AIO for master

Signed-off-by: muicoder <muicoder@gmail.com>

Author: muicoder

.github/workflows/action.yml

@@ -0,0 +1,92 @@
+env:
+  OEM: ${{ inputs.oem }}
+jobs:
+  logical-backup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: logical-backup
+          file: logical-backup/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          provenance: false
+          pull: true
+          push: true
+          sbom: false
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/logical-backup:latest
+  pgbouncer:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          file: docker/pooler.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          provenance: false
+          pull: true
+          push: true
+          sbom: false
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/pgbouncer:latest
+  postgres-operator:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "~1.22"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+      - name: Building
+        run: make deps && make codegen && hack/rename-codegen.sh && for ta in amd64 arm64; do go env -w GOARCH=$ta && make local && kubectl-pg/build.sh $PWD/build/kubectl-pg && mv build docker/$ta; done;tree docker
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: docker
+          platforms: linux/amd64,linux/arm64
+          provenance: false
+          pull: true
+          push: true
+          sbom: false
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/postgres-operator:${{ env.OEM }}
+name: buildImage
+on:
+  workflow_dispatch:
+    inputs:
+      oem:
+        default: sensoro
+        description: OEM
+        required: true
+        type: string

.github/workflows/syncImages.yml

@@ -0,0 +1,68 @@
+jobs:
+  module:
+    needs:
+      - versions
+    runs-on: ubuntu-latest
+    steps:
+      - id: version
+        name: build
+        run: |
+          buildah version
+          date >"$(hostname)"
+          until sudo curl -sL "https://github.com/nicholasdille/buildah-static/releases/download/$(curl -fsSL "https://api.github.com/repos/nicholasdille/buildah-static/releases/latest" | yq .tag_name)/buildah-amd64.tar.gz" | tar -C ~ -xz "bin/buildah" --strip-components=1; do
+          sleep "$(($(grep -v ^$ -c "$(hostname)") * 2))s"
+          date >>"$(hostname)"
+          done
+          if ~/buildah inspect "ghcr.io/zalando/${{ matrix.module }}:${{ matrix.version }}" >/dev/null; then
+              echo "FROM ghcr.io/zalando/${{ matrix.module }}:${{ matrix.version }}" >Dockerfile
+              echo "platforms=linux/amd64,linux/arm64" >>$GITHUB_OUTPUT
+          else
+              echo "FROM registry.opensource.zalan.do/acid/${{ matrix.module }}:${{ matrix.version }} AS pgbouncer" >Dockerfile
+              echo "platforms=linux/amd64" >>$GITHUB_OUTPUT
+          fi
+          case ${{ matrix.module }} in
+            pgbouncer)
+              echo "RUN sed -i -E 's~(_tls_sslmode =).+~\1 prefer~g;s~(_tls_protocols =).+~\1 all~;s~(^stats_users_.+)~#\1~' /etc/pgbouncer/pgbouncer.ini.tmpl" >>Dockerfile
+              echo "FROM registry.opensource.zalan.do/acid/${{ matrix.module }}:${{ matrix.version }}" >>Dockerfile
+              echo "COPY --from=pgbouncer /etc/pgbouncer/pgbouncer.ini.tmpl /etc/pgbouncer/pgbouncer.ini.tmpl" >>Dockerfile
+              ;;
+            esac
+          ~/buildah version
+          cat Dockerfile
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: ${{ steps.version.outputs.platforms }}
+          provenance: false
+          pull: true
+          push: true
