-
Notifications
You must be signed in to change notification settings - Fork 3
134 lines (112 loc) · 5.51 KB
/
image-deps-updater.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Update image deps
on:
schedule:
- cron: '0 4 * * *'
workflow_dispatch:
inputs:
k0s-version:
description: 'K0s version for discovering image versions'
required: false
overwrite:
description: 'Overwrite the existing image tags'
required: false
default: 'true'
push:
branches:
- sgalsaleh/sc-108755/use-chainguard-images-for-embedded-cluster
jobs:
get-versions:
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set matrix
id: set-matrix
run: |
set -euo pipefail
# find the versions of k0s images we need
if [ -n "${{ github.event.inputs.k0s-version }}" ]; then
make pkg/goods/bins/k0s K0S_VERSION="${{ github.event.inputs.k0s-version }}" K0S_BINARY_SOURCE_OVERRIDE=
else
make pkg/goods/bins/k0s
fi
coredns_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/coredns:' | awk -F':' '{ print $2 }' | sed 's/-[0-9]*$//')
calico_node_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/calico-node:' | awk -F':v' '{ print $2 }' | sed 's/-[0-9]*$//')
metrics_server_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/metrics-server:' | awk -F':v' '{ print $2 }' | sed 's/-[0-9]*$//')
kube_proxy_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/kube-proxy:' | awk -F':v' '{ print $2 }' | sed 's/-[0-9]*$//')
# get the corresponding melange package versions
# we're only using the APKINDEX files to get the versions, so it doesn't matter which arch we use
curl -LO --fail --show-error https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
tar -xzvf APKINDEX.tar.gz
coredns_version=$(< APKINDEX grep -A1 "^P:coredns" | grep "V:$coredns_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n')
calico_node_version=$(< APKINDEX grep -A1 "^P:calico-node" | grep "V:$calico_node_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n')
metrics_server_version=$(< APKINDEX grep -A1 "^P:metrics-server" | grep "V:$metrics_server_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n')
kube_proxy_version=$(< APKINDEX grep -A1 "^P:kube-proxy" | grep "V:$kube_proxy_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n')
{
printf "matrix={\"include\":["
printf "{\"component\": \"coredns\", \"version\": \"$coredns_version\", \"makefile_var\": \"COREDNS_VERSION\"},"
printf "{\"component\": \"calico-node\", \"version\": \"$calico_node_version\", \"makefile_var\": \"CALICO_NODE_VERSION\"},"
printf "{\"component\": \"metrics-server\", \"version\": \"$metrics_server_version\", \"makefile_var\": \"METRICS_SERVER_VERSION\"}"
printf "]}"
} >> "$GITHUB_OUTPUT"
build-images:
runs-on: ubuntu-20.04
needs: get-versions
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.get-versions.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate apko config
run: |
set -euo pipefail
sed "s/__VERSION__/${{ matrix.version }}/g" deploy/images/${{ matrix.component }}/apko.tmpl.yaml > apko.yaml
- name: Build and push image
uses: ./.github/actions/build-dep-image-with-apko
with:
apko-config: apko.yaml
image-name: ttl.sh/ec/${{ matrix.component }}:${{ matrix.version }}
# registry-username: ${{ secrets.REGISTRY_USERNAME_STAGING }}
# registry-password: ${{ secrets.REGISTRY_PASSWORD_STAGING }}
overwrite: true # ${{ github.event.inputs.overwrite }}
update-makefile:
runs-on: ubuntu-20.04
needs: [get-versions, build-images]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update Makefile
run: |
set -euo pipefail
matrix=${{ needs.get-versions.outputs.matrix }}
echo "$matrix" | jq -c '.include[]' | while read -r component; do
makefile_var=$(echo "$component" | jq -r '.makefile_var')
version=$(echo "$component" | jq -r '.version')
sed -i "s/^$makefile_var.*/$makefile_var = $version/" Makefile
done
- name: Create Pull Request # creates a PR if there are differences
uses: peter-evans/create-pull-request@v6
id: cpr
with:
token: ${{ secrets.AUTOMATED_PR_GH_PAT }}
commit-message: 'Update image versions'
title: 'Automated image updates'
branch: automation/image-dependencies
delete-branch: true
labels: |
automated-pr
images
type::security
# draft: false
draft: true
# base: "main"
base: "sgalsaleh/sc-108755/use-chainguard-images-for-embedded-cluster"
body: "Automated changes by the [image-deps-updater](https://github.com/replicatedhq/embedded-cluster/blob/main/.github/workflows/image-deps-updater.yaml) GitHub action"
- name: Check outputs
if: ${{ steps.cpr.outputs.pull-request-number }}
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"