Skip to content

Commit 81406f0

Browse files
NickLarsenNZNickLarsenNZ
committed
remove ci stuff
NOTE: This will be removed in operator-templating, and requires changes to the workflows that are currently being worked on.
1 parent 80843e0 commit 81406f0

File tree

1 file changed

+0
-95
lines changed

1 file changed

+0
-95
lines changed

Makefile

Lines changed: 0 additions & 95 deletions
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,11 @@
99

1010
.PHONY: build publish
1111

12-
TAG := $(shell git rev-parse --short HEAD)
1312
OPERATOR_NAME := airflow-operator
1413
VERSION := $(shell cargo metadata --format-version 1 | jq -r '.packages[] | select(.name=="stackable-${OPERATOR_NAME}") | .version')
15-
ARCH := $(shell uname -m | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')
1614

1715
OCI_REGISTRY_HOSTNAME := oci.stackable.tech
1816
OCI_REGISTRY_PROJECT_IMAGES := sdp
19-
OCI_REGISTRY_PROJECT_CHARTS := sdp-charts
20-
# This will be overwritten by an environmental variable if called from the github action
21-
HELM_CHART_NAME := ${OPERATOR_NAME}
22-
HELM_CHART_ARTIFACT := target/helm/${OPERATOR_NAME}-${VERSION}.tgz
2317

2418
SHELL=/usr/bin/env bash -euo pipefail
2519

@@ -31,89 +25,6 @@ render-readme:
3125
render-docs:
3226
scripts/docs_templating.sh
3327

34-
## Docker related targets
35-
# called by the "docker" target
36-
docker-build:
37-
docker build --force-rm --build-arg VERSION=${VERSION} -t "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}" -f docker/Dockerfile .
38-
39-
# called by the "docker" target
40-
# called by build.yml
41-
docker-publish:
42-
# Push to Harbor
43-
# We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
44-
docker login --username '${value OCI_REGISTRY_SDP_USERNAME}' --password '${OCI_REGISTRY_SDP_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
45-
DOCKER_OUTPUT=$$(docker push --all-tags '${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}');\
46-
# Obtain the digest of the pushed image from the output of `docker push`, because signing by tag is deprecated and will be removed from cosign in the future\
47-
REPO_DIGEST_OF_IMAGE=$$(echo "$$DOCKER_OUTPUT" | awk '/^${VERSION}-${ARCH}: digest: sha256:[0-9a-f]{64} size: [0-9]+$$/ { print $$3 }');\
48-
if [ -z "$$REPO_DIGEST_OF_IMAGE" ]; then\
49-
echo 'Could not find repo digest for container image: ${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}';\
50-
exit 1;\
51-
fi;\
52-
# This generates a signature and publishes it to the registry, next to the image\
53-
# Uses the keyless signing flow with Github Actions as identity provider\
54-
cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\
55-
# Generate the SBOM for the operator image, this leverages the already generated SBOM for the operator binary by cargo-cyclonedx\
56-
syft scan --output [email protected]=sbom.json --select-catalogers "-cargo-auditable-binary-cataloger,+sbom-cataloger" --scope all-layers --source-name "${OPERATOR_NAME}" --source-version "${VERSION}-${ARCH}" "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\
57-
# Determine the PURL for the container image\
58-
URLENCODED_REPO_DIGEST_OF_IMAGE=$$(echo "$$REPO_DIGEST_OF_IMAGE" | sed 's/:/%3A/g');\
59-
PURL="pkg:oci/${OPERATOR_NAME}@$$URLENCODED_REPO_DIGEST_OF_IMAGE?arch=${ARCH}&repository_url=${OCI_REGISTRY_HOSTNAME}%2F${OCI_REGISTRY_PROJECT_IMAGES}%2F${OPERATOR_NAME}";\
60-
# Get metadata from the image\
61-
IMAGE_DESCRIPTION=$$(docker inspect --format='{{.Config.Labels.description}}' "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}");\
62-
IMAGE_NAME=$$(docker inspect --format='{{.Config.Labels.name}}' "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-${ARCH}");\
63-
# Merge the SBOM with the metadata for the operator\
64-
jq -s '{"metadata":{"component":{"description":"'"$$IMAGE_NAME. $$IMAGE_DESCRIPTION"'","supplier":{"name":"Stackable GmbH","url":["https://stackable.tech/"]},"author":"Stackable GmbH","purl":"'"$$PURL"'","publisher":"Stackable GmbH"}}} * .[0]' sbom.json > sbom.merged.json;\
65-
# Attest the SBOM to the image\
66-
cosign attest -y --predicate sbom.merged.json --type cyclonedx "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE"
67-
68-
# This assumes "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-amd64 and "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-arm64 are built and pushed
69-
# called by build.yml - TODO use the reusable action
70-
docker-manifest-list-build:
71-
docker manifest create "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}" --amend "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-amd64" --amend "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}-arm64"
72-
73-
# called by build.yml - TODO use the reusable action
74-
docker-manifest-list-publish:
75-
# Push to Harbor
76-
# We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
77-
docker login --username '${value OCI_REGISTRY_SDP_USERNAME}' --password '${OCI_REGISTRY_SDP_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
78-
DIGEST_HARBOR=$$(docker manifest push "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}");\
79-
# Refer to image via its digest (oci.stackable.tech/sdp/airflow@sha256:0a1b2c...);\
80-
# This generates a signature and publishes it to the registry, next to the image\
81-
# Uses the keyless signing flow with Github Actions as identity provider\
82-
cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}@$$DIGEST_HARBOR"
83-
84-
# TODO remove if not used/needed
85-
# Remove this, covered by CI
86-
docker: docker-build docker-publish
87-
88-
# used in build.yml
89-
# Not needed
90-
print-docker-tag:
91-
@echo "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}:${VERSION}"
92-
93-
# used by publish
94-
# used in build.yml
95-
# Not needed
96-
helm-publish:
97-
# Push to Harbor
98-
# We need to use "value" here to prevent the variable from being recursively expanded by make (username contains a dollar sign, since it's a Harbor bot)
99-
helm registry login --username '${value OCI_REGISTRY_SDP_CHARTS_USERNAME}' --password '${OCI_REGISTRY_SDP_CHARTS_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}'
100-
# Obtain the digest of the pushed artifact from the output of `helm push`, because signing by tag is deprecated and will be removed from cosign in the future\
101-
HELM_OUTPUT=$$(helm push '${HELM_CHART_ARTIFACT}' 'oci://${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}' 2>&1);\
102-
REPO_DIGEST_OF_ARTIFACT=$$(echo "$$HELM_OUTPUT" | awk '/^Digest: sha256:[0-9a-f]{64}$$/ { print $$2 }');\
103-
if [ -z "$$REPO_DIGEST_OF_ARTIFACT" ]; then\
104-
echo 'Could not find repo digest for helm chart: ${HELM_CHART_NAME}';\
105-
exit 1;\
106-
fi;\
107-
# Login to Harbor, needed for cosign to be able to push the signature for the Helm chart\
108-
docker login --username '${value OCI_REGISTRY_SDP_CHARTS_USERNAME}' --password '${OCI_REGISTRY_SDP_CHARTS_PASSWORD}' '${OCI_REGISTRY_HOSTNAME}';\
109-
# This generates a signature and publishes it to the registry, next to the chart artifact\
110-
# Uses the keyless signing flow with Github Actions as identity provider\
111-
cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_CHARTS}/${HELM_CHART_NAME}@$$REPO_DIGEST_OF_ARTIFACT"
112-
113-
# TODO: make a reusable action for this
114-
helm-package:
115-
mkdir -p target/helm && helm package --destination target/helm deploy/helm/${OPERATOR_NAME}
116-
11728
## Chart related targets
11829
compile-chart: version crds config
11930

@@ -131,7 +42,6 @@ config:
13142
cp -r deploy/config-spec/* "deploy/helm/${OPERATOR_NAME}/configs";\
13243
fi
13344

134-
# Maxi uses this occasionally
13545
crds:
13646
mkdir -p deploy/helm/"${OPERATOR_NAME}"/crds
13747
cargo run --bin stackable-"${OPERATOR_NAME}" -- crd | yq eval '.metadata.annotations["helm.sh/resource-policy"]="keep"' - > "deploy/helm/${OPERATOR_NAME}/crds/crds.yaml"
@@ -150,11 +60,6 @@ regenerate-nix:
15060

15161
build: regenerate-charts regenerate-nix helm-package docker-build
15262

153-
# This target is used by the CI
154-
# It doesn't make use of any nix dependencies and thus aviods building the
155-
# operator unnecessarily often.
156-
build-ci: regenerate-charts helm-package docker-build
157-
15863
publish: docker-publish helm-publish
15964

16065
check-nix:

0 commit comments

Comments
 (0)