marco/plugin-barman-cloud
1
0
Fork 0
mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-01-11 21:23:12 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
b7daaac075
plugin-barman-cloud/Taskfile.yml
Francesco Canovai 2a413c7b6b
ci: add manifest for images generated by main branch (#92) 
Automatically generate a manifest.yaml file that can be applied to
evaluate the content of the latest commit of the main branch.

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
2024-12-10 15:58:17 +01:00

369 lines
15 KiB
YAML
Raw Blame History

version: 3
# Environment variables that are shared across tasks.
env:
REGISTRY_NETWORK: barman-cloud-plugin
REGISTRY_NAME: registry.barman-cloud-plugin
REGISTRY_PORT: 5000
DAGGER_ENGINE_CONTAINER_NAME: e2e-dagger-engine
tasks:
lint:
desc: Run golangci-lint
env:
# renovate: datasource=git-refs depName=golangci-lint lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main
DAGGER_GOLANGCI_LINT_SHA: 32b01ce09db8bfc7ef06dec92ea20d42855cbf81
cmds:
- >
GITHUB_REF= dagger -s call -m github.com/sagikazarmark/daggerverse/golangci-lint@${DAGGER_GOLANGCI_LINT_SHA}
with-linter-cache --cache golangci-lint
with-build-cache --cache go-build
with-module-cache --cache go-mod
run --source . --config .golangci.yml stdout
sources:
- ./**/*.go
spellcheck:
desc: Run spellcheck
env:
# renovate: datasource=git-refs depName=spellcheck lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
DAGGER_SPELLCHECK_SHA: fa2e604b785c0ff9252a807097fc1215e10df486
cmds:
- >
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/spellcheck@${DAGGER_SPELLCHECK_SHA}
spellcheck --source . with-exec --use-entrypoint --args="" stdout
sources:
- ./**/*.md
- .spellcheck.yaml
- .wordlist.txt
commitlint:
desc: Check for conventional commits
env:
# renovate: datasource=git-refs depName=commitlint lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
DAGGER_COMMITLINT_SHA: fa2e604b785c0ff9252a807097fc1215e10df486
cmds:
- >
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/commitlint@${DAGGER_COMMITLINT_SHA}
lint --source . --args "--from=origin/main" stdout
uncommitted:
desc: Check for uncommitted changes
deps:
- manifest-main
env:
# renovate: datasource=git-refs depName=uncommitted lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
DAGGER_UNCOMMITTED_SHA: fa2e604b785c0ff9252a807097fc1215e10df486
cmds:
- GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/uncommitted@${DAGGER_UNCOMMITTED_SHA} check-uncommitted --source . stdout
sources:
- ./**
go-test:
desc: Run go test
env:
# renovate: datasource=docker depName=golang versioning=semver
GOLANG_IMAGE_VERSION: 1.23.4
# renovate: datasource=git-refs depname=kubernetes packageName=https://github.com/kubernetes/kubernetes versioning=semver
K8S_VERSION: 1.31.0
# renovate: datasource=git-refs depName=controller-runtime packageName=https://github.com/kubernetes-sigs/controller-runtime versioning=semver
SETUP_ENVTEST_VERSION: 0.19.2
cmds:
- >
GITHUB_REF= dagger -s call -m ./dagger/gotest
--go-version ${GOLANG_IMAGE_VERSION}
--kube-version ${K8S_VERSION}
--setup-envtest-version ${SETUP_ENVTEST_VERSION}
unit-test --src .
sources:
- ./**/*.go
generate-certs:
desc: Generate certificates for the local registry
run: once
cmds:
- >
mkdir -p certs &&
pushd certs &&
openssl genrsa -out ca-key.pem 4096 &&
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \
-subj "/O=CloudNativePG/OU=Barman Cloud Plugin Testing" &&
openssl genrsa -out server-key.pem 4096 &&
openssl req -subj "/CN=${REGISTRY_NAME}" -sha256 -new -key server-key.pem -out server.csr &&
echo subjectAltName = DNS:${REGISTRY_NAME},IP:127.0.0.1 >> extfile.cnf &&
echo extendedKeyUsage = serverAuth >> extfile.cnf &&
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf &&
popd
status:
- test -f certs/ca-key.pem
- test -f certs/ca.pem
- test -f certs/server-key.pem
- test -f certs/server.csr
- test -f certs/server-cert.pem
start-build-network:
desc: Create a docker network for image building used by the dagger engine and the registry
run: once
cmds:
- docker network create ${REGISTRY_NETWORK}
status:
- docker network inspect ${REGISTRY_NETWORK}
start-registry:
desc: Start a container registry
run: once
deps:
- generate-certs
- start-build-network
env:
# TODO: renovate
REGISTRY_VERSION: 2
cmds:
- >
docker run -d --name ${REGISTRY_NAME}
-p ${REGISTRY_PORT}:5000
--network ${REGISTRY_NETWORK}
-v $(pwd)/certs:/certs
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-cert.pem -e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem
registry:${REGISTRY_VERSION}
status:
- \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "${REGISTRY_NAME}" 2> /dev/null )" == 'true' \]
