Skip to content

feat: opt out from collecting log files in specific namespaces, pods and containers #641

feat: opt out from collecting log files in specific namespaces, pods and containers

feat: opt out from collecting log files in specific namespaces, pods and containers #641

name: build-and-test
on:
push:
branches: [ main ]
pull_request:
jobs:
unit-test:
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1 # We do not need the git history
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.19
- name: Run tests
run: |
make test
test-helm-upgrade:
runs-on: ubuntu-latest
services:
# Run a local registry
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
# The networking setup of this job is... complex. We run a local registry as
# a service, which means that on the worker node there is a registry on localhost:5000.
# However, Minikube cannot pull images from *that* localhost, because it's own localhost
# is something else, so we need to reference the registry via the IP of the worker machine,
# and configure `minikube` to treat that registry as insecure (i.e., talking HTTP instead
# of HTTPS). But the fun does not end here: since we cannot use localhost in the image name,
# the `docker/build-push-action@v3` cannot apparently be told to consider the repo as insecure!
# So we need to output images to file, and then push them to the local repo via regctl.
- name: Look up host ip
id: hostip
run: |
ip a
echo "ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)" >> ${GITHUB_OUTPUT}
- name: Install regctl
env:
GH_TOKEN: ${{ secrets.TRIGGER_RELEASE_TOKEN }}
run: |
gh release download v0.5.0 --repo regclient/regclient --pattern regctl-linux-amd64 --output /tmp/regctl
chmod 0755 /tmp/regctl
sudo mv /tmp/regctl /usr/bin/regctl
- name: Configure regctl
run: |
# Configure local registry as insecure
/usr/bin/regctl registry set --tls disabled "${{ steps.hostip.outputs.ip }}:5000"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build controller image and save it to file
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: controller
file: controller/Dockerfile
tags: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }}
outputs: type=oci,dest=controller-image.tar
- name: Build telemetry-proxy image and save it to file
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: telemetryproxy
file: telemetryproxy/Dockerfile
build-args: version=${{ github.sha }}
tags: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }}
outputs: type=oci,dest=telemetry-proxy-image.tar
- name: Push container images to local repository
env:
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }}
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }}
run: |
set -eux
regctl image import "${CONTROLLER_IMG}" controller-image.tar -v info
regctl image inspect "${CONTROLLER_IMG}"
regctl image import "${PROXY_IMG}" telemetry-proxy-image.tar -v info
regctl image inspect "${PROXY_IMG}"
- name: Install minikube
uses: medyagh/[email protected]
with:
start-args: --insecure-registry "${{ steps.hostip.outputs.ip }}:5000"
driver: docker
# cni: bridge
- name: Install kubectl
uses: azure/setup-kubectl@v3
- name: Set up Helm
run: curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- name: Install latest released Helm chart
run: |
helm repo add lumigo https://lumigo-io.github.io/lumigo-kubernetes-operator
helm install lumigo lumigo/lumigo-operator --namespace lumigo-system --create-namespace --dry-run
if ! helm install lumigo lumigo/lumigo-operator --namespace lumigo-system --create-namespace --debug --wait --timeout 4m; then
kubectl describe all -n lumigo-system
exit 1
fi
kubectl get all -A
- name: Deploy locally-built operator
env:
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm dependency build charts/lumigo-operator
helm upgrade --install lumigo charts/lumigo-operator \
--namespace lumigo-system --create-namespace \
--set "controllerManager.manager.image.repository=${CONTROLLER_IMG}" \
--set "controllerManager.manager.image.tag=${{ github.run_id }}" \
--set "controllerManager.telemetryProxy.image.repository=${PROXY_IMG}" \
--set "controllerManager.telemetryProxy.image.tag=${{ github.run_id }}" \
--dry-run
if ! helm upgrade --install lumigo charts/lumigo-operator \
--namespace lumigo-system --create-namespace \
--set "controllerManager.manager.image.repository=${CONTROLLER_IMG}" \
--set "controllerManager.manager.image.tag=${{ github.run_id }}" \
--set "controllerManager.telemetryProxy.image.repository=${PROXY_IMG}" \
--set "controllerManager.telemetryProxy.image.tag=${{ github.run_id }}" \
--debug --wait --timeout 4m; then
kubectl describe all -n lumigo-system
kubectl logs -l control-plane=controller-manager -n lumigo-system -c manager
kubectl logs -l control-plane=controller-manager -n lumigo-system -c telemetry-proxy
exit 1
fi
- name: Run end-to-end tests
env:
DELETE_TEST_NAMESPACES: "false"
run: |
if ! make e2e-tests; then
kubectl describe all -A
kubectl logs -l control-plane=controller-manager -n lumigo-system -c manager
kubectl logs -l control-plane=controller-manager -n lumigo-system -c telemetry-proxy
exit 1
fi
test-kustomize:
runs-on: ubuntu-latest
services:
# Run a local registry
registry:
image: registry:2
ports:
- 5000:5000
steps:
