feat: opt out from collecting log files in specific namespaces, pods and containers #643
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-and-test | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
jobs: | |
unit-test: | |
timeout-minutes: 30 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 # We do not need the git history | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Run tests | |
run: | | |
make test | |
test-helm-upgrade: | |
runs-on: ubuntu-latest | |
services: | |
# Run a local registry | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# The networking setup of this job is... complex. We run a local registry as | |
# a service, which means that on the worker node there is a registry on localhost:5000. | |
# However, Minikube cannot pull images from *that* localhost, because it's own localhost | |
# is something else, so we need to reference the registry via the IP of the worker machine, | |
# and configure `minikube` to treat that registry as insecure (i.e., talking HTTP instead | |
# of HTTPS). But the fun does not end here: since we cannot use localhost in the image name, | |
# the `docker/build-push-action@v3` cannot apparently be told to consider the repo as insecure! | |
# So we need to output images to file, and then push them to the local repo via regctl. | |
- name: Look up host ip | |
id: hostip | |
run: | | |
ip a | |
echo "ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)" >> ${GITHUB_OUTPUT} | |
- name: Install regctl | |
env: | |
GH_TOKEN: ${{ secrets.TRIGGER_RELEASE_TOKEN }} | |
run: | | |
gh release download v0.5.0 --repo regclient/regclient --pattern regctl-linux-amd64 --output /tmp/regctl | |
chmod 0755 /tmp/regctl | |
sudo mv /tmp/regctl /usr/bin/regctl | |
- name: Configure regctl | |
run: | | |
# Configure local registry as insecure | |
/usr/bin/regctl registry set --tls disabled "${{ steps.hostip.outputs.ip }}:5000" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build controller image and save it to file | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: linux/amd64 | |
context: controller | |
file: controller/Dockerfile | |
tags: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }} | |
outputs: type=oci,dest=controller-image.tar | |
- name: Build telemetry-proxy image and save it to file | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: linux/amd64 | |
context: telemetryproxy | |
file: telemetryproxy/Dockerfile | |
build-args: version=${{ github.sha }} | |
tags: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }} | |
outputs: type=oci,dest=telemetry-proxy-image.tar | |
- name: Push container images to local repository | |
env: | |
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }} | |
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }} | |
run: | | |
set -eux | |
regctl image import "${CONTROLLER_IMG}" controller-image.tar -v info | |
regctl image inspect "${CONTROLLER_IMG}" | |
regctl image import "${PROXY_IMG}" telemetry-proxy-image.tar -v info | |
regctl image inspect "${PROXY_IMG}" | |
- name: Install minikube | |
uses: medyagh/[email protected] | |
with: | |
start-args: --insecure-registry "${{ steps.hostip.outputs.ip }}:5000" | |
driver: docker | |
# cni: bridge | |
- name: Install kubectl | |
uses: azure/setup-kubectl@v3 | |
- name: Set up Helm | |
run: curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
- name: Install latest released Helm chart | |
run: | | |
helm repo add lumigo https://lumigo-io.github.io/lumigo-kubernetes-operator | |
helm install lumigo lumigo/lumigo-operator --namespace lumigo-system --create-namespace --dry-run | |
if ! helm install lumigo lumigo/lumigo-operator --namespace lumigo-system --create-namespace --debug --wait --timeout 4m; then | |
kubectl describe all -n lumigo-system | |
exit 1 | |
fi | |
kubectl get all -A | |
- name: Deploy locally-built operator | |
env: | |
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller | |
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy | |
run: | | |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
helm dependency build charts/lumigo-operator | |
helm upgrade --install lumigo charts/lumigo-operator \ | |
--namespace lumigo-system --create-namespace \ | |
--set "controllerManager.manager.image.repository=${CONTROLLER_IMG}" \ | |
--set "controllerManager.manager.image.tag=${{ github.run_id }}" \ | |
--set "controllerManager.telemetryProxy.image.repository=${PROXY_IMG}" \ | |
--set "controllerManager.telemetryProxy.image.tag=${{ github.run_id }}" \ | |
--dry-run | |
if ! helm upgrade --install lumigo charts/lumigo-operator \ | |
--namespace lumigo-system --create-namespace \ | |
--set "controllerManager.manager.image.repository=${CONTROLLER_IMG}" \ | |
--set "controllerManager.manager.image.tag=${{ github.run_id }}" \ | |
--set "controllerManager.telemetryProxy.image.repository=${PROXY_IMG}" \ | |
--set "controllerManager.telemetryProxy.image.tag=${{ github.run_id }}" \ | |
--debug --wait --timeout 4m; then | |
kubectl describe all -n lumigo-system | |
kubectl logs -l control-plane=controller-manager -n lumigo-system -c manager | |
kubectl logs -l control-plane=controller-manager -n lumigo-system -c telemetry-proxy | |
exit 1 | |
fi | |
- name: Run end-to-end tests | |
env: | |
DELETE_TEST_NAMESPACES: "false" | |
run: | | |
if ! make e2e-tests; then | |
kubectl describe all -A | |
kubectl logs -l control-plane=controller-manager -n lumigo-system -c manager | |
kubectl logs -l control-plane=controller-manager -n lumigo-system -c telemetry-proxy | |
exit 1 | |
fi | |
test-kustomize: | |
runs-on: ubuntu-latest | |
services: | |
# Run a local registry | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
# The networking setup of this job is... complex. We run a local registry as | |
# a service, which means that on the worker node there is a registry on localhost:5000. | |
# However, Minikube cannot pull images from *that* localhost, because it's own localhost | |
# is something else, so we need to reference the registry via the IP of the worker machine, | |
# and configure `minikube` to treat that registry as insecure (i.e., talking HTTP instead | |
# of HTTPS). But the fun does not end here: since we cannot use localhost in the image name, | |
# the `docker/build-push-action@v3` cannot apparently be told to consider the repo as insecure! | |
# So we need to output images to file, and then push them to the local repo via regctl. | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Look up host ip | |
id: hostip | |
run: | | |
ip a | |
echo "ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)" >> ${GITHUB_OUTPUT} | |
- name: Install regctl | |
env: | |
GH_TOKEN: ${{ secrets.TRIGGER_RELEASE_TOKEN }} | |
run: | | |
gh release download v0.5.0 --repo regclient/regclient --pattern regctl-linux-amd64 --output /tmp/regctl | |
chmod 0755 /tmp/regctl | |
sudo mv /tmp/regctl /usr/bin/regctl | |
- name: Configure regctl | |
run: | | |
# Configure local registry as insecure | |
/usr/bin/regctl registry set --tls disabled "${{ steps.hostip.outputs.ip }}:5000" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build controller image and save it to file | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: linux/amd64 | |
context: controller | |
file: controller/Dockerfile | |
tags: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }} | |
outputs: type=oci,dest=controller-image.tar | |
- name: Build telemetry-proxy image and save it to file | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: linux/amd64 | |
context: telemetryproxy | |
file: telemetryproxy/Dockerfile | |
build-args: version=${{ github.sha }} | |
tags: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }} | |
outputs: type=oci,dest=telemetry-proxy-image.tar | |
- name: Push container images to local repository | |
env: | |
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }} | |
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }} | |
run: | | |
set -eux | |
