-
Notifications
You must be signed in to change notification settings - Fork 15
Auto-push bundle manifests changes to PR branch if needed #195
Auto-push bundle manifests changes to PR branch if needed #195
Conversation
39c26a7
to
c1620a6
Compare
c1620a6
to
6cbb0df
Compare
bbc5feb
to
931ea21
Compare
.github/workflows/pr.yaml
Outdated
@@ -54,11 +54,37 @@ jobs: | |||
with: | |||
go-version-file: 'go.mod' | |||
|
|||
- name: Check for outdated bundle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me it looks like adding complexity for pretty much zero outcome, sorry :)
I mean I do not mind of calling extra 'make bundle' if we really need so but sending the message about autogenerated by 'make bundle' file looks confusing for me , this can NOT "affect the resulting manifests" for github workflow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me it looks like adding complexity for pretty much zero outcome, sorry :)
No problem - always open to discussions :)
So the whole value here is to alleviate the load on reviewers, using some automation to streamline the review process as much as we can. This could be part of our PR template checklist, but it is always better if it can be enforced automatically, which is the point here.
I mean I do not mind of calling extra 'make bundle' if we really need
Sure, we can think of calling make bundle
because we know that, but if someone else contributes a PR, we would need to think about checking the bundle manifests. Even us, didn't we forget sometimes to regenerate the bundle in most of the PRs where it could have been needed?
Same point: if you update the go code using the kubebuilder marker comments and don't regenerate the CRDs manifests (I think it already happened recently when updating the RBAC permissions), this would be caught by this validation workflow.
sending the message about autogenerated by 'make bundle' file looks confusing for me , this can NOT "affect the resulting manifests" for github workflow.
Not sure I understand this statement. You mean the message displayed by this step, like in this run?
Files changed in bundle generation.
Please make sure to regenerate the bundle with 'make bundle' and push the changes.
Make sure you unset any related env vars like VERSION or IMAGE_TAG_BASE or IMG before running this command, as they may affect the resulting manifests.
You might also need to update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly.
This is a hint to the PR author if they want to call make bundle
by themselves locally, to pay attention to those variables. By "affect the resulting manifests", I mean that if you had exported an env var called VERSION
or IMAGE_TAG_BASE
, the generated CSV will likely contain those values. Please try it by yourself, by calling export IMAGE_TAG_BASE=my.registry.example.com/janus-idp/operator; make bundle
, and you'll see the result.
But I'm open to a different wording suggestion ;)
The CI is the source of truth, so the diff seen by the CI should be the expected outcome. Initially, I was thinking of making the GitHub job just commit the diff, so that the PR author does not even need to think about it. But for now, erroring out in case of a diff will help educate contributors to think about the resulting manifests (because the CSV in .rhdh
might also need to be changed). That's why I'm attaching the diff to review and apply it as needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Enforcing the validation sounds a good idea to me and it is commonly used by others too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What really concerning me is that Developer (in most of the cases triggered by this proposal) may not even have an idea that he/she changed something related.
Like I mentioned: for development I use variable like IMG to test it with my repo/image not touching prod one. It is a valid case, right?
So, let's imagine I have no idea that I did something "affecting the resulting manifests" even not changing source code and this confusing me a lot. It is happened due to particular internal implementation details and I do not think everyone should be aware of it.
TBH I thought you will make GH action provide some automation to change the things silently, I even did not consider any messaging back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gazarenkov Developers should be aware that local builds can generate local-specific manifests, and before they submit a PR, they should re-generate the manifests/bundle without local specific information. This is what I have been doing and it has been working well for me:
unset IMG && unset IMAGE_TAG_BASE && unset VERSION && make manifests bundle
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gazarenkov This should be a warning now (011654e
(#195)), which won't change the outcome of the "PR Validate" job. Let's see how it goes. We can always change it back to an error in the future if it does not help that much.
