mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

git using https, change log bucket name, temp comment out some tests

Browse Source
This commit is contained in:
Ryan Richard
2025-06-30 16:50:54 -07:00
parent b9c4fca90e
commit e14eb977b8
7 changed files with 71 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pipelines/cleanup-aws/pipeline.yml
View File

@@ -1,4 +1,4 @@
# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
display:
@@ -11,9 +11,9 @@ resources:
type: git
icon: github
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
jobs:

60
pipelines/dockerfile-builders/pipeline.yml
View File

@@ -55,9 +55,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/k8s-app-deployer/Dockerfile ]
- name: k8s-app-deployer-image
@@ -75,9 +75,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/deployment-yaml-formatter/Dockerfile ]
- name: deployment-yaml-formatter-image
@@ -95,9 +95,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/integration-test-runner/Dockerfile ]
- name: integration-test-runner-beta-dockerfile
@@ -105,9 +105,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/integration-test-runner-beta/Dockerfile ]
- name: integration-test-runner-image
@@ -135,9 +135,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/code-coverage-uploader/Dockerfile ]
- name: code-coverage-uploader-image
@@ -155,9 +155,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths:
- dockerfiles/pool-trigger-resource/Dockerfile
- "dockerfiles/pool-trigger-resource/assets/*"
@@ -257,9 +257,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/k8s-code-generator/* ]
- name: test-forward-proxy-image-ghcr
@@ -277,9 +277,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/test-forward-proxy/* ]
- name: test-bitnami-ldap-image-ghcr
@@ -297,9 +297,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/test-bitnami-ldap/Dockerfile ]
- name: test-dex-image
@@ -317,9 +317,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/test-dex/Dockerfile ]
- name: test-cfssl-image
@@ -337,9 +337,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/test-cfssl/Dockerfile ]
- name: test-kubectl-image
@@ -357,9 +357,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/test-kubectl/Dockerfile ]
- name: gh-cli-image
@@ -377,9 +377,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/gh-cli/Dockerfile ]
- name: crane-image
@@ -397,9 +397,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/crane/Dockerfile ]
- name: eks-deployer-dockerfile
@@ -407,9 +407,9 @@ resources:
icon: github
<<: *check-every-for-dockerfile
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
paths: [ dockerfiles/eks-deployer/Dockerfile ]
- name: eks-deployer-image

4
pipelines/kind-node-builder/pipeline.yml
View File

@@ -50,9 +50,9 @@ resources:
type: git
icon: github
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
- name: daily
type: time

31
pipelines/main/pipeline.yml
View File

@@ -118,7 +118,7 @@ meta:
image: integration-test-runner-image
timeout: 15m
params:
GCS_BUCKET: pinniped-ci-archive
GCS_BUCKET: pinniped-ci-logs
GCP_PROJECT: ((gcp-project-name))
GCP_USERNAME: ((gcp-cluster-diagnostic-uploader-username))
GCP_JSON_KEY: ((gcp-cluster-diagnostic-uploaded-json-key))
@@ -299,26 +299,35 @@ resources:
icon: github
check_every: 1m
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: main
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
- name: pinniped-write
type: git
icon: github
check_every: 10m
source:
uri: https://github.com/vmware/pinniped.git
branch: main
username: ((ci-bot-access-token-with-public-repo-write-permission))
- name: pinniped-ci
type: git
icon: github
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
- name: homebrew-pinniped
type: git
icon: github
check_every: 5m
source:
uri: git@github.com:vmware-tanzu/homebrew-pinniped.git
uri: https://github.com/vmware/homebrew-pinniped.git
branch: main
private_key: ((homebrew-repo-read-write-deploy-key))
username: ((ci-bot-access-token-with-public-repo-write-permission))
- name: ci-build-image
type: registry-image
@@ -1818,10 +1827,12 @@ jobs:
# The following Jumpcloud params will cause the integration tests to use Jumpcloud instead of OpenLDAP.
# We don't need to run these on every version of Kubernetes for Kind in this pipeline, so we choose to run
# them on one version to get some coverage.
<<: *jumpcloud_integration_env_vars
# TODO: replace this with some other LDAP and open firewall for outgoing LDAP and LDAPs
# <<: *jumpcloud_integration_env_vars
# The following AD params enable the ActiveDirectory integration tests. We don't need to run these on every
# version of Kubernetes for Kind in this pipeline, so we choose to run them on one version to get some coverage.
<<: *active_directory_integration_env_vars
# TODO: bring this back with a new AD server
# <<: *active_directory_integration_env_vars
# The following params enable the GitHub integration tests. We don't need to run these on every
# version of Kubernetes for Kind in this pipeline, so we choose to run them on one version to get some coverage.
<<: *github_integration_env_vars
@@ -2684,7 +2695,7 @@ jobs:
timeout: 30m
file: pinniped-ci/pipelines/shared-tasks/update-version-and-cli-docs/task.yml
input_mapping: { pinniped-in: pinniped }
- put: pinniped
- put: pinniped-write
params:
repository: pinniped-out

