Add GH workflow for automatically updating nvidia device plugin stati…

…c manifest
eksctl-io · Jul 26, 2024 · cc4596e · cc4596e
1 parent 02c41d5
commit cc4596e
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 40 deletions.
diff --git a/.github/workflows/update-generated.yaml b/.github/workflows/update-generated.yaml
@@ -2,7 +2,7 @@ name: Update generated files
 on:
   workflow_dispatch: {}
   schedule:
-    - cron: "0 5 * * Thu"
+  - cron: "0 5 * * Thu"
 
 permissions:
   id-token: write
@@ -15,47 +15,47 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        resource: ["coredns", "aws-node"]    
+        resource: ["coredns", "aws-node", "nvidia-device-plugin"]
     name: Update ${{ matrix.resource }} and open PR
     runs-on: ubuntu-latest
     container: public.ecr.aws/eksctl/eksctl-build:833f4464e865a6398788bf6cbc5447967b8974b7
     env:
       GOPRIVATE: ""
     steps:
-      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
-        with:
-          token: ${{ secrets.EKSCTLBOT_TOKEN }}
-          fetch-depth: 0
-      - name: Configure AWS credentials for coredns update
-        if: ${{ matrix.resource == 'coredns' }}
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          aws-region: us-west-2
-          role-duration-seconds: 900
-          role-session-name: eksctl-update-coredns-assets
-          role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }}
-      - name: Setup identity as eksctl-bot
-        uses: ./.github/actions/setup-identity
-        with:
-          token: "${{ secrets.EKSCTLBOT_TOKEN }}"
-      - name: Cache go-build and mod
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
-        with:
-          path: |
-            ~/.cache/go-build/
-            ~/go/pkg/mod/
-          key: go-${{ hashFiles('go.sum') }}
-          restore-keys: |
-            go-
-      - name: Update ${{ matrix.resource }}
-        run: make update-${{ matrix.resource }}
-      - name: Upsert pull request
-        uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2
-        with:
-          token: ${{ secrets.EKSCTLBOT_TOKEN }}
-          commit-message: update ${{ matrix.resource }}
-          committer: eksctl-bot <[email protected]>
-          title: 'Update ${{ matrix.resource }}'
-          branch: update-${{ matrix.resource }}
-          labels: area/tech-debt
+    - name: Checkout
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
+      with:
+        token: ${{ secrets.EKSCTLBOT_TOKEN }}
+        fetch-depth: 0
+    - name: Configure AWS credentials for coredns update
+      if: ${{ matrix.resource == 'coredns' }}
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      with:
+        aws-region: us-west-2
+        role-duration-seconds: 900
+        role-session-name: eksctl-update-coredns-assets
+        role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }}
+    - name: Setup identity as eksctl-bot
+      uses: ./.github/actions/setup-identity
+      with:
+        token: "${{ secrets.EKSCTLBOT_TOKEN }}"
+    - name: Cache go-build and mod
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
+      with:
+        path: |
+          ~/.cache/go-build/
+          ~/go/pkg/mod/
+        key: go-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          go-
+    - name: Update ${{ matrix.resource }}
+      run: make update-${{ matrix.resource }}
+    - name: Upsert pull request
+      uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2
+      with:
+        token: ${{ secrets.EKSCTLBOT_TOKEN }}
+        commit-message: update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}
+        committer: eksctl-bot <[email protected]>
+        title: 'Update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}'
+        branch: update-${{ matrix.resource }}
+        labels: area/tech-debt
diff --git a/Makefile b/Makefile
@@ -160,6 +160,9 @@ generate-all: generate-always $(conditionally_generated_files) ## Re-generate al
 check-all-generated-files-up-to-date: generate-all ## Run the generate all command and verify there is no new diff
 	git diff --quiet -- $(conditionally_generated_files) || (git --no-pager diff $(conditionally_generated_files); echo "HINT: to fix this, run 'git commit $(conditionally_generated_files) --message \"Update generated files\"'"; exit 1)
 
+.PHONY: update-nvidia-device-plugin
+update-nvidia-device-plugin: ## fetch the latest static manifest
+	pkg/addons/assets/scripts/update_nvidia_device_plugin.sh
 
 .PHONY: update-aws-node
 update-aws-node: ## Re-download the aws-node manifests from AWS

diff --git a/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh b/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+get_latest_release_tag() {
+  curl -sL https://api.github.com/repos/NVIDIA/k8s-device-plugin/releases/latest | jq -r '.tag_name'
+}
+
+latest_release_tag=$(get_latest_release_tag)
+
+# Check if the latest release tag was found
+if [ -z "$latest_release_tag" ]; then
+  echo "Could not find the latest release tag."
+  exit 1
+fi
+
+# If running in GitHub Actions, export the release tag for use in the workflow
+if [ "$GITHUB_ACTIONS" = "true" ]; then
+  echo "LATEST_RELEASE_TAG= to $latest_release_tag" >> $GITHUB_ENV
+else
+  echo "Found the latest release tag: $latest_release_tag"
+fi
+
+assets_addons_dir="pkg/addons/assets"
+
+curl -sL "https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/$latest_release_tag/deployments/static/nvidia-device-plugin.yml" -o "$assets_addons_dir/nvidia-device-plugin.yaml"
+
+
+# Check if the download was successful
+if [ $? -eq 0 ]; then
+  echo "Downloaded the latest NVIDIA device plugin manifest to $assets_addons_dir/nvidia-device-plugin.yaml"
+else
+  echo "Failed to download the NVIDIA device plugin manifest."
+  exit 1
+fi
diff --git a/pkg/addons/default/scripts/update_aws_node.sh b/pkg/addons/default/scripts/update_aws_node.sh
@@ -9,12 +9,31 @@ get_latest_release_tag() {
 
 latest_release_tag=$(get_latest_release_tag)
 
+# Check if the latest release tag was found
+if [ -z "$latest_release_tag" ]; then
+  echo "Could not find the latest release tag."
+  exit 1
+fi
+
+# If running in GitHub Actions, export the release tag for use in the workflow
+if [ "$GITHUB_ACTIONS" = "true" ]; then
+  echo "LATEST_RELEASE_TAG= to $latest_release_tag" >> $GITHUB_ENV
+else
+  echo "Found the latest release tag: $latest_release_tag"
+fi
+
 default_addons_dir="pkg/addons/default"
 
 # Download the latest aws-k8s-cni.yaml file
 curl -sL "$base_url$latest_release_tag/config/master/aws-k8s-cni.yaml?raw=1" --output "$default_addons_dir/assets/aws-node.yaml"
 
-echo "found latest release tag:" $latest_release_tag
+# Check if the download was successful
+if [ $? -eq 0 ]; then
+  echo "Downloaded the latest AWS Node manifest to $default_addons_dir/assets/aws-node.yaml"
+else
+  echo "Failed to download the latest AWS Node manifest."
+  exit 1
+fi
 
 # Update the unit test file
 sed -i "s/expectedVersion = \"\(.*\)\"/expectedVersion = \"$latest_release_tag\"/g" "$default_addons_dir/aws_node_test.go"