diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 87d0c7b15..000000000 --- a/.drone.yml +++ /dev/null @@ -1,191 +0,0 @@ ---- -kind: pipeline -name: amd64 -type: docker - -platform: - os: linux - arch: amd64 - -steps: - - name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - - - name: integration-test - image: rancher/rancher:v2.9-head - pull: always - privileged: true - commands: - - zypper -n install helm - - scripts/integration-test - - - name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/rancher-webhook" - tag: "${DRONE_TAG}-amd64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: arm64 -type: docker - -platform: - os: linux - arch: arm64 - -steps: - - name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - - - name: integration-test - image: rancher/rancher:v2.9-head - pull: always - privileged: true - commands: - - zypper -n install helm - - scripts/integration-test - - - name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/rancher-webhook" - tag: "${DRONE_TAG}-arm64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: manifest -type: docker - -platform: - os: linux - arch: amd64 - -steps: - - name: manifest - image: plugins/manifest:1.4.0 - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - platforms: - - linux/amd64 - - linux/arm64 - target: "rancher/rancher-webhook:${DRONE_TAG}" - template: "rancher/rancher-webhook:${DRONE_TAG}-ARCH" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -depends_on: - - amd64 - - arm64 - ---- -kind: pipeline -name: fossa -type: docker - -steps: - - name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..32505efdf --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,93 @@ +# Add a comment to force a change. + +name: Webhook CI + +on: + workflow_call: + push: + branches: + - release/v* + paths-ignore: + - '*.md' + - '.gitignore' + - 'CODEOWNERS' + - 'LICENSE' + pull_request: + paths-ignore: + - '*.md' + - '.gitignore' + - 'CODEOWNERS' + - 'LICENSE' + +permissions: + contents: read + +jobs: + build: + name: CI + runs-on : ubuntu-latest + strategy: + matrix: + arch: + - amd64 + # TODO: See wrangler for an example of how to run tests on arm64, not ready here + # - arm64 + steps: + - name : Checkout repository + uses : actions/checkout@v4 + + # TODO: Pull this next one out once there's a helm-release for rancher 2.9 + - name : Checkout rancher/rancher and build the chart + run: | + pushd "${{ runner.temp}}" + git clone --depth 1 -b release/v2.9 https://github.com/rancher/rancher.git rancherDir + cd rancherDir + ./scripts/chart/build chart + sed -i -e 's/kubeVersion: < 1.29.0-0/kubeVersion: < 1.30.0-0/' build/chart/rancher/Chart.yaml + tar cfz "${{ runner.temp }}/rancher.tgz" -C build/chart/rancher . + popd + + - run : make ci + name: ci + +# - name: Build an image for integration testing +# run: ./scripts/package-for-ci +# env: +# ARCH: "${{ matrix.arch }}" +# SHA: "${{ github.sha }}" + + - name : install K3d + run : ./.github/workflows/scripts/install-k3d.sh + + - name : setup cluster + run : ./.github/workflows/scripts/setup-cluster.sh + env: + CLUSTER_NAME: webhook + K3S_VERSION: v1.28.9-k3s1 + ARCH: "${{ matrix.arch }}" + + - name : import image + run : k3d image import dist/rancher-webhook-image.tar -c webhook + + - name : start rancher + run : ./.github/workflows/scripts/start-rancher.sh + env: + ARCH: "${{ matrix.arch }}" + CHART_PATH: "${{ runner.temp }}/rancher.tgz" + RANCHER_IMAGE_TAG: "v2.9-head" + VERSION: "2.9" + + - name : debug show image_tag file + run : cat dist/image_tag + + - name : get vars + run : cat dist/image_tag >> $GITHUB_ENV + + - name : Run integration