regctl image import "${CONTROLLER_IMG}" controller-image.tar -v info | |
regctl image inspect "${CONTROLLER_IMG}" | |
regctl image import "${PROXY_IMG}" telemetry-proxy-image.tar -v info | |
regctl image inspect "${PROXY_IMG}" | |
- name: Install minikube | |
uses: medyagh/[email protected] | |
with: | |
start-args: --insecure-registry "${{ steps.hostip.outputs.ip }}:5000" | |
driver: docker | |
# cni: bridge | |
- name: Install kubectl | |
uses: azure/setup-kubectl@v3 | |
- name: Install Cert Manager | |
run: | | |
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml | |
sleep 1m # Give time for the Webhook to start | |
- name: Set up yq | |
run: | | |
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 | |
sudo chmod +x /usr/local/bin/yq | |
- name: Deploy locally-built operator | |
env: | |
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }} | |
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }} | |
run: | | |
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"manager\")).image = \"${CONTROLLER_IMG}\"" config/manager/manager.yaml | |
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"telemetry-proxy\")).image = \"${PROXY_IMG}\"" config/manager/manager.yaml | |
kubectl create namespace lumigo-system | |
kubectl apply -k config/default -n lumigo-system | |
- name: Run end-to-end tests | |
env: | |
DELETE_TEST_NAMESPACES: "false" | |
run: | | |
if ! make e2e-tests; then | |
kubectl describe all -A | |
kubectl logs -l control-plane=controller-manager -n lumigo-system -c manager | |
kubectl logs -l control-plane=controller-manager -n lumigo-system -c telemetry-proxy | |
exit 1 | |
fi | |
test-kind: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 # We do not need the git history | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Run Kind tests | |
working-directory: tests/kubernetes-distros/kind | |
run: go test -timeout 15m -test.v -args -v 4 | |
env: | |
KEEP_OTLP_DATA: true | |
- run: ls -lR tests/kubernetes-distros/kind | |
if: always() | |
- name: Store OTLP test data as artifact | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: kind-otlp-data | |
# Skip container images | |
path: | | |
tests/kubernetes-distros/kind/resources/test-runs/${{ github.run_id }} | |
!tests/kubernetes-distros/kind/resources/test-runs/${{ github.run_id }}/*.tgz | |
test-controller-for-security-issues: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 # We do not need the git history | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build controller image and save it to file | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: linux/amd64 | |
context: controller | |
file: controller/Dockerfile | |
tags: controller:${{ github.run_id }} | |
push: false | |
load: true | |
- name: Scan controller image | |
uses: anchore/scan-action@v3 | |
with: | |
image: controller:${{ github.run_id }} | |
severity-cutoff: high | |
only-fixed: true | |
add-cpes-if-none: true | |
output-format: table | |
test-telemetry-proxy-for-security-issues: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 # We do not need the git history | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build telemetry-proxy image and save it to file | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: linux/amd64 | |
context: telemetryproxy | |
file: telemetryproxy/Dockerfile | |
build-args: version=${{ github.sha }} | |
tags: telemetry-proxy:${{ github.run_id }} | |
push: false | |
load: true | |
- name: Scan telemetry-proxy image | |
uses: anchore/scan-action@v3 | |
with: | |
image: telemetry-proxy:${{ github.run_id }} | |
severity-cutoff: critical | |
only-fixed: true | |
add-cpes-if-none: true | |
output-format: table | |
all-tests: | |
runs-on: ubuntu-latest | |
needs: | |
- unit-test | |
- test-helm-upgrade | |
- test-kustomize | |
- test-kind | |
- test-controller-for-security-issues | |
- test-telemetry-proxy-for-security-issues | |
steps: | |
- name: no-op | |
run: echo '*tongue click* noice' | |
check-should-release: | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: | |