+          sbom: false
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.module }}:${{ matrix.version }}
+    strategy:
+      matrix: ${{ fromJson(needs.versions.outputs.matrix) }}
+  versions:
+    outputs:
+      matrix: ${{ steps.versions.outputs.matrix }}
+    runs-on: ubuntu-latest
+    steps:
+      - id: versions
+        name: versions
+        run: |
+          echo IyEvdXNyL2Jpbi9lbnYgc2gKCnNldCAtZQoKcmVhZG9ubHkgcmVnaXN0cnk9InJlZ2lzdHJ5Lm9wZW5zb3VyY2UuemFsYW4uZG8iCnJlYWRvbmx5IFJFR0lTVFJZPSIkezE6LSR7UkVHSVNUUlk6LWRvY2tlci5pb319IgpyZWFkb25seSByZXBvc2l0b3J5PSJhY2lkIgpyZWFkb25seSBSRVBPU0lUT1JZPSIkezI6LSR7UkVQT1NJVE9SWTotbGlicmFyeX19IgoKY2FjaGUoKSB7CiAgY2FzZSAkUkVHSVNUUlkgaW4KICBkb2NrZXIuaW8pCiAgICBjaGVja191cmw9Imh0dHBzOi8vaHViLmRvY2tlci5jb20vdjIvcmVwb3NpdG9yaWVzLyRSRVBPU0lUT1JZLyRhcnRpZmFjdC90YWdzLyRpbWFnZV90YWciCiAgICA7OwogIGVzYWMKICBpZiAhIGN1cmwgLXNTTCAiJGNoZWNrX3VybCIgfCB5cSAtQ2VQICcuaW1hZ2VzW10uYXJjaGl0ZWN0dXJlJyA+L2Rldi9udWxsIDI+JjE7IHRoZW4KICAgIGVjaG8gIiAgLSBtb2R1bGU6ICRhcnRpZmFjdCIKICAgIGVjaG8gIiAgICB2ZXJzaW9uOiAkaW1hZ2VfdGFnIgogIGZpCn0KCmVjaG8gaW5jbHVkZTogPnZlcnNpb25zCgp2ZXJzaW9uPSQoY3VybCAtZnNTTCAiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy96YWxhbmRvL3Bvc3RncmVzLW9wZXJhdG9yL3JlbGVhc2VzL2xhdGVzdCIgfCB5cSAtZSAudGFnX25hbWUpCmZvciBhcnRpZmFjdCBpbiAkKGN1cmwgLS1zaWxlbnQgLVggR0VUIC0taGVhZGVyICdBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24nICJodHRwczovLyRyZWdpc3RyeS90ZWFtcy8kcmVwb3NpdG9yeS9hcnRpZmFjdHMiIHwganEgLXIgIi5bXSIgfCBncmVwIC1FICdeKHBvc3RncmVzLW9wZXJhdG9yfHBvc3RncmVzLW9wZXJhdG9yLXVpfGxvZ2ljYWwtYmFja3VwfHBnYm91bmNlcnxzcGlsby0xWzAtOV0rfHNwaWxvLTkuNikkJyk7IGRvCiAgY2FzZSAkYXJ0aWZhY3QgaW4KICBwZ2JvdW5jZXIpCiAgICBpbWFnZV90YWc9JChjdXJsIC0tc2lsZW50IC1YIEdFVCAtLWhlYWRlciAnQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uJyAiaHR0cHM6Ly8kcmVnaXN0cnkvdGVhbXMvJHJlcG9zaXRvcnkvYXJ0aWZhY3RzLyRhcnRpZmFjdC90YWdzIiB8IGpxIC1yICIuW10ubmFtZSIgfCBncmVwIC12RSAiListZy4rIiB8CiAgICAgIGdyZXAgLUUgIl5tYXN0ZXItWzAtOV0rJCIgfCB0YWlsIC1uIDEpCiAgICBlY2hvICIkYXJ0aWZhY3Q6JGltYWdlX3RhZyIKICAgIGNhY2hlID4+dmVyc2lvbnMKICAgIDs7CiAgc3BpbG8tKikKICAgIGN1cmwgLS1zaWxlbnQgLVggR0VUIC0taGVhZGVyICdBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24nICJodHRwczovLyRyZWdpc3RyeS90ZWFtcy8kcmVwb3NpdG9yeS9hcnRpZmFjdHMvJGFydGlmYWN0L3RhZ3MiIHwganEgLXIgIi5bXS5uYW1lIiB8IGdyZXAgLXZFICIuKy1nLisiID4iJGFydGlmYWN0IgogICAgYXdrIC1GLSAne3ByaW50ICQxfScgIiRhcnRpZmFjdCIgfCBzb3J0IHwgZ3JlcCAtRSAiXlswLTkuXSskIiB8IHVuaXEgfCB3aGlsZSByZWFkIC1yIG1ham9yOyBkbwogICAgICBncmVwICJeJG1ham9yLSIgIiRhcnRpZmFjdCIgfCB0YWlsIC1uIDEgfCB3aGlsZSByZWFkIC1yIGltYWdlX3RhZzsgZG8KICAgICAgICBlY2hvICIkYXJ0aWZhY3Q6JGltYWdlX3RhZyIKICAgICAgICBjYWNoZSA+PnZlcnNpb25zCiAgICAgIGRvbmUKICAgIGRvbmUKICAgIDs7CiAgKikKICAgIGltYWdlX3RhZz0kKGN1cmwgLS1zaWxlbnQgLVggR0VUIC0taGVhZGVyICdBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24nICJodHRwczovLyRyZWdpc3RyeS90ZWFtcy8kcmVwb3NpdG9yeS9hcnRpZmFjdHMvJGFydGlmYWN0L3RhZ3MiIHwganEgLXIgIi5bXS5uYW1lIiB8IGdyZXAgLXZFICIuKy1nLisiIHwKICAgICAgZ3JlcCAiJHZlcnNpb24iKQogICAgZWNobyAiJGFydGlmYWN0OiRpbWFnZV90YWciCiAgICBjYWNoZSA+PnZlcnNpb25zCiAgICA7OwogIGVzYWMKICBlY2hvCmRvbmUKCmlmICEgZ3JlcCB2ZXJzaW9uOiB2ZXJzaW9ucyA+L2Rldi9udWxsIDI+JjE7IHRoZW4KICBjYXQgPDxFT0YgPnZlcnNpb25zCmluY2x1ZGU6CiAgLSBtb2R1bGU6IHBvc3RncmVzLW9wZXJhdG9yCiAgICB2ZXJzaW9uOiAkdmVyc2lvbgpFT0YKZmkK | base64 -d | bash -s -- docker.io ${{ secrets.DOCKERHUB_USERNAME }}
+          yq -CP versions
+          echo "matrix=$(yq -oj versions | jq -rc)" >>$GITHUB_OUTPUT
+name: syncImages
+on:
+  schedule:
+    - cron: '30 */1 * * *'
+  workflow_dispatch:

.github/workflows/syncSpilo.yaml

@@ -0,0 +1,40 @@
+env:
+  IV: ${{ inputs.imageVersion }}
+jobs:
+  spilo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+      - id: build
+        name: build
+        run: |
+          echo "FROM $IV" >Dockerfile
+          echo 'RUN curl -fsSL https://github.com/${{ secrets.DOCKERHUB_USERNAME }}/postgres-operator/raw/action/docker/syncSpiloExt.sh | sh' >>Dockerfile
+          echo "imageVersion=${IV##*/}" >>$GITHUB_OUTPUT
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          provenance: false
+          pull: true
+          push: true
+          sbom: false
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ steps.build.outputs.imageVersion }}
+name: syncSpilo
+on:
+  workflow_dispatch:
+    inputs:
+      imageVersion:
+        default: ghcr.io/zalando/spilo-16:3.3-p1
+        description: https://github.com/orgs/zalando/packages?repo_name=spilo
+        required: true
+        type: string

Makefile

@@ -18,7 +18,7 @@ GITHEAD = $(shell git rev-parse --short HEAD)
 GITURL = $(shell git config --get remote.origin.url)
 GITSTATUS = $(shell git status --porcelain || echo "no changes")
 SOURCES = cmd/main.go
-VERSION ?= $(shell git describe --tags --always --dirty)
+VERSION ?= $(shell git describe --tags --always HEAD^)
 DIRS := cmd pkg
 PKG := `go list ./... | grep -v /vendor/`
 
@@ -65,7 +65,7 @@ docker: ${DOCKERDIR}/${DOCKERFILE}
 	echo "Tag ${TAG}"
 	echo "Version ${VERSION}"
 	echo "CDP tag ${CDP_TAG}"
-	echo "git describe $(shell git describe --tags --always --dirty)"
+	echo "git describe $(shell git describe --tags --always HEAD^)"
 	docker build --rm -t "$(IMAGE):$(TAG)$(CDP_TAG)$(DEBUG_FRESH)$(DEBUG_POSTFIX)" -f "${DOCKERDIR}/${DOCKERFILE}" --build-arg VERSION="${VERSION}" .
 
