Merge branch 'main' into home-brew

cnoe-io · Jan 22, 2025 · 8e1c42d · 8e1c42d
2 parents bc52d32 + 6c0467e
commit 8e1c42d
Show file tree

Hide file tree

Showing 218 changed files with 5,364 additions and 16,242 deletions.
diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh
@@ -20,3 +20,4 @@ mkdir $HOME/.kube
 echo "source <(kubectl completion bash)" >> $HOME/.bashrc
 echo "alias k=kubectl" >> $HOME/.bashrc
 echo "complete -F __start_kubectl k" >> $HOME/.bashrc
+docker network create -d=bridge -o com.docker.network.bridge.enable_ip_masquerade=true -o com.docker.network.driver.mtu=1500 --subnet fc00:f853:ccd:e793::/64 kind
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# Any committer can add themselves to any  of the path patterns
+# and will subsequently get requested as a reviewer for any PRs
+# that change matching files.
+
+/* @cnoe-io/idpbuilder-approvers
+/* @cnoe-io/idpbuilder-admin
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
diff --git a/.github/ISSUE_TEMPLATE/feature.yaml b/.github/ISSUE_TEMPLATE/feature.yaml
diff --git a/.github/workflows/code-scanner.yaml b/.github/workflows/code-scanner.yaml
@@ -0,0 +1,32 @@
+name: code-scanner
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+    types: [opened, ready_for_review, synchronize]
+
+permissions:
+  contents: write
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
+jobs:
+  code-analysis:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: ls -al
+      - name: Scan current project
+        id: scan
+        uses: anchore/scan-action@v3
+        with:
+          fail-build: false
+          path: "."
+
+      - name: Upload scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/.github/workflows/codespell.yaml b/.github/workflows/codespell.yaml
@@ -23,5 +23,5 @@ jobs:
         with:
           check_filenames: true
           # When using this Action in other repos, the --skip option below can be removed
-          skip: "*.excalidraw,*.git,*.png,*.jpg,*.svg,go.mod,go.sum"
+          skip: "*.excalidraw,*.git,*.png,*.jpg,*.svg,go.mod,go.sum,./pkg/controllers/localbuild/resources"
         continue-on-error: true # The PR checks will not fail, but the possible spelling issues will still be reported for review and correction
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -6,15 +6,41 @@ on:
       - 'main'
     paths:
       - '**.go'
+      - 'go.sum'
+      - 'go.mod'
+  repository_dispatch:
+    types: [e2e-command]
+
 jobs:
   e2e:
     runs-on: ubuntu-22.04
+    if: ${{ github.event.ref != '' }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - name: Run tests
         run: |
           make e2e
+  # invoked by slash command workflow
+  e2e-slash-command:
+    runs-on: ubuntu-22.04
+    if: ${{ github.event.action == 'e2e-command' }}
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.client_payload.pull_request.head.ref }}
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        with:
+          go-version: '1.22'
+      - name: Run tests
+        run: |
+          make e2e
+
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -0,0 +1,66 @@
+name: nightly
+on:
+  # This can be used to automatically publish nightlies at UTC nighttime
+  schedule:
+    - cron: '0 7 * * *' # run at 7 AM UTC
+  # This can be used to allow manually triggering nightlies from the web interface
+  workflow_dispatch:
+
+jobs:
+  nightly:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.CNOE_GH_WORKFLOW_TOKEN_APP_ID }}
+          private-key: ${{ secrets.CNOE_GH_WORKFLOW_TOKEN_PRIVATE_KEY }}
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          fetch-depth: 0
+
+      - run: git fetch --force --tags
+      -
+        name: 'Push new tag'
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+          # A previous release was created using a lightweight tag
+          # git describe by default includes only annotated tags
+          # git describe --tags includes lightweight tags as well
+          DESCRIBE=`git tag -l --sort=-v:refname | grep -v nightly | head -n 1`
+          MAJOR_VERSION=`echo $DESCRIBE | awk '{split($0,a,"."); print a[1]}'`
+          MINOR_VERSION=`echo $DESCRIBE | awk '{split($0,a,"."); print a[2]}'`
+          MINOR_VERSION="$((${MINOR_VERSION} + 1))"
+          TAG="${MAJOR_VERSION}.${MINOR_VERSION}.0-nightly.$(date +'%Y%m%d')"
+          git tag -a $TAG -m "$TAG: nightly build"
+          git push origin $TAG
+      - name: Find previous nightly
+        run: |
+          prev_tag=$(git tag | grep "nightly" | sort -r --version-sort | head -n 2 | tail -n 1)
+          echo "PREVIOUS_NIGHTLY_TAG=$prev_tag" >> $GITHUB_ENV
+          git push --delete origin $prev_tag
+      - name: 'Clean up nightly releases'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            const latestRelease = await github.rest.repos.getReleaseByTag({ 
+              owner: "${{ github.repository_owner }}", 
+              repo: "${{ github.event.repository.name }}", 
+              tag: "${{ env.PREVIOUS_NIGHTLY_TAG }}"
+            });
+            console.log(`Release ${latestRelease}`);
+            if (latestRelease && latestRelease.data && latestRelease.data.id) {
+              await github.rest.repos.deleteRelease({
+                owner: "${{ github.repository_owner }}",
+                repo: "${{ github.event.repository.name }}",
+                release_id: latestRelease.data.id,
+              });
+              console.log(`Release id ${latestRelease.data.id} has been deleted.`);
+            } else {
+              console.log("No latest release found or failed to retrieve it.");
+            }
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -8,12 +8,17 @@ jobs:
   build:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - name: Run tests
         run: |
           make build
+          if [[ -n $(git status --porcelain) ]]; then
+            echo "git is in dirty state";
+            git status --porcelain=2 --branch
+            exit 1
+          fi
           make test
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -3,6 +3,7 @@ on:
   push:
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+.[0-9]+-nightly.[0-9]+'
 
