upgrade yq commands

.github/workflows/tests.yml

@@ -13,7 +13,7 @@ jobs:
     name: Test Kubernetes Manifests
     runs-on: ubuntu-latest
     container:
-      image: shopsys/kubernetes-buildpack:1.2
+      image: shopsys/kubernetes-buildpack:2.0
 
     steps:
       - name: Checkout code

README.md

@@ -25,7 +25,7 @@
         ```yaml
         .deploy: &deploy
             image:
-                name: shopsys/kubernetes-buildpack:0.9
+                name: shopsys/kubernetes-buildpack:2.0
             stage: deploy
             tags:
                 - docker

UPGRADE.md

@@ -10,6 +10,11 @@
 2. Run `composer update shopsys/deployment`
 3. Check files in mentioned pull requests and if you have any of them extended in your project, apply changes manually
 
+## Upgrade from v4.3.0 to v4.4.0
+
+- yq was updated to the newest version ([#63](https://github.com/shopsys/deployment/pull/63))
+  - If you are using `shopsys/kubernetes-buildpack:1.x` in your GitLab CI pipeline, update it to `shopsys/kubernetes-buildpack:2.0`
+
 ## Upgrade from v4.1.1 to v4.2.0
 
 - improved nginx configuration ([#59](https://github.com/shopsys/deployment/pull/59))

deploy/parts/autoscaling.sh

@@ -26,11 +26,11 @@ if [ ${ENABLE_AUTOSCALING} = true ]; then
         MAX_STOREFRONT_REPLICAS=3
     fi
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml" spec.minReplicas "${MIN_PHP_FPM_REPLICAS}"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml" spec.maxReplicas "${MAX_PHP_FPM_REPLICAS}"
+    yq e -i ".spec.minReplicas=${MIN_PHP_FPM_REPLICAS}" "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml"
+    yq e -i ".spec.maxReplicas=${MAX_PHP_FPM_REPLICAS}" "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml"
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml" spec.minReplicas "${MIN_STOREFRONT_REPLICAS}"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml" spec.maxReplicas "${MAX_STOREFRONT_REPLICAS}"
+    yq e -i ".spec.minReplicas=${MIN_STOREFRONT_REPLICAS}" "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml"
+    yq e -i ".spec.maxReplicas=${MAX_STOREFRONT_REPLICAS}" "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml"
 fi
 
 

deploy/parts/cron.sh

@@ -19,6 +19,6 @@ unset CRON_INSTANCES
 
 # Use FREEZE_TIMESTAMP for testing, otherwise use current timestamp
 CRON_TIMESTAMP="${FREEZE_TIMESTAMP:-$(date +%s)}"
-yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/cron.yaml" "spec.template.metadata.labels.date" "\"${CRON_TIMESTAMP}\""
+yq e -i ".spec.template.metadata.labels.date=\"${CRON_TIMESTAMP}\"" "${CONFIGURATION_TARGET_PATH}/deployments/cron.yaml"
 
 echo -e "[${GREEN}OK${NO_COLOR}]"

