From c97fc465e83d1d639b4f7cfc4d53847537f7b06f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Mon, 5 Apr 2021 21:01:32 +0200 Subject: [PATCH 1/5] Add devel to the docker releases --- .github/workflows/release-docker.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-docker.yaml b/.github/workflows/release-docker.yaml index d250b59..a582719 100644 --- a/.github/workflows/release-docker.yaml +++ b/.github/workflows/release-docker.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - devel jobs: release: From 6234301c85dcaf136a03677b4be18e1fb713033f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Mon, 5 Apr 2021 21:09:38 +0200 Subject: [PATCH 2/5] Switch dockerhub for Github's docker registry --- .github/workflows/release-docker.yaml | 6 +++--- Makefile | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-docker.yaml b/.github/workflows/release-docker.yaml index a582719..39d96c4 100644 --- a/.github/workflows/release-docker.yaml +++ b/.github/workflows/release-docker.yaml @@ -13,7 +13,7 @@ jobs: - name: Checkout uses: actions/checkout@v1 with: - ref: main + ref: ${{ github.ref }} - name: Configure Git run: | @@ -23,8 +23,8 @@ jobs: - name: Build and push docker images (make image) run: make image env: - DOCKER_USER: '${{ secrets.DOCKER_USER }}' - DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' + DOCKER_USER: ${GITHUB_ACTOR} + DOCKER_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Logout from dockerhub (make docker-logout) run: make docker-logout \ No newline at end of file diff --git a/Makefile b/Makefile index 8231acd..070d798 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,8 @@ # Image URL to use all building/pushing image targets; # Use your own docker registry and image name for dev/test by overridding the # IMAGE_REPO, IMAGE_NAME and IMAGE_TAG environment variable. -IMAGE_REPO ?= marshallmarshall +REPOSITORY_BASE ?= ghcr.io +IMAGE_REPO ?= $(REPOSITORY_BASE)/ysoftdevs/imagepullsecret-injector IMAGE_NAME ?= imagepullsecret-injector GENERATOR_IMAGE_NAME ?= webhook-cert-generator @@ -81,7 +82,7 @@ build-linux: image: docker-login build-image push-image docker-login: - @echo ${DOCKER_TOKEN} | docker login -u ${DOCKER_USER} --password-stdin + @echo "$(DOCKER_TOKEN)" | docker login -u "$(DOCKER_USER)" --password-stdin "$(REPOSITORY_BASE)" docker-logout: @docker logout From ec9cd60d14b6adbb00ad16295811bcf3d0cca2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Mon, 5 Apr 2021 22:02:22 +0200 Subject: [PATCH 3/5] Use github-hosted images in helm --- helm/imagepullsecret-injector/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/imagepullsecret-injector/values.yaml b/helm/imagepullsecret-injector/values.yaml index a633548..305e35e 100644 --- a/helm/imagepullsecret-injector/values.yaml +++ b/helm/imagepullsecret-injector/values.yaml @@ -1,12 +1,12 @@ image: - registry: marshallmarshall + registry: ghcr.io/ysoftdevs/imagepullsecret-injector repository: imagepullsecret-injector pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "" certificateGeneratorImage: - registry: marshallmarshall + registry: ghcr.io/ysoftdevs/imagepullsecret-injector repository: webhook-cert-generator tag: "" From ea8755766ccd067b6b6564fa9a913744f87248d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Mon, 5 Apr 2021 22:02:35 +0200 Subject: [PATCH 4/5] Correct the Readme --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 65a53bc..572fdfc 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,8 @@ The responsibility of this webhook is to patch all newly created/updated service account and make sure they all contained proper imagepullsecret configuration. This repo produces one helm chart available via helm repository https://ysoftdevs.github.io/imagepullsecret-injector. There are also 2 docker images: -- `marshallmarshall/imagepullsecret-injector` - the image containing the webhook itself -- `marshallmarshall/webhook-cert-generator` - helper image responsible for (re)generating the certificates - - +- `ghcr.io/ysoftdevs/imagepullsecret-injector/imagepullsecret-injector` - the image containing the webhook itself +- `ghcr.io/ysoftdevs/imagepullsecret-injector/webhook-cert-generator` - helper image responsible for (re)generating the certificates ## Helm description The helm chart consists of 2 parts: the certificate generator and the webhook configuration itself. @@ -59,3 +57,6 @@ Of note is also a fact that the chart runs a lookup to the connected cluster to kubectl get sa -n yolo default -ojsonpath='{.imagePullSecrets}' ``` The `get` command should display _some_ non-empty result. + +## Releasing locally +To authenticate to the docker registry to push the images manually, you will need your own Github Personal Access Token. For more information follow this guide https://docs.github.com/en/packages/guides/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry \ No newline at end of file From c22716b470aed93a760bda3d14fd94c352a060a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Mon, 5 Apr 2021 22:07:35 +0200 Subject: [PATCH 5/5] Bump the chart version --- helm/imagepullsecret-injector/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/imagepullsecret-injector/Chart.yaml b/helm/imagepullsecret-injector/Chart.yaml index 06d16b6..cad3f45 100644 --- a/helm/imagepullsecret-injector/Chart.yaml +++ b/helm/imagepullsecret-injector/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.15 +version: 0.0.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to