- all-tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Check whether we need to release | |
id: release-check | |
uses: dorny/paths-filter@v2 | |
with: | |
filters: .github/file-filters.yaml | |
outputs: | |
do-release: steps.release-check.outputs.new-release | |
validate-release-increment: | |
if: github.ref == 'refs/heads/main' && needs.check-should-release.outputs.do-release | |
runs-on: ubuntu-latest | |
needs: | |
- check-should-release | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 # We need this commit and the previous to check validity of version change | |
- name: Validate version change | |
id: validate-version-change | |
run: | | |
if ./.github/workflows/scripts/validate_version_increment.sh; then | |
echo -n "perform-release=true" >> ${GITHUB_OUTPUT} | |
else | |
echo -n "perform-release=false" >> ${GITHUB_OUTPUT} | |
fi | |
- name: Export version | |
id: export_version | |
run: | | |
echo -n "version=$(cat VERSION)" >> ${GITHUB_OUTPUT} | |
outputs: | |
perform-release: ${{ steps.validate-version-change.outputs.perform-release }} | |
version: ${{ steps.export_version.outputs.version }} | |
publish-controller-ecr-image: | |
strategy: | |
matrix: | |
include: | |
- ecr-registry: public.ecr.aws | |
registry-type: public | |
- ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com | |
registry-type: private | |
registries: "709825985650" | |
runs-on: ubuntu-latest | |
needs: | |
- validate-release-increment | |
if: ${{ needs.validate-release-increment.outputs.perform-release == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Install tools | |
run: | | |
make install-tools | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: ${{ matrix.registry-type }} | |
registries: ${{ matrix.registries }} | |
- name: Build and push container image to Amazon ECR | |
env: | |
CONTROLLER_IMG: ${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-operator:${{ needs.validate-release-increment.outputs.version }} | |
run: | | |
make VERSION=${{ needs.validate-release-increment.outputs.version }} docker-buildx-manager | |
publish-telemetry-proxy-ecr-image: | |
strategy: | |
matrix: | |
include: | |
- ecr-registry: public.ecr.aws | |
registry-type: public | |
- ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com | |
registry-type: private | |
registries: "709825985650" | |
runs-on: ubuntu-latest | |
needs: | |
- validate-release-increment | |
if: ${{ needs.validate-release-increment.outputs.perform-release == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Install tools | |
run: | | |
make install-tools | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: ${{ matrix.registry-type }} | |
registries: ${{ matrix.registries }} | |
- name: Build and push container image to Amazon ECR | |
env: | |
PROXY_IMG: ${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-telemetry-proxy:${{ needs.validate-release-increment.outputs.version }} | |
run: | | |
make docker-buildx-telemetry-proxy | |
publish-kube-rbac-proxy-ecr-image: | |
strategy: | |
matrix: | |
include: | |
- ecr-registry: public.ecr.aws | |
registry-type: public | |
- ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com | |
registry-type: private | |
registries: 709825985650 | |
runs-on: ubuntu-latest | |
needs: | |
- validate-release-increment | |
if: ${{ needs.validate-release-increment.outputs.perform-release == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
path: main | |
- name: Print kube-rbac-proxy version | |
id: print-kube-rbac-proxy-version | |
run: | | |
echo "kube_rbac_proxy_tag=$(cat main/kube-rbac-proxy/VERSION.kube-rbac-proxy)" >> ${GITHUB_OUTPUT} | |
- name: Checkout kube-rbac-proxy repo | |
uses: actions/checkout@v3 | |
with: | |
repository: brancz/kube-rbac-proxy | |
ref: ${{ steps.print-kube-rbac-proxy-version.outputs.kube_rbac_proxy_tag }} | |
path: kube-rbac-proxy | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: ${{ matrix.registry-type }} | |
registries: ${{ matrix.registries }} | |
