From 94f68a3c84017b3123795c790d8082321b547377 Mon Sep 17 00:00:00 2001 From: Nuru Date: Wed, 22 May 2024 15:23:46 -0700 Subject: [PATCH] Add cilium-cli package --- .github/auto-label.yml | 3 + .github/workflows/auto-update-packages.yml | 1 + .github/workflows/cilium-cli.yml | 264 +++++++++++++++++++++ README.md | 1 + docs/badges.md | 1 + docs/targets.md | 1 + vendor/cilium-cli/DESCRIPTION | 1 + vendor/cilium-cli/LICENSE | 1 + vendor/cilium-cli/Makefile | 16 ++ vendor/cilium-cli/RELEASE | 1 + vendor/cilium-cli/VERSION | 1 + 11 files changed, 291 insertions(+) create mode 100644 .github/workflows/cilium-cli.yml create mode 100644 vendor/cilium-cli/DESCRIPTION create mode 100644 vendor/cilium-cli/LICENSE create mode 100644 vendor/cilium-cli/Makefile create mode 100644 vendor/cilium-cli/RELEASE create mode 100644 vendor/cilium-cli/VERSION diff --git a/.github/auto-label.yml b/.github/auto-label.yml index 4ac12a11f2..e29bf75a0f 100644 --- a/.github/auto-label.yml +++ b/.github/auto-label.yml @@ -65,6 +65,9 @@ vendor/cfssljson: vendor/chamber: - any: ["vendor/chamber/**"] all: ["!bin/**", "!tasks/**"] +vendor/cilium-cli: +- any: ["vendor/cilium-cli/**"] + all: ["!bin/**", "!tasks/**"] vendor/cli53: - any: ["vendor/cli53/**"] all: ["!bin/**", "!tasks/**"] diff --git a/.github/workflows/auto-update-packages.yml b/.github/workflows/auto-update-packages.yml index e264866ae1..1ee2a0effe 100644 --- a/.github/workflows/auto-update-packages.yml +++ b/.github/workflows/auto-update-packages.yml @@ -34,6 +34,7 @@ jobs: - cfssl - cfssljson - chamber + - cilium-cli - cli53 - cloud-nuke - cloudflared diff --git a/.github/workflows/cilium-cli.yml b/.github/workflows/cilium-cli.yml new file mode 100644 index 0000000000..e90a8505fa --- /dev/null +++ b/.github/workflows/cilium-cli.yml @@ -0,0 +1,264 @@ +# +# This workflow was created automatically from the `package-template.yml` by running `make -C .github workflows` +# DO NOT EDIT THIS WORKFLOW, changes will be lost on the next update. +# + +name: "cilium-cli" +concurrency: + group: ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} (${{ inputs.package_version_override || 'LATEST' }}_r${{ inputs.release_number_override || '0' }}) + cancel-in-progress: true +on: + push: + branches: + - main + + paths: + - apk/** + - deb/** + - rpm/** + - tasks/** + - vendor/cilium-cli/** + - .github/workflows/cilium-cli.yml + + + pull_request: + types: [opened, synchronize, reopened] + paths: + - apk/** + - deb/** + - rpm/** + - tasks/** + - vendor/cilium-cli/** + - .github/workflows/cilium-cli.yml + + #bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version + workflow_dispatch: + inputs: + package_version_override: + description: 'Version of cilium-cli package to build. Defaults to vendor/cilium-cli/VERSION.' + required: false + type: string + release_number_override: + description: 'Zero-based release number of cilium-cli package to publish. Defaults to 0 (zero) when version is specified, ignored if not.' + required: false + type: string + +env: + cilium-cli_VERSION: ${{ inputs.package_version_override }} + cilium-cli_RELEASE: ${{ inputs.release_number_override }} + +jobs: + # Mergify cannot distinguish between 2 jobs with the same name run from different workflows, + # so each job must have a unique name for the rules to work properly. + # See https://github.com/Mergifyio/mergify/discussions/5082 + # and https://github.com/Mergifyio/mergify/issues/5083 + matrix-cilium-cli: + if: github.event_name != 'schedule' + runs-on: ubuntu-latest + outputs: + package-enabled: ${{ steps.info.outputs.package_enabled }} + package-matrix: ${{steps.info.outputs.package_matrix}} + arch-matrix: ${{steps.info.outputs.arch_matrix}} + apk-enabled: ${{ steps.info.outputs.package_enabled == 'true' && steps.info.outputs.apk_package_enabled == 'true' }} + steps: + - uses: actions/checkout@v4 + + - name: Export package build matrix + shell: bash + id: info + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + echo setting ouputs + make -C vendor/cilium-cli info/github + echo + echo outputs set + + + # Build for alpine linux + # Kept separate because it is old and slightly different than the other package builds + alpine-cilium-cli: + needs: matrix-cilium-cli + if: github.event_name != 'schedule' && needs.matrix-cilium-cli.outputs.apk-enabled != 'false' + runs-on: ubuntu-latest + strategy: + matrix: + # These versions must be strings. E.g. Otherwise `3.10` -> `3.1` + alpine: + # Now that we are just building 1 binary for all distributions, we do not + # need to track which distribution we are building on. + - 'alpine' + env: + APK_KEY_RSA: "${{ secrets.APK_KEY_RSA }}" + APK_PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.alpine}} + PACKAGER: ops@cloudposse.com + PACKAGER_PRIVKEY: /dev/shm/ops@cloudposse.com.rsa + PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/ops@cloudposse.com.rsa.pub + + container: + image: cloudposse/packages-apkbuild:${{matrix.alpine}} + credentials: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + steps: + # Checkout the packages repo so we can build the packages as a monorepo + - name: "Checkout source code at current commit" + uses: actions/checkout@v4 + + # Export the apk keys as files from secrets + - name: "Export keys" + run: "make -C .github/ export" + + # Build the alpine packages for the matrix version of alpine + - name: "Build alpine packages" + run: "make -C vendor/${{github.workflow}} apk" + + # Verify the packages were built or error + - name: "List packages" + run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .' + + # Export the artifact filename including path + # Path must be relative to workdir for Cloudsmith action to be able to find it + - name: "Set output path to artifact" + id: artifact + shell: bash + run: | + artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk) + echo "path=$artifact" | tee -a $GITHUB_OUTPUT + echo creating '"pip"' cache directory for Cloudsmith + mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory + + + # Determine which package organization we should use (e.g. dev or prod) + - name: "Determine package repo" + shell: bash + id: repo + run: | + if [[ ${GITHUB_REF} == 'refs/heads/main' ]]; then + echo "org=${{github.repository_owner}}" | tee -a $GITHUB_OUTPUT + else + echo "org=${{github.repository_owner}}-dev" | tee -a $GITHUB_OUTPUT + fi + env: + GITHUB_REF: ${{ github.ref }} + + # Publish the artifacts + - name: "Push artifact to package repository" + uses: cloudsmith-io/action@v0.5.4 + with: + api-key: ${{ secrets.CLOUDSMITH_API_KEY }} + command: 'push' + format: 'alpine' + owner: '${{steps.repo.outputs.org}}' # Your Cloudsmith account name or org name (namespace) + repo: 'packages' # Your Cloudsmith Repository name (slug) + distro: 'alpine' # Your Distribution (i.e debian, ubuntu, alpine) + release: 'any-version' # Use "any-version" if your package is compatible with more than one version of alpine linux + republish: 'true' # Needed if version is not changing + file: '${{steps.artifact.outputs.path}}' # Package filename (including path) + no-wait-for-sync: 'true' # Skip the waiting for package synchronisation (i.e. upload only) + + # Build packages with fpm package manager + package-cilium-cli: + needs: matrix-cilium-cli + # Should not be needed, but without these conditions, this job would fail with an error if the matrix is [] + # and would run with package-type empty if matrix is ["apk"] + if: > + github.event_name != 'schedule' && needs.matrix-cilium-cli.outputs.package-enabled != 'false' + && needs.matrix-cilium-cli.outputs.package-matrix != '[]' && needs.matrix-cilium-cli.outputs.package-matrix != '["apk"]' + + strategy: + matrix: + package-type: ${{ fromJSON(needs.matrix-cilium-cli.outputs.package-matrix) }} + arch: ${{ fromJSON(needs.matrix-cilium-cli.outputs.arch-matrix) }} + exclude: + - package-type: 'apk' + include: + # Default value for runs-on. Original matrix values will not be overridden, but added ones (like runs-on) can be. + # See https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations + - runs-on: "self-hosted-arm64-large" + # By including `arch: amd64` here, we override the `runs-on` value when the matrix `arch` is `amd64`. + # This also forces the matrix to include `arch: amd64` even if it is not in the original matrix. + # This is why we do not default for amd64 and then override for arm64. (Because it would force arm64 to be included, and some tools are not available for arm64.) + - arch: amd64 + runs-on: "ubuntu-latest" + runs-on: ${{ matrix.runs-on }} + env: + # We are in a bit of a bind here because of how GitHub actions work as of 2020-11-19 + # Although the "workspace" is mounted to