Bringing the infrastructure up to date and passing tests again #18
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If you call the load-iib target you *must* set INDEX_IMAGES, so
let's error out properly if you do not.
Tested as:
$ unset INDEX_IMAGES
$ make load-iib
make -f common/Makefile load-iib
make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
No INDEX_IMAGES defined. Bailing out
$ export INDEX_IMAGES=foo
make load-iib
make -f common/Makefile load-iib
make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
PLAY [IIB CI playbook] ***
Error out from load-iib when INDEX_IMAGES is undefined
Upgrade vault-helm to v0.25.0
Medical diagnosis for example uses docker.io/obsidiandynamics/kafdrop:latest which would be denied by policy.
Add docker.io to the whitelisted registries when loading an IIB
The current -w grep command matches channels even when they are
substrings of each other like for the serverless-operator:
$ podman run -i --rm $INDEX_IMAGES alpha list channels /configs "${OPERATOR}" |grep --word-regexp "stable"
serverless-operator stable serverless-operator.v1.30.0
serverless-operator stable-1.29 serverless-operator.v1.29.1
serverless-operator stable-1.30 serverless-operator.v1.30.0
This then causes error when trying to parse the list of images as we
will have multiple images because we break the one image per line
assumption.
Let's fix this by adding spaces around the grep. Ideall we'd use the
opm render command, but the parsing of all the yaml output seems a bit
much to do for this simple use case.
Fix fetching the bundle name when loading an IIB
I have seen it fail once on a system and it worked on the second run, so let's try a couple of times at least before giving up.
Try harder to fetch related images
This will push any change done to a chart folder out into the separate repo corresponding to the chart that has been changed. This workflow needs a secret called CHARTS_REPOS_TOKEN that is a Personal Access Token with fine grained repo and workflow write access on the following repos: - acm-chart - hashicorp-vault-chart - golang-external-secrets-chart - clustergroup-chart - letsencrypt-chart
Add workflow to split helm charts into their own repo
Test workflow
Fix up CI superlinter on github actions
…idatedpatterns/common Otherwise a push to a private for to main would still invoke the split workflow, if a member of the vp org would do so. Since we do not want that let's make sure we limit this workflow to when the repository name is 'validatedpatterns/common'
Make sure we run the split workflow only when the changes land in validatedpatterns/common
Fix placement of tokenSecret material in the right section
Upgrade ESO to v0.9.11
…ttern.sh This allows us to drop the /root bind mount and it will also show any errors related to paths in the proper folder. E.g. any permission problem of KUBECONFIG files won't be shown as /root/kubeconfig (inside the container) but as the proper path inside the /home folder. Tested on F38, F39, RHEL8.9 and RHEL9.2
If podman is not installed we get the following unfriendly output: [michele@rhel1]~/multicloud-gitops% ./pattern.sh ./pattern.sh: line 10: podman: command not found ./pattern.sh: line 10: podman: command not found ./pattern.sh: line 32: podman: command not found Let's bail out and have a generic function to check for that in case we need to add other requirements
Fixes and cleanups
The addition of --userns keep-id:uid=...,gid=... is supported only on podman versions >= 4.3.0 [1] If we have an older version, let's just keep the same logic as before. [1] https://github.com/containers/podman/blob/main/troubleshooting.md#39-podman-run-fails-with-error-unrecognized-namespace-mode-keep-iduid1000gid1000-passed
Account for podman versions older than 4.3.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update common
Update pipelines
Support newer versions of OpenShift