feat: Changed OCI tag format

Signed-off-by: Steve Hipwell <[email protected]>

.ko.yaml

@@ -1 +1,4 @@
 defaultBaseImage: public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base
+defaultPlatforms:
+  - linux/arm64
+  - linux/amd64

Makefile

@@ -1,7 +1,7 @@
 CLUSTER_NAME ?= $(shell kubectl config view --minify -o jsonpath='{.clusters[].name}' | rev | cut -d"/" -f1 | rev | cut -d"." -f1)
 
 ## Inject the app version into operator.Version
-LDFLAGS ?= -ldflags=-X=sigs.k8s.io/karpenter/pkg/operator.Version=$(shell git describe --tags --always)
+LDFLAGS ?= -ldflags=-X=sigs.k8s.io/karpenter/pkg/operator.Version=$(shell git describe --tags --always | cut -d"v" -f2)
 
 GOFLAGS ?= $(LDFLAGS)
 WITH_GOFLAGS = GOFLAGS="$(GOFLAGS)"

hack/release/common.sh

@@ -1,61 +1,48 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-config(){
-  GITHUB_ACCOUNT="aws"
-  ECR_GALLERY_NAME="karpenter"
-  RELEASE_REPO_ECR=${RELEASE_REPO_ECR:-public.ecr.aws/${ECR_GALLERY_NAME}/}
-  RELEASE_REPO_GH=${RELEASE_REPO_GH:-ghcr.io/${GITHUB_ACCOUNT}/karpenter}
+GITHUB_ACCOUNT="aws"
+ECR_GALLERY_NAME="karpenter"
+RELEASE_REPO_ECR="${RELEASE_REPO_ECR:-public.ecr.aws/${ECR_GALLERY_NAME}/}"
+RELEASE_REPO_GH="${RELEASE_REPO_GH:-ghcr.io/${GITHUB_ACCOUNT}/karpenter}"
 
-  SNAPSHOT_ECR="021119463062.dkr.ecr.us-east-1.amazonaws.com"
-  SNAPSHOT_REPO_ECR=${SNAPSHOT_REPO_ECR:-${SNAPSHOT_ECR}/karpenter/snapshot/}
+SNAPSHOT_ECR="021119463062.dkr.ecr.us-east-1.amazonaws.com"
+SNAPSHOT_REPO_ECR="${SNAPSHOT_REPO_ECR:-${SNAPSHOT_ECR}/karpenter/snapshot/}"
 
-  CURRENT_MAJOR_VERSION="0"
-  RELEASE_PLATFORM="--platform=linux/amd64,linux/arm64"
+CURRENT_MAJOR_VERSION="0"
 
-  MAIN_GITHUB_ACCOUNT="aws"
-  RELEASE_TYPE_STABLE="stable"
-  RELEASE_TYPE_SNAPSHOT="snapshot"
-}
-
-# versionData sets all the version properties for the passed release version. It sets the values
-# RELEASE_VERSION_MAJOR, RELEASE_VERSION_MINOR, and RELEASE_VERSION_PATCH to be used by other scripts
-versionData(){
-  local VERSION="$1"
-  local VERSION="${VERSION#[vV]}"
-  RELEASE_VERSION_MAJOR="${VERSION%%\.*}"
-  RELEASE_VERSION_MINOR="${VERSION#*.}"
-  RELEASE_VERSION_MINOR="${RELEASE_VERSION_MINOR%.*}"
-  RELEASE_VERSION_PATCH="${VERSION##*.}"
-  RELEASE_MINOR_VERSION="v${RELEASE_VERSION_MAJOR}.${RELEASE_VERSION_MINOR}"
-}
+MAIN_GITHUB_ACCOUNT="aws"
 
 snapshot() {
-  RELEASE_VERSION=$1
+  local commit_sha version helm_chart_version
+
+  commit_sha="${1}"
+  version="${commit_sha}"
+  helm_chart_version="${CURRENT_MAJOR_VERSION}-${commit_sha}"
+
   echo "Release Type: snapshot
-Release Version: ${RELEASE_VERSION}
-Commit: $(git rev-parse HEAD)
-Helm Chart Version $(helmChartVersion "${RELEASE_VERSION}")"
+Release Version: ${version}
+Commit: ${commit_sha}
+Helm Chart Version ${helm_chart_version}"
 
   authenticatePrivateRepo
-  buildImages "${SNAPSHOT_REPO_ECR}"
-  cosignImages
-  publishHelmChart "karpenter" "${RELEASE_VERSION}" "${SNAPSHOT_REPO_ECR}"
-  publishHelmChart "karpenter-crd" "${RELEASE_VERSION}" "${SNAPSHOT_REPO_ECR}"
+  build "${SNAPSHOT_REPO_ECR}" "${version}" "${helm_chart_version}" "${commit_sha}"
 }
 