# Start a dagger engine that mounts the CA certificate for the local registry.
start-dagger-engine-for-local-builds:
desc: Start a dagger engine mounting the CA
run: once
deps:
- generate-certs
- start-build-network
vars:
# renovate: datasource=github-tags depName=dagger/dagger versioning=semver
DAGGER_VERSION: 0.14.0
DAGGER_ENGINE_IMAGE: registry.dagger.io/engine:v{{ .DAGGER_VERSION }}
cmds:
- >
docker run -d -v /var/lib/dagger --name "${DAGGER_ENGINE_CONTAINER_NAME}"
--network=${REGISTRY_NETWORK}
-v $(pwd)/certs/ca.pem:/usr/local/share/ca-certificates/ca.crt
--privileged {{ .DAGGER_ENGINE_IMAGE }}
status:
- \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "${DAGGER_ENGINE_CONTAINER_NAME}" 2> /dev/null )" == 'true' \]
# We build an image and push it to a local registry.
# The name is always `plugin-barman-cloud:testing`.
build-plugin-image:
desc: Build the operator container image for the plugin
deps:
- start-registry
- start-dagger-engine-for-local-builds
env:
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
DAGGER_DOCKER_SHA: bd405d35e41180483a520e5a7f94d0e1069178c5
_EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{.DAGGER_ENGINE_CONTAINER_NAME}}
cmds:
- >
GITHUB_REF= dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
build --dir . --file containers/Dockerfile.plugin --platform linux/amd64
publish --ref ${REGISTRY_NAME}:${REGISTRY_PORT}/plugin-barman-cloud --tags testing
# We build an image and push it to a local registry.
# The name is always `sidecar-barman-cloud:testing`.
build-sidecar-image:
desc: Build the sidecar container image for the plugin
deps:
- start-registry
- start-dagger-engine-for-local-builds
env:
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
DAGGER_DOCKER_SHA: bd405d35e41180483a520e5a7f94d0e1069178c5
_EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{.DAGGER_ENGINE_CONTAINER_NAME}}
cmds:
- >
GITHUB_REF= dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64
publish --ref ${REGISTRY_NAME}:${REGISTRY_PORT}/sidecar-barman-cloud --tags testing
build-images:
desc: Build the container images for the plugin
deps:
- build-plugin-image
- build-sidecar-image
# TODO: see if it is possible to daggerize this. It will have to manage docker to make kind work.
# TODO: add a task to clean up the kind cluster for new test runs.
# Run the e2e tests. This task will start a kind cluster, deploy the plugin, and run the tests.
# Running the e2e tests requires:
# * The registry to have a valid TLS certificate.
# * The registry to be in the same network of the dagger-engine.
# * The dagger-engine to mount the CA.
# * The kind cluster to mount the CA.
e2e:
desc: Run e2e tests
deps:
- build-images
cmds:
- go test -timeout 60m -v ./test/e2e
ci:
desc: Run the CI pipeline
deps:
- spellcheck
- commitlint
- uncommitted
- lint
- go-test
- e2e
publish:
desc: Build and publish a container image for the plugin
requires:
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
# to prevent running this task locally by accident.
vars:
- CI
- GITHUB_REPOSITORY
- GITHUB_REF
- GITHUB_REF_NAME
- REGISTRY_USER
- REGISTRY_PASSWORD
vars:
PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
# remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs,
# where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs.
IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}'
env:
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
DAGGER_DOCKER_SHA: bd405d35e41180483a520e5a7f94d0e1069178c5
cmds:
- >
dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
--registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
build --dir . --file containers/Dockerfile.plugin --platform linux/amd64 --platform linux/arm64
publish --ref {{.PLUGIN_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}
- >
dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
--registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64
publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}
controller-gen:
desc: Run controller-gen
env:
# renovate: datasource=git-refs depName=controller-gen lookupName=https://github.com/cloudnative-pg/daggerverse currentValue=main
DAGGER_CONTROLLER_GEN_SHA: fa2e604b785c0ff9252a807097fc1215e10df486
cmds:
- >
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA}
controller-gen --source . --args object:headerFile=hack/boilerplate.go.txt --args paths=./api/...
file --path api/v1/zz_generated.deepcopy.go export --path api/v1/zz_generated.deepcopy.go
- >
GITHUB_REF= dagger -s call -m github.com/cloudnative-pg/daggerverse/controller-gen@${DAGGER_CONTROLLER_GEN_SHA}
controller-gen --source . --args rbac:roleName=plugin-barman-cloud --args crd --args webhook --args paths=./api/...
