From b718987e18655786576fd156e59e14801d52af93 Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Wed, 7 Jun 2023 15:47:10 +0545 Subject: [PATCH] Add CircleCI, GitHub Workflows and CHANGELOG (#1) --- .circleci/config.yml | 112 ++++++++ .github/pull_request_template.md | 6 + .github/workflows/pre_commit_go.yaml | 26 ++ .../zz_generated.add-team-labels.yaml | 53 ++++ .../zz_generated.add-to-project-board.yaml | 89 ++++++ .../zz_generated.check_values_schema.yaml | 44 +++ .../zz_generated.create_release.yaml | 253 ++++++++++++++++++ .../zz_generated.create_release_pr.yaml | 226 ++++++++++++++++ .github/workflows/zz_generated.gitleaks.yaml | 17 ++ .pre-commit-config.yaml | 31 +++ CHANGELOG.md | 14 + README.md | 1 - go.mod | 2 +- go.sum | 4 +- hack/boilerplate.go.txt | 2 +- internal/controller/cluster_controller.go | 2 +- cmd/main.go => main.go | 3 +- 17 files changed, 878 insertions(+), 7 deletions(-) create mode 100644 .circleci/config.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/pre_commit_go.yaml create mode 100644 .github/workflows/zz_generated.add-team-labels.yaml create mode 100644 .github/workflows/zz_generated.add-to-project-board.yaml create mode 100644 .github/workflows/zz_generated.check_values_schema.yaml create mode 100644 .github/workflows/zz_generated.create_release.yaml create mode 100644 .github/workflows/zz_generated.create_release_pr.yaml create mode 100644 .github/workflows/zz_generated.gitleaks.yaml create mode 100644 .pre-commit-config.yaml create mode 100644 CHANGELOG.md rename cmd/main.go => main.go (99%) diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..efe7af4a --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,112 @@ +version: 2.1 +orbs: + architect: giantswarm/architect@4.28.1 + +jobs: + unit-tests: + executor: architect/architect + steps: + - checkout + - run: + name: "Run unit tests" + command: CGO_ENABLED=0 make test-unit + integration-tests: + executor: architect/machine + machine: + image: 'ubuntu-2004:202010-01' + steps: + - checkout + - architect/machine-install-go + - run: + name: Install Docker Compose + environment: + COMPOSE_VERSION: '1.29.2' + command: | + curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o ~/docker-compose + chmod +x ~/docker-compose + sudo mv ~/docker-compose /usr/bin/docker-compose + - run: + name: "Run integration tests" + command: | + CGO_ENABLED=0 make test-integration + +workflows: + package-and-push-chart-on-tag: + jobs: + - unit-tests: + filters: + tags: + only: /^v.*/ + + - integration-tests: + filters: + tags: + only: /^v.*/ + + - architect/go-build: + context: architect + name: go-build + binary: teleport-operator + resource_class: xlarge + requires: + - unit-tests + - integration-tests + filters: + tags: + only: /^v.*/ + + - architect/push-to-docker: + context: "architect" + name: push-teleport-operator-to-quay + image: "quay.io/giantswarm/teleport-operator" + username_envar: "QUAY_USERNAME" + password_envar: "QUAY_PASSWORD" + requires: + - go-build + filters: + # Trigger the job also on git tag. + tags: + only: /^v.*/ + + - architect/push-to-docker: + context: "architect" + name: push-teleport-operator-to-docker + image: "docker.io/giantswarm/teleport-operator" + username_envar: "DOCKER_USERNAME" + password_envar: "DOCKER_PASSWORD" + requires: + - go-build + # Needed to trigger job also on git tag. + filters: + tags: + only: /^v.*/ + + - architect/push-to-app-catalog: + context: "architect" + # executor: "app-build-suite" # uncomment this if you want automatic metadata generation and helm chart linting + name: push-to-app-catalog + app_catalog: "control-plane-catalog" + app_catalog_test: "control-plane-test-catalog" + chart: "teleport-operator" + requires: + - push-teleport-operator-to-quay + - push-teleport-operator-to-docker + # Trigger job on git tag. + filters: + tags: + only: /^v.