feat: Add db image to spec & enhance actions (#20)

* Add db image to spec & enhance actions

* Remove global ci tests

.github/actions/install-trustify/action.yml

@@ -5,15 +5,15 @@ inputs:
   operator-bundle-image:
     description: "image url for operator bundle container image"
     required: false
-    default: "ghcr.io/trustification/trustify-operator-bundle:latest"
-  server-image:
-    description: "image url for the server"
+    default: ""
+  namespace:
+    description: "the namespace where Trustify should be installed"
     required: false
-    default: "ghcr.io/trustification/trustd:latest"
-  image-pull-policy:
-    description: "Image Pull Policy"
+    default: ""
+  trustify-cr:
+    description: "JSON encoded Trustify Custom Resource (CR) string"
     required: false
-    default: "Always"
+    default: ""
 runs:
   using: "composite"
   steps:
@@ -36,10 +36,11 @@ runs:
         curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.35.0/operator-sdk_linux_amd64
         sudo install -o root -g root -m 0755 operator-sdk_linux_amd64 /usr/local/bin/operator-sdk
     - name: Install Trustify
+      env:
+        OPERATOR_BUNDLE_IMAGE: ${{ inputs.operator-bundle-image }}
+        NAMESPACE: ${{ inputs.namespace }}
+        TRUSTIFY_CR: ${{ inputs.trustify-cr }}
       run: |
-        export OPERATOR_BUNDLE_IMAGE="${{ inputs.operator-bundle-image }}"
-        export SERVER_IMAGE="${{ inputs.server-image }}"        
-        export IMAGE_PULL_POLICY="${{ inputs.image-pull-policy }}"
         make install-trustify
       working-directory: ${{ github.action_path }}/../../..
-      shell: bash
+      shell: bash

.github/workflows/ci.yml

@@ -38,3 +38,15 @@ jobs:
           KUBERNETES_VERSION: ${{ matrix.kubernetes_version }}
         run: |
           mvn verify
+
+  build-operator-bundle:
+    runs-on: ubuntu-latest
+    env:
+      IMG: ttl.sh/trustify-operator-${{ github.sha }}:2h
+      BUNDLE_IMG: ttl.sh/trustify-operator-bundle-${{ github.sha }}:2h
+    steps:
+      - uses: actions/checkout@v4
+      - name: Create operator
+        run: DOCKERFILE=Dockerfile.jvm make docker-build docker-push
+      - name: Create operator-bundle
+        run: make bundle-build bundle-push

Makefile

@@ -185,7 +185,3 @@ start-minikube:
 .PHONY: install-trustify
 install-trustify:
 	bash hack/install-trustify.sh
-
-.PHONY: install-trustify-bundle
-install-trustify-bundle:
-	bash hack/install-trustify-bundle.sh

hack/install-trustify.sh

@@ -2,41 +2,21 @@
 
 set -e
 set -x
-
-# Figure out where we are being run from.
-# This relies on script being run from:
-#  - ${PROJECT_ROOT}/hack/install-trustify.sh
-#  - ${PROJECT_ROOT}/bin/install-trustify.sh
-__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-__root="$(cd "$(dirname "${__dir}")" && pwd)"
-__repo="$(basename "${__root}")"
-__bin_dir="${__root}/bin"
-__os="$(uname -s | tr '[:upper:]' '[:lower:]')"
-__arch="$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')"
-
-# Update PATH for execution of this script
-export PATH="${__bin_dir}:${PATH}"
+set -o pipefail
 
 NAMESPACE="${NAMESPACE:-trustify}"
 OPERATOR_BUNDLE_IMAGE="${OPERATOR_BUNDLE_IMAGE:-ghcr.io/trustification/trustify-operator-bundle:latest}"
-SERVER_IMAGE="${SERVER_IMAGE:-ghcr.io/trustification/trustd:latest}"
-IMAGE_PULL_POLICY="${IMAGE_PULL_POLICY:-Always}"
+TRUSTIFY_CR="${TRUSTIFY_CR:-}"
 TIMEOUT="${TIMEOUT:-15m}"
 
 if ! command -v kubectl >/dev/null 2>&1; then
-  kubectl_bin="${__bin_dir}/kubectl"
-  mkdir -p "${__bin_dir}"
-  curl -Lo "${kubectl_bin}" "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/${__os}/${__arch}/kubectl"
-  chmod +x "${kubectl_bin}"
+  echo "Please install kubectl. See https://kubernetes.io/docs/tasks/tools/"
+  exit 1
 fi
 
-if ! command -v operator-sdk1 >/dev/null 2>&1; then
-  operator_sdk_bin="${__bin_dir}/operator-sdk"
-  mkdir -p "${__bin_dir}"
-
-  version=$(curl --silent "https://api.github.com/repos/operator-framework/operator-sdk/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
-  curl -Lo "${operator_sdk_bin}" "https://github.com/operator-framework/operator-sdk/releases/download/${version}/operator-sdk_${__os}_${__arch}"
-  chmod +x "${operator_sdk_bin}"
+if ! command -v operator-sdk >/dev/null 2>&1; then
+  echo "Please install operator-sdk. See https://sdk.operatorframework.io/docs/installation/"
+  exit 1
 fi
 
 install_operator() {
@@ -47,52 +27,66 @@ install_operator() {
   # If on MacOS, need to install `brew install coreutils` to get `timeout`
   timeout 600s bash -c 'until kubectl get customresourcedefinitions.apiextensions.k8s.io trustifies.org.trustify; do sleep 30; done' \
   || kubectl get subscription --namespace ${NAMESPACE} -o yaml trustify-operator # Print subscription details when timed out
+  kubectl get clusterserviceversions.operators.coreos.com -n "${NAMESPACE}" -o yaml
 }
 