tests + run : ./.github/workflows/scripts/integration-test-ci + env: + ARCH: "${{ matrix.arch }}" + CLUSTER_NAME: webhook + IMAGE_REPO: rancher/webhook + IMAGE_TAG: "${{ env.TAG }}" + diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 000000000..4760ea10a --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,54 @@ +name : Publish Webhook Images + +on: + push: + tags: + - "*" + +env: + REGISTRY: docker.io + REPO : rancher + +jobs: + ci : + uses: rancher/webhook/.github/workflows/ci.yaml@release/v0.5 + permissions: + contents: read + push: + needs : [ + ci + ] + permissions: + contents : read + id-token: write + name : Build and push Webhook images + runs-on : ubuntu-latest + steps: + - name : "Read vault secrets" + uses : rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + - name : Checkout repository + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + # setup tag name + - if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV + - name: Build and push the webhook image + uses: docker/build-push-action@v5 + with: + context: . + file: ./package/Dockerfile + push: true + tags: ${{ env.REGISTRY }}/${{ env.REPO }}/webhook:${{ env.TAG_NAME }} + platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..2fa0f16de --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,37 @@ +name: goreleaser + +on: + push: + tags: + - '*' + +permissions: + contents: write + +jobs: + ci: + uses: rancher/webhook/.github/workflows/ci.yaml@release/v0.5 + permissions: + contents: read + goreleaser: + needs: [ + ci + ] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-tags: true + - uses: actions/setup-go@v5 + with: + go-version: 1.22 + - name: Package release helm charts + run: make package-helm + - run: mkdir -p ./build/artifacts/ && mv -v ./dist/artifacts/ ./build/ + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scripts/install-k3d.sh b/.github/workflows/scripts/install-k3d.sh new file mode 100755 index 000000000..51ed39f9f --- /dev/null +++ b/.github/workflows/scripts/install-k3d.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e +set -x + +K3D_URL=https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh +DEFAULT_K3D_VERSION=v5.4.6 + +install_k3d(){ + local k3dVersion=${K3D_VERSION:-${DEFAULT_K3D_VERSION}} + echo -e "Downloading k3d@${k3dVersion} see: ${K3D_URL}" + curl --silent --fail ${K3D_URL} | TAG=${k3dVersion} bash +} + +install_k3d + +k3d version \ No newline at end of file diff --git a/.github/workflows/scripts/integration-test-ci b/.github/workflows/scripts/integration-test-ci new file mode 100755 index 000000000..2481d00fc --- /dev/null +++ b/.github/workflows/scripts/integration-test-ci @@ -0,0 +1,82 @@ +#!/bin/bash +set -eux + +cd $(dirname $0)/../../.. +DIST_DIR="$PWD"/dist + +source ./scripts/version +# Source tags file to get the last built tags +source ./dist/tags + +set -o pipefail + +source ./.github/workflows/scripts/try.sh + +set +e + +# Wait for rancher to start up +try --waitmsg "Waiting for rancher to start" --failmsg "No rancher here" kubectl rollout status --watch=true --timeout=10s -n cattle-system deploy/rancher +echo "Rancher deployed" + +# Wait for the system to spawn a rancher-webhook deployment +webhook_deployment_created() { + kubectl get deployments -n cattle-system | grep rancher-webhook +} +try --max 48 --delay 5 --waitmsg "Waiting for a rancher-webhook deployment to be created" --failmsg "Deployment creation failed" webhook_deployment_created + +try --waitmsg "Waiting for rancher/webhook to be deployed" --failmsg "No rancher/webhook here" kubectl rollout status --watch=true --timeout=10s -n cattle-system