diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 5821b06c6..8bb50c701 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -15,6 +15,4 @@ following ourselves these points:
- explain what and why in the body, if more than a trivial change, wrapping at
72 characters
-If you have any issue or question, reach out us!
-https://clastix.slack.com >>> #capsule channel
-->
diff --git a/.github/configs/ct.yaml b/.github/configs/ct.yaml
index 29160c1da..af5985757 100644
--- a/.github/configs/ct.yaml
+++ b/.github/configs/ct.yaml
@@ -1,5 +1,5 @@
remote: origin
-target-branch: master
+target-branch: main
chart-dirs:
- charts
helm-extra-args: "--timeout 600s"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
deleted file mode 100644
index cc15c588c..000000000
--- a/.github/workflows/ci.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: CI
-
-on:
- push:
- branches: [ "*" ]
- pull_request:
- branches: [ "*" ]
-
-jobs:
- commit_lint:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- with:
- fetch-depth: 0
- - uses: wagoid/commitlint-github-action@v2
- with:
- firstParent: true
- golangci:
- name: lint
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - name: Run golangci-lint
- uses: golangci/golangci-lint-action@v2.3.0
- with:
- version: v1.51.2
- only-new-issues: false
- args: --timeout 5m --config .golangci.yml
- diff:
- name: diff
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- with:
- fetch-depth: 0
- - uses: actions/setup-go@v2
- with:
- go-version: '1.19'
- - run: make installer
- - name: Checking if YAML installer file is not aligned
- run: if [[ $(git diff | wc -l) -gt 0 ]]; then echo ">>> Untracked generated files have not been committed" && git --no-pager diff && exit 1; fi
- - run: make apidoc
- - name: Checking if the CRDs documentation is not aligned
- run: if [[ $(git diff | wc -l) -gt 0 ]]; then echo ">>> CRDs generated documentation have not been committed" && git --no-pager diff && exit 1; fi
- - name: Checking if YAML installer generated untracked files
- run: test -z "$(git ls-files --others --exclude-standard 2> /dev/null)"
- - name: Checking if source code is not formatted
- run: test -z "$(git diff 2> /dev/null)"
diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml
deleted file mode 100644
index da2cbec04..000000000
--- a/.github/workflows/docker-ci.yml
+++ /dev/null
@@ -1,97 +0,0 @@
-name: docker-ci
-
-on:
- push:
- tags:
- - "v*"
-
-jobs:
- docker-ci:
- runs-on: ubuntu-20.04
- steps:
-
- - name: Checkout
- uses: actions/checkout@v2
-
- - name: Generate build-args
- id: build-args
- run: |
- # Declare vars for internal use
- VERSION=$(git describe --abbrev=0 --tags)
- GIT_HEAD_COMMIT=$(git rev-parse --short HEAD)
- GIT_TAG_COMMIT=$(git rev-parse --short $VERSION)
- GIT_MODIFIED_1=$(git diff $GIT_HEAD_COMMIT $GIT_TAG_COMMIT --quiet && echo "" || echo ".dev")
- GIT_MODIFIED_2=$(git diff --quiet && echo "" || echo ".dirty")
- # Export to GH_ENV
- echo "GIT_LAST_TAG=$VERSION" >> $GITHUB_ENV
- echo "GIT_HEAD_COMMIT=$GIT_HEAD_COMMIT" >> $GITHUB_ENV
- echo "GIT_TAG_COMMIT=$GIT_TAG_COMMIT" >> $GITHUB_ENV
- echo "GIT_MODIFIED=$(echo "$GIT_MODIFIED_1""$GIT_MODIFIED_2")" >> $GITHUB_ENV
- echo "GIT_REPO=$(git config --get remote.origin.url)" >> $GITHUB_ENV
- echo "BUILD_DATE=$(git log -1 --format="%at" | xargs -I{} date -d @{} +%Y-%m-%dT%H:%M:%S)" >> $GITHUB_ENV
-
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v3
- with:
- images: |
- quay.io/${{ github.repository }}
- docker.io/${{ github.repository }}
- tags: |
- type=semver,pattern={{raw}}
- flavor: |
- latest=false
-
- - name: Set up QEMU
- id: qemu
- uses: docker/setup-qemu-action@v1
- with:
- platforms: arm64,arm
-
- - name: Set up Docker Buildx
- id: buildx
- uses: docker/setup-buildx-action@v1
- with:
- install: true
-
- - name: Inspect builder
- run: |
- echo "Name: ${{ steps.buildx.outputs.name }}"
- echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
- echo "Status: ${{ steps.buildx.outputs.status }}"
- echo "Flags: ${{ steps.buildx.outputs.flags }}"
- echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
-
- - name: Login to quay.io Container Registry
- uses: docker/login-action@v1
- with:
- registry: quay.io
- username: ${{ github.repository_owner }}+github
- password: ${{ secrets.BOT_QUAY_IO }}
-
- - name: Login to docker.io Container Registry
- uses: docker/login-action@v1
- with:
- registry: docker.io
- username: ${{ secrets.USER_DOCKER_IO }}
- password: ${{ secrets.BOT_DOCKER_IO }}
-
- - name: Build and push
- id: build-release
- uses: docker/build-push-action@v2
- with:
- file: Dockerfile
- context: .