 indocker-race:

charts/postgres-operator.chart

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+set -e
+
+readonly d_old=acid.zalan.do
+readonly o_old=zalando.org
+readonly oem=zalan
+readonly OEM="${OEM:-$oem}"
+echo "OEM: $OEM"
+readonly d_new="acid.$OEM.do"
+if [ "$OEM" = $oem ]; then
+  readonly o_new="${oem}do.org"
+else
+  readonly o_new="${OEM}.sre"
+fi
+echo "$d_old=>$d_new"
+echo "$o_old=>$o_new"
+toFU() {
+  local str firstLetter otherLetter
+  str=$1
+  firstLetter=$(echo "${str:0:1}" | awk '{print toupper($0)}')
+  otherLetter=${str:1}
+  echo "$firstLetter$otherLetter"
+}
+if [ "$OEM" != $oem ]; then
+  grep -rl $oem | grep .y\*ml$ | grep -v ui/ | while read -r f; do
+    sed "s~$d_old~$d_new~g;s~$o_old~$o_new~g;s~registry.opensource.zalan.do/acid~docker.io/muicoder~g;s~ghcr.io/zalando~ghcr.io/muicoder~g;s~Zalando~$(toFU "$OEM")~g;s~zalando~$OEM~g" <"$f" >"$f.bak" && mv "$f.bak" "$f"
+  done
+fi

docker/Dockerfile

@@ -1,22 +1,9 @@
-ARG BASE_IMAGE=registry.opensource.zalan.do/library/alpine-3:latest
-FROM golang:1.22-alpine AS builder
-ARG VERSION=latest
-
-COPY  . /go/src/github.com/zalando/postgres-operator
-WORKDIR /go/src/github.com/zalando/postgres-operator
-
-RUN GO111MODULE=on go mod vendor \
-    && CGO_ENABLED=0 go build -o build/postgres-operator -v -ldflags "-X=main.version=${VERSION}" cmd/main.go
-
-FROM ${BASE_IMAGE}
-LABEL maintainer="Team ACID @ Zalando <team-acid@zalando.de>"
-LABEL org.opencontainers.image.source="https://github.com/zalando/postgres-operator"
-
+FROM alpine:3.16
+ARG TARGETARCH
 # We need root certificates to deal with teams api over https
-RUN apk -U upgrade --no-cache \
-    && apk add --no-cache curl ca-certificates
+RUN apk --no-cache add curl ca-certificates
 
-COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* /
+COPY $TARGETARCH/* /
 
 RUN addgroup -g 1000 pgo
 RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo

docker/pooler.Dockerfile

@@ -0,0 +1,21 @@
+FROM alpine:3.16 AS builder
+# Inspiration from https://github.com/edoburu/docker-pgbouncer/blob/master/Dockerfile
+RUN apk add --no-cache autoconf automake c-ares-dev curl gcc libc-dev libevent-dev libtool make openssl-dev pkgconf-dev && \
+  curl -sL https://www.pgbouncer.org/downloads/files/1.23.1/pgbouncer-1.23.1.tar.gz | tar -xzv && \
+  cd pgbouncer-* && \
+  curl -sL https://github.com/pgbouncer/pgbouncer/archive/d67357dd3fc0c65f342f0a4296baeccf8bc349c0.tar.gz | tar -xzv --strip-components=1 && \
+  ./configure --prefix=/usr/local && make && make install && ls -lt
+FROM registry.opensource.zalan.do/acid/pgbouncer:master-32 AS pgbouncer
+RUN sed -i -E 's~(_tls_sslmode =).+~\1 prefer~g;s~(_tls_protocols =).+~\1 all~;s~(^stats_users_.+)~# \1~' /etc/pgbouncer/pgbouncer.ini.tmpl
+FROM scratch AS cache
+COPY --from=builder /usr/local/bin/pgbouncer /bin/pgbouncer
+COPY --from=pgbouncer /entrypoint.sh /entrypoint.sh
+COPY --from=pgbouncer /etc/pgbouncer/auth_file.txt.tmpl /etc/pgbouncer/auth_file.txt.tmpl
+COPY --from=pgbouncer /etc/pgbouncer/pgbouncer.ini.tmpl /etc/pgbouncer/pgbouncer.ini.tmpl
+FROM alpine:3.16
+COPY --from=cache / /
+RUN apk --no-cache add libevent openssl c-ares gettext ca-certificates postgresql-client && \
+  addgroup -S pgbouncer && adduser -S pgbouncer && mkdir -p /etc/pgbouncer /var/log/pgbouncer /var/run/pgbouncer && \
+  chown -R pgbouncer:pgbouncer /etc/pgbouncer /var/log/pgbouncer /var/run/pgbouncer /etc/ssl/certs
+USER pgbouncer:pgbouncer
+ENTRYPOINT ["/entrypoint.sh"]

