feat: Registry1 and Upstream functionality and ability to add a license

.github/actions/save-logs/action.yaml

@@ -0,0 +1,18 @@
+name: save-logs
+description: "Save debug logs"
+
+runs:
+  using: composite
+  steps:
+    - name: Fix log permissions
+      run: |
+        sudo chown $USER /tmp/zarf-*.log || echo ""
+        sudo chown $USER /tmp/uds-*.log || echo ""
+      shell: bash
+
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      with:
+        name: debug-log
+        path: |
+          /tmp/zarf-*.log
+          /tmp/uds-*.log

.github/actions/setup/action.yaml

@@ -0,0 +1,43 @@
+# action.yml
+name: "Setup Environment"
+description: "UDS Environment Setup"
+
+inputs:
+  download-init-package:
+    description: "whether to download the zarf init package or not"
+    default: "true"
+  install-k3d:
+    description: "whether to install k3d or not"
+    default: "true"
+  install-node:
+    description: "whether to install node or not"
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Zarf
+      uses: defenseunicorns/setup-zarf@main
+      with:
+        # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
+        version: v0.32.1
+        download-init-package: ${{ inputs.download-init-package }}
+
+    - name: Use Node.js latest
+      if: ${{ inputs.install-node == 'true' }}
+      uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+      with:
+        node-version: 20
+
+    - name: Install k3d
+      if: ${{ inputs.install-k3d == 'true' }}
+      shell: bash
+      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash
+
+    - name: Set up Homebrew
+      uses: Homebrew/actions/setup-homebrew@master
+
+    - name: Install UDS CLI
+      shell: bash
+      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+      run: brew install defenseunicorns/tap/[email protected]

.github/workflows/commitlint.yaml

@@ -0,0 +1,28 @@
+name: Metadata
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, edited, synchronize]
+
+jobs:
+  title_check:
+    runs-on: ubuntu-latest
+    name: Validate PR Title
+    permissions:
+      pull-requests: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+
+      - name: Install commitlint
+        run: npm install --save-dev @commitlint/{config-conventional,cli}
+
+      - name: Lint PR title
+        run: echo "${{ github.event.pull_request.title }}" | npx commitlint

.github/workflows/pull-request-conditionals.yaml

@@ -0,0 +1,30 @@
+name: Setup
+
+# This workflow is triggered on pull requests to the main branch.
+on:
+  pull_request:
+    paths:
+      - ".github/**"
+      - "bundle/**"
+      - "values/**"
+      - "tasks/**"
+      - "tests/**"
+      - "tasks.yaml"
+      - "zarf.yaml"
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  id-token: write # Needed for OIDC-related operations.
+  contents: read # Allows reading the content of the repository.
+  pull-requests: read # Allows reading pull request metadata.
+
+# Default settings for all run commands in the workflow jobs.
+defaults:
+  run:
+    shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
+
+jobs:
+  run-test:
+    name: Test
+    uses: ./.github/workflows/test.yaml
+    secrets: inherit

.github/workflows/tag-and-release.yaml

@@ -0,0 +1,56 @@
+name: Publish UDS Package Artifactory
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  tag-new-version:
+    name: Tag New Version
+    permissions: write-all
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create release tag
+        id: tag
+        uses: google-github-actions/[email protected]
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
+
+  publish-package:
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
+    runs-on: ubuntu-latest
+    name: Publish package
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: ./.github/actions/setup
+        with:
+          download-init-package: false
+          install-k3d: false
+          install-node: false
+
+      - name: Iron Bank Login
+        run: zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: dummy
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish Package
+        run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}

