From 2cc76a40add9edec44978e9546579ae7f7ab201a Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 15:13:47 +0200 Subject: [PATCH 01/18] feat: update apl-tools image tools --- .github/workflows/otomi-tools-build-push.yaml | 60 +++++++++---------- tools/Dockerfile | 26 ++++---- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index deca377c44..30a7d91c80 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -10,7 +10,7 @@ on: type: string push: branches: - - 'main' + - 'apl-36_tools-update' env: NAMESPACE: linode @@ -39,38 +39,38 @@ jobs: - name: Determine version id: determine-version run: | + echo "NEW_VERSION=apl-36_tools-update" >> $GITHUB_ENV && exit 0 + # set -e - set -e + # # # Set the first image version to '0.1.0' if the repo does not exists. + # # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi - # # Set the first image version to '0.1.0' if the repo does not exists. - # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi + # # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. + # # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number + # REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" + # OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" + # echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV - # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. - # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number - REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" - OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" - echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV - - if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then - # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. - NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - echo OLD_VERSION = ${OLD_VERSION} - echo NEW_VERSION = ${NEW_VERSION} - elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then - # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. - NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - echo OLD_VERSION = ${OLD_VERSION} - echo NEW_VERSION = ${NEW_VERSION} - elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then - # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. - NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - echo OLD_VERSION = ${OLD_VERSION} - echo NEW_VERSION = ${NEW_VERSION} - fi - echo "No need to bump the version. Will skip next steps." + # if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then + # # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. + # NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" + # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + # echo OLD_VERSION = ${OLD_VERSION} + # echo NEW_VERSION = ${NEW_VERSION} + # elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then + # # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. + # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" + # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + # echo OLD_VERSION = ${OLD_VERSION} + # echo NEW_VERSION = ${NEW_VERSION} + # elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then + # # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. + # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" + # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + # echo OLD_VERSION = ${OLD_VERSION} + # echo NEW_VERSION = ${NEW_VERSION} + # fi + # echo "No need to bump the version. Will skip next steps." - name: Login to GitHub Container Registry if: ${{ env.NEW_VERSION != null }} diff --git a/tools/Dockerfile b/tools/Dockerfile index 344a733ae0..ed3049d51e 100644 --- a/tools/Dockerfile +++ b/tools/Dockerfile @@ -1,32 +1,32 @@ # syntax=docker/dockerfile:1.6 -FROM ubuntu:20.04 as builder +FROM ubuntu:22.04 as builder ARG DEBIAN_FRONTEND=noninteractive ARG TARGETARCH # https://github.com/kubernetes/kubernetes/releases ARG KUBECTL_VERSION=1.30.4 # https://github.com/helm/helm/tags -ARG HELM_VERSION=3.15.1 +ARG HELM_VERSION=3.16.1 # https://github.com/databus23/helm-diff/releases -ARG HELM_DIFF_VERSION=3.9.7 +ARG HELM_DIFF_VERSION=3.9.11 # https://github.com/jkroepke/helm-secrets/releases -ARG HELM_SECRETS_VERSION=3.15.0 +ARG HELM_SECRETS_VERSION=4.6.1 # https://github.com/mozilla/sops/releases -ARG SOPS_VERSION=3.7.3 +ARG SOPS_VERSION=3.9.0 # https://github.com/FiloSottile/age/releases ARG AGE_VERSION=1.2.0 # https://github.com/noqcks/gucci/releases -ARG GUCCI_VERSION=1.6.6 +ARG GUCCI_VERSION=1.6.13 # https://github.com/helmfile/helmfile/releases -ARG HELMFILE_VERSION=0.165.0 +ARG HELMFILE_VERSION=0.168.0 # https://github.com/open-policy-agent/opa/releases -ARG OPA_VERSION=0.50.1 +ARG OPA_VERSION=0.68.0 # https://github.com/yannh/kubeconform/releases -ARG KUBECONFORM_VERSION="v0.6.4" +ARG KUBECONFORM_VERSION="v0.6.7" # https://github.com/open-policy-agent/conftest/releases -ARG CONFTEST_VERSION=0.39.2 +ARG CONFTEST_VERSION=0.55.0 # https://github.com/plexsystems/konstraint/releases -ARG KONSTRAINT_VERSION=0.26.0 +ARG KONSTRAINT_VERSION=0.38.0 # https://nodejs.org/en/download/ ARG NODE_VERSION=16 @@ -91,7 +91,7 @@ RUN curl -LO "https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/$TARGETARCH/ chmod +x kubectl # sops -ADD https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux sops +ADD https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64 sops RUN chmod +x sops # age @@ -112,7 +112,7 @@ ADD https://github.com/helmfile/helmfile/releases/download/v${HELMFILE_VERSION}/ RUN tar -zxvf /tmp/helmfile_${HELMFILE_VERSION}_linux_${TARGETARCH}.tar.gz -C /tmp && mv /tmp/helmfile helmfile # gucci -ADD https://github.com/noqcks/gucci/releases/download/${GUCCI_VERSION}/gucci-v${GUCCI_VERSION}-linux-${TARGETARCH} gucci +ADD https://github.com/noqcks/gucci/releases/download/v${GUCCI_VERSION}/gucci-v${GUCCI_VERSION}-linux-${TARGETARCH} gucci RUN chmod +x gucci # aws From 6d5749be6d04bebfb52ab2a126429b293252af37 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 15:30:21 +0200 Subject: [PATCH 02/18] feat: downgraded ubuntu version --- tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Dockerfile b/tools/Dockerfile index ed3049d51e..1193029281 100644 --- a/tools/Dockerfile +++ b/tools/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.6 -FROM ubuntu:22.04 as builder +FROM ubuntu:20.04 as builder ARG DEBIAN_FRONTEND=noninteractive ARG TARGETARCH From 1022f93c72f1f6b93ded561be48abb6e1cde40ea Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 16:00:07 +0200 Subject: [PATCH 03/18] feat: testing new apl-tools version --- .github/workflows/otomi-tools-build-push.yaml | 60 +++++++++---------- versions.yaml | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index 30a7d91c80..deca377c44 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -10,7 +10,7 @@ on: type: string push: branches: - - 'apl-36_tools-update' + - 'main' env: NAMESPACE: linode @@ -39,38 +39,38 @@ jobs: - name: Determine version id: determine-version run: | - echo "NEW_VERSION=apl-36_tools-update" >> $GITHUB_ENV && exit 0 - # set -e - # # # Set the first image version to '0.1.0' if the repo does not exists. - # # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi + set -e - # # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. - # # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number - # REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" - # OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" - # echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV + # # Set the first image version to '0.1.0' if the repo does not exists. + # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi - # if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then - # # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. - # NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" - # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - # echo OLD_VERSION = ${OLD_VERSION} - # echo NEW_VERSION = ${NEW_VERSION} - # elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then - # # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. - # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" - # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - # echo OLD_VERSION = ${OLD_VERSION} - # echo NEW_VERSION = ${NEW_VERSION} - # elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then - # # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. - # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" - # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - # echo OLD_VERSION = ${OLD_VERSION} - # echo NEW_VERSION = ${NEW_VERSION} - # fi - # echo "No need to bump the version. Will skip next steps." + # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. + # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number + REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" + OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" + echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV + + if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then + # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. + NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" + echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo OLD_VERSION = ${OLD_VERSION} + echo NEW_VERSION = ${NEW_VERSION} + elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then + # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. + NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" + echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo OLD_VERSION = ${OLD_VERSION} + echo NEW_VERSION = ${NEW_VERSION} + elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then + # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. + NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" + echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo OLD_VERSION = ${OLD_VERSION} + echo NEW_VERSION = ${NEW_VERSION} + fi + echo "No need to bump the version. Will skip next steps." - name: Login to GitHub Container Registry if: ${{ env.NEW_VERSION != null }} diff --git a/versions.yaml b/versions.yaml index 030ae04ac3..09583987fc 100644 --- a/versions.yaml +++ b/versions.yaml @@ -1,4 +1,4 @@ api: main console: main tasks: 3.2.0 -tools: 2.6.0 +tools: apl-36_tools-update From d74d96e272124dc12c0406ba408bd5c10cb5d047 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 16:34:02 +0200 Subject: [PATCH 04/18] feat: testing new apl-tools version --- .github/workflows/main.yml | 2 +- .github/workflows/otomi-tools-build-push.yaml | 60 +++++++++---------- Dockerfile | 4 +- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 875433dfee..e503788336 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -117,7 +117,7 @@ jobs: if: always() && contains(needs.release.result, 'success') && !github.event.act runs-on: ubuntu-latest container: - image: linode/apl-tools:v2.4.0 + image: linode/apl-tools:apl-36_tools-update options: --user 0 env: COMMIT_MSG: ${{ github.event.head_commit.message }} diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index deca377c44..13b1b01924 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -10,7 +10,7 @@ on: type: string push: branches: - - 'main' + - 'apl-36_tools-update' env: NAMESPACE: linode @@ -39,38 +39,38 @@ jobs: - name: Determine version id: determine-version run: | + echo NEW_VERSION = "apl-36_tools-update" + # set -e - set -e + # # # Set the first image version to '0.1.0' if the repo does not exists. + # # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi - # # Set the first image version to '0.1.0' if the repo does not exists. - # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi + # # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. + # # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number + # REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" + # OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" + # echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV - # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. - # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number - REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" - OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" - echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV - - if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then - # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. - NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - echo OLD_VERSION = ${OLD_VERSION} - echo NEW_VERSION = ${NEW_VERSION} - elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then - # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. - NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - echo OLD_VERSION = ${OLD_VERSION} - echo NEW_VERSION = ${NEW_VERSION} - elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then - # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. - NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - echo OLD_VERSION = ${OLD_VERSION} - echo NEW_VERSION = ${NEW_VERSION} - fi - echo "No need to bump the version. Will skip next steps." + # if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then + # # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. + # NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" + # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + # echo OLD_VERSION = ${OLD_VERSION} + # echo NEW_VERSION = ${NEW_VERSION} + # elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then + # # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. + # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" + # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + # echo OLD_VERSION = ${OLD_VERSION} + # echo NEW_VERSION = ${NEW_VERSION} + # elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then + # # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. + # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" + # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + # echo OLD_VERSION = ${OLD_VERSION} + # echo NEW_VERSION = ${NEW_VERSION} + # fi + # echo "No need to bump the version. Will skip next steps." - name: Login to GitHub Container Registry if: ${{ env.NEW_VERSION != null }} diff --git a/Dockerfile b/Dockerfile index 03202d3940..1046d7cdf4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:fc-feat-values-enc as ci +FROM linode/apl-tools:apl-36_tools-update as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:fc-feat-values-enc as prod +FROM linode/apl-tools:apl-36_tools-update as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env From 2990b08b914a28a1685d7c1c2e989da952d49c87 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 16:39:56 +0200 Subject: [PATCH 05/18] feat: testing new apl-tools version --- .github/workflows/otomi-tools-build-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index 13b1b01924..04c7cee673 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -39,7 +39,7 @@ jobs: - name: Determine version id: determine-version run: | - echo NEW_VERSION = "apl-36_tools-update" + echo "NEW_VERSION=apl-36_tools-update" >> $GITHUB_ENV # set -e # # # Set the first image version to '0.1.0' if the repo does not exists. From 3db8380664cdd7dffb6ce6057dae210ab4bf1f39 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 17:02:56 +0200 Subject: [PATCH 06/18] feat: updating apl-tools [TOOLS][MINOR] --- .github/workflows/main.yml | 2 +- .github/workflows/otomi-tools-build-push.yaml | 60 +++++++++---------- Dockerfile | 4 +- versions.yaml | 2 +- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e503788336..22d9fde0c9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -117,7 +117,7 @@ jobs: if: always() && contains(needs.release.result, 'success') && !github.event.act runs-on: ubuntu-latest container: - image: linode/apl-tools:apl-36_tools-update + image: linode/apl-tools:2.7.0 options: --user 0 env: COMMIT_MSG: ${{ github.event.head_commit.message }} diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index 04c7cee673..deca377c44 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -10,7 +10,7 @@ on: type: string push: branches: - - 'apl-36_tools-update' + - 'main' env: NAMESPACE: linode @@ -39,38 +39,38 @@ jobs: - name: Determine version id: determine-version run: | - echo "NEW_VERSION=apl-36_tools-update" >> $GITHUB_ENV - # set -e - # # # Set the first image version to '0.1.0' if the repo does not exists. - # # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi + set -e - # # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. - # # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number - # REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" - # OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" - # echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV + # # Set the first image version to '0.1.0' if the repo does not exists. + # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi - # if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then - # # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. - # NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" - # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - # echo OLD_VERSION = ${OLD_VERSION} - # echo NEW_VERSION = ${NEW_VERSION} - # elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then - # # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. - # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" - # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - # echo OLD_VERSION = ${OLD_VERSION} - # echo NEW_VERSION = ${NEW_VERSION} - # elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then - # # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. - # NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" - # echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - # echo OLD_VERSION = ${OLD_VERSION} - # echo NEW_VERSION = ${NEW_VERSION} - # fi - # echo "No need to bump the version. Will skip next steps." + # Get data for latest 10 versions of the image and filter the ones matching our semver pattern. Set the OLD_VERSION environment variable to the latest version. + # The grep command matches the strings following this pattern: starts with an up to 2 digits number, a dot, an up to 3 digit number, a dot, ends with an up to 4 digits number + REPO_URL="https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}/tags/?page_size=10" + OLD_VERSION="$(curl -s -L --fail ${REPO_URL} | jq '.results[].name' -r | grep -E '^v[0-9]{0,2}.