 release() {
-  RELEASE_VERSION=$1
+  local commit_sha version helm_chart_version
+
+  commit_sha="${1}"
+  version="${2}"
+  helm_chart_version="${version}"
+
   echo "Release Type: stable
-Release Version: ${RELEASE_VERSION}
-Commit: $(git rev-parse HEAD)
-Helm Chart Version $(helmChartVersion "${RELEASE_VERSION}")"
+Release Version: ${version}
+Commit: ${commit_sha}
+Helm Chart Version ${helm_chart_version}"
 
   authenticate
-  buildImages "${RELEASE_REPO_ECR}"
-  cosignImages
-  publishHelmChart "karpenter" "${RELEASE_VERSION}" "${RELEASE_REPO_ECR}"
-  publishHelmChart "karpenter-crd" "${RELEASE_VERSION}" "${RELEASE_REPO_ECR}"
+  build "${RELEASE_REPO_ECR}" "${version}" "${helm_chart_version}" "${commit_sha}"
 }
 
 authenticate() {
@@ -66,136 +53,151 @@ authenticatePrivateRepo() {
   aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin "${SNAPSHOT_ECR}"
 }
 
-buildImages() {
-    RELEASE_REPO=$1
-    # Set the SOURCE_DATE_EPOCH and KO_DATA_DATE_EPOCH values for reproducable builds with timestamps
-    # https://ko.build/advanced/faq/
-    CONTROLLER_IMG=$(GOFLAGS=${GOFLAGS} SOURCE_DATE_EPOCH=$(git log -1 --format='%ct') KO_DATA_DATE_EPOCH=$(git log -1 --format='%ct') KO_DOCKER_REPO=${RELEASE_REPO} ko publish -B -t "${RELEASE_VERSION}" "${RELEASE_PLATFORM}" ./cmd/controller)
-    HELM_CHART_VERSION=$(helmChartVersion "$RELEASE_VERSION")
-    IMG_REPOSITORY=$(echo "$CONTROLLER_IMG" | cut -d "@" -f 1 | cut -d ":" -f 1)
-    IMG_TAG=$(echo "$CONTROLLER_IMG" | cut -d "@" -f 1 | cut -d ":" -f 2 -s)
-    IMG_DIGEST=$(echo "$CONTROLLER_IMG" | cut -d "@" -f 2)
-    yq e -i ".controller.image.repository = \"${IMG_REPOSITORY}\"" charts/karpenter/values.yaml
-    yq e -i ".controller.image.tag = \"${IMG_TAG}\"" charts/karpenter/values.yaml
-    yq e -i ".controller.image.digest = \"${IMG_DIGEST}\"" charts/karpenter/values.yaml
-    yq e -i ".appVersion = \"${RELEASE_VERSION#v}\"" charts/karpenter/Chart.yaml
-    yq e -i ".version = \"${HELM_CHART_VERSION#v}\"" charts/karpenter/Chart.yaml
-    yq e -i ".appVersion = \"${RELEASE_VERSION#v}\"" charts/karpenter-crd/Chart.yaml
-    yq e -i ".version = \"${HELM_CHART_VERSION#v}\"" charts/karpenter-crd/Chart.yaml
-}
+build() {
+  local oci_repo version helm_chart_version commit_sha date_epoch build_date img img_repo img_tag img_digest
+
+  oci_repo="${1}"
+  version="${2}"
+  helm_chart_version="${3}"
+  commit_sha="${4}"
+
+  date_epoch="$(dateEpoch)"
+  build_date="$(buildDate "${date_epoch}")"
+
+  img="$(GOFLAGS=${GOFLAGS:-} SOURCE_DATE_EPOCH="${date_epoch}" KO_DATA_DATE_EPOCH="${date_epoch}" KO_DOCKER_REPO="${oci_repo}" ko publish -B -t "${version}" ./cmd/controller)"
+  img_repo="$(echo "${img}" | cut -d "@" -f 1 | cut -d ":" -f 1)"
+  img_tag="$(echo "${img}" | cut -d "@" -f 1 | cut -d ":" -f 2 -s)"
+  img_digest="$(echo "${img}" | cut -d "@" -f 2)"
 
-releaseType(){
-  RELEASE_VERSION=$1
+  cosignOciArtifact "${version}" "${commit_sha}" "${build_date}" "${img}"
 
-  if [[ "${RELEASE_VERSION}" == v* ]]; then
-    echo "${RELEASE_TYPE_STABLE}"
-  else
-    echo "${RELEASE_TYPE_SNAPSHOT}"
-  fi
+  yq e -i ".controller.image.repository = \"${img_repo}\"" charts/karpenter/values.yaml
+  yq e -i ".controller.image.tag = \"${img_tag}\"" charts/karpenter/values.yaml
+  yq e -i ".controller.image.digest = \"${img_digest}\"" charts/karpenter/values.yaml
+
+  publishHelmChart "${oci_repo}" "karpenter" "${helm_chart_version}" "${commit_sha}" "${build_date}"
+  publishHelmChart "${oci_repo}" "karpenter-crd" "${helm_chart_version}" "${commit_sha}" "${build_date}"
 }
 
-helmChartVersion(){
-    RELEASE_VERSION=$1
-    if [[ $(releaseType "$RELEASE_VERSION") == "$RELEASE_TYPE_STABLE" ]]; then
-      echo "${RELEASE_VERSION#v}"
-    fi
+publishHelmChart() {
+  local oci_repo helm_chart version commit_sha build_date ah_config_file_name helm_chart_artifact helm_chart_digest
+
+  oci_repo="${1}"
+  helm_chart="${2}"
+  version="${3}"
+  commit_sha="${4}"
+  build_date="${5}"
 
-    if [[ $(releaseType "$RELEASE_VERSION") == "$RELEASE_TYPE_SNAPSHOT" ]]; then
-      echo "${CURRENT_MAJOR_VERSION}-${RELEASE_VERSION}"
-    fi
+  ah_config_file_name"${helm_chart}/artifacthub-repo.yaml"
+  helm_chart_artifact="${helm_chart}-${version}.tgz"
+
+  yq e -i ".appVersion = \"${version}\"" "charts/${helm_chart}/Chart.yaml"
+  yq e -i ".version = \"${version}\"" "charts/${helm_chart}/Chart.yaml"
+
+  cd charts
+  [[ -s "${ah_config_file_name}" ]] && oras push "${oci_repo}:artifacthub.io" --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml "${ah_config_file_name}:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml"
+  helm dependency update "${helm_chart}"
+  helm lint "${helm_chart}"
+  helm package "${helm_chart}" --version "${version}"
+  helm push "${helm_chart_artifact}" "oci://${oci_repo}"
+  rm "${helm_chart_artifact}"
+  cd ..
+
+  helm_chart_digest="$(crane digest "${oci_repo}:${version}")"
+  cosignOciArtifact "${version}" "${commit_sha}" "${build_date}" "${oci_repo}:${version}@${helm_chart_digest}"
 }
 
-buildDate(){
-    # Set the SOURCE_DATE_EPOCH and KO_DATA_DATE_EPOCH values for reproducable builds with timestamps
-    # https://ko.build/advanced/faq/
-    DATE_FMT="+%Y-%m-%dT%H:%M:%SZ"
-    SOURCE_DATE_EPOCH=$(git log -1 --format='%ct')
-    echo "$(date -u -r "${SOURCE_DATE_EPOCH}" $DATE_FMT 2>/dev/null)"
+cosignOciArtifact() {
+  local version commit_sha build_date artifact
+
+  version="${1}"
+  commit_sha="${2}"
+  build_date="${3}"
+  artifact="${4}"
+
+  cosign sign --yes -a version="${version}" -a commitSha="${commit_sha}" -a buildDate="${build_date}" "${artifact}"
 }
 
-cosignImages() {
-    cosign sign --yes \
-        -a GIT_HASH="$(git rev-parse HEAD)" \
-        -a GIT_VERSION="${RELEASE_VERSION}" \
-        -a BUILD_DATE="$(buildDate)" \
-        "${CONTROLLER_IMG}"
+dateEpoch() {
+  git log -1 --format='%ct'
 }
 
