task: move configuration to yaml (#38)

trustification · Oct 30, 2024 · bbfe0f2 · bbfe0f2
1 parent ea61b36
commit bbfe0f2
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 77 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -15,6 +15,10 @@ on:
         description: "The Trustify container image"
         default: "ghcr.io/trustification/trustd:latest"
         required: true
+      image-db:
+        description: "The Database container image"
+        default: "quay.io/sclorg/postgresql-15-c9s:latest"
+        required: true
 
 jobs:
   prepare:
@@ -26,9 +30,20 @@ jobs:
           java-version: 21
           distribution: temurin
           cache: maven
+      - name: Prepare application.yaml
+        run: |
+          # Install yq
+          wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
+          chmod +x /usr/bin/yq
+          
+          # Prepare application.yaml
+          yq e -P -i '.related.image.server=strenv(IMAGE_SERVER)' src/main/resources/application.yaml
+          yq e -P -i '.related.image.db=strenv(IMAGE_DB)' src/main/resources/application.yaml
+        env:
+          IMAGE_SERVER: ${{ github.event.inputs.image-server }}
+          IMAGE_DB: ${{ github.event.inputs.image-db }}
       - name: Set release version ${{ github.event.inputs.version }}
         run: |
-          sed -i "/related\.image\.server=/ s/=.*/=ghcr\.io\/trustification\/trustd:${{ github.event.inputs.image-server }}/" src/main/resources/application.properties
           mvn -B versions:set versions:commit -DnewVersion=$NEW_VERSION
         env:
           NEW_VERSION: ${{ github.event.inputs.version }}
@@ -67,6 +82,15 @@ jobs:
         with:
           name: jreleaser-log
           path: 'jreleaser-log.tgz'
+      - name: Restore application.yaml
+        run: |
+          # Install yq
+          wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
+          chmod +x /usr/bin/yq
+
+          # Prepare application.yaml
+          yq e -P -i '.related.image.server="${RELATED_IMAGE_SERVER:ghcr.io/trustification/trustd:latest}"' src/main/resources/application.yaml
+          yq e -P -i '.related.image.db="${RELATED_IMAGE_DB:quay.io/sclorg/postgresql-15-c9s:latest}"' src/main/resources/application.yaml
       - name: Set version ${{ github.event.inputs.next }}
         run: |
           mvn -B versions:set versions:commit -DnewVersion=$NEW_VERSION

diff --git a/bundle.Dockerfile b/bundle.Dockerfile
@@ -15,15 +15,23 @@ RUN ./mvnw package -DskipTests ${QUARKUS_OPTS} -Dquarkus.operator-sdk.bundle.cha
 FROM registry.access.redhat.com/ubi9/ubi:latest AS bundle
 COPY scripts /scripts
 COPY --from=build /code/target/bundle/trustify-operator/ /code/target/bundle/trustify-operator/
-RUN dnf install curl zip unzip --allowerasing -y && \
-    curl -s "https://get.sdkman.io?rcupdate=false" | bash && \
-    source "$HOME/.sdkman/bin/sdkman-init.sh" && \
-    sdk install java && \
-    sdk install groovy && \
-    groovy scripts/enrichCSV.groovy /code/target/bundle/trustify-operator/manifests/trustify-operator.clusterserviceversion.yaml
-RUN curl --output /usr/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && \
+RUN dnf install wget --allowerasing -y && \
+    wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && \
     chmod +x /usr/bin/yq && \
-    yq e -P -i '.annotations."com.redhat.openshift.versions"="v4.10"'
+    # annotations.yaml \
+    ANNOTATIONS_FILE=/code/target/bundle/trustify-operator/metadata/annotations.yaml && \
+    yq e -P -i '.annotations."com.redhat.openshift.versions"="v4.10"' ${ANNOTATIONS_FILE} && \
+    # clusterserviceversion.yaml \
+    CSV_FILE=/code/target/bundle/trustify-operator/manifests/trustify-operator.clusterserviceversion.yaml && \
+    yq e -P -i '.metadata.annotations.support = "https://github.com/trustification/trustify-operator/issues"' ${CSV_FILE} && \
+    yq e -P -i '.metadata.annotations.description = "An Operator for installing and managing Trustify"' ${CSV_FILE} && \
+    NOW_DATE=$(date --iso-8601=seconds) yq e -P -i '.metadata.annotations.createdAt = strenv(NOW_DATE)' ${CSV_FILE} && \
+    yq e -P -i '.metadata.annotations.containerImage = .spec.install.spec.deployments[0].spec.template.spec.containers[0].image' ${CSV_FILE} && \
+    yq e -P -i '.spec.customresourcedefinitions.owned[0].description = "Represents a Trustify instance"' ${CSV_FILE} && \
+    yq e -P -i '.spec.customresourcedefinitions.owned[0].displayName = "Trustify"' ${CSV_FILE} && \
+    yq e -P -i '.spec.install.spec.clusterPermissions[0].rules[0].apiGroups = ["apiextensions.k8s.io", "config.openshift.io"]' ${CSV_FILE} && \
+    yq e -P -i '.spec.install.spec.clusterPermissions[0].rules[0].resources = ["customresourcedefinitions", "ingresses"]' ${CSV_FILE} && \
+    yq e -P -i '.spec.install.spec.clusterPermissions[0].rules[0].verbs = ["get", "list"]' ${CSV_FILE}
 
 FROM scratch
 ARG CHANNELS=alpha

diff --git a/pom.xml b/pom.xml
@@ -45,12 +45,16 @@
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-resteasy-reactive</artifactId>
+            <artifactId>quarkus-rest</artifactId>
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-smallrye-health</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-config-yaml</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>io.quarkus</groupId>

diff --git a/scripts/enrichCSV.groovy b/scripts/enrichCSV.groovy
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -0,0 +1,53 @@
+# Operator config
+related:
+  image:
+    server: ${RELATED_IMAGE_SERVER:ghcr.io/trustification/trustd:latest}
+    db: ${RELATED_IMAGE_DB:quay.io/sclorg/postgresql-15-c9s:latest}
+    pull-policy: Always
+# Quarkus config
+quarkus:
+  container-image:
+    registry: ghcr.io
+    tag: v${quarkus.application.version}
+  # Increase test hang time since the operator takes time to initiate all deployments
+  test:
+    hang-detection-timeout: 30M
+  operator-sdk:
+    crd:
+      # set to true to automatically apply CRDs to the cluster when they get regenerated
+      apply: true
+    namespaces: JOSDK_WATCH_CURRENT
+    generate-with-watched-namespaces: JOSDK_WATCH_CURRENT
+    helm:
+      enabled: true
+  # https://quarkus.io/guides/deploying-to-kubernetes#environment-variables-from-keyvalue-pairs
+  openshift:
+    env:
+      vars:
+        related-image-trustify-server: ${related.image.server}
+        related-image-db: ${related.image.db}
+        related-image-importer: ${related.image.importer}
+  kubernetes:
+    env:
+      vars:
+        related-image-trustify-server: ${related.image.server}
+        related-image-db: ${related.image.db}
+        related-image-importer: ${related.image.importer}
+    resources:
+      requests:
+        memory: 64Mi
+        cpu: 50m
+      limits:
+        memory: 256Mi
+        cpu: 250m
+    rbac:
+      roles:
+        trustify:
+          policy-rules:
+            - api-groups:
+              resources: '*'
+              verbs: '*'
+            - api-groups: security.openshift.io
+              resources: securitycontextconstraints
+              verbs: use
+              resource-names: anyuid