forked from enix/san-iscsi-csi
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: add Makefile target to create a signed helm chart (#74)
* chore: add Makefile target to upload helm package to Github * chore: add Makefile target to upload helm package to Github
- Loading branch information
1 parent
f0ece2a
commit c707140
Showing
1 changed file
with
53 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,33 +1,42 @@ | ||
.PHONY: help all bin controller node test image limage ubi openshift push clean | ||
|
||
VENDOR := seagate | ||
GITHUB_ORG := Seagate | ||
# Project name, without vendor | ||
NAME := exos-x-csi | ||
# Project name, including vendor | ||
PROJECT := $(VENDOR)-$(NAME) | ||
GITHUB_URL := github.com/$(GITHUB_ORG)/$(PROJECT) | ||
NAMESPACE := $(VENDOR) | ||
|
||
ifdef DOCKER_HUB_REPOSITORY | ||
DOCKER_HUB_REPOSITORY := $(DOCKER_HUB_REPOSITORY) | ||
else | ||
DOCKER_HUB_REPOSITORY := ghcr.io/seagate | ||
endif | ||
|
||
# Note: the version number takes the form "v1.2.3" when used as a repository tag, but | ||
# appears as "1.2.3" in other contexts such as the Helm chart. | ||
ifdef VERSION | ||
VERSION := $(VERSION) | ||
else | ||
VERSION := v1.5.7 | ||
VERSION := v1.5.9 | ||
endif | ||
|
||
VERSION_FLAG = -X github.com/Seagate/seagate-exos-x-csi/pkg/common.Version=$(VERSION) | ||
HELM_VERSION := $(subst v,,$(VERSION)) | ||
VERSION_FLAG = -X $(GITHUB_URL)/pkg/common.Version=$(VERSION) | ||
|
||
ifndef BIN | ||
BIN = seagate-exos-x-csi | ||
BIN = $(PROJECT) | ||
endif | ||
|
||
HELM_VERSION := 1.0.1 | ||
# $HELM_KEY must be the name of a secret key in the invoker's default keyring if package is to be signed | ||
HELM_KEY := css-host-software | ||
HELM_IMAGE_REPO := $(DOCKER_HUB_REPOSITORY)/$(BIN) | ||
# $HELM_KEY should be the name of a secret key in the invoker's default keyring | ||
ifneq (,$(HELM_KEY)) | ||
HELM_KEYRING := ~/.gnupg/secring.gpg | ||
HELM_SIGN := --sign --key $(HELM_KEY) --keyring $(HELM_KEYRING) | ||
endif | ||
HELM_PACKAGE := $(BIN)-$(HELM_VERSION).tgz | ||
|
||
HELM_IMAGE_REPO := $(DOCKER_HUB_REPOSITORY)/$(BIN) | ||
IMAGE = $(DOCKER_HUB_REPOSITORY)/$(BIN):$(VERSION) | ||
|
||
help: | ||
|
@@ -83,6 +92,19 @@ ubi: | |
@echo "[] ubi" | ||
docker build -f Dockerfile.ubi -t $(IMAGE) --build-arg version="$(VERSION)" --build-arg vcs_ref="$(shell git rev-parse HEAD)" --build-arg build_date="$(shell date --rfc-3339=seconds)" . | ||
|
||
|
||
push: | ||
@echo "" | ||
@echo "[] push" | ||
docker push $(IMAGE) | ||
|
||
clean: | ||
@echo "" | ||
@echo "[] clean" | ||
rm -vf $(BIN)-controller $(BIN)-node *.zip *.tgz *.prov helm/$(BIN)-$(HELM_VERSION)* | ||
|
||
######################## Openshift certification stuff ######################## | ||
|
||
openshift: | ||
@echo "" | ||
@echo "[] openshift" | ||
|
@@ -114,30 +136,36 @@ build-preflight: | |
(cd ..; git clone https://github.com/redhat-openshift-ecosystem/openshift-preflight.git) | ||
cd ../openshift-preflight && make build | ||
|
||
push: | ||
@echo "" | ||
@echo "[] push" | ||
docker push $(IMAGE) | ||
|
||
clean: | ||
@echo "" | ||
@echo "[] clean" | ||
rm -vf $(BIN)-controller $(BIN)-node *.zip *.tgz *.prov helm/$(BIN)-$(HELM_VERSION)* | ||
######################## Helm package creation ######################## | ||
|
||
|
||
# Create a helm package that can be installed from a remote HTTPS URL with, e.g. | ||
# helm install seagate-csi https://<server>/<path>/seagate-exos-x-csi-1.0.0.tgz | ||
# helm install exos-x-csi https://<server>/<path>/seagate-exos-x-csi-1.0.0.tgz | ||
helm-package: $(HELM_PACKAGE) | ||
|
||
# Update version numbers in the Helm chart. If yq is not installed, try "go install github.com/mikefarah/yq/v4@latest" | ||
update-chart: $(MAKEFILE) | ||
yq -i '.image.tag="$(VERSION)" | .image.repository="$(HELM_IMAGE_REPO)"' helm/csi-charts/values.yaml | ||
|
||
# Make a helm package. If yq is installed, the chart will be updated to reflect version $(VERSION) | ||
# To create a package without signing it, specify "make helm-package HELM_KEY=" | ||
# Note that helm doesn't support GPG v2.1 kbx files; if signing fails, try: | ||
# gpg --export-secret-keys > ~/.gnupg/secring.gpg | ||
$(HELM_PACKAGE): | ||
cd helm; helm package $(HELM_SIGN) \ | ||
--set image.tag=$(VERSION) --set image.repository=$(HELM_IMAGE_REPO) \ | ||
$$PWD/csi-charts | ||
echo HELM_PACKAGE:=$@ | ||
( which yq >/dev/null && $(MAKE) update-chart ) || true | ||
cd helm; helm package --app-version "$(HELM_VERSION)" --version "$(HELM_VERSION)" $(HELM_SIGN) $$PWD/csi-charts | ||
cp -p helm/$@* . | ||
ifdef HELM_KEYRING | ||
helm verify --keyring $(HELM_KEYRING) $@ | ||
zip -r $(subst .tgz,-signed-helm-package.zip,$@) $@ [email protected] | ||
endif | ||
|
||
# Verify a signed package create a zip file containing the package and its provenance file | ||
signed-helm-package: $(HELM_PACKAGE) | ||
helm verify --keyring $(HELM_KEYRING) $< | ||
zip -r $(subst .tgz,-signed-helm-package.zip,$<) $< $<.prov | ||
|
||
# This will allow the package to be installed directly from Github, with the command: | ||
# helm install -n $(NAMESPACE) exos-x-csi https://$(GITHUB_URL)/releases/download/$(VERSION)/$(PROJECT)-$(HELM_VERSION).tgz | ||
helm-upload: $(HELM_PACKAGE) | ||
gh release upload $(VERSION) '$^#Helm Package' -R $(GITHUB_ORG)/$(PROJECT) | ||
@echo Install package with: | ||
@echo ' ' helm install -n $(NAMESPACE) $(NAME) https://$(GITHUB_URL)/releases/download/$(VERSION)/$(PROJECT)-$(HELM_VERSION).tgz | ||
|