def write_docker_cfg(
dockerfile_path: str,
docker_cfg_path: str
):
with open(dockerfile_path) as f:
parser = dockerfile_parse.DockerfileParser(fileobj=f)
relevant_image_refs = parser.parent_images
# use dict to deduplicate by cfg-name (which we otherwise do not care about)
container_registry_cfgs = {
c.name(): c for c
in (mc.find_config(img_ref) for img_ref in relevant_image_refs)
if c is not None
}.values()
docker_cfg_auths = {}
for container_registry_cfg in container_registry_cfgs:
docker_cfg_auths.update(
mc.find_config('eu.gcr.io/sap-se-gcp-scp-k8s/landscape').as_docker_auths()
)
docker_cfg = {'auths': docker_cfg_auths}
with open(docker_cfg_path, 'w') as f:
json.dump(docker_cfg, f)
def create_clamav_helm_values(clamav_cfg_name):
cfg_factory = ci.util.ctx().cfg_factory()
clamav_config = cfg_factory.clamav(clamav_cfg_name)
clamav_image_config = clamav_config.clamav_image_config()
freshclam_image_config = clamav_config.freshclam_image_config()
clamav_image_name = clamav_image_config.image_name()
helm_values = {
'clamAV': {
'replicas': clamav_config.replicas(),
'serviceName': clamav_config.service_name(),
'servicePort': clamav_config.service_port(),
'imageReference': clamav_image_config.image_name(),
'imageTag': clamav_image_config.image_tag(),
'configValues': clamav_config.clamd_config_values(),
},
'freshClam': {
'imageReference': freshclam_image_config.image_name(),
'imageTag': freshclam_image_config.image_tag(),
}
}
container_registry_config = find_config(clamav_image_name)
if container_registry_config:
credentials = container_registry_config.credentials()
helm_values['imageCredentials'] = {
'registry': credentials.host(),
'username': credentials.username(),
'password': credentials.passwd(),
}
return helm_values
def create_upgrade_pr(
component: gci.componentmodel.Component,
from_ref: gci.componentmodel.ComponentReference,
to_ref: gci.componentmodel.ComponentReference,
to_version: str,
pull_request_util,
upgrade_script_path,
upgrade_script_relpath,
githubrepobranch: GitHubRepoBranch,
repo_dir,
github_cfg_name,
merge_policy: MergePolicy,
merge_method: MergeMethod,
after_merge_callback=None,
container_image: str = None,
):
if container_image:
dockerutil.launch_dockerd_if_not_running()
ls_repo = pull_request_util.repository
from_component_descriptor = cnudie.retrieve.component_descriptor(
name=from_ref.componentName,
version=from_ref.version,
ctx_repo=component.current_repository_ctx(),
)
from_component = from_component_descriptor.component
# prepare env for upgrade script and after-merge-callback
cmd_env = os.environ.copy()
# TODO: Handle upgrades for types other than 'component'
cmd_env['DEPENDENCY_TYPE'] = product.v2.COMPONENT_TYPE_NAME
cmd_env['DEPENDENCY_NAME'] = to_ref.componentName
cmd_env['LOCAL_DEPENDENCY_NAME'] = to_ref.name
cmd_env['DEPENDENCY_VERSION'] = to_version
if container_image:
cmd_env['REPO_DIR'] = (repo_dir_in_container := '/mnt/main_repo')
else:
cmd_env['REPO_DIR'] = repo_dir
cmd_env['GITHUB_CFG_NAME'] = github_cfg_name
cmd_env['CTX_REPO_URL'] = component.current_repository_ctx().baseUrl
if not container_image:
# create upgrade diff
subprocess.run([str(upgrade_script_path)], check=True, env=cmd_env)
else:
# run check-script in container
oci_registry_cfg = cr.find_config(image_reference=container_image)
if oci_registry_cfg:
docker_cfg_dir = tempfile.TemporaryDirectory()
