sigs.k8s.io/cluster-api-provider-azure@v1.17.0/scripts/ci-build-azure-ccm.sh

sigs.k8s.io/cluster-api-provider-azure@v1.17.0/scripts/ci-build-azure-ccm.sh (about)

     1  #!/bin/bash
     2  
     3  # Copyright 2021 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  ###############################################################################
    18  
    19  set -o errexit
    20  set -o nounset
    21  set -o pipefail
    22  
    23  REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
    24  cd "${REPO_ROOT}" || exit 1
    25  
    26  # shellcheck source=hack/ensure-go.sh
    27  source "${REPO_ROOT}/hack/ensure-go.sh"
    28  
    29  : "${AZURE_STORAGE_ACCOUNT:?Environment variable empty or not defined.}"
    30  : "${REGISTRY:?Environment variable empty or not defined.}"
    31  
    32  # cloud controller manager image
    33  export CCM_IMAGE_NAME=azure-cloud-controller-manager
    34  # cloud node manager image
    35  export CNM_IMAGE_NAME=azure-cloud-node-manager
    36  # container name
    37  export AZURE_BLOB_CONTAINER_NAME="${AZURE_BLOB_CONTAINER_NAME:-"kubernetes-ci"}"
    38  
    39  setup() {
    40      AZURE_CLOUD_PROVIDER_ROOT="${AZURE_CLOUD_PROVIDER_ROOT:-""}"
    41      if [[ -z "${AZURE_CLOUD_PROVIDER_ROOT}" ]]; then
    42          AZURE_CLOUD_PROVIDER_ROOT="$(go env GOPATH)/src/sigs.k8s.io/cloud-provider-azure"
    43          export AZURE_CLOUD_PROVIDER_ROOT
    44      fi
    45  
    46      # the azure-cloud-provider repo expects IMAGE_REGISTRY.
    47      export IMAGE_REGISTRY=${REGISTRY}
    48      pushd "${AZURE_CLOUD_PROVIDER_ROOT}" && IMAGE_TAG=$(git rev-parse --short=7 HEAD) &&
    49        IMAGE_TAG_CCM="${IMAGE_TAG_CCM:-${IMAGE_TAG}}" && IMAGE_TAG_CNM="${IMAGE_TAG_CNM:-${IMAGE_TAG}}" &&
    50        export IMAGE_TAG_CCM && export IMAGE_TAG_CNM && popd
    51      echo "Image registry is ${REGISTRY}"
    52      echo "Image Tag CCM is ${IMAGE_TAG_CCM}"
    53      echo "Image Tag CNM is ${IMAGE_TAG_CNM}"
    54      IMAGE_TAG_ACR_CREDENTIAL_PROVIDER="${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER:-${IMAGE_TAG}}"
    55      export IMAGE_TAG_ACR_CREDENTIAL_PROVIDER
    56      echo "Image Tag ACR credential provider is ${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}"
    57  }
    58  
    59  main() {
    60      if [[ "$(can_reuse_artifacts)" =~ "false" ]]; then
    61          echo "Building Linux Azure amd64 cloud controller manager"
    62          make -C "${AZURE_CLOUD_PROVIDER_ROOT}" build-ccm-image-amd64 push-ccm-image-amd64
    63          echo "Building Linux amd64 and Windows (hpc) amd64 cloud node managers"
    64          make -C "${AZURE_CLOUD_PROVIDER_ROOT}" build-node-image-linux-amd64 push-node-image-linux-amd64 push-node-image-windows-hpc-amd64 manifest-node-manager-image-windows-hpc-amd64
    65  
    66          echo "Building and pushing Linux and Windows amd64 Azure ACR credential provider"
    67          make -C "${AZURE_CLOUD_PROVIDER_ROOT}" bin/azure-acr-credential-provider bin/azure-acr-credential-provider.exe
    68  
    69          if [[ "$(az storage container exists --name "${AZURE_BLOB_CONTAINER_NAME}" --query exists --output tsv --auth-mode login)" == "false" ]]; then
    70              echo "Creating ${AZURE_BLOB_CONTAINER_NAME} storage container"
    71              az storage container create --name "${AZURE_BLOB_CONTAINER_NAME}" --auth-mode login > /dev/null