-kubectl get customresourcedefinitions.apiextensions.k8s.io clusterserviceversions.operators.coreos.com || operator-sdk olm install
-olm_namespace=$(kubectl get clusterserviceversions.operators.coreos.com --all-namespaces | grep packageserver | awk '{print $1}')
-kubectl rollout status -w deployment/olm-operator --namespace="${olm_namespace}"
-kubectl rollout status -w deployment/catalog-operator --namespace="${olm_namespace}"
-kubectl wait --namespace "${olm_namespace}" --for='jsonpath={.status.phase}'=Succeeded clusterserviceversions.operators.coreos.com packageserver
-kubectl get customresourcedefinitions.apiextensions.k8s.io org.trustify || install_operator
+install_trustify() {
+  echo "Waiting for the Trustify CRD to become available"
+  kubectl wait --namespace "${NAMESPACE}" --for=condition=established customresourcedefinitions.apiextensions.k8s.io/trustifies.org.trustify
 
+  echo "Waiting for the Trustify Operator to exist"
+  timeout 2m bash -c "until kubectl --namespace ${NAMESPACE} get deployment/trustify-operator; do sleep 10; done"
 
-# Create, and wait for, trustify
-kubectl wait \
-  --namespace ${NAMESPACE} \
-  --for=condition=established \
-  customresourcedefinitions.apiextensions.k8s.io/trustifies.org.trustify
-cat <<EOF | kubectl apply -f -
+  echo "Waiting for the Trustify Operator to become available"
+  kubectl rollout status --namespace "${NAMESPACE}" -w deployment/trustify-operator --timeout=600s
+
+  if [ -n "${TRUSTIFY_CR}" ]; then
+      echo "${TRUSTIFY_CR}" | kubectl apply --namespace "${NAMESPACE}" -f -
+    else
+      cat <<EOF | kubectl apply --namespace "${NAMESPACE}" -f -
 kind: Trustify
 apiVersion: org.trustify/v1alpha1
 metadata:
   name: myapp
-  namespace: ${NAMESPACE}
-spec:
-  serverImage: ${SERVER_IMAGE}
-  imagePullPolicy: ${IMAGE_PULL_POLICY}
+spec: {}
 EOF
-# Wait for reconcile to finish
-kubectl wait \
-  --namespace ${NAMESPACE} \
-  --for=condition=Successful \
-  --timeout=600s \
-  trustifies.org.trustify/myapp \
-|| kubectl get \
-  --namespace ${NAMESPACE} \
-  -o yaml \
-  trustifies.org.trustify/myapp # Print trustify debug when timed out
+    fi
+
+  # Want to see in github logs what we just created
+  kubectl get --namespace "${NAMESPACE}" -o yaml trustifies.org.trustify/myapp
 
-# Now wait for all the trustify deployments
-kubectl wait \
-  --namespace ${NAMESPACE} \
-  --selector="app.kubernetes.io/part-of=myapp" \
-  --for=condition=Available \
-  --timeout=600s \
-  deployments.apps \
-|| kubectl get \
-  --namespace ${NAMESPACE} \
-  --selector="app.kubernetes.io/part-of=myapp" \
-  --field-selector=status.phase!=Running  \
-  -o yaml \
-  pods # Print not running trustify pods when timed out
+  # Wait for reconcile to finish
+    kubectl wait \
+      --namespace ${NAMESPACE} \
+      --for=condition=Successful \
+      --timeout=600s \
+      trustifies.org.trustify/myapp \
+    || kubectl get \
+      --namespace ${NAMESPACE} \
+      -o yaml \
+      trustifies.org.trustify/myapp # Print trustify debug when timed out
+
+  # Now wait for all the trustify deployments
+  kubectl wait \
+    --namespace ${NAMESPACE} \
+    --selector="app.kubernetes.io/part-of=myapp" \
+    --for=condition=Available \
+    --timeout=600s \
+    deployments.apps \
+  || kubectl get \
+    --namespace ${NAMESPACE} \
+    --selector="app.kubernetes.io/part-of=myapp" \
+    --field-selector=status.phase!=Running  \
+    -o yaml \
+    pods # Print not running trustify pods when timed out
+
+  kubectl get deployments.apps -n "${NAMESPACE}" -o yaml
+}
+
+kubectl get customresourcedefinitions.apiextensions.k8s.io clusterserviceversions.operators.coreos.com || operator-sdk olm install
+olm_namespace=$(kubectl get clusterserviceversions.operators.coreos.com --all-namespaces | grep packageserver | awk '{print $1}')
+kubectl rollout status -w deployment/olm-operator --namespace="${olm_namespace}"
+kubectl rollout status -w deployment/catalog-operator --namespace="${olm_namespace}"
+kubectl wait --namespace "${olm_namespace}" --for='jsonpath={.status.phase}'=Succeeded clusterserviceversions.operators.coreos.com packageserver
+kubectl get customresourcedefinitions.apiextensions.k8s.io org.trustify || install_operator
+install_trustify

src/main/java/org/trustify/operator/cdrs/v2alpha1/TrustifySpec.java

@@ -10,6 +10,9 @@ public record TrustifySpec(
         @JsonPropertyDescription("Custom Trustify Server image to be used. For internal use only")
         String serverImage,
 
+        @JsonPropertyDescription("Custom Trustify DB Server image to be used. For internal use only")
+        String dbImage,
+
         @JsonPropertyDescription("Custom Image Pull Policy for images managed by the Operator")
         String imagePullPolicy,
 
@@ -41,6 +44,7 @@ public TrustifySpec() {
                 null,
                 null,
                 null,
+                null,
                 null
         );
     }