From cc4596ec31b79a7c0de13325f9f8ab122ddf0497 Mon Sep 17 00:00:00 2001 From: tiberiugc Date: Fri, 26 Jul 2024 09:10:22 +0300 Subject: [PATCH] Add GH workflow for automatically updating nvidia device plugin static manifest --- .github/workflows/update-generated.yaml | 78 +++++++++---------- Makefile | 3 + .../scripts/update_nvidia_device_plugin.sh | 33 ++++++++ pkg/addons/default/scripts/update_aws_node.sh | 21 ++++- 4 files changed, 95 insertions(+), 40 deletions(-) create mode 100755 pkg/addons/assets/scripts/update_nvidia_device_plugin.sh diff --git a/.github/workflows/update-generated.yaml b/.github/workflows/update-generated.yaml index e584663fa2..6de8fb9d13 100644 --- a/.github/workflows/update-generated.yaml +++ b/.github/workflows/update-generated.yaml @@ -2,7 +2,7 @@ name: Update generated files on: workflow_dispatch: {} schedule: - - cron: "0 5 * * Thu" + - cron: "0 5 * * Thu" permissions: id-token: write @@ -15,47 +15,47 @@ jobs: strategy: fail-fast: false matrix: - resource: ["coredns", "aws-node"] + resource: ["coredns", "aws-node", "nvidia-device-plugin"] name: Update ${{ matrix.resource }} and open PR runs-on: ubuntu-latest container: public.ecr.aws/eksctl/eksctl-build:833f4464e865a6398788bf6cbc5447967b8974b7 env: GOPRIVATE: "" steps: - - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2 - with: - token: ${{ secrets.EKSCTLBOT_TOKEN }} - fetch-depth: 0 - - name: Configure AWS credentials for coredns update - if: ${{ matrix.resource == 'coredns' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - aws-region: us-west-2 - role-duration-seconds: 900 - role-session-name: eksctl-update-coredns-assets - role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }} - - name: Setup identity as eksctl-bot - uses: ./.github/actions/setup-identity - with: - token: "${{ secrets.EKSCTLBOT_TOKEN }}" - - name: Cache go-build and mod - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 - with: - path: | - ~/.cache/go-build/ - ~/go/pkg/mod/ - key: go-${{ hashFiles('go.sum') }} - restore-keys: | - go- - - name: Update ${{ matrix.resource }} - run: make update-${{ matrix.resource }} - - name: Upsert pull request - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2 - with: - token: ${{ secrets.EKSCTLBOT_TOKEN }} - commit-message: update ${{ matrix.resource }} - committer: eksctl-bot - title: 'Update ${{ matrix.resource }}' - branch: update-${{ matrix.resource }} - labels: area/tech-debt + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2 + with: + token: ${{ secrets.EKSCTLBOT_TOKEN }} + fetch-depth: 0 + - name: Configure AWS credentials for coredns update + if: ${{ matrix.resource == 'coredns' }} + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-region: us-west-2 + role-duration-seconds: 900 + role-session-name: eksctl-update-coredns-assets + role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }} + - name: Setup identity as eksctl-bot + uses: ./.github/actions/setup-identity + with: + token: "${{ secrets.EKSCTLBOT_TOKEN }}" + - name: Cache go-build and mod + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 + with: + path: | + ~/.cache/go-build/ + ~/go/pkg/mod/ + key: go-${{ hashFiles('go.sum') }} + restore-keys: | + go- + - name: Update ${{ matrix.resource }} + run: make update-${{ matrix.resource }} + - name: Upsert pull request + uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2 + with: + token: ${{ secrets.EKSCTLBOT_TOKEN }} + commit-message: update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }} + committer: eksctl-bot + title: 'Update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}' + branch: update-${{ matrix.resource }} + labels: area/tech-debt diff --git a/Makefile b/Makefile index 6ed100d875..31b27f4c32 100644 --- a/Makefile +++ b/Makefile @@ -160,6 +160,9 @@ generate-all: generate-always $(conditionally_generated_files) ## Re-generate al check-all-generated-files-up-to-date: generate-all ## Run the generate all command and verify there is no new diff git diff --quiet -- $(conditionally_generated_files) || (git --no-pager diff $(conditionally_generated_files); echo "HINT: to fix this, run 'git commit $(conditionally_generated_files) --message \"Update generated files\"'"; exit 1) +.PHONY: update-nvidia-device-plugin +update-nvidia-device-plugin: ## fetch the latest static manifest + pkg/addons/assets/scripts/update_nvidia_device_plugin.sh .PHONY: update-aws-node update-aws-node: ## Re-download the aws-node manifests from AWS diff --git a/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh b/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh new file mode 100755 index 0000000000..1ae0da602e --- /dev/null +++ b/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +get_latest_release_tag() { + curl -sL https://api.github.com/repos/NVIDIA/k8s-device-plugin/releases/latest | jq -r '.tag_name' +} + +latest_release_tag=$(get_latest_release_tag) + +# Check if the latest release tag was found +if [ -z "$latest_release_tag" ]; then + echo "Could not find the latest release tag." + exit 1 +fi + +# If running in GitHub Actions, export the release tag for use in the workflow +if [ "$GITHUB_ACTIONS" = "true" ]; then + echo "LATEST_RELEASE_TAG= to $latest_release_tag" >> $GITHUB_ENV +else + echo "Found the latest release tag: $latest_release_tag" +fi + +assets_addons_dir="pkg/addons/assets" + +curl -sL "https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/$latest_release_tag/deployments/static/nvidia-device-plugin.yml" -o "$assets_addons_dir/nvidia-device-plugin.yaml" + + +# Check if the download was successful +if [ $? -eq 0 ]; then + echo "Downloaded the latest NVIDIA device plugin manifest to $assets_addons_dir/nvidia-device-plugin.yaml" +else + echo "Failed to download the NVIDIA device plugin manifest." + exit 1 +fi diff --git a/pkg/addons/default/scripts/update_aws_node.sh b/pkg/addons/default/scripts/update_aws_node.sh index 6f17d9c96e..f29ac75cc4 100755 --- a/pkg/addons/default/scripts/update_aws_node.sh +++ b/pkg/addons/default/scripts/update_aws_node.sh @@ -9,12 +9,31 @@ get_latest_release_tag() { latest_release_tag=$(get_latest_release_tag) +# Check if the latest release tag was found +if [ -z "$latest_release_tag" ]; then + echo "Could not find the latest release tag." + exit 1 +fi + +# If running in GitHub Actions, export the release tag for use in the workflow +if [ "$GITHUB_ACTIONS" = "true" ]; then + echo "LATEST_RELEASE_TAG= to $latest_release_tag" >> $GITHUB_ENV +else + echo "Found the latest release tag: $latest_release_tag" +fi + default_addons_dir="pkg/addons/default" # Download the latest aws-k8s-cni.yaml file curl -sL "$base_url$latest_release_tag/config/master/aws-k8s-cni.yaml?raw=1" --output "$default_addons_dir/assets/aws-node.yaml" -echo "found latest release tag:" $latest_release_tag +# Check if the download was successful +if [ $? -eq 0 ]; then + echo "Downloaded the latest AWS Node manifest to $default_addons_dir/assets/aws-node.yaml" +else + echo "Failed to download the latest AWS Node manifest." + exit 1 +fi # Update the unit test file sed -i "s/expectedVersion = \"\(.*\)\"/expectedVersion = \"$latest_release_tag\"/g" "$default_addons_dir/aws_node_test.go"