Drive docker release from travis-ci

- Clean up controller.jsonnet - Switch to quay.io (docker hub doesn't offer robot accounts??) - Add deploy section to .travis.yml
bitnami-labs · Jun 5, 2017 · bf9769c · bf9769c
1 parent 935fb3f
commit bf9769c
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 26 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -4,6 +4,9 @@ go:
   - 1.7
   - 1.8
 
+services:
+  - docker
+
 os:
   - linux
   - osx
@@ -13,6 +16,9 @@ before_install:
 
 install:
   - go build -i ./...
+  - go get github.com/ksonnet/kubecfg
+  - git clone --depth=1 https://github.com/ksonnet/ksonnet-lib.git
+  - export KUBECFG_JPATH=$PWD/ksonnet-lib
 
 script:
   - make VERSION=${TRAVIS_TAG:-build-$TRAVIS_BUILD_ID}
@@ -21,9 +27,41 @@ script:
 
 after_script: set +e
 
+before_deploy:
+  - name=$(go env GOOS)-$(go env GOARCH)-ksonnet-seal
+  - cp ksonnet-seal $name
+  - "strip $name || :"
+  - "size $name || :"
+  - |
+    rm -f controller.image
+    if [ "$TRAVIS_OS_NAME" = linux ]; then
+      docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
+      img=quay.io/ksonnet/sealed-secrets-controller:${TRAVIS_TAG:-latest}
+      make controller.yaml CONTROLLER_IMAGE=$img DOCKER_USE_SHA=1
+      docker push $img
+      if [ -n "$TRAVIS_TAG" ]; then
+        docker tag $img quay.io/ksonnet/sealed-secrets-controller:latest
+        docker push quay.io/ksonnet/sealed-secrets-controller:latest
+      fi
+    fi
+
+deploy:
+  api_key:
+    secure: f2TxbMzYpq4u/5/B3oJdr7qNdBcTWflWG/SUATPnlIm0IUXKnHNS22MQerL27CNi7Ijg/ecVaWoDuqPwTBKqf1pAaM62JSID/7Y2DzkfvytJ5hCN1ifVYr/MrQJYPrQN49RstBPp7JHe4D+Tm75iVeI2pJEX8RmWBOXKxTp+XaFXymBM0O4qE8GybjRW9X8wXQLuvvH1mnAWGC+hROqYQEAi7JKRTTE8InA22aF73KucJM4FcskRrqSNcdtsMP5Jhlx7OgBnmSNidemYmTrshq7G6pburJjK0bl4mWPnce/4zaPVlTdLlQghn0cIogZ8M3RVwTBjOOsqiKDDhkKihsTWM1ghgtLN+FVpCSVvpwUjBkyatRE1cZk7aXg6xCADcCGQjB8rTveVauusCYm5n5EYFIcXSlZDxFvzVlBcJ2Z4tIHtqDKCd+5okf6AxfCj2bludGyzXVd5f2cqswU+duMVTJCOgaQ9PJc0RLHjvU/vKXkv9uS+1ZaKYlMZrJQD3IR6RIHsazIDVWmfKY8jICDjsIhMJHcc7HqThz3I8P82/o6TJbBDiAiANDD1MlXi+n1Epa6UTxglIdxntFm8CvwKlS+agJSkmLPCNxoENyvu1HRZOe8jW7itjRxxS5+q0jnxbuYLHtRm8kqQb8GYpiRD1UsMJv/ylfKnhd2Epp4=
+  file:
+    - *-ksonnet-seal
+    - controller.yaml
+  file_glob: true
+  on:
+    go: 1.8
+    tags: true
+  provider: releases
+  skip_cleanup: true
+
 cache:
   directories:
     - $GOPATH/pkg
+    - $GOPATH/bin
 
 branches:
   only:

diff --git a/Makefile b/Makefile
@@ -5,6 +5,7 @@ GOFMT = gofmt
 KUBECFG = kubecfg
 DOCKER = docker
 
+DOCKER_USE_SHA = 0
 CONTROLLER_IMAGE = sealed-secrets-controller:latest
 
 # TODO: Simplify this once ./... ignores ./vendor
@@ -24,8 +25,11 @@ docker/controller: $(GO_FILES)
 
 controller.image: docker/Dockerfile docker/controller
 	$(DOCKER) build -t $(CONTROLLER_IMAGE) docker/
-	#$(DOCKER) image inspect $(CONTROLLER_IMAGE) -f '$(shell echo $(CONTROLLER_IMAGE) | cut -d: -f1)@{{.Id}}' > $@.tmp
+ifeq ($(DOCKER_USE_SHA),1)
+	$(DOCKER) image inspect $(CONTROLLER_IMAGE) -f '$(shell echo $(CONTROLLER_IMAGE) | cut -d: -f1)@{{.Id}}' > $@.tmp
+else
 	echo $(CONTROLLER_IMAGE) >$@.tmp
+endif
 	mv $@.tmp $@
 
 controller.yaml: controller.jsonnet controller.image

diff --git a/controller.jsonnet b/controller.jsonnet
@@ -13,38 +13,19 @@ local trim = function(str) (
     str
 );
 
+local namespace = "kube-system";
+
 local controllerImage = trim(importstr "controller.image");
 
 local controllerContainer =
   container.default("sealed-secrets-controller", controllerImage) +
-  container.imagePullPolicy("IfNotPresent");
+  container.command(["controller"]) +
+  container.args(["--logtostderr"]);
 
 local labels = {name: "sealed-secrets-controller"};
 
 local controllerDeployment =
-  deployment.default("sealed-secrets-controller", controllerContainer) +
+  deployment.default("sealed-secrets-controller", controllerContainer, namespace) +
   {spec+: {template+: {metadata: {labels: labels}}}};
 
-//util.prune(controllerDeployment)
-
-local kube = import "kube.libsonnet";
-
-{
-  deploy: kube.Deployment("sealed-secrets-controller") {
-    spec+: {
-      template+: {
-        spec+: {
-          containers_+: {
-            controller: kube.Container("controller") {
-              image: controllerImage,
-              imagePullPolicy: "IfNotPresent",
-              command: ["controller"],
-              args_+: {
-                logtostderr: "true",
-                v: 9,
-              }}}}}}},
-  // tpr: kube.ThirdPartyResource("sealed-secret.ksonnet.io") {
-  //   versions_: ["v1alpha1"],
-  //   description: "A sealed (encrypted) Secret.",
-  // },
-}
+util.prune(controllerDeployment)