# The networking setup of this job is... complex. We run a local registry as
# a service, which means that on the worker node there is a registry on localhost:5000.
# However, Minikube cannot pull images from *that* localhost, because it's own localhost
# is something else, so we need to reference the registry via the IP of the worker machine,
# and configure `minikube` to treat that registry as insecure (i.e., talking HTTP instead
# of HTTPS). But the fun does not end here: since we cannot use localhost in the image name,
# the `docker/build-push-action@v3` cannot apparently be told to consider the repo as insecure!
# So we need to output images to file, and then push them to the local repo via regctl.
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Look up host ip
id: hostip
run: |
ip a
echo "ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)" >> ${GITHUB_OUTPUT}
- name: Install regctl
env:
GH_TOKEN: ${{ secrets.TRIGGER_RELEASE_TOKEN }}
run: |
gh release download v0.5.0 --repo regclient/regclient --pattern regctl-linux-amd64 --output /tmp/regctl
chmod 0755 /tmp/regctl
sudo mv /tmp/regctl /usr/bin/regctl
- name: Configure regctl
run: |
# Configure local registry as insecure
/usr/bin/regctl registry set --tls disabled "${{ steps.hostip.outputs.ip }}:5000"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build controller image and save it to file
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: controller
file: controller/Dockerfile
tags: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }}
outputs: type=oci,dest=controller-image.tar
- name: Build telemetry-proxy image and save it to file
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: telemetryproxy
file: telemetryproxy/Dockerfile
build-args: version=${{ github.sha }}
tags: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }}
outputs: type=oci,dest=telemetry-proxy-image.tar
- name: Push container images to local repository
env:
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }}
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }}
run: |
set -eux
regctl image import "${CONTROLLER_IMG}" controller-image.tar -v info
regctl image inspect "${CONTROLLER_IMG}"
regctl image import "${PROXY_IMG}" telemetry-proxy-image.tar -v info
regctl image inspect "${PROXY_IMG}"
- name: Install minikube
uses: medyagh/[email protected]
with:
start-args: --insecure-registry "${{ steps.hostip.outputs.ip }}:5000"
driver: docker
# cni: bridge
- name: Install kubectl
uses: azure/setup-kubectl@v3
- name: Install Cert Manager
run: |
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
sleep 1m # Give time for the Webhook to start
- name: Set up yq
run: |
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Deploy locally-built operator
env:
CONTROLLER_IMG: ${{ steps.hostip.outputs.ip }}:5000/controller:${{ github.run_id }}
PROXY_IMG: ${{ steps.hostip.outputs.ip }}:5000/telemetry-proxy:${{ github.run_id }}
run: |
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"manager\")).image = \"${CONTROLLER_IMG}\"" config/manager/manager.yaml
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"telemetry-proxy\")).image = \"${PROXY_IMG}\"" config/manager/manager.yaml
kubectl create namespace lumigo-system
kubectl apply -k config/default -n lumigo-system
- name: Run end-to-end tests
env:
DELETE_TEST_NAMESPACES: "false"
run: |
if ! make e2e-tests; then
kubectl describe all -A
kubectl logs -l control-plane=controller-manager -n lumigo-system -c manager
kubectl logs -l control-plane=controller-manager -n lumigo-system -c telemetry-proxy
exit 1
fi
test-kind:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1 # We do not need the git history
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Run Kind tests
working-directory: tests/kubernetes-distros/kind
run: go test -timeout 15m -test.v -args -v 4
env:
KEEP_OTLP_DATA: true
- run: ls -lR tests/kubernetes-distros/kind
if: always()
- name: Store OTLP test data as artifact
if: always()
uses: actions/upload-artifact@v3
with:
name: kind-otlp-data
# Skip container images
path: |
tests/kubernetes-distros/kind/resources/test-runs/${{ github.run_id }}
!tests/kubernetes-distros/kind/resources/test-runs/${{ github.run_id }}/*.tgz
