Skip to content

Commit

Permalink
Add cilium-cli (#4702)
Browse files Browse the repository at this point in the history
  • Loading branch information
Nuru authored May 23, 2024
1 parent 9311ca9 commit a0160c3
Show file tree
Hide file tree
Showing 13 changed files with 298 additions and 3 deletions.
3 changes: 2 additions & 1 deletion .github/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,10 @@ workflows/%.yml: .ALWAYS
if [[ $$enabled != "false" ]]; then \
echo updating $@; \
sed 's/%PACKAGE_NAME%/$*/g' package-template.yml | sed 's/%PACKAGE_JSON_NAME%/$(subst .,_,$*)/g' > $@; \
@git ls-files --error-unmatch $@ &> /dev/null || git add $@; \
else \
echo DELETING workflow $@ because package is disabled; \
rm -f $@; \
git rm -f --ignore-unmatch $@; \
fi

.PHONY : workflows .ALWAYS
Expand Down
3 changes: 3 additions & 0 deletions .github/auto-label.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ vendor/cfssljson:
vendor/chamber:
- any: ["vendor/chamber/**"]
all: ["!bin/**", "!tasks/**"]
vendor/cilium-cli:
- any: ["vendor/cilium-cli/**"]
all: ["!bin/**", "!tasks/**"]
vendor/cli53:
- any: ["vendor/cli53/**"]
all: ["!bin/**", "!tasks/**"]
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/auto-update-packages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ jobs:
- cfssl
- cfssljson
- chamber
- cilium-cli
- cli53
- cloud-nuke
- cloudflared
Expand Down
264 changes: 264 additions & 0 deletions .github/workflows/cilium-cli.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,264 @@
#
# This workflow was created automatically from the `package-template.yml` by running `make -C .github workflows`
# DO NOT EDIT THIS WORKFLOW, changes will be lost on the next update.
#

name: "cilium-cli"
concurrency:
group: ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} (${{ inputs.package_version_override || 'LATEST' }}_r${{ inputs.release_number_override || '0' }})
cancel-in-progress: true
on:
push:
branches:
- main

paths:
- apk/**
- deb/**
- rpm/**
- tasks/**
- vendor/cilium-cli/**
- .github/workflows/cilium-cli.yml


pull_request:
types: [opened, synchronize, reopened]
paths:
- apk/**
- deb/**
- rpm/**
- tasks/**
- vendor/cilium-cli/**
- .github/workflows/cilium-cli.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
description: 'Version of cilium-cli package to build. Defaults to vendor/cilium-cli/VERSION.'
required: false
type: string
release_number_override:
description: 'Zero-based release number of cilium-cli package to publish. Defaults to 0 (zero) when version is specified, ignored if not.'
required: false
type: string

env:
cilium-cli_VERSION: ${{ inputs.package_version_override }}
cilium-cli_RELEASE: ${{ inputs.release_number_override }}

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
# See https://github.com/Mergifyio/mergify/discussions/5082
# and https://github.com/Mergifyio/mergify/issues/5083
matrix-cilium-cli:
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
outputs:
package-enabled: ${{ steps.info.outputs.package_enabled }}
package-matrix: ${{steps.info.outputs.package_matrix}}
arch-matrix: ${{steps.info.outputs.arch_matrix}}
apk-enabled: ${{ steps.info.outputs.package_enabled == 'true' && steps.info.outputs.apk_package_enabled == 'true' }}
steps:
- uses: actions/checkout@v4

- name: Export package build matrix
shell: bash
id: info
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
echo setting ouputs
make -C vendor/cilium-cli info/github
echo
echo outputs set
# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
alpine-cilium-cli:
needs: matrix-cilium-cli
if: github.event_name != 'schedule' && needs.matrix-cilium-cli.outputs.apk-enabled != 'false'
runs-on: ubuntu-latest
strategy:
matrix:
# These versions must be strings. E.g. Otherwise `3.10` -> `3.1`
alpine:
# Now that we are just building 1 binary for all distributions, we do not
# need to track which distribution we are building on.
- 'alpine'
env:
APK_KEY_RSA: "${{ secrets.APK_KEY_RSA }}"
APK_PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.alpine}}
PACKAGER: ops@cloudposse.com
PACKAGER_PRIVKEY: /dev/shm/ops@cloudposse.com.rsa
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/ops@cloudposse.com.rsa.pub

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

steps:
# Checkout the packages repo so we can build the packages as a monorepo
- name: "Checkout source code at current commit"
uses: actions/checkout@v4

# Export the apk keys as files from secrets
- name: "Export keys"
run: "make -C .github/ export"

# Build the alpine packages for the matrix version of alpine
- name: "Build alpine packages"
run: "make -C vendor/${{github.workflow}} apk"

# Verify the packages were built or error
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
id: repo
run: |
if [[ ${GITHUB_REF} == 'refs/heads/main' ]]; then
echo "org=${{github.repository_owner}}" | tee -a $GITHUB_OUTPUT
else
echo "org=${{github.repository_owner}}-dev" | tee -a $GITHUB_OUTPUT
fi
env:
GITHUB_REF: ${{ github.ref }}

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
format: 'alpine'
owner: '${{steps.repo.outputs.org}}' # Your Cloudsmith account name or org name (namespace)
repo: 'packages' # Your Cloudsmith Repository name (slug)
distro: 'alpine' # Your Distribution (i.e debian, ubuntu, alpine)
release: 'any-version' # Use "any-version" if your package is compatible with more than one version of alpine linux
republish: 'true' # Needed if version is not changing
file: '${{steps.artifact.outputs.path}}' # Package filename (including path)
no-wait-for-sync: 'true' # Skip the waiting for package synchronisation (i.e. upload only)

# Build packages with fpm package manager
package-cilium-cli:
needs: matrix-cilium-cli
# Should not be needed, but without these conditions, this job would fail with an error if the matrix is []
# and would run with package-type empty if matrix is ["apk"]
if: >
github.event_name != 'schedule' && needs.matrix-cilium-cli.outputs.package-enabled != 'false'
&& needs.matrix-cilium-cli.outputs.package-matrix != '[]' && needs.matrix-cilium-cli.outputs.package-matrix != '["apk"]'
strategy:
matrix:
package-type: ${{ fromJSON(needs.matrix-cilium-cli.outputs.package-matrix) }}
arch: ${{ fromJSON(needs.matrix-cilium-cli.outputs.arch-matrix) }}
exclude:
- package-type: 'apk'
include:
# Default value for runs-on. Original matrix values will not be overridden, but added ones (like runs-on) can be.
# See https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
- runs-on: "self-hosted-arm64-large"
# By including `arch: amd64` here, we override the `runs-on` value when the matrix `arch` is `amd64`.
# This also forces the matrix to include `arch: amd64` even if it is not in the original matrix.
# This is why we do not default for amd64 and then override for arm64. (Because it would force arm64 to be included, and some tools are not available for arm64.)
- arch: amd64
runs-on: "ubuntu-latest"
runs-on: ${{ matrix.runs-on }}
env:
# We are in a bit of a bind here because of how GitHub actions work as of 2020-11-19
# Although the "workspace" is mounted to the container, it is not mounted
# at `/github/workspace` or ${{github.workspace}}, although through some
# mechanism, an environment variable whose value starts with ${{github.workspace}}
# will have ${{github.workspace}} replaced with the correct mount point.
#
# We need an absolute path for the package build system, since every build happens
# in a different directory, but because the mount point changes, we also
# need a path relative to the initial working directory to communicate between
# the package building container and the cloudsmith action.
PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.package-type}}/any-version
PACKAGE_RELPATH: artifacts/${{matrix.package-type}}/any-version

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

steps:
# Checkout the packages repo so we can build the packages as a monorepo
- name: "Checkout source code at current commit"
uses: actions/checkout@v4

# Build the packages for the matrix version
- name: "Build ${{matrix.package-type}} packages"
shell: bash
run: |
echo Current directory is $(pwd)
[[ $PACKAGES_PATH =~ ^$(pwd) ]] || { echo Package dir \"$PACKAGES_PATH\" not beneath workdir \"$(pwd)\" >&2; exit 1; }
make -C vendor/${{github.workflow}} ${{matrix.package-type}}
# Export the artifact filename including path
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
[[ -n $PACKAGE_RELPATH ]] || { echo Error: PACKAGE_RELPATH is not set >&2; exit 1; }
packages=($(find ${PACKAGE_RELPATH} -type f -name \*.${{matrix.package-type}}))
echo List packages found:
printf "%s\n" "${packages[@]}" | xargs --no-run-if-empty ls -l
echo Error if not exactly 1 package found
(( ${#packages[@]} == 1 )) || { echo "Error: other than 1 package found (${#packages[@]})" >&2; exit 1; }
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
id: repo
run: |
if [[ ${GITHUB_REF} == 'refs/heads/main' ]]; then
echo "org=${{github.repository_owner}}" | tee -a $GITHUB_OUTPUT
else
echo "org=${{github.repository_owner}}-dev" | tee -a $GITHUB_OUTPUT
fi
env:
GITHUB_REF: ${{ github.ref }}

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
format: '${{matrix.package-type}}'
owner: '${{steps.repo.outputs.org}}' # Your Cloudsmith account name or org name (namespace)
repo: 'packages' # Your Cloudsmith Repository name (slug)
distro: 'any-distro' # Use "any-distro" since our package is compatible with more than more distribution
release: 'any-version' # Use "any-version" since our package is compatible with more than more version
republish: 'true' # Needed if version is not changing
file: '${{steps.artifact.outputs.path}}' # Package filename (including path)
no-wait-for-sync: 'true' # Skip the waiting for package synchronisation (i.e. upload only)
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,7 @@ Here are some solutions to several common problems that may occur when adding a
[![cfssl](https://github.com/cloudposse/packages/actions/workflows/cfssl.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssl)* | 1.6.5 | Cloudflare's PKI and TLS toolkit
[![cfssljson](https://github.com/cloudposse/packages/actions/workflows/cfssljson.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssljson)* | 1.6.5 | Cloudflare's PKI and TLS toolkit json parser
[![chamber](https://github.com/cloudposse/packages/actions/workflows/chamber.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Achamber) | 2.14.1 | CLI for managing secrets
[![cilium-cli](https://github.com/cloudposse/packages/actions/workflows/cilium-cli.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acilium-cli) | 0.16.7 | CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
[![cli53](https://github.com/cloudposse/packages/actions/workflows/cli53.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acli53) | 0.8.22 | Command line tool for Amazon Route 53
[![cloud-nuke](https://github.com/cloudposse/packages/actions/workflows/cloud-nuke.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloud-nuke) | 0.35.0 | Tool for wiping an aws account DANGER absolutely do not use in production
[![cloudflared](https://github.com/cloudposse/packages/actions/workflows/cloudflared.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloudflared) | 2024.5.0 | Argo Tunnel client
Expand Down
1 change: 1 addition & 0 deletions docs/badges.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
[![cfssl](https://github.com/cloudposse/packages/actions/workflows/cfssl.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssl)* | 1.6.5 | Cloudflare's PKI and TLS toolkit
[![cfssljson](https://github.com/cloudposse/packages/actions/workflows/cfssljson.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssljson)* | 1.6.5 | Cloudflare's PKI and TLS toolkit json parser
[![chamber](https://github.com/cloudposse/packages/actions/workflows/chamber.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Achamber) | 2.14.1 | CLI for managing secrets
[![cilium-cli](https://github.com/cloudposse/packages/actions/workflows/cilium-cli.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acilium-cli) | 0.16.7 | CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
[![cli53](https://github.com/cloudposse/packages/actions/workflows/cli53.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acli53) | 0.8.22 | Command line tool for Amazon Route 53
[![cloud-nuke](https://github.com/cloudposse/packages/actions/workflows/cloud-nuke.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloud-nuke) | 0.35.0 | Tool for wiping an aws account DANGER absolutely do not use in production
[![cloudflared](https://github.com/cloudposse/packages/actions/workflows/cloudflared.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloudflared) | 2024.5.0 | Argo Tunnel client
Expand Down
1 change: 1 addition & 0 deletions docs/targets.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ aws-vault 7.2.0 A vault for securely storing and accessing
cfssl* 1.6.5 Cloudflare's PKI and TLS toolkit
cfssljson* 1.6.5 Cloudflare's PKI and TLS toolkit json parser
chamber 2.14.1 CLI for managing secrets
cilium-cli 0.16.7 CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
cli53 0.8.22 Command line tool for Amazon Route 53
cloud-nuke 0.35.0 Tool for wiping an aws account DANGER absolutely do not use in production
cloudflared 2024.5.0 Argo Tunnel client
Expand Down
7 changes: 5 additions & 2 deletions tasks/Makefile.package
Original file line number Diff line number Diff line change
Expand Up @@ -124,14 +124,16 @@ $(LOCAL_BIN)/vert:

