Publish a private OCI helm chart and images to ghcr (#30)

* Migrate to a more similar build flow to gitopssets
* update license
* Add missing CRD
* Don't generate a configMap of the config.

Author: foot

.github/workflows/build.yaml

@@ -0,0 +1,130 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - main
+  pull_request_target:
+    types:
+      - closed
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  GOPRIVATE: github.com/weaveworks/cluster-controller
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout to fetch code
+    steps:
+      - name: Configure git for private modules
+        env:
+          GITHUB_BUILD_USERNAME: ${{ secrets.BUILD_BOT_USER }}
+          GITHUB_BUILD_TOKEN: ${{ secrets.BUILD_BOT_PERSONAL_ACCESS_TOKEN }}
+        run: git config --global url."https://${GITHUB_BUILD_USERNAME}:${GITHUB_BUILD_TOKEN}@github.com".insteadOf "https://github.com"
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+          cache: true
+
+      - name: Test
+        run: make test
+
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # for git describe
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+
+      - name: Get version
+        id: get_version
+        run: echo "::set-output name=VERSION::$(make version)"
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Configure git for private modules
+        env:
+          GITHUB_BUILD_USERNAME: ${{ secrets.BUILD_BOT_USER }}
+          GITHUB_BUILD_TOKEN: ${{ secrets.BUILD_BOT_PERSONAL_ACCESS_TOKEN }}
+        run: git config --global url."https://${GITHUB_BUILD_USERNAME}:${GITHUB_BUILD_TOKEN}@github.com".insteadOf "https://github.com"
+
+      - name: go mod vendor
+        run: go mod vendor
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: VERSION=${{ steps.get_version.outputs.VERSION }}
+
+  build-push-helm-chart:
+    runs-on: ubuntu-latest
+    needs: [build, test]
+    # only run on tag
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      packages: write # write a chart
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # for git describe
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+
+      - name: Configure git for private modules
+        env:
+          GITHUB_BUILD_USERNAME: ${{ secrets.BUILD_BOT_USER }}
+          GITHUB_BUILD_TOKEN: ${{ secrets.BUILD_BOT_PERSONAL_ACCESS_TOKEN }}
+        run: git config --global url."https://${GITHUB_BUILD_USERNAME}:${GITHUB_BUILD_TOKEN}@github.com".insteadOf "https://github.com"
+
+      - name: Install Helm
+        run: |
+          wget --no-verbose https://get.helm.sh/helm-v3.12.1-linux-amd64.tar.gz
+          tar -zxvf helm-v3.12.1-linux-amd64.tar.gz
+          mv linux-amd64/helm /usr/local/bin/helm
+          helm version
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and publish chart
+        run: |
+          make publish-helm-chart

.github/workflows/ci.yaml

@@ -18,6 +18,8 @@ testbin/*
 
 !vendor/**/zz_generated.*
 
+vendor/
+
 # editor and IDE paraphernalia
 .idea
 *.swp

.github/workflows/release.yaml

@@ -1,17 +1,11 @@
 # Build the manager binary
-FROM golang:1.19 as builder
-
-ARG GITHUB_BUILD_USERNAME
-ARG GITHUB_BUILD_TOKEN
-RUN git config --global url."https://${GITHUB_BUILD_USERNAME}:${GITHUB_BUILD_TOKEN}@github.com".insteadOf "https://github.com"
+FROM golang:1.20 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
+COPY vendor vendor
 
 # Copy the go source
 COPY main.go main.go

.gitignore

@@ -0,0 +1,2 @@
+ClusterBootstrapController is under the same license and commercial agreement as Weave GitOps Enterprise, and can only be used in conjunction.
+