test-controller-for-security-issues:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1 # We do not need the git history
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build controller image and save it to file
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: controller
file: controller/Dockerfile
tags: controller:${{ github.run_id }}
push: false
load: true
- name: Scan controller image
uses: anchore/scan-action@v3
with:
image: controller:${{ github.run_id }}
severity-cutoff: high
only-fixed: true
add-cpes-if-none: true
output-format: table
test-telemetry-proxy-for-security-issues:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1 # We do not need the git history
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build telemetry-proxy image and save it to file
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: telemetryproxy
file: telemetryproxy/Dockerfile
build-args: version=${{ github.sha }}
tags: telemetry-proxy:${{ github.run_id }}
push: false
load: true
- name: Scan telemetry-proxy image
uses: anchore/scan-action@v3
with:
image: telemetry-proxy:${{ github.run_id }}
severity-cutoff: critical
only-fixed: true
add-cpes-if-none: true
output-format: table
all-tests:
runs-on: ubuntu-latest
needs:
- unit-test
- test-helm-upgrade
- test-kustomize
- test-kind
- test-controller-for-security-issues
- test-telemetry-proxy-for-security-issues
steps:
- name: no-op
run: echo '*tongue click* noice'
check-should-release:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs:
- all-tests
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Check whether we need to release
id: release-check
uses: dorny/paths-filter@v2
with:
filters: .github/file-filters.yaml
outputs:
do-release: steps.release-check.outputs.new-release
validate-release-increment:
if: github.ref == 'refs/heads/main' && needs.check-should-release.outputs.do-release
runs-on: ubuntu-latest
needs:
- check-should-release
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 2 # We need this commit and the previous to check validity of version change
- name: Validate version change
id: validate-version-change
run: |
if ./.github/workflows/scripts/validate_version_increment.sh; then
echo -n "perform-release=true" >> ${GITHUB_OUTPUT}
else
echo -n "perform-release=false" >> ${GITHUB_OUTPUT}
fi
- name: Export version
id: export_version
run: |
echo -n "version=$(cat VERSION)" >> ${GITHUB_OUTPUT}
outputs:
perform-release: ${{ steps.validate-version-change.outputs.perform-release }}
version: ${{ steps.export_version.outputs.version }}
publish-controller-ecr-image:
strategy:
matrix:
include:
- ecr-registry: public.ecr.aws
registry-type: public
- ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
registry-type: private
registries: "709825985650"
runs-on: ubuntu-latest
needs:
- validate-release-increment
if: ${{ needs.validate-release-increment.outputs.perform-release == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.19
- name: Install tools
run: |
make install-tools
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: ${{ matrix.registry-type }}
registries: ${{ matrix.registries }}
- name: Build and push container image to Amazon ECR
env:
CONTROLLER_IMG: ${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-operator:${{ needs.validate-release-increment.outputs.version }}
run: |
make VERSION=${{ needs.validate-release-increment.outputs.version }} docker-buildx-manager
publish-telemetry-proxy-ecr-image:
strategy:
matrix:
include:
- ecr-registry: public.ecr.aws
registry-type: public
- ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
registry-type: private
registries: "709825985650"
runs-on: ubuntu-latest
needs:
- validate-release-increment
if: ${{ needs.validate-release-increment.outputs.perform-release == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.19
- name: Install tools
run: |
make install-tools
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: ${{ matrix.registry-type }}
registries: ${{ matrix.registries }}
- name: Build and push container image to Amazon ECR
env:
PROXY_IMG: ${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-telemetry-proxy:${{ needs.validate-release-increment.outputs.version }}
run: |
make docker-buildx-telemetry-proxy
