Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade default & add new k8s versions to improve coverage #812

Merged
merged 19 commits into from
Nov 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .github/workflows/add-remove-new-fulcio.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ jobs:
matrix:
k8s-version:
- v1.25.x
- v1.26.x
- v1.27.x
- v1.28.x

leg:
- fulcio-key-rotation
Expand Down Expand Up @@ -71,6 +74,8 @@ jobs:
${{ runner.os }}-go-${{ matrix.go-version }}-

- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
with:
version: tip

- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2

Expand All @@ -86,7 +91,7 @@ jobs:
- name: Setup Knative
uses: chainguard-dev/actions/setup-knative@main
with:
version: "1.8.x"
version: "1.10.x"
serving-features: >
{
"kubernetes.podspec-fieldref": "enabled"
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/fulcio-rekor-kind.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ jobs:
fail-fast: false # Keep running if one leg fails.
matrix:
k8s-version:
- v1.23.x
- v1.24.x
- v1.25.x
- v1.26.x
- v1.27.x
- v1.28.x

leg:
- fulcio rekor ctlog e2e
Expand Down Expand Up @@ -74,6 +74,8 @@ jobs:
${{ runner.os }}-go-${{ matrix.go-version }}-

- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
with:
version: tip

- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2

Expand Down
11 changes: 6 additions & 5 deletions .github/workflows/test-action-tuf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,12 @@ jobs:
fail-fast: false # Keep running if one leg fails.
matrix:
k8s-version:
- v1.23.x
- v1.24.x
- v1.25.x
# TODO: need release w/ 1.26 support first.
# - v1.26.x
- v1.26.x
- v1.27.x
- v1.28.x
release-version:
- "latest-release" # Test explicitly with latest
- "main" # Test explicitly with latest
go-version:
- 1.21.x
leg:
Expand Down Expand Up @@ -58,6 +57,8 @@ jobs:
check-latest: true

- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
with:
version: tip

- name: Create sample image
run: |
Expand Down
11 changes: 6 additions & 5 deletions .github/workflows/test-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,17 @@ jobs:
fail-fast: false # Keep running if one leg fails.
matrix:
k8s-version:
- v1.23.x
- v1.24.x
- v1.25.x
# TODO: enable after next release.
# - 1.26.x
- v1.26.x
- v1.27.x
- v1.28.x
leg:
- fulcio rekor ctlog e2e
go-version:
- 1.21.x

env:
RELEASE_VERSION: "v0.5.1"
RELEASE_VERSION: "v0.6.9"
KO_DOCKER_REPO: registry.local:5000/knative
KOCACHE: ~/ko
COSIGN_EXPERIMENTAL: "true"
Expand All @@ -51,6 +50,8 @@ jobs:
check-latest: true

- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
with:
version: tip

- name: Setup Cluster
# TODO: update after next release.
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ ko-apply-rekor:
.PHONY: ko-apply-trillian
ko-apply-trillian:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/trillian
ko apply -v -BRf ./config/trillian

.PHONY: ko-apply-tsa
ko-apply-tsa:
Expand Down
38 changes: 25 additions & 13 deletions actions/setup/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ branding:
color: green
inputs:
version:
description: 'Version of scaffolding to install (v0.4.0, latest-release.)'
description: 'Version of scaffolding to install (v0.4.0, latest-release, main); main will use the latest commit on the main branch'
required: true
default: 'latest-release'
sigstore-only:
Expand All @@ -31,9 +31,7 @@ inputs:
required: true
default: "."
knative-version:
description: 'Version of Knative to install (1.1.0, 1.1.1, etc.)'
required: true
default: '1.6.0'
description: 'Version of Knative to install (1.1.0, 1.1.1, etc.); if not specified, a version with support for requested k8s-version will be used'
registry-name:
description: 'Name of the registry to install (registry.local)'
required: true
Expand All @@ -47,9 +45,9 @@ inputs:
required: true
default: 'cluster.local'
k8s-version:
description: 'kubernetes version to install (v1.23.x, v1.24.x, v1.25.x, v1.26.x, v1.27.x, v1.28.x), default: v1.24.x'
description: 'kubernetes version to install (v1.25.x, v1.26.x, v1.27.x, v1.28.x), default: v1.25.x'
required: true
default: 'v1.24.x'
default: 'v1.25.x'
runs:
using: "composite"
steps:
Expand All @@ -61,7 +59,7 @@ runs:
# - if version is "latest-release", look up latest release.
# - otherwise, install the specified version.
case ${{ inputs.version }} in
latest-release)
latest-release | main)
tag=$(curl -s -u "username:${{ github.token }}" https://api.github.com/repos/sigstore/scaffolding/releases/latest | jq -r '.tag_name')
;;
*)
Expand Down Expand Up @@ -90,23 +88,37 @@ runs:
sudo service docker restart

echo "Installing kind and knative using release"
curl -fLo ./setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-kind.sh

if [ "${{ inputs.version }}" != "main" ]; then
curl -fLo ./setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-kind.sh
else
cp ${{ github.action_path }}/../../hack/setup-kind.sh .
fi