- platforms: linux/amd64,linux/arm64,linux/arm
- push: true
- tags: ${{ steps.meta.outputs.tags }}
- build-args: |
- GIT_HEAD_COMMIT=${{ env.GIT_HEAD_COMMIT }}
- GIT_TAG_COMMIT=${{ env.GIT_TAG_COMMIT }}
- GIT_REPO=${{ env.GIT_REPO }}
- GIT_LAST_TAG=${{ env.GIT_LAST_TAG }}
- GIT_MODIFIED=${{ env.GIT_MODIFIED }}
- BUILD_DATE=${{ env.BUILD_DATE }}
-
- - name: Image digest
- run: echo ${{ steps.build-release.outputs.digest }}
diff --git a/.github/workflows/docs-lint.yml b/.github/workflows/docs-lint.yml
index 168ece40a..3876d20ac 100644
--- a/.github/workflows/docs-lint.yml
+++ b/.github/workflows/docs-lint.yml
@@ -1,4 +1,5 @@
name: docs-lint
+permissions: {}
on:
push:
@@ -12,15 +13,19 @@ on:
- '.github/workflows/docs-lint.yml'
- 'docs/content/**'
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
jobs:
spelling:
name: Spell Check
runs-on: ubuntu-20.04
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 0
- - uses: actions/setup-node@v3
+ - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: 18
- run: make docs-lint
\ No newline at end of file
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 618404641..f4cf72f8e 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -1,4 +1,5 @@
name: e2e
+permissions: {}
on:
push:
@@ -26,6 +27,10 @@ on:
- 'main.go'
- 'Makefile'
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
jobs:
kind:
name: Kubernetes
@@ -35,10 +40,10 @@ jobs:
k8s-version: ['v1.20.7', 'v1.21.2', 'v1.22.4', 'v1.23.6', 'v1.24.7', 'v1.25.3', 'v1.26.3', 'v1.27.2']
runs-on: ubuntu-20.04
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 0
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.19'
- run: make manifests
@@ -46,11 +51,11 @@ jobs:
run: test -z "$(git diff 2> /dev/null)"
- name: Checking if manifests generated untracked files
run: test -z "$(git ls-files --others --exclude-standard 2> /dev/null)"
- - uses: engineerd/setup-kind@v0.5.0
+ - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0
with:
skipClusterCreation: true
version: v0.14.0
- - uses: azure/setup-helm@v1
+ - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: 3.3.4
- name: e2e testing
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index e1d363249..75ed8ddf1 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -1,4 +1,5 @@
name: FOSSA
+permissions: {}
on:
push:
@@ -6,20 +7,29 @@ on:
pull_request:
branches: [ "*" ]
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
jobs:
fossa-scan:
runs-on: ubuntu-20.04
steps:
- name: "Checkout Code"
- uses: actions/checkout@v3
-
+ uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+ - name: Check secret
+ id: checksecret
+ uses: ./.github/actions/exists
+ with:
+ value: ${{ secrets.FOSSA_API_KEY }}
- name: "Run FOSSA Scan"
- uses: fossas/fossa-action@v1.3.1
+ if: steps.checksecret.outputs.result == 'true'
+ uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
with:
api-key: ${{ secrets.FOSSA_API_KEY }}
-
- name: "Run FOSSA Test"
- uses: fossas/fossa-action@v1.3.1
+ if: steps.checksecret.outputs.result == 'true'
+ uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
with:
api-key: ${{ secrets.FOSSA_API_KEY }}
run-tests: true
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index 6c886d207..a0df44a74 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -1,9 +1,15 @@
name: CI gosec
+permissions: {}
on:
push:
branches: [ "*" ]
pull_request:
branches: [ "*" ]
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
jobs:
tests:
runs-on: ubuntu-20.04
@@ -11,8 +17,8 @@ jobs:
GO111MODULE: on
steps:
- name: Checkout Source
- uses: actions/checkout@v2
+ uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Run Gosec Security Scanner
- uses: securego/gosec@master
+ uses: securego/gosec@0ec6cd95d7bf02aef4ec2786e884868e0044875b # v2.18.1
with:
args: ./...
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
deleted file mode 100644
index 539dd1a44..000000000
--- a/.github/workflows/helm.yml
+++ /dev/null
@@ -1,86 +0,0 @@
-name: Helm Chart
-
-on:
- push:
- branches: [ "*" ]
- tags: [ "helm-v*" ]
- pull_request:
- branches: [ "*" ]
-
-jobs:
- lint:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- with:
- fetch-depth: 0
- - uses: azure/setup-helm@v1
- with:
- version: 3.3.4
- - name: Linting Chart
- run: helm lint ./charts/capsule
- - name: Setup Chart Linting
- id: lint
- uses: helm/chart-testing-action@v2.3.0
- - name: Run chart-testing (list-changed)
- id: list-changed
- run: |
- changed=$(ct list-changed --config ./.github/configs/ct.yaml)
- if [[ -n "$changed" ]]; then
- echo "::set-output name=changed::true"
- fi
- - name: Run chart-testing (lint)
- run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml
- - name: Run docs-testing (helm-docs)
- id: helm-docs
- run: |
- make helm-docs
- if [[ $(git diff --stat) != '' ]]; then
- echo -e '\033[0;31mDocumentation outdated! (Run make helm-docs locally and commit)\033[0m ❌'
- git diff --color
- exit 1
- else
- echo -e '\033[0;32mDocumentation up to date\033[0m ✔'
- fi
-
- # ATTENTION: This is a workaround for the upcoming ApiVersion Conversions for the capsule CRDs
- # With this workflow the current docker image is build and loaded into kind, otherwise the install fails
- # In the future this must be removed and the chart-testing-action must be used
- - name: Run chart-testing (install)
- run: make helm-test
- if: steps.list-changed.outputs.changed == 'true'
-
- ## Create KIND Cluster
- #- name: Create kind cluster
- # uses: helm/kind-action@v1.2.0
- # if: steps.list-changed.outputs.changed == 'true'
- ## Install Required Operators/CRDs
- #- name: Prepare Cluster Operators/CRDs
- # run: |
- # # Cert-Manager CRDs
- # kubectl create -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
- #
- # # Prometheus CRDs
- # kubectl create -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml
- # if: steps.list-changed.outputs.changed == 'true'
- ## Install Charts
- #- name: Run chart-testing (install)
- # run: ct install --debug --config ./.github/configs/ct.yaml
- # if: steps.list-changed.outputs.changed == 'true'
- release:
- if: startsWith(github.ref, 'refs/tags/helm-v')
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - name: Publish Helm chart
- uses: stefanprodan/helm-gh-pages@master
- with:
- token: ${{ secrets.BOT_GITHUB_TOKEN }}
- charts_dir: charts
- charts_url: https://clastix.github.io/charts
- owner: clastix
- repository: charts
- branch: gh-pages
- target_dir: .
- commit_username: prometherion
- commit_email: dario@tranchitella.eu
diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml
new file mode 100644
index 000000000..e7a7b2cdf
--- /dev/null
+++ b/.github/workflows/releaser.yml
@@ -0,0 +1,36 @@
+name: Go Release
+
+permissions: {}
+on:
+ push:
+ tags:
+ - 'v*'
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+jobs:
+ create-release:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ id-token: write
+ steps:
+ - name: Checkout
+ uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+ - name: Setup caches
+ uses: ./.github/actions/setup-caches
+ timeout-minutes: 5
+ continue-on-error: true
+ - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
+ - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1
+ - name: Install Cosign
+ uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
+ - name: Run GoReleaser
+ uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+ with:
+ version: latest
+ args: release --clean --timeout 90m --debug
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
index be2d64823..59d273ea6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
*.so
*.dylib
bin
+dist/
# Test binary, build with `go test -c`
*.test
diff --git a/.goreleaser.yml b/.goreleaser.yml
new file mode 100644
index 000000000..c945625ca
--- /dev/null
+++ b/.goreleaser.yml
@@ -0,0 +1,83 @@
+project_name: capsule
+env:
+ - COSIGN_EXPERIMENTAL=true
+ - GO111MODULE=on
+before:
+ hooks:
+ - go mod download
+gomod:
+ proxy: false
+builds:
+ - main: .
+ binary: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}"
+ env:
+ - CGO_ENABLED=0
+ goarch:
+ - amd64
+ - arm64
+ goos:
+ - linux
+ flags:
+ - -trimpath
+ mod_timestamp: '{{ .CommitTimestamp }}'
+ ldflags:
+ - >-
+ -X main.Version={{ .Tag }}
+ -X main.GitCommit={{ .Commit }}
+ -X main.GitTag={{ .Tag }}
+ -X main.GitTreeState={{ .Date }}
+ -X main.BuildDate={{ .Date }}
+ -X main.GitRepo={{ .ProjectName }}
+release:
+ prerelease: auto
+ footer: |
+ Thanks to all the contributors!