DESCRIPTION:
@# Use `tr -d '\"$'` to help guard against malicious input
@github-repo-metadata $(VENDOR) $(PACKAGE_REPO_NAME) "index" .description | tr -d '\"$$' | tee DESCRIPTION
@github-repo-metadata $(VENDOR) $(PACKAGE_REPO_NAME) "index" .description | tr -d '\"$$' | tee $@
git add $@

# In order to support static configuration of version, the VERSION file should be
# considered up-to-date unless explicitly updated via the "update" target
# VERSION:

LICENSE:
@github-repo-metadata $(VENDOR) $(PACKAGE_REPO_NAME) "license" .license.spdx_id | tr '[:lower:]' '[:upper:]' | tee LICENSE
@github-repo-metadata $(VENDOR) $(PACKAGE_REPO_NAME) "license" .license.spdx_id | tr '[:lower:]' '[:upper:]' | tee $@
git add $@

RELEASE: VERSION LICENSE DESCRIPTION
@if [ ! -f RELEASE ]; then \
Expand All @@ -149,6 +151,7 @@ RELEASE: VERSION LICENSE DESCRIPTION

init: AUTO_UPDATE_ENABLED=true
init: LICENSE DESCRIPTION $(PACKAGE_VERSION_TARGET) RELEASE
@git ls-files --error-unmatch "VERSION" &> /dev/null || git add VERSION

update: $(PACKAGE_VERSION_TARGET) RELEASE

Expand Down
1 change: 1 addition & 0 deletions vendor/cilium-cli/DESCRIPTION
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
1 change: 1 addition & 0 deletions vendor/cilium-cli/LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
APACHE-2.0
16 changes: 16 additions & 0 deletions vendor/cilium-cli/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@

# Package details
export VENDOR := cilium
export PACKAGE_EXE := cilium
export PACKAGE_HOMEPAGE_URL := https://cilium.io/
# https://github.com/cilium/cilium-cli/releases/download/v0.16.7/cilium-linux-amd64.tar.gz
export DOWNLOAD_URL ?= $(PACKAGE_REPO_URL)/releases/download/v$(PACKAGE_VERSION)/$(PACKAGE_EXE)-$(OS)-$(ARCH).tar.gz
export APK_BUILD_TEMPLATE ?= APKBUILD.github-binary

include ../../tasks/Makefile.vendor_includes

install:
$(call download_tarball)

test:
$(PACKAGE_EXE) version --client && $(PACKAGE_EXE) version --client | grep -q -F $(PACKAGE_VERSION)
1 change: 1 addition & 0 deletions vendor/cilium-cli/RELEASE
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0
1 change: 1 addition & 0 deletions vendor/cilium-cli/VERSION
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0.16.7

0 comments on commit a0160c3

Please sign in to comment.