operator-framework · jmrodri · Nov 8, 2021 · Sep 21, 2021 · Nov 3, 2021 · Nov 3, 2021
diff --git a/.github/workflows/deploy-manual.yml b/.github/workflows/deploy-manual.yml
@@ -6,6 +6,9 @@ on:
       ansible_operator_base_tag:
         description: ansible-operator-base image tag, ex. "6e1b47e6ca7c507b8ecf197a8edcd412dd64d85d"
         required: false
+      ansible_operator_211_base_tag:
+        description: ansible-operator-2.11-preview-base image tag, ex. "6e1b47e6ca7c507b8ecf197a8edcd412dd64d85d"
+        required: false
 
 jobs:
   # Build the ansible-operator-base image.
@@ -32,8 +35,9 @@ jobs:
       with:
         fetch-depth: 1
 
-    - name: create tag
-      id: tag
+    # Copied this for 2.11 rather than use a matrix because eventually 2.11 will be default and this will be removed.
+    - name: create 2.9-base tag
+      id: 29_base_tag
       run: |
         set -e
         IMG=quay.io/${{ github.repository_owner }}/ansible-operator-base
@@ -45,36 +49,82 @@ jobs:
         echo ::set-output name=tag::${IMG}:${TAG}
         echo ::set-output name=git_commit::${GIT_COMMIT}
 
-    - name: build and push
+    - name: create 2.11-base tag
+      id: 211_base_tag
+      run: |
+        set -e
+        IMG=quay.io/${{ github.repository_owner }}/ansible-operator-2.11-preview-base
+        TAG="${{ github.event.inputs.ansible_operator_211_base_tag }}"
+        if [[ "$TAG" == "" ]]; then
+          TAG="$(git branch --show-current)-${GIT_COMMIT}"
+        fi
+        echo ::set-output name=tag::${IMG}:${TAG}
+        echo ::set-output name=git_commit::${GIT_COMMIT}
+
+    - name: build and push ansible 2.9 dep image
       uses: docker/build-push-action@v2
       with:
         file: ./images/ansible-operator/base.Dockerfile
         context: ./images/ansible-operator
         platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
         push: true
-        tags: ${{ steps.tag.outputs.tag }}
+        tags: ${{ steps.tag.outputs.29_base_tag }}
+        build-args: |
+          GIT_COMMIT=${{ steps.tag.outputs.git_commit }}
+
+    - name: build and push ansible 2.11 dep image
+      uses: docker/build-push-action@v2
+      with:
+        file: ./images/ansible-operator-2.11-preview/base.Dockerfile
+        context: ./images/ansible-operator
+        platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
+        push: true
+        tags: ${{ steps.tag.outputs.211_base_tag }}
         build-args: |
           GIT_COMMIT=${{ steps.tag.outputs.git_commit }}
 
     # This change will be staged and committed in the PR pushed below.
     # The script below will fail if no change was made.
-    - name: update ansible-operator base
+    - name: update base of ansible-operator 2.9
       id: update
       run: |
         set -ex
-        sed -i -E 's|FROM quay\.io/operator-framework/ansible-operator-base:.+|FROM ${{ steps.tag.outputs.tag }}|g' images/ansible-operator/Dockerfile
+        sed -i -E 's|FROM quay\.io/operator-framework/ansible-operator-base:.+|FROM ${{ steps.tag.outputs.29_base_tag }}|g' images/ansible-operator/Dockerfile
         git diff --exit-code --quiet && echo "Failed to update images/ansible-operator/Dockerfile" && exit 1
         REF="${{ github.event.ref }}"
         echo ::set-output name=branch_name::"${REF##*/}"
 
-    - name: create PR
+    - name: create PR for ansible-operator 2.9 Dockerfile
       uses: peter-evans/create-pull-request@v3
       with:
-        title: "[${{ steps.update.outputs.branch_name }}] image(ansible-operator): bump base to ${{ steps.tag.outputs.tag }}"
+        title: "[${{ steps.update.outputs.branch_name }}] image(ansible-operator): bump base to ${{ steps.tag.outputs.29_base_tag }}"
         commit-message: |
-          [${{ steps.update.outputs.branch_name }}] image(ansible-operator): bump base to ${{ steps.tag.outputs.tag }}
+          [${{ steps.update.outputs.branch_name }}] image(ansible-operator): bump base to ${{ steps.tag.outputs.29_base_tag }}
 
