Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: use release binary in release process #156

Merged
merged 2 commits into from
Feb 15, 2024
Merged

ci: use release binary in release process #156

merged 2 commits into from
Feb 15, 2024

Conversation

burgerdev
Copy link
Contributor

No description provided.

@burgerdev burgerdev force-pushed the burgerdev/release-policy branch from 757a823 to 9afb265 Compare February 12, 2024 14:39
Base automatically changed from burgerdev/namespace-policy to main February 14, 2024 10:01
@burgerdev burgerdev mentioned this pull request Feb 14, 2024
Merged
@burgerdev burgerdev force-pushed the burgerdev/release-policy branch from 9afb265 to 57da205 Compare February 14, 2024 10:55
@burgerdev burgerdev requested a review from 3u13r February 14, 2024 10:56
@burgerdev burgerdev marked this pull request as ready for review February 14, 2024 10:56
3u13r
3u13r approved these changes Feb 14, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

packages/default.nix Outdated Show resolved Hide resolved
katexochen
katexochen approved these changes Feb 14, 2024
View reviewed changes
Copy link
Member

@katexochen katexochen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really don't like that we have to change our containers for this, but seems like the only workaround we have for now.

@burgerdev @3u13r
nix: explicitly set PATH for OCI images
d541af6 
This deals with a missing feature of genpolicy: the Kata runtime adds a
default PATH environment variable if there is none in the image
configuration, but the genpolicy tool does not add a corresponding
allowlist entry. We work around that by just setting a PATH, although we
don't need it.

This fix allows to use the upstream genpolicy-settings.json, which we're
switching to simultaneously.

Co-authored-by: 3u13r <[email protected]>
@burgerdev burgerdev force-pushed the burgerdev/release-policy branch from 140df57 to b007063 Compare February 15, 2024 07:03
@burgerdev
ci: publish release-quality artifacts
a794322 
This commit makes Nunki releases self-contained, in the sense that users
only need the published artifacts in order to get a working coordinator,
by making the following changes to the release process.

* Update the embeddable coordinator policy hash on the release branch.
* Publish the release variant of the CLI, including the embedded policy
  hash.
* Include a coordinator deployment definition in the release that is
  compatible to the embedded coordinator hash.

This does not address the users' need for initializers and service mesh
sidecars yet.
@burgerdev burgerdev force-pushed the burgerdev/release-policy branch from b007063 to a794322 Compare February 15, 2024 10:23
@burgerdev burgerdev merged commit 42af11d into main Feb 15, 2024
5 checks passed
@burgerdev burgerdev deleted the burgerdev/release-policy branch February 15, 2024 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

@3u13r 3u13r 3u13r approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@burgerdev @3u13r @katexochen