From 05fdaefa7862b156d549e44b4bb1ed174f501e86 Mon Sep 17 00:00:00 2001 From: Philip Laine Date: Fri, 26 Jul 2024 15:42:06 +0200 Subject: [PATCH 01/25] fix: error formatting and comparison and enable errorlint (#2771) Signed-off-by: Philip Laine --- .golangci.yaml | 1 + src/cmd/common/viper.go | 14 ++++++-------- src/extensions/bigbang/bigbang.go | 4 ++-- src/internal/packager/helm/chart.go | 6 +++--- src/internal/packager/helm/post-render.go | 2 +- src/internal/packager/helm/repo.go | 15 +++++++++------ src/pkg/layout/component.go | 6 ------ src/pkg/packager/sources/oci.go | 2 +- src/pkg/packager/sources/split.go | 4 ++-- src/pkg/packager/sources/tarball.go | 2 +- src/pkg/utils/yaml.go | 7 ++++--- 11 files changed, 30 insertions(+), 33 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 9426dd911e..58aaa823f9 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,6 +15,7 @@ linters: - nolintlint - testifylint - whitespace + - errorlint linters-settings: govet: enable-all: true diff --git a/src/cmd/common/viper.go b/src/cmd/common/viper.go index bbd0f64c0c..a28e30544e 100644 --- a/src/cmd/common/viper.go +++ b/src/cmd/common/viper.go @@ -5,6 +5,7 @@ package common import ( + "errors" "os" "strings" @@ -166,16 +167,13 @@ func printViperConfigUsed() { if !vInitialized { return } - // Optional, so ignore file not found errors - if vConfigError != nil { - // Config file not found; ignore - if _, ok := vConfigError.(viper.ConfigFileNotFoundError); !ok { - message.WarnErrf(vConfigError, lang.CmdViperErrLoadingConfigFile, vConfigError.Error()) - } - } else { - message.Notef(lang.CmdViperInfoUsingConfigFile, v.ConfigFileUsed()) + var notFoundErr *viper.ConfigFileNotFoundError + if vConfigError != nil && !errors.As(vConfigError, ¬FoundErr) { + message.WarnErrf(vConfigError, lang.CmdViperErrLoadingConfigFile, vConfigError.Error()) + return } + message.Notef(lang.CmdViperInfoUsingConfigFile, v.ConfigFileUsed()) } func setDefaults() { diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go index ebe068f003..7eedf66255 100644 --- a/src/extensions/bigbang/bigbang.go +++ b/src/extensions/bigbang/bigbang.go @@ -50,12 +50,12 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type validVersionResponse, err := isValidVersion(cfg.Version) if err != nil { - return c, fmt.Errorf("invalid Big Bang version: %s, parsing issue %s", cfg.Version, err) + return c, fmt.Errorf("could not parse the Big Bang version %s: %w", cfg.Version, err) } // Make sure the version is valid. if !validVersionResponse { - return c, fmt.Errorf("invalid Big Bang version: %s, must be at least %s", cfg.Version, bbMinRequiredVersion) + return c, fmt.Errorf("Big Bang version %s must be at least %s", cfg.Version, bbMinRequiredVersion) } // Print the banner for Big Bang. diff --git a/src/internal/packager/helm/chart.go b/src/internal/packager/helm/chart.go index bca8773294..26f81e1a9b 100644 --- a/src/internal/packager/helm/chart.go +++ b/src/internal/packager/helm/chart.go @@ -149,7 +149,7 @@ func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues if h.kubeVersion != "" { parsedKubeVersion, err := chartutil.ParseKubeVersion(h.kubeVersion) if err != nil { - return "", nil, fmt.Errorf("invalid kube version '%s': %s", h.kubeVersion, err) + return "", nil, fmt.Errorf("invalid kube version %s: %w", h.kubeVersion, err) } client.KubeVersion = parsedKubeVersion } @@ -392,13 +392,13 @@ func (h *Helm) migrateDeprecatedAPIs(latestRelease *release.Release) error { // parse to unstructured to have access to more data than just the name rawData := &unstructured.Unstructured{} if err := yaml.Unmarshal([]byte(resource.Content), rawData); err != nil { - return fmt.Errorf("failed to unmarshal manifest: %#v", err) + return fmt.Errorf("failed to unmarshal manifest: %w", err) } rawData, manifestModified, _ := handleDeprecations(rawData, *kubeGitVersion) manifestContent, err := yaml.Marshal(rawData) if