-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set commit sha in bundle/catalog #132
Set commit sha in bundle/catalog #132
Conversation
Codecov Report
@@ Coverage Diff @@
## main #132 +/- ##
=======================================
Coverage 63.11% 63.11%
=======================================
Files 1 1
Lines 732 732
=======================================
Hits 462 462
Misses 220 220
Partials 50 50
Flags with carried forward coverage won't be shown. Click here to find out more. 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If with the IMAGE_TAG
change is enough for the catalog generation, it's great... in the future we could update the catalog generation to file based instead of sqlite, to align with the others.. or just have one workflow to rule them all. Anyways, the fork kind of breaks the implementation, because it can't push to quay, then the scheduled job will always be pulling a stale version...
We will need to change the way of generating this in the end, more information can be found in this issue |
e9a1294
to
0aabeee
Compare
Co-authored-by: Grzegorz Piotrowski <[email protected]>
Co-authored-by: Grzegorz Piotrowski <[email protected]>
0aabeee
to
51936f0
Compare
After discussion we have added the check to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I see this is as the minimal change to get the issue of the floating latest
image tag fixed. This has been causing problems to @Kuadrant/qe who need to lock the environment to a particular set of SHAs in order to debug stuff and relate the issues they found to specific versions of the code.
Maybe future enhancements could include:
- A. Somehow avoid that the image tag that is injected in the bundle/catalog files by the workflow (based on the commit SHA) mismatches what's read in the code by one who checks out the main branch (i.e.
:latest
).1 - B. Standardise how the Authorino Operator generates the bundle manifests and catalog image compared to other operators (kuadrant/kuadrant-operator, kuadrant/limitador-operator) – e.g., see local catalog raw file based format limitador-operator#62
Footnotes
-
I few different ways to try to achieve that (mentioned in an off-line call we had about this change): (i) some kind of post-commit hook that sets the SHA when the bundle manifests are generated locally, before pushing them to remote; (ii) replacing the commit SHA with another system to lock the manifests to a fixed version of the code (e.g. timestamp-based); (iii) start git-ignoring the bundle manifests altogether and start generating them on-the-fly whenever we need to build and push the image/cut a release only; (iv) get back to using the floating tag
latest
and create a special workflow for QE that follows the same steps as when we build for a release, i.e. introduce automated pre-releases from the main branch only for QE (after very merge, daily, weekly, etc). ↩
Co-authored-by: Grzegorz Piotrowski <[email protected]>
8e26662
Just added one final commit that uses |
@didierofrivia If you have time do you mind reviewing the latest changes here to make some progress on this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎖️
Updated the default flow to set the commit sha in the bundle manifests and in the catalog. This makes it so that the
relatedImages
and the bundle in the catalog are pointing to the commit sha variant of the images. As the workflow pushes duplicate images for both thelatest
and commit sha, this means that the latest images will also be pointing to specific commit sha tagged images.Due to the pipeline modifying the manifests to set the image to the commit sha variant, the
verify-manifests
andverify-bundle
make targets will fail. These checks are verifying that there are no uncommitted changes in the local git repo which does not make sense given the changes, and so the check was removed for themain
flow.Verified this on our own branch here. Example output from the render:
Looking for thoughts on this approach.
Resolves #121