To make the warning more noticeable to PR authors and reviewers, I was planning to automatically add a comment to the PR, but it does not work currently on fork PRs due to permission restrictions. This can be fixed in a subsequent issue/PR. For now, PR authors/reviewers should think about checking the validation job summary in GH for any warnings.
See https://github.com/janus-idp/operator/actions/runs/7959583931?pr=195 for an example and approve if it looks fine to you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would agree that warning are ignored until they're escalated to errors. Consider the warnings about deprecated versions of nodejs used in GH actions. Until the action fails, no one is going to look at the warnings and update all their action dependencies to newer versions depending on non-EOL nodejs versions.
-- https://github.com/janus-idp/operator/actions/runs/7960349847
I've had to open JIRAs to prioritize the work to cleean up warnings, eg., https://issues.redhat.com/browse/RHIDP-1189
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nickboldt
I may miss something but do not think impact of this PR's warning and warnings about deprecated node.js version are comparable.
Let's consider something closer: #192
Would you consider it as "warning are ignored" and "escalate it to error" ?
If so, what concrete action items would you propose?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my point is that if you want people to notice a problem when running a GH action, it needs to FAIL, not WARN.
Warnings are ignored; failures are addressed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having only Failures everywhere will not work.
It's time to move development forward and time to analyze, tune and refactor, otherwise perfection in all stages will paralyze development.
For this concrete case I do not think it is critically important (see comments above)
@@ -62,9 +62,13 @@ data: | |||
janus-idp.io/app: backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For my understanding: Why reviewer should spend time reviewing autogenerated files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me, even if it is generated, this is also part of the code; just like the manifests generated via the kubebuilder marker comments. It also seems quite common in the operators world, no? (opentelemetry-operator, observability-operator, jaeger-operator, grafana-operator, ...)
It also makes it easier to check them with code-scanning tools like SonarCloud, Snyk.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, generated code should also be reviewed. The fact that the code is generated does not mean it works as intended.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can review whatever you want but, honestly, how often you review for example zz_generated.deepcopy.go file?
If you tend not trust the tool the best thing is go and check it once (maybe trying theirs tests etc), otherwise it become nightmare.
Thats how separation of concern works I think.
931ea21
to
d1b38b9
Compare
d1b38b9
to
83fbe03
Compare
.github/workflows/pr.yaml
Outdated
@@ -54,11 +54,37 @@ jobs: | |||
with: | |||
go-version-file: 'go.mod' | |||
|
|||
- name: Check for outdated bundle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What really concerning me is that Developer (in most of the cases triggered by this proposal) may not even have an idea that he/she changed something related.
Like I mentioned: for development I use variable like IMG to test it with my repo/image not touching prod one. It is a valid case, right?
So, let's imagine I have no idea that I did something "affecting the resulting manifests" even not changing source code and this confusing me a lot. It is happened due to particular internal implementation details and I do not think everyone should be aware of it.
TBH I thought you will make GH action provide some automation to change the things silently, I even did not consider any messaging back.
New changes are detected. LGTM label has been removed. |
This is so that PR authors do not forget to regenerate those manifests.
Co-authored-by: Jianrong Zhang <jianrzha@redhat.com>
Display warnings instead. Also comment on the PR so that authors/reviewers are aware of that fact. Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com>
Co-authored-by: Nick Boldt <nboldt@redhat.com>
This reverts commit ab2c12a.
This will alleviate the burden on contributors and maintainers.
