metadata:
annotations:
description: Periodically rebuilds Scylla Operator images to pickup latest OS
updates and fixes.
prow.k8s.io/context: ""
prow.k8s.io/job: ci-scylla-operator-v1.15-images
creationTimestamp: "2025-03-30T03:00:05Z"
generation: 7
labels:
app: scylla-operator
created-by-prow: "true"
prow.k8s.io/build-id: "1906179595401433088"
prow.k8s.io/context: ""
prow.k8s.io/id: 4a50f03a-347f-4e1b-b0bc-796a880edeb0
prow.k8s.io/job: ci-scylla-operator-v1.15-images
prow.k8s.io/refs.base_ref: v1.15
prow.k8s.io/refs.org: scylladb
prow.k8s.io/refs.repo: scylla-operator
prow.k8s.io/type: periodic
name: 4a50f03a-347f-4e1b-b0bc-796a880edeb0
namespace: prow-workspace
resourceVersion: "612832677"
uid: 78f3189c-1396-4360-ba0a-51e2abe4ea12
spec:
agent: kubernetes
cluster: default
decoration_config:
gcs_configuration:
bucket: gs://scylla-operator-prow
path_strategy: explicit
gcs_credentials_secret: gcs-credentials
github_api_endpoints:
- http://ghproxy.prow.svc
- https://api.github.com
github_app_id: "112385"
github_app_private_key_secret:
key: cert
name: github-token
grace_period: 15m0s
resources:
clonerefs:
requests:
cpu: 100m
initupload:
requests:
cpu: 100m
place_entrypoint:
requests:
cpu: 100m
sidecar:
requests:
cpu: 100m
timeout: 1h0m0s
utility_images:
clonerefs: us-docker.pkg.dev/k8s-infra-prow/images/clonerefs:v20240802-66b115076
entrypoint: us-docker.pkg.dev/k8s-infra-prow/images/entrypoint:v20240802-66b115076
initupload: us-docker.pkg.dev/k8s-infra-prow/images/initupload:v20240802-66b115076
sidecar: us-docker.pkg.dev/k8s-infra-prow/images/sidecar:v20240802-66b115076
extra_refs:
- base_ref: v1.15
org: scylladb
path_alias: github.com/scylladb/scylla-operator
repo: scylla-operator
workdir: true
job: ci-scylla-operator-v1.15-images
max_concurrency: 1
namespace: prow-workspace
pod_spec:
containers:
- args:
- |
trap 'touch /tmp/shared/setup.finished' EXIT
GIT_REVISION="$( git rev-parse HEAD | tee "${GIT_REVISION_FILE}" )"
export GIT_REVISION
job_name="$( yq -n 'env(JOB_SPEC) as $job_spec | $job_spec.job' )"
architectures=( "amd64" "arm64" )
for arch in "${architectures[@]}"; do
cat <<EOF | \
yq 'env(JOB_SPEC) as $job_spec | with(.spec.decoration_config; . = $job_spec.decoration_config | ... style="") | with(.spec.extra_refs; . = $job_spec.extra_refs | .[0].base_sha = strenv(GIT_REVISION) | ... style = "" ) | with(.metadata.labels; . = . + ($job_spec.extra_refs[0] | pick(["org", "repo", "base_ref"]) | (.[] | key) |= "prow.k8s.io/refs." + .))' - | \
kubectl -n="${NAMESPACE}" create -f=-
apiVersion: prow.k8s.io/v1
kind: ProwJob
metadata:
name: "${NAME}-${arch}"
annotations:
prow.k8s.io/context: ""
prow.k8s.io/job: "${job_name}-${arch}"
labels:
app: scylla-operator
prow.k8s.io/context: ""
prow.k8s.io/job: "${job_name}-${arch}"
prow.k8s.io/type: periodic
spec:
agent: kubernetes
cluster: default
job: "${job_name}-${arch}"
max_concurrency: 1
namespace: "${NAMESPACE}"
pod_spec:
containers:
- name: images
image: quay.io/scylladb/scylla-operator-images:buildah
imagePullPolicy: Always
command:
- /usr/bin/bash
- -euExo
- pipefail
- -O
- inherit_errexit
- -c
args:
- |
# Make sure the revision matches.
[[ "\$( git rev-parse HEAD )" == "${GIT_REVISION}" ]]
image_tag="1.15"
repo_ref="quay.io/scylladb/scylla-operator"
image_ref="\${repo_ref}:\${image_tag}-${BUILD_ID}-${arch}"
time buildah build --squash --format=docker \
--platform="linux/${arch}" \
--label="org.opencontainers.image.revision=${GIT_REVISION}" \
--tag="\${image_ref}" .
digestfile="\$( mktemp )"
buildah push --digestfile="\${digestfile}" "\${image_ref}"
echo '' | cat "\${digestfile}" -
buildah push --digestfile="\${digestfile}" "\${image_ref}" "docker://\${repo_ref}:\${image_tag}-\$( date '+%Y-%m-%d-%H%M%S' )-${BUILD_ID}-${arch}"
echo '' | cat "\${digestfile}" -
env:
- name: REGISTRY_AUTH_FILE
value: /var/run/secrets/quay-ci-creds/auth.json
resources:
requests:
cpu: 1
limits:
cpu: 3
securityContext:
privileged: true
runAsUser: 1000
volumeMounts:
- name: buildah-storage
mountPath: /usr/lib/containers/storage
- name: quay-ci-creds
mountPath: /var/run/secrets/quay-ci-creds
readOnly: true
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: "${arch}"
tolerations:
- key: kubernetes.io/arch
operator: Equal
value: "${arch}"
effect: NoSchedule
volumes:
- name: buildah-storage
emptyDir: {}
- name: quay-ci-creds
secret:
secretName: quay-scylladb-prod-publisher-creds
items:
- key: auth.json
path: auth.json
type: periodic
status:
# Set state to schedule the ProwJob.
state: triggered
# Set startTime to avoid being garbage collected immediately.
startTime: "$( date -u '+%Y-%m-%dT%H:%M:%SZ' )"
EOF
done
for arch in "${architectures[@]}"; do
kubectl -n="${NAMESPACE}" wait --timeout=1h --for=jsonpath='{.status.completionTime}' prowjob.prow.k8s.io/"${NAME}-${arch}"
[[ $( kubectl -n="${NAMESPACE}" get --template='{{ .status.state }}' prowjob.prow.k8s.io/"${NAME}-${arch}" ) == "success" ]]
done
command:
- /usr/bin/bash
- -euExo
- pipefail
- -O
- inherit_errexit
- -c
env:
- name: NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: GIT_REVISION_FILE
value: /tmp/shared/git_revision
image: quay.io/scylladb/scylla-operator-images:kube-tools
imagePullPolicy: Always
name: setup
resources:
limits:
cpu: "1"
requests:
cpu: 100m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount/
name: kube-api-access
- mountPath: /tmp/shared
name: shared-data
- args:
- |
echo "Waiting for git revision file to propagate..."
until [[ -f "${GIT_REVISION_FILE}" || -f /tmp/shared/setup.finished ]]; do sleep 60; done
if [[ ! -f "${GIT_REVISION_FILE}" ]]; then
echo "Setup failed. Exiting."
exit 1
fi
echo "Git revision file propagated."
image_tag="1.15"
image_ref="quay.io/scylladb/scylla-operator:${image_tag}"
git_revision="$( cat "${GIT_REVISION_FILE}" )"
buildah manifest create --annotation="org.opencontainers.image.revision=${git_revision}" "${image_ref}"
architectures=( "amd64" "arm64" )
for ARCH in "${architectures[@]}"; do
export ARCH
IMAGE_REF_ARCH="${image_ref}-${BUILD_ID}-${ARCH}"
export IMAGE_REF_ARCH
ERR_LOG="$( mktemp )"
export ERR_LOG
timeout 45m bash -xc 'until buildah pull --arch="${ARCH}" "${IMAGE_REF_ARCH}" 2>>"${ERR_LOG}"; do sleep 60; done' || ( cat "${ERR_LOG}" && exit 2 )
# Verify architecture.
[[ $( buildah inspect --type=image --format='{{ .OCIv1.Architecture }}' "${IMAGE_REF_ARCH}" ) == "${ARCH}" ]]
# Verify revision.
[[ $( buildah inspect --type=image --format='{{ index .OCIv1.Config.Labels "org.opencontainers.image.revision" }}' "${IMAGE_REF_ARCH}" ) == "${git_revision}" ]]
buildah manifest add "${image_ref}" "${IMAGE_REF_ARCH}"
done
digestfile="$( mktemp )"
buildah manifest push --digestfile="${digestfile}" "${image_ref}"
echo '' | cat "${digestfile}" -
buildah manifest push --digestfile="${digestfile}" "${image_ref}" "docker://${image_ref}-$( date '+%Y-%m-%d-%H%M%S' )"
echo '' | cat "${digestfile}" -
REGISTRY_AUTH_FILE="${DOCKERHUB_REGISTRY_AUTH_FILE}" buildah manifest push --all --digestfile="${digestfile}" "${image_ref}" "docker://docker.io/scylladb/scylla-operator:${image_tag}"
echo '' | cat "${digestfile}" -
command:
- /usr/bin/bash
- -euExo
- pipefail
- -O
- inherit_errexit
- -c
env:
- name: GIT_REVISION_FILE
value: /tmp/shared/git_revision
- name: REGISTRY_AUTH_FILE
value: /var/run/secrets/quay-ci-creds/auth.json
- name: DOCKERHUB_REGISTRY_AUTH_FILE
value: /var/run/secrets/dockerhub-ci-creds/auth.json
image: quay.io/scylladb/scylla-operator-images:buildah
imagePullPolicy: Always
name: manifests
resources:
limits:
cpu: "1"
requests:
cpu: "1"
securityContext:
privileged: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp/shared
name: shared-data
- mountPath: /usr/lib/containers/storage
name: buildah-storage
- mountPath: /var/run/secrets/quay-ci-creds
name: quay-ci-creds
readOnly: true
- mountPath: /var/run/secrets/dockerhub-ci-creds
name: dockerhub-ci-creds
readOnly: true
serviceAccountName: prowjob-creator
volumes:
- emptyDir: {}
name: buildah-storage
- name: quay-ci-creds
secret:
items:
- key: auth.json
path: auth.json
secretName: quay-scylladb-prod-publisher-creds
- name: dockerhub-ci-creds
secret:
items:
- key: auth.json
path: auth.json
secretName: dockerhub-scylladb-prod-publisher-creds
- emptyDir: {}
name: shared-data
- name: kube-api-access
projected:
defaultMode: 400
sources:
- serviceAccountToken:
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
prowjob_defaults:
tenant_id: GlobalDefaultID
report: true
type: periodic
status:
build_id: "1906179595401433088"
completionTime: "2025-03-30T03:24:47Z"
description: Job succeeded.
pendingTime: "2025-03-30T03:00:05Z"
pod_name: 4a50f03a-347f-4e1b-b0bc-796a880edeb0
prev_report_states:
gcsk8sreporter: success
gcsreporter: success
startTime: "2025-03-30T03:00:05Z"
state: success
url: https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.15-images/1906179595401433088