+
+ **Full Changelog**: https://github.com/projectcapsule/{{ .ProjectName }}/compare/{{ .PreviousTag }}...{{ .Tag }}
+
+ **Docker Images**
+ - `ghcr.io/projectcapsule/{{ .ProjectName }}:{{ .Tag }}`
+ - `ghcr.io/projectcapsule/{{ .ProjectName }}:latest`
+checksum:
+ name_template: 'checksums.txt'
+changelog:
+ sort: asc
+ use: github
+ filters:
+ exclude:
+ - '^test:'
+ - '^chore'
+ - '^rebase:'
+ - 'merge conflict'
+ - Merge pull request
+ - Merge remote-tracking branch
+ - Merge branch
+ groups:
+ # https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional
+ - title: '🛠 Dependency updates'
+ regexp: '^.*?(feat|fix)\(deps\)!?:.+$'
+ order: 300
+ - title: '✨ New Features'
+ regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+ order: 100
+ - title: '🐛 Bug fixes'
+ regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+ order: 200
+ - title: '📖 Documentation updates'
+ regexp: ^.*?docs(\([[:word:]]+\))??!?:.+$
+ order: 400
+ - title: '🚀 Build process updates'
+ regexp: ^.*?(build|ci)(\([[:word:]]+\))??!?:.+$
+ order: 400
+ - title: '📦 Other work'
+ order: 9999
+sboms:
+ - artifacts: archive
+signs:
+- cmd: cosign
+ args:
+ - "sign-blob"
+ - "--output-signature=${signature}"
+ - "${artifact}"
+ - "--yes"
+ artifacts: all
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 9a47d3d08..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,40 +0,0 @@
-# Build the manager binary
-FROM golang:1.19.10 as builder
-
-WORKDIR /workspace
-# Copy the Go Modules manifests
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-ARG TARGETARCH
-ARG GIT_HEAD_COMMIT
-ARG GIT_TAG_COMMIT
-ARG GIT_LAST_TAG
-ARG GIT_MODIFIED
-ARG GIT_REPO
-ARG BUILD_DATE
-
-# Copy the go source
-COPY main.go main.go
-COPY version.go version.go
-COPY api/ api/
-COPY controllers/ controllers/
-COPY pkg/ pkg/
-
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on go build \
- -gcflags "-N -l" \
- -ldflags "-X main.GitRepo=$GIT_REPO -X main.GitTag=$GIT_LAST_TAG -X main.GitCommit=$GIT_HEAD_COMMIT -X main.GitDirty=$GIT_MODIFIED -X main.BuildTime=$BUILD_DATE" \
- -o manager
-
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
-WORKDIR /
-COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
-
-ENTRYPOINT ["/manager"]
diff --git a/Makefile b/Makefile
index 5a59045ff..9745dd388 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,23 @@
-# Current Operator version
-VERSION ?= $$(git describe --abbrev=0 --tags --match "v*")
+# Version
+VERSION ?= $(shell git describe --abbrev=0 --tags --match "v*")
+ifndef VERSION
+VERSION = $(GIT_HEAD_COMMIT)
+endif
+
+# Defaults
+REGISTRY ?= ghcr.io
+REPOSITORY ?= projectcapsule/capsule
+GIT_HEAD_COMMIT ?= $(shell git rev-parse --short HEAD)
+GIT_TAG_COMMIT ?= $(shell git rev-parse --short $(VERSION))
+GIT_MODIFIED_1 ?= $(shell git diff $(GIT_HEAD_COMMIT) $(GIT_TAG_COMMIT) --quiet && echo "" || echo ".dev")
+GIT_MODIFIED_2 ?= $(shell git diff --quiet && echo "" || echo ".dirty")
+GIT_MODIFIED ?= $(shell echo "$(GIT_MODIFIED_1)$(GIT_MODIFIED_2)")
+GIT_REPO ?= $(shell git config --get remote.origin.url)
+BUILD_DATE ?= $(shell git log -1 --format="%at" | xargs -I{} sh -c 'if [ "$(shell uname)" = "Darwin" ]; then date -r {} +%Y-%m-%dT%H:%M:%S; else date -d @{} +%Y-%m-%dT%H:%M:%S; fi')
+IMG_BASE ?= $(REPOSITORY)
+IMG ?= $(IMG_BASE):$(VERSION)
+CAPSULE_IMG ?= $(REGISTRY)/$(IMG_BASE)
-# Default bundle image tag
-BUNDLE_IMG ?= clastix/capsule:$(VERSION)-bundle
# Options for 'bundle-build'
ifneq ($(origin CHANNELS), undefined)
BUNDLE_CHANNELS := --channels=$(CHANNELS)
@@ -12,9 +27,6 @@ BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
endif
BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
-# Image URL to use all building/pushing image targets
-IMG ?= clastix/capsule:$(VERSION)
-
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
@@ -22,20 +34,16 @@ else
GOBIN=$(shell go env GOBIN)
endif
-# Get information about git current status
-GIT_HEAD_COMMIT ?= $$(git rev-parse --short HEAD)
-GIT_TAG_COMMIT ?= $$(git rev-parse --short $(VERSION))