publish-kube-rbac-proxy-ecr-image:
strategy:
matrix:
include:
- ecr-registry: public.ecr.aws
registry-type: public
- ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
registry-type: private
registries: 709825985650
runs-on: ubuntu-latest
needs:
- validate-release-increment
if: ${{ needs.validate-release-increment.outputs.perform-release == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
path: main
- name: Print kube-rbac-proxy version
id: print-kube-rbac-proxy-version
run: |
echo "kube_rbac_proxy_tag=$(cat main/kube-rbac-proxy/VERSION.kube-rbac-proxy)" >> ${GITHUB_OUTPUT}
- name: Checkout kube-rbac-proxy repo
uses: actions/checkout@v3
with:
repository: brancz/kube-rbac-proxy
ref: ${{ steps.print-kube-rbac-proxy-version.outputs.kube_rbac_proxy_tag }}
path: kube-rbac-proxy
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.19
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: ${{ matrix.registry-type }}
registries: ${{ matrix.registries }}
- name: Build and push container image to Amazon ECR
env:
DOCKER_REPO: ${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-rbac-proxy
VERSION: ${{ needs.validate-release-increment.outputs.version }}
run: |
cat main/kube-rbac-proxy/publish.sh > kube-rbac-proxy/scripts/publish.sh
cd kube-rbac-proxy
./scripts/publish.sh
publish-helm-chart:
strategy:
matrix:
include:
- helm-registry: public-gallery
ecr-registry: public.ecr.aws
registry-type: public
is_public_gallery: true
- helm-registry: eks-addon
ecr-registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
registry-type: private
registries: "709825985650"
is_eks_addon: true
runs-on: ubuntu-latest
needs:
- validate-release-increment
- publish-controller-ecr-image
- publish-telemetry-proxy-ecr-image
- publish-kube-rbac-proxy-ecr-image
if: ${{ needs.validate-release-increment.outputs.perform-release }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- run: |
git branch -r
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: ${{ matrix.registry-type }}
registries: ${{ matrix.registries }}
- name: Set up Helm
run: curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- name: Set up yq
run: |
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Update Helm chart metadata
run: |
yq e -i '.version = "${{ needs.validate-release-increment.outputs.version }}"' charts/lumigo-operator/Chart.yaml
yq e -i '.appVersion = "${{ needs.validate-release-increment.outputs.version }}"' charts/lumigo-operator/Chart.yaml
- name: Update Helm chart defaults
run: |
yq e -i ".controllerManager.manager.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-operator\"" charts/lumigo-operator/values.yaml
yq e -i ".controllerManager.manager.image.tag = \"${{ needs.validate-release-increment.outputs.version }}\"" charts/lumigo-operator/values.yaml
yq e -i ".controllerManager.telemetryProxy.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-telemetry-proxy\"" charts/lumigo-operator/values.yaml
yq e -i ".controllerManager.telemetryProxy.image.tag = \"${{ needs.validate-release-increment.outputs.version }}\"" charts/lumigo-operator/values.yaml
yq e -i ".controllerManager.kubeRbacProxy.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-rbac-proxy\"" charts/lumigo-operator/values.yaml
yq e -i ".controllerManager.kubeRbacProxy.image.tag = \"${{ needs.validate-release-increment.outputs.version }}\"" charts/lumigo-operator/values.yaml
- name: Update Helm chart defaults for eks addon
if: ${{ matrix.is_eks_addon }}
run: |
LUMIGO_AUTOTRACE_LATEST_VERSION=$(aws ecr describe-images --region us-east-1 --registry-id 709825985650 --repository-name lumigo/lumigo-autotrace --query 'sort_by(imageDetails,& imagePushedAt)[-2].imageTags[0]' --output text)
echo "LUMIGO_AUTOTRACE_LATEST_VERSION=$LUMIGO_AUTOTRACE_LATEST_VERSION"
yq e -i ".injectorWebhook.lumigoInjector.image.repository = \"${{ matrix.ecr-registry }}/lumigo/lumigo-autotrace\"" charts/lumigo-operator/values.yaml
yq e -i ".injectorWebhook.lumigoInjector.image.tag = \"$LUMIGO_AUTOTRACE_LATEST_VERSION\"" charts/lumigo-operator/values.yaml
yq e -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"manager\").env[] | select(.name == \"LUMIGO_INJECTOR_IMAGE\")).value = \"${{ matrix.ecr-registry }}/lumigo/lumigo-autotrace:$LUMIGO_AUTOTRACE_LATEST_VERSION\"" config/manager/manager.yaml
