[leeway] Bump to leeway 0.2.0

Author: Christian Weichel

.gitpod.yml

@@ -1,4 +1,4 @@
-image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:as-add-golangci-lint.6
+image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:cw-supervisor-execve-ring3.11
 workspaceLocation: gitpod/gitpod-ws.theia-workspace
 checkoutLocation: gitpod
 ports:

.werft/build.js

@@ -31,6 +31,13 @@ async function build(context, version) {
      * Prepare
      */
     werft.phase("prepare");
+
+    const werftImg = shell.exec("cat .werft/build.yaml | grep dev-environment").trim().split(": ")[1];
+    const devImg = shell.exec("yq r .gitpod.yml image").trim();
+    if (werftImg !== devImg) {
+        werft.fail('prep', `Werft job image (${werftImg}) and Gitpod dev image (${devImg}) do not match`);
+    }
+
     let buildConfig = context.Annotations || {};
     try {
         exec(`gcloud auth activate-service-account --key-file "${GCLOUD_SERVICE_ACCOUNT_PATH}"`);
@@ -145,7 +152,7 @@ async function deployToDev(version, previewWithHttps, workspaceFeatureFlags, dyn
 
     werft.log("secret", "copy secret into namespace")
     try {
-        const auth = exec(`echo -n "_json_key:$(kubectl get secret gcp-sa-registry-auth --namespace=keys --export -o yaml \
+        const auth = exec(`echo -n "_json_key:$(kubectl get secret gcp-sa-registry-auth --namespace=keys -o yaml \
                         | yq r - data['.dockerconfigjson'] \
                         | base64 -d)" | base64 -w 0`, {silent: true}).stdout.trim();
         fs.writeFileSync("chart/gcp-sa-registry-auth",
@@ -163,7 +170,7 @@ async function deployToDev(version, previewWithHttps, workspaceFeatureFlags, dyn
 
     werft.log("authProviders", "copy authProviders")
     try {
-        exec(`kubectl get secret preview-envs-authproviders --namespace=keys --export -o yaml \
+        exec(`kubectl get secret preview-envs-authproviders --namespace=keys -o yaml \
                 | yq r - data.authProviders \
                 | base64 -d -w 0 \
                 > authProviders`, {silent: true}).stdout.trim();
@@ -303,7 +310,11 @@ async function issueAndInstallCertficate(namespace, domain) {
 
     werft.log('certificate', `copying certificate from "certs/${namespace}" to "${namespace}/proxy-config-certificates"`);
     // certmanager is configured to create a secret in the namespace "certs" with the name "${namespace}".
-    exec(`kubectl get secret ${namespace} --namespace=certs --export -o yaml \
+    exec(`kubectl get secret ${namespace} --namespace=certs -o yaml \
+        | yq d - 'metadata.namespace' \
+        | yq d - 'metadata.uid' \
+        | yq d - 'metadata.resourceVersion' \
+        | yq d - 'metadata.creationTimestamp' \
         | sed 's/${namespace}/proxy-config-certificates/g' \
         | kubectl apply --namespace=${namespace} -f -`);
 }

.werft/build.yaml

@@ -30,7 +30,7 @@ pod:
     - name: MYSQL_TCP_PORT
       value: 23306
   - name: build
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:as-add-golangci-lint.6
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:cw-supervisor-execve-ring3.11
     workingDir: /workspace
     imagePullPolicy: Always
     volumeMounts:

.werft/wipe-devstaging.yaml

@@ -14,7 +14,7 @@ pod:
       secretName: gcp-sa-gitpod-dev-deployer
   containers:
   - name: wipe-devstaging
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:as-add-golangci-lint.6
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:cw-supervisor-execve-ring3.11
     workingDir: /workspace
     imagePullPolicy: Always
     volumeMounts:

dev/image/Dockerfile

@@ -4,7 +4,7 @@
 
 FROM gitpod/workspace-full-vnc:latest
 
-ENV TRIGGER_REBUILD 2
+ENV TRIGGER_REBUILD 3
 
 USER root