deploy/rancher-webhook +echo "Rancher deployed" + +webhook_deployed() { + status=$(kubectl get apps.catalog.cattle.io -n cattle-system rancher-webhook -o jsonpath="{@.status.summary.state}") && [[ "$status" == "deployed" ]] +} + +# Wait for Rancher to deploy rancher-webhook. +try --waitmsg "Waiting for webhook to be deployed (2)" webhook_deployed +echo "Webhook deployed" + +# Shut down the core rancher part, but leave the rest of the rancher environment running +set -e +echo "Shutting down core rancher" +kubectl scale deploy rancher -n cattle-system --replicas=0 +kubectl wait pods -l app=rancher --for=delete -n cattle-system + +echo "Uploading new webhook image" + +# Install the webhook chart we just built. +upgrade_rancher_webhook() { + helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tgz -n cattle-system \ + --wait --timeout=120s --set image.repository="${IMAGE_REPO}" --set image.tag="${IMAGE_TAG}" --reuse-values --debug +} + +set +e + +upgrade_rancher_webhook +x=$(kubectl get pods -n cattle-system -l app=rancher-webhook | grep -v -e Running -e NAME | awk '{print $1}') +if [ -n "$x" ] ; then + echo "Logs for failed rancher-webhook $x ": + kubectl get pods -n cattle-system -l app=rancher-webhook + kubectl get pod "$x" -n cattle-system + kubectl logs pod/"$x" -n cattle-system + kubectl describe pod/"$x" -n cattle-system + try --max 4 --failmsg "Couldn't helm upgrade rancher-webhook" upgrade_rancher_webhook +fi + +# Done trying things, so reinstate 'set -e' +set -e + +./bin/rancher-webhook-integration.test -test.v -test.run IntegrationTest + +# Install the webhook chart with new ports. +helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tgz -n cattle-system \ + --wait --reuse-values --set port=443 + +# Test that the ports are set as expected and run a single integration test to verify the webhook is still accessible. +./bin/rancher-webhook-integration.test -test.v -test.run PortTest +./bin/rancher-webhook-integration.test -test.v -test.run IntegrationTest -testify.m TestGlobalRole + +# Scale down rancher-webhook so that we can run tests on the FailurePolicy. +kubectl scale deploy rancher-webhook -n cattle-system --replicas=0 +kubectl wait pods -l app=rancher-webhook --for=delete -n cattle-system +kubectl wait pods -l app=rancher-webhook --for=delete -n cattle-system +./bin/rancher-webhook-integration.test -test.v -test.run FailurePolicyTest diff --git a/.github/workflows/scripts/setup-cluster.sh b/.github/workflows/scripts/setup-cluster.sh new file mode 100755 index 000000000..8da39fc0f --- /dev/null +++ b/.github/workflows/scripts/setup-cluster.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +set -e + +source ./scripts/version +set -x + +echo $TAG + +if [ -z "$CLUSTER_NAME" ]; then + echo "CLUSTER_NAME must be specified when setting up a cluster" + exit 1 +fi + +if [ -z "$K3S_VERSION" ]; then + echo "K3S_VERSION must be specified when setting up a cluster, use $(k3d version list k3s) to find valid versions" + exit 1 +fi + +# waits until all nodes are ready +wait_for_nodes(){ + timeout=120 + start_time=$(date +%s) + echo "wait until all agents are ready" + while : + do + current_time=$(date +%s) + elapsed_time=$((current_time - start_time)) + if [ $elapsed_time -ge $timeout ]; then + echo "Timeout reached, exiting..." + exit 1 + fi + + readyNodes=1 + statusList=$(kubectl get nodes --no-headers | awk '{ print $2}') + # shellcheck disable=SC2162 + while read status + do + current_time=$(date +%s) + elapsed_time=$((current_time - start_time)) + if [ $elapsed_time -ge $timeout ]; then + echo "Timeout reached, exiting..." + exit 1 + fi + if [ "$status" == "NotReady" ] || [ "$status" == "" ] + then + readyNodes=0 + break + fi + done <<< "$(echo -e "$statusList")" + # all nodes are ready; exit + if [[ $readyNodes == 1 ]] + then + break + fi + sleep 1 + done +} + +k3d registry list --no-headers -o json | jq -r '.