Also modifies the script to run without bazel, and tweaks it so that
it'll detect errors in itself too.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
We use FORCE instead of .PHONY because this is a real file that can be
used as a prerequisite. If we were to use .PHONY, then the file's
timestamp would not be used to check whether targets should be rebuilt,
and they would get constantly rebuilt.
Signed-off-by: Maël Valais <mael@vls.dev>
Previously, we had one .dockerignore that would do its best to only have
the binaries and licenses copied into the Docker (or nerdctl, or
buildah). Unfortunately, that meant it had to copy all of bin/server and
bin/cmctl, which could become quite large (I measured 1.6 GB).
Instead of relying on a single .dockerignore file, we copy the licenses
and binaries into a "scratch context" directory. The downside is that
all the binaries are in two different places (bin/server and
bin/scratch/containers). Note that we can't use symlinks because Docker
won't dereference them.
Signed-off-by: Maël Valais <mael@vls.dev>
When switching branches, the Go files may not change. But since the
images contain the commit hash, e.g.:
cert-manager-controller-amd64:v1.7.0-beta.0-142-gfc0819af6
It is surprising when trying to deploy to Kind: the git commit that is
checked out does not match the commit hash of the image.
To avoid confusion, I added bin/release-version that gets updated only
when the currently checked out commit changes.
Signed-off-by: Maël Valais <mael@vls.dev>
These lean heavily on `go test` for everything possible.
Also adds setup for versionchecker test in make, and a script for
extracting CRDs from templated rendered YAML files
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
Double quotes are not interpreted by make, which meant that the variable
CMREL_KEY was set to '""' and was never empty, which means the $(error
...) block was never interpreted.
Signed-off-by: Maël Valais <mael@vls.dev>
Note that darwin/arm64 has to be special cased currently because of a
lack of official support for that platform in upstream etcd and
kube-apiserver. We instead install the amd64 versions, which is what
we did for bazel.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This slightly modifies our existing helm chart verification script to
accept the location of a tarball containing the chart we're verifying.
That in turn allows us to more generally use the script for both
validating the chart we build using make and the chart we build using
bazel.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
when on temp target, the object being verified will still be written and
so a second invocation of `make tools` will succeed and install an
unverified version
For more information see attached issue
Fixes#4678
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
Includes targets for:
- all "server" binaries, for all arches
- all containers for all server binaries for all arches
- all client binaries (kubectl plugin / cmctl) for all arches
- the cert-manager helm chart + signature
- the cert-manager static manifests + CRDs
- tools which bazel would download, with checksum verification
- (commented out) a signed SHA256SUM file for client binaries
Upgrades from the bazel flow include that:
- we use OS-specific base images rather than just using amd64 everywhere
- we easily add support for signing artifacts at build time
- we add ".exe" to the end of windows executables
- we add a zip file for windows executables, for easier consumption
- we concatenate YAML files more robustly
- staging a full release should be much faster
- hopefully, it's easier to change things!
- licenses are trimmed down to reduce bloat in images (the license
bundle was 1.4MB in size alone)
Changes from the bazel flow include:
- containers no longer have a symlink to the binary at an unusual
path, but instead just have the binary at a more predictable path
(e.g. /app/cmd/webhook/webhook instead of
/app/cmd/webhook/webhook.runfiles/com_github_jetstack_cert_manager/cmd/webhook/webhook_/webhook)
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
