Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add Makefile target to create a signed helm chart #74

Merged
merged 2 commits into from
Apr 3, 2023
Merged

chore: add Makefile target to create a signed helm chart #74

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
272080c
chore: add Makefile target to upload helm package to Github
seagate-chris Mar 31, 2023
d9b485c
chore: add Makefile target to upload helm package to Github
seagate-chris Mar 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 53 additions & 25 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,42 @@
.PHONY: help all bin controller node test image limage ubi openshift push clean

VENDOR := seagate
GITHUB_ORG := Seagate
# Project name, without vendor
NAME := exos-x-csi
# Project name, including vendor
PROJECT := $(VENDOR)-$(NAME)
GITHUB_URL := github.com/$(GITHUB_ORG)/$(PROJECT)
NAMESPACE := $(VENDOR)

ifdef DOCKER_HUB_REPOSITORY
DOCKER_HUB_REPOSITORY := $(DOCKER_HUB_REPOSITORY)
else
DOCKER_HUB_REPOSITORY := ghcr.io/seagate
endif

# Note: the version number takes the form "v1.2.3" when used as a repository tag, but
# appears as "1.2.3" in other contexts such as the Helm chart.
ifdef VERSION
VERSION := $(VERSION)
else
VERSION := v1.5.7
VERSION := v1.5.9
endif

VERSION_FLAG = -X github.com/Seagate/seagate-exos-x-csi/pkg/common.Version=$(VERSION)
HELM_VERSION := $(subst v,,$(VERSION))
VERSION_FLAG = -X $(GITHUB_URL)/pkg/common.Version=$(VERSION)

ifndef BIN
BIN = seagate-exos-x-csi
BIN = $(PROJECT)
endif

HELM_VERSION := 1.0.1
# $HELM_KEY must be the name of a secret key in the invoker's default keyring if package is to be signed
HELM_KEY := css-host-software
HELM_IMAGE_REPO := $(DOCKER_HUB_REPOSITORY)/$(BIN)
# $HELM_KEY should be the name of a secret key in the invoker's default keyring
ifneq (,$(HELM_KEY))
HELM_KEYRING := ~/.gnupg/secring.gpg
HELM_SIGN := --sign --key $(HELM_KEY) --keyring $(HELM_KEYRING)
endif
HELM_PACKAGE := $(BIN)-$(HELM_VERSION).tgz

HELM_IMAGE_REPO := $(DOCKER_HUB_REPOSITORY)/$(BIN)
IMAGE = $(DOCKER_HUB_REPOSITORY)/$(BIN):$(VERSION)

help:
Expand Down Expand Up @@ -83,6 +92,19 @@ ubi:
@echo "[] ubi"
docker build -f Dockerfile.ubi -t $(IMAGE) --build-arg version="$(VERSION)" --build-arg vcs_ref="$(shell git rev-parse HEAD)" --build-arg build_date="$(shell date --rfc-3339=seconds)" .


push:
@echo ""
@echo "[] push"
docker push $(IMAGE)

clean:
@echo ""
@echo "[] clean"
rm -vf $(BIN)-controller $(BIN)-node *.zip *.tgz *.prov helm/$(BIN)-$(HELM_VERSION)*

######################## Openshift certification stuff ########################

openshift:
@echo ""
@echo "[] openshift"
Expand Down Expand Up @@ -114,30 +136,36 @@ build-preflight:
(cd ..; git clone https://github.com/redhat-openshift-ecosystem/openshift-preflight.git)
cd ../openshift-preflight && make build

push:
@echo ""
@echo "[] push"
docker push $(IMAGE)

clean:
@echo ""
@echo "[] clean"
rm -vf $(BIN)-controller $(BIN)-node *.zip *.tgz *.prov helm/$(BIN)-$(HELM_VERSION)*
######################## Helm package creation ########################


# Create a helm package that can be installed from a remote HTTPS URL with, e.g.
# helm install seagate-csi https://<server>/<path>/seagate-exos-x-csi-1.0.0.tgz
# helm install exos-x-csi https://<server>/<path>/seagate-exos-x-csi-1.0.0.tgz
helm-package: $(HELM_PACKAGE)

# Update version numbers in the Helm chart. If yq is not installed, try "go install github.com/mikefarah/yq/v4@latest"
update-chart: $(MAKEFILE)
yq -i '.image.tag="$(VERSION)" | .image.repository="$(HELM_IMAGE_REPO)"' helm/csi-charts/values.yaml

# Make a helm package. If yq is installed, the chart will be updated to reflect version $(VERSION)
# To create a package without signing it, specify "make helm-package HELM_KEY="
# Note that helm doesn't support GPG v2.1 kbx files; if signing fails, try:
# gpg --export-secret-keys > ~/.gnupg/secring.gpg
$(HELM_PACKAGE):
cd helm; helm package $(HELM_SIGN) \
--set image.tag=$(VERSION) --set image.repository=$(HELM_IMAGE_REPO) \
$$PWD/csi-charts
echo HELM_PACKAGE:=$@
( which yq >/dev/null && $(MAKE) update-chart ) || true
cd helm; helm package --app-version "$(HELM_VERSION)" --version "$(HELM_VERSION)" $(HELM_SIGN) $$PWD/csi-charts
cp -p helm/$@* .
ifdef HELM_KEYRING
helm verify --keyring $(HELM_KEYRING) $@
zip -r $(subst .tgz,-signed-helm-package.zip,$@) $@ [email protected]
endif

# Verify a signed package create a zip file containing the package and its provenance file
signed-helm-package: $(HELM_PACKAGE)
helm verify --keyring $(HELM_KEYRING) $<
zip -r $(subst .tgz,-signed-helm-package.zip,$<) $< $<.prov

# This will allow the package to be installed directly from Github, with the command:
# helm install -n $(NAMESPACE) exos-x-csi https://$(GITHUB_URL)/releases/download/$(VERSION)/$(PROJECT)-$(HELM_VERSION).tgz
helm-upload: $(HELM_PACKAGE)
gh release upload $(VERSION) '$^#Helm Package' -R $(GITHUB_ORG)/$(PROJECT)
@echo Install package with:
@echo ' ' helm install -n $(NAMESPACE) $(NAME) https://$(GITHUB_URL)/releases/download/$(VERSION)/$(PROJECT)-$(HELM_VERSION).tgz