-GIT_MODIFIED_1 ?= $$(git diff $(GIT_HEAD_COMMIT) $(GIT_TAG_COMMIT) --quiet && echo "" || echo ".dev")
-GIT_MODIFIED_2 ?= $$(git diff --quiet && echo "" || echo ".dirty")
-GIT_MODIFIED ?= $$(echo "$(GIT_MODIFIED_1)$(GIT_MODIFIED_2)")
-GIT_REPO ?= $$(git config --get remote.origin.url)
-BUILD_DATE ?= $$(git log -1 --format="%at" | xargs -I{} date -d @{} +%Y-%m-%dT%H:%M:%S)
-
all: manager
# Run tests
-test: generate manifests
- go test ./... -coverprofile cover.out
+.PHONY: test
+test: test-clean generate manifests test-clean
+ @GO111MODULE=on go test -v ./... -coverprofile coverage.out
+
+.PHONY: test-clean
+test-clean: ## Clean tests cache
+ @go clean -testcache
# Build manager binary
manager: generate golint
@@ -47,7 +55,7 @@ run: generate manifests
# Creates the single file to install Capsule without any external dependency
installer: manifests kustomize
- cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+ cd config/manager && $(KUSTOMIZE) edit set image controller=${CAPSULE_IMG}
$(KUSTOMIZE) build config/default > config/install.yaml
# Install CRDs into a cluster
@@ -86,12 +94,13 @@ helm-docs: HELMDOCS_VERSION := v1.11.0
helm-docs: docker
@docker run -v "$(SRC_ROOT):/helm-docs" jnorwood/helm-docs:$(HELMDOCS_VERSION) --chart-search-root /helm-docs
-helm-lint: ct
- @ct lint --config $(SRC_ROOT)/.github/configs/ct.yaml --lint-conf $(SRC_ROOT)/.github/configs/lintconf.yaml --all --debug
+helm-lint: CT_VERSION := v3.3.1
+helm-lint: docker
+ @docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:$(CT_VERSION) -c "cd /workdir; ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug"
-helm-test: kind ct docker-build
+helm-test: kind ct ko-build-all
@kind create cluster --wait=60s --name capsule-charts
- @kind load docker-image --name capsule-charts ${IMG}
+ @kind load docker-image --name capsule-charts $(LOCAL_CAPSULE_IMG)
@kubectl create ns capsule-system
@ct install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug
@kind delete cluster --name capsule-charts
@@ -166,42 +175,97 @@ dev-setup:
]";
-# Build the docker image
-docker-build: test
- docker build . -t ${IMG} --build-arg GIT_HEAD_COMMIT=$(GIT_HEAD_COMMIT) \
- --build-arg GIT_TAG_COMMIT=$(GIT_TAG_COMMIT) \
- --build-arg GIT_MODIFIED=$(GIT_MODIFIED) \
- --build-arg GIT_REPO=$(GIT_REPO) \
- --build-arg GIT_LAST_TAG=$(VERSION) \
- --build-arg BUILD_DATE=$(BUILD_DATE)
+####################
+# -- Docker
+####################
+
+KOCACHE ?= /tmp/ko-cache
+KO_REGISTRY := ko.local
+KO_TAGS ?= "latest,$(VERSION)"
+LD_FLAGS := "-X main.Version=$(VERSION) \
+ -X main.GitCommit=$(GIT_HEAD_COMMIT) \
+ -X main.GitTag=$(VERSION) \
+ -X main.GitTreeState=$(GIT_MODIFIED) \
+ -X main.BuildDate=$(BUILD_DATE) \
+ -X main.GitRepo=$(GIT_REPO)"
+
+# Docker Image Build
+# ------------------
+
+.PHONY: ko-build-capsule
+LOCAL_CAPSULE_IMG_BASE := github.com/$(REPOSITORY)
+LOCAL_CAPSULE_IMG := $(KO_REGISTRY)/$(LOCAL_CAPSULE_IMG_BASE)
+ko-build-capsule: ko
+ @echo Building Capsule $(KO_TAGS) >&2
+ @LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+ $(KO) build ./ --preserve-import-paths --tags=$(KO_TAGS) --push=false
+
+.PHONY: ko-build-all
+ko-build-all: ko-build-capsule
+
+# Docker Image Publish
+# ------------------
-# Push the docker image
-docker-push:
- docker push ${IMG}
+REGISTRY_PASSWORD ?= dummy
+REGISTRY_USERNAME ?= dummy
-CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
+.PHONY: ko-login
+ko-login: ko
+ @$(KO) login $(REGISTRY) --username $(REGISTRY_USERNAME) --password $(REGISTRY_PASSWORD)
+
+.PHONY: ko-publish-capsule
+ko-publish-capsule: ko-login ## Build and publish kyvernopre image (with ko)
+ @LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(CAPSULE_IMG) \
+ $(KO) build ./ --bare --tags=$(KO_TAGS)
+
+.PHONY: ko-publish-all
+ko-publish-all: ko-publish-capsule
+
+####################
+# -- Binaries
+####################
+
+CONTROLLER_GEN := $(shell pwd)/bin/controller-gen
+CONTROLLER_GEN_VERSION := v0.10.0
controller-gen: ## Download controller-gen locally if necessary.