…st_target' events This is required to be able to write to fork PR branches Similar to what we do already with the pull_request_target workflows, we also require manual authorization for unknown external forks, to prevent PWN requests
Co-authored-by: Gennady Azarenkov <gazarenkov@redhat.com>
039a2f1
to
d94f209
Compare
Quality Gate passedIssues Measures |
) * Make PR checks fail if bundle or manifests are not up-to-date This is so that PR authors do not forget to regenerate those manifests. * Update developer guide * Save diff as patch file, so it can be downloaded and applied with Git * Fix step names in PR Validation job * Apply suggestions from code review Co-authored-by: Jianrong Zhang <jianrzha@redhat.com> * Do not error out if bundle manifests are outdated Display warnings instead. Also comment on the PR so that authors/reviewers are aware of that fact. Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com> * Update .github/workflows/pr.yaml Co-authored-by: Nick Boldt <nboldt@redhat.com> * Revert "Do not error out if bundle manifests are outdated" This reverts commit ab2c12a. * Auto-push any changes to the bundle manifests This will alleviate the burden on contributors and maintainers. * Run bundle diff checker in separate workflow triggered on 'pull_request_target' events This is required to be able to write to fork PR branches Similar to what we do already with the pull_request_target workflows, we also require manual authorization for unknown external forks, to prevent PWN requests * Update PR template to think about eventually updating the rhdh-operator.csv.yaml file * Update .github/workflows/pr-bundle-diff-checks.yaml * Update docs/developer.md Co-authored-by: Gennady Azarenkov <gazarenkov@redhat.com> --------- Co-authored-by: Jianrong Zhang <jianrzha@redhat.com> Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com> Co-authored-by: Nick Boldt <nboldt@redhat.com> Co-authored-by: Gennady Azarenkov <gazarenkov@redhat.com>
Similarly to what's done for the bundle manifests (janus-idp#195), CI will make sure to check and commit the resulting diff if any.
* yaml/configMap default configuration * fix make test * fix with new objects * fix with new objects * config small fixes * fix for #51 * fix for #58 * init next (design improvement) * initial model * initial model * initial * initial * initial * format and license * factory and pswd generator * delete onCreate handler * support configmapfiles, dynamic-plugins * initial model test framework * configurations * more comments and tests * add more tests, remove old logic of object creation * add more tests, remove old logic of object creation * add support of keys, integration tests passed * add support of keys, integration tests passed * fix npe * cm envs * tmp * maintain images env var * fix lint * remove unused params in status * fix make release-build * fix default images * several fixes * fix route.Spec.To.Name * fix image env vars * fix dynamic plugins * fix * remove ownership of depl, ss, service * DbSecret and Route * clean up * make test * clean db * status * fix gosec * cleanup * route fix * patch and route * fix lint * fix * working... * temp * refactor runtime * temp * temp * tmp * temp * dbsecret * fix * fix * operator-script * fix * test * fix * rename module * types * ctrl test fixed * ctrl test fixed * fix * container permissions * chore: gosec check is looking for a build stage, so give it one (#163) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: only generate PR previews and next... (#161) * chore: only generate PR previews and next builds for paths listed in the GH action (exclude changes to doc, etc.) Signed-off-by: Nick Boldt <nboldt@redhat.com> * indent Signed-off-by: Nick Boldt <nboldt@redhat.com> * use a check-changes stage to set an env.CHANGES with either a list of changed files or a nullstring; if null, don't build anything Signed-off-by: Nick Boldt <nboldt@redhat.com> * run 'PR Publish' stage for all PRs, but if no changes, skip the subsequent setup/build/publish stages Signed-off-by: Nick Boldt <nboldt@redhat.com> --------- Signed-off-by: Nick Boldt <nboldt@redhat.com> * no-op to test if new PR check will skip... (#164) * no-op to test if new PR check will skip building container images for a readme update Signed-off-by: Nick Boldt <nboldt@redhat.com> must checkout before we can git diff, obviously Signed-off-by: Nick Boldt <nboldt@redhat.com> must checkout before we can git diff, obviously Signed-off-by: Nick Boldt <nboldt@redhat.com> * Update README.md --------- Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: multiline env var; explicitly check diff against HEAD~1 (#167) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: skip the golang build if there's no... (#168) * chore: skip the golang build if there's no changes to the golang files (see regex) Signed-off-by: Nick Boldt <nboldt@redhat.com> * don't fail if nothing returned by grep Signed-off-by: Nick Boldt <nboldt@redhat.com> --------- Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: use multiline github env; check HEAD~1 for diff; reorder regexes (#170) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: no auth needed to run tests (#171) Signed-off-by: Nick Boldt <nboldt@redhat.com> * move env.CHANGES check to substages as that's where env is defined (#173) Signed-off-by: Nick Boldt <nboldt@redhat.com> * bump to latest actions (node 16 -> 20) (#172) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: move commit check into the same job as the build as it seems env vars do not cross job boundaries (#174) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: fix: remove dep on other job (#175) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: move commit check into the same job as the build as it seems env vars do not cross job boundaries; remove dep on other job (#176) Signed-off-by: Nick Boldt <nboldt@redhat.com> * Security mitigation: remove secret get from RBAC (#160) * Security mitigation: remove secret get from RBAC * Security migtigation: update the description for the custom image and extraFile secrets in the CRD * Security compliance: remove create and update from RBAC for PV and PVC * Code cleanup: remove unused clientset * chore: label every new issue with jira label (#181) * chore: bump csv to 1.2 in main Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: RHIDP-855 tweak csv/operator/subscription descriptions Signed-off-by: Nick Boldt <nboldt@redhat.com> * Add instructions for installing CI Builds and move install scripts here (#184) * Move CI Builds install script from personal gist to upstream repo * Add instructions for installing CI Builds of the RHDH operator * Reference the CI Builds instructions from the main install doc * Use single script rather than 2 nearly identical ones This is largely inspired from the installCatalogSourceFromIIB.sh script in the internal GitLab repo. Co-authored-by: Nick Boldt <nboldt@redhat.com> * Update .rhdh/scripts/install-rhdh-catalog-source.sh * Apply suggestions from code review Co-authored-by: Nick Boldt <nboldt@redhat.com> * Fix undeclared var: INSTALL_PLAN_APPROVAL Co-authored-by: Nick Boldt <nboldt@redhat.com> * Update install script help output * Update .rhdh/scripts/install-rhdh-catalog-source.sh * Apply suggestions from code review Co-authored-by: Nick Boldt <nboldt@redhat.com> --------- Co-authored-by: Nick Boldt <nboldt@redhat.com> * chore: RHIDP-855 rename the operator to append 'Operator' on it; relabel the CRD/Backstage instance as 'Red Hat Developer Hub' with a more detailed description too (#189) Signed-off-by: Nick Boldt <nboldt@redhat.com> * Documentation for security mitigation (#182) * Documemtation for security mitigation * rename openshift-rhdh-operator to rhdh-operator for suggested namespace * Update docs/admin.md --------- Co-authored-by: Armel Soro <armel@rm3l.org> * Add script and docs for air-gapped/restricted env setup (#183) * feat: new script for restricted env setup - fetch dev hub images and related images from the index, and mirror to a cluster's internal registry TODO: fix the skopeo copy step - not working :( Signed-off-by: Nick Boldt <nboldt@redhat.com> * Add script to deploy and expose mirror registry into the cluster * 'skopeo copy' now working with deployed mirror registry * Replace 'registry.redhat.io/rhdh/*' with 'quay.io/rhdh/*', as those images are not public yet? * Add steps for deploying mirror registry in the same prepare-restricted-environment.sh script, using a 'use_existing_mirror_registry' option Co-authored-by: Nick Boldt <nboldt@redhat.com> * Delete previous deploy-mirror-registry.sh script * Update .gitignore * Move prepare-restricted-environment.sh to .rhdh/scripts * Make helper mirror registry storage capacity configurable This is to allow running it on CRC, where storage