docker/syncImages.sh

@@ -0,0 +1,30 @@
+#! /bin/sh
+
+set -e
+
+if ! buildah version 2>/dev/null; then
+  date >"$(hostname)"
+  until sudo curl -fsSL "https://github.com/nicholasdille/buildah-static/releases/download/$(curl -fsSL "https://api.github.com/repos/nicholasdille/buildah-static/releases/latest" | grep tag_name | awk -F\" '{print $(NF-1)}')/buildah-$(
+    case $(uname -m) in
+    x86_64)
+      echo amd64
+      ;;
+    aarch64)
+      echo arm64
+      ;;
+    esac
+  ).tar.gz" | tar xz -C /usr/bin --no-same-owner --strip-components=1 "bin/buildah"; do
+    sleep "$(($(grep -v ^$ -c "$(hostname)") * 2))s"
+    date >>"$(hostname)"
+  done
+  rm "$(hostname)"
+fi
+
+REGISTRY=docker.io
+REPOSITORY=muicoder
+{
+  echo postgres-operator:action
+  echo logical-backup:action
+} | while read -r repository; do
+  echo IyEvYmluL3NoCgpSRUdJU1RSWT0ke1JFR0lTVFJZOi1kb2NrZXIuaW99ClJFUE9TSVRPUlk9JHtSRVBPU0lUT1JZOi1tdWljb2Rlcn0KCkNNRD0kKGlmIHNlYWxvcyA+L2Rldi9udWxsOyB0aGVuIGVjaG8gc2VhbG9zOyBlbGlmIGJ1aWxkYWggPi9kZXYvbnVsbDsgdGhlbiBlY2hvIGJ1aWxkYWg7IGZpKQpNRj0ibWY6JChkYXRlICslRikiCgptYW5pZmVzdCgpIHsKICByZXBvc2l0b3J5PSQxCiAgdGFncz0kMgogIHRhZ0FsbD0kMwogIGVjaG8gIiR0YWdzIiB8IHNlZCAic34sflxufmciIHwgd2hpbGUgcmVhZCAtciB0YWc7IGRvCiAgICBlY2hvICIkUkVHSVNUUlkvJFJFUE9TSVRPUlkvJHJlcG9zaXRvcnk6JHRhZyIKICBkb25lIHwgeGFyZ3MgJENNRCBtYW5pZmVzdCBjcmVhdGUgLS1hbGwgIiRNRiIKICAkQ01EIG1hbmlmZXN0IHB1c2ggIiRNRiIgImRvY2tlcjovLyRSRUdJU1RSWS8kUkVQT1NJVE9SWS8kcmVwb3NpdG9yeTokdGFnQWxsIgogICRDTUQgbWFuaWZlc3Qgcm0gIiRNRiIgfHwgdHJ1ZQp9CgptYW5pZmVzdCAiJHsxOi1rOXN9IiAiJHsyOi1hY3Rpb24tYXJtNjQsYWN0aW9uLWFtZDY0fSIgIiR7Mzotc3RhYmxlfSIK |base64 -d|sh -s ${repository%:*} ${repository#*:} ${1:-v1.10.x}
+done