Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update templated files (1789cc2) #507

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/actionlint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
self-hosted-runner:
# Ubicloud machines we are using
labels:
- ubicloud-standard-8-arm
18 changes: 9 additions & 9 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -88,18 +88,18 @@ jobs:
TRIGGER: ${{ github.event_name }}
GITHUB_REF: ${{ github.ref }}
run: |
if [[ $TRIGGER == "pull_request" ]]; then
if [[ "$TRIGGER" == "pull_request" ]]; then
echo "exporting test as target helm repo: ${{ env.TEST_REPO_HELM_URL }}"
echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> $GITHUB_OUTPUT
elif [[ ( $TRIGGER == "push" || $TRIGGER == "schedule" || $TRIGGER == "workflow_dispatch" ) && $GITHUB_REF == "refs/heads/main" ]]; then
echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT"
elif [[ ( "$TRIGGER" == "push" || "$TRIGGER" == "schedule" || "$TRIGGER" == "workflow_dispatch" ) && "$GITHUB_REF" == "refs/heads/main" ]]; then
echo "exporting dev as target helm repo: ${{ env.DEV_REPO_HELM_URL }}"
echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> $GITHUB_OUTPUT
elif [[ $TRIGGER == "push" && $GITHUB_REF == refs/tags/* ]]; then
echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT"
elif [[ "$TRIGGER" == "push" && $GITHUB_REF == refs/tags/* ]]; then
echo "exporting stable as target helm repo: ${{ env.STABLE_REPO_HELM_URL }}"
echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> $GITHUB_OUTPUT
echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT"
else
echo "Unknown trigger and ref combination encountered, skipping publish step: $TRIGGER $GITHUB_REF"
echo "helm_repo=skip" >> $GITHUB_OUTPUT
echo "helm_repo=skip" >> "$GITHUB_OUTPUT"
fi

run_cargodeny:
Expand Down Expand Up @@ -379,7 +379,7 @@ jobs:
- id: printtag
name: Output image name and tag
if: ${{ !github.event.pull_request.head.repo.fork }}
run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT
run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT"

create_manifest_list:
name: Build and publish manifest list
Expand Down Expand Up @@ -437,4 +437,4 @@ jobs:
ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')"
./preflight-linux-amd64 check container "$IMAGE_TAG" --platform "${ARCH_FOR_PREFLIGHT}" > preflight.out
- name: "Passed?"
run: '[ "$(cat preflight.out | jq -r .passed)" == true ]'
run: '[ "$(jq -r .passed < preflight.out)" == true ]'
2 changes: 2 additions & 0 deletions .github/workflows/pr_pre-commit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
submodules: recursive
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: '3.12'
Expand All @@ -39,6 +40,7 @@ jobs:
chmod 700 "${LOCATION_BIN}"

echo "$LOCATION_DIR" >> "$GITHUB_PATH"
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
with:
extra_args: "--from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}"
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -66,13 +66,13 @@ repos:
- id: regenerate-charts
name: regenerate-charts
language: system
entry: make regenerate-charts
entry: nix-shell --run 'make regenerate-charts'
stages: [commit, merge-commit, manual]
pass_filenames: false

- id: cargo-test
name: cargo-test
language: system
entry: cargo test
entry: nix-shell --run 'cargo test'
stages: [commit, merge-commit, manual]
pass_filenames: false
109 changes: 89 additions & 20 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,40 +1,109 @@
# syntax=docker/dockerfile:1.10.0@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5
# NOTE: The syntax directive needs to be the first line in a Dockerfile

# =============
# This file is automatically generated from the templates in stackabletech/operator-templating
# DON'T MANUALLY EDIT THIS FILE
# =============
FROM oci.stackable.tech/sdp/ubi9-rust-builder AS builder

FROM registry.access.redhat.com/ubi9/ubi-minimal AS operator
# https://docs.docker.com/build/checks/#fail-build-on-check-violations
# check=error=true

# We want to automatically use the latest. We also don't tag our images with a version.
# hadolint ignore=DL3007
FROM oci.stackable.tech/sdp/ubi9-rust-builder:latest AS builder


# We want to automatically use the latest.
# hadolint ignore=DL3007
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS operator

ARG VERSION
ARG RELEASE="1"

LABEL name="Stackable Operator for Apache Airflow" \
maintainer="info@stackable.tech" \
vendor="Stackable GmbH" \
version="${VERSION}" \
release="${RELEASE}" \
summary="Deploy and manage Apache Airflow clusters." \
description="Deploy and manage Apache Airflow clusters."
# These are chosen at random and are this high on purpose to have very little chance to clash with an existing user or group on the host system
ARG STACKABLE_USER_GID="574654813"
ARG STACKABLE_USER_UID="782252253"

# These labels have mostly been superceded by the OpenContainer spec annotations below but it doesn't hurt to include them
# http://label-schema.org/rc1/
LABEL name="Stackable Operator for Apache Airflow"
LABEL maintainer="info@stackable.tech"
LABEL vendor="Stackable GmbH"
LABEL version="${VERSION}"
LABEL release="${RELEASE}"
LABEL summary="Deploy and manage Apache Airflow clusters."
LABEL description="Deploy and manage Apache Airflow clusters."

