From d1215c96577d62ad0ca05d0240ea6d87bc66d055 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Tue, 21 Nov 2023 04:00:04 -0500 Subject: [PATCH] upgrade default & add new k8s versions to improve coverage (#812) * upgrade default & add new k8s versions to improve coverage Signed-off-by: Bob Callaway * use knative 1.8.6 which supports correct apiVersion of HPA resources Signed-off-by: Bob Callaway * use diff knative versions mapped to k8s releases Signed-off-by: Bob Callaway * revert action change Signed-off-by: Bob Callaway * remove eval command from yq? Signed-off-by: Bob Callaway * test with main - attempt 1 Signed-off-by: Bob Callaway * use single quotes Signed-off-by: Bob Callaway * use format Signed-off-by: Bob Callaway * delegate knative version to setup-kind Signed-off-by: Bob Callaway * add ternary output Signed-off-by: Bob Callaway * increase sleep, replace eval on yq Signed-off-by: Bob Callaway * print validate error, add comment Signed-off-by: Bob Callaway * try new release of knative 1.10 Signed-off-by: Bob Callaway * backoff to 1.9 Signed-off-by: Bob Callaway * downlevel knative for 1.24 Signed-off-by: Bob Callaway * backoff to 1.6.0 Signed-off-by: Bob Callaway * cover 1.25-1.28 consistently Signed-off-by: Bob Callaway * add verbose flag to aid debugging Signed-off-by: Bob Callaway * set version to tip for setup-ko Signed-off-by: Bob Callaway --------- Signed-off-by: Bob Callaway --- .github/workflows/add-remove-new-fulcio.yaml | 5 ++- .github/workflows/fulcio-rekor-kind.yaml | 4 +-- .github/workflows/test-action-tuf.yaml | 9 +++-- .github/workflows/test-release.yaml | 9 +++-- Makefile | 2 +- actions/setup/action.yml | 38 +++++++++++++------- hack/setup-kind.sh | 17 ++++++--- hack/setup-scaffolding-from-release.sh | 2 +- 8 files changed, 54 insertions(+), 32 deletions(-) diff --git a/.github/workflows/add-remove-new-fulcio.yaml b/.github/workflows/add-remove-new-fulcio.yaml index b4c156d6c..ba2abebe3 100644 --- a/.github/workflows/add-remove-new-fulcio.yaml +++ b/.github/workflows/add-remove-new-fulcio.yaml @@ -27,6 +27,9 @@ jobs: matrix: k8s-version: - v1.25.x + - v1.26.x + - v1.27.x + - v1.28.x leg: - fulcio-key-rotation @@ -88,7 +91,7 @@ jobs: - name: Setup Knative uses: chainguard-dev/actions/setup-knative@main with: - version: "1.8.x" + version: "1.10.x" serving-features: > { "kubernetes.podspec-fieldref": "enabled" diff --git a/.github/workflows/fulcio-rekor-kind.yaml b/.github/workflows/fulcio-rekor-kind.yaml index 458864337..3a29eaf74 100644 --- a/.github/workflows/fulcio-rekor-kind.yaml +++ b/.github/workflows/fulcio-rekor-kind.yaml @@ -26,10 +26,10 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.23.x - - v1.24.x - v1.25.x - v1.26.x + - v1.27.x + - v1.28.x leg: - fulcio rekor ctlog e2e diff --git a/.github/workflows/test-action-tuf.yaml b/.github/workflows/test-action-tuf.yaml index db757eed5..e9cffbe19 100644 --- a/.github/workflows/test-action-tuf.yaml +++ b/.github/workflows/test-action-tuf.yaml @@ -23,13 +23,12 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.23.x - - v1.24.x - v1.25.x - # TODO: need release w/ 1.26 support first. - # - v1.26.x + - v1.26.x + - v1.27.x + - v1.28.x release-version: - - "latest-release" # Test explicitly with latest + - "main" # Test explicitly with latest go-version: - 1.21.x leg: diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml index 995a2d7e5..7e309c9a1 100644 --- a/.github/workflows/test-release.yaml +++ b/.github/workflows/test-release.yaml @@ -23,18 +23,17 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.23.x - - v1.24.x - v1.25.x - # TODO: enable after next release. - # - 1.26.x + - v1.26.x + - v1.27.x + - v1.28.x leg: - fulcio rekor ctlog e2e go-version: - 1.21.x env: - RELEASE_VERSION: "v0.5.1" + RELEASE_VERSION: "v0.6.9" KO_DOCKER_REPO: registry.local:5000/knative KOCACHE: ~/ko COSIGN_EXPERIMENTAL: "true" diff --git a/Makefile b/Makefile index 2921ab343..5f52a3f1a 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ ko-apply-rekor: .PHONY: ko-apply-trillian ko-apply-trillian: LDFLAGS="$(LDFLAGS)" \ - ko apply -BRf ./config/trillian + ko apply -v -BRf ./config/trillian .PHONY: ko-apply-tsa ko-apply-tsa: diff --git a/actions/setup/action.yml b/actions/setup/action.yml index 4ae2a95d3..ff5254678 100644 --- a/actions/setup/action.yml +++ b/actions/setup/action.yml @@ -19,7 +19,7 @@ branding: color: green inputs: version: - description: 'Version of scaffolding to install (v0.4.0, latest-release.)' + description: 'Version of scaffolding to install (v0.4.0, latest-release, main); main will use the latest commit on the main branch' required: true default: 'latest-release' sigstore-only: @@ -31,9 +31,7 @@ inputs: required: true default: "." knative-version: - description: 'Version of Knative to install (1.1.0, 1.1.1, etc.)' - required: true - default: '1.6.0' + description: 'Version of Knative to install (1.1.0, 1.1.1, etc.); if not specified, a version with support for requested k8s-version will be used' registry-name: description: 'Name of the registry to install (registry.local)' required: true @@ -47,9 +45,9 @@ inputs: required: true default: 'cluster.local' k8s-version: - description: 'kubernetes version to install (v1.23.x, v1.24.x, v1.25.x, v1.26.x, v1.27.x, v1.28.x), default: v1.24.x' + description: 'kubernetes version to install (v1.25.x, v1.26.x, v1.27.x, v1.28.x), default: v1.25.x' required: true - default: 'v1.24.x' + default: 'v1.25.x' runs: using: "composite" steps: @@ -61,7 +59,7 @@ runs: # - if version is "latest-release", look up latest release. # - otherwise, install the specified version. case ${{ inputs.version }} in - latest-release) + latest-release | main) tag=$(curl -s -u "username:${{ github.token }}" https://api.github.com/repos/sigstore/scaffolding/releases/latest | jq -r '.tag_name') ;; *) @@ -90,23 +88,37 @@ runs: sudo service docker restart echo "Installing kind and knative using release" - curl -fLo ./setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-kind.sh + + if [ "${{ inputs.version }}" != "main" ]; then + curl -fLo ./setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-kind.sh + else + cp ${{ github.action_path }}/../../hack/setup-kind.sh . + fi + chmod u+x ./setup-kind.sh ./setup-kind.sh \ --registry-url ${{ inputs.registry-name }}:${{ inputs.registry-port }} \ --cluster-suffix ${{ inputs.cluster-suffix }} \ - --k8s-version ${{ inputs.k8s-version }} \ - --knative-version ${{ inputs.knative-version }} + --k8s-version ${{ inputs.k8s-version }} ${{ inputs.knative-version != '' && format('--knative-version {0}', inputs.knative-version) || '' }} fi - echo "Installing sigstore scaffolding @ ${tag}" - curl -fLo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-scaffolding-from-release.sh + if [ "${{ inputs.version }}" != "main" ]; then + echo "Installing sigstore scaffolding @ ${tag}" + curl -fLo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-scaffolding-from-release.sh + else + cp ${{ github.action_path }}/../../hack/setup-scaffolding-from-release.sh /tmp/ + fi # Temp hack to address issuer mismatch issue. # Can be removed with the next release, after v0.6.5 sed -i "s@kubectl apply -f \"\${FULCIO}\"@curl -Ls \"\${FULCIO}\" | sed 's#\"IssuerURL\": \"https://kubernetes.default.svc\",#\"IssuerURL\": \"https://kubernetes.default.svc.cluster.local\",#' | kubectl apply -f -@" /tmp/setup-scaffolding-from-release.sh chmod u+x /tmp/setup-scaffolding-from-release.sh cat /tmp/setup-scaffolding-from-release.sh - /tmp/setup-scaffolding-from-release.sh --release-version ${tag} + if [ "${{ inputs.version }}" != "main" ]; then + /tmp/setup-scaffolding-from-release.sh --release-version ${tag} + else + /tmp/setup-scaffolding-from-release.sh + fi + TUF_MIRROR=$(kubectl -n tuf-system get ksvc tuf -ojsonpath='{.status.url}') echo "TUF_MIRROR=$TUF_MIRROR" >> $GITHUB_ENV # Grab the trusted root diff --git a/hack/setup-kind.sh b/hack/setup-kind.sh index d28394997..23d6d2db3 100755 --- a/hack/setup-kind.sh +++ b/hack/setup-kind.sh @@ -33,8 +33,7 @@ do done # Defaults -K8S_VERSION="v1.24.x" -KNATIVE_VERSION="1.6.0" +K8S_VERSION="v1.25.x" REGISTRY_NAME="registry.local" REGISTRY_PORT="5001" CLUSTER_SUFFIX="cluster.local" @@ -48,7 +47,7 @@ while [[ $# -ne 0 ]]; do ;; --knative-version) shift - KNATIVE_VERSION="$1" + KNATIVE_VERSION_ARG="$1" ;; --registry-url) shift @@ -65,41 +64,51 @@ while [[ $# -ne 0 ]]; do done # The version map correlated with this version of KinD +# KNATIVE versions are set from https://github.com/knative/community/blob/main/mechanics/RELEASE-SCHEDULE.md KIND_VERSION="v0.20.0" case ${K8S_VERSION} in v1.23.x) K8S_VERSION="1.23.17" + KNATIVE_VERSION="1.6.0" KIND_IMAGE_SHA="sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb" KIND_IMAGE="kindest/node:v${K8S_VERSION}@${KIND_IMAGE_SHA}" ;; v1.24.x) K8S_VERSION="1.24.15" + KNATIVE_VERSION="1.6.0" KIND_IMAGE_SHA="sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.25.x) K8S_VERSION="1.25.11" + KNATIVE_VERSION="1.11.3" KIND_IMAGE_SHA="sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.26.x) K8S_VERSION="1.26.6" + KNATIVE_VERSION="1.12.0" KIND_IMAGE_SHA="sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.27.x) K8S_VERSION="1.27.3" + KNATIVE_VERSION="1.12.0" KIND_IMAGE_SHA="sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.28.x) K8S_VERSION="1.28.0" + KNATIVE_VERSION="1.12.0" KIND_IMAGE_SHA="sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; *) echo "Unsupported version: ${K8S_VERSION}"; exit 1 ;; esac +# allow cmd line arg to explicitly override knative mapping above +KNATIVE_VERSION=${KNATIVE_VERSION_ARG:=${KNATIVE_VERSION}} + ############################################################# # # Install KinD @@ -316,7 +325,7 @@ function resource_blaster() { } resource_blaster serving serving-crds.yaml | kubectl apply -f - -sleep 3 # Avoid the race creating CRDs then instantiating them... +sleep 10 # Avoid the race creating CRDs then instantiating them... resource_blaster serving serving-core.yaml | kubectl apply -f - resource_blaster net-kourier kourier.yaml | kubectl apply -f - kubectl patch configmap/config-network \ diff --git a/hack/setup-scaffolding-from-release.sh b/hack/setup-scaffolding-from-release.sh index d4d607e13..f548173b0 100755 --- a/hack/setup-scaffolding-from-release.sh +++ b/hack/setup-scaffolding-from-release.sh @@ -19,7 +19,7 @@ set -o pipefail set -o xtrace # Default -RELEASE_VERSION="v0.6.3" +RELEASE_VERSION="v0.6.9" while [[ $# -ne 0 ]]; do parameter="$1"