Dockerfile

@@ -3,7 +3,11 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.0.1
+VERSION ?= $(shell git describe --tags --always)
+# Strip off leading `v`: v0.12.0 -> 0.12.0
+# Seems to be idiomatic for chart versions: https://helm.sh/docs/topics/charts/#the-chart-file
+CHART_VERSION := $(shell echo $(VERSION) | sed 's/^v//')
+CHART_REGISTRY ?= ghcr.io/weaveworks/charts
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
@@ -29,15 +33,16 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 #
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
 # weave.works/cluster-bootstrap-controller-bundle:$VERSION and weave.works/cluster-bootstrap-controller-catalog:$VERSION.
-IMAGE_TAG_BASE ?= weaveworks/cluster-bootstrap-controller
+IMAGE_TAG_BASE ?= ghcr.io/weaveworks/cluster-bootstrap-controller
 
 # BUNDLE_IMG defines the image:tag used for the bundle.
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
 BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
 
 IMAGE_TAG := $(shell tools/image-tag)
+
 # Image URL to use all building/pushing image targets
-IMG ?= $(IMAGE_TAG_BASE):$(IMAGE_TAG)
+IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
 CRD_OPTIONS ?= "crd"
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.25
@@ -99,11 +104,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
 docker-build: test ## Build docker image with the manager.
-	docker build \
-	--build-arg=GITHUB_BUILD_TOKEN=$(GITHUB_BUILD_TOKEN) \
-	--build-arg=GITHUB_BUILD_USERNAME=$(GITHUB_BUILD_USERNAME) \
-	-t ${IMG} . \
-	
+	docker build -t ${IMG} .
 
 docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
@@ -130,7 +131,7 @@ controller-gen: ## Download controller-gen locally if necessary.
 
 KUSTOMIZE = $(shell pwd)/bin/kustomize
 kustomize: ## Download kustomize locally if necessary.
-	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v3@v4.5.7)
+	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v4@v4.5.7)
 
 ENVTEST = $(shell pwd)/bin/setup-envtest
 envtest: ## Download envtest-setup locally if necessary.
@@ -218,3 +219,25 @@ controllers/testdata/crds/cluster.x-k8s.io_clusters.yaml: controllers/testdata/c
 	curl https://raw.githubusercontent.com/kubernetes-sigs/cluster-api/v1.0.0/config/crd/bases/cluster.x-k8s.io_clusters.yaml -o controllers/testdata/crds/cluster.x-k8s.io_clusters.yaml
 
 download-crds: controllers/testdata/crds/cluster.x-k8s.io_clusters.yaml
+
+HELMIFY = $(shell pwd)/bin/helmify
+.PHONY: helmify
+helmify:
+	$(call go-get-tool,$(HELMIFY),github.com/arttor/helmify/cmd/[email protected])
+
+.PHONY: helm
+helm: manifests kustomize helmify
+	$(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir ../weave-gitops-enterprise/charts/cluster-bootstrap-controller
+
+.PHONY: helm-chart
+helm-chart: manifests kustomize helmify
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir charts/cluster-bootstrap-controller
+	echo "fullnameOverride: cluster-bootstrap" >> charts/cluster-bootstrap-controller/values.yaml
+	cp LICENSE charts/cluster-bootstrap-controller/LICENSE
+	helm lint charts/cluster-bootstrap-controller
+	helm package charts/cluster-bootstrap-controller --app-version $(VERSION) --version $(CHART_VERSION) --destination /tmp/helm-repo
+
+.PHONY: publish-helm-chart
+publish-helm-chart: helm-chart
+	helm push /tmp/helm-repo/cluster-bootstrap-controller-${CHART_VERSION}.tgz oci://${CHART_REGISTRY}

LICENSE

@@ -3,6 +3,7 @@
 # It should be run by config/default
 resources:
 - bases/capi.weave.works_clusterbootstrapconfigs.yaml
+- bases/capi.weave.works_secretsyncs.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

Makefile

@@ -1,10 +1,8 @@
 resources:
 - manager.yaml
-
-generatorOptions:
-  disableNameSuffixHash: true
-
-configMapGenerator:
-- name: manager-config
-  files:
-  - controller_manager_config.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: ghcr.io/weaveworks/cluster-bootstrap-controller
+  newTag: latest