search

cert-manager / trust-manager

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.
https://cert-manager.io/docs/projects/trust-manager/
Apache License 2.0
233 stars 64 forks source link

Also check for correct architectures in trust package build #323

Closed SgtCoDFish closed 4 months ago

SgtCoDFish commented 4 months ago

We updated our IMAGE_PLATFORMS variable in #315 which worked for the trust-manager build, but the current pipeline for trust-packages doesn't rebuild if an arch is missing. We could bump the version, but nothing is changing beyond a new arch so it seems a shame to force everyone to update when we could rebuild in place.

This PR changes the pipeline to also verify arches.

I tested locally by commenting out the make ... trust-package-debian-push line at the bottom of hack/update-debian-trust-package.sh and running make ci-update-debian-trust-package locally. It triggers a rebuild as expected.

$ make ci-update-debian-trust-package
./hack/update-debian-trust-package.sh "quay.io/jetstack/cert-manager-package-debian" .0 "https://quay.io/v2/jetstack/cert-manager-package-debian/manifests"
+++ fetching latest version of ca-certificates package
debconf: delaying package configuration, since apt-utils is not installed
Updating certificates in /etc/ssl/certs...
129 added, 0 removed; done.
+++ searching for quay.io/jetstack/cert-manager-package-debian:20210119.0 in upstream registry
upstream registry appears to contain quay.io/jetstack/cert-manager-package-debian:20210119.0, will check supported architectures
+++ architectures didn't match
+++ wanted:
amd64
arm
arm64
ppc64le
s390x
+++ got:
amd64
arm
arm64
ppc64le
+++ latest image appears not to exist or to be missing archictures; building and pushing quay.io/jetstack/cert-manager-package-debian:20210119.0

If I apply a patch to match the current list of built architectures then I see no rebuild, as expected:

diff --git a/hack/update-debian-trust-package.sh b/hack/update-debian-trust-package.sh
index 29e377b..f82ff29 100755
--- a/hack/update-debian-trust-package.sh
+++ b/hack/update-debian-trust-package.sh
@@ -108,8 +108,7 @@ if [[ $STATUS_CODE = "200" ]]; then
    EXPECTED_ARCHES="amd64
 arm
 arm64
-ppc64le
-s390x"
+ppc64le"

    GOT_ARCHES=$(jq '.manifests[].platform.architecture' -r <$manifest | sort)

$ make ci-update-debian-trust-package
./hack/update-debian-trust-package.sh "quay.io/jetstack/cert-manager-package-debian" .0 "https://quay.io/v2/jetstack/cert-manager-package-debian/manifests"
+++ fetching latest version of ca-certificates package
debconf: delaying package configuration, since apt-utils is not installed
Updating certificates in /etc/ssl/certs...
129 added, 0 removed; done.
+++ searching for quay.io/jetstack/cert-manager-package-debian:20210119.0 in upstream registry
upstream registry appears to contain quay.io/jetstack/cert-manager-package-debian:20210119.0, will check supported architectures
upstream registry has all expected arches, exiting
inteon commented 4 months ago

/approve

jetstack-bot commented 4 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/cert-manager/trust-manager/blob/main/OWNERS)~~ [inteon] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
SgtCoDFish commented 4 months ago

Manually adding LGTM label since I got an LGTM earlier with no label!

inteon commented 4 months ago

/lgtm