err != nil { - return fmt.Errorf("failed to marshal raw manifest after deprecation check: %#v", err) + return fmt.Errorf("failed to marshal raw manifest after deprecation check: %w", err) } // If this is not a bad object, place it back into the manifest diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index b115b33ddf..c316375acb 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -222,7 +222,7 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti // parse to unstructured to have access to more data than just the name rawData := &unstructured.Unstructured{} if err := yaml.Unmarshal([]byte(resource.Content), rawData); err != nil { - return fmt.Errorf("failed to unmarshal manifest: %#v", err) + return fmt.Errorf("failed to unmarshal manifest: %w", err) } switch rawData.GetKind() { diff --git a/src/internal/packager/helm/repo.go b/src/internal/packager/helm/repo.go index 9397a7f760..dad0e59aab 100644 --- a/src/internal/packager/helm/repo.go +++ b/src/internal/packager/helm/repo.go @@ -6,6 +6,7 @@ package helm import ( "context" + "errors" "fmt" "os" "path/filepath" @@ -307,18 +308,20 @@ func (h *Helm) buildChartDependencies() error { // Build the deps from the helm chart err = man.Build() - if e, ok := err.(downloader.ErrRepoNotFound); ok { + var notFoundErr *downloader.ErrRepoNotFound + if errors.As(err, ¬FoundErr) { // If we encounter a repo not found error point the user to `zarf tools helm repo add` - message.Warnf("%s. Please add the missing repo(s) via the following:", e.Error()) - for _, repository := range e.Repos { + message.Warnf("%s. Please add the missing repo(s) via the following:", notFoundErr.Error()) + for _, repository := range notFoundErr.Repos { message.ZarfCommand(fmt.Sprintf("tools helm repo add %s", repository)) } - } else if err != nil { - // Warn the user of any issues but don't fail - any actual issues will cause a fail during packaging (e.g. the charts we are building may exist already, we just can't get updates) + return err + } + if err != nil { message.ZarfCommand("tools helm dependency build --verify") message.Warnf("Unable to perform a rebuild of Helm dependencies: %s", err.Error()) + return err } - return nil } diff --git a/src/pkg/layout/component.go b/src/pkg/layout/component.go index f52e6bbe06..ec5e82507b 100644 --- a/src/pkg/layout/component.go +++ b/src/pkg/layout/component.go @@ -38,12 +38,6 @@ type Components struct { // ErrNotLoaded is returned when a path is not loaded. var ErrNotLoaded = fmt.Errorf("not loaded") -// IsNotLoaded checks if an error is ErrNotLoaded. -func IsNotLoaded(err error) bool { - u, ok := err.(*fs.PathError) - return ok && u.Unwrap() == ErrNotLoaded -} - // Archive archives a component. func (c *Components) Archive(component types.ZarfComponent, cleanupTemp bool) (err error) { name := component.Name diff --git a/src/pkg/packager/sources/oci.go b/src/pkg/packager/sources/oci.go index 33e4ba3fad..f22547d520 100644 --- a/src/pkg/packager/sources/oci.go +++ b/src/pkg/packager/sources/oci.go @@ -86,7 +86,7 @@ func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, f if unarchiveAll { for _, component := range pkg.Components { if err := dst.Components.Unarchive(component); err != nil { - if layout.IsNotLoaded(err) { + if errors.Is(err, layout.ErrNotLoaded) { _, err := dst.Components.Create(component) if err != nil { return pkg, nil, err diff --git a/src/pkg/packager/sources/split.go b/src/pkg/packager/sources/split.go index 473aa0008a..8176b68882 100644 --- a/src/pkg/packager/sources/split.go +++ b/src/pkg/packager/sources/split.go @@ -36,7 +36,7 @@ func (s *SplitTarballSource) Collect(_ context.Context, dir string) (string, err pattern := strings.Replace(s.PackageSource, ".part000", ".part*", 1) fileList, err := filepath.Glob(pattern) if err != nil { - return "", fmt.Errorf("unable to find split tarball files: %s", err) + return "", fmt.Errorf("unable