def write_docker_cfg( dockerfile_path: str, docker_cfg_path: str ): with open(dockerfile_path) as f: parser = dockerfile_parse.DockerfileParser(fileobj=f) relevant_image_refs = parser.parent_images # use dict to deduplicate by cfg-name (which we otherwise do not care about) container_registry_cfgs = { c.name(): c for c in (mc.find_config(img_ref) for img_ref in relevant_image_refs) if c is not None }.values() docker_cfg_auths = {} for container_registry_cfg in container_registry_cfgs: docker_cfg_auths.update( mc.find_config('eu.gcr.io/sap-se-gcp-scp-k8s/landscape').as_docker_auths() ) docker_cfg = {'auths': docker_cfg_auths} with open(docker_cfg_path, 'w') as f: json.dump(docker_cfg, f)
def create_clamav_helm_values(clamav_cfg_name): cfg_factory = ci.util.ctx().cfg_factory() clamav_config = cfg_factory.clamav(clamav_cfg_name) clamav_image_config = clamav_config.clamav_image_config() freshclam_image_config = clamav_config.freshclam_image_config() clamav_image_name = clamav_image_config.image_name() helm_values = { 'clamAV': { 'replicas': clamav_config.replicas(), 'serviceName': clamav_config.service_name(), 'servicePort': clamav_config.service_port(), 'imageReference': clamav_image_config.image_name(), 'imageTag': clamav_image_config.image_tag(), 'configValues': clamav_config.clamd_config_values(), }, 'freshClam': { 'imageReference': freshclam_image_config.image_name(), 'imageTag': freshclam_image_config.image_tag(), } } container_registry_config = find_config(clamav_image_name) if container_registry_config: credentials = container_registry_config.credentials() helm_values['imageCredentials'] = { 'registry': credentials.host(), 'username': credentials.username(), 'password': credentials.passwd(), } return helm_values
def create_upgrade_pr( component: gci.componentmodel.Component, from_ref: gci.componentmodel.ComponentReference, to_ref: gci.componentmodel.ComponentReference, to_version: str, pull_request_util, upgrade_script_path, upgrade_script_relpath, githubrepobranch: GitHubRepoBranch, repo_dir, github_cfg_name, merge_policy: MergePolicy, merge_method: MergeMethod, after_merge_callback=None, container_image: str = None, ): if container_image: dockerutil.launch_dockerd_if_not_running() ls_repo = pull_request_util.repository from_component_descriptor = cnudie.retrieve.component_descriptor( name=from_ref.componentName, version=from_ref.version, ctx_repo=component.current_repository_ctx(), ) from_component = from_component_descriptor.component # prepare env for upgrade script and after-merge-callback cmd_env = os.environ.copy() # TODO: Handle upgrades for types other than 'component' cmd_env['DEPENDENCY_TYPE'] = product.v2.COMPONENT_TYPE_NAME cmd_env['DEPENDENCY_NAME'] = to_ref.componentName cmd_env['LOCAL_DEPENDENCY_NAME'] = to_ref.name cmd_env['DEPENDENCY_VERSION'] = to_version if container_image: cmd_env['REPO_DIR'] = (repo_dir_in_container := '/mnt/main_repo') else: cmd_env['REPO_DIR'] = repo_dir cmd_env['GITHUB_CFG_NAME'] = github_cfg_name cmd_env['CTX_REPO_URL'] = component.current_repository_ctx().baseUrl if not container_image: # create upgrade diff subprocess.run([str(upgrade_script_path)], check=True, env=cmd_env) else: # run check-script in container oci_registry_cfg = cr.find_config(image_reference=container_image) if oci_registry_cfg: docker_cfg_dir = tempfile.TemporaryDirectory() dockerutil.mk_docker_cfg_dir( cfg={'auths': oci_registry_cfg.as_docker_auths()}, cfg_dir=docker_cfg_dir.name, exist_ok=True, ) else: docker_cfg_dir = None upgrade_script_path_in_container = os.path.join( repo_dir_in_container, upgrade_script_relpath, ) docker_argv = dockerutil.docker_run_argv( image_reference=container_image, argv=(upgrade_script_path_in_container, ), env=cmd_env, mounts={ repo_dir: repo_dir_in_container, }, cfg_dir=docker_cfg_dir.name, ) logger.info(f'will run: ${docker_argv=}') try: subprocess.run( docker_argv, check=True, ) finally: if docker_cfg_dir: docker_cfg_dir.cleanup() from_version = from_ref.version commit_message = f'Upgrade {to_ref.name}\n\nfrom {from_version} to {to_version}' upgrade_branch_name = push_upgrade_commit( ls_repo=ls_repo, commit_message=commit_message, githubrepobranch=githubrepobranch, repo_dir=repo_dir, ) # branch was created. Cleanup if something fails try: release_notes = _import_release_notes( component=from_component, to_version=to_version, pull_request_util=pull_request_util, ) except Exception: logger.warning('failed to retrieve release-notes') traceback.print_exc() release_notes = 'failed to retrieve release-notes' pull_request = ls_repo.create_pull( title=github.util.PullRequestUtil.calculate_pr_title( reference=to_ref, from_version=from_version, to_version=to_version), base=githubrepobranch.branch(), head=upgrade_branch_name, body=release_notes or 'failed to retrieve release-notes', ) if merge_policy is MergePolicy.MANUAL: return if merge_method is MergeMethod.MERGE: pull_request.merge(merge_method='merge') elif merge_method is MergeMethod.REBASE: pull_request.merge(merge_method='rebase') elif merge_method is MergeMethod.SQUASH: pull_request.merge(merge_method='squash') else: raise NotImplementedError(f'{merge_method=}') try: ls_repo.ref(f'heads/{upgrade_branch_name}').delete() except github3.exceptions.NotFoundError: pass if after_merge_callback: subprocess.run([os.path.join(repo_dir, after_merge_callback)], check=True, env=cmd_env)
def _invoke_callback( callback_script_path: str, repo_dir: str, effective_version: str, callback_image_reference: str = None, ): callback_env = os.environ.copy() callback_env['EFFECTIVE_VERSION'] = effective_version if callback_image_reference: repo_dir_in_container = '/mnt/main_repo' callback_env['REPO_DIR'] = repo_dir_in_container else: callback_env['REPO_DIR'] = repo_dir if not callback_image_reference: callback_script_path = os.path.join( repo_dir, callback_script_path, ) subprocess.run( [callback_script_path], check=True, env=callback_env, ) else: script_path_in_container = os.path.join( repo_dir_in_container, callback_script_path, ) oci_registry_cfg = cr.find_config( image_reference=callback_image_reference) if oci_registry_cfg: docker_cfg_dir = tempfile.TemporaryDirectory() dockerutil.mk_docker_cfg_dir( cfg={'auths': oci_registry_cfg.as_docker_auths()}, cfg_dir=docker_cfg_dir.name, exist_ok=True, ) else: docker_cfg_dir = None docker_argv = dockerutil.docker_run_argv( image_reference=callback_image_reference, argv=(script_path_in_container, ), env=callback_env, mounts={ repo_dir: repo_dir_in_container, }, cfg_dir=docker_cfg_dir.name, ) dockerutil.launch_dockerd_if_not_running() logger.info(f'will run callback using {docker_argv=}') try: subprocess.run( docker_argv, check=True, ) finally: if docker_cfg_dir: docker_cfg_dir.cleanup()