feat: add goreleaser

.github/dependabot.yml

@@ -5,8 +5,12 @@ updates:
     schedule:
       interval: daily
     rebase-strategy: disabled
+    commit-message:
+      prefix: "feat(deps)"
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: daily
-    rebase-strategy: disabled
+    rebase-strategy: disabled
+    commit-message:
+      prefix: "ci"

.github/workflows/check-commit.yml

@@ -0,0 +1,19 @@
+name: Check Commit
+permissions: {}
+
+on:
+  push:
+    branches: [ "*" ]
+  pull_request:
+    branches: [ "*" ]
+
+jobs:
+  commit_lint:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@6319f54d83768b60acd6fd60e61007ccc583e62f #v5.4.3
+        with:
+          firstParent: true

.github/workflows/diff.yml

@@ -8,26 +8,6 @@ on:
     branches: [ "*" ]
 
 jobs:
-  commit_lint:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
-        with:
-          fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@6319f54d83768b60acd6fd60e61007ccc583e62f #v5.4.3
-        with:
-          firstParent: true
-  golangci:
-    name: lint
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
-      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
-        with:
-          version: v1.51.2
-          only-new-issues: false
-          args: --timeout 5m --config .golangci.yml
   diff:
     name: diff
     runs-on: ubuntu-20.04

.github/workflows/lint.yml

@@ -0,0 +1,21 @@
+name: Linting
+permissions: {}
+
+on:
+  push:
+    branches: [ "*" ]
+  pull_request:
+    branches: [ "*" ]
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
+        with:
+          version: v1.51.2
+          only-new-issues: false
+          args: --timeout 5m --config .golangci.yml

.github/workflows/releaser.yml

@@ -0,0 +1,31 @@
+name: release
+
+permissions: {}
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    needs: release-images
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Setup caches
+        uses: ./.github/actions/setup-caches
+        timeout-minutes: 5
+        continue-on-error: true
+      - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        with:
+          version: latest
+          args: release --clean --timeout 90m --debug
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yml

@@ -0,0 +1,81 @@
+project_name: capsule
+env:
+  - COSIGN_EXPERIMENTAL=true
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod download
+gomod:
+  proxy: true
+builds:
+  - main: ./main.go
+    binary: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}"
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm64
+    goos:
+      - linux
+    flags:
+      - -trimpath
+    mod_timestamp: '{{ .CommitTimestamp }}'
+    ldflags:
+      - >-
+        -X github.com/oliverbaehler/{{ .ProjectName }}/cmd/{{ .ProjectName }}/cmd.Version={{ .Tag }}
+        -X github.com/oliverbaehler/{{ .ProjectName }}/cmd/{{ .ProjectName }}/cmd.GitCommit={{ .Commit }}
+        -X github.com/oliverbaehler/{{ .ProjectName }}/cmd/{{ .ProjectName }}/cmd.BuildDate={{ .Date }}
+release:
+  prerelease: auto
+  extra_files:
+    - glob: "./cosign.pub"
+  footer: |
+    Thanks to all the contributors!
+
+    **Full Changelog**: https://github.com/projectcapsule/{{ .ProjectName }}/compare/{{ .PreviousTag }}...{{ .Tag }}
+    
+    **Docker Images**
+    - `ghcr.io/projectcapsule/{{ .ProjectName }}:{{ .Tag }}`
+    - `ghcr.io/projectcapsule/{{ .ProjectName }}:latest`
+checksum:
+  name_template: 'checksums.txt'
+changelog:
+  sort: asc
+  use: github
+  filters:
+    exclude:
+    - '^test:'
+    - '^chore'
+    - 'merge conflict'
+    - Merge pull request
+    - Merge remote-tracking branch
+    - Merge branch
+  groups:
+    # https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional
+    - title: Dependency updates
+      regexp: '^.*?(feat|fix)\(deps\)!?:.+$'
+      order: 300
+    - title: 'New Features'
+      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+      order: 100
+    - title: 'Bug fixes'
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 200
+    - title: 'Documentation updates'
+      regexp: ^.*?docs(\([[:word:]]+\))??!?:.+$
+      order: 400
+    - title: 'Build process updates'
+      regexp: ^.*?(build|ci)(\([[:word:]]+\))??!?:.+$
+      order: 400
+    - title: Other work
+      order: 9999
+sboms:
+  - artifacts: archive
+signs:
+- cmd: cosign
+  args:
+  - "sign-blob"
+  - "--output-signature=${signature}"
+  - "${artifact}"
+  - "--yes"
+  artifacts: all