.github/workflows/test.yaml

@@ -0,0 +1,55 @@
+name: Test package
+
+on:
+  # Manual trigger
+  workflow_dispatch:
+
+  # Triggered by pull-request-conditionals.yaml
+  workflow_call:
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: test-${{ github.ref }}-${{ inputs.package }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 20
+    name: Test
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: ./.github/actions/setup
+
+      - name: Iron Bank Login
+        run: zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil
+
+      - name: Create test bundle
+        run: uds run create-test-bundle --set FLAVOR=${{ matrix.flavor }}
+
+      - name: Setup cluster
+        run: uds run setup-cluster
+
+      - name: Deploy test bundle
+        run: uds run deploy-test-bundle
+
+      - name: Test package
+        run: uds run test-package
+
+      - name: Cleanup
+        if: always()
+        run: uds run cleanup
+
+      - name: Save logs
+        if: always()
+        uses: ./.github/actions/save-logs

.gitignore

@@ -0,0 +1,28 @@
+**/*.tfstate
+**/*.tfstate.backup
+*.tar.gz
+*.tar.zst
+~/
+.DS_Store
+defense-unicorns-distro/preflight.sh
+.terraform
+tmp
+zarf-sbom
+
+.cache/
+.idea/
+build/
+.DS_Store
+*.tar.zst
+test/tf/public-ec2-instance/.tool-versions
+zarf-sbom
+tmp/
+values-*.yaml
+overlay-values-*
+
+# Terraform
+test/tf/public-ec2-instance/.test-data
+test/tf/public-ec2-instance/.terraform
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.lock.hcl

.pre-commit-config.yaml

@@ -0,0 +1,54 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-added-large-files
+        args: ["--maxkb=1024"]
+      - id: check-merge-conflict
+      - id: detect-aws-credentials
+        args:
+          - "--allow-missing-credentials"
+      - id: detect-private-key
+        exclude: |
+          (?x)^(
+            kustomizations/bigbang/environment-bb/values-bigbang.enc.yaml
+          )$
+      - id: end-of-file-fixer
+        exclude: "^kustomizations/bigbang/vendor/.*$"
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+        exclude: "^kustomizations/bigbang/vendor/.*$"
+        args: [--markdown-linebreak-ext=md]
+      - id: check-yaml
+        exclude: |
+          (?x)^(
+            chart/templates/uds-package.yaml
+          )$
+        args:
+          - "--allow-multiple-documents"
+  - repo: https://github.com/sirosen/fix-smartquotes
+    rev: 0.2.0
+    hooks:
+      - id: fix-smartquotes
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.24.1
+    hooks:
+      - id: check-jsonschema
+        name: "Validate Zarf Configs Against Schema"
+        files: "zarf.yaml"
+        types: [yaml]
+        args:
+          [
+            "--schemafile",
+            # renovate: repo-file depName=defenseunicorns/zarf versioning=semver
+            "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.2/zarf.schema.json",
+            "--no-cache"
+          ]
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v1.54.1
+    hooks:
+      - id: golangci-lint
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 36.43.1
+    hooks:
+      - id: renovate-config-validator

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+    ".": "1.17.0-uds.0"
+}

CODEOWNERS

@@ -0,0 +1 @@
+* @defenseunicorns/uds

CONTRIBUTING.md

@@ -0,0 +1,27 @@
+# Welcome to the Artifactory UDS Package
+
+Thank you for your interest in this Defense Unicorns UDS Package!
+
+This document describes the process and requirements for contributing to this UDS Package.
+
+## Developer Experience
+
+Continuous Delivery is core to our development philosophy. Check out [https://minimumcd.org](https://minimumcd.org) for a good baseline agreement on what that means.
+
+Specifically:
+
+* We do trunk-based development (main) with short-lived feature branches that originate from the trunk, get merged into the trunk, and are deleted after the merge
+* We don't merge code into main that isn't releasable
+* We perform automated testing on all changes before they get merged to main
+* Continuous integration (CI) pipeline tests are definitive
+* We create immutable release artifacts
+
+## Definition of Done
+
+We apply these general principles to all User Stories and activities contributing to the UDS SWF.
+
+* Automated continuous integration (CI) pipeline tests pass
+* CI pipeline tests have been updated to meet system changes
+* Changes are peer reviewed
+* Acceptance criteria is met
+* Documentation is updated to reflect what changed