Migrate makefiles and CI/CD #306
Conversation
jetstack-bot
added
dco-signoff: yes
jetstack-bot
removed
the
needs-rebase
inteon
force-pushed
the
cicd
branch
14 times, most recently
from
7989201 to
d5e6823
Compare
inteon
force-pushed
the
cicd
branch
3 times, most recently
from
5f4f7a2 to
db2f181
Compare
|
/retest |
inteon
force-pushed
the
cicd
branch
2 times, most recently
from
1cc3d18 to
4fa5e44
Compare
There was a problem hiding this comment.
Thanks Tim,
This is very cool, but I want to see more documentation in the README of this project and in the README of the upstream project explaining how it works and how to contribute changes.
I feel unsure about checking all this cloned library code in make/_shared/ into the repo.
It makes it easy to git grep to see how everything works.
I checked out the branch and tried some of the new make targets.
Please document the basic make targets for contributors in the README file.
I found the make help output difficult to read.
This is how make help looks for me:
$ make
Usage: make [TARGET [TARGET ...]] [ARGUMENT=VALUE [ARGUMENT=VALUE ...]]
Generate/ Verify:
generate-protos $(NEEDS_PROTOC) $(NEEDS_PROTOC-GEN-GO)
Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
Testing:
test-smoke $(NEEDS_GINKGO)
Smoke end-to-end tests
test-unit $(cert_manager_crds) $(approver_policy_crds) $(NEEDS_GINKGO) $(NEEDS_ETCD) $(NEEDS_KUBE-APISERVER) $(NEEDS_KUBECTL)
Unit tests
[shared] Build:
$(build_targets): $(bin_dir)/bin/%: FORCE | $(NEEDS_GO) $(bin_dir)/bin
Build manager binary.
$(oci_build_targets): oci-build-%: | $(NEEDS_KO) $(NEEDS_GO) $(NEEDS_YQ) $(bin_dir)/scratch/image
Build the oci image.
$(oci_load_targets): oci_platforms := ""
Load docker image.
$(oci_maybe_push_targets): oci-maybe-push-%: | $(NEEDS_CRANE)
Push docker image if tag does not already exist.
Expected pushed images:
- :v1.2.3, @sha256:0000001
- :v1.2.3.sig, :sha256-0000001.sig
$(oci_push_targets): oci-push-%: oci-build-% | $(NEEDS_CRANE) $(NEEDS_COSIGN) $(NEEDS_YQ) $(bin_dir)/scratch/image
Push docker image.
If the tag already exists, this target will overwrite it.
If an identical image was already built before, we will add a new tag to it, but we will not sign it again.
Expected pushed images:
- :v1.2.3, @sha256:0000001
- :v1.2.3.sig, :sha256-0000001.sig
$(run_targets): run-%: | $(NEEDS_GO)
Run a controller from your host.
[shared] Deployment:
install $(helm_chart_archive) | $(NEEDS_HELM)
Install controller helm chart on the current active K8S cluster.
template $(helm_chart_archive) | $(NEEDS_HELM)
Template the helm chart.
uninstall $(NEEDS_HELM)
Uninstall controller helm chart from the current active K8S cluster.
[shared] Generate/ Verify:
generate-api-docs $(NEEDS_GOMARKDOC)
Generate API docs for the API types.
generate-base
Generate base files in the repository
generate-crds $(NEEDS_CONTROLLER-GEN)
Generate CRD manifests.
generate-deepcopy $(NEEDS_CONTROLLER-GEN)
Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
generate-helm-docs $(NEEDS_HELM-DOCS)
Generate Helm chart documentation.
generate-klone $(NEEDS_KLONE)
Generate klone shared Makefiles
generate $(shared_generate_targets) $(extra_generate_targets)
Generate all generate targets.
verify-boilerplate $(NEEDS_BOILERSUITE)
Verify that all files have the correct boilerplate.
verify-generate-api-docs $(NEEDS_GOMARKDOC)
Verify that the API docs are up to date.
verify-helm-lint $(helm_chart_archive) | $(NEEDS_HELM)
Verify that the Helm chart is linted.
verify-pod-security-standards $(helm_chart_archive) | $(NEEDS_KYVERNO) $(NEEDS_KUSTOMIZE) $(NEEDS_HELM)
Verify that the Helm chart complies with the pod security standards.
verify $(shared_generate_targets:%=verify-%) $(extra_generate_targets:%=verify-%) $(shared_verify_targets) $(extra_verify_targets)
Verify code and generate targets.