    72              # if the storage account has public access disabled at the account level this will return 404
    73              AZURE_STORAGE_AUTH_MODE=login az storage container set-permission --name "${AZURE_BLOB_CONTAINER_NAME}" --public-access container > /dev/null
    74          fi
    75  
    76          az storage blob upload --overwrite --container-name "${AZURE_BLOB_CONTAINER_NAME}" --file "${AZURE_CLOUD_PROVIDER_ROOT}/bin/azure-acr-credential-provider" --name "${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" --auth-mode login
    77          az storage blob upload --overwrite --container-name "${AZURE_BLOB_CONTAINER_NAME}" --file "${AZURE_CLOUD_PROVIDER_ROOT}/bin/azure-acr-credential-provider.exe" --name "${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" --auth-mode login
    78          az storage blob upload --overwrite --container-name "${AZURE_BLOB_CONTAINER_NAME}" --file "${AZURE_CLOUD_PROVIDER_ROOT}/examples/out-of-tree/credential-provider-config.yaml" --name "${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" --auth-mode login
    79          az storage blob upload --overwrite --container-name "${AZURE_BLOB_CONTAINER_NAME}" --file "${AZURE_CLOUD_PROVIDER_ROOT}/examples/out-of-tree/credential-provider-config-win.yaml" --name "${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config-win.yaml" --auth-mode login
    80      fi
    81  }
    82  
    83  # can_reuse_artifacts returns true if there exists CCM artifacts built from a PR that we can reuse
    84  can_reuse_artifacts() {
    85      declare -a IMAGES=("${CCM_IMAGE_NAME}:${IMAGE_TAG_CCM}" "${CNM_IMAGE_NAME}:${IMAGE_TAG_CNM}")
    86      for IMAGE in "${IMAGES[@]}"; do
    87          if ! docker pull "${REGISTRY}/${IMAGE}"; then
    88              echo "false" && return
    89          fi
    90      done
    91  
    92      if ! docker manifest inspect "${REGISTRY}/${CNM_IMAGE_NAME}:${IMAGE_TAG_CNM}" | grep -q "\"os\": \"windows\""; then
    93          echo "false" && return
    94      fi
    95  
    96      # Do not reuse the image if there is a Windows image built with older version of this script that did not
    97      # build the images as host-process-container images. Those images cannot be pulled on mis-matched Windows Server versions.
    98      if docker manifest inspect "${REGISTRY}/${CNM_IMAGE_NAME}:${IMAGE_TAG_CNM}" | grep -q "\"os.version\": \"10.0."; then
    99          echo "false" && return
   100      fi
   101  
   102      for BINARY in azure-acr-credential-provider azure-acr-credential-provider.exe credential-provider-config.yaml credential-provider-config-win.yaml; do
   103          if [[ "$(az storage blob exists --container-name "${AZURE_BLOB_CONTAINER_NAME}" --name "${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/${BINARY}" --query exists --output tsv --auth-mode login)" == "false" ]]; then
   104              echo "false" && return
   105          fi
   106      done
   107  
   108      echo "true"
   109  }
   110  
   111  capz::ci-build-azure-ccm::cleanup() {
   112      echo "cloud-provider-azure cleanup"
   113      if [[ -d "${AZURE_CLOUD_PROVIDER_ROOT:-}" ]]; then
   114          make -C "${AZURE_CLOUD_PROVIDER_ROOT}" clean || true
   115      fi
   116  }
   117  
   118  trap capz::ci-build-azure-ccm::cleanup EXIT
   119  
   120  setup
   121  main