New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make sure crd-* manifests are YAML before passing to controller-gen #3996
make sure crd-* manifests are YAML before passing to controller-gen #3996
Conversation
@maelvls: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: maelvls The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like some tests failed, and I think you will need to figure out how to get Bazel to install the cue
tool. See https://github.com/jetstack/cert-manager/blob/3bb830c2abb40742466452b301ab9f1b64f47eda/hack/BUILD.bazel#L235-L262
Also might be worth considering kubeval: https://kubeval.instrumenta.dev/
$ kubeval deploy/crds/*.yaml
ERR - Failed to decode YAML from deploy/crds/crd-certificaterequests.yaml: error converting YAML to JSON: yaml: line 32: did not find expected node content
ERR - Failed to decode YAML from deploy/crds/crd-certificates.yaml: error converting YAML to JSON: yaml: line 32: did not find expected node content
ERR - Failed to decode YAML from deploy/crds/crd-challenges.yaml: error converting YAML to JSON: yaml: line 30: did not find expected node content
ERR - Failed to decode YAML from deploy/crds/crd-clusterissuers.yaml: error converting YAML to JSON: yaml: line 29: did not find expected node content
ERR - Failed to decode YAML from deploy/crds/crd-issuers.yaml: error converting YAML to JSON: yaml: line 29: did not find expected node content
ERR - Failed to decode YAML from deploy/crds/crd-orders.yaml: error converting YAML to JSON: yaml: line 30: did not find expected node content
I went looking to see if there's a I tried dry-run=client, but it still requires a connection to an API server:
|
Happy to help with running through how to wire up Bazel for this! You should be able to take a look at |
I'm not quite familiar with Bazel 😅 I'll look into it |
Phew... After a lot of struggling, I went back to just I just can't be bothered struggling with Bazel when we can just # Tools installed with "go install" below are sandboxed by Bazel.
export GOPATH=$PWD
export PATH=$(dirname "$go"):$GOPATH/bin:$PATH
# Only installs the first time you run ./hack/update-crds.sh.
go install cuelang.org/go/cmd/cue@v0.4.0-beta.1
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.9
cue vet hack/valid-crd.cue deploy/crds/*.yaml
controller-gen schemapatch:manifests=./deploy/crds output:dir=./deploy/crds paths=./pkg/apis/... The only downside with this approach is that I know I should be doing it "properly" by using |
Do we run this script in CI? I think the images might not have I'd also be happy to look at the Bazel bits. |
e3c2ae7
to
35bb0f8
Compare
@irbekrm I removed the |
35bb0f8
to
0c99be6
Compare
The controller-gen tool's schemapatch option silently skips CRDs files that are not valid YAML. We often forget that, and end up merging a CRD file that we silently won't be able to update using ./hack/update-crds.sh. This patch uses CUE to parse the YAML files. We could have picked something like yq (Python) or the Go version of yq, but we don't want Python dependencies, and the Go version of yq has a poor UX. Here is what you can expect when one of the CRDs isn't a proper YAML file: % ./hack/update-crds.sh /home/mvalais/code/cert-manager/deploy/crds/crd-orders.yaml:14: did not find expected key Signed-off-by: Maël Valais <mael@vls.dev>
0c99be6
to
ac327d1
Compare
/test pull-cert-manager-bazel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great to me, glad we'll have this check.
I've only added a nit, happy to lgtm otherwise.
Note- I did briefly look at whether we can use any of the existing tools for this, but looks like we cannot. I guess it would be nice if we could use a single yaml validation/interpolation tool for all yaml templating/validation etc, but that doesn't seem possible.
@@ -0,0 +1,2 @@ | |||
// We just validate that our CRDs are valid YAML files, we don't care about | |||
// validating the data itself. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: whitespace
@maelvls: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
As described in #3989,
controller-gen
'sschemapatch
option silently skips CRDs files that are not valid YAML. We often forget that, and end up merging a CRD file that we silently won't be able to update using./hack/update-crds.sh
like what happened in #3932.This patch uses the excellent
cue
to parse the YAML files. I could have picked something likeyq
(Python) or its Go port,mikefarah/yq
, but we don't want Python dependencies, and the Go portmikefarah/yq
isn't great (e.g., does not show the file name when a parsing error happens...).Here is what you can expect when one of the CRDs isn't a proper YAML file:
Note to the reviewer:
I don't know whether using CUE is really a good idea... I don't know how to tell Bazel to download CUE either, so I just defaulted to using Go 1.16's
go install @version
syntax./kind cleanup
/release-note-none