diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index 72c4f32..3d38419 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -175,6 +175,8 @@ jobs: - name: Apply release manifests and wait for rollout run: | + kubectl -n "$PROJECT_NAMESPACE" delete job redpanda-topic-bootstrap --ignore-not-found=true + # Apply the rendered image after the build so no deployment ever falls back to bootstrap placeholders. kubectl kustomize "$WORKSPACE_DIR/deploy/k8s/base" \ | python3 "$WORKSPACE_DIR/scripts/deploy/render_release_manifest.py" --image "$IMAGE" \ diff --git a/scripts/deploy/bootstrap.sh b/scripts/deploy/bootstrap.sh index 43f19bc..27fd378 100755 --- a/scripts/deploy/bootstrap.sh +++ b/scripts/deploy/bootstrap.sh @@ -213,6 +213,8 @@ APP_MANIFEST_IMAGE="${PROJECT_RELEASE_IMAGE:-$(current_release_image)}" BOOTSTRAP_IMAGE="ghcr.io/example/unrip:bootstrap" echo "applying app manifests" +kubectl -n "$PROJECT_NAMESPACE" delete job redpanda-topic-bootstrap --ignore-not-found=true + if [[ -n "$APP_MANIFEST_IMAGE" && "$APP_MANIFEST_IMAGE" != "$BOOTSTRAP_IMAGE" ]]; then kubectl kustomize "$ROOT_DIR/deploy/k8s/base" \ | python3 "$ROOT_DIR/scripts/deploy/render_release_manifest.py" --image "$APP_MANIFEST_IMAGE" \ diff --git a/test/bootstrap_script_static_test.py b/test/bootstrap_script_static_test.py index 09f20fc..0fd2a92 100644 --- a/test/bootstrap_script_static_test.py +++ b/test/bootstrap_script_static_test.py @@ -20,6 +20,14 @@ class BootstrapScriptStaticTest(unittest.TestCase): self.assertIn('--from-literal=OPERATOR_DASHBOARD_AUTH_PASSWORD="$OPERATOR_DASHBOARD_AUTH_PASSWORD"', source) self.assertIn('--operator-dashboard-auth-password "$OPERATOR_DASHBOARD_AUTH_PASSWORD"', source) + def test_bootstrap_recreates_immutable_topic_bootstrap_job(self): + source = (ROOT / 'scripts/deploy/bootstrap.sh').read_text() + delete_index = source.find('delete job redpanda-topic-bootstrap --ignore-not-found=true') + apply_index = source.find('kubectl kustomize "$ROOT_DIR/deploy/k8s/base"') + self.assertGreater(delete_index, -1) + self.assertGreater(apply_index, -1) + self.assertLess(delete_index, apply_index) + if __name__ == '__main__': unittest.main() diff --git a/test/deploy-workflow-static.test.mjs b/test/deploy-workflow-static.test.mjs index bdd951c..d6d72e5 100644 --- a/test/deploy-workflow-static.test.mjs +++ b/test/deploy-workflow-static.test.mjs @@ -13,6 +13,14 @@ test('deploy workflow upserts dashboard password before applying public dashboar assert.match(workflow, /--patch-file "\$patch_file"/); }); +test('deploy workflow recreates immutable topic bootstrap job through the repo path', () => { + const deleteIndex = workflow.indexOf('delete job redpanda-topic-bootstrap --ignore-not-found=true'); + const applyIndex = workflow.indexOf('kubectl kustomize "$WORKSPACE_DIR/deploy/k8s/base"'); + assert.ok(deleteIndex > -1, 'workflow deletes the immutable bootstrap job'); + assert.ok(applyIndex > -1, 'workflow applies rendered manifests'); + assert.ok(deleteIndex < applyIndex, 'workflow deletes the immutable bootstrap job before applying manifests'); +}); + test('Forgejo bootstrap can publish dashboard password as a repo action secret', () => { assert.match(forgejoBootstrap, /--operator-dashboard-auth-password/); assert.match(forgejoBootstrap, /OPERATOR_DASHBOARD_AUTH_PASSWORD/);