# Overwriting/Pinning UBI labels
# https://github.com/projectatomic/ContainerApplicationGenericLabels
LABEL vcs-ref=""
LABEL distribution-scope="public"
LABEL url="https://stackable.tech"
ARG TARGETARCH
LABEL architecture="${TARGETARCH}"
LABEL com.redhat.component=""
# It complains about it being an invalid label but RedHat uses it and we want to override it and it works....
# hadolint ignore=DL3048
LABEL com.redhat.license_terms=""
LABEL io.buildah.version=""
LABEL io.openshift.expose-services=""

# https://github.com/opencontainers/image-spec/blob/036563a4a268d7c08b51a08f05a02a0fe74c7268/annotations.md#annotations
LABEL org.opencontainers.image.authors="info@stackable.tech"
LABEL org.opencontainers.image.url="https://stackable.tech"
LABEL org.opencontainers.image.vendor="Stackable GmbH"
LABEL org.opencontainers.image.licenses="OSL-3.0"
LABEL org.opencontainers.image.documentation="https://docs.stackable.tech/home/stable/airflow/"
LABEL org.opencontainers.image.version="${VERSION}"
LABEL org.opencontainers.image.revision="${RELEASE}"
LABEL org.opencontainers.image.title="Stackable Operator for Apache Airflow"
LABEL org.opencontainers.image.description="Deploy and manage Apache Airflow clusters."

# https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata
# https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md
LABEL io.openshift.tags="ubi9,stackable,sdp,airflow"
LABEL io.k8s.description="Deploy and manage Apache Airflow clusters."
LABEL io.k8s.display-name="Stackable Operator for Apache Airflow"

RUN <<EOF

Check warning on line 69 in docker/Dockerfile

View workflow job for this annotation

GitHub Actions / hadolint

[hadolint] docker/Dockerfile#L69 <DL3041>(https://github.com/hadolint/hadolint/wiki/DL3041)

Specify version with `dnf install -y <package>-<version>`.
Raw output
message:"Specify version with `dnf install -y <package>-<version>`." location:{path:"docker/Dockerfile" range:{start:{line:69 column:1}}} severity:WARNING source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3041" url:"https://github.com/hadolint/hadolint/wiki/DL3041"}

Check notice on line 69 in docker/Dockerfile

View workflow job for this annotation

GitHub Actions / hadolint

[hadolint] docker/Dockerfile#L69 <SC2086>(https://github.com/koalaman/shellcheck/wiki/SC2086)

Double quote to prevent globbing and word splitting.
Raw output
message:"Double quote to prevent globbing and word splitting." location:{path:"docker/Dockerfile" range:{start:{line:69 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"SC2086" url:"https://github.com/koalaman/shellcheck/wiki/SC2086"}
# Update image and install kerberos client libraries
# install_weak_deps in microdnf does not support the literal "False" as dnf does
# https://github.com/rpm-software-management/microdnf/blob/a600c62f29262d71a6259b70dc220df65a2ab9b5/dnf/dnf-main.c#L176-L189
RUN microdnf update -y --setopt=install_weak_deps=0 \
&& microdnf install -y --setopt=install_weak_deps=0 \
krb5-libs \
libkadm5 \
&& microdnf clean all \
&& rm -rf /var/cache/yum
microdnf update
# NOTE (@NickLarsenNZ): Maybe we should consider pinning package versions?
# hadolint ignore=DL3041
microdnf install -y \
krb5-libs \
libkadm5 \
shadow-utils

groupadd --gid ${STACKABLE_USER_GID} --system ${STACKABLE_USER_NAME}
# The --no-log-init is required to work around a bug/problem in Go/Docker when very large UIDs are used
# See https://github.com/moby/moby/issues/5419#issuecomment-41478290 for more context
# Making this a system user prevents a mail dir from being created, expiry of passwords etc. but it will warn:
# useradd warning: stackable's uid 1000 is greater than SYS_UID_MAX 999
# We can safely ignore this warning, to get rid of the warning we could change /etc/login.defs but that does not seem worth it
# We'll leave the home directory hardcoded to /stackable because I don't want to deal with which chars might be valid and which might not in user name vs. directory
useradd \
--no-log-init \
--gid ${STACKABLE_USER_GID} \
--uid ${STACKABLE_USER_UID} \
--system \
--create-home \
--home-dir /stackable \
stackable
microdnf remove shadow-utils
microdnf clean all
rm -rf /var/cache/yum
EOF

COPY LICENSE /licenses/LICENSE

COPY --from=builder /app/* /usr/local/bin/
COPY deploy/config-spec/properties.yaml /etc/stackable/airflow-operator/config-spec/properties.yaml

RUN groupadd -g 1000 stackable && adduser -u 1000 -g stackable -c 'Stackable Operator' stackable

USER stackable:stackable
# COPY deploy/config-spec/properties.yaml /etc/stackable/airflow-operator/config-spec/properties.yaml
#
USER ${STACKABLE_USER_UID}

ENTRYPOINT ["stackable-airflow-operator"]
CMD ["run"]
Loading