--args output:crd:artifacts:config=config/crd/bases directory --path config/crd/bases export --path config/crd/bases
sources:
- ./api/**/*.go
generates:
- ./api/v1/zz_generated.deepcopy.go
manifest-main:
deps:
- controller-gen
desc: Generate the manifest for the main branch
vars:
GITHUB_REPOSITORY: '{{ default "cloudnative-pg/plugin-barman-cloud" .GITHUB_REPOSITORY }}'
GITHUB_REF: main
GITHUB_REF_NAME: main
cmds:
- task: manifest-internal
vars:
GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}'
GITHUB_REF: '{{.GITHUB_REF}}'
GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}'
manifest:
desc: Generate the manifest to be uploaded to the release or as a workflow artifact
deps:
- controller-gen
requires:
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
# to prevent running this task locally by accident.
vars:
- CI
- GITHUB_REPOSITORY
- GITHUB_REF
- GITHUB_REF_NAME
cmds:
- task: manifest-internal
vars:
GITHUB_REPOSITORY: '{{.GITHUB_REPOSITORY}}'
GITHUB_REF: '{{.GITHUB_REF}}'
GITHUB_REF_NAME: '{{.GITHUB_REF_NAME}}'
manifest-internal:
desc: Update the image in the Kustomization
label: manifest-internal-{{.GITHUB_REF_NAME}}
internal: true
requires:
vars:
- GITHUB_REPOSITORY
- GITHUB_REF
- GITHUB_REF_NAME
vars:
PLUGIN_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
SIDECAR_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-sidecar{{if not (hasPrefix "refs/tags/v" .GITHUB_REF)}}-testing{{end}}
# remove /merge suffix from the branch name. This is a workaround for the GitHub workflow on PRs,
# where the branch name is suffixed with /merge. Prepend pr- to the branch name on PRs.
IMAGE_VERSION: '{{regexReplaceAll "(\\d+)/merge" .GITHUB_REF_NAME "pr-${1}"}}'
env:
# renovate: datasource=git-refs depName=kustomize lookupName=https://github.com/sagikazarmark/daggerverse currentValue=main
DAGGER_KUSTOMIZE_SHA: 32b01ce09db8bfc7ef06dec92ea20d42855cbf81
# TODO: go back to upstream module once the PR is merged
cmds:
- >
dagger -s call -m https://github.com/fcanovai/sagikazarmark-daggerverse/kustomize@kustomize-secrets
edit --source . --dir kubernetes
set image --image plugin-barman-cloud={{.PLUGIN_IMAGE_NAME}}:{{.IMAGE_VERSION}}
set secret --secret plugin-barman-cloud --from-literal SIDECAR_IMAGE={{.SIDECAR_IMAGE_NAME}}:{{.IMAGE_VERSION}}
directory directory --path kubernetes export --path manifest-build
- >
dagger -s call -m github.com/sagikazarmark/daggerverse/kustomize@${DAGGER_KUSTOMIZE_SHA}
build --source . --dir manifest-build export --path manifest.yaml
sources:
- ./config/**/*.yaml
- ./kubernetes/**/*.yaml
generates:
- ./manifest.yaml
upload-manifest-to-release:
desc: Upload the manifest to the release
requires:
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
# to prevent running this task locally by accident.
vars:
- CI
- GITHUB_REPOSITORY
- GITHUB_REF
- GITHUB_REF_NAME
- GITHUB_TOKEN
env:
# renovate: datasource=git-refs depName=gh lookupName=https://github.com/sagikazarmark/daggerverse
DAGGER_GH_SHA: 32b01ce09db8bfc7ef06dec92ea20d42855cbf81
preconditions:
- sh: "[[ {{.GITHUB_REF}} =~ 'refs/tags/v.*' ]]"
msg: not a tag, failing
cmds:
- >
dagger -s call -m github.com/sagikazarmark/daggerverse/gh@${DAGGER_GH_SHA}
with-source --source .
run --repo {{.GITHUB_REPOSITORY}} --token env:GITHUB_TOKEN
--cmd "release upload {{.GITHUB_REF_NAME}} manifest.yaml"
clean:
desc: Remove autogenerated artifacts
cmds:
- rm -rf .task/
Reference in New Issue View Git Blame Copy Permalink