[].name' | xargs --no-run-if-empty k3d registry delete +k3d cluster delete $CLUSTER_NAME || true +k3d registry create gha -p 42765 +k3d cluster create $CLUSTER_NAME --servers 1 --agents 1 \ + --registry-use gha:42765 \ + --image "docker.io/rancher/k3s:${K3S_VERSION}" --api-port 6550 + +wait_for_nodes + +echo "k3d cluster $CLUSTER_NAME is ready" + +kubectl cluster-info --context k3d-${CLUSTER_NAME} +kubectl config use-context k3d-${CLUSTER_NAME} +kubectl get nodes -o wide +kubectl get pods -A diff --git a/.github/workflows/scripts/start-rancher.sh b/.github/workflows/scripts/start-rancher.sh new file mode 100755 index 000000000..86e261211 --- /dev/null +++ b/.github/workflows/scripts/start-rancher.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +flip() { + echo $1 + exit 1 +} + +kubectl get ns | grep -s cattle && flip 'rancher already installed?' + +set -exu + +set +e +helm repo add cert-manager https://charts.jetstack.io +helm repo add rancher-latest https://releases.rancher.com/server-charts/latest +helm repo add jetstack https://charts.jetstack.io +set -e + +helm repo update + +helm upgrade --install cert-manager --namespace cert-manager cert-manager/cert-manager --set installCRDs=true --set "extraArgs[0]=--enable-certificate-owner-ref=true" --create-namespace --wait --timeout=10m + +# kubectl get pods --namespace cert-manager +kubectl rollout status --namespace cert-manager deploy/cert-manager --timeout 1m + +# Chart based + +helm upgrade --install rancher "$CHART_PATH" --namespace cattle-system --set hostname=localhost --wait --timeout=10m --create-namespace --version "$VERSION" --set rancherImage=rancher/rancher --set rancherImageTag="$RANCHER_IMAGE_TAG" diff --git a/.github/workflows/scripts/try.sh b/.github/workflows/scripts/try.sh new file mode 100755 index 000000000..1abc265e0 --- /dev/null +++ b/.github/workflows/scripts/try.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# Usage: try [--max [30] --delay [2] --waitmsg 'retrying' --failmsg 'retrying' ] command... + +try() { + local max=30 + local delay=2 + local waitmsg="retrying" + local failmsg="" + while [[ $# -gt 0 ]] && [[ $1 == -* ]]; do + case "$1" in + --max) + max=$2 + shift + ;; + --delay) + delay=$2 + shift + ;; + --waitmsg) + waitmsg=$2 + shift + ;; + --failmsg) + failmsg=$2 + shift + ;; + --) + shift + break + ;; + *) + printf "Usage error: unknown flag '%s'" "$1" >&2 + return 1 + ;; + esac + shift + done + + local count=0 + while true; do + $* + status=$? + count=$(expr $count + 1) + if [[ $status -eq 0 ]]; then + break + elif [[ $count -ge $max ]]; then + if [ -n "$failmsg" ] ; then + echo $failmsg + else + echo "Failed to run <$*>" + fi + exit 1 + break + fi + echo "$waitmsg on try $count/$max" + sleep $delay + done +} diff --git a/.gitignore b/.gitignore index ddefc16be..9ee9cc60e 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,5 @@ *.swp .idea .vscode -/webhook \ No newline at end of file +/webhook +*~ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 000000000..8e292eba7 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,41 @@ +# Make sure to check the documentation at https://goreleaser.com +before: + hooks: + - go mod tidy +builds: + - id: webhook + main: ./main.go + goos: + - linux + goarch: + - amd64 + - arm64 + binary: webhook + ldflags: + - -extldflags + - -static + - -s + - -X