Merge branch 'main' into feat/docker-user

lfrancke · lfrancke · commit 387dd931dfc7 · 2024-09-17T13:49:52.000+02:00
# Conflicts:
#	template/docker/Dockerfile.j2
diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
diff --git a/.github/workflows/generate_prs.yml b/.github/workflows/generate_prs.yml
@@ -128,10 +128,12 @@ jobs:
       - name: Set commit message for manual dispatch
         if: ${{ github.event_name == 'workflow_dispatch' }}
         run: |
-          echo "REASON=@${{ github.event.sender.login }}: ${{ github.event.inputs.message }}" >> "$GITHUB_ENV"
+          echo "AUTHOR=@${{ github.event.sender.login }}" >> "$GITHUB_ENV"
+          echo "REASON=${{ github.event.inputs.message }}" >> "$GITHUB_ENV"
       - name: Set commit message for schedule
         if: ${{ github.event_name == 'schedule' }}
         run: |
+          echo "AUTHOR=Github Actions"
           echo "REASON=Daily run triggered" >> "$GITHUB_ENV"
 
       - name: Overwrite repositories.yaml for ${{ matrix.repository.name }}
@@ -150,7 +152,7 @@ jobs:
         if: ${{ !inputs.dry-run }}
         run: |
           # Funnel via JSON to ensure that values are escaped properly
-          echo '{}' | jq '{commit_hash: $ENV.GITHUB_SHA, reason: $ENV.REASON, base_dir: $pwd,  gh_access_token: $ENV.GH_ACCESS_TOKEN}' --arg pwd "$(pwd)" > vars.json
+          echo '{}' | jq '{commit_hash: $ENV.GITHUB_SHA, author: $ENV.AUTHOR, reason: $ENV.REASON, base_dir: $pwd,  gh_access_token: $ENV.GH_ACCESS_TOKEN}' --arg pwd "$(pwd)" > vars.json
           ansible-playbook playbook/playbook.yaml --extra-vars "@vars.json"
         env:
           GH_ACCESS_TOKEN: ${{ secrets.gh_access_token }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -49,6 +49,8 @@ repos:
     rev: 62dc61a45fc95efe8c800af7a557ab0b9165d63b # 1.7.1
     hooks:
       - id: actionlint
+        types: [text]
+        files: ^(template/)?\.github/workflows/.*\.ya?ml(\.j2)?
 
   - repo: https://github.com/hadolint/hadolint
     rev: b3555ba9c2bfd9401e79f2f0da68dd1ae38e10c7 # 2.12.0
diff --git a/playbook/group_vars/all/vars b/playbook/group_vars/all/vars
@@ -26,7 +26,7 @@ pr_body: |
     >
     > | **Trigger-message** |
     > | - |
-    > | {{ reason }} |
+    > | {{ author }}: {{ reason }} |
 
     > [!TIP]
     > Please update the change type as appropriate.
diff --git a/playbook/update_repo.yaml b/playbook/update_repo.yaml
@@ -139,7 +139,7 @@
 
     - name: "Operator [{{ operator.name }}] create PR"
       command:
-        argv: [gh, pr, create, --base, main, --title, "{{ pr_title }}", --body, "{{ pr_body }}", --reviewer, "@stackabletech/developers"]
+        argv: [gh, pr, create, --base, main, --title, "{{ pr_title }}", --body, "{{ pr_body }}", --reviewer, "{{ author }}"]
         chdir: "{{ work_dir }}/{{ operator.name }}"
 
 - name: "Operator [{{ operator.name }}] clean"
diff --git a/template/.github/actionlint.yaml b/template/.github/actionlint.yaml
@@ -0,0 +1,5 @@
+---
+self-hosted-runner:
+  # Ubicloud machines we are using
+  labels:
+    - ubicloud-standard-8-arm
diff --git a/template/.github/workflows/build.yml.j2 b/template/.github/workflows/build.yml.j2
@@ -88,18 +88,18 @@ jobs:
           TRIGGER: ${{ github.event_name }}
           GITHUB_REF: ${{ github.ref }}
         run: |
-          if [[ $TRIGGER == "pull_request" ]]; then
+          if [[ "$TRIGGER" == "pull_request" ]]; then
             echo "exporting test as target helm repo: ${{ env.TEST_REPO_HELM_URL }}"
-            echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> $GITHUB_OUTPUT
-          elif [[ ( $TRIGGER == "push" || $TRIGGER == "schedule" || $TRIGGER == "workflow_dispatch" ) && $GITHUB_REF == "refs/heads/main" ]]; then
+            echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT"
+          elif [[ ( "$TRIGGER" == "push" || "$TRIGGER" == "schedule" || "$TRIGGER" == "workflow_dispatch" ) && "$GITHUB_REF" == "refs/heads/main" ]]; then
             echo "exporting dev as target helm repo: ${{ env.DEV_REPO_HELM_URL }}"
-            echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> $GITHUB_OUTPUT
-          elif [[ $TRIGGER == "push" && $GITHUB_REF == refs/tags/* ]]; then
+            echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT"
+          elif [[ "$TRIGGER" == "push" && $GITHUB_REF == refs/tags/* ]]; then
             echo "exporting stable as target helm repo: ${{ env.STABLE_REPO_HELM_URL }}"
-            echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> $GITHUB_OUTPUT
+            echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT"
           else
             echo "Unknown trigger and ref combination encountered, skipping publish step: $TRIGGER $GITHUB_REF"
-            echo "helm_repo=skip" >> $GITHUB_OUTPUT
+            echo "helm_repo=skip" >> "$GITHUB_OUTPUT"
           fi
 
   run_cargodeny:
@@ -379,7 +379,7 @@ jobs:
       - id: printtag
         name: Output image name and tag
         if: ${{ !github.event.pull_request.head.repo.fork }}
-        run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT
+        run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT"
 
   create_manifest_list:
     name: Build and publish manifest list
@@ -437,4 +437,4 @@ jobs:
           ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')"
           ./preflight-linux-amd64 check container "$IMAGE_TAG" --platform "${ARCH_FOR_PREFLIGHT}" > preflight.out
       - name: "Passed?"
-        run: '[ "$(cat preflight.out | jq -r .passed)" == true ]'
+        run: '[ "$(jq -r .passed < preflight.out)" == true ]'
diff --git a/template/.github/workflows/pr_pre-commit.yaml.j2 b/template/.github/workflows/pr_pre-commit.yaml.j2
@@ -16,6 +16,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
+          submodules: recursive
       - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
           python-version: '3.12'
@@ -39,6 +40,7 @@ jobs:
           chmod 700 "${LOCATION_BIN}"
 
           echo "$LOCATION_DIR" >> "$GITHUB_PATH"
+      - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
       - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
         with:
           extra_args: "--from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}"
diff --git a/template/.pre-commit-config.yaml.j2 b/template/.pre-commit-config.yaml.j2
@@ -66,13 +66,13 @@ repos:
       - id: regenerate-charts
         name: regenerate-charts
         language: system
-        entry: make regenerate-charts
+        entry: nix-shell --run 'make regenerate-charts'
         stages: [commit, merge-commit, manual]
         pass_filenames: false
 
       - id: cargo-test
         name: cargo-test
         language: system
-        entry: cargo test
+        entry: nix-shell --run 'cargo test'
         stages: [commit, merge-commit, manual]
         pass_filenames: false
diff --git a/template/docker/Dockerfile.j2 b/template/docker/Dockerfile.j2
@@ -1,14 +1,22 @@
 # syntax=docker/dockerfile:1.10.0@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5
+# NOTE: The syntax directive needs to be the first line in a Dockerfile
+
 # =============
 # This file is automatically generated from the templates in stackabletech/operator-templating
 # DON'T MANUALLY EDIT THIS FILE
 # =============
-# NOTE: The syntax directive needs to be the first line in a Dockerfile
+
 # https://docs.docker.com/build/checks/#fail-build-on-check-violations
 # check=error=true
-FROM oci.stackable.tech/sdp/ubi9-rust-builder AS builder
 
-FROM registry.access.redhat.com/ubi9/ubi-minimal AS operator
+# We want to automatically use the latest. We also don't tag our images with a version.
+# hadolint ignore=DL3007
+FROM oci.stackable.tech/sdp/ubi9-rust-builder:latest AS builder
+
+
+# We want to automatically use the latest.
+# hadolint ignore=DL3007
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS operator
 
 ARG VERSION
 ARG RELEASE="1"
@@ -58,9 +66,13 @@ LABEL io.openshift.tags="ubi9,stackable,sdp,{[ operator.product_string }]"
 LABEL io.k8s.description="Deploy and manage {[ operator.pretty_string }] clusters."
 LABEL io.k8s.display-name="Stackable Operator for {[ operator.pretty_string }]"
 
-# Update image and install kerberos client libraries
 RUN <<EOF
+# Update image and install kerberos client libraries
+# install_weak_deps in microdnf does not support the literal "False" as dnf does
+# https://github.com/rpm-software-management/microdnf/blob/a600c62f29262d71a6259b70dc220df65a2ab9b5/dnf/dnf-main.c#L176-L189
 microdnf update
+# NOTE (@NickLarsenNZ): Maybe we should consider pinning package versions?
+# hadolint ignore=DL3041
 microdnf install -y \
   krb5-libs \
   libkadm5 \
@@ -89,9 +101,9 @@ EOF
 COPY LICENSE /licenses/LICENSE
 
 COPY --from=builder /app/* /usr/local/bin/
-{[% if operator.include_productconfig is undefined or operator.include_productconfig == true %}]
-COPY deploy/config-spec/properties.yaml /etc/stackable/{[ operator.name }]/config-spec/properties.yaml
-{[% endif %}]
+# {[% if operator.include_productconfig is undefined or operator.include_productconfig == true %}]
+COPY deploy/config-spec/properties.yaml /etc/stackable/{[operator.name}]/config-spec/properties.yaml
+# {[% endif %}]
 
 USER ${STACKABLE_USER_UID}
 

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ pr_body: \|`
`26`	`26`	`>`
`27`	`27`	`> \| Trigger-message \|`
`28`	`28`	`> \| - \|`
`29`		`- > \| {{ reason }} \|`
	`29`	`+ > \| {{ author }}: {{ reason }} \|`
`30`	`30`
`31`	`31`	`> [!TIP]`
`32`	`32`	`> Please update the change type as appropriate.`