- $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0)
+ $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION))
-APIDOCS_GEN = $(shell pwd)/bin/crdoc
+APIDOCS_GEN := $(shell pwd)/bin/crdoc
+APIDOCS_GEN_VERSION := latest
apidocs-gen: ## Download crdoc locally if necessary.
- $(call go-install-tool,$(APIDOCS_GEN),fybrik.io/crdoc@latest)
+ $(call go-install-tool,$(APIDOCS_GEN),fybrik.io/crdoc@$(APIDOCS_GEN_VERSION))
-GINKGO = $(shell pwd)/bin/ginkgo
+GINKGO := $(shell pwd)/bin/ginkgo
+GINGKO_VERSION := v2.9.5
ginkgo: ## Download ginkgo locally if necessary.
- $(call go-install-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo@v2.9.5)
+ $(call go-install-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo@$(GINGKO_VERSION))
-CT = $(shell pwd)/bin/ct
+CT := $(shell pwd)/bin/ct
+CT_VERSION := v3.7.1
ct: ## Download ct locally if necessary.
- $(call go-install-tool,$(CT),github.com/helm/chart-testing/v3/ct@v3.7.1)
+ $(call go-install-tool,$(CT),github.com/helm/chart-testing/v3/ct@$(CT_VERSION))
-KIND = $(shell pwd)/bin/kind
+KIND := $(shell pwd)/bin/kind
+KIND_VERSION := v0.17.0
kind: ## Download kind locally if necessary.
- $(call go-install-tool,$(KIND),sigs.k8s.io/kind/cmd/kind@v0.17.0)
+ $(call go-install-tool,$(KIND),sigs.k8s.io/kind/cmd/kind@$(KIND_VERSION))
-KUSTOMIZE = $(shell pwd)/bin/kustomize
+KUSTOMIZE := $(shell pwd)/bin/kustomize
+KUSTOMIZE_VERSION := 3.8.7
kustomize: ## Download kustomize locally if necessary.
- $(call install-kustomize,$(KUSTOMIZE),3.8.7)
+ $(call install-kustomize,$(KUSTOMIZE),$(KUSTOMIZE_VERSION))
+
+KO = $(shell pwd)/bin/ko
+KO_VERSION = v0.14.1
+ko:
+ $(call go-install-tool,$(KO),github.com/google/ko@v0.14.1)
+
+####################
+# -- Helpers
+####################
+pull-upstream:
+ git remote add upstream https://github.com/capsuleproject/capsule.git
+ git fetch --all && git pull upstream
define install-kustomize
@[ -f $(1) ] || { \
@@ -218,7 +282,6 @@ PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
define go-install-tool
@[ -f $(1) ] || { \
set -e ;\
-echo "Installing $(2)" ;\
GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
}
endef
@@ -229,10 +292,6 @@ bundle: manifests
kustomize build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
operator-sdk bundle validate ./bundle
-# Build the bundle image.