the container, it is not mounted + # at `/github/workspace` or ${{github.workspace}}, although through some + # mechanism, an environment variable whose value starts with ${{github.workspace}} + # will have ${{github.workspace}} replaced with the correct mount point. + # + # We need an absolute path for the package build system, since every build happens + # in a different directory, but because the mount point changes, we also + # need a path relative to the initial working directory to communicate between + # the package building container and the cloudsmith action. + PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.package-type}}/any-version + PACKAGE_RELPATH: artifacts/${{matrix.package-type}}/any-version + + # Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type + container: + image: cloudposse/packages-${{matrix.package-type}}build:latest + credentials: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + steps: + # Checkout the packages repo so we can build the packages as a monorepo + - name: "Checkout source code at current commit" + uses: actions/checkout@v4 + + # Build the packages for the matrix version + - name: "Build ${{matrix.package-type}} packages" + shell: bash + run: | + echo Current directory is $(pwd) + [[ $PACKAGES_PATH =~ ^$(pwd) ]] || { echo Package dir \"$PACKAGES_PATH\" not beneath workdir \"$(pwd)\" >&2; exit 1; } + make -C vendor/${{github.workflow}} ${{matrix.package-type}} + + # Export the artifact filename including path + - name: "Set output path to artifact" + id: artifact + shell: bash + run: | + [[ -n $PACKAGE_RELPATH ]] || { echo Error: PACKAGE_RELPATH is not set >&2; exit 1; } + packages=($(find ${PACKAGE_RELPATH} -type f -name \*.${{matrix.package-type}})) + echo List packages found: + printf "%s\n" "${packages[@]}" | xargs --no-run-if-empty ls -l + echo Error if not exactly 1 package found + (( ${#packages[@]} == 1 )) || { echo "Error: other than 1 package found (${#packages[@]})" >&2; exit 1; } + + echo "setting output" + echo "path=$packages" | tee -a $GITHUB_OUTPUT + + echo creating '"pip"' cache directory for Cloudsmith + mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory + + # Determine which package organization we should use (e.g. dev or prod) + - name: "Determine package repo" + shell: bash + id: repo + run: | + if [[ ${GITHUB_REF} == 'refs/heads/main' ]]; then + echo "org=${{github.repository_owner}}" | tee -a $GITHUB_OUTPUT + else + echo "org=${{github.repository_owner}}-dev" | tee -a $GITHUB_OUTPUT + fi + env: + GITHUB_REF: ${{ github.ref }} + + # Publish the artifacts + - name: "Push artifact to package repository" + uses: cloudsmith-io/action@v0.5.4 + with: + api-key: ${{ secrets.CLOUDSMITH_API_KEY }} + command: 'push' + format: '${{matrix.package-type}}' + owner: '${{steps.repo.outputs.org}}' # Your Cloudsmith account name or org name (namespace) + repo: 'packages' # Your Cloudsmith Repository name (slug) + distro: 'any-distro' # Use "any-distro" since our package is compatible with more than more distribution + release: 'any-version' # Use "any-version" since our package is compatible with more than more version + republish: 'true' # Needed if version is not changing + file: '${{steps.artifact.outputs.path}}' # Package filename (including path) + no-wait-for-sync: 'true' # Skip the waiting for package synchronisation (i.e. upload only) diff --git a/README.md b/README.md index 115b232cf4..83f770fbbc 100644 --- a/README.md +++ b/README.md @@ -342,6 +342,7 @@ Here are some solutions to several common problems that may occur when adding a [![cfssl](https://github.com/cloudposse/packages/actions/workflows/cfssl.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssl)* | 1.6.5 | Cloudflare's PKI and TLS toolkit [![cfssljson](https://github.com/cloudposse/packages/actions/workflows/cfssljson.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssljson)* | 1.6.5 | Cloudflare's PKI and TLS toolkit json parser [![chamber](https://github.com/cloudposse/packages/actions/workflows/chamber.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Achamber) | 2.14.1 | CLI for managing secrets +[![cilium-cli](https://github.com/cloudposse/packages/actions/workflows/cilium-cli.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acilium-cli) | 0.16.7 | CLI to install, manage & troubleshoot Kubernetes clusters running Cilium [![cli53](https://github.com/cloudposse/packages/actions/workflows/cli53.