to find split tarball files: %w", err) } // Ensure the files are in order so they are appended in the correct order @@ -46,7 +46,7 @@ func (s *SplitTarballSource) Collect(_ context.Context, dir string) (string, err // Create the new package pkgFile, err := os.Create(reassembled) if err != nil { - return "", fmt.Errorf("unable to create new package file: %s", err) + return "", fmt.Errorf("unable to create new package file: %w", err) } defer pkgFile.Close() diff --git a/src/pkg/packager/sources/tarball.go b/src/pkg/packager/sources/tarball.go index b99253c0a5..9cbbf1b071 100644 --- a/src/pkg/packager/sources/tarball.go +++ b/src/pkg/packager/sources/tarball.go @@ -114,7 +114,7 @@ func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, if unarchiveAll { for _, component := range pkg.Components { if err := dst.Components.Unarchive(component); err != nil { - if layout.IsNotLoaded(err) { + if errors.Is(err, layout.ErrNotLoaded) { _, err := dst.Components.Create(component) if err != nil { return pkg, nil, err diff --git a/src/pkg/utils/yaml.go b/src/pkg/utils/yaml.go index 5f86202970..f3fdaa53b7 100644 --- a/src/pkg/utils/yaml.go +++ b/src/pkg/utils/yaml.go @@ -8,6 +8,7 @@ package utils import ( "bytes" + "errors" "fmt" "io" "io/fs" @@ -196,7 +197,7 @@ func SplitYAML(yamlData []byte) ([]*unstructured.Unstructured, error) { for _, yml := range ymls { u := &unstructured.Unstructured{} if err := k8syaml.Unmarshal([]byte(yml), u); err != nil { - return objs, fmt.Errorf("failed to unmarshal manifest: %#v", err) + return objs, fmt.Errorf("failed to unmarshal manifest: %w", err) } objs = append(objs, u) } @@ -216,10 +217,10 @@ func SplitYAMLToString(yamlData []byte) ([]string, error) { for { ext := runtime.RawExtension{} if err := d.Decode(&ext); err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } - return objs, fmt.Errorf("failed to unmarshal manifest: %#v", err) + return objs, fmt.Errorf("failed to unmarshal manifest: %w", err) } ext.Raw = bytes.TrimSpace(ext.Raw) if len(ext.Raw) == 0 || bytes.Equal(ext.Raw, []byte("null")) { From 6153b6af4b4c1d6cf8f89d5fa17df1f3fadde034 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:20:44 -0400 Subject: [PATCH 02/25] fix(deps): update module github.com/fluxcd/helm-controller/api to v1 (#2487) Signed-off-by: schristoff <28318173+schristoff@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: schristoff <28318173+schristoff@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- src/extensions/bigbang/manifests.go | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index d69363783f..db29e4a620 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/distribution/reference v0.5.0 github.com/fairwindsops/pluto/v5 v5.18.4 github.com/fatih/color v1.16.0 - github.com/fluxcd/helm-controller/api v0.37.4 + github.com/fluxcd/helm-controller/api v1.0.1 github.com/fluxcd/pkg/apis/meta v1.5.0 github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.11.0 @@ -233,7 +233,7 @@ require ( github.com/felixge/fgprof v0.9.3 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.3.0 // indirect + github.com/fluxcd/pkg/apis/kustomize v1.5.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fvbommel/sortorder v1.1.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect diff --git a/go.sum b/go.sum index a0be8e7f61..23759f5ede 100644 --- a/go.sum +++ b/go.sum @@ -706,12 +706,12 @@ github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g= github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fluxcd/helm-controller/api v0.37.4 h1:rkBMqYXexyf1s5BS8QpxGi691DsCi+yugIFCM5fNKLU= -github.com/fluxcd/helm-controller/api v0.37.4/go.mod h1:KFdP5Lbrc4Vv+Jt4xRj6UUo3qiwdBqBPl1xiiAnBe9c= +github.com/fluxcd/helm-controller/api v1.0.1 h1:Gn9qEVuif6D5+gHmVwTEZkR4+nmLOcOhKx4Sw2gL2EA= +github.com/fluxcd/helm-controller/api v1.0.1/go.mod h1:/6AD5a2qjo/ttxVM8GR33syLZwqigta60DCLdy8GrME= github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= -github.com/fluxcd/pkg/apis/kustomize