*/ + + - architect/push-to-app-collection: + context: architect + name: push-to-capa-app-collection + app_name: "teleport-operator" + app_collection_repo: "capa-app-collection" + requires: + - push-teleport-operator-to-docker + - push-teleport-operator-to-quay + - push-to-app-catalog + filters: + branches: + ignore: /.*/ + tags: + only: /^v.*/ diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..bac681ed --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,6 @@ +### What this PR does / why we need it + + +### Checklist + +- [ ] Update changelog in CHANGELOG.md. diff --git a/.github/workflows/pre_commit_go.yaml b/.github/workflows/pre_commit_go.yaml new file mode 100644 index 00000000..c0d198f6 --- /dev/null +++ b/.github/workflows/pre_commit_go.yaml @@ -0,0 +1,26 @@ +name: pre-commit + +on: + pull_request: + push: + branches: [main] + +jobs: + pre-commit: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + - uses: actions/setup-go@v3 + with: + go-version: "1.18.4" + - name: Install goimports + run: | + go install golang.org/x/tools/cmd/goimports@latest + - name: Install golangci-lint + env: + GOLANGCI_LINT_VERSION: "v1.47.2" + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \ + sudo sh -s -- -b $GOPATH/bin ${GOLANGCI_LINT_VERSION} + - uses: pre-commit/action@v3.0.0 diff --git a/.github/workflows/zz_generated.add-team-labels.yaml b/.github/workflows/zz_generated.add-team-labels.yaml new file mode 100644 index 00000000..9e96e1d5 --- /dev/null +++ b/.github/workflows/zz_generated.add-team-labels.yaml @@ -0,0 +1,53 @@ +name: Add appropriate labels to issue + +on: + issues: + types: [assigned] + +jobs: + build_user_list: + name: Get yaml config of GS users + runs-on: ubuntu-latest + steps: + - name: Get user-mapping + run: | + mkdir -p artifacts + wget --header "Authorization: token ${{ secrets.ISSUE_AUTOMATION }}" \ + -O artifacts/users.yaml \ + https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/user-mapping.yaml + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: users + path: artifacts/users.yaml + retention-days: 1 + + add_label: + name: Add team label when assigned + runs-on: ubuntu-latest + needs: build_user_list + steps: + - uses: actions/download-artifact@v3 + id: download-users + with: + name: users + - name: Find team label based on user names + run: | + event_assignee=$(cat $GITHUB_EVENT_PATH | jq -r .assignee.login | tr '[:upper:]' '[:lower:]') + echo "Issue assigned to: ${event_assignee}" + + TEAMS=$(cat ${{steps.download-users.outputs.download-path}}/users.yaml | tr '[:upper:]' '[:lower:]' | yq ".${event_assignee}.teams" -o csv | tr ',' ' ') + + echo "LABEL<> $GITHUB_ENV + for team in ${TEAMS}; do + echo "Team: ${team} | Label: team/${team}" + echo "team/${team}" >> $GITHUB_ENV + done + echo "EOF" >> $GITHUB_ENV + - name: Apply label to issue + if: ${{ env.LABEL != '' }} + uses: actions-ecosystem/action-add-labels@v1 + with: + github_token: ${{ secrets.ISSUE_AUTOMATION }} + labels: | + ${{ env.LABEL }} diff --git a/.github/workflows/zz_generated.add-to-project-board.yaml b/.github/workflows/zz_generated.add-to-project-board.yaml new file mode 100644 index 00000000..0392ed51 --- /dev/null +++ b/.github/workflows/zz_generated.add-to-project-board.yaml @@ -0,0 +1,89 @@ +name: Add Issue to Project when assigned + +on: + issues: + types: + - assigned + - labeled + +jobs: + build_user_list: + name: Get yaml