- name: Build and push container image to Amazon ECR | |
env: | |
DOCKER_REPO: ${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-rbac-proxy | |
VERSION: ${{ needs.validate-release-increment.outputs.version }} | |
run: | | |
cat main/kube-rbac-proxy/publish.sh > kube-rbac-proxy/scripts/publish.sh | |
cd kube-rbac-proxy | |
./scripts/publish.sh | |
publish-helm-chart: | |
strategy: | |
matrix: | |
include: | |
- helm-registry: public-gallery | |
ecr-registry: public.ecr.aws | |
registry-type: public | |
is_public_gallery: true | |
- helm-registry: eks-addon | |
ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com | |
registry-type: private | |
registries: "709825985650" | |
is_eks_addon: true | |
runs-on: ubuntu-latest | |
needs: | |
- validate-release-increment | |
- publish-controller-ecr-image | |
- publish-telemetry-proxy-ecr-image | |
- publish-kube-rbac-proxy-ecr-image | |
if: ${{ needs.validate-release-increment.outputs.perform-release }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- run: | | |
git branch -r | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: ${{ matrix.registry-type }} | |
registries: ${{ matrix.registries }} | |
- name: Set up Helm | |
run: curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
- name: Set up yq | |
run: | | |
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 | |
sudo chmod +x /usr/local/bin/yq | |
- name: Update Helm chart metadata | |
run: | | |
yq e -i '.version = "${{ needs.validate-release-increment.outputs.version }}"' charts/lumigo-operator/Chart.yaml | |
yq e -i '.appVersion = "${{ needs.validate-release-increment.outputs.version }}"' charts/lumigo-operator/Chart.yaml | |
- name: Update Helm chart defaults | |
run: | | |
yq e -i ".controllerManager.manager.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-operator\"" charts/lumigo-operator/values.yaml | |
yq e -i ".controllerManager.manager.image.tag = \"${{ needs.validate-release-increment.outputs.version }}\"" charts/lumigo-operator/values.yaml | |
yq e -i ".controllerManager.telemetryProxy.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-telemetry-proxy\"" charts/lumigo-operator/values.yaml | |
yq e -i ".controllerManager.telemetryProxy.image.tag = \"${{ needs.validate-release-increment.outputs.version }}\"" charts/lumigo-operator/values.yaml | |
yq e -i ".controllerManager.kubeRbacProxy.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-rbac-proxy\"" charts/lumigo-operator/values.yaml | |
yq e -i ".controllerManager.kubeRbacProxy.image.tag = \"${{ needs.validate-release-increment.outputs.version }}\"" charts/lumigo-operator/values.yaml | |
- name: Update Helm chart defaults for eks addon | |
if: ${{ matrix.is_eks_addon }} | |
run: | | |
LUMIGO_AUTOTRACE_LATEST_VERSION=$(aws ecr describe-images --region us-east-1 --registry-id 709825985650 --repository-name lumigo/lumigo-autotrace --query 'sort_by(imageDetails,& imagePushedAt)[-2].imageTags[0]' --output text) | |
echo "LUMIGO_AUTOTRACE_LATEST_VERSION=$LUMIGO_AUTOTRACE_LATEST_VERSION" | |
yq e -i ".injectorWebhook.lumigoInjector.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-autotrace\"" charts/lumigo-operator/values.yaml | |
yq e -i ".injectorWebhook.lumigoInjector.image.tag = \"$LUMIGO_AUTOTRACE_LATEST_VERSION\"" charts/lumigo-operator/values.yaml | |
yq e -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"manager\").env[] | select(.name == \"LUMIGO_INJECTOR_IMAGE\")).value = \"${{ matrix.ecr-registry }}/lumigo/lumigo-autotrace:$LUMIGO_AUTOTRACE_LATEST_VERSION\"" config/manager/manager.yaml | |
- name: Update Kustomize images | |
run: | | |
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"manager\")).image = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-operator:${{ needs.validate-release-increment.outputs.version }}\"" config/manager/manager.yaml | |
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"telemetry-proxy\")).image = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-telemetry-proxy:${{ needs.validate-release-increment.outputs.version }}\"" config/manager/manager.yaml | |
- name: Update Kustomize operator version | |
run: | | |
yq -i '(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == "manager") | .env[] | select(.name == "LUMIGO_OPERATOR_VERSION")).value = "${{ needs.validate-release-increment.outputs.version }}"' config/manager/manager.yaml | |
yq -i '(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == "telemetry-proxy") | .env[] | select(.name == "LUMIGO_OPERATOR_VERSION")).value = "${{ needs.validate-release-increment.outputs.version }}"' config/manager/manager.yaml | |
- name: Prep Changelog settings | |
if: ${{ matrix.is_public_gallery }} | |
id: changelog-settings | |
run: | | |
echo "organization=$(echo "${GITHUB_REPOSITORY}" | awk -F/ '{ print $1 }')" >> ${GITHUB_OUTPUT} | |
echo "repository=$(echo "${GITHUB_REPOSITORY}" | awk -F/ '{ print $2 }')" >> ${GITHUB_OUTPUT} | |
- name: Update Changelog | |
if: ${{ matrix.is_public_gallery }} | |
uses: addnab/docker-run-action@v3 | |
env: | |
CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
image: githubchangeloggenerator/github-changelog-generator | |
options: "-v ${{ github.workspace }}:/github/workspace --env SRC_PATH=/github/workspace --env CHANGELOG_GITHUB_TOKEN --workdir /github/workspace" | |
run: | | |
github_changelog_generator -u "${{ steps.changelog-settings.outputs.organization }}" -p "${{ steps.changelog-settings.outputs.repository }}" pull-requests=false issues=false issues-wo-labels=false pr-wo-labels=false | |
- name: Print CHANGELOG.md | |
if: ${{ matrix.is_public_gallery }} | |
run: | | |
cat CHANGELOG.md | |
- name: Create release commit | |
if: ${{ matrix.is_public_gallery }} | |
id: create-release-commit | |
run: | | |
git add charts/lumigo-operator | |
git add config/manager/manager.yaml | |
git add CHANGELOG.md | |
git commit -m "v${{ needs.validate-release-increment.outputs.version }}" | |
git tag "v${{ needs.validate-release-increment.outputs.version }}" $(git rev-parse HEAD) | |
- name: Get dependencies (pull sub-charts into the main chart) | |
run: | | |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
helm dependency build charts/lumigo-operator | |
- name: Package Helm chart | |
run: | | |
helm package charts/lumigo-operator --destination packages/ | |
- name: Push Helm chart to marketplace owned ecr | |
if: ${{ matrix.is_eks_addon }} | |
id: push-helm-marketplace-owned-ecr | |
run: | | |
export HELM_EXPERIMENTAL_OCI=1 | |
aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin ${{ matrix.ecr-registry }} | |
helm push packages/lumigo-operator-${{ needs.validate-release-increment.outputs.version }}.tgz oci://${{ matrix.ecr-registry }}/lumigo # helm know to push to the right repository based on the chart name inside chart.yaml | |
- name: Calculate updated Helm index | |
if: ${{ matrix.is_public_gallery }} | |
id: prepare-helm-index-update | |
run: | | |
git checkout origin/gh-pages -b gh-pages --quiet | |
helm repo index packages/ --merge index.yaml --url "https://github.com/lumigo-io/lumigo-kubernetes-operator/releases/download/v${{ needs.validate-release-increment.outputs.version }}" | |
mv packages/index.yaml index.yaml | |
git add index.yaml | |
git status | |
git commit -m "v${{ needs.validate-release-increment.outputs.version }}" | |
echo "commit_sha=$(git rev-parse HEAD)" >> ${GITHUB_OUTPUT} | |
- name: Update Helm index | |
if: ${{ matrix.is_public_gallery }} | |
uses: CasperWA/push-protected@v2 | |
with: | |
token: ${{ secrets.TRIGGER_RELEASE_TOKEN }} | |
branch: gh-pages | |
- name: Create Release | |
if: ${{ matrix.is_public_gallery }} | |
uses: ncipollo/[email protected] | |
with: | |
token: ${{ secrets.TRIGGER_RELEASE_TOKEN }} | |
commit: "${{ steps.prepare-helm-index-update.outputs.commit_sha }}" | |
name: "v${{ needs.validate-release-increment.outputs.version }}" | |
tag: v${{ needs.validate-release-increment.outputs.version }} | |
artifacts: packages/* | |
omitBody: true | |
replacesArtifacts: true |