From be8cb3fb19947804851fbb1fd6381ed2e12cad39 Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Wed, 4 Mar 2026 22:08:05 +0400 Subject: [PATCH 1/7] Add openserverless-task as submodule at olaris/ --- .gitmodules | 3 +++ olaris | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 olaris diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..09b6575 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "olaris"] + path = olaris + url = https://github.com/apache/openserverless-task.git diff --git a/olaris b/olaris new file mode 160000 index 0000000..775b727 --- /dev/null +++ b/olaris @@ -0,0 +1 @@ +Subproject commit 775b7279cf7fa7d5c427ccfd249fa34f2b880b87 From 69161d4d684d6da734d82165ea42d828a4550791 Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Wed, 4 Mar 2026 22:09:24 +0400 Subject: [PATCH 2/7] Add trigger-testing workflow for PR-based integration tests --- .github/workflows/trigger-testing.yaml | 92 ++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/trigger-testing.yaml diff --git a/.github/workflows/trigger-testing.yaml b/.github/workflows/trigger-testing.yaml new file mode 100644 index 0000000..69a1c2d --- /dev/null +++ b/.github/workflows/trigger-testing.yaml @@ -0,0 +1,92 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +name: Trigger Testing +run-name: Dispatch operator PR test for ${{ github.event.issue.number || github.event.inputs.pr_number }} + +on: + issue_comment: + types: [created] + workflow_dispatch: + inputs: + pr_number: + description: "PR number to test" + required: true + type: string + platform: + description: "Platform to test on (e.g. k3s-amd, eks-amd)" + required: true + type: string + +jobs: + dispatch: + name: Dispatch operator-pr-test + runs-on: ubuntu-22.04 + # Run on /testing comments from authorized users, or on manual dispatch + if: >- + github.event_name == 'workflow_dispatch' || + ( + github.event.issue.pull_request && + startsWith(github.event.comment.body, '/testing ') && + contains(fromJSON('["MEMBER","OWNER","COLLABORATOR"]'), github.event.comment.author_association) + ) + steps: + - name: Parse comment + id: parse + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "platform=${{ github.event.inputs.platform }}" >> "$GITHUB_OUTPUT" + echo "pr_number=${{ github.event.inputs.pr_number }}" >> "$GITHUB_OUTPUT" + else + COMMENT="${{ github.event.comment.body }}" + PLATFORM="${COMMENT#/testing }" + echo "platform=${PLATFORM}" >> "$GITHUB_OUTPUT" + echo "pr_number=${{ github.event.issue.number }}" >> "$GITHUB_OUTPUT" + fi + + - name: Get PR details + id: pr + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + PR_JSON=$(gh api repos/${{ github.repository }}/pulls/${{ steps.parse.outputs.pr_number }}) + echo "ref=$(echo "$PR_JSON" | jq -r '.head.ref')" >> "$GITHUB_OUTPUT" + echo "repo=$(echo "$PR_JSON" | jq -r '.head.repo.full_name')" >> "$GITHUB_OUTPUT" + echo "sha=$(echo "$PR_JSON" | jq -r '.head.sha')" >> "$GITHUB_OUTPUT" + + - name: Add reaction to comment + if: github.event_name != 'workflow_dispatch' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions \ + -f content=rocket + + - name: Dispatch to testing repo + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.OPENSERVERLESS_TESTING_PAT }} + repository: ${{ github.repository_owner }}/openserverless-testing + event-type: operator-pr-test + client-payload: >- + { + "pr_number": "${{ steps.parse.outputs.pr_number }}", + "pr_ref": "${{ steps.pr.outputs.ref }}", + "pr_sha": "${{ steps.pr.outputs.sha }}", + "operator_repo": "${{ steps.pr.outputs.repo }}", + "platform": "${{ steps.parse.outputs.platform }}" + } From a4431fd695b74067781f7368ebc7d736a68d83c9 Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Wed, 4 Mar 2026 22:45:52 +0400 Subject: [PATCH 3/7] Add .gitmodules to license check ignore list The .gitmodules file uses git config syntax which does not support license headers. --- .licenserc.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.licenserc.yaml b/.licenserc.yaml index 4e6b48d..37ea118 100644 --- a/.licenserc.yaml +++ b/.licenserc.yaml @@ -46,6 +46,7 @@ header: - '**/license-eye' - '**/id_rsa*' - '**/.gitkeep' + - '.gitmodules' - 'poetry.lock' - '**/__*' - '.github/ngrok' From 8d145b0d4ef40eb7fafef0585a27eccda9b39574 Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Wed, 25 Feb 2026 21:50:36 +0400 Subject: [PATCH 4/7] Fix CI build on Python 3.12: upgrade flatdict, align Poetry version flatdict 4.0.1 only ships as a source tarball. Building it requires pkg_resources (setuptools), removed from Python 3.12 virtual environments. Version 4.1.0 ships a pre-built wheel, bypassing the build step entirely. Also update Dockerfile Poetry from 1.8.5 to 2.3.2 to match the lock-version 2.1 format already in use. --- Dockerfile | 2 +- poetry.lock | 15 ++++++++------- pyproject.toml | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 99d3441..fb5c2c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -78,7 +78,7 @@ ADD --chown=nuvolaris:nuvolaris quota.sh /home/nuvolaris/ FROM python:3.12-slim-bullseye AS deps # --- Install Poetry --- -ARG POETRY_VERSION=1.8.5 +ARG POETRY_VERSION=2.3.2 ENV POETRY_HOME=/opt/poetry ENV POETRY_NO_INTERACTION=1 ENV POETRY_VIRTUALENVS_IN_PROJECT=1 diff --git a/poetry.lock b/poetry.lock index f4aec10..1c39818 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.1.