config of GS users + runs-on: ubuntu-latest + steps: + - name: Get user-mapping + run: | + mkdir -p artifacts + wget --header "Authorization: token ${{ secrets.ISSUE_AUTOMATION }}" \ + -O artifacts/users.yaml \ + https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/user-mapping.yaml + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: users + path: artifacts/users.yaml + retention-days: 1 + - name: Get label-mapping + run: | + mkdir -p artifacts + wget --header "Authorization: token ${{ secrets.ISSUE_AUTOMATION }}" \ + -O artifacts/labels.yaml \ + https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/label-mapping.yaml + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: labels + path: artifacts/labels.yaml + retention-days: 1 + + add_to_personal_board: + name: Add issue to personal board + runs-on: ubuntu-latest + needs: build_user_list + if: github.event.action == 'assigned' + steps: + - uses: actions/download-artifact@v3 + id: download-users + with: + name: users + - name: Find personal board based on user names + run: | + event_assignee=$(cat $GITHUB_EVENT_PATH | jq -r .assignee.login | tr '[:upper:]' '[:lower:]') + echo "Issue assigned to: ${event_assignee}" + + BOARD=($(cat ${{steps.download-users.outputs.download-path}}/users.yaml | tr '[:upper:]' '[:lower:]' | yq ".${event_assignee}.personalboard")) + echo "Personal board URL: ${BOARD}" + + echo "BOARD=${BOARD}" >> $GITHUB_ENV + - name: Add issue to personal board + if: ${{ env.BOARD != 'null' && env.BOARD != '' }} + uses: actions/add-to-project@main + with: + project-url: ${{ env.BOARD }} + github-token: ${{ secrets.ISSUE_AUTOMATION }} + + add_to_team_board: + name: Add issue to team board + runs-on: ubuntu-latest + needs: build_user_list + if: github.event.action == 'labeled' + steps: + - uses: actions/download-artifact@v3 + id: download-labels + with: + name: labels + - name: Find team board based on label + run: | + event_label=$(cat $GITHUB_EVENT_PATH | jq -r .label.name | tr '[:upper:]' '[:lower:]') + echo "Issue labelled with: ${event_label}" + + BOARD=($(cat ${{steps.download-labels.outputs.download-path}}/labels.yaml | tr '[:upper:]' '[:lower:]' | yq ".[\"${event_label}\"].projectboard")) + echo "Team board URL: ${BOARD}" + + echo "BOARD=${BOARD}" >> $GITHUB_ENV + - name: Add issue to team board + if: ${{ env.BOARD != 'null' && env.BOARD != '' }} + uses: actions/add-to-project@main + with: + project-url: ${{ env.BOARD }} + github-token: ${{ secrets.ISSUE_AUTOMATION }} diff --git a/.github/workflows/zz_generated.check_values_schema.yaml b/.github/workflows/zz_generated.check_values_schema.yaml new file mode 100644 index 00000000..2aab2a6f --- /dev/null +++ b/.github/workflows/zz_generated.check_values_schema.yaml @@ -0,0 +1,44 @@ +# DO NOT EDIT. Generated with: +# +# devctl@5.19.0 +# +name: 'Values and schema' +on: + pull_request: + branches: + - master + - main + paths: + - 'helm/**/values.yaml' # default helm chart values + - 'helm/**/values.schema.json' # schema + - 'helm/**/ci/ci-values.yaml' # overrides for CI (can contain required entries) + +jobs: + check: + name: 'validate values.yaml against values.schema.json' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Install validator + run: | + wget -q -O ${HOME}/yajsv https://github.com/neilpa/yajsv/releases/download/v1.4.1/yajsv.linux.amd64 + chmod +x ${HOME}/yajsv + + - name: 'Check if values.yaml is a valid instance of values.schema.json' + run: | + HELM_DIR=$(git diff --name-only origin/${GITHUB_BASE_REF} ${GITHUB_SHA} \ + | grep 'helm/[-a-z].