-publishHelmChart() {
-    CHART_NAME=$1
-    RELEASE_VERSION=$2
-    RELEASE_REPO=$3
-    HELM_CHART_VERSION=$(helmChartVersion "$RELEASE_VERSION")
-    HELM_CHART_FILE_NAME="${CHART_NAME}-${HELM_CHART_VERSION}.tgz"
-    AH_CONFIG_FILE_NAME="${CHART_NAME}/artifacthub-repo.yaml"
-
-    cd charts
-    [[ -s "${AH_CONFIG_FILE_NAME}" ]] && oras push "${RELEASE_REPO}:artifacthub.io" --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml "${AH_CONFIG_FILE_NAME}:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml"
-    helm dependency update "${CHART_NAME}"
-    helm lint "${CHART_NAME}"
-    helm package "${CHART_NAME}" --version "${HELM_CHART_VERSION}"
-    helm push "${HELM_CHART_FILE_NAME}" "oci://${RELEASE_REPO}"
-    rm "${HELM_CHART_FILE_NAME}"
-    cd ..
-
-    cosignHelmChart "${RELEASE_REPO}${CHART_NAME}" "${HELM_CHART_VERSION}"
+buildDate() {
+  local date_epoch
+
+  date_epoch="${1}"
+
+  date -u -r "${date_epoch}" "+%Y-%m-%dT%H:%M:%SZ" 2>/dev/null
 }
 
-cosignHelmChart() {
-    RELEASE_REPO=$1
-    HELM_CHART_VERSION=$2
-    digest="$(crane digest "${RELEASE_REPO}:${HELM_CHART_VERSION}")"
-    cosign sign --yes "${RELEASE_REPO}:${HELM_CHART_VERSION}@${digest}"
+prepareWebsite() {
+  local version version_parts short_version
+
+  version="${1}"
+  # shellcheck disable=SC2206
+  version_parts=(${version//./ })
+  short_version="${version_parts[0]}.${version_parts[1]}"
+
+  createNewWebsiteDirectory "${short_version}"
+  removeOldWebsiteDirectories
+  editWebsiteConfig "${version}"
+  editWebsiteVersionsMenu
 }
 
 createNewWebsiteDirectory() {
-    RELEASE_VERSION=$1
-    versionData "${RELEASE_VERSION}"
+  local short_version="${1}"
 
-    mkdir -p "website/content/en/${RELEASE_MINOR_VERSION}"
-    cp -r website/content/en/preview/* "website/content/en/${RELEASE_MINOR_VERSION}/"
+  mkdir -p "website/content/en/v${short_version}"
+  cp -r website/content/en/preview/* "website/content/en/v${short_version}/"
 
-    # Update parameterized variables in the preview documentation to be statically set in the versioned documentation
-    find "website/content/en/${RELEASE_MINOR_VERSION}/" -type f | xargs perl -i -p -e "s/{{< param \"latest_release_version\" >}}/${RELEASE_VERSION}/g;"
-    find "website/content/en/${RELEASE_MINOR_VERSION}/" -type f | xargs perl -i -p -e "s/{{< param \"latest_k8s_version\" >}}/$(yq .params.latest_k8s_version website/hugo.yaml)/g;"
-    find website/content/en/${RELEASE_MINOR_VERSION}/*/*/*.yaml -type f | xargs perl -i -p -e "s/preview/${RELEASE_MINOR_VERSION}/g;"
-    find "website/content/en/${RELEASE_MINOR_VERSION}/" -type f | xargs perl -i -p -e "s/{{< githubRelRef >}}/\/${RELEASE_VERSION}\//g;"
+  # Update parameterized variables in the preview documentation to be statically set in the versioned documentation
+  find "website/content/en/v${short_version}/" -type f -print0 | xargs perl -i -p -e "s/{{< param \"latest_release_version\" >}}/${RELEASE_VERSION}/g;"
+  find "website/content/en/v${short_version}/" -type f -print0 | xargs perl -i -p -e "s/{{< param \"latest_k8s_version\" >}}/$(yq .params.latest_k8s_version website/hugo.yaml)/g;"
+  find "website/content/en/v${short_version}/"*/*/*.yaml -type f -print0 | xargs perl -i -p -e "s/preview/v${short_version}/g;"
+  find "website/content/en/v${short_version}/" -type f -print0 | xargs perl -i -p -e "s/{{< githubRelRef >}}/\/v${short_version}\//g;"
 
-    rm -rf website/content/en/docs
-    mkdir -p website/content/en/docs
-    cp -r website/content/en/${RELEASE_MINOR_VERSION}/* website/content/en/docs/
+  rm -rf website/content/en/docs
+  mkdir -p website/content/en/docs
+  cp -r "website/content/en/v${short_version}/"* website/content/en/docs/
 }
 