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. [[package]] name = "aiohappyeyeballs" @@ -561,13 +561,14 @@ tests = ["asttokens (>=2.1.0)", "coverage", "coverage-enable-subprocess", "ipyth [[package]] name = "flatdict" -version = "4.0.1" +version = "4.1.0" description = "Python module for interacting with nested dicts as a single level dict with delimited keys." optional = false -python-versions = "*" +python-versions = ">=3.10" groups = ["main"] files = [ - {file = "flatdict-4.0.1.tar.gz", hash = "sha256:cd32f08fd31ed21eb09ebc76f06b6bd12046a24f77beb1fd0281917e47f26742"}, + {file = "flatdict-4.1.0-py3-none-any.whl", hash = "sha256:24c3ff816733e472f91071031bd286c3826ecf2d646d5020af49fe10b20a5677"}, + {file = "flatdict-4.1.0.tar.gz", hash = "sha256:63bcd906a0859d91d0aace44b327178706c7fcf85a88c7ccf0825628376ad66b"}, ] [[package]] @@ -854,7 +855,7 @@ files = [ ] [package.dependencies] -certifi = ">=14.05.14" +certifi = ">=14.5.14" durationpy = ">=0.7" google-auth = ">=1.0.1" oauthlib = ">=3.2.2" @@ -1762,7 +1763,7 @@ description = "Provider of IANA time zone data" optional = false python-versions = ">=2" groups = ["main"] -markers = "sys_platform == \"win32\" or platform_system == \"Windows\"" +markers = "platform_system == \"Windows\" or sys_platform == \"win32\"" files = [ {file = "tzdata-2024.2-py2.py3-none-any.whl", hash = "sha256:a48093786cdcde33cad18c2555e8532f34422074448fbc874186f0abd79565cd"}, {file = "tzdata-2024.2.tar.gz", hash = "sha256:7d85cc416e9382e69095b7bdf4afd9e3880418a2413feec7069d533d6b4e31cc"}, @@ -1933,4 +1934,4 @@ propcache = ">=0.2.0" [metadata] lock-version = "2.1" python-versions = "^3.12" -content-hash = "bdc52b6678dbf6012d12fd70280629fb8269afc372200cc5985dab9426ee88d9" +content-hash = "96fb6aaa01cff4e1fd8b926967d18bfdf537e64ab6c36a897277930e31b270c5" diff --git a/pyproject.toml b/pyproject.toml index 92cdaae..c11a049 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -29,7 +29,7 @@ PyYAML = "^6.0" pykube = "^0.15.0" Jinja2 = "^3.0.3" requests = "^2.32.4" -flatdict = "^4.0.1" +flatdict = "^4.1.0" croniter = "^1.3.5" minio = "^7.1.13" backoff = "^2.2.1" From cd35a86faa570a9f2e3afe38b0837fd2be80fc65 Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Wed, 25 Feb 2026 22:10:41 +0400 Subject: [PATCH 5/7] Update image.yml to support configurable image registry Allow forks to push operator images to ghcr.io by setting the IMAGE_REGISTRY repository variable, without requiring Docker Hub credentials. Defaults to registry.hub.docker.com for backward compatibility with the Apache upstream. When DOCKERHUB_USER/DOCKERHUB_TOKEN secrets are not set, credentials fall back to github.actor/GITHUB_TOKEN automatically. --- .github/workflows/image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index dc7969b..e05bab4 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -87,9 +87,9 @@ jobs: - name: Registry login uses: docker/login-action@v3 with: - registry: registry.hub.docker.com - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + registry: ${{ vars.IMAGE_REGISTRY || 'registry.hub.docker.com' }} + username: ${{ secrets.DOCKERHUB_USER || github.actor }} + password: ${{ secrets.DOCKERHUB_TOKEN || secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 with: From dd104c62495326b77433a68937a1d15f5330ebfa Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Thu, 5 Mar 2026 00:55:51 +0400 Subject: [PATCH 6/7] Remove redundant branches-ignore from image.yml trigger Same fix as testing repo: branches-ignore under push was causing spurious workflow runs on branch pushes. With only tags filter present, branch pushes are already excluded. --- .github/workflows/image.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index e05bab4..6200690 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -22,8 +22,6 @@ on: push: tags: - '[0-9]*' - branches-ignore: - - '*' jobs: image: name: Build OpenServerless Operator Image From 9326e9ecb29c2ccc23f64c4037357cf16cfee054 Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Wed, 11 Mar 2026 20:10:26 +0400 Subject: [PATCH 7/7] fix: use commit SHA for check.yml TAG on both push and PR events The commit SHA is the correct tag for both event types. --- .github/workflows/check.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 32f3686..b486382 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -34,18 +34,11 @@ jobs: submodules: recursive - name: License uses: apache/skywalking-eyes@main - - name: Assign TAG from pull request - if: ${{ github.event_name == 'pull_request' }} + - name: Assign TAG run: | TAG=$(git rev-parse --short HEAD) echo "IMG_TAG=$TAG" >> "$GITHUB_ENV" echo "OPERATOR_TAG=$TAG" >> "$GITHUB_ENV" - - name: Assign TAG from push - if: ${{ github.event_name != 'pull_request' }} - run: | - TAG=$(git describe --tags --abbrev=0) - echo "IMG_TAG=$TAG" >> "$GITHUB_ENV" - echo "OPERATOR_TAG=$TAG" >> "$GITHUB_ENV" - name: Assign Custom Image Name if: ${{ github.repository_owner != 'apache'}} run: |