CONTRIBUTING.md

@@ -0,0 +1,51 @@
+# Contributing
+
+All contributions are welcome! If you find a bug or have a feature request, please open an issue or submit a pull request.
+
+
+## Guidelines
+
+
+## Pull Requests
+
+
+### Commits
+
+Commit messages should indicate the change and it's impact. The general format for commit messages is the following:
+
+    <change-type>(<component>): cool contribution
+
+The following `<change-type>` items are available:
+
+  * `ci` or `build`: changes to buillding process/workflows
+  * `docs`: changes to documentation
+  * `feat`: new features
+  * `fix`: bug fixes
+  * `fix(deps)` or `feat(deps)`: dependency updates
+
+The changes should be grouped by component. The following `<component>` items are available:
+
+  * `all`: changes that affect all components
+  * `chart`: changes to the Helm chart
+  * `operator`: changes to the operator
+  * `docs`: changes to the documentation
+  * `website`: changes to the website
+  * `ci`: changes to the CI/CD workflows
+  * `build`: changes to the build process
+  * `test`: changes to the testing process
+  * `release`: changes to the release process
+  * `deps`: dependency updates
+
+The commits are checked on pull-request. If the commit message does not follow the format, the workflow will fail.
+
+### Sign-Off
+
+Developer Certificate of Origin (DCO) Sign off
+For contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project, we are requiring everyone to acknowledge this by signing their work which indicates you agree to the DCO found here.
+
+To sign your work, just add a line like this at the end of your commit message:
+
+Signed-off-by: Random J Developer <[email protected]>
+This can easily be done with the -s command line option to append this automatically to your commit message.
+
+git commit -s -m 'This is my commit message'

Makefile

@@ -193,8 +193,8 @@ LD_FLAGS        := "-X main.Version=$(VERSION) \
 # ------------------
 
 .PHONY: ko-build-capsule
-LOCAL_CAPSULE_IMG_BASE := $(KO_REGISTRY)/github.com/$(REPOSITORY)
-LOCAL_CAPSULE_IMG := $(LOCAL_CAPSULE_IMG_BASE):$(VERSION)
+LOCAL_CAPSULE_IMG_BASE := github.com/$(REPOSITORY)
+LOCAL_CAPSULE_IMG := $(KO_REGISTRY)/$(LOCAL_CAPSULE_IMG_BASE)
 ko-build-capsule: ko
 	@echo Building Capsule $(KO_TAGS) >&2
 	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
@@ -327,6 +327,7 @@ e2e-install:
 		--set 'manager.image.pullPolicy=Never' \
 		--set 'manager.resources=null'\
 		--set "manager.image.tag=$(VERSION)" \
+		--set 'manager.image.registry=$(KO_REGISTRY)' \
 		--set 'manager.image.repository=$(LOCAL_CAPSULE_IMG_BASE)' \
 		--set 'manager.livenessProbe.failureThreshold=10' \
 		--set 'manager.readinessProbe.failureThreshold=10' \
@@ -336,7 +337,7 @@ e2e-install:
 
 .PHONY: e2e-load-image
 e2e-load-image: ko-build-all
-	kind load docker-image --nodes capsule-control-plane --name capsule $(LOCAL_CAPSULE_IMG)
+	kind load docker-image --nodes capsule-control-plane --name capsule $(LOCAL_CAPSULE_IMG):$(VERSION)
 
 .PHONY: e2e-exec
 e2e-exec: ginkgo

charts/capsule/values.yaml

@@ -48,7 +48,7 @@ manager:
     # -- Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash
     forceTenantPrefix: false
     # -- Override the Capsule user groups
-    capsuleUserGroups: ["capsule.projectcapsule.io"]
+    capsuleUserGroups: ["capsule.clastix.io"]
     # -- If specified, disallows creation of namespaces matching the passed regexp
     protectedNamespaceRegex: ""
     # -- Specifies whether capsule webhooks certificates should be generated by capsule operator