[0-9]{0,3}.[0-9]{0,4}$' | head -n 1)" + echo "OLD_VERSION=${OLD_VERSION}" >> $GITHUB_ENV + + if git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MAJOR\]"; then + # If a "[TOOLS][MAJOR]" commit is found, increment the major version by one and reset the minor and patch version to '0'. + NEW_VERSION="$(echo ${OLD_VERSION} | sed 's/^v//' | awk -F. -v OFS=. '{$1 = $1 + 1; $2 = 0; $3 = 0} {print "v"$0}')" + echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo OLD_VERSION = ${OLD_VERSION} + echo NEW_VERSION = ${NEW_VERSION} + elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "\[TOOLS\]\[MINOR\]"; then + # If a "[TOOLS][MINOR]" commit is found, increment the minor version by one and reset the patch version to '0'. + NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$2 = $2 + 1; $3 = 0} {print $0}')" + echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo OLD_VERSION = ${OLD_VERSION} + echo NEW_VERSION = ${NEW_VERSION} + elif git diff-tree --no-commit-id --name-only ${{ github.sha }} -r | grep -q "tools\/Dockerfile"; then + # No special tag found, but changes were made to the tools/Dockerfile so will upgrade the patch version. + NEW_VERSION="$(echo ${OLD_VERSION} | awk -F. -v OFS=. '{$3 = $3 + 1} {print $0}')" + echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo OLD_VERSION = ${OLD_VERSION} + echo NEW_VERSION = ${NEW_VERSION} + fi + echo "No need to bump the version. Will skip next steps." - name: Login to GitHub Container Registry if: ${{ env.NEW_VERSION != null }} diff --git a/Dockerfile b/Dockerfile index 1046d7cdf4..ec0c4e38fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:apl-36_tools-update as ci +FROM linode/apl-tools:2.7.0 as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:apl-36_tools-update as prod +FROM linode/apl-tools:2.7.0 as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env diff --git a/versions.yaml b/versions.yaml index 09583987fc..412571f4cf 100644 --- a/versions.yaml +++ b/versions.yaml @@ -1,4 +1,4 @@ api: main console: main tasks: 3.2.0 -tools: apl-36_tools-update +tools: 2.7.0 From 1a47ad30c106e503f6da1a473934a9e4582ab5a1 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 17:12:44 +0200 Subject: [PATCH 07/18] feat: updated kubectl --- .github/workflows/otomi-tools-build-push.yaml | 3 ++- tools/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index deca377c44..8487da28e9 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -10,7 +10,7 @@ on: type: string push: branches: - - 'main' + - 'apl-36_tools-update' env: NAMESPACE: linode @@ -41,6 +41,7 @@ jobs: run: | set -e + echo "NEW_VERSION=apl-36_tools-update" >> $GITHUB_ENV && exit 0 # # Set the first image version to '0.1.0' if the repo does not exists. # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi diff --git a/tools/Dockerfile b/tools/Dockerfile index 1193029281..69ba6dd69b 100644 --- a/tools/Dockerfile +++ b/tools/Dockerfile @@ -4,7 +4,7 @@ FROM ubuntu:20.04 as builder ARG DEBIAN_FRONTEND=noninteractive ARG TARGETARCH # https://github.com/kubernetes/kubernetes/releases -ARG KUBECTL_VERSION=1.30.4 +ARG KUBECTL_VERSION=1.31.1 # https://github.com/helm/helm/tags ARG HELM_VERSION=3.16.1 # https://github.com/databus23/helm-diff/releases From 45dab4479726808f19d0ed65d4752700dfeab9f9 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 17:14:14 +0200 Subject: [PATCH 08/18] feat: reverted github workflow --- .github/workflows/otomi-tools-build-push.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/otomi-tools-build-push.yaml b/.github/workflows/otomi-tools-build-push.yaml index 8487da28e9..deca377c44 100644 --- a/.github/workflows/otomi-tools-build-push.yaml +++ b/.github/workflows/otomi-tools-build-push.yaml @@ -10,7 +10,7 @@ on: type: string push: branches: - - 'apl-36_tools-update' + - 'main' env: NAMESPACE: linode @@ -41,7 +41,6 @@ jobs: run: | set -e - echo "NEW_VERSION=apl-36_tools-update" >> $GITHUB_ENV && exit 0 # # Set the first image version to '0.1.0' if the repo does not exists. # if ! curl -s -L --fail "https://hub.docker.com/v2/repositories/${{ env.NAMESPACE }}/${{ env.REPO }}"; then echo "NEW_VERSION=0.1.0" >> $GITHUB_ENV && exit 0; fi From ed573387cf6720b05653a653f9559792c8e78135 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 17:22:42 +0200 Subject: [PATCH 09/18] feat: testing apl-tools update --- .github/workflows/main.yml | 2 +- Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 22d9fde0c9..e503788336 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -117,7 +117,7 @@ jobs: if: always() && contains(needs.release.result, 'success') && !github.event.act runs-on: ubuntu-latest container: - image: linode/apl-tools:2.7.0 + image: linode/apl-tools:apl-36_tools-update options: --user 0 env: COMMIT_MSG: ${{ github.event.head_commit.message }} diff --git a/Dockerfile b/Dockerfile index ec0c4e38fa..1046d7cdf4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:2.7.0 as ci +FROM linode/apl-tools:apl-36_tools-update as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:2.7.0 as prod +FROM linode/apl-tools:apl-36_tools-update as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env From c047b366a655dab960bec734d11aa2e8b9fc785c Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Thu, 26 Sep 2024 17:28:42 +0200 Subject: [PATCH 10/18] feat: reverting apl-tools version --- .github/workflows/main.yml | 2 +- Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e503788336..22d9fde0c9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -117,7 +117,7 @@ jobs: if: always() && contains(needs.release.result, 'success') && !github.event.act runs-on: ubuntu-latest container: - image: linode/apl-tools:apl-36_tools-update + image: linode/apl-tools:2.7.0 options: --user 0 env: COMMIT_MSG: ${{ github.event.head_commit.message }} diff --git a/Dockerfile b/Dockerfile index 1046d7cdf4..ec0c4e38fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:apl-36_tools-update as ci +FROM linode/apl-tools:2.7.0 as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:apl-36_tools-update as prod +FROM linode/apl-tools:2.7.0 as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env From 5443f25be19f437a4d330f3ef0556d8970208e4b Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Tue, 1 Oct 2024 08:38:06 +0200 Subject: [PATCH 11/18] fix: setting helm version to latest stable --- tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Dockerfile b/tools/Dockerfile index 69ba6dd69b..c4bf739a71 100644 --- a/tools/Dockerfile +++ b/tools/Dockerfile @@ -10,7 +10,7 @@ ARG HELM_VERSION=3.16.1 # https://github.com/databus23/helm-diff/releases ARG HELM_DIFF_VERSION=3.9.11 # https://github.com/jkroepke/helm-secrets/releases -ARG HELM_SECRETS_VERSION=4.6.1 +ARG HELM_SECRETS_VERSION=3.16.1 # https://github.com/mozilla/sops/releases ARG SOPS_VERSION=3.9.0 # https://github.com/FiloSottile/age/releases From 54dd1a8c89da43e68a2980df88c05537ef909d90 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Tue, 1 Oct 2024 10:13:23 +0200 Subject: [PATCH 12/18] Revert "fix: setting helm version to latest stable" This reverts commit 5443f25be19f437a4d330f3ef0556d8970208e4b. --- tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Dockerfile b/tools/Dockerfile index c4bf739a71..69ba6dd69b 100644 --- a/tools/Dockerfile +++ b/tools/Dockerfile @@ -10,7 +10,7 @@ ARG HELM_VERSION=3.16.1 # https://github.com/databus23/helm-diff/releases ARG HELM_DIFF_VERSION=3.9.11 # https://github.com/jkroepke/helm-secrets/releases -ARG HELM_SECRETS_VERSION=3.16.1 +ARG HELM_SECRETS_VERSION=4.6.1 # https://github.com/mozilla/sops/releases ARG SOPS_VERSION=3.9.0 # https://github.com/FiloSottile/age/releases From a0a7a8b7fb9707fb22772a75944c94339f241493 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Tue, 1 Oct 2024 10:35:56 +0200 Subject: [PATCH 13/18] feat: adding changes for new helm secrets version --- bin/common.sh | 4 ++-- charts/raw/README.md | 2 +- src/common/crypt.ts | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/common.sh b/bin/common.sh index c84671bbea..7470213e2d 100644 --- a/bin/common.sh +++ b/bin/common.sh @@ -202,7 +202,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Found timestamp diff in seconds: $sec_diff" fi if [ ! -f $file.dec ] || [ $sec_diff -gt 1 ]; then - helm secrets enc $file >$out + helm secrets encrypt -f $file >$out ts=$(stat -c %Y $file) chek_ts=$(expr $ts + 1) touch -d @$chek_ts $file.dec @@ -211,7 +211,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Skipping encryption for $file as it is not changed." fi else - if helm secrets dec $file >$out; then + if helm secrets decrypt -f $file >$out; then # we correct timestamp of decrypted file to match source file, # in order to detect changes for conditional encryption [ -n "$VERBOSE" ] && echo "Setting timestamp of decrypted file to that of source file." diff --git a/charts/raw/README.md b/charts/raw/README.md index b691aeafec..b1676c8871 100644 --- a/charts/raw/README.md +++ b/charts/raw/README.md @@ -119,7 +119,7 @@ mysecret: abc123 ``` ``` -$ helm secrets enc secrets.yaml +$ helm secrets encrypt -f secrets.yaml ``` #### STEP 2: Install your templated resources. diff --git a/src/common/crypt.ts b/src/common/crypt.ts index 8655d214a5..10dd64569f 100644 --- a/src/common/crypt.ts +++ b/src/common/crypt.ts @@ -15,8 +15,8 @@ export interface Arguments extends BasicArguments { EventEmitter.defaultMaxListeners = 20 enum CryptType { - ENCRYPT = 'helm secrets enc', - DECRYPT = 'helm secrets dec', + ENCRYPT = 'helm secrets encrypt -f', + DECRYPT = 'helm secrets decrypt -f', ROTATE = 'sops --input-type=yaml --output-type=yaml -i -r', } From be4ed10596f2a73ba6bd97ce62bde4af39a45bc1 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Tue, 1 Oct 2024 12:33:07 +0200 Subject: [PATCH 14/18] feat: generate new core image --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ec0c4e38fa..1046d7cdf4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:2.7.0 as ci +FROM linode/apl-tools:apl-36_tools-update as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:2.7.0 as prod +FROM linode/apl-tools:apl-36_tools-update as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env From f3c208f1f5ec154da6f881d6689139e09878a1b0 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Tue, 1 Oct 2024 12:40:21 +0200 Subject: [PATCH 15/18] feat: generate new core image --- bin/common.sh | 4 ++-- charts/raw/README.md | 2 +- src/common/crypt.ts | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/common.sh b/bin/common.sh index 7470213e2d..682e42dbf5 100644 --- a/bin/common.sh +++ b/bin/common.sh @@ -202,7 +202,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Found timestamp diff in seconds: $sec_diff" fi if [ ! -f $file.dec ] || [ $sec_diff -gt 1 ]; then - helm secrets encrypt -f $file >$out + helm secrets encrypt $file >$out ts=$(stat -c %Y $file) chek_ts=$(expr $ts + 1) touch -d @$chek_ts $file.dec @@ -211,7 +211,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Skipping encryption for $file as it is not changed." fi else - if helm secrets decrypt -f $file >$out; then + if helm secrets decrypt $file >$out; then # we correct timestamp of decrypted file to match source file, # in order to detect changes for conditional encryption [ -n "$VERBOSE" ] && echo "Setting timestamp of decrypted file to that of source file." diff --git a/charts/raw/README.md b/charts/raw/README.md index b1676c8871..5bdf473fd1 100644 --- a/charts/raw/README.md +++ b/charts/raw/README.md @@ -119,7 +119,7 @@ mysecret: abc123 ``` ``` -$ helm secrets encrypt -f secrets.yaml +$ helm secrets encrypt secrets.yaml ``` #### STEP 2: Install your templated resources. diff --git a/src/common/crypt.ts b/src/common/crypt.ts index 10dd64569f..7ddeeb7543 100644 --- a/src/common/crypt.ts +++ b/src/common/crypt.ts @@ -15,8 +15,8 @@ export interface Arguments extends BasicArguments { EventEmitter.defaultMaxListeners = 20 enum CryptType { - ENCRYPT = 'helm secrets encrypt -f', - DECRYPT = 'helm secrets decrypt -f', + ENCRYPT = 'helm secrets encrypt', + DECRYPT = 'helm secrets decrypt', ROTATE = 'sops --input-type=yaml --output-type=yaml -i -r', } From 3ebe262e051a1a78da916286eac5583a2c6b9b54 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Tue, 1 Oct 2024 13:11:57 +0200 Subject: [PATCH 16/18] feat: generate new core image --- bin/common.sh | 8 ++++---- charts/raw/README.md | 2 +- src/common/crypt.ts | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bin/common.sh b/bin/common.sh index 682e42dbf5..34c1c8a0a0 100644 --- a/bin/common.sh +++ b/bin/common.sh @@ -187,8 +187,8 @@ function crypt() { command=${1:-'dec'} [ "$*" != "" ] && shift files="$*" - local out='/dev/stdout' - [ -z "$VERBOSE" ] && out='/dev/null' + + [ -z "$files" ] && files=$(find $ENV_DIR/env -type f -name 'secrets.*.yaml') pushd $ENV_DIR for file in $files; do @@ -202,7 +202,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Found timestamp diff in seconds: $sec_diff" fi if [ ! -f $file.dec ] || [ $sec_diff -gt 1 ]; then - helm secrets encrypt $file >$out + helm secrets encrypt -i $file ts=$(stat -c %Y $file) chek_ts=$(expr $ts + 1) touch -d @$chek_ts $file.dec @@ -211,7 +211,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Skipping encryption for $file as it is not changed." fi else - if helm secrets decrypt $file >$out; then + if helm secrets decrypt $file ; then # we correct timestamp of decrypted file to match source file, # in order to detect changes for conditional encryption [ -n "$VERBOSE" ] && echo "Setting timestamp of decrypted file to that of source file." diff --git a/charts/raw/README.md b/charts/raw/README.md index 5bdf473fd1..5cf838bf0c 100644 --- a/charts/raw/README.md +++ b/charts/raw/README.md @@ -119,7 +119,7 @@ mysecret: abc123 ``` ``` -$ helm secrets encrypt secrets.yaml +$ helm secrets encrypt -i secrets.yaml ``` #### STEP 2: Install your templated resources. diff --git a/src/common/crypt.ts b/src/common/crypt.ts index 7ddeeb7543..736ee6447a 100644 --- a/src/common/crypt.ts +++ b/src/common/crypt.ts @@ -15,8 +15,8 @@ export interface Arguments extends BasicArguments { EventEmitter.defaultMaxListeners = 20 enum CryptType { - ENCRYPT = 'helm secrets encrypt', - DECRYPT = 'helm secrets decrypt', + ENCRYPT = 'helm secrets encrypt -i', + DECRYPT = 'helm secrets decrypt -i', ROTATE = 'sops --input-type=yaml --output-type=yaml -i -r', } From 6bfae0517c782efd3845bf00048d155bc95b3350 Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Wed, 2 Oct 2024 08:09:52 +0200 Subject: [PATCH 17/18] feat: reverting helm secrets update --- Dockerfile | 4 ++-- bin/common.sh | 8 ++++---- charts/raw/README.md | 2 +- src/common/crypt.ts | 4 ++-- tools/Dockerfile | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1046d7cdf4..ec0c4e38fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:apl-36_tools-update as ci +FROM linode/apl-tools:2.7.0 as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:apl-36_tools-update as prod +FROM linode/apl-tools:2.7.0 as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env diff --git a/bin/common.sh b/bin/common.sh index 34c1c8a0a0..c84671bbea 100644 --- a/bin/common.sh +++ b/bin/common.sh @@ -187,8 +187,8 @@ function crypt() { command=${1:-'dec'} [ "$*" != "" ] && shift files="$*" - - + local out='/dev/stdout' + [ -z "$VERBOSE" ] && out='/dev/null' [ -z "$files" ] && files=$(find $ENV_DIR/env -type f -name 'secrets.*.yaml') pushd $ENV_DIR for file in $files; do @@ -202,7 +202,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Found timestamp diff in seconds: $sec_diff" fi if [ ! -f $file.dec ] || [ $sec_diff -gt 1 ]; then - helm secrets encrypt -i $file + helm secrets enc $file >$out ts=$(stat -c %Y $file) chek_ts=$(expr $ts + 1) touch -d @$chek_ts $file.dec @@ -211,7 +211,7 @@ function crypt() { [ -n "$VERBOSE" ] && echo "Skipping encryption for $file as it is not changed." fi else - if helm secrets decrypt $file ; then + if helm secrets dec $file >$out; then # we correct timestamp of decrypted file to match source file, # in order to detect changes for conditional encryption [ -n "$VERBOSE" ] && echo "Setting timestamp of decrypted file to that of source file." diff --git a/charts/raw/README.md b/charts/raw/README.md index 5cf838bf0c..b691aeafec 100644 --- a/charts/raw/README.md +++ b/charts/raw/README.md @@ -119,7 +119,7 @@ mysecret: abc123 ``` ``` -$ helm secrets encrypt -i secrets.yaml +$ helm secrets enc secrets.yaml ``` #### STEP 2: Install your templated resources. diff --git a/src/common/crypt.ts b/src/common/crypt.ts index 736ee6447a..8655d214a5 100644 --- a/src/common/crypt.ts +++ b/src/common/crypt.ts @@ -15,8 +15,8 @@ export interface Arguments extends BasicArguments { EventEmitter.defaultMaxListeners = 20 enum CryptType { - ENCRYPT = 'helm secrets encrypt -i', - DECRYPT = 'helm secrets decrypt -i', + ENCRYPT = 'helm secrets enc', + DECRYPT = 'helm secrets dec', ROTATE = 'sops --input-type=yaml --output-type=yaml -i -r', } diff --git a/tools/Dockerfile b/tools/Dockerfile index 69ba6dd69b..52ab2ec425 100644 --- a/tools/Dockerfile +++ b/tools/Dockerfile @@ -10,7 +10,7 @@ ARG HELM_VERSION=3.16.1 # https://github.com/databus23/helm-diff/releases ARG HELM_DIFF_VERSION=3.9.11 # https://github.com/jkroepke/helm-secrets/releases -ARG HELM_SECRETS_VERSION=4.6.1 +ARG HELM_SECRETS_VERSION=3.15.0 # https://github.com/mozilla/sops/releases ARG SOPS_VERSION=3.9.0 # https://github.com/FiloSottile/age/releases From c1308e9cb0825a1cceb6ae0a09ebae4cfe704daa Mon Sep 17 00:00:00 2001 From: Ani Argjiri Date: Wed, 2 Oct 2024 08:16:52 +0200 Subject: [PATCH 18/18] feat: adding change so that the tools image can build --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ec0c4e38fa..03202d3940 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM linode/apl-tools:2.7.0 as ci +FROM linode/apl-tools:fc-feat-values-enc as ci ENV APP_HOME=/home/app/stack @@ -27,7 +27,7 @@ FROM ci as clean RUN npm prune --production #----------------------------- -FROM linode/apl-tools:2.7.0 as prod +FROM linode/apl-tools:fc-feat-values-enc as prod ENV APP_HOME=/home/app/stack ENV ENV_DIR=/home/app/stack/env