Skip to content

Commit 2b8cf64

Browse files
namgknamgk
committed
merge sec_validation
2 parents 6cde8e8 + 7913f75 commit 2b8cf64

File tree

3 files changed

+65
-8
lines changed

3 files changed

+65
-8
lines changed

.github/workflows/publish-quayio.yaml

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
name: Publish multiarch postgres-operator images on quay.io/plotly
2+
3+
env:
4+
REGISTRY: quay.io/plotly
5+
IMAGE_NAME: postgres-operator
6+
7+
on:
8+
push:
9+
branches:
10+
- "*_w-o_sec_validation"
11+
12+
jobs:
13+
publish:
14+
name: Build, test and push image
15+
runs-on: ubuntu-latest
16+
permissions:
17+
contents: read
18+
packages: write
19+
steps:
20+
- name: Checkout repository
21+
uses: actions/checkout@v3
22+
23+
- uses: actions/setup-go@v2
24+
with:
25+
go-version: "^1.21.7"
26+
27+
- name: Run unit tests
28+
run: make deps mocks test
29+
30+
- name: Define image name
31+
id: image
32+
run: |
33+
OPERATOR_IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${GITHUB_REF_NAME}"
34+
echo "OPERATOR_IMAGE=$OPERATOR_IMAGE" >> $GITHUB_OUTPUT
35+
36+
- name: Set up QEMU
37+
uses: docker/setup-qemu-action@v2
38+
39+
- name: Set up Docker Buildx
40+
uses: docker/setup-buildx-action@v2
41+
42+
- name: Login to Quay
43+
uses: docker/login-action@v2
44+
with:
45+
registry: quay.io
46+
username: plotly+postgresop
47+
password: ${{ secrets.QUAY_POSTGRES_OPEARTOR }}
48+
49+
- name: Build and push multiarch operator image to ghcr
50+
uses: docker/build-push-action@v3
51+
with:
52+
context: .
53+
file: docker/Dockerfile
54+
push: true
55+
build-args: BASE_IMAGE=alpine:3.15
56+
tags: "${{ steps.image.outputs.OPERATOR_IMAGE }}"
57+
platforms: linux/amd64,linux/arm64

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ docker: ${DOCKERDIR}/${DOCKERFILE}
6666
echo "Version ${VERSION}"
6767
echo "CDP tag ${CDP_TAG}"
6868
echo "git describe $(shell git describe --tags --always --dirty)"
69-
docker build --rm -t "$(IMAGE):$(TAG)$(CDP_TAG)$(DEBUG_FRESH)$(DEBUG_POSTFIX)" -f "${DOCKERDIR}/${DOCKERFILE}" --build-arg VERSION="${VERSION}" .
69+
docker buildx build --platform linux/amd64 --rm -t "$(IMAGE):$(TAG)$(CDP_TAG)$(DEBUG_FRESH)$(DEBUG_POSTFIX)" -f "${DOCKERDIR}/${DOCKERFILE}" --build-arg VERSION="${VERSION}" .
7070

7171
indocker-race:
7272
docker run --rm -v "${GOPATH}":"${GOPATH}" -e GOPATH="${GOPATH}" -e RACE=1 -w ${PWD} golang:1.22.3 bash -c "make linux"

pkg/cluster/cluster.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -496,11 +496,11 @@ func (c *Cluster) compareStatefulSetWith(statefulSet *appsv1.StatefulSet) *compa
496496
needsRollUpdate = true
497497
reasons = append(reasons, "new statefulset's pod template metadata annotations does not match "+reason)
498498
}
499-
if !reflect.DeepEqual(c.Statefulset.Spec.Template.Spec.SecurityContext, statefulSet.Spec.Template.Spec.SecurityContext) {
500-
needsReplace = true
501-
needsRollUpdate = true
502-
reasons = append(reasons, "new statefulset's pod template security context in spec does not match the current one")
503-
}
499+
// if !reflect.DeepEqual(c.Statefulset.Spec.Template.Spec.SecurityContext, statefulSet.Spec.Template.Spec.SecurityContext) {
500+
// needsReplace = true
501+
// needsRollUpdate = true
502+
// reasons = append(reasons, "new statefulset's pod template security context in spec does not match the current one")
503+
// }
504504
if len(c.Statefulset.Spec.VolumeClaimTemplates) != len(statefulSet.Spec.VolumeClaimTemplates) {
505505
needsReplace = true
506506
reasons = append(reasons, "new statefulset's volumeClaimTemplates contains different number of volumes to the old one")
@@ -588,8 +588,8 @@ func (c *Cluster) compareContainers(description string, setA, setB []v1.Containe
588588
func(a, b v1.Container) bool { return !compareEnv(a.Env, b.Env) }),
589589
newCheck("new %s's %s (index %d) environment sources do not match the current one",
590590
func(a, b v1.Container) bool { return !reflect.DeepEqual(a.EnvFrom, b.EnvFrom) }),
591-
newCheck("new %s's %s (index %d) security context does not match the current one",
592-
func(a, b v1.Container) bool { return !reflect.DeepEqual(a.SecurityContext, b.SecurityContext) }),
591+
// newCheck("new %s's %s (index %d) security context does not match the current one",
592+
// func(a, b v1.Container) bool { return !reflect.DeepEqual(a.SecurityContext, b.SecurityContext) }),
593593
newCheck("new %s's %s (index %d) volume mounts do not match the current one",
594594
func(a, b v1.Container) bool { return !reflect.DeepEqual(a.VolumeMounts, b.VolumeMounts) }),
595595
}

0 commit comments

Comments
 (0)