- name: Update Kustomize images
run: |
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"manager\")).image = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-operator:${{ needs.validate-release-increment.outputs.version }}\"" config/manager/manager.yaml
yq -i "(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == \"telemetry-proxy\")).image = \"${{ matrix.ecr-registry }}/lumigo/lumigo-kubernetes-telemetry-proxy:${{ needs.validate-release-increment.outputs.version }}\"" config/manager/manager.yaml
- name: Update Kustomize operator version
run: |
yq -i '(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == "manager") | .env[] | select(.name == "LUMIGO_OPERATOR_VERSION")).value = "${{ needs.validate-release-increment.outputs.version }}"' config/manager/manager.yaml
yq -i '(select(documentIndex == 1).spec.template.spec.containers[] | select(.name == "telemetry-proxy") | .env[] | select(.name == "LUMIGO_OPERATOR_VERSION")).value = "${{ needs.validate-release-increment.outputs.version }}"' config/manager/manager.yaml
- name: Prep Changelog settings
if: ${{ matrix.is_public_gallery }}
id: changelog-settings
run: |
echo "organization=$(echo "${GITHUB_REPOSITORY}" | awk -F/ '{ print $1 }')" >> ${GITHUB_OUTPUT}
echo "repository=$(echo "${GITHUB_REPOSITORY}" | awk -F/ '{ print $2 }')" >> ${GITHUB_OUTPUT}
- name: Update Changelog
if: ${{ matrix.is_public_gallery }}
uses: addnab/docker-run-action@v3
env:
CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
image: githubchangeloggenerator/github-changelog-generator
options: "-v ${{ github.workspace }}:/github/workspace --env SRC_PATH=/github/workspace --env CHANGELOG_GITHUB_TOKEN --workdir /github/workspace"
run: |
github_changelog_generator -u "${{ steps.changelog-settings.outputs.organization }}" -p "${{ steps.changelog-settings.outputs.repository }}" pull-requests=false issues=false issues-wo-labels=false pr-wo-labels=false
- name: Print CHANGELOG.md
if: ${{ matrix.is_public_gallery }}
run: |
cat CHANGELOG.md
- name: Create release commit
if: ${{ matrix.is_public_gallery }}
id: create-release-commit
run: |
git add charts/lumigo-operator
git add config/manager/manager.yaml
git add CHANGELOG.md
git commit -m "v${{ needs.validate-release-increment.outputs.version }}"
git tag "v${{ needs.validate-release-increment.outputs.version }}" $(git rev-parse HEAD)
- name: Get dependencies (pull sub-charts into the main chart)
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm dependency build charts/lumigo-operator
- name: Package Helm chart
run: |
helm package charts/lumigo-operator --destination packages/
- name: Push Helm chart to marketplace owned ecr
if: ${{ matrix.is_eks_addon }}
id: push-helm-marketplace-owned-ecr
run: |
export HELM_EXPERIMENTAL_OCI=1
aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin ${{ matrix.ecr-registry }}
helm push packages/lumigo-operator-${{ needs.validate-release-increment.outputs.version }}.tgz oci://${{ matrix.ecr-registry }}/lumigo # helm know to push to the right repository based on the chart name inside chart.yaml
- name: Calculate updated Helm index
if: ${{ matrix.is_public_gallery }}
id: prepare-helm-index-update
run: |
git checkout origin/gh-pages -b gh-pages --quiet
helm repo index packages/ --merge index.yaml --url "https://github.com/lumigo-io/lumigo-kubernetes-operator/releases/download/v${{ needs.validate-release-increment.outputs.version }}"
mv packages/index.yaml index.yaml
git add index.yaml
git status
git commit -m "v${{ needs.validate-release-increment.outputs.version }}"
echo "commit_sha=$(git rev-parse HEAD)" >> ${GITHUB_OUTPUT}
- name: Update Helm index
if: ${{ matrix.is_public_gallery }}
uses: CasperWA/push-protected@v2
with:
token: ${{ secrets.TRIGGER_RELEASE_TOKEN }}
branch: gh-pages
- name: Create Release
if: ${{ matrix.is_public_gallery }}
uses: ncipollo/[email protected]
with:
token: ${{ secrets.TRIGGER_RELEASE_TOKEN }}
commit: "${{ steps.prepare-helm-index-update.outputs.commit_sha }}"
name: "v${{ needs.validate-release-increment.outputs.version }}"
tag: v${{ needs.validate-release-increment.outputs.version }}
artifacts: packages/*
omitBody: true
replacesArtifacts: true