           Signed-off-by: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
         body: "New ansible-operator-base image built by https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
         delete-branch: true
         branch-suffix: short-commit-hash
+
+    # This change will be staged and committed in the PR pushed below.
+    # The script below will fail if no change was made.
+    - name: update base of ansible-operator-2.11-preview
+      id: update
+      run: |
+        set -ex
+        sed -i -E 's|FROM quay\.io/operator-framework/ansible-operator-2.11-preview-base:.+|FROM ${{ steps.tag.outputs.211_base_tag }}|g' images/ansible-operator/Dockerfile
+        git diff --exit-code --quiet && echo "Failed to update images/ansible-operator-11-preview-base/Dockerfile" && exit 1
+        REF="${{ github.event.ref }}"
+        echo ::set-output name=branch_name::"${REF##*/}"
+
+    - name: create PR for ansible-operator-2.11-preview Dockerfile
+      uses: peter-evans/create-pull-request@v3
+      with:
+        title: "[${{ steps.update.outputs.branch_name }}] image(ansible-operator-2.11-preview): bump base to ${{ steps.tag.outputs.211_base_tag }}"
+        commit-message: |
+          [${{ steps.update.outputs.branch_name }}] image(ansible-operator-2.11-preview): bump base to ${{ steps.tag.outputs.211_base_tag }}
+
+          Signed-off-by: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+        body: "New ansible-operator-2.11-preview-base image built by https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+        delete-branch: true
+        branch-suffix: short-commit-hash
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -72,7 +72,7 @@ jobs:
     environment: deploy
     strategy:
       matrix:
-        id: ["operator-sdk", "ansible-operator", "helm-operator", "scorecard-test"]
+        id: ["operator-sdk", "helm-operator", "scorecard-test", "ansible-operator", "ansible-operator-2.11-preview"]
     steps:
 
     - name: set up qemu

diff --git a/Makefile b/Makefile
@@ -82,9 +82,14 @@ build/scorecard-test build/scorecard-test-kuttl build/custom-scorecard-tests:
 
 # Convenience wrapper for building all remotely hosted images.
 .PHONY: image-build
-IMAGE_TARGET_LIST = operator-sdk helm-operator ansible-operator scorecard-test scorecard-test-kuttl
+IMAGE_TARGET_LIST = operator-sdk helm-operator ansible-operator ansible-operator-2.11-preview scorecard-test scorecard-test-kuttl
 image-build: $(foreach i,$(IMAGE_TARGET_LIST),image/$(i)) ## Build all images.
 
+# Convenience wrapper for building dependency base images.
+.PHONY: image-build-base
+IMAGE_BASE_TARGET_LIST = ansible-operator ansible-operator-2.11-preview
+image-build-base: $(foreach i,$(IMAGE_BASE_TARGET_LIST),image-base/$(i)) ## Build all images.
+
 # Build an image.
 BUILD_IMAGE_REPO = quay.io/operator-framework
 # When running in a terminal, this will be false. If true (ex. CI), print plain progress.
@@ -95,6 +100,9 @@ image/%: export DOCKER_CLI_EXPERIMENTAL = enabled
 image/%:
 	docker buildx build $(DOCKER_PROGRESS) -t $(BUILD_IMAGE_REPO)/$*:dev -f ./images/$*/Dockerfile --load .
 
+image-base/%: export DOCKER_CLI_EXPERIMENTAL = enabled
+image-base/%:
+	docker buildx build $(DOCKER_PROGRESS) -t $(BUILD_IMAGE_REPO)/$*:dev -f ./images/$*/base.Dockerfile --load .
 ##@ Release
 
 .PHONY: release

diff --git a/images/ansible-operator-2.11-preview/Dockerfile b/images/ansible-operator-2.11-preview/Dockerfile
@@ -0,0 +1,38 @@
+# Build the manager binary
+FROM --platform=$BUILDPLATFORM golang:1.16 as builder
+ARG TARGETARCH
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY . .
+
+# Build
+RUN GOOS=linux GOARCH=$TARGETARCH make build/ansible-operator
+
+# Final image.
+# TODO(asmacdo) update GH action to set this
+FROM quay.io/operator-framework/ansible-operator-2.11-preview-base:dev
+
+ENV HOME=/opt/ansible \
+    USER_NAME=ansible \
+    USER_UID=1001
+
+# Ensure directory permissions are properly set
+RUN echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd \
+  && mkdir -p ${HOME}/.ansible/tmp \
+  && chown -R ${USER_UID}:0 ${HOME} \
+  && chmod -R ug+rwx ${HOME}
+
+WORKDIR ${HOME}
+USER ${USER_UID}
+
+COPY --from=builder /workspace/build/ansible-operator /usr/local/bin/ansible-operator
+
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml"]
diff --git a/images/ansible-operator-2.11-preview/Pipfile b/images/ansible-operator-2.11-preview/Pipfile
@@ -0,0 +1,21 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+ansible-runner = "~=1.4.7"
+ansible-runner-http = "==1.0.0"
+ipaddress = "==1.0.23"
+openshift = "~=0.12.0"
+jmespath = "==0.10.0"
+# cryptography needs to be pinned to 3.3.2 as this is the last version
+# before its setup requires rust, which is not available via RPM in the
+# base image. This pin should be re-evaluated once the base image is updated.
+cryptography = "==3.3.2"
+ansible-core = "~=2.11.0"
+
+[dev-packages]
+
+[requires]
+python_version = "3.8"