 permissions:
   contents: write
@@ -15,9 +16,16 @@ jobs:
         with:
           fetch-depth: 0
       - run: git fetch --force --tags
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
-          go-version: '1.21.0'
+          go-version: '1.22'
+      - name: Set GORELEASER_PREVIOUS_TAG in actual release
+        if: ${{ !contains(github.ref, '-nightly') }}
+        # find previous tag by filtering out nightly tags and choosing the
+        # second to last tag (last one is the current release)
+        run: |
+          prev_tag=$(git tag | grep -v "nightly" | sort -r --version-sort | head -n 2 | tail -n 1)
+          echo "GORELEASER_PREVIOUS_TAG=$prev_tag" >> $GITHUB_ENV
       # Ensure generation tools run
       - name: build
         run: |
@@ -37,3 +45,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TOKEN: ${{ steps.generate-token.outputs.token }}
+          GORELEASER_CURRENT_TAG: ${{ github.ref_name }}
diff --git a/.github/workflows/slash-commands.yaml b/.github/workflows/slash-commands.yaml
@@ -0,0 +1,24 @@
+name: slash-commands
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  slash_command_dispatch:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.CNOE_GH_WORKFLOW_TOKEN_APP_ID }}
+          private-key: ${{ secrets.CNOE_GH_WORKFLOW_TOKEN_PRIVATE_KEY }}
+      - name: Slash Command Dispatch
+        uses: peter-evans/slash-command-dispatch@v4
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          commands: |
+            e2e
+          permission: write
+          issue-type: pull-request
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -3,6 +3,10 @@ project_name: idpbuilder
 before:
   hooks:
     - go mod tidy
+release:
+  # Mark nightly build as prerelease based on tag
+  prerelease: '{{ contains .Tag "-nightly" }}'
+
 builds:
   - env:
       - CGO_ENABLED=0
@@ -16,6 +20,8 @@ builds:
       - -X github.com/cnoe-io/idpbuilder/pkg/cmd/version.idpbuilderVersion={{ .Version }}
       - -X github.com/cnoe-io/idpbuilder/pkg/cmd/version.gitCommit={{ .FullCommit }}
       - -X github.com/cnoe-io/idpbuilder/pkg/cmd/version.buildDate={{ .CommitDate }}
+      - -w
+      - -s
     binary: idpbuilder
     ignore:
       - goos: linux
@@ -42,7 +48,7 @@ archives:
 checksum:
   name_template: 'checksums.txt'
 snapshot:
-  name_template: "{{ incpatch .Version }}-next"
+  version_template: "{{ incpatch .Version }}-next"
 changelog:
   sort: asc
   filters:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,4 +8,4 @@ repos:
     rev: v2.2.6
     hooks:
       - id: codespell
-        args: ["--skip=*.excalidraw,*.git,*.png,*.jpg,*.svg,go.sum,go.mod"]
+        args: ["--skip=*.excalidraw,*.git,*.png,*.jpg,*.svg,go.sum,go.mod,./pkg/controllers/localbuild/resources"]