[shared] Helm Chart:
helm-chart $(helm_chart_archive)
Create a helm chart
[shared] Kind cluster:
images-preload $(images_tar_envs)
Preload images.
kind-cluster-clean $(NEEDS_KIND)
Delete the Kind cluster
kind-cluster $(kind_kubeconfig) | $(NEEDS_KUBECTL)
Create Kind cluster and wait for nodes to be ready
kind-logs $(NEEDS_KIND) $(bin_dir)/artifacts
Get the Kind cluster
[shared] Release:
release $(NEEDS_CRANE)
Publish all release artifacts (image + helm chart)
[shared] Self-upgrade:
upgrade-klone $(NEEDS_KLONE)
Upgrade klone Makefile modules to latest version
[shared] Tools:
tools-learn-sha
re-download all tools and learn the sha values, useful after upgrading
tools $(TOOLS_PATHS) $(K8S_CODEGEN_TOOLS_PATHS)
Download and setup all tools
vendor-go $(bin_dir)/tools/go
By default, this Makefile uses the system's Go. You can use a "vendored"
version of Go that will get downloaded by running this command once. To
disable vendoring, run "make unvendor-go". When vendoring is enabled,
you will want to set the following:
export PATH="$PWD/$(bin_dir)/tools:$PATH"
export GOROOT="$PWD/$(bin_dir)/tools/goroot"
which-go $(NEEDS_GO)
Print the version and path of go which will be used for building and
testing in Makefile commands. Vendored go will have a path in ./binThere was a problem hiding this comment.
Do a test release by pushing an alpha tag linked to a commit in this branch to demonstrate that this still works.
Update the README.md file with updated release process documentation, if necessary.
There was a problem hiding this comment.
There was a problem hiding this comment.
Thanks, that looks good.
The release title isn't right
But I did a test install which worked well and the diff between the current release and this alpha release contained mostly only version label changes:
diff -u <(helm template cert-manager-approver-policy-v0.11.0.tgz) <(helm template cert-manager-approver-policy-v0.12.0-alpha.0.tgz)
...
-# Source: cert-manager-approver-policy/templates/crds/policy.cert-manager.io_certificaterequestpolicies.yaml
+# Source: cert-manager-approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml
988e03e to
401ae98
Compare
inteon
force-pushed
the
cicd
branch
4 times, most recently
from
23e2f32 to
95502a8
Compare
.gitattributes
Outdated
There was a problem hiding this comment.
Are any changes need to the .gitignore file?
There was a problem hiding this comment.
Thanks, that looks good.
The release title isn't right
But I did a test install which worked well and the diff between the current release and this alpha release contained mostly only version label changes:
diff -u <(helm template cert-manager-approver-policy-v0.11.0.tgz) <(helm template cert-manager-approver-policy-v0.12.0-alpha.0.tgz)
...
-# Source: cert-manager-approver-policy/templates/crds/policy.cert-manager.io_certificaterequestpolicies.yaml
+# Source: cert-manager-approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml
.../charts/approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml
Show resolved
Hide resolved
| runs-on: ubuntu-22.04 | ||
| needs: | ||
| - docker-image | ||
| go-version: ${{ steps.go-version.outputs.result }} |
There was a problem hiding this comment.
Don't you prefer to point to the go.mod file here to automatically build using the latest patch version?
I do.
There was a problem hiding this comment.
The problem is that the go version is not linked to the source code. Instead, it is linked to the latest version of go at that time.
I think for reproducibility and as a way to properly keep track of versions, we should explicitly version go instead.
There was a problem hiding this comment.
Turns out that setup-go doesn't necessarily pick up latest version of Go:
inteon
force-pushed
the
cicd
branch
2 times, most recently
from
499cb54 to
bc595e5
Compare
There was a problem hiding this comment.
This is looking really nice @inteon!
I hadn't appreciated how much work had gone into it.
As far as I can see, this retains all the same tests and greatly improves the release process. Happy for you to merge this now if you prefer to make further improvements in followup PRs.
/lgtm
/hold
hack/helm/sample-chart-values.yaml
Outdated
There was a problem hiding this comment.
Great! Thanks for implementing that so fast.
Looks like keeping the comments was a bit of a pain.
There was a problem hiding this comment.
Maybe it'd be event nicer to call it .klone.yaml, as is customary with other tool config files....but that can be future improvement if you like.
|
|
||
| @echo "Release complete!" | ||
|
|
||
| # TODO: remove these deprecated targets |
There was a problem hiding this comment.
This is for later after we change the testing repo.
jetstack-bot
added
do-not-merge/hold
Signed-off-by: Tim Ramlot <[email protected]>
|
@wallrj I did remove the conditional CRDs from this PR, we will have to fix that later (when we want to use this library with trust-manager). |
|
/retest |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
jetstack-bot
removed
the
do-not-merge/hold
ref: cert-manager/makefile-modules#3
Works as-is, but will be better linked with https://github.com/cert-manager/testing/pull/934/files (adds caching, go vendoring and new target names)