-bundle-build:
- docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
-
# Sorting imports
.PHONY: goimports
goimports:
@@ -254,8 +313,11 @@ e2e/%: ginkgo
e2e-build/%:
kind create cluster --wait=60s --name capsule --image=kindest/node:$*
- make docker-build
- kind load docker-image --nodes capsule-control-plane --name capsule $(IMG)
+ make e2e-load-image
+ make e2e-install
+
+.PHONY: e2e-install
+e2e-install:
helm upgrade \
--debug \
--install \
@@ -264,15 +326,23 @@ e2e-build/%:
--set 'manager.image.pullPolicy=Never' \
--set 'manager.resources=null'\
--set "manager.image.tag=$(VERSION)" \
+ --set 'manager.image.registry=$(KO_REGISTRY)' \
+ --set 'manager.image.repository=$(LOCAL_CAPSULE_IMG_BASE)' \
--set 'manager.livenessProbe.failureThreshold=10' \
--set 'manager.readinessProbe.failureThreshold=10' \
--set 'podSecurityContext.seccompProfile=null' \
capsule \
./charts/capsule
+.PHONY: e2e-load-image
+e2e-load-image: ko-build-all
+ kind load docker-image --nodes capsule-control-plane --name capsule $(LOCAL_CAPSULE_IMG):$(VERSION)
+
+.PHONY: e2e-exec
e2e-exec: ginkgo
$(GINKGO) -v -tags e2e ./e2e
+.PHONY: e2e-destroy
e2e-destroy:
kind delete cluster --name capsule
diff --git a/README.md b/README.md
index 7f28e7bf8..012e325bc 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,9 @@
+
+ 
+
diff --git a/charts/capsule/README.md b/charts/capsule/README.md
index ac6bd2b0b..23813f9da 100644
--- a/charts/capsule/README.md
+++ b/charts/capsule/README.md
@@ -22,11 +22,15 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
1. Add this repository:
- $ helm repo add clastix https://clastix.github.io/charts
+ $ helm repo add projectcapsule https://projectcapsule.github.io/charts
2. Install the Chart:
- $ helm install capsule clastix/capsule -n capsule-system --create-namespace
+ $ helm install capsule projectcapsule/capsule -n capsule-system --create-namespace
+
+ or
+
+ $ helm install capsule oci://ghcr.io/projectcapsule/charts/capsule --version 0.4.6 -n capsule-system --create-namespace
3. Show the status:
@@ -34,7 +38,11 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
4. Upgrade the Chart
- $ helm upgrade capsule clastix/capsule -n capsule-system
+ $ helm upgrade capsule projectcapsule/capsule -n capsule-system
+
+ or
+
+ $ helm upgrade capsule oci://ghcr.io/projectcapsule/charts/capsule --version 0.4.7
5. Uninstall the Chart
@@ -68,6 +76,7 @@ Here the values you can override:
| customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart |
| imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. |
| jobs.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy of the helm chart job |
+| jobs.image.registry | string | `"docker.io"` | Set the image repository of the helm chart job |
| jobs.image.repository | string | `"clastix/kubectl"` | Set the image repository of the helm chart job |
| jobs.image.tag | string | `""` | Set the image tag of the helm chart job |
| mutatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for mutating webhooks |
@@ -94,11 +103,12 @@ Here the values you can override:
|-----|------|---------|-------------|
| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working |
| manager.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
-| manager.image.repository | string | `"clastix/capsule"` | Set the image repository of the capsule. |
+| manager.image.registry | string | `"ghcr.io"` | Set the image registry of capsule. |
+| manager.image.repository | string | `"projectcapsule/capsule"` | Set the image repository of capsule. |
| manager.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`. |
| manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec |
-| manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups |
+| manager.options.capsuleUserGroups | list | `["capsule.projectcapsule.io"]` | Override the Capsule user groups |
| manager.options.forceTenantPrefix | bool | `false` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash |
| manager.options.generateCertificates | bool | `true` | Specifies whether capsule webhooks certificates should be generated by capsule operator |
| manager.options.logLevel | string | `"4"` | Set the log verbosity of the capsule with a value from 1 to 10 |
@@ -196,7 +206,7 @@ Capsule, as many other add-ons, defines its own set of Custom Resource Definitio
You can enable the generation of certificates using `cert-manager` as follows.
```
-helm upgrade --install capsule clastix/capsule --namespace capsule-system --create-namespace \
+helm upgrade --install capsule projectcapsule/capsule --namespace capsule-system --create-namespace \
--set "certManager.generateCertificates=true" \
--set "tls.create=false" \
--set "tls.enableController=false"
diff --git a/charts/capsule/README.md.gotmpl b/charts/capsule/README.md.gotmpl
index 273f99899..377491a94 100644
--- a/charts/capsule/README.md.gotmpl
+++ b/charts/capsule/README.md.gotmpl
@@ -22,11 +22,15 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
1. Add this repository:
- $ helm repo add clastix https://clastix.github.io/charts
+ $ helm repo add projectcapsule https://projectcapsule.github.io/charts
2. Install the Chart:
- $ helm install capsule clastix/capsule -n capsule-system --create-namespace
+ $ helm install capsule projectcapsule/capsule -n capsule-system --create-namespace
+
+ or
+
+ $ helm install capsule oci://ghcr.io/projectcapsule/charts/capsule --version 0.4.6 -n capsule-system --create-namespace
3. Show the status:
@@ -34,7 +38,11 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
4. Upgrade the Chart
- $ helm upgrade capsule clastix/capsule -n capsule-system
+ $ helm upgrade capsule projectcapsule/capsule -n capsule-system
+
+ or
+
+ $ helm upgrade capsule oci://ghcr.io/projectcapsule/charts/capsule --version 0.4.7
5. Uninstall the Chart
@@ -132,7 +140,7 @@ Capsule, as many other add-ons, defines its own set of Custom Resource Definitio
You can enable the generation of certificates using `cert-manager` as follows.