*\/' | head -1 | awk -F '/' '{print $1"/"$2}') + VALUES=${HELM_DIR}/values.yaml + if [ -f ${HELM_DIR}/ci/ci-values.yaml ]; then + # merge ci-values.yaml into values.yaml (providing required values) + echo -e "\nMerged values:\n==============" + yq '. *= load("'${HELM_DIR}'/ci/ci-values.yaml")' ${HELM_DIR}/values.yaml | tee ${HELM_DIR}/combined-values.yaml + echo -e "\n==============\n" + VALUES=${HELM_DIR}/combined-values.yaml + fi + + ${HOME}/yajsv -s ${HELM_DIR}/values.schema.json ${VALUES} diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml new file mode 100644 index 00000000..48a1d63e --- /dev/null +++ b/.github/workflows/zz_generated.create_release.yaml @@ -0,0 +1,253 @@ +# DO NOT EDIT. Generated with: +# +# devctl@5.19.0 +# +name: Create Release +on: + push: + branches: + - 'legacy' + - 'main' + - 'master' + - 'release-v*.*.x' + # "!" negates previous positive patterns so it has to be at the end. + - '!release-v*.x.x' +jobs: + debug_info: + name: Debug info + runs-on: ubuntu-20.04 + steps: + - name: Print github context JSON + run: | + cat <> $GITHUB_OUTPUT + - name: Checkout code + if: ${{ steps.get_version.outputs.version != '' }} + uses: actions/checkout@v3 + - name: Get project.go path + id: get_project_go_path + if: ${{ steps.get_version.outputs.version != '' }} + run: | + path='./pkg/project/project.go' + if [[ ! -f $path ]] ; then + path='' + fi + echo "path=\"$path\"" + echo "path=${path}" >> $GITHUB_OUTPUT + - name: Check if reference version + id: ref_version + run: | + title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - + ${{ github.event.head_commit.message }} + COMMIT_MESSAGE_END + )" + if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then + version=$(echo "${title}" | cut -d ' ' -f 2) + fi + version=$(echo "${title}" | cut -d ' ' -f 2) + version="${version#v}" # Strip "v" prefix. + refversion=false + if [[ "${version}" =~ ^[0-9]+.[0-9]+.[0-9]+-[0-9]+$ ]]; then + refversion=true + fi + echo "refversion =\"${refversion}\"" + echo "refversion=${refversion}" >> $GITHUB_OUTPUT + update_project_go: + name: Update project.go + runs-on: ubuntu-20.04 + if: ${{ needs.gather_facts.outputs.version != '' && needs.gather_facts.outputs.project_go_path != '' && needs.gather_facts.outputs.ref_version != 'true' }} + needs: + - gather_facts + steps: + - name: Install architect + uses: giantswarm/install-binary-action@v1.1.0 + with: + binary: "architect" + version: "6.10.0" + - name: Install semver + uses: giantswarm/install-binary-action@v1.1.0 + with: + binary: "semver" + version: "3.2.0" + download_url: "https://github.com/fsaintjacques/${binary}-tool/archive/${version}.tar.gz" + tarball_binary_path: "*/src/${binary}" + smoke_test: "${binary} --version" + - name: Checkout code + uses: actions/checkout@v3 + - name: Update project.go + id: update_project_go + env: + branch: "${{ github.ref }}-version-bump" + run: | + git checkout -b ${{ env.branch }} + file="${{ needs.gather_facts.outputs.project_go_path }}" + version="${{ needs.gather_facts.outputs.version }}" + new_version="$(semver bump patch $version)-dev" + echo "version=\"$version\" new_version=\"$new_version\"" + echo "new_version=${new_version}" >> $GITHUB_OUTPUT + sed -Ei "s/(version[[:space:]]*=[[:space:]]*)\"${version}\"/\1\"${new_version}\"/" $file + if git diff --exit-code $file ; then + echo "error: no changes in \"$file\"" >&2 + exit 1 + fi + - name: Set up git identity + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + - name: Commit changes + run: | + file="${{ needs.gather_facts.outputs.project_go_path }}" + git add $file + git commit -m "Bump version to ${{ steps.update_project_go.outputs.new_version }}" + - name: Push changes + env: + REMOTE_REPO: "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" + branch: "${{ github.ref }}-version-bump" + run: | + git push "${REMOTE_REPO}" HEAD:${{ env.branch }} + - name: Create PR + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + base: "${{ github.ref }}" + branch: "${{ github.ref }}-version-bump" + version: "${{ needs.gather_facts.outputs.version }}" + title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" + run: | + hub pull-request -f -m "${{ env.title }}" -b ${{ env.base }} -h ${{ env.branch }} -r ${{ github.actor }} + create_release: + name: Create release + runs-on: ubuntu-20.04 + needs: + - gather_facts + if: ${{ needs.gather_facts.outputs.version }} + outputs: + upload_url: ${{ steps.create_gh_release.outputs.upload_url }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.sha }} + - name: Ensure correct version in project.go + if: ${{ needs.gather_facts.outputs.project_go_path != '' && needs.gather_facts.outputs.ref_version != 'true' }} + run: | + file="${{ needs.gather_facts.outputs.project_go_path }}" + version="${{ needs.gather_facts.outputs.version }}" + grep -qE "version[[:space:]]*=[[:space:]]*\"$version\"" $file + - name: Get Changelog Entry + id: changelog_reader + uses: mindsers/changelog-reader-action@v2 + with: + version: ${{ needs.gather_facts.outputs.version }} + path: ./CHANGELOG.md + - name: Set up git identity + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + - name: Create tag + run: | + version="${{ needs.gather_facts.outputs.version }}" + git tag "v$version" ${{ github.sha }} + - name: Push tag + env: + REMOTE_REPO: "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" + run: | + git push "${REMOTE_REPO}" --tags + - name: Create release + id: create_gh_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + body: ${{ steps.changelog_reader.outputs.changes }} + tag_name: "v${{ needs.gather_facts.outputs.version }}" + release_name: "v${{ needs.gather_facts.outputs.version }}" + + create-release-branch: + name: Create release branch + runs-on: ubuntu-20.04 + needs: + - gather_facts + if: ${{ needs.gather_facts.outputs.version }} + steps: + - name: Install semver + uses: giantswarm/install-binary-action@v1.1.0 + with: + binary: "semver" + version: "3.0.0" + download_url: "https://github.com/fsaintjacques/${binary}-tool/archive/${version}.tar.gz" + tarball_binary_path: "*/src/${binary}" + smoke_test: "${binary} --version" + - name: Check out the repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Clone the whole history, not just the most recent commit. + - name: Fetch all tags and branches + run: "git fetch --all" + - name: Create long-lived release branch + run: | + current_version="${{ needs.gather_facts.outputs.version }}" + parent_version="$(git describe --tags --abbrev=0 HEAD^ || true)" + parent_version="${parent_version#v}" # Strip "v" prefix. + + if [[ -z "$parent_version" ]] ; then + echo "Unable to find a parent tag version. No branch to create." + exit 0 + fi + + echo "current_version=$current_version parent_version=$parent_version" + + current_major=$(semver get major $current_version) + current_minor=$(semver get minor $current_version) + parent_major=$(semver get major $parent_version) + parent_minor=$(semver get minor $parent_version) + echo "current_major=$current_major current_minor=$current_minor parent_major=$parent_major parent_minor=$parent_minor" + + if [[ $current_major -gt $parent_major ]] ; then + echo "Current tag is a new major version" + elif [[ $current_major -eq $parent_major ]] && [[ $current_minor -gt $parent_minor ]] ; then + echo "Current tag is a new minor version" + else + echo "Current tag is not a new major or minor version. Nothing to do here." + exit 0 + fi + + release_branch="release-v${parent_major}.