
|
|
build-plugin-image:
|
|
desc: Build the operator container image for the plugin
|
|
deps:
|
|
- start-registry
|
|
- start-dagger-engine-for-local-builds
|
|
env:
|
|
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
|
|
DAGGER_DOCKER_SHA: 910e1ac9754f208569ac4d65f1ef52d9a2301833
|
|
_EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }}
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
|
|
build --dir . --file containers/Dockerfile.plugin --platform linux/amd64
|
|
publish --ref {{ .REGISTRY_NAME }}:{{ .REGISTRY_PORT }}/plugin-barman-cloud --tags testing
|
|
|
|
# We build an image and push it to a local registry.
|
|
# The name is always `sidecar-barman-cloud:testing`.
|
|
build-sidecar-image:
|
|
desc: Build the sidecar container image for the plugin
|
|
deps:
|
|
- start-registry
|
|
- start-dagger-engine-for-local-builds
|
|
env:
|
|
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
|
|
DAGGER_DOCKER_SHA: 910e1ac9754f208569ac4d65f1ef52d9a2301833
|
|
_EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }}
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
|
|
build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64
|
|
publish --ref {{ .REGISTRY_NAME }}:{{ .REGISTRY_PORT }}/sidecar-barman-cloud --tags testing
|
|
|
|
build-images:
|
|
desc: Build the container images for the plugin
|
|
deps:
|
|
- build-plugin-image
|
|
- build-sidecar-image
|
|
|
|
# Install kind if not at the expected version.
|
|
install-kind:
|
|
desc: Install kind
|
|
run: once
|
|
vars:
|
|
# renovate: datasource=git-refs depName=kind lookupName=https://github.com/kubernetes-sigs/kind versioning=semver
|
|
KIND_VERSION: v0.27.0
|
|
cmds:
|
|
- go install sigs.k8s.io/kind@{{.KIND_VERSION}}
|
|
- kind version | grep -q {{.KIND_VERSION}}
|
|
status:
|
|
- kind version | grep -q {{.KIND_VERSION}}
|
|
|
|
start-kind-cluster:
|
|
desc: Start a kind cluster
|
|
deps:
|
|
- install-kind
|
|
- start-build-network
|
|
run: once
|
|
cmds:
|
|
- >
|
|
kind create cluster --name {{ .E2E_CLUSTER_NAME }}
|
|
--image kindest/node:{{ .E2E_KUBERNETES_VERSION }}
|
|
--config hack/kind-config.yaml
|
|
--wait 5m
|
|
- >
|
|
for node in $(kind get nodes --name {{ .E2E_CLUSTER_NAME }} ); do
|
|
docker network connect {{ .REGISTRY_NETWORK }} $node;
|
|
docker exec $node sh -c "update-ca-certificates";
|
|
done
|
|
status:
|
|
- kind get clusters | grep -q {{ .E2E_CLUSTER_NAME }}
|
|
|
|
# TODO: see if it is possible to daggerize this. It will have to manage docker to make kind work.
|
|
# TODO: add a task to clean up the kind cluster for new test runs.
|
|
# Run the e2e tests. This task will start a kind cluster, deploy the plugin, and run the tests.
|
|
# Running the e2e tests requires:
|
|
# * The registry to have a valid TLS certificate.
|
|
# * The registry to be in the same network of the dagger-engine.
|
|
# * The dagger-engine to mount the CA.
|
|
# * The kind cluster to mount the CA.
|
|
e2e-external-kind:
|
|
desc: Run e2e tests in a local kind cluster
|
|
deps:
|
|
- build-images
|
|
- start-kind-cluster
|
|
vars:
|
|
# renovate: datasource=docker depName=golang versioning=semver
|
|
GOLANG_IMAGE_VERSION: 1.24.1
|
|
KUBECONFIG_PATH:
|
|
sh: mktemp -t kubeconfig-XXXXX
|
|
env:
|
|
_EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }}
|
|
cmds:
|
|
- kind get kubeconfig --internal --name {{ .E2E_CLUSTER_NAME }} > {{ .KUBECONFIG_PATH }}
|
|
- >
|
|
GITHUB_REF= dagger call -m dagger/e2e/ run
|
|
--source .
|
|
--kubeconfig {{.KUBECONFIG_PATH}}
|
|
--go-version {{ .GOLANG_IMAGE_VERSION }}
|
|
|
|
e2e-ephemeral:
|
|
desc: Run e2e tests in an ephemeral k3s cluster
|
|
deps:
|
|
- build-images
|
|
vars:
|
|
# renovate: datasource=docker depName=golang versioning=semver
|
|
GOLANG_IMAGE_VERSION: 1.24.1
|
|
env:
|
|
_EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }}
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger call -m dagger/e2e/ run-ephemeral
|
|
--source .
|
|
--ca certs/ca.pem
|
|
--registry {{.REGISTRY_NAME}}:{{.REGISTRY_PORT}}
|
|
--go-version {{ .GOLANG_IMAGE_VERSION }}
|
|
|
|
ci:
|
|
desc: Run the CI pipeline
|
|
deps:
|
|
- spellcheck
|
|
- commitlint
|
|
- uncommitted
|
|
- lint
|
|
- go-test
|
|
- e2e-ephemeral
|
|
|
|
publish:
|
|
desc: Build and publish a container image for the plugin
|
|
requires:
|
|
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
|
|
# to prevent running this task locally by accident.
|
|
vars:
|
|
- CI
|
|
- GITHUB_REPOSITORY
|
|
- GITHUB_REF
|
|
- GITHUB_REF_NAME
|
|
- REGISTRY_USER
|
|
- REGISTRY_PASSWORD
|
|
vars:
|
|
PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
|
|
SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
|
|
# remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs,
|
|
# where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs.
|
|
IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}'
|
|
env:
|
|
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
|
|
DAGGER_DOCKER_SHA: 910e1ac9754f208569ac4d65f1ef52d9a2301833
|
|
cmds:
|
|
- >
|
|
dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
|
|
--registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
|
|
build --dir . --file containers/Dockerfile.plugin --platform linux/amd64 --platform linux/arm64
|
|
publish --ref {{.PLUGIN_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}
|
|
- >
|
|
dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
|
|
--registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
|
|
build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64
|
|
publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}
|
|
|
|
|
|
controller-gen:
|
|
desc: Run controller-gen
|
|
env:
|
|
# renovate: datasource=git-refs depName=controller-gen lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
|
|
DAGGER_CONTROLLER_GEN_SHA: a20e0c26fbaed660d9970eecb9f1381149b90f01
|
|
cmds:
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA}
|
|
controller-gen --source . --args object:headerFile=hack/boilerplate.go.txt --args paths=./api/...
|
|
file --path api/v1/zz_generated.deepcopy.go export --path api/v1/zz_generated.deepcopy.go
|
|
- >
|
|
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA}
|
|
controller-gen --source . --args rbac:roleName=plugin-barman-cloud --args crd --args webhook --args paths=./api/...
|
|
--args output:crd:artifacts:config=config/crd/bases directory --path config/crd/bases export --path config/crd/bases
|
|
sources:
|
|
- ./api/**/*.go
|
|
generates:
|
|
- ./api/v1/zz_generated.deepcopy.go
|
|
|
|
manifest-main:
|
|
deps:
|
|
- controller-gen
|
|
desc: Generate the manifest for the main branch
|
|
vars:
|
|
GITHUB_REPOSITORY: cloudnative-pg/plugin-barman-cloud
|
|
GITHUB_REF: main
|
|
GITHUB_REF_NAME: main
|
|
cmds:
|
|
- task: manifest-internal
|
|
vars:
|
|
GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}'
|
|
GITHUB_REF: '{{.GITHUB_REF}}'
|
|
GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}'
|
|
|
|
manifest:
|
|
desc: Generate the manifest to be uploaded to the release or as a workflow artifact
|
|
deps:
|
|
- controller-gen
|
|
requires:
|
|
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
|
|
# to prevent running this task locally by accident.
|
|
vars:
|
|
- CI
|
|
- GITHUB_REPOSITORY
|
|
- GITHUB_REF
|
|
- GITHUB_REF_NAME
|
|
cmds:
|
|
- task: manifest-internal
|
|
vars:
|
|
GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}'
|
|
GITHUB_REF: '{{.GITHUB_REF}}'
|
|
GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}'
|
|
|
|
manifest-internal:
|
|
desc: Update the image in the Kustomization
|
|
label: manifest-internal-{{.GITHUB_REF_NAME}}
|
|
internal: true
|
|
requires:
|
|
vars:
|
|
- GITHUB_REPOSITORY
|
|
- GITHUB_REF
|
|
- GITHUB_REF_NAME
|
|
vars:
|
|
PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
|
|
SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
|
|
# remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs,
|
|
# where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs.
|
|
IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}'
|
|
env:
|
|
# renovate: datasource=git-refs depName=kustomize lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main
|
|
DAGGER_KUSTOMIZE_SHA: a2a82eaee0a9f6668ee7f191de08c9fc61d7b3dc
|
|
cmds:
|
|
- >
|
|
dagger -s call -m https://github.com/sagikazarmark/daggerverse/kustomize@${DAGGER_KUSTOMIZE_SHA}
|
|
edit --source . --dir kubernetes
|
|
set image --image plugin-barman-cloud={{.PLUGIN_IMAGE_NAME}}:{{.IMAGE_VERSION}}
|
|
set secret --secret plugin-barman-cloud --from-literal SIDECAR_IMAGE={{.SIDECAR_IMAGE_NAME}}:{{.IMAGE_VERSION}}
|
|
directory directory --path kubernetes export --path manifest-build
|
|
- >
|
|
dagger -s call -m github.com/sagikazarmark/daggerverse/kustomize@${DAGGER_KUSTOMIZE_SHA}
|
|
build --source . --dir manifest-build export --path manifest.yaml
|
|
sources:
|
|
- ./config/**/*.yaml
|
|
- ./kubernetes/**/*.yaml
|
|
generates:
|
|
- ./manifest.yaml
|
|
|
|
upload-manifest-to-release:
|
|
desc: Upload the manifest to the release
|
|
requires:
|
|
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
|
|
# to prevent running this task locally by accident.
|
|
vars:
|
|
- CI
|
|
- GITHUB_REPOSITORY
|
|
- GITHUB_REF
|
|
- GITHUB_REF_NAME
|
|
- GITHUB_TOKEN
|
|
env:
|
|
# renovate: datasource=git-refs depName=gh lookupName=https://github.com/sagikazarmark/daggerverse
|
|
DAGGER_GH_SHA: a2a82eaee0a9f6668ee7f191de08c9fc61d7b3dc
|
|
preconditions:
|
|
- sh: "[[ {{.GITHUB_REF}} =~ 'refs/tags/v.*' ]]"
|
|
msg: not a tag, failing
|
|
cmds:
|
|
- >
|
|
dagger -s call -m github.com/sagikazarmark/daggerverse/gh@${DAGGER_GH_SHA}
|
|
with-source --source .
|
|
run --repo {{.GITHUB_REPOSITORY}} --token env:GITHUB_TOKEN
|
|
--cmd "release upload {{.GITHUB_REF_NAME}} manifest.yaml"
|
|
|
|
clean:
|
|
desc: Remove autogenerated artifacts
|
|
cmds:
|
|
- rm -rf .task/
|