main.Version={{.Version}} -X main.GitCommit={{.Commit}} + flags: + - -trimpath + env: + - CGO_ENABLED=0 +archives: + - id: webhook + builds: + - webhook + name_template: '{{ .Binary }}-linux-{{ .Arch }}' +release: + prerelease: auto + extra_files: + - glob : ./build/artifacts/*.tgz +checksum: + name_template: 'sha256sum-{{ .Arch }}.txt' +snapshot: + name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' diff --git a/charts/rancher-webhook/Chart.yaml b/charts/rancher-webhook/Chart.yaml index bfe06b5b1..4c57e9511 100644 --- a/charts/rancher-webhook/Chart.yaml +++ b/charts/rancher-webhook/Chart.yaml @@ -11,4 +11,4 @@ annotations: catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/rancher-version: ">= 2.9.0-0 < 2.10.0-0" - catalog.cattle.io/kube-version: ">= 1.23.0-0 < 1.29.0-0" + catalog.cattle.io/kube-version: ">= 1.23.0-0 < 1.30.0-0" diff --git a/package/Dockerfile b/package/Dockerfile index b52dd3a86..111efe47d 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -11,4 +11,4 @@ COPY bin/webhook /usr/bin/ USER $user -CMD ["webhook"] +CMD ["/usr/bin/webhook"] diff --git a/scripts/build b/scripts/build index 0e2b0cd27..fd6df0ce2 100755 --- a/scripts/build +++ b/scripts/build @@ -14,5 +14,5 @@ LINKFLAGS="-X main.GitCommit=$COMMIT $LINKFLAGS" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/webhook if [ "$CROSS" = "true" ] && [ "$ARCH" = "amd64" ]; then GOOS=darwin go build -ldflags "$LINKFLAGS" -o bin/webhook-darwin - GOOS=windows go build -ldflags "$LINKFLAGS" -o bin/webhook-windows + GOOS=windows go build -ldflags "$LINKFLAGS" -o bin/webhook-windows-amd64.exe fi diff --git a/scripts/ci b/scripts/ci index 51fe8e966..fad2e9e83 100755 --- a/scripts/ci +++ b/scripts/ci @@ -8,4 +8,5 @@ cd $(dirname $0) ./validate ./validate-ci ./package +./package-helm ./test-helm diff --git a/scripts/integration-test b/scripts/integration-test index 1fd719375..3c73322cc 100755 --- a/scripts/integration-test +++ b/scripts/integration-test @@ -1,83 +1,44 @@ #!/bin/bash -set -e -export KUBECONFIG= -export CATTLE_DEV_MODE=yes -export CATTLE_SERVER_URL="https://$(ip route get 8.8.8.8 | awk '{print $7}'):443" -export CATTLE_BOOTSTRAP_PASSWORD="admin" -export CATTLE_FEATURES="harvester=false" +set -exu cd $(dirname $0)/../ -echo "Starting Rancher Server" -entrypoint.sh >./rancher.log 2>&1 & -RANCHER_PID=$! +source ./scripts/try.sh -echo "Waiting for Rancher health check..." -while ! curl -sf http://localhost:80/healthz >/dev/null 2>&1; do - echo "Waiting for Rancher's /healthz endpoint to become available" - sleep 2 -done +# Wait for rancher to start up +try --delay 2 --max 30 --waitmsg "Waiting for rancher to start" --failmsg "No rancher here" kubectl rollout status --watch=true --timeout=10s -n cattle-system deploy/rancher +echo "Rancher deployed" -# Tail the rancher logs if rancher fails to deploy the webhook after 5 minutes. -bash -c "sleep 300 && echo 'Rancher has not deployed webhook after 5m tailing logs' && tail -f ./rancher.log" & -# Get PID of the tail command so we can kill it if needed -TAIL_PID=$! +# Wait for the rancher webhook to start up +try --delay 2 --max 30 --waitmsg "Waiting for rancher/webhook to be deployed" --failmsg "No webhook here" kubectl rollout status --watch=true --timeout=10s -n cattle-system deploy/rancher-webhook +echo "Webhook deployed" + +webhook_deployed() { + status=$(kubectl get apps.catalog.cattle.io -n cattle-system rancher-webhook -o jsonpath="{@.status.summary.state}") && [[ "$status" == "deployed" ]] +} # Wait for Rancher to deploy rancher-webhook. -while ! kubectl rollout status -w -n cattle-system deploy/rancher-webhook >/dev/null 2>&1; do - echo "Waiting for rancher to deploy rancher-webhook..." - sleep 2 -done +try --delay 2 --max 30 --waitmsg "Waiting for webhook to be deployed (2)" webhook_deployed echo "Webhook deployed" -# After rancher deploys webhook kill the bash command running tail. -kill ${TAIL_PID} - -# Wait for helm operation to complete and save rancher-webhook release info before we kill rancher and the cluster. -while - status=$(kubectl get apps.catalog.cattle.io -n cattle-system rancher-webhook -o jsonpath="{@.status.summary.state}") - [[ "$status" != "deployed" ]] -do - echo "Waiting for helm operation to finish, current status $status" - sleep 2 -done - -# Kill Rancher since we only need the CRDs and the initial webhook values. -# We do not want Rancher to reconcile an older version of the webhook during test. -kill ${RANCHER_PID} - -echo "Rancher has been stopped starting K3s." -# Start Cluster without Rancher. -k3s server --cluster-init --disable=traefik,servicelb,metrics-server,local-storage --node-name=local-node --log=./k3s.log >/dev/null 2>&1 & -KUBECONFIG=/etc/rancher/k3s/k3s.yaml - -# Wait for cluster to start. -while ! kubectl version >/dev/null 2>&1; do - echo "Waiting for cluster to start" - sleep 5 -done +# Shut down the core rancher part, but leave the rest of the rancher environment running -echo "Uploading new webhook image" +kubectl scale deploy rancher -n cattle-system --replicas=0 --timeout=10m +kubectl wait pods -l app=rancher-webhook --for=delete --namespace cattle-system --timeout=10m -###### Upload the newly created webhook image to containerd, then install the webhook chart using the new image -IMAGE_FILE=./dist/rancher-webhook-image.tar -# import image to containerd and get the image name -WEBHOOK_REPO=$(ctr image import ${IMAGE_FILE} | cut -d ' ' -f 2 | cut -d ':' -f 1) +echo "Rancher has been stopped." + +echo "Uploading new webhook image" # Source tags file to get the last built tags source ./dist/tags # Install the webhook chart we just built. -# This command can fail since it is so close to the cluster start so we will give it 3 retires. -RETRIES=0 -while ! helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tgz -n cattle-system \ - --wait --set image.repository=${WEBHOOK_REPO} --set image.tag=${TAG} --reuse-values; do - if [ "$RETRIES" -ge 3 ]; then - exit 1 - fi - RETRIES=$((RETRIES + 1)) - sleep 2 -done +upgrade_rancher_webhook() { + helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tgz -n cattle-system \ + --wait --set image.repository="${IMAGE_REPO}" --set image.tag="${IMAGE_TAG}" --reuse-values --debug +} +try --delay 2 --max 4 --failmsg "Couldn't helm upgrade rancher-webhook" upgrade_rancher_webhook ./bin/rancher-webhook-integration.test -test.v -test.run IntegrationTest @@ -92,4 +53,5 @@ helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tg # Scale down rancher-webhook so that we can run tests on the FailurePolicy. kubectl scale deploy rancher-webhook -n cattle-system --replicas=0 kubectl wait pods -l app=rancher-webhook --for=delete -n cattle-system + ./bin/rancher-webhook-integration.test -test.v -test.run FailurePolicyTest diff --git a/scripts/package b/scripts/package index 4f2ca314c..7b330966b 100755 --- a/scripts/package +++ b/scripts/package @@ -1,40 +1,39 @@ #!/bin/bash -set -e +set -eu source $(dirname $0)/version -cd $(dirname $0)/.. - -function build-image() { - IMAGE=${REPO}/${1}:${TAG} - DOCKERFILE=package/Dockerfile${2} - if [ -e ${DOCKERFILE}.${ARCH} ]; then - DOCKERFILE=${DOCKERFILE}.