Skip to content

Commit

Permalink
build: check images and versions
Browse files Browse the repository at this point in the history
Run check-images when charts or manifests are modified.
  • Loading branch information
bernot-dev committed Jan 9, 2025
1 parent d41ac7e commit 8d1e15f
Show file tree
Hide file tree
Showing 8 changed files with 115 additions and 55 deletions.
28 changes: 28 additions & 0 deletions .github/workflows/check-images.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Check Manifest Images
on:
push:
paths:
- charts/**
- manifests/**

jobs:
check-images:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- name: Check manifest images
run: make check-images
6 changes: 3 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,6 @@ presubmit: ## Regenerate all resources, build all images and run all tests.
presubmit: regen bin test


.PHONY: checkimages
checkimages:
./hack/checkimages.sh
.PHONY: check-images
check-images: $(YQ)
./hack/check-images.sh
4 changes: 2 additions & 2 deletions charts/values.global.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ commonLabels: false
namespace:
public: gmp-public
system: gmp-system
version: 0.14.0
version: 0.15.0
images:
# NOTE: All tags have to be quoted otherwise they might be treated as a number.
bash:
Expand All @@ -38,7 +38,7 @@ images:
image: gke.gcr.io/prometheus-engine/rule-evaluator
tag: "v0.15.0-gke.12"
datasourceSyncer:
image: gcr.io/gke-release/prometheus-engine/datasource-syncer
image: gke.gcr.io/prometheus-engine/datasource-syncer
tag: "v0.15.0-gke.12"
resources:
alertManager:
Expand Down
4 changes: 2 additions & 2 deletions cmd/datasource-syncer/datasource-syncer.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ spec:
- linux
containers:
- name: datasource-syncer-init
image: gcr.io/gke-release/prometheus-engine/datasource-syncer:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/datasource-syncer:v0.15.0-gke.12
args:
- "--datasource-uids=$DATASOURCE_UIDS"
- "--grafana-api-endpoint=$GRAFANA_API_ENDPOINT"
Expand Down Expand Up @@ -79,7 +79,7 @@ spec:
- linux
containers:
- name: datasource-syncer
image: gcr.io/gke-release/prometheus-engine/datasource-syncer:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/datasource-syncer:v0.15.0-gke.12
args:
- "--datasource-uids=$DATASOURCE_UIDS"
- "--grafana-api-endpoint=$GRAFANA_API_ENDPOINT"
Expand Down
68 changes: 68 additions & 0 deletions hack/check-images.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
#!/bin/bash
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

source .bingo/variables.env

VALUES=charts/values.global.yaml
VERSION=$(${YQ} '.version' "$VALUES")

check_image() {
IMAGE=$1
TAG=$2
GMP_VERSIONED=${3:-false}

LATEST=$(docker run gcr.io/go-containerregistry/crane ls "${IMAGE}" | grep "^v[0-9]" | sort -V | tail -1)

if [[ $GMP_VERSIONED = true && ! "$TAG" =~ ^v${VERSION}.*$ ]]; then
printf "GMP Version is %q, but tag %q of %q does not match\n" "$VERSION" "$TAG" "$IMAGE" && exit 1
fi

if [ "$TAG" != "$LATEST" ]; then
printf "%s is %q, latest is %q" "$IMAGE" "$TAG" "$LATEST"
fi
docker manifest inspect "${IMAGE}:${TAG}" > /dev/null

printf "%q image verified\n" "$IMAGE"
}

ALERTMANAGER_IMAGE=$(${YQ} '.images.alertmanager.image' "$VALUES")
ALERTMANAGER_TAG=$(${YQ} '.images.alertmanager.tag' "$VALUES")
check_image "$ALERTMANAGER_IMAGE" "$ALERTMANAGER_TAG"

CONFIG_RELOADER_IMAGE=$(${YQ} '.images.configReloader.image' "$VALUES")
CONFIG_RELOADER_TAG=$(${YQ} '.images.configReloader.tag' "$VALUES")
check_image "$CONFIG_RELOADER_IMAGE" "$CONFIG_RELOADER_TAG" true

DATASOURCE_SYNCER_IMAGE=$(${YQ} '.images.datasourceSyncer.image' "$VALUES")
DATASOURCE_SYNCER_TAG=$(${YQ} '.images.datasourceSyncer.tag' "$VALUES")
check_image "$DATASOURCE_SYNCER_IMAGE" "$DATASOURCE_SYNCER_TAG" true

OPERATOR_IMAGE=$(${YQ} '.images.operator.image' "$VALUES")
OPERATOR_TAG=$(${YQ} '.images.operator.tag' "$VALUES")
check_image "$OPERATOR_IMAGE" "$OPERATOR_TAG" true

PROMETHEUS_IMAGE=$(${YQ} '.images.prometheus.image' "$VALUES")
PROMETHEUS_TAG=$(${YQ} '.images.prometheus.tag' "$VALUES")
check_image "$PROMETHEUS_IMAGE" "$PROMETHEUS_TAG"

RULE_EVALUATOR_IMAGE=$(${YQ} '.images.ruleEvaluator.image' "$VALUES")
RULE_EVALUATOR_TAG=$(${YQ} '.images.ruleEvaluator.tag' "$VALUES")
check_image "$RULE_EVALUATOR_IMAGE" "$RULE_EVALUATOR_TAG" true

echo "All images verified"
36 changes: 0 additions & 36 deletions hack/checkimages.sh

This file was deleted.

18 changes: 9 additions & 9 deletions manifests/operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,7 @@ spec:
labels:
app: managed-prometheus-collector
app.kubernetes.io/name: collector
app.kubernetes.io/version: 0.14.0
app.kubernetes.io/version: 0.15.0
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set.
Expand All @@ -373,7 +373,7 @@ spec:
readOnlyRootFilesystem: true
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.12
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
Expand Down Expand Up @@ -543,14 +543,14 @@ spec:
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
app.kubernetes.io/version: 0.14.0
app.kubernetes.io/version: 0.15.0
spec:
serviceAccountName: operator
automountServiceAccountToken: true
priorityClassName: gmp-critical
containers:
- name: operator
image: gke.gcr.io/prometheus-engine/operator:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/operator:v0.15.0-gke.12
args:
- "--operator-namespace=gmp-system"
- "--public-namespace=gmp-public"
Expand Down Expand Up @@ -644,7 +644,7 @@ spec:
labels:
app.kubernetes.io/name: rule-evaluator
app: managed-prometheus-rule-evaluator
app.kubernetes.io/version: 0.14.0
app.kubernetes.io/version: 0.15.0
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set.
Expand All @@ -670,7 +670,7 @@ spec:
readOnlyRootFilesystem: true
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.12
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
Expand Down Expand Up @@ -711,7 +711,7 @@ spec:
privileged: false
readOnlyRootFilesystem: true
- name: evaluator
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.15.0-gke.12
args:
- --config.file=/prometheus/config_out/config.yaml
- --web.listen-address=:19092
Expand Down Expand Up @@ -817,7 +817,7 @@ spec:
labels:
app: managed-prometheus-alertmanager
app.kubernetes.io/name: alertmanager
app.kubernetes.io/version: 0.14.0
app.kubernetes.io/version: 0.15.0
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
Expand Down Expand Up @@ -876,7 +876,7 @@ spec:
privileged: false
readOnlyRootFilesystem: true
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.12
args:
- --config-file=/alertmanager/config.yaml
- --config-file-output=/alertmanager/config_out/config.yaml
Expand Down
6 changes: 3 additions & 3 deletions manifests/rule-evaluator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ spec:
metadata:
labels:
app.kubernetes.io/name: rule-evaluator
app.kubernetes.io/version: 0.14.0
app.kubernetes.io/version: 0.15.0
spec:
serviceAccountName: rule-evaluator
automountServiceAccountToken: true
Expand All @@ -131,7 +131,7 @@ spec:
mountPath: /prometheus/config_out
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/config-reloader:v0.15.0-gke.12
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
Expand Down Expand Up @@ -169,7 +169,7 @@ spec:
privileged: false
readOnlyRootFilesystem: true
- name: evaluator
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.15.0-gke.8
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.15.0-gke.12
args:
- "--config.file=/prometheus/config_out/config.yaml"
- "--web.listen-address=:9092"
Expand Down

0 comments on commit 8d1e15f

Please sign in to comment.