11
pipelines/pull-requests/pipeline.yml
View File

@@ -91,7 +91,7 @@ meta:
image: integration-test-runner-image
timeout: 15m
params:
GCS_BUCKET: pinniped-ci-archive
GCS_BUCKET: pinniped-ci-logs
GCP_PROJECT: ((gcp-project-name))
GCP_USERNAME: ((gcp-cluster-diagnostic-uploader-username))
GCP_JSON_KEY: ((gcp-cluster-diagnostic-uploaded-json-key))
@@ -923,7 +923,8 @@ jobs:
version: every
passed:
# First we list everything that should be triggered by the first ready-for-int.
- scan-image
# TODO: bring back scan-image after upgrading Golang to resolve CVEs in a PR
# - scan-image
- integration-test-oldest
- integration-test-latest
- integration-test-latest-arm64
@@ -1219,10 +1220,12 @@ jobs:
# The following Jumpcloud params will cause the integration tests to use Jumpcloud instead of OpenLDAP.
# We don't need to run these on every version of Kubernetes for Kind in this pipeline, so we choose to run
# them on one version to get some coverage.
<<: *jumpcloud_integration_env_vars
# TODO: replace this with some other LDAP and open firewall for outgoing LDAP and LDAPs
# <<: *jumpcloud_integration_env_vars
# The following AD params enable the ActiveDirectory integration tests. We don't need to run these on every
# version of Kubernetes for Kind in this pipeline, so we choose to run them on one version to get some coverage.
<<: *active_directory_integration_env_vars
# TODO: bring this back with a new AD server
# <<: *active_directory_integration_env_vars
# The following params enable the GitHub integration tests. We don't need to run these on every
# version of Kubernetes for Kind in this pipeline, so we choose to run them on one version to get some coverage.
<<: *github_integration_env_vars

7
pipelines/security-scan/pipeline.yml
View File

@@ -1,4 +1,4 @@
# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
display:
@@ -63,9 +63,9 @@ resources:
type: git
icon: github
source:
uri: git@github.com:vmware-tanzu/pinniped.git
uri: https://github.com/vmware/pinniped.git
branch: ci
private_key: ((source-repo-deploy-key))
username: ((ci-bot-access-token-with-read-only-public-repos))
- name: pinniped-latest-release-image
type: registry-image
@@ -263,7 +263,6 @@ jobs:
image: gh-cli-image
file: pinniped-ci/pipelines/shared-tasks/create-or-update-pr/task.yml
params:
DEPLOY_KEY: ((source-repo-deploy-key))
GH_TOKEN: ((ci-bot-access-token-with-public-repo-write-permission))
input_mapping:
pinniped: pinniped-out

22
pipelines/shared-tasks/create-or-update-pr/task.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
set -euo pipefail
@@ -12,22 +12,10 @@ cd pinniped
# Print the current status to the log.
git status
# Copied from https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
github_hosts='
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
'
# Prepare to be able to do commits and pushes.
ssh_dir="$HOME"/.ssh/
mkdir "$ssh_dir"
echo "$github_hosts" >"$ssh_dir"/known_hosts
echo "${DEPLOY_KEY}" >"$ssh_dir"/id_rsa
chmod 600 "$ssh_dir"/id_rsa
git config user.email "pinniped-ci-bot@users.noreply.github.com"
git config user.name "Pinny"
git remote add ssh_origin "git@github.com:vmware-tanzu/pinniped.git"
git remote add https_origin "${GH_TOKEN}@https://github.com/vmware/pinniped.git"
# Add all the changed files.
git add .
@@ -45,7 +33,7 @@ fi
# Check if the branch already exists on the remote.
new_branch="no"
if [[ -z "$(git ls-remote ssh_origin "$branch")" ]]; then
if [[ -z "$(git ls-remote https_origin "$branch")" ]]; then
echo "The branch does not already exist, so create it."
git checkout -b "$branch"
git status
@@ -56,7 +44,7 @@ else
git status
git stash
# Fetch all the remote branches so we can use one of them.
git fetch ssh_origin
git fetch https_origin
# The branch already exists, so reuse it.
git checkout "$branch"
# Pull to sync up commits with the remote branch.
@@ -83,7 +71,7 @@ git commit -m "Bump dependencies"
if [[ "$new_branch" == "yes" ]]; then
# Push the new branch to the remote.
echo "Pushing the new branch."
git push --set-upstream ssh_origin "$branch"
git push --set-upstream https_origin "$branch"
else
# Force push the existing branch to the remote.
echo "Force pushing the existing branch."