${parent_minor}.x" + echo "release_branch=$release_branch" + + if git rev-parse --verify $release_branch ; then + echo "Release branch $release_branch already exists. Nothing to do here." + exit 0 + fi + + git branch $release_branch HEAD^ + git push origin $release_branch diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml new file mode 100644 index 00000000..5ad67da7 --- /dev/null +++ b/.github/workflows/zz_generated.create_release_pr.yaml @@ -0,0 +1,226 @@ +# DO NOT EDIT. Generated with: +# +# devctl@5.19.0 +# +name: Create Release PR +on: + push: + branches: + - 'legacy#release#v*.*.*' + - 'main#release#v*.*.*' + - 'main#release#major' + - 'main#release#minor' + - 'main#release#patch' + - 'master#release#v*.*.*' + - 'master#release#major' + - 'master#release#minor' + - 'master#release#patch' + - 'release#v*.*.*' + - 'release#major' + - 'release#minor' + - 'release#patch' + - 'release-v*.*.x#release#v*.*.*' + # "!" negates previous positive patterns so it has to be at the end. + - '!release-v*.x.x#release#v*.*.*' + workflow_call: + inputs: + branch: + required: true + type: string +jobs: + debug_info: + name: Debug info + runs-on: ubuntu-20.04 + steps: + - name: Print github context JSON + run: | + cat <> $GITHUB_OUTPUT + + head="${head#refs/heads/}" # Strip "refs/heads/" prefix. + if [[ $(echo "$head" | grep -o '#' | wc -l) -gt 1 ]]; then + base="$(echo $head | cut -d '#' -f 1)" + else + base="${{ github.event.base_ref }}" + fi + + base="${base#refs/heads/}" # Strip "refs/heads/" prefix. + + version="$(echo $head | awk -F# '{print $NF}')" + if [[ $version =~ ^major|minor|patch$ ]]; then + gh auth login --with-token <<<$(echo -n ${{ secrets.GITHUB_TOKEN }}) + gh_api_get_latest_release_version() + { + if ! version="$(gh api "repos/$1/releases/latest" --jq '.tag_name[1:] | split(".") | .[0], .[1], .[2]')" + then + case "$version" in + *Not\ Found*) echo Assuming v0.0.0, hooray first release! >&2 ; version="0 0 0" ;; + *) version="" ; return 1 ;; + esac + fi + echo "$version" + } + + version_parts=($(gh_api_get_latest_release_version "${{ github.repository }}")) + version_major=${version_parts[0]} + version_minor=${version_parts[1]} + version_patch=${version_parts[2]} + case ${version} in + patch) + version_patch=$((version_patch+1)) + ;; + minor) + version_minor=$((version_minor+1)) + version_patch=0 + ;; + major) + version_major=$((version_major+1)) + version_minor=0 + version_patch=0 + echo "is_major=true" >> $GITHUB_OUTPUT + ;; + *) + echo "Unknown Semver level provided" + exit 1 + ;; + esac + version="${version_major}.${version_minor}.${version_patch}" + else + version="${version#v}" # Strip "v" prefix. + version_major=$(echo "${version}" | cut -d "." -f 1) + version_minor=$(echo "${version}" | cut -d "." -f 2) + version_patch=$(echo "${version}" | cut -d "." -f 3) + # This will help us detect versions with suffixes as majors, i.e 3.0.0-alpha1. + # Even though it's a pre-release, it's still a major. + if [[ $version_minor = 0 && $version_patch =~ ^0.* ]]; then + echo "is_major=true" >> $GITHUB_OUTPUT + fi + fi + repo_name="$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" + echo "repo_name=\"$repo_name\" base=\"$base\" head=\"$head\" version=\"$version\"" + echo "repo_name=${repo_name}" >> $GITHUB_OUTPUT + echo "base=${base}" >> $GITHUB_OUTPUT + echo "head=${head}" >> $GITHUB_OUTPUT + echo "version=${version}" >> $GITHUB_OUTPUT + - name: Check if PR exists + id: pr_exists + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + if gh pr view --repo ${{ github.repository }} ${{ steps.gather_facts.outputs.branch }} | grep -i 'state:[[:space:]]*open' >/dev/null; then + gh pr view --repo ${{ github.repository }} ${{ steps.gather_facts.outputs.branch }} + echo "skip=true" >> $GITHUB_OUTPUT + else + echo "skip=false" >> $GITHUB_OUTPUT + fi + create_release_pr: + name: Create release PR + runs-on: ubuntu-20.04 + needs: + - gather_facts + if: ${{ needs.gather_facts.outputs.skip != 'true' }} + env: + architect_flags: "--organisation ${{ github.repository_owner }} --project ${{ needs.gather_facts.outputs.repo_name }}" + steps: + - uses: actions/setup-go@v3 + with: + go-version: '=1.18.1' + - name: Install architect + uses: giantswarm/install-binary-action@v1.1.0 + with: + binary: "architect" + version: "6.10.0" + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ needs.gather_facts.outputs.branch }} + - name: Prepare release changes + run: | + architect prepare-release ${{ env.architect_flags }} --version "${{ needs.gather_facts.outputs.version }}" + - name: Update version field in Chart.yaml + run: | + # Define chart_dir + repository="${{ needs.gather_facts.outputs.repo_name }}" + chart="helm/${repository}" + + # Check chart directory. + if [ ! -d "${chart}" ] + then + echo "Could not find chart directory '${chart}', adding app suffix." + + # Add app suffix. + chart="helm/${repository}-app" + + # Check chart directory with app suffix. + if [ ! -d "${chart}" ] + then + echo "Could not find chart directory '${chart}', removing app suffix." + + # Remove app suffix. + chart="helm/${repository%-app}" + + if [ ! -d "${chart}" ] + then + # Print error. + echo "Could not find chart directory '${chart}', doing nothing." + fi + fi + fi + + # Define chart YAML. + chart_yaml="${chart}/Chart.yaml" + + # Check chart YAML. + if [ -f "${chart_yaml}" ] + then + # check if version in Chart.yaml is templated using architect + if [ $(grep -c "^version:.*\.Version.*$" "${chart_yaml}") = "0" ]; then + yq -i '.version = "${{ needs.gather_facts.outputs.version }}"' "${chart_yaml}" + fi + fi + + - name: Bump go module defined in go.mod if needed + run: | + if [ "${{ needs.gather_facts.outputs.is_major }}" = true ] && test -f "go.mod"; then + go install github.com/marwan-at-work/mod/cmd/mod@v0.4.2 + mod upgrade + fi + - name: Set up git identity + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + - name: Create release commit + env: + version: "${{ needs.gather_facts.outputs.version }}" + run: | + git add -A + git commit -m "Release v${{ env.version }}" + - name: Push changes + env: + remote_repo: "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" + run: | + git push "${remote_repo}" HEAD:${{ needs.gather_facts.outputs.branch }} + - name: Create PR + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + base: "${{ needs.gather_facts.outputs.base }}" + version: "${{ needs.gather_facts.outputs.version }}" + run: | + hub pull-request -f -m "Release v${{ env.version }}" -a ${{ github.actor }} -b ${{ env.base }} -h ${{ needs.gather_facts.outputs.branch }} diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml new file mode 100644 index 00000000..850c6d4e --- /dev/null +++ b/.github/workflows/zz_generated.gitleaks.yaml @@ -0,0 +1,17 @@ +# DO NOT EDIT. Generated with: +# +# devctl@5.19.0 +# +name: gitleaks + +on: [pull_request] + +jobs: + gitleaks: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: '0' + - name: gitleaks-action + uses: zricethezav/gitleaks-action@v1.6.0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..3b2d36ce --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,31 @@ +minimum_pre_commit_version: '2.17' +repos: + # shell scripts + - repo: https://github.com/detailyang/pre-commit-shell + rev: 1.0.5 + hooks: + - id: shell-lint + args: [ --format=json ] + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-added-large-files + # check for unresolved merge conflicts + - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - id: detect-private-key + - id: end-of-file-fixer + - id: mixed-line-ending + - id: trailing-whitespace + + - repo: https://github.com/dnephin/pre-commit-golang + rev: v0.5.1 + hooks: + - id: go-fmt + - id: go-mod-tidy + - id: golangci-lint + # timeout is needed for CI + args: [ -E, gosec, -E, goconst, -E, govet, --timeout, 300s ] + - id: go-imports + args: [ -local, github.com/giantswarm/teleport-operator ] diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..9612c45b --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + + +## [Unreleased] + + + +[Unreleased]: https://github.com/giantswarm/teleport-operator/tree/main diff --git a/README.md b/README.md index 5688e2b7..e61c0312 100644 --- a/README.md +++ b/README.md @@ -91,4 +91,3 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - diff --git a/go.mod b/go.mod index 22dd2740..b17a99d7 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/giantswarm/microerror v0.4.0 github.com/go-logr/logr v1.2.4 - github.com/gravitational/teleport/api v0.0.0-20230606022908-5e60f9001626 + github.com/gravitational/teleport/api v0.0.0-20230607072028-2f3f42ef14ad github.com/onsi/ginkgo/v2 v2.9.2 github.com/onsi/gomega v1.27.5 k8s.io/api v0.26.1 diff --git a/go.sum b/go.sum index 28dc473b..e4df89d6 100644 --- a/go.sum +++ b/go.sum @@ -205,8 +205,8 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gravitational/teleport/api v0.0.0-20230606022908-5e60f9001626 h1:Kil3bQSvOKi7GBQKyBEooC1/kNgdwnSaL+7vyAzU8Uc= -github.com/gravitational/teleport/api v0.0.0-20230606022908-5e60f9001626/go.mod h1:Qwg0IgGu1lhTWzmQbnqdnZmb1zPKKgIETUpmfva1iJY= +github.com/gravitational/teleport/api v0.0.0-20230607072028-2f3f42ef14ad h1:WTiS5oEv6vfMRFLTJnqMg6oF3NWxqojRW/BcAFMtA8M= +github.com/gravitational/teleport/api v0.0.0-20230607072028-2f3f42ef14ad/go.mod h1:Qwg0IgGu1lhTWzmQbnqdnZmb1zPKKgIETUpmfva1iJY= github.com/gravitational/trace v1.2.1 h1:Iaf43aqbKV5H8bdiRs1qByjEHgAfADJ0lt0JwRyu+q8= github.com/gravitational/trace v1.2.1/go.mod h1:n0ijrq6psJY0sOI/NzLp+xdd8xl79jjwzVOFHDY6+kQ= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt index 65b86227..6975adbe 100644 --- a/hack/boilerplate.go.txt +++ b/hack/boilerplate.go.txt @@ -12,4 +12,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -*/ \ No newline at end of file +*/ diff --git a/internal/controller/cluster_controller.go b/internal/controller/cluster_controller.go index 5d70cee5..5cadeded 100644 --- a/internal/controller/cluster_controller.go +++ b/internal/controller/cluster_controller.go @@ -73,7 +73,7 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, err } - secretName := "teleport-kube-agent-join-token" + secretName := "teleport-kube-agent-join-token" //#nosec G101 secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: secretName, diff --git a/cmd/main.go b/main.go similarity index 99% rename from cmd/main.go rename to main.go index 28430d07..8d088b68 100644 --- a/cmd/main.go +++ b/main.go @@ -31,9 +31,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" + capi "sigs.k8s.io/cluster-api/api/v1beta1" + "github.com/giantswarm/teleport-operator/internal/controller" "github.com/giantswarm/teleport-operator/internal/pkg/teleportclient" - capi "sigs.k8s.io/cluster-api/api/v1beta1" //+kubebuilder:scaffold:imports )