might depend on CRC VM. * Use right OCP major version for release image * Change condition for replacing non-public CI images with quay.io This script should work for customers installing GA version (1.1+) to their airgapped environment. We also do the replacement only for rhdh images, and only if the image manifest does not exist, which would likely mean that the image is not public yet. * Force-recreate the helper mirror registry Deployment Generated registry password will change if we run the script twice. So we won't be able to login using the new password. * Clean prepare-restricted-environment.sh script * Add docs * fixup! Add docs * Update .rhdh/scripts/prepare-restricted-environment.sh Co-authored-by: Jianrong Zhang <jianrongzhang89@gmail.com> Co-authored-by: Nick Boldt <nboldt@redhat.com> --------- Signed-off-by: Nick Boldt <nboldt@redhat.com> Co-authored-by: Armel Soro <asoro@redhat.com> * Fix sonarlint vulnerabilities (initial) (#185) * fix sonarlint issues (initial) * increase limits * Update config/manager/manager.yaml --------- Co-authored-by: Armel Soro <armel@rm3l.org> * Avoid hardcoded images (#187) * remove hardcoded images * fix image * Update examples/janus-cr-with-app-configs.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * Update config/manager/default-config/db-statefulset.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * change lookup * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * add generated files * fix image --------- Co-authored-by: Armel Soro <armel@rm3l.org> * Port latest changes (automountServiceAccountToken and ephemeral storage limit) to downstream CSV for RHDH (#197) This is an addendum commit to #185 * Fix service raw configuration (#203) * remove hardcoded images * fix image * Update examples/janus-cr-with-app-configs.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * Update config/manager/default-config/db-statefulset.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * change lookup * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * add generated files * fix image * fix service raw config --------- Co-authored-by: Armel Soro <armel@rm3l.org> * Set `VERSION` to `0.1.0-dev` in Makefile for `main` branch (#207) As discussed in [1], it would make sense to use different `VERSION` on `main` and release branches. [1] #200 (comment) * Fix tags for images built for main and release branches (#208) As discussed in [1], this would allow to run `make deploy` out of the box, as the image corresponding to the VERSION in Makefile would be present. [1] #200 (comment) * Replace operator API group janus-idp.io with rhdh.redhat.com (#201) * Replace operator API group janus-idp.io with rhdh.redhat.com * change to use module redhat-developer/red-hat-developer-hub-operator * Remove files that were checked in by mistake * Update examples/rhdh-cr.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update examples/rhdh-cr-with-app-configs.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update config/manifests/bases/backstage-operator.clusterserviceversion.yaml Co-authored-by: Armel Soro <armel@rm3l.org> --------- Co-authored-by: Armel Soro <armel@rm3l.org> * Add warning note in install docs about OpenShift clusters with hosted control planes * Fix diff computation for PR container builds If a PR branch contained several commits but its HEAD had changes to some files not relevant for container build, the no image would be built completely for that PR * Fix generated CSV (#212) * Set `VERSION` to `0.2.0` in Makefile for `main` branch (#213) It makes sense to align to the product version at this time: ``` upstream main == 0.2.0 upstream 1.1.x branch == 0.1.0 downstream rhdh-1-rhel-9 branch == 1.2.0 downstream rhdh-1.1-rhel-9 branch == 1.1.0 ``` * Fix typo (#214) Signed-off-by: Moti Asayag <masayag@redhat.com> * update dependencies (#215) * update dependencies Signed-off-by: Kim Tsao <ktsao@redhat.com> * address review comments Signed-off-by: Kim Tsao <ktsao@redhat.com> --------- Signed-off-by: Kim Tsao <ktsao@redhat.com> * [ci skip] chore: enable renovate for dockerfile and golang updates (#216) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore(deps): update actions/cache action to v4 (#220) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update docker/login-action action to v3 (#223) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update actions/github-script action to v7 (#222) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * bump dockerfiles per renovate bot PR #219 (#224) Signed-off-by: Nick Boldt <nboldt@redhat.com> * chore: enable digest pinning and major updates in dockerfiles; attempt to split go and docker into separate updates (different branch prefixes) (#225) Signed-off-by: Nick Boldt <nboldt@redhat.com> * Update renovate.json - remove non-working code (#227) * Update renovate.json - don't pin digests in dockerfile as it creates something that skopeo can't read (and likely breaks OSBS) (#230) * chore(deps): pin dependencies (#228) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update github/codeql-action digest to 47b3d88 (#234) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(seamless) chore: add `skipranges` and `replaces` logic TODOs to CSV (#231) * feat(seamless) chore: add skipranges and replaces logic TODOs, which we can enable when 0.1 and 1.1 are live alternatively, we could enable this sooner but then to install 1.2 you have to FIRST install 1.1, etc. Signed-off-by: Nick Boldt <nboldt@redhat.com> * apply same change to config/manifests/bases/backstage-operator.clusterserviceversion.yaml Signed-off-by: Nick Boldt <nboldt@redhat.com> --------- Signed-off-by: Nick Boldt <nboldt@redhat.com> * Add E2E tests using our examples against real clusters (#204) * Add E2E tests against our examples on real clusters - Do not error out when deleting a non-existing namespace - Stream command output to the GinkgoWriter in real-time as well This allows following what happens when calling potentially long-running commands - Implement airgap test mode - Ignore error when creating a namespace that already exists - Allow to use existing mirror registry in airgap scenario - Extract constants for test modes - Add documentation - Find an easier way to determine the IMG variable, using the Makefile - Add more examples to README.md - Add note about clusters with hosted control planes - Support k3d clusters - Support Minikube clusters - Load image into local clusters using an archive instead This allows this logic to be agnostic to the container engine used to build the image. We rely on the container image to export the image to an archive ('{podman,docker} image save'). - Run E2E test nightly on main and release branch * Try running E2E tests on PRs by leveraging the already built operator image * Revert "Try running E2E tests on PRs by leveraging the already built operator image" This reverts commit fc87e04. * Check if image exists locally before trying to export an archive If not, try to pull it automatically. This would avoid having to manually pull it. * Update README.md Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com> * Ignore gosec warnings in test code Those are not used in production * Clarify in README that a connection to a cluster in the current kubeconfig is needed * Increase timeout when waiting for controller to be up On fresh clusters, 1 minute might be too short * fixup! Clarify in README that a connection to a cluster in the current kubeconfig is needed --------- Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com> * chore(deps): pin actions/checkout action to b4ffde6 (#235) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update docker/setup-buildx-action digest to 0d103c3 (#239) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix: increase default size of the dynamic-plugins-root volume from 1Gi to 2Gi (#238) * fix: increase default size of the dynamic-plugins-root volume from 1Gi to 2Gi This applies the same fix done in the Helm Chart [1]. As depicted in [2], the init container might fail with insufficient space error: ``` ======= Installing dynamic plugin ./dynamic-plugins/dist/backstage-plugin-scaffolder-backend-module-github-dynamic ==> Grabbing package archive through `npm pack` Traceback (most recent call last): File "/opt/app-root/src/install-dynamic-plugins.py", line 304, in <module> main() File "/opt/app-root/src/install-dynamic-plugins.py", line 230, in main raise InstallException(f'Error while installing plugin \{ package } with \'npm pack\' : ' + completed.stderr.decode('utf-8')) __main__.InstallException: Error while installing plugin /opt/app-root/src/dynamic-plugins/dist/backstage-plugin-scaffolder-backend-module-github-dynamic with 'npm pack' : npm notice npm notice New major version of npm available! 9.8.1 -> 10.4.0 npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.4.0> npm notice Run `npm install -g npm@10.4.0` to update! npm notice npm ERR! code ENOSPC npm ERR! syscall open npm ERR! path /dynamic-plugins-root/backstage-plugin-scaffolder-backend-module-github-dynamic-0.2.0-next.3.tgz npm ERR! errno -28 npm ERR! nospc ENOSPC: no space left on device, open '/dynamic-plugins-root/backstage-plugin-scaffolder-backend-module-github-dynamic-0.2.0-next.3.tgz' npm ERR! nospc There appears to be insufficient space on your system to finish. npm ERR! nospc Clear up some disk space and try again. ``` [1] redhat-developer/rhdh-chart#5 [2] https://issues.redhat.com/browse/RHIDP-1332 * Add test * chore: RHIDP-1105 fix bundle annotations to be version agnostic; transform downstream (#244) Signed-off-by: Nick Boldt <nboldt@redhat.com> * Generate deployment manifest (#242) * remove hardcoded images * fix image * Update examples/janus-cr-with-app-configs.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * Update config/manager/default-config/db-statefulset.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * change lookup * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * add generated files * fix image * fix service raw config * operator-script * Update Makefile Co-authored-by: Armel Soro <armel@rm3l.org> * fix * Apply suggestions from code review --------- Co-authored-by: Armel Soro <armel@rm3l.org> * chore: RHIDP-1105 switch annotations.yaml back to use fast channels; clean up comments (#246) * chore: RHIDP-1105 switch annotations.yaml back to use fast channels Signed-off-by: RHDH Build (rhdh-bot) <rhdh-bot@redhat.com> * clean up comments Signed-off-by: RHDH Build (rhdh-bot) <rhdh-bot@redhat.com> --------- Signed-off-by: RHDH Build (rhdh-bot) <rhdh-bot@redhat.com> Co-authored-by: RHDH Build (rhdh-bot) <rhdh-bot@redhat.com> * chore(deps): update actions/cache digest to ab5e6d0 (#248) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update github/codeql-action digest to 8a470fd (#247) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Auto-push bundle manifests changes to PR branch if needed (#195) * Make PR checks fail if bundle or manifests are not up-to-date This is so that PR authors do not forget to regenerate those manifests. * Update developer guide * Save diff as patch file, so it can be downloaded and applied with Git * Fix step names in PR Validation job * Apply suggestions from code review Co-authored-by: Jianrong Zhang <jianrzha@redhat.com> * Do not error out if bundle manifests are outdated Display warnings instead. Also comment on the PR so that authors/reviewers are aware of that fact. Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com> * Update .github/workflows/pr.yaml Co-authored-by: Nick Boldt <nboldt@redhat.com> * Revert "Do not error out if bundle manifests are outdated" This reverts commit ab2c12a. * Auto-push any changes to the bundle manifests This will alleviate the burden on contributors and maintainers. * Run bundle diff checker in separate workflow triggered on 'pull_request_target' events This is required to be able to write to fork PR branches Similar to what we do already with the pull_request_target workflows, we also require manual authorization for unknown external forks, to prevent PWN requests * Update PR template to think about eventually updating the rhdh-operator.csv.yaml file * Update .github/workflows/pr-bundle-diff-checks.yaml * Update docs/developer.md Co-authored-by: Gennady Azarenkov <gazarenkov@redhat.com> --------- Co-authored-by: Jianrong Zhang <jianrzha@redhat.com> Co-authored-by: Gennady Azarenkov <gazarenkov@gmail.com> Co-authored-by: Nick Boldt <nboldt@redhat.com> Co-authored-by: Gennady Azarenkov <gazarenkov@redhat.com> * chore(CI): Fix PR Bundle diff checker GH workflow * chore(deps): pin dependencies (#249) * chore(deps): pin dependencies Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Regenerate bundle manifests Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com> * fix(deps): update k8s.io/utils digest to e7106e6 (#232) * fix(deps): update k8s.io/utils digest to e7106e6 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Replace deprecated usage of "k8s.io/utils/pointer" with "k8s.io/utils/ptr" --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Armel Soro <asoro@redhat.com> * chore(deps): update docker/build-push-action digest to af5a7ed (#250) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update k8s.io/utils digest to 4693a02 (#253) * fix(deps): update k8s.io/utils digest to 4693a02 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Clean-up go.sum with 'go mod tidy' --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Armel Soro <asoro@redhat.com> * layered * layered * chore(deps): update actions/checkout digest to 9bb5618 (#255) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update actions/checkout digest to b4ffde6 (#256) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update github/codeql-action digest to 3ab4101 (#257) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump Ginkgo to v2.16.0 (#251) * chore(deps): update docker/login-action digest to e92390c (#258) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update docker/build-push-action digest to 2cdde99 (#259) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update docker/setup-buildx-action digest to 2b51285 (#260) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#233) * fix(deps): update all non-major dependencies Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix breaking changes from sigs.k8s.io/controller-runtime update - `ctrl.Options#MetricsBindAddress` (TCP address that the controller should bind to for serving prometheus metrics) was deprecated and has been replaced with `metricsserver.Options#BindAddress` (in a `Metrics` struct) [1] - `crl.Options#Port` (port that the webhook server serves at) was deprecated and has been replaced with `webhook.Options#Port` (in a `WebhookServer` field) [2] [1] kubernetes-sigs/controller-runtime@e59161e#diff-d500fbd6a2aa620607ca5e2a7c3ac4f1a4c82309d1a549561e92abfcb18f2f0eL222-L225 [2] kubernetes-sigs/controller-runtime@e92eadb#diff-d500fbd6a2aa620607ca5e2a7c3ac4f1a4c82309d1a549561e92abfcb18f2f0eL282-L286 --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Armel Soro <asoro@redhat.com> * fix(deps): update github.com/openshift/api digest to 4caef7f (#229) * fix(deps): update github.com/openshift/api digest to 4caef7f Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Tidy up dependencies with 'go mod tidy' --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Armel Soro <asoro@redhat.com> * gomod * gomod * nextv2 * Regenerate bundle manifests Co-authored-by: gazarenkov <gazarenkov@users.noreply.github.com> * fix lint * fix lint * fix sonar issues * fix minor sonar issues * fix e2e tests * fix e2e and add external db secret test * small fixes * small fixes * merge * Regenerate bundle manifests Co-authored-by: gazarenkov <gazarenkov@users.noreply.github.com> * Update examples/rhdh-cr-with-app-configs.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update Makefile Co-authored-by: Armel Soro <armel@rm3l.org> * Update Makefile --------- Signed-off-by: Nick Boldt <nboldt@redhat.com> Signed-off-by: Moti Asayag <masayag@redhat.com> Signed-off-by: Kim Tsao <ktsao@redhat.com> Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: RHDH Build (rhdh-bot) <rhdh-bot@redhat.com> Co-authored-by: Nick Boldt <nboldt@redhat.com> Co-authored-by: Jianrong Zhang <jianrongzhang89@gmail.com> Co-authored-by: Tomas Kral <tomas.kral@gmail.com> Co-authored-by: Armel Soro <asoro@redhat.com> Co-authored-by: Armel Soro <armel@rm3l.org> Co-authored-by: Moti Asayag <masayag@redhat.com> Co-authored-by: Kim Tsao <84398375+kim-tsao@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: RHDH Build (rhdh-bot) <rhdh-bot@redhat.com> Co-authored-by: Jianrong Zhang <jianrzha@redhat.com> Co-authored-by: Gennady Azarenkov <gazarenkov@redhat.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com> Co-authored-by: gazarenkov <gazarenkov@users.noreply.github.com>
Description
This is to ensure bundle manifests are kept updated when submitting a PR.
Which issue(s) does this PR fix or relate to
This is a follow-up PR to #187 (comment)
PR acceptance criteria
How to test changes / Special notes to the reviewer
https://github.com/janus-idp/operator/actions/runs/7878373268?pr=195 is an example of run with outdated bundle manifestsAfter applying the resulting patch (attached as a job artifact) or after regenerating the bundle withmake bundle
, the job passes successfully, e.g.: https://github.com/janus-idp/operator/actions/runs/7878650096/job/21497344358?pr=195Because the workflow is triggered on
pull_request_target
events, this PR will need to be merged into the base branch to see it in action.