deploy/parts/deploy.sh

@@ -51,26 +51,26 @@ fi
 if [ "${RUNNING_PRODUCTION}" -eq "0" ] || [ "${DOWNSCALE_RESOURCE:-0}" -eq "1" ]; then
     echo -n "    Replace pods CPU requests to minimum (for Devel cluster only) "
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/storefront.yaml" "spec.template.spec.containers[0].resources.requests.cpu" "0.01"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml" "spec.template.spec.containers[0].resources.requests.cpu" "0.01"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml" "spec.template.spec.containers[1].resources.requests.cpu" "0.01"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/redis.yaml" "spec.template.spec.containers[1].resources.requests.cpu" "0.01"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/rabbitmq.yaml" "spec.template.spec.containers[0].resources.requests.cpu" "0.01"
+    yq e -i '.spec.template.spec.containers[0].resources.requests.cpu = "0.01"' "${CONFIGURATION_TARGET_PATH}/deployments/storefront.yaml"
+    yq e -i '.spec.template.spec.containers[0].resources.requests.cpu = "0.01"' "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml"
+    yq e -i '.spec.template.spec.containers[1].resources.requests.cpu = "0.01"' "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml"
+    yq e -i '.spec.template.spec.containers[1].resources.requests.cpu = "0.01"' "${CONFIGURATION_TARGET_PATH}/deployments/redis.yaml"
+    yq e -i '.spec.template.spec.containers[0].resources.requests.cpu = "0.01"' "${CONFIGURATION_TARGET_PATH}/deployments/rabbitmq.yaml"
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml" "spec.template.spec.containers[0].resources.requests.memory" "100Mi"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/redis.yaml" "spec.template.spec.containers[1].resources.requests.memory" "100Mi"
+    yq e -i '.spec.template.spec.containers[0].resources.requests.memory = "100Mi"' "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml"
+    yq e -i '.spec.template.spec.containers[1].resources.requests.memory = "100Mi"' "${CONFIGURATION_TARGET_PATH}/deployments/redis.yaml"
 
     echo -e "[${GREEN}OK${NO_COLOR}]"
 else
     if [ -v PHP_FPM_CPU_REQUEST ] || [ -v STOREFRONT_CPU_REQUEST ]; then
         echo -n "    Replace pods CPU requests "
 
         if [ -v PHP_FPM_CPU_REQUEST ]; then
-            yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml" "spec.template.spec.containers[0].resources.requests.cpu" "${PHP_FPM_CPU_REQUEST}"
+            yq e -i ".spec.template.spec.containers[0].resources.requests.cpu = \"${PHP_FPM_CPU_REQUEST}\"" "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml"
         fi
 
         if [ -v STOREFRONT_CPU_REQUEST ]; then
-            yq write --inplace "${CONFIGURATION_TARGET_PATH}/deployments/storefront.yaml" "spec.template.spec.containers[0].resources.requests.cpu" "${STOREFRONT_CPU_REQUEST}"
+            yq e -i ".spec.template.spec.containers[0].resources.requests.cpu = \"${STOREFRONT_CPU_REQUEST}\"" "${CONFIGURATION_TARGET_PATH}/deployments/storefront.yaml"
         fi
 
         echo -e "[${GREEN}OK${NO_COLOR}]"
@@ -187,17 +187,17 @@ if [ ${ENABLE_AUTOSCALING} = true ]; then
     echo -n "    Deploy Horizontal pod autoscaler for Backend "
 
     if [ ${RUNNING_PRODUCTION} -eq "0" ]; then
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml" spec.minReplicas 2
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml" spec.maxReplicas 2
+        yq e -i '.spec.minReplicas = 2' "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml"
+        yq e -i '.spec.maxReplicas = 2' "${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml"
     fi
 
     runCommand "ERROR" "kubectl apply -f ${CONFIGURATION_TARGET_PATH}/horizontalPodAutoscaler.yaml"
 
     echo -n "    Deploy Horizontal pod autoscaler for Storefront "
 
     if [ ${RUNNING_PRODUCTION} -eq "0" ]; then
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml" spec.minReplicas 2
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml" spec.maxReplicas 2
+        yq e -i '.spec.minReplicas = 2' "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml"
+        yq e -i '.spec.maxReplicas = 2' "${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml"
     fi
 
     runCommand "ERROR" "kubectl apply -f ${CONFIGURATION_TARGET_PATH}/horizontalStorefrontAutoscaler.yaml"

deploy/parts/domain-rabbitmq-management.sh

@@ -9,11 +9,11 @@ if [ -z "${RABBITMQ_DOMAIN_HOSTNAME}" ]; then
     RABBITMQ_DOMAIN_HOSTNAME="rabbitmq.${DOMAIN_HOSTNAME_1}"
 fi
 
-yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/ingress-rabbitmq.yaml" spec.rules[0].host ${RABBITMQ_DOMAIN_HOSTNAME}
-yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/ingress-rabbitmq.yaml" spec.tls[0].hosts[+] ${RABBITMQ_DOMAIN_HOSTNAME}
+yq e -i ".spec.rules[0].host=\"${RABBITMQ_DOMAIN_HOSTNAME}\"" "${CONFIGURATION_TARGET_PATH}/ingress/ingress-rabbitmq.yaml"
+yq e -i ".spec.tls[0].hosts[0] = \"${RABBITMQ_DOMAIN_HOSTNAME}\"" "${CONFIGURATION_TARGET_PATH}/ingress/ingress-rabbitmq.yaml"
 
 if [ -n "${RABBITMQ_IP_WHITELIST}" ]; then
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/ingress-rabbitmq.yaml" metadata.annotations."\"nginx.ingress.kubernetes.io/whitelist-source-range\"" "${RABBITMQ_IP_WHITELIST}"
+    yq e -i ".metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"=\"${RABBITMQ_IP_WHITELIST}\"" "${CONFIGURATION_TARGET_PATH}/ingress/ingress-rabbitmq.yaml"
 fi
 
 echo -e "[${GREEN}OK${NO_COLOR}]"

deploy/parts/domains.sh

@@ -50,42 +50,43 @@ for DOMAIN in ${DOMAINS[@]}; do
         BASE_DOMAIN=${BASENAME}
         REDIRECT_DOMAIN=${BASENAME#"www."}
 
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/configuration-snippet\"" 'if ($scheme = http) { return 308 https://$host$request_uri; } if ($host ~ ^(?!www\.)(?<domain>.+)$) { return 308 https://www.$domain$request_uri; }'
+        yq e -i '.metadata.annotations."nginx.ingress.kubernetes.io/configuration-snippet"="if ($scheme = http) { return 308 https://$host$request_uri; } if ($host ~ ^(?!www\.)(?<domain>.+)$) { return 308 https://www.$domain$request_uri; }"' "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
     else
         BASE_DOMAIN=${BASENAME}
         REDIRECT_DOMAIN="www.${BASENAME}"
 
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/configuration-snippet\"" 'if ($scheme = http) { return 308 https://$host$request_uri; } if ($host ~ ^www\.(?<domain>.+)$) { return 308 https://$domain$request_uri; }'
+        yq e -i '.metadata.annotations."nginx.ingress.kubernetes.io/configuration-snippet"="if ($scheme = http) { return 308 https://$host$request_uri; } if ($host ~ ^www\.(?<domain>.+)$) { return 308 https://$domain$request_uri; }"' "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
     fi
 
     if [ ! -z "${DOMAIN_PATH}" ]; then
-        yq write --inplace ${DOMAINS_URLS_FILEPATH} domains_urls[${DOMAIN_ITERATOR}].url https://${BASE_DOMAIN}/${DOMAIN_PATH}
+        yq e -i ".domains_urls[${DOMAIN_ITERATOR}].url=\"https://${BASE_DOMAIN}/${DOMAIN_PATH}\"" "${DOMAINS_URLS_FILEPATH}"
     else
-        yq write --inplace ${DOMAINS_URLS_FILEPATH} domains_urls[${DOMAIN_ITERATOR}].url https://${BASE_DOMAIN}
+        yq e -i ".domains_urls[${DOMAIN_ITERATOR}].url=\"https://${BASE_DOMAIN}\"" "${DOMAINS_URLS_FILEPATH}"
     fi
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.name "eshop-domain-${DOMAIN_ITERATOR}"
+    yq e -i ".metadata.name=\"eshop-domain-${DOMAIN_ITERATOR}\"" "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
 