dockerutil.mk_docker_cfg_dir(
cfg={'auths': oci_registry_cfg.as_docker_auths()},
cfg_dir=docker_cfg_dir.name,
exist_ok=True,
)
else:
docker_cfg_dir = None
upgrade_script_path_in_container = os.path.join(
repo_dir_in_container,
upgrade_script_relpath,
)
docker_argv = dockerutil.docker_run_argv(
image_reference=container_image,
argv=(upgrade_script_path_in_container, ),
env=cmd_env,
mounts={
repo_dir: repo_dir_in_container,
},
cfg_dir=docker_cfg_dir.name,
)
logger.info(f'will run: ${docker_argv=}')
try:
subprocess.run(
docker_argv,
check=True,
)
finally:
if docker_cfg_dir:
docker_cfg_dir.cleanup()
from_version = from_ref.version
commit_message = f'Upgrade {to_ref.name}\n\nfrom {from_version} to {to_version}'
upgrade_branch_name = push_upgrade_commit(
ls_repo=ls_repo,
commit_message=commit_message,
githubrepobranch=githubrepobranch,
repo_dir=repo_dir,
)
# branch was created. Cleanup if something fails
try:
release_notes = _import_release_notes(
component=from_component,
to_version=to_version,
pull_request_util=pull_request_util,
)
except Exception:
logger.warning('failed to retrieve release-notes')
traceback.print_exc()
release_notes = 'failed to retrieve release-notes'
pull_request = ls_repo.create_pull(
title=github.util.PullRequestUtil.calculate_pr_title(
reference=to_ref, from_version=from_version,
to_version=to_version),
base=githubrepobranch.branch(),
head=upgrade_branch_name,
body=release_notes or 'failed to retrieve release-notes',
)
if merge_policy is MergePolicy.MANUAL:
return
if merge_method is MergeMethod.MERGE:
pull_request.merge(merge_method='merge')
elif merge_method is MergeMethod.REBASE:
pull_request.merge(merge_method='rebase')
elif merge_method is MergeMethod.SQUASH:
pull_request.merge(merge_method='squash')
else:
raise NotImplementedError(f'{merge_method=}')
try:
ls_repo.ref(f'heads/{upgrade_branch_name}').delete()
except github3.exceptions.NotFoundError:
pass
if after_merge_callback:
subprocess.run([os.path.join(repo_dir, after_merge_callback)],
check=True,
env=cmd_env)
def _invoke_callback(
callback_script_path: str,
repo_dir: str,
effective_version: str,
callback_image_reference: str = None,
):
callback_env = os.environ.copy()
callback_env['EFFECTIVE_VERSION'] = effective_version
if callback_image_reference:
repo_dir_in_container = '/mnt/main_repo'
callback_env['REPO_DIR'] = repo_dir_in_container
else:
callback_env['REPO_DIR'] = repo_dir
if not callback_image_reference:
callback_script_path = os.path.join(
repo_dir,
callback_script_path,
)
subprocess.run(
[callback_script_path],
check=True,
env=callback_env,
)
else:
script_path_in_container = os.path.join(
repo_dir_in_container,
callback_script_path,
)
oci_registry_cfg = cr.find_config(
image_reference=callback_image_reference)
if oci_registry_cfg:
docker_cfg_dir = tempfile.TemporaryDirectory()
dockerutil.mk_docker_cfg_dir(
cfg={'auths': oci_registry_cfg.as_docker_auths()},
cfg_dir=docker_cfg_dir.name,
exist_ok=True,
)
else:
docker_cfg_dir = None
docker_argv = dockerutil.docker_run_argv(
image_reference=callback_image_reference,
argv=(script_path_in_container, ),
env=callback_env,
mounts={
repo_dir: repo_dir_in_container,
},
cfg_dir=docker_cfg_dir.name,
)
dockerutil.launch_dockerd_if_not_running()
logger.info(f'will run callback using {docker_argv=}')
try:
subprocess.run(
docker_argv,
check=True,
)
finally:
if docker_cfg_dir:
docker_cfg_dir.cleanup()