 removeOldWebsiteDirectories() {
-  local n=3
+  local n=3 last_n_versions all
+
   # Get all the directories except the last n directories sorted from earliest to latest version
   # preview, docs, and v0.32 are special directories that we always propagate into the set of directory options
   # Keep the v0.32 version around while we are supporting v1beta1 migration
   # Drop it once we no longer want to maintain the v0.32 version in the docs
-  last_n_versions=$(find website/content/en/* -maxdepth 0 -type d -name "*" | grep -v "preview\|docs\|v0.32" | sort | tail -n "$n")
+  last_n_versions=$(find website/content/en/* -maxdepth 0 -type d -name "*" | grep -v "preview\|docs\|v0.32" | sort | tail -n "${n}")
   last_n_versions+=$(echo -e "\nwebsite/content/en/preview")
   last_n_versions+=$(echo -e "\nwebsite/content/en/docs")
   last_n_versions+=$(echo -e "\nwebsite/content/en/v0.32")
   all=$(find website/content/en/* -maxdepth 0 -type d -name "*")
+
   ## symmetric difference
-  comm -3 <(sort <<< $last_n_versions) <(sort <<< $all) | tr -d '\t' | xargs -r -n 1 rm -r
+  # shellcheck disable=SC2086
+  comm -3 <(sort <<< ${last_n_versions}) <(sort <<< ${all}) | tr -d '\t' | xargs -r -n 1 rm -r
 }
 
 editWebsiteConfig() {
-  RELEASE_VERSION=$1
-  yq -i ".params.latest_release_version = \"${RELEASE_VERSION}\"" website/hugo.yaml
+  local version="${1}"
+
+  yq -i ".params.latest_release_version = \"v${version}\"" website/hugo.yaml
 }
 
 # editWebsiteVersionsMenu sets relevant releases in the version dropdown menu of the website
 # without increasing the size of the set.
 # It uses the current version directories (ignoring the docs directory) to generate this list
 editWebsiteVersionsMenu() {
-  VERSIONS=($(find website/content/en/* -maxdepth 0 -type d -name "*" | xargs -r -n 1 basename | grep -v "docs\|preview"))
-  VERSIONS+=('preview')
+  local versions version
+
+  # shellcheck disable=SC2207
+  versions=($(find website/content/en/* -maxdepth 0 -type d -name "*" -print0 | xargs -r -n 1 basename | grep -v "docs\|preview"))
+  versions+=('preview')
 
   yq -i '.params.versions = []' website/hugo.yaml
 
-  for VERSION in "${VERSIONS[@]}"; do
-    yq -i ".params.versions += \"${VERSION}\"" website/hugo.yaml
+  for version in "${versions[@]}"; do
+    yq -i ".params.versions += \"${version}\"" website/hugo.yaml
   done
 }

hack/release/prepare-website.sh

@@ -1,19 +1,15 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+# shellcheck source=hack/release/common.sh
 source "${SCRIPT_DIR}/common.sh"
 
-config
-
-GIT_TAG=${GIT_TAG:-$(git describe --exact-match --tags || echo "none")}
-if [[ $(releaseType "$GIT_TAG") != $RELEASE_TYPE_STABLE ]]; then
+git_tag="${GIT_TAG:-$(git describe --exact-match --tags || echo "none")}"
+if [[ "${git_tag}" != v* ]]; then
   echo "Not a stable release. Missing required git tag."
   exit 1
 fi
-echo "RenderingPrep website files for ${GIT_TAG}"
+echo "RenderingPrep website files for ${git_tag}"
 
-createNewWebsiteDirectory "$GIT_TAG"
-removeOldWebsiteDirectories
-editWebsiteConfig "$GIT_TAG"
-editWebsiteVersionsMenu
+prepareWebsite "${git_tag#v}"

hack/release/release-crd.sh

@@ -1,15 +1,17 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-HEAD_HASH=$(git rev-parse HEAD)
-GIT_TAG=$(git describe --exact-match --tags || echo "no tag")
-
-SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+# shellcheck source=hack/release/common.sh
 source "${SCRIPT_DIR}/common.sh"
 
-config
-publishHelmChart "karpenter-crd" "${HEAD_HASH}" "${RELEASE_REPO_GH}"
+commit_sha="$(git rev-parse HEAD)"
+git_tag="$(git describe --exact-match --tags || echo "no tag")"
+
+BUILD_DATE="$(buildDate "$(dateEpoch)")"
+
+publishHelmChart "${RELEASE_REPO_GH}" "karpenter-crd" "${commit_sha}" "${commit_sha}" "${BUILD_DATE}"
 
-if [[ $(releaseType $GIT_TAG) == $RELEASE_TYPE_STABLE ]]; then
-  publishHelmChart "karpenter-crd" "${GIT_TAG}" "${RELEASE_REPO_GH}"
+if [[ "${git_tag}" == v* ]]; then
+  publishHelmChart "${RELEASE_REPO_GH}" "karpenter-crd" "${git_tag#v}" "${commit_sha}" "${BUILD_DATE}"
 fi