Update release process for webhook certificate

[SaschaSchwarze0]

Changes

Part of #1344

I am changing make generate to also run the hack/patch-crds-with-conversion.sh script so that the conversion block is now part of the CRDs that are committed.

With that, we are producing an incomplete release yaml where two things are missing: the shipwright-build-webhook-cert secret and the caBundle in the CRDs.

I am introducing hack/setup-webhook-cert.sh which can run against a cluster to create or update the webhook cert and configure the caBundle.

I am changing make install-controller-kind to call this script so that it can be used again as single make target to setup Shipwright Build. That is also required for the setup GitHub action which calls this make target and nothing else. The prepare-conversion target is therefore obsolete.

I am changing the nightly build to publish a latest.txt containing the timestamp. I am using this in the README to provide an easy command to install the latest which includes invoking the setup-webhook-cert.sh script.

I tested as much as I could locally, but will need to retest this after the nightly build ran for the first time with this.

Users who will install v0.12 will need to apply the release YAML and then run the setup script from the v0.12 tag. We will mention this in the release notes and will need to update the README again once we release.

The changes to release.sh are non-functional. I only added an env var to override the platform from the outside (which makes testing much faster if you call that script and just build for one platform instead of all), and adjusted the ko commands to be consistent by always using the long parameter name. And I needed to add a dummy KO_DOCKER_REPO to the sample build strategy command - it does not actually build any binary, but for me it always failed with exit code 123 (or 132 ?) until I specified it.

Finally, I had to fix the integration tests. Basically, whenever Kubernetes performs an operation on Shipwright artifacts, it will perform it on the Beta object. This applies to deletion propagation mainly: when a Build owns all BuildRuns and the Build is deleted, or when a namespace is deleted that contains Shipwright artifacts. Because of this, I changed the integration test to setup the CRDs with a URL with host.docker.internal, and start the webhook in the BeforeSuite of the integration tests. This works locally, but not in the GitHub action. The tests are still green because I reduced the wait time for the namespace deletion and when it is not deleted, it only prints a warning, and this warning (failed to delete namespace: test-build-291, with error: timed out waiting for the condition) happens for every test run. We should eventually address this.

Submitter Checklist

• Includes tests if functionality changed/was added
• Includes docs if changes are user-facing
• Set a kind label on this PR
• Release notes block has been filled in, or marked NONE

Release Notes

Installing a nightly release now requires you to run a post-script that sets up the TLS certificate of the conversion webhook

[SaschaSchwarze0]

Seemingly I broke in the integration tests, will check this later today.

[qu1queee]

great work

Left one comment, overall looks neat!

[qu1queee]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qu1queee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [qu1queee]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment