marko/cnpg-postgres-containers
1
0
Fork 0
forked from repo-mirrors/cnpg-postgres-containers
Code Pull Requests Actions Activity

feat: generate Debian (12) Bookworm images (#62)

Browse Source 
Add Debian 12 images and the related ClusterImageCatalog
---------

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
This commit is contained in:
Niccolò Fei
2024-05-09 18:41:06 +02:00
committed by GitHub
parent 4b7c4b1835
commit baed8316c7
43 changed files with 3473 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View File

@@ -6,11 +6,13 @@ on:
- main
paths-ignore:
- Debian/ClusterImageCatalog.yaml
- Debian/ClusterImageCatalog-bookworm.yaml
workflow_dispatch:
env:
IMAGE_STAGING: "ghcr.io/${{ github.repository_owner }}/postgresql-testing"
IMAGE_RELEASE: "ghcr.io/${{ github.repository_owner }}/postgresql"
DEFAULT_DISTRO: "bullseye"
jobs:
generate-jobs:
@@ -87,7 +89,7 @@ jobs:
exit-code: '1'
failure-threshold: WARN
accept-keywords: key
accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key,usr/lib/python3.9/site-packages/azure/core/settings.py
accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key,usr/lib/python3.9/site-packages/azure/core/settings.py,usr/local/lib/python3.11/dist-packages/azure/core/settings.py
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
@@ -136,13 +138,13 @@ jobs:
}
]
}
}' > ${{ matrix.version }}.yaml
}' > ${{ matrix.version }}-${{ matrix.distro }}.yaml
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.version }}-clusterimagecatalog
path: ${{ matrix.version }}.yaml
name: ${{ matrix.version }}-${{ matrix.distro }}-clusterimagecatalog
path: ${{ matrix.version }}-${{ matrix.distro }}.yaml
image-catalog:
name: Generate ClusterImageCatalog
@@ -163,8 +165,10 @@ jobs:
- name: Update ClusterImageCatalog
run: |
yq eval-all '. as $item ireduce ({}; . *+ $item )' clusterimagecatalog/*.yaml > Debian/ClusterImageCatalog.yaml
cat Debian/ClusterImageCatalog.yaml
yq eval-all '. as $item ireduce ({}; . *+ $item )' clusterimagecatalog/*-bullseye.yaml > Debian/ClusterImageCatalog-bullseye.yaml
yq eval-all '. as $item ireduce ({}; . *+ $item )' clusterimagecatalog/*-bookworm.yaml > Debian/ClusterImageCatalog-bookworm.yaml
ln -f -s ClusterImageCatalog-${DEFAULT_DISTRO}.yaml Debian/ClusterImageCatalog.yaml
cat Debian/ClusterImageCatalog.yaml Debian/ClusterImageCatalog-bullseye.yaml Debian/ClusterImageCatalog-bookworm.yaml
- name: Temporarily disable "include administrators" branch protection
if: ${{ always() && github.ref == 'refs/heads/main' }}
@@ -182,7 +186,7 @@ jobs:
author_name: CloudNativePG Automated Updates
author_email: noreply@cnpg.com
message: 'Automatic ClusterImageCatalog update'
add: 'Debian/ClusterImageCatalog.yaml'
add: 'Debian/ClusterImageCatalog*.yaml'
- name: Enable "include administrators" branch protection
uses: benjefferies/branch-protection-bot@v1.1.2

31
.github/workflows/update.yml vendored
View File

@@ -5,9 +5,6 @@ on:
- cron: 0 0 * * *
workflow_dispatch:
env:
PYTHON_VERSION: "3.9"
defaults:
run:
shell: 'bash -Eeuo pipefail -x {0}'
@@ -20,9 +17,11 @@ jobs:
- uses: actions/checkout@v4
with:
token: ${{ secrets.REPO_GHA_PAT }}
- uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
python-version: 3.9
- name: Run update script
uses: nick-fields/retry@v3
with:
@@ -32,12 +31,30 @@ jobs:
# pip-tools provides pip-compile used by update.sh
pip3 install --upgrade pip-tools pip
export PATH=$HOME/.local/bin:$PATH
echo "Updating Debian images"
./Debian/update.sh
echo "Updating Debian bullseye images"
./Debian/update.sh -d bullseye
- uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Run update script
uses: nick-fields/retry@v3
with:
timeout_minutes: 15
max_attempts: 3
command: |
# pip-tools provides pip-compile used by update.sh
pip3 install --upgrade pip-tools pip
export PATH=$HOME/.local/bin:$PATH
echo "Updating Debian bookworm images"
./Debian/update.sh -d bookworm
- name: Diff
run: |
git status
git diff
- name: Temporarily disable "include administrators" branch protection
if: ${{ always() && github.ref == 'refs/heads/main' }}
id: disable_include_admins
@@ -46,11 +63,13 @@ jobs:
access_token: ${{ secrets.REPO_GHA_PAT }}
branch: main
enforce_admins: false
- uses: EndBug/add-and-commit@v9
with:
author_name: CloudNativePG Automated Updates
author_email: noreply@cnpg.com
message: 'Daily automatic update'
- name: Enable "include administrators" branch protection
uses: benjefferies/branch-protection-bot@v1.1.2
if: ${{ always() && github.ref == 'refs/heads/main' }}