     # Generate TLS secret name from BASE_DOMAIN to ensure domains with same host share the same certificate
     # Sanitize to meet Kubernetes naming requirements: lowercase alphanumeric and hyphens only, no leading/trailing hyphens
     SECRET_NAME="tls-$(echo "${BASE_DOMAIN}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g' | sed 's/^-\+\|-\+$//g')"
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" spec.tls[0].secretName "${SECRET_NAME}"
+    yq e -i ".spec.tls[0].secretName=\"${SECRET_NAME}\"" "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" spec.rules[0].host ${BASE_DOMAIN}
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" spec.tls[0].hosts[+] ${BASE_DOMAIN}
+    yq e -i ".spec.rules[0].host=\"${BASE_DOMAIN}\"" "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
+    yq e -i ".spec.rules += [{\"host\": \"${REDIRECT_DOMAIN}\"}]" "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
+
+    yq e -i ".spec.tls[0].hosts += [\"${BASE_DOMAIN}\", \"${REDIRECT_DOMAIN}\"]" "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
 
     if [ ! -z "${DOMAIN_PATH}" ]; then
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" spec.rules[0].http.paths[0].path "/${DOMAIN_PATH}"
+        yq e -i ".spec.rules[0].http.paths[0].path = \"/${DOMAIN_PATH}\"" "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
     fi
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" spec.rules[+].host ${REDIRECT_DOMAIN}
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" spec.tls[0].hosts[+] ${REDIRECT_DOMAIN}
-
     # When domain is not in production we need to whitelist our IPs. But this also enables access outside Cloudflare
     if [ ${RUNNING_PRODUCTION} -ne "1" ] || containsElement ${DOMAIN} ${FORCE_HTTP_AUTH_IN_PRODUCTION[@]}; then
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/auth-type\"" basic
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/auth-secret\"" http-auth
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/auth-realm\"" "Authentication Required - ok"
+        yq e -i '
+          .metadata.annotations."nginx.ingress.kubernetes.io/auth-type" = "basic" |
+          .metadata.annotations."nginx.ingress.kubernetes.io/auth-secret" = "http-auth" |
+          .metadata.annotations."nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required - ok"
+        ' "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
 
         # Clean up whitespace and trailing commas from both variables
         DEFAULT_WHITELIST_IPS_CLEAN=$(echo "${DEFAULT_WHITELIST_IPS}" | tr -d ' ' | sed 's/,$//')
@@ -103,15 +104,17 @@ for DOMAIN in ${DOMAINS[@]}; do
 
     # Apply the final whitelist if we have any IPs
     if [ -n "${FINAL_WHITELIST_IPS}" ]; then
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/whitelist-source-range\"" "${FINAL_WHITELIST_IPS}"
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/satisfy\"" "any"
+        yq e -i '
+          .metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "'"${FINAL_WHITELIST_IPS}"'" |
+          .metadata.annotations."nginx.ingress.kubernetes.io/satisfy" = "any"
+        ' "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
     fi
 
     if [ "${USING_CLOUDFLARE}" = "1" ] && ! containsElement ${DOMAIN} ${CLOUDFLARE_EXCLUDED_DOMAINS[@]}; then
-        yq write --inplace "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}" metadata.annotations."\"nginx.ingress.kubernetes.io/server-snippet\"" "real_ip_header CF-Connecting-IP;"
+        yq e -i '.metadata.annotations."nginx.ingress.kubernetes.io/server-snippet" = "real_ip_header CF-Connecting-IP;"' "${CONFIGURATION_TARGET_PATH}/ingress/${INGRESS_FILENAME}"
     fi
 
-    yq write --inplace "${CONFIGURATION_TARGET_PATH}/kustomize/webserver/kustomization.yaml" resources[+] "../../ingress/${INGRESS_FILENAME}"
+    yq e -i ".resources += [\"../../ingress/${INGRESS_FILENAME}\"]" "${CONFIGURATION_TARGET_PATH}/kustomize/webserver/kustomization.yaml"
 
     DOMAIN_ITERATOR=$(expr $DOMAIN_ITERATOR + 1)
 done