chmod u+x ./setup-kind.sh
./setup-kind.sh \
--registry-url ${{ inputs.registry-name }}:${{ inputs.registry-port }} \
--cluster-suffix ${{ inputs.cluster-suffix }} \
--k8s-version ${{ inputs.k8s-version }} \
--knative-version ${{ inputs.knative-version }}
--k8s-version ${{ inputs.k8s-version }} ${{ inputs.knative-version != '' && format('--knative-version {0}', inputs.knative-version) || '' }}
fi

echo "Installing sigstore scaffolding @ ${tag}"
curl -fLo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-scaffolding-from-release.sh
if [ "${{ inputs.version }}" != "main" ]; then
echo "Installing sigstore scaffolding @ ${tag}"
curl -fLo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-scaffolding-from-release.sh
else
cp ${{ github.action_path }}/../../hack/setup-scaffolding-from-release.sh /tmp/
fi
# Temp hack to address issuer mismatch issue.
# Can be removed with the next release, after v0.6.5
sed -i "s@kubectl apply -f \"\${FULCIO}\"@curl -Ls \"\${FULCIO}\" | sed 's#\"IssuerURL\": \"https://kubernetes.default.svc\",#\"IssuerURL\": \"https://kubernetes.default.svc.cluster.local\",#' | kubectl apply -f -@" /tmp/setup-scaffolding-from-release.sh
chmod u+x /tmp/setup-scaffolding-from-release.sh
cat /tmp/setup-scaffolding-from-release.sh
/tmp/setup-scaffolding-from-release.sh --release-version ${tag}
if [ "${{ inputs.version }}" != "main" ]; then
/tmp/setup-scaffolding-from-release.sh --release-version ${tag}
else
/tmp/setup-scaffolding-from-release.sh
fi

TUF_MIRROR=$(kubectl -n tuf-system get ksvc tuf -ojsonpath='{.status.url}')
echo "TUF_MIRROR=$TUF_MIRROR" >> $GITHUB_ENV
# Grab the trusted root
Expand Down
17 changes: 13 additions & 4 deletions hack/setup-kind.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@ do
done

# Defaults
K8S_VERSION="v1.24.x"
KNATIVE_VERSION="1.6.0"
K8S_VERSION="v1.25.x"
REGISTRY_NAME="registry.local"
REGISTRY_PORT="5001"
CLUSTER_SUFFIX="cluster.local"
Expand All @@ -48,7 +47,7 @@ while [[ $# -ne 0 ]]; do
;;
--knative-version)
shift
KNATIVE_VERSION="$1"
KNATIVE_VERSION_ARG="$1"
;;
--registry-url)
shift
Expand All @@ -65,41 +64,51 @@ while [[ $# -ne 0 ]]; do
done

# The version map correlated with this version of KinD
# KNATIVE versions are set from https://github.com/knative/community/blob/main/mechanics/RELEASE-SCHEDULE.md
KIND_VERSION="v0.20.0"
case ${K8S_VERSION} in
v1.23.x)
K8S_VERSION="1.23.17"
KNATIVE_VERSION="1.6.0"
KIND_IMAGE_SHA="sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb"
KIND_IMAGE="kindest/node:v${K8S_VERSION}@${KIND_IMAGE_SHA}"
;;
v1.24.x)
K8S_VERSION="1.24.15"
KNATIVE_VERSION="1.6.0"
KIND_IMAGE_SHA="sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab"
KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
;;
v1.25.x)
K8S_VERSION="1.25.11"
KNATIVE_VERSION="1.11.3"
KIND_IMAGE_SHA="sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8"
KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
;;
v1.26.x)
K8S_VERSION="1.26.6"
KNATIVE_VERSION="1.12.0"
KIND_IMAGE_SHA="sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb"
KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
;;
v1.27.x)
K8S_VERSION="1.27.3"
KNATIVE_VERSION="1.12.0"
KIND_IMAGE_SHA="sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72"
KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
;;
v1.28.x)
K8S_VERSION="1.28.0"
KNATIVE_VERSION="1.12.0"
KIND_IMAGE_SHA="sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31"
KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
;;
*) echo "Unsupported version: ${K8S_VERSION}"; exit 1 ;;
esac

# allow cmd line arg to explicitly override knative mapping above
KNATIVE_VERSION=${KNATIVE_VERSION_ARG:=${KNATIVE_VERSION}}

#############################################################
#
# Install KinD
Expand Down Expand Up @@ -316,7 +325,7 @@ function resource_blaster() {
}

resource_blaster serving serving-crds.yaml | kubectl apply -f -
sleep 3 # Avoid the race creating CRDs then instantiating them...
sleep 10 # Avoid the race creating CRDs then instantiating them...
resource_blaster serving serving-core.yaml | kubectl apply -f -
resource_blaster net-kourier kourier.yaml | kubectl apply -f -
kubectl patch configmap/config-network \
Expand Down
2 changes: 1 addition & 1 deletion hack/setup-scaffolding-from-release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ set -o pipefail
set -o xtrace

# Default
RELEASE_VERSION="v0.6.3"
RELEASE_VERSION="v0.6.9"

while [[ $# -ne 0 ]]; do
parameter="$1"
Expand Down
Loading