${ARCH} - fi - - docker build -f ${DOCKERFILE} -t ${IMAGE} . - echo Built ${IMAGE} - - docker save -o dist/rancher-webhook-image.tar ${IMAGE} +set -x - if [ "${PUSH}" = "true" ]; then - docker push ${IMAGE} - fi +cd $(dirname $0)/.. -} +echo Running package mkdir -p dist/artifacts cp bin/webhook dist/artifacts/webhook-linux${SUFFIX} for i in bin/webhook-*; do if [ -e "$i" ]; then - if [ "$i" = webhook-windows-amd64 ]; then - cp $i dist/artifacts/webhook-windows-amd64.exe - else - cp $i dist/artifacts - fi + cp $i dist/artifacts fi done +REPO=rancher + +IMAGE=${REPO}/webhook:${TAG} +DOCKERFILE=./package/Dockerfile +if [ -e ${DOCKERFILE}.${ARCH} ]; then + DOCKERFILE=${DOCKERFILE}.${ARCH} +fi + +if [[ ${USE_DOCKER_BUILDX:-0} -eq 1 ]]; then + docker buildx build --platform linux/amd64 -f ${DOCKERFILE} . -t ${IMAGE} +else + docker build -f ${DOCKERFILE} -t ${IMAGE} . +fi +echo Built ${IMAGE} -build-image rancher-webhook +docker save -o dist/rancher-webhook-image.tar ${IMAGE} +echo TAG="${TAG}" > dist/image_tag -./scripts/package-helm +if [ "${PUSH:-}" = "true" ]; then + docker push ${IMAGE} +fi diff --git a/scripts/package-for-ci b/scripts/package-for-ci new file mode 100755 index 000000000..368d4efc3 --- /dev/null +++ b/scripts/package-for-ci @@ -0,0 +1,17 @@ +#!/bin/bash +set -eu + +if [ -z "${SHA:-}" ] ; then + echo "$0 - SHA not set in the environment" + exit 1 +fi + +source $(dirname $0)/version + +set -x + +echo "QQQ: scripts/package: SHA is ${SHA}" +REPO=rancher +IMAGE=${REPO}/webhook:${TAG} +docker tag ${IMAGE} "${REPO}/webhook:${SHA}" +docker save -o dist/rancher-webhook-image-${SHA}.tar "${REPO}/webhook:${SHA}" diff --git a/scripts/package-helm b/scripts/package-helm index 45d5c4e2f..392c32ff1 100755 --- a/scripts/package-helm +++ b/scripts/package-helm @@ -1,13 +1,11 @@ #!/bin/bash -set -e - -if ! hash helm 2>/dev/null; then - exit 0 -fi +set -eu cd $(dirname $0)/.. . ./scripts/version +echo Running package-helm + rm -rf build/charts mkdir -p build dist/artifacts cp -rf charts build/ @@ -22,6 +20,6 @@ sed -i'.bkb' \ -e 's/tag: latest/tag: '${HELM_TAG}'/' \ build/charts/rancher-webhook/values.yaml -rm build/charts/rancher-webhook/Chart.yaml.bkp build/charts/rancher-webhook/values.yaml.bkb +rm -f build/charts/rancher-webhook/Chart.yaml.bkp build/charts/rancher-webhook/values.yaml.bkb helm package -d ./dist/artifacts ./build/charts/rancher-webhook diff --git a/scripts/version b/scripts/version index 1c84b8da7..5e482d32a 100755 --- a/scripts/version +++ b/scripts/version @@ -1,11 +1,12 @@ #!/bin/bash +DIRTY= if [ -n "$(git status --porcelain --untracked-files=no)" ]; then DIRTY="-dirty" fi -COMMIT=$(git rev-parse --short HEAD) -GIT_TAG=${DRONE_TAG:-$(git tag -l --contains HEAD | head -n 1)} +COMMIT=${COMMIT:-$(git rev-parse --short HEAD)} +GIT_TAG=${GIT_TAG:-${DRONE_TAG:-$(git tag -l --contains HEAD | head -n 1)}} if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then VERSION=$GIT_TAG @@ -13,16 +14,16 @@ else VERSION="0.0.0-${COMMIT}${DIRTY}" fi -if [ -z "$ARCH" ]; then +if [ -z "${ARCH:-}" ] ; then ARCH=$(go env GOHOSTARCH) fi SUFFIX="-${ARCH}" -HELM_TAG=${TAG:-${VERSION}} -HELM_VERSION=${HELM_TAG/v/} -TAG=${TAG:-${VERSION}${SUFFIX}} -REPO=${REPO:-rancher} +HELM_TAG="${HELM_TAG:-${TAG:-${VERSION}}}" +HELM_VERSION="${HELM_VERSION:-${HELM_TAG/v/}}" +TAG="${TAG:-${VERSION}${SUFFIX}}" +REPO="${REPO:-rancher}" if echo $TAG | grep -q dirty; then TAG=dev @@ -30,6 +31,6 @@ if echo $TAG | grep -q dirty; then HELM_VERSION=0.0.0-dev fi -DIST_DIR="$(dirname $0)/../dist/" +DIST_DIR="${DIST_DIR:-$(dirname $0)/../dist/}" mkdir -p ${DIST_DIR} echo "export TAG=${TAG}; export HELM_TAG=${HELM_TAG}; export HELM_VERSION=${HELM_VERSION};" >${DIST_DIR}/tags