From 3862d808e9287c1a6f3180c7a447dad6cc365bf3 Mon Sep 17 00:00:00 2001 From: MuneebAijaz Date: Wed, 30 Oct 2024 20:27:06 +0500 Subject: [PATCH] branch based release strategy --- .github/workflows/init-branch-release.yaml | 76 +++++++ .gitignore | 1 + Makefile | 56 +++++ .../kubernetes/manifests/deployment.yaml | 7 + deployments/kubernetes/reloader.yaml | 194 +++++++----------- 5 files changed, 210 insertions(+), 124 deletions(-) create mode 100644 .github/workflows/init-branch-release.yaml diff --git a/.github/workflows/init-branch-release.yaml b/.github/workflows/init-branch-release.yaml new file mode 100644 index 0000000..4daf829 --- /dev/null +++ b/.github/workflows/init-branch-release.yaml @@ -0,0 +1,76 @@ +name: Init ArgoCD Release +on: + workflow_dispatch: + inputs: + TARGET_BRANCH: + description: 'TARGET_BRANCH to checkout (e.g. release-2.5)' + required: true + type: string + + TARGET_VERSION: + description: 'TARGET_VERSION to build manifests (e.g. 2.5.0-rc1) Note: the `v` prefix is not used' + required: true + type: string + +permissions: {} + +jobs: + prepare-release: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR + name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }} + runs-on: ubuntu-22.04 + steps: + - name: Checkout code + uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + ref: ${{ inputs.TARGET_BRANCH }} + + - name: Check if TARGET_VERSION is well formed. + run: | + set -xue + # Target version must not contain 'v' prefix + if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then + echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2 + exit 1 + fi + + - name: Create VERSION information + run: | + set -ue + echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}" + echo "${{ inputs.TARGET_VERSION }}" > VERSION + + # We install kustomize in the dist directory + - name: Add dist to PATH + run: | + echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH + + - name: Generate new set of manifests + run: | + set -ue + make install-codegen-tools-local + make manifests-local VERSION=${{ inputs.TARGET_VERSION }} + git diff + + - name: Generate version compatibility table + run: | + git stash + bash hack/update-supported-versions.sh + git add -u . + git stash pop + + - name: Create pull request + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + with: + commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" + title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" + body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }} + branch: update-version + branch-suffix: random + signoff: true + labels: release + diff --git a/.gitignore b/.gitignore index 95b8b63..73da63e 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ styles/ site/ /mkdocs.yml yq +bin \ No newline at end of file diff --git a/Makefile b/Makefile index 5a2a6c2..fbdd08f 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,58 @@ LDFLAGS = GOPROXY ?= GOPRIVATE ?= +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.3.0 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 +ENVTEST_VERSION ?= release-0.17 +GOLANGCI_LINT_VERSION ?= v1.57.2 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef + default: build test install: @@ -80,6 +132,10 @@ apply: deploy: binary-image push apply +.PHONY: k8s-manifests +k8s-manifests: $(KUSTOMIZE) ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects + $(KUSTOMIZE) build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml + # Bump Chart bump-chart: sed -i "s/^version:.*/version: $(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml diff --git a/deployments/kubernetes/manifests/deployment.yaml b/deployments/kubernetes/manifests/deployment.yaml index faa06fc..30b8dc2 100644 --- a/deployments/kubernetes/manifests/deployment.yaml +++ b/deployments/kubernetes/manifests/deployment.yaml @@ -53,6 +53,13 @@ spec: successThreshold: 1 initialDelaySeconds: 10 securityContext: {} + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 10m + memory: 512Mi securityContext: runAsNonRoot: true runAsUser: 65534 diff --git a/deployments/kubernetes/reloader.yaml b/deployments/kubernetes/reloader.yaml index 4379563..6dd7f0b 100644 --- a/deployments/kubernetes/reloader.yaml +++ b/deployments/kubernetes/reloader.yaml @@ -1,127 +1,81 @@ ---- -# Source: reloader/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader namespace: default --- -# Source: reloader/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader-role rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - list - - get - - watch - - apiGroups: - - "apps" - resources: - - deployments - - daemonsets - - statefulsets - verbs: - - list - - get - - update - - patch - - apiGroups: - - "extensions" - resources: - - deployments - - daemonsets - verbs: - - list - - get - - update - - patch - - apiGroups: - - "batch" - resources: - - cronjobs - verbs: - - list - - get - - apiGroups: - - "batch" - resources: - - jobs - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - extensions + resources: + - deployments + - daemonsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - list + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- -# Source: reloader/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: reloader-reloader-role subjects: - - kind: ServiceAccount - name: reloader-reloader - namespace: default +- kind: ServiceAccount + name: reloader-reloader + namespace: default --- -# Source: reloader/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" - group: com.stakater.platform - provider: stakater - version: latest name: reloader-reloader namespace: default spec: @@ -130,56 +84,47 @@ spec: selector: matchLabels: app: reloader-reloader - release: "reloader" template: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" - group: com.stakater.platform - provider: stakater - version: latest spec: containers: - - image: "ghcr.io/stakater/reloader:latest" - imagePullPolicy: IfNotPresent - name: reloader-reloader - env: + - env: - name: GOMAXPROCS valueFrom: resourceFieldRef: + divisor: "1" resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: + divisor: "1" resource: limits.memory - ports: - - name: http - containerPort: 9090 + image: ghcr.io/stakater/reloader:latest + imagePullPolicy: IfNotPresent livenessProbe: + failureThreshold: 5 httpGet: path: /live port: http - timeoutSeconds: 5 - failureThreshold: 5 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - initialDelaySeconds: 10 + timeoutSeconds: 5 + name: reloader-reloader + ports: + - containerPort: 9090 + name: http readinessProbe: + failureThreshold: 5 httpGet: path: /metrics port: http - timeoutSeconds: 5 - failureThreshold: 5 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - initialDelaySeconds: 10 - - securityContext: - {} + timeoutSeconds: 5 resources: limits: cpu: "1" @@ -187,7 +132,8 @@ spec: requests: cpu: 10m memory: 512Mi - securityContext: + securityContext: {} + securityContext: runAsNonRoot: true runAsUser: 65534 seccompProfile: