Skip to content

Commit

Permalink
Merge pull request #440 from cert-manager/self-upgrade-main
Browse files Browse the repository at this point in the history
[CI] Merge self-upgrade-main into main
  • Loading branch information
cert-manager-prow[bot] authored May 13, 2024
2 parents fd22e87 + feed8cd commit 51a6c84
Show file tree
Hide file tree
Showing 8 changed files with 158 additions and 58 deletions.
1 change: 1 addition & 0 deletions OWNERS_ALIASES
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ aliases:
- irbekrm
- sgtcodfish
- inteon
- thatsmrtalbot
28 changes: 14 additions & 14 deletions klone.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,70 +10,70 @@ targets:
- folder_name: api-docs
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/api-docs
- folder_name: boilerplate
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/boilerplate
- folder_name: cert-manager
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/cert-manager
- folder_name: controller-gen
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/controller-gen
- folder_name: generate-verify
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/generate-verify
- folder_name: go
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/go
- folder_name: helm
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/helm
- folder_name: help
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/help
- folder_name: kind
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/kind
- folder_name: klone
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/klone
- folder_name: oci-build
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/oci-build
- folder_name: oci-publish
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/oci-publish
- folder_name: repository-base
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/repository-base
- folder_name: tools
repo_url: https://github.com/cert-manager/makefile-modules.git
repo_ref: main
repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98
repo_hash: b6dc86973e937be38a138f38cf83134760487f26
repo_path: modules/tools
18 changes: 9 additions & 9 deletions make/_shared/cert-manager/00_mod.mk
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@
images_amd64 ?=
images_arm64 ?=

cert_manager_version := v1.14.4
cert_manager_version := v1.14.5

images_amd64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:f84edf06327f84ed2ca056776659aa144cf3cc982c5403650c24553c5a44b03d
images_amd64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:8267563833c31cc428b9ae460b890d079a1da09a4d8d00ec299a47dd613fbd24
images_amd64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:ba5469d1a77b1cb04a703199b0e69bc25644a00498adc3694a0369c87375b4ca
images_amd64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:2a1545099cf6386ab08e979a58a6280fe123d091c69f8222bfb22c597003a3f0
images_amd64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:f37f460aaa7598ba251ff1cbe7438012fd56c4acc94be64245e8a836203c5542
images_amd64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:6d9ebced61371cc903f7934690923034382456f3ce6e0fe2b692c40dbd67d523
images_amd64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:ac34b1905a2ff20789fde27115d3e1aa7b3d09f57efba4e91ae2ba1744de4ad2
images_amd64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:5c74e4e37586dc5c35442515f43ecf222e961b65e954798428ac9239408bc0f3

images_arm64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:39a6e9e699b3dacb8b92538efbaff85c16d4b30343ebeaaf2f35772ff3cebf53
images_arm64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:956aac21371499fdcc8811b4b5fc8e2e0d6e552b15723c783fe56270347fc9e0
images_arm64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:8ea8462c1daa7604f4f2e71e0cdeef3dd5d7e0f04341982a05dc296299766126
images_arm64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:f4cd54540f8813e63a2f53b5b210454ae2a5fe0949b9f55d8f1270162ebad9a8
images_arm64 += quay.io/jetstack/cert-manager-controller:$(cert_manager_version)@sha256:96668890d162a743407c0ef14d7769e970aa16655959b5f5cab0c595167148fa
images_arm64 += quay.io/jetstack/cert-manager-cainjector:$(cert_manager_version)@sha256:719aec5d99e86377829261451985592bc4129c5ca8dcb7f20b32170742f2b29b
images_arm64 += quay.io/jetstack/cert-manager-webhook:$(cert_manager_version)@sha256:874da5701a98e352fa28d88470671eb792a472737a3cf2b7ce9966817e962de8
images_arm64 += quay.io/jetstack/cert-manager-startupapicheck:$(cert_manager_version)@sha256:35d35b325b980cc702324e52b443cc7eb1df7211ce4e8e91d96da4eff4b6c894
63 changes: 41 additions & 22 deletions make/_shared/oci-build/image_tool/append_layers.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"github.com/google/go-containerregistry/pkg/v1/match"
"github.com/google/go-containerregistry/pkg/v1/mutate"
"github.com/google/go-containerregistry/pkg/v1/tarball"
"github.com/google/go-containerregistry/pkg/v1/types"
"github.com/spf13/cobra"
)

Expand All @@ -45,16 +46,33 @@ var CommandAppendLayers = cobra.Command{
return
}

path, err := layout.FromPath(oci)
must("could not load oci directory", err)

index, err := path.ImageIndex()
must("could not load oci image index", err)

indexMediaType, err := index.MediaType()
must("could not get image index media type", err)

layerType := types.DockerLayer
if indexMediaType == types.OCIImageIndex {
layerType = types.OCILayer
}

layers := []v1.Layer{}
for _, path := range extra {
layers = append(layers, loadLayerFromDirOrTarball(path))
layers = append(layers, loadLayerFromDirOrTarball(path, layerType))
}

appendLayersToAllImages(oci, layers...)
index = appendLayersToImageIndex(index, layers)

_, err = layout.Write(oci, index)
must("could not write image", err)
},
}

func loadLayerFromDirOrTarball(path string) v1.Layer {
func loadLayerFromDirOrTarball(path string, mediaType types.MediaType) v1.Layer {
stat, err := os.Stat(path)
must("could not open directory or tarball", err)

Expand Down Expand Up @@ -102,31 +120,24 @@ func loadLayerFromDirOrTarball(path string) v1.Layer {

byts := buf.Bytes()

layer, err = tarball.LayerFromOpener(func() (io.ReadCloser, error) {
return io.NopCloser(bytes.NewReader(byts)), nil
})
layer, err = tarball.LayerFromOpener(
func() (io.ReadCloser, error) {
return io.NopCloser(bytes.NewReader(byts)), nil
},
tarball.WithMediaType(mediaType),
)

} else {
layer, err = tarball.LayerFromFile(path)
layer, err = tarball.LayerFromFile(
path,
tarball.WithMediaType(mediaType),
)
}

must("could not open directory or tarball", err)
return layer
}

func appendLayersToAllImages(oci string, layers ...v1.Layer) {
path, err := layout.FromPath(oci)
must("could not load oci directory", err)

index, err := path.ImageIndex()
must("could not load oci image index", err)

index = appendLayersToImageIndex(index, layers)

_, err = layout.Write(oci, index)
must("could not write image", err)
}

func appendLayersToImageIndex(index v1.ImageIndex, layers []v1.Layer) v1.ImageIndex {
manifest, err := index.IndexManifest()
must("could not load oci image manifest", err)
Expand All @@ -145,11 +156,15 @@ func appendLayersToImageIndex(index v1.ImageIndex, layers []v1.Layer) v1.ImageIn
digest, err := img.Digest()
must("could not get image digest", err)

size, err := img.Size()
must("could not get image size", err)

slog.Info("appended layers to image", "old_digest", descriptor.Digest, "digest", digest, "platform", descriptor.Platform)

index = mutate.RemoveManifests(index, match.Digests(descriptor.Digest))

descriptor.Digest = digest
descriptor.Size = size
index = mutate.AppendManifests(index, mutate.IndexAddendum{
Add: img,
Descriptor: descriptor,
Expand All @@ -159,16 +174,20 @@ func appendLayersToImageIndex(index v1.ImageIndex, layers []v1.Layer) v1.ImageIn
slog.Info("found image index", "digest", descriptor.Digest)

child, err := index.ImageIndex(descriptor.Digest)
must("could not load oci image manifest", err)
must("could not load oci index manifest", err)

child = appendLayersToImageIndex(child, layers)

digest, err := child.Digest()
must("could not get image digest", err)
must("could not get index digest", err)

size, err := child.Size()
must("could not get index size", err)

index = mutate.RemoveManifests(index, match.Digests(descriptor.Digest))

descriptor.Digest = digest
descriptor.Size = size
index = mutate.AppendManifests(index, mutate.IndexAddendum{
Add: child,
Descriptor: descriptor,
Expand Down
12 changes: 6 additions & 6 deletions make/_shared/oci-publish/01_mod.mk
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ sanitize_target = $(subst :,-,$1)
registry_for = $(firstword $(subst /, ,$1))

# Utility variables
current_makefile = $(lastword $(MAKEFILE_LIST))
current_makefile_directory = $(dir $(current_makefile))
current_makefile_directory := $(dir $(lastword $(MAKEFILE_LIST)))
image_exists_script := $(current_makefile_directory)/image-exists.sh

# Validate globals that are required
$(call fatal_if_undefined,bin_dir)
Expand Down Expand Up @@ -78,10 +78,10 @@ $(call sanitize_target,oci-push-$2): oci-build-$1 | $(NEEDS_CRANE)

.PHONY: $(call sanitize_target,oci-maybe-push-$2)
$(call sanitize_target,oci-maybe-push-$2): oci-build-$1 | $(NEEDS_CRANE)
$$(CRANE) $(crane_flags_$1) manifest $2:$(call oci_image_tag_for,$1) > /dev/null 2>&1 || (\
$$(CRANE) $(crane_flags_$1) push "$(oci_layout_path_$1)" "$2:$(call oci_image_tag_for,$1)" && \
$(if $(filter true,$(oci_sign_on_push_$1)),$(MAKE) $(call sanitize_target,oci-sign-$2)) \
)
CRANE="$$(CRANE) $(crane_flags_$1)" \
source $(image_exists_script) $2:$(call oci_image_tag_for,$1); \
$$(CRANE) $(crane_flags_$1) push "$(oci_layout_path_$1)" "$2:$(call oci_image_tag_for,$1)"; \
$(if $(filter true,$(oci_sign_on_push_$1)),$(MAKE) $(call sanitize_target,oci-sign-$2))

oci-push-$1: $(call sanitize_target,oci-push-$2)
oci-maybe-push-$1: $(call sanitize_target,oci-maybe-push-$2)
Expand Down
70 changes: 70 additions & 0 deletions make/_shared/oci-publish/image-exists.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
#!/usr/bin/env bash

# Copyright 2022 The cert-manager Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

# This script checks if a given image exists in the upstream registry, and if it
# does, whether it contains all the expected architectures.

crane=${CRANE:-}

FULL_IMAGE=${1:-}

function print_usage() {
echo "usage: $0 <full-image> [commands...]"
}

if [[ -z $FULL_IMAGE ]]; then
print_usage
echo "Missing full-image"
exit 1
fi

if [[ -z $crane ]]; then
echo "CRANE environment variable must be set to the path of the crane binary"
exit 1
fi

shift 1

manifest=$(mktemp)
trap 'rm -f "$manifest"' EXIT SIGINT

manifest_error=$(mktemp)
trap 'rm -f "$manifest_error"' EXIT SIGINT

echo "+++ searching for $FULL_IMAGE in upstream registry"

set +o errexit
$crane manifest "$FULL_IMAGE" > "$manifest" 2> "$manifest_error"
exit_code=$?
set -o errexit

manifest_error_data=$(cat "$manifest_error")
if [[ $exit_code -eq 0 ]]; then
echo "+++ upstream registry appears to contain $FULL_IMAGE, exiting"
exit 0

elif [[ "$manifest_error_data" == *"MANIFEST_UNKNOWN"* ]]; then
echo "+++ upstream registry does not contain $FULL_IMAGE, will build and push"
# fall through to run the commands passed to this script

else
echo "FATAL: upstream registry returned an unexpected error: $manifest_error_data, exiting"
exit 1
fi
1 change: 1 addition & 0 deletions make/_shared/repository-base/base/OWNERS_ALIASES
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ aliases:
- irbekrm
- sgtcodfish
- inteon
- thatsmrtalbot
Loading

0 comments on commit 51a6c84

Please sign in to comment.