-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathMakefile.e2e.ci
85 lines (71 loc) · 3.38 KB
/
Makefile.e2e.ci
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
### Golang e2e tests targets running against a GKE cluster
# CI target for running the entire e2e test suite on GKE.
# - Reuses build artifacts from postsubmit job
# - Creates N target clusters and runs the tests in parallel
# - Does not build any images or require docker-in-docker
.PHONY: test-e2e-gke-ci
test-e2e-gke-ci: pull-postsubmit-retry test-e2e-gke-nobuild
POSTSUBMIT_GCS_PREFIX ?= gs://kpt-config-sync-ci-postsubmit
POSTSUBMIT_REGISTRY ?= $(LOCATION)-docker.pkg.dev/$(TEST_INFRA_PROJECT)/postsubmit
.PHONY: postsubmit
postsubmit: build-cli
$(MAKE) config-sync-manifest REGISTRY=$(POSTSUBMIT_REGISTRY)
$(MAKE) retag-images \
REGISTRY=$(POSTSUBMIT_REGISTRY) \
OLD_IMAGE_TAG=$(IMAGE_TAG) \
IMAGE_TAG=$(INFRA_IMAGE_PREFIX)-$(IMAGE_TAG)
$(MAKE) push-images \
REGISTRY=$(POSTSUBMIT_REGISTRY) \
IMAGE_TAG=$(INFRA_IMAGE_PREFIX)-$(IMAGE_TAG)
$(MAKE) publish-gcs GCS_PREFIX=$(POSTSUBMIT_GCS_PREFIX)
$(MAKE) publish-buildenv
$(MAKE) publish-gke-e2e
$(MAKE) publish-vulnerability-scanner
# publish-buildenv checks if the buildenv image tag exists in the remote registry.
# if it does not exist, the image will be built and published.
.PHONY: publish-buildenv
publish-buildenv:
docker manifest inspect $(BUILDENV_IMAGE) &> /dev/null || $(MAKE) build-buildenv push-buildenv
# publish-gke-e2e checks if the gke-e2e image tag exists in the remote registry.
# if it does not exist, the image will be built and published.
.PHONY: publish-gke-e2e
publish-gke-e2e:
docker manifest inspect $(GKE_E2E_IMAGE) &> /dev/null || $(MAKE) build-gke-e2e push-gke-e2e
# publish-vulnerability-scanner checks if the vulnerability-scanner image tag
# exists in the remote registry.
# if it does not exist, the image will be built and published.
.PHONY: publish-vulnerability-scanner
publish-vulnerability-scanner:
docker manifest inspect $(VULNERABILITY_SCANNER_IMAGE) &> /dev/null || $(MAKE) build-vulnerability-scanner push-vulnerability-scanner
GCS_MANIFESTS := $(GCS_BUCKET)/manifests
GCS_BINARIES := $(GCS_BUCKET)/binaries
.PHONY: publish-gcs
publish-gcs:
gsutil cp $(OSS_MANIFEST_STAGING_DIR)/* $(GCS_MANIFESTS)/oss/
gsutil cp $(NOMOS_MANIFEST_STAGING_DIR)/* $(GCS_MANIFESTS)/operator/
gsutil cp $(BIN_DIR)/darwin_amd64/nomos $(GCS_BINARIES)/darwin_amd64/nomos
gsutil cp $(BIN_DIR)/darwin_arm64/nomos $(GCS_BINARIES)/darwin_arm64/nomos
gsutil cp $(BIN_DIR)/linux_amd64/nomos $(GCS_BINARIES)/linux_amd64/nomos
gsutil cp $(BIN_DIR)/linux_arm64/nomos $(GCS_BINARIES)/linux_arm64/nomos
.PHONY: pull-gcs
pull-gcs: clean $(OUTPUT_DIR)
gsutil cp $(GCS_MANIFESTS)/oss/*.yaml $(OSS_MANIFEST_STAGING_DIR)/
gsutil cp $(GCS_MANIFESTS)/operator/*.yaml $(NOMOS_MANIFEST_STAGING_DIR)/
gsutil cp $(GCS_BINARIES)/darwin_amd64/nomos $(BIN_DIR)/darwin_amd64/nomos
gsutil cp $(GCS_BINARIES)/darwin_arm64/nomos $(BIN_DIR)/darwin_arm64/nomos
gsutil cp $(GCS_BINARIES)/linux_amd64/nomos $(BIN_DIR)/linux_amd64/nomos
gsutil cp $(GCS_BINARIES)/linux_arm64/nomos $(BIN_DIR)/linux_arm64/nomos
$(MAKE) copy-cli
.PHONY: pull-gcs-postsubmit
pull-gcs-postsubmit:
$(MAKE) pull-gcs GCS_PREFIX=$(POSTSUBMIT_GCS_PREFIX)
.PHONY: pull-postsubmit-retry
pull-postsubmit-retry:
./scripts/pull-postsubmit-retry.sh
.PHONY: deploy-postsubmit
deploy-postsubmit: pull-gcs-postsubmit deploy
.PHONY: vulnerability-scan-postsubmit
vulnerability-scan-postsubmit: pull-postsubmit-retry vulnerability-scan
.PHONY: vulnerability-scan
vulnerability-scan:
./scripts/vulnerabilities.sh