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acli53) | 0.8.22 | Command line tool for Amazon Route 53 [![cloud-nuke](https://github.com/cloudposse/packages/actions/workflows/cloud-nuke.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloud-nuke) | 0.35.0 | Tool for wiping an aws account DANGER absolutely do not use in production [![cloudflared](https://github.com/cloudposse/packages/actions/workflows/cloudflared.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloudflared) | 2024.5.0 | Argo Tunnel client diff --git a/docs/badges.md b/docs/badges.md index cc90fe5cea..8b2c00b88f 100644 --- a/docs/badges.md +++ b/docs/badges.md @@ -15,6 +15,7 @@ [![cfssl](https://github.com/cloudposse/packages/actions/workflows/cfssl.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssl)* | 1.6.5 | Cloudflare's PKI and TLS toolkit [![cfssljson](https://github.com/cloudposse/packages/actions/workflows/cfssljson.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acfssljson)* | 1.6.5 | Cloudflare's PKI and TLS toolkit json parser [![chamber](https://github.com/cloudposse/packages/actions/workflows/chamber.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Achamber) | 2.14.1 | CLI for managing secrets +[![cilium-cli](https://github.com/cloudposse/packages/actions/workflows/cilium-cli.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acilium-cli) | 0.16.7 | CLI to install, manage & troubleshoot Kubernetes clusters running Cilium [![cli53](https://github.com/cloudposse/packages/actions/workflows/cli53.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acli53) | 0.8.22 | Command line tool for Amazon Route 53 [![cloud-nuke](https://github.com/cloudposse/packages/actions/workflows/cloud-nuke.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloud-nuke) | 0.35.0 | Tool for wiping an aws account DANGER absolutely do not use in production [![cloudflared](https://github.com/cloudposse/packages/actions/workflows/cloudflared.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloudflared) | 2024.5.0 | Argo Tunnel client diff --git a/docs/targets.md b/docs/targets.md index d4d744ef81..0e8937b77c 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -20,6 +20,7 @@ aws-vault 7.2.0 A vault for securely storing and accessing cfssl* 1.6.5 Cloudflare's PKI and TLS toolkit cfssljson* 1.6.5 Cloudflare's PKI and TLS toolkit json parser chamber 2.14.1 CLI for managing secrets +cilium-cli 0.16.7 CLI to install, manage & troubleshoot Kubernetes clusters running Cilium cli53 0.8.22 Command line tool for Amazon Route 53 cloud-nuke 0.35.0 Tool for wiping an aws account DANGER absolutely do not use in production cloudflared 2024.5.0 Argo Tunnel client diff --git a/vendor/cilium-cli/DESCRIPTION b/vendor/cilium-cli/DESCRIPTION new file mode 100644 index 0000000000..d5c7e0f1f6 --- /dev/null +++ b/vendor/cilium-cli/DESCRIPTION @@ -0,0 +1 @@ +CLI to install, manage & troubleshoot Kubernetes clusters running Cilium diff --git a/vendor/cilium-cli/LICENSE b/vendor/cilium-cli/LICENSE new file mode 100644 index 0000000000..7a85ddd4e2 --- /dev/null +++ b/vendor/cilium-cli/LICENSE @@ -0,0 +1 @@ +APACHE-2.0 diff --git a/vendor/cilium-cli/Makefile b/vendor/cilium-cli/Makefile new file mode 100644 index 0000000000..21279ee845 --- /dev/null +++ b/vendor/cilium-cli/Makefile @@ -0,0 +1,16 @@ + +# Package details +export VENDOR := cilium +export PACKAGE_EXE := cilium +export PACKAGE_HOMEPAGE_URL := https://cilium.io/ +# https://github.com/cilium/cilium-cli/releases/download/v0.16.7/cilium-linux-amd64.tar.gz +export DOWNLOAD_URL ?= $(PACKAGE_REPO_URL)/releases/download/v$(PACKAGE_VERSION)/$(PACKAGE_EXE)-$(OS)-$(ARCH).tar.gz +export APK_BUILD_TEMPLATE ?= APKBUILD.github-binary + +include ../../tasks/Makefile.vendor_includes + +install: + $(call download_tarball) + +test: + $(PACKAGE_EXE) version --client && $(PACKAGE_EXE) version --client | grep -q -F $(PACKAGE_VERSION) diff --git a/vendor/cilium-cli/RELEASE b/vendor/cilium-cli/RELEASE new file mode 100644 index 0000000000..573541ac97 --- /dev/null +++ b/vendor/cilium-cli/RELEASE @@ -0,0 +1 @@ +0 diff --git a/vendor/cilium-cli/VERSION b/vendor/cilium-cli/VERSION new file mode 100644 index 0000000000..427cda05dc --- /dev/null +++ b/vendor/cilium-cli/VERSION @@ -0,0 +1 @@ +0.16.7