```
-helm upgrade --install capsule clastix/capsule --namespace capsule-system --create-namespace \
+helm upgrade --install capsule projectcapsule/capsule --namespace capsule-system --create-namespace \
--set "certManager.generateCertificates=true" \
--set "tls.create=false" \
--set "tls.enableController=false"
diff --git a/charts/capsule/templates/_helpers.tpl b/charts/capsule/templates/_helpers.tpl
index 80d8a2e6e..64680fdcb 100644
--- a/charts/capsule/templates/_helpers.tpl
+++ b/charts/capsule/templates/_helpers.tpl
@@ -80,7 +80,7 @@ Create the name of the service account to use
Create the manager fully-qualified Docker image to use
*/}}
{{- define "capsule.managerFullyQualifiedDockerImage" -}}
-{{- printf "%s:%s" .Values.manager.image.repository ( .Values.manager.image.tag | default (printf "v%s" .Chart.AppVersion) ) -}}
+{{- printf "%s/%s:%s" .Values.manager.image.registry .Values.manager.image.repository ( .Values.manager.image.tag | default (printf "v%s" .Chart.AppVersion) ) -}}
{{- end }}
{{/*
@@ -106,9 +106,9 @@ Create the jobs fully-qualified Docker image to use
*/}}
{{- define "capsule.jobsFullyQualifiedDockerImage" -}}
{{- if .Values.jobs.image.tag }}
-{{- printf "%s:%s" .Values.jobs.image.repository .Values.jobs.image.tag -}}
+{{- printf "%s/%s:%s" .Values.jobs.image.registry .Values.jobs.image.repository .Values.jobs.image.tag -}}
{{- else }}
-{{- printf "%s:%s" .Values.jobs.image.repository (include "capsule.jobsTagKubeVersion" .) -}}
+{{- printf "%s/%s:%s" .Values.jobs.image.registry .Values.jobs.image.repository (include "capsule.jobsTagKubeVersion" .) -}}
{{- end }}
{{- end }}
diff --git a/charts/capsule/templates/deployment.yaml b/charts/capsule/templates/deployment.yaml
index 780876ed5..d20cb20d6 100644
--- a/charts/capsule/templates/deployment.yaml
+++ b/charts/capsule/templates/deployment.yaml
@@ -60,8 +60,6 @@ spec:
secretName: {{ include "capsule.secretTlsName" . }}
containers:
- name: manager
- command:
- - /manager
args:
- --webhook-port={{ .Values.manager.webhookPort }}
- --enable-leader-election
diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml
index 29b72e3b5..32456d2c3 100644
--- a/charts/capsule/values.yaml
+++ b/charts/capsule/values.yaml
@@ -18,8 +18,10 @@ manager:
kind: Deployment
image:
- # -- Set the image repository of the capsule.
- repository: clastix/capsule
+ # -- Set the image registry of capsule.
+ registry: ghcr.io
+ # -- Set the image repository of capsule.
+ repository: projectcapsule/capsule
# -- Set the image pull policy.
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
@@ -135,6 +137,8 @@ podSecurityPolicy:
jobs:
image:
+ # -- Set the image repository of the helm chart job
+ registry: docker.io
# -- Set the image repository of the helm chart job
repository: clastix/kubectl
# -- Set the image pull policy of the helm chart job
diff --git a/config/install.yaml b/config/install.yaml
index dc3feea3c..d753fe848 100644
--- a/config/install.yaml
+++ b/config/install.yaml
@@ -2762,14 +2762,12 @@ spec:
- --zap-encoder=console
- --zap-log-level=debug
- --configuration-name=capsule-default
- command:
- - /manager
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: clastix/capsule:v0.3.3
+ image: ghcr.io/projectcapsule/capsule
imagePullPolicy: IfNotPresent
name: manager
ports:
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 5274894d4..150cf7a0f 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -6,5 +6,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
- newName: clastix/capsule
- newTag: v0.3.3
+ newName: ghcr.io/projectcapsule/capsule
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index dd3edde40..139dda6aa 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -23,9 +23,7 @@ spec:
control-plane: controller-manager
spec:
containers:
- - command:
- - /manager
- args:
+ - args:
- --enable-leader-election
- --zap-encoder=console
- --zap-log-level=debug