v1.3.0 h1:qvB46CfaOWcL1SyR2RiVWN/j7/035D0OtB1ltLN7rgI= -github.com/fluxcd/pkg/apis/kustomize v1.3.0/go.mod h1:PCXf5kktTzNav0aH2Ns3jsowqwmA9xTcsrEOoPzx/K8= +github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= +github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= github.com/fluxcd/pkg/apis/meta v1.5.0 h1:/G82d2Az5D9op3F+wJUpD8jw/eTV0suM6P7+cSURoUM= github.com/fluxcd/pkg/apis/meta v1.5.0/go.mod h1:Y3u7JomuuKtr5fvP1Iji2/50FdRe5GcBug2jawNVkdM= github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= diff --git a/src/extensions/bigbang/manifests.go b/src/extensions/bigbang/manifests.go index 3eb88bee6c..686458c6cc 100644 --- a/src/extensions/bigbang/manifests.go +++ b/src/extensions/bigbang/manifests.go @@ -166,7 +166,7 @@ func manifestHelmRelease(values []fluxHelmCtrl.ValuesReference) fluxHelmCtrl.Hel }, Spec: fluxHelmCtrl.HelmReleaseSpec{ Timeout: &tenMins, - Chart: fluxHelmCtrl.HelmChartTemplate{ + Chart: &fluxHelmCtrl.HelmChartTemplate{ Spec: fluxHelmCtrl.HelmChartTemplateSpec{ Chart: "./chart", SourceRef: fluxHelmCtrl.CrossNamespaceObjectReference{ From fccaaff1eb0e3eaaf9544e7ceae43fc405e41ff6 Mon Sep 17 00:00:00 2001 From: Philip Laine Date: Mon, 29 Jul 2024 16:26:42 +0200 Subject: [PATCH 03/25] refactor: load state to return error if loading fails (#2763) Signed-off-by: Philip Laine --- src/cmd/destroy.go | 2 +- src/cmd/internal.go | 33 +++++++-------- src/cmd/tools/crane.go | 2 +- src/config/lang/english.go | 6 --- .../agent/hooks/argocd-application.go | 2 +- src/internal/agent/hooks/argocd-repository.go | 2 +- src/internal/agent/hooks/flux-gitrepo.go | 2 +- src/internal/agent/hooks/flux-helmrepo.go | 2 +- src/internal/agent/hooks/flux-ocirepo.go | 2 +- src/internal/agent/hooks/pods.go | 2 +- src/pkg/cluster/state.go | 7 ++-- src/pkg/packager/deploy.go | 41 +++++++++++-------- 12 files changed, 51 insertions(+), 52 deletions(-) diff --git a/src/cmd/destroy.go b/src/cmd/destroy.go index 1e3d1bb646..1b71740aa3 100644 --- a/src/cmd/destroy.go +++ b/src/cmd/destroy.go @@ -44,7 +44,7 @@ var destroyCmd = &cobra.Command{ // the scripts to remove k3s, we will still try to remove a locally installed k3s cluster state, err := c.LoadZarfState(ctx) if err != nil { - message.WarnErr(err, lang.ErrLoadState) + message.WarnErr(err, err.Error()) } // If Zarf deployed the cluster, burn it all down diff --git a/src/cmd/internal.go b/src/cmd/internal.go index 7ff0315356..907125688d 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -204,14 +204,12 @@ var createReadOnlyGiteaUser = &cobra.Command{ if err != nil { return err } - // Load the state so we can get the credentials for the admin git user state, err := c.LoadZarfState(cmd.Context()) if err != nil { - message.WarnErr(err, lang.ErrLoadState) + return err } - // Create the non-admin user if err = git.New(state.GitServer).CreateReadOnlyUser(cmd.Context()); err != nil { - message.WarnErr(err, lang.CmdInternalCreateReadOnlyGiteaUserErr) + return fmt.Errorf("unable to create a read only user in Gitea: %w", err) } return nil }, @@ -228,25 +226,22 @@ var createPackageRegistryToken = &cobra.Command{ if err != nil { return err } - ctx := cmd.Context() state, err := c.LoadZarfState(ctx) if err != nil { - message.WarnErr(err, lang.ErrLoadState) + return err } - - // If we are setup to use an internal artifact server, create the artifact registry token - if state.ArtifactServer.InternalServer { - token, err := git.New(state.GitServer).CreatePackageRegistryToken(ctx) - if err != nil { - message.WarnErr(err, lang.CmdInternalArtifactRegistryGiteaTokenErr) - } - - state.ArtifactServer.PushToken = token.Sha1 - - if err := c.SaveZarfState(ctx, state); err != nil { - return err - } + if !state.ArtifactServer.InternalServer { + return nil + } + token, err := git.New(state.GitServer).CreatePackageRegistryToken(ctx) + if err != nil { + return fmt.Errorf("unable to create an artifact registry token for Gitea: %w", err) + } + state.ArtifactServer.PushToken = token.Sha1 + err = c.SaveZarfState(ctx, state) + if err != nil { + return err } return nil }, diff --git a/src/cmd/tools/crane.go b/src/cmd/tools/crane.go index 4df8daebb3..dd76955339 100644 --- a/src/cmd/tools/crane.go +++ b/src/cmd/tools/crane.go @@ -176,7 +176,7 @@ func zarfCraneInternalWrapper(commandToWrap func(*[]crane.Option) *cobra.Command zarfState, err := c.LoadZarfState(ctx) if err != nil { - message.Warnf(lang.CmdToolsCraneConnectedButBadStateErr, err.Error()) + message.Warnf("could not get Zarf state from Kubernetes cluster, continuing without state information %s", err.Error()) return originalListFn(cmd, args) } diff --git a/src/config/lang/english.go b/src/config/lang/english.go index 780a50a3bc..5cb2db2d61 100644 --- a/src/config/lang/english.go +++ b/src/config/lang/english.go @@ -17,14 +17,12 @@ import ( // Debug messages will not be a part of the language strings since they are not intended to be user facing // Include sprintf formatting directives in the string if needed. const ( - ErrLoadState = "Failed to load the Zarf State from the cluster." ErrUnmarshal = "failed to unmarshal file: %w" ErrWritingFile = "failed to write file %s: %s" ErrDownloading = "failed to download %s: %s" ErrCreatingDir = "failed to create directory %s: %s" ErrRemoveFile = "failed to remove file %s: %s" ErrUnarchive = "failed to unarchive %s: %s" - ErrConfirmCancel = "confirm selection canceled: %s" ErrFileExtract = "failed to extract filename %s from archive %s: %s" ErrFileNameExtract = "failed to extract filename from URL %s: %s" ErrUnableToGenerateRandomSecret = "unable to generate a random secret" @@ -199,7 +197,6 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA CmdInternalArtifactRegistryGiteaTokenShort = "Creates an artifact registry token for Gitea" CmdInternalArtifactRegistryGiteaTokenLong = "Creates an artifact registry token in Gitea using the Gitea API. " + "This is called internally by the supported Gitea package component." - CmdInternalArtifactRegistryGiteaTokenErr = "Unable to create an artifact registry token for the Gitea service." CmdInternalUpdateGiteaPVCShort = "Updates an existing Gitea persistent volume claim" CmdInternalUpdateGiteaPVCLong = "Updates an existing Gitea persistent volume claim by assessing if claim is a custom user provided claim or default." + @@ -489,8 +486,6 @@ zarf tools yq e '.a.b = "cool"' -i file.yaml CmdToolsClearCacheSuccess = "Successfully cleared the cache from %s" CmdToolsClearCacheFlagCachePath = "Specify the location of the Zarf artifact cache (images and git repositories)" - CmdToolsCraneConnectedButBadStateErr = "Detected a K8s cluster but was unable to get Zarf state - continuing without state information: %s" - CmdToolsDownloadInitShort = "Downloads the init package for the current Zarf version into the specified directory" CmdToolsDownloadInitFlagOutputDirectory = "Specify a directory to place the init package in." @@ -608,7 +603,6 @@ const ( AgentErrBadRequest = "could not read request body: %s" AgentErrBindHandler = "Unable to bind the webhook handler" AgentErrCouldNotDeserializeReq = "could not deserialize request: %s" - AgentErrGetState = "failed to load zarf state: %w" AgentErrParsePod = "failed to parse pod: %w" AgentErrHostnameMatch = "failed to complete hostname matching: %w" AgentErrInvalidMethod = "invalid method only POST requests are allowed" diff --git a/src/internal/agent/hooks/argocd-application.go b/src/internal/agent/hooks/argocd-application.go index f9d3238aee..b234f29e84 100644 --- a/src/internal/agent/hooks/argocd-application.go +++ b/src/internal/agent/hooks/argocd-application.go @@ -62,7 +62,7 @@ func NewApplicationMutationHook(ctx context.Context, cluster *cluster.Cluster) o func mutateApplication(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (result *operations.Result, err error) { state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } message.Debugf("Using the url of (%s) to mutate the ArgoCD Application", state.GitServer.Address) diff --git a/src/internal/agent/hooks/argocd-repository.go b/src/internal/agent/hooks/argocd-repository.go index 2311b50511..1875772d05 100644 --- a/src/internal/agent/hooks/argocd-repository.go +++ b/src/internal/agent/hooks/argocd-repository.go @@ -54,7 +54,7 @@ func mutateRepositorySecret(ctx context.Context, r *v1.AdmissionRequest, cluster state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } message.Infof("Using the url of (%s) to mutate the ArgoCD Repository Secret", state.GitServer.Address) diff --git a/src/internal/agent/hooks/flux-gitrepo.go b/src/internal/agent/hooks/flux-gitrepo.go index 38a5aedadb..2fda2969bb 100644 --- a/src/internal/agent/hooks/flux-gitrepo.go +++ b/src/internal/agent/hooks/flux-gitrepo.go @@ -48,7 +48,7 @@ func mutateGitRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } message.Debugf("Using the url of (%s) to mutate the flux repository", state.GitServer.Address) diff --git a/src/internal/agent/hooks/flux-helmrepo.go b/src/internal/agent/hooks/flux-helmrepo.go index c053bb669b..64ad78e40a 100644 --- a/src/internal/agent/hooks/flux-helmrepo.go +++ b/src/internal/agent/hooks/flux-helmrepo.go @@ -56,7 +56,7 @@ func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluste zarfState, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } // Get the registry service info if this is a NodePort service to use the internal kube-dns diff --git a/src/internal/agent/hooks/flux-ocirepo.go b/src/internal/agent/hooks/flux-ocirepo.go index 021a0a619d..e00362c906 100644 --- a/src/internal/agent/hooks/flux-ocirepo.go +++ b/src/internal/agent/hooks/flux-ocirepo.go @@ -59,7 +59,7 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster zarfState, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } // Get the registry service info if this is a NodePort service to use the internal kube-dns diff --git a/src/internal/agent/hooks/pods.go b/src/internal/agent/hooks/pods.go index 7d7a6a8023..86fae81e0f 100644 --- a/src/internal/agent/hooks/pods.go +++ b/src/internal/agent/hooks/pods.go @@ -61,7 +61,7 @@ func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Clu state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } registryURL := state.RegistryInfo.Address diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index bdc14e5989..82ee49424b 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -7,11 +7,11 @@ package cluster import ( "context" "encoding/json" + "errors" "fmt" "slices" "time" - "github.com/fatih/color" corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -210,13 +210,14 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO // LoadZarfState returns the current zarf/zarf-state secret data or an empty ZarfState. func (c *Cluster) LoadZarfState(ctx context.Context) (state *types.ZarfState, err error) { + stateErr := errors.New("failed to load the Zarf State from the cluster, has Zarf been initiated?") secret, err := c.Clientset.CoreV1().Secrets(ZarfNamespaceName).Get(ctx, ZarfStateSecretName, metav1.GetOptions{}) if err != nil { - return nil, fmt.Errorf("%w. %s", err, message.ColorWrap("Did you remember to zarf init?", color.Bold)) + return nil, fmt.Errorf("%w: %w", stateErr, err) } err = json.Unmarshal(secret.Data[ZarfStateDataKey], &state) if err != nil { - return nil, err + return nil, fmt.Errorf("%w: %w", stateErr, err) } c.debugPrintZarfState(state) return state, nil diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 735a0b69db..2f7304580b 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -25,7 +25,6 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/internal/packager/git" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" @@ -128,7 +127,10 @@ func (p *Packager) Deploy(ctx context.Context) error { // Notify all the things about the successful deployment message.Successf("Zarf deployment complete") - p.printTablesForDeployment(ctx, deployedComponents) + err = p.printTablesForDeployment(ctx, deployedComponents) + if err != nil { + return err + } return nil } @@ -453,10 +455,15 @@ func (p *Packager) setupState(ctx context.Context) (err error) { defer spinner.Stop() state, err := p.cluster.LoadZarfState(ctx) - // Return on error if we are not in YOLO mode + // We ignore the error if in YOLO mode because Zarf should not be initiated. if err != nil && !p.cfg.Pkg.Metadata.YOLO { - return fmt.Errorf("%s %w", lang.ErrLoadState, err) - } else if state == nil && p.cfg.Pkg.Metadata.YOLO { + return err + } + // Only ignore state load error in yolo mode when secret could not be found. + if err != nil && !kerrors.IsNotFound(err) && p.cfg.Pkg.Metadata.YOLO { + return err + } + if state == nil && p.cfg.Pkg.Metadata.YOLO { state = &types.ZarfState{} // YOLO mode, so minimal state needed state.Distro = "YOLO" @@ -714,21 +721,23 @@ func (p *Packager) installChartAndManifests(ctx context.Context, componentPaths return installedCharts, nil } -func (p *Packager) printTablesForDeployment(ctx context.Context, componentsToDeploy []types.DeployedComponent) { +func (p *Packager) printTablesForDeployment(ctx context.Context, componentsToDeploy []types.DeployedComponent) error { // If not init config, print the application connection table if !p.cfg.Pkg.IsInitConfig() { message.PrintConnectStringTable(p.connectStrings) - } else { - if p.cluster != nil { - // Grab a fresh copy of the state (if we are able) to print the most up-to-date version of the creds - freshState, err := p.cluster.LoadZarfState(ctx) - if err != nil { - freshState = p.state - } - // otherwise, print the init config connection and passwords - message.PrintCredentialTable(freshState, componentsToDeploy) - } + return nil + } + // Don't print if cluster is not configured + if p.cluster == nil { + return nil } + // Grab a fresh copy of the state to print the most up-to-date version of the creds + latestState, err := p.cluster.LoadZarfState(ctx) + if err != nil { + return err + } + message.PrintCredentialTable(latestState, componentsToDeploy) + return nil } // ServiceInfoFromServiceURL takes a serviceURL and parses it to find the service info for connecting to the cluster. The string is expected to follow the following format: From 0e02d9b4bf8cd8ac26070fff98b29e4d2ce0acd3 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:05:20 -0400 Subject: [PATCH 04/25] fix: zarf dev instead of zerf-dev (#2779) Signed-off-by: Austin Abro --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 485c2055d6..00dda8debb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - name: Publish Init Package as OCI and Skeleton run: | - make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/zerf-dev/packages + make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/zarf-dev/packages make publish-init-package ARCH=arm64 REPOSITORY_URL=ghcr.io/zarf-dev/packages # Create a CVE report based on this build From 1b95916005d4547cbd6b76bc2d3437a88eae3a73 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:41:02 -0400 Subject: [PATCH 05/25] fix: goreleaser (#2782) Signed-off-by: Austin Abro --- .goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 0a24d0b938..013fa21c9a 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -64,7 +64,7 @@ changelog: # NOTE: We are explicitly adding the init-packages that are built prior to GoReleaser stage in the GitHub Actions workflow release: github: - owner: defenseunicorns + owner: zarf-dev name: zarf prerelease: auto mode: append From 568a16092cd448e266c075cb2992c77541ffdbcc Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Wed, 31 Jul 2024 09:07:38 -0400 Subject: [PATCH 06/25] refactor: utilize invopop comment feature (#2781) Signed-off-by: Austin Abro --- src/cmd/internal.go | 26 ++- src/extensions/bigbang/bigbang.go | 10 +- src/pkg/packager/actions/actions.go | 2 +- src/pkg/packager/composer/list.go | 4 +- src/pkg/packager/publish.go | 4 +- src/pkg/variables/types.go | 45 ++-- src/types/component.go | 327 +++++++++++++++++----------- src/types/extensions/bigbang.go | 17 +- src/types/extensions/common.go | 6 +- src/types/k8s.go | 95 +++++--- src/types/package.go | 95 +++++--- src/types/runtime.go | 200 +++++++++-------- zarf.schema.json | 282 +++++++++++++----------- 13 files changed, 666 insertions(+), 447 deletions(-) diff --git a/src/cmd/internal.go b/src/cmd/internal.go index 907125688d..3d77c01190 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -7,6 +7,7 @@ package cmd import ( "context" "encoding/json" + "errors" "fmt" "os" "path/filepath" @@ -156,12 +157,30 @@ tableOfContents: false }, } +func addGoComments(reflector *jsonschema.Reflector) error { + addCommentErr := errors.New("this command must be called from the root of the Zarf repo") + + typePackagePath := filepath.Join("src", "types") + if err := reflector.AddGoComments("github.com/zarf-dev/zarf", typePackagePath); err != nil { + return fmt.Errorf("%w: %w", addCommentErr, err) + } + varPackagePath := filepath.Join("src", "pkg", "variables") + if err := reflector.AddGoComments("github.com/zarf-dev/zarf", varPackagePath); err != nil { + return fmt.Errorf("%w: %w", addCommentErr, err) + } + return nil +} + var genConfigSchemaCmd = &cobra.Command{ Use: "gen-config-schema", Aliases: []string{"gc"}, Short: lang.CmdInternalConfigSchemaShort, RunE: func(_ *cobra.Command, _ []string) error { reflector := jsonschema.Reflector(jsonschema.Reflector{ExpandedStruct: true}) + if err := addGoComments(&reflector); err != nil { + return err + } + schema := reflector.Reflect(&types.ZarfPackage{}) output, err := json.MarshalIndent(schema, "", " ") if err != nil { @@ -183,7 +202,12 @@ var genTypesSchemaCmd = &cobra.Command{ Aliases: []string{"gt"}, Short: lang.CmdInternalTypesSchemaShort, RunE: func(_ *cobra.Command, _ []string) error { - schema := jsonschema.Reflect(&zarfTypes{}) + reflector := jsonschema.Reflector(jsonschema.Reflector{ExpandedStruct: true}) + if err := addGoComments(&reflector); err != nil { + return err + } + + schema := reflector.Reflect(&zarfTypes{}) output, err := json.MarshalIndent(schema, "", " ") if err != nil { return fmt.Errorf("unable to generate the JSON schema for the Zarf types DeployedPackage, ZarfPackage, and ZarfState: %w", err) diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go index 7eedf66255..951ae88ccf 100644 --- a/src/extensions/bigbang/bigbang.go +++ b/src/extensions/bigbang/bigbang.go @@ -154,10 +154,10 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type MaxTotalSeconds: &maxTotalSeconds, Wait: &types.ZarfComponentActionWait{ Cluster: &types.ZarfComponentActionWaitCluster{ - Kind: "HelmRelease", - Identifier: hr.Metadata.Name, - Namespace: hr.Metadata.Namespace, - Condition: "ready", + Kind: "HelmRelease", + Name: hr.Metadata.Name, + Namespace: hr.Metadata.Namespace, + Condition: "ready", }, }, } @@ -171,7 +171,7 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type action.Wait.Cluster = &types.ZarfComponentActionWaitCluster{ Kind: "APIService", // https://github.com/kubernetes-sigs/metrics-server#compatibility-matrix - Identifier: "v1beta1.metrics.k8s.io", + Name: "v1beta1.metrics.k8s.io", } } diff --git a/src/pkg/packager/actions/actions.go b/src/pkg/packager/actions/actions.go index 250e7bf100..ee66b84c39 100644 --- a/src/pkg/packager/actions/actions.go +++ b/src/pkg/packager/actions/actions.go @@ -183,7 +183,7 @@ func convertWaitToCmd(wait types.ZarfComponentActionWait, timeout *int) (string, // Build a call to the zarf tools wait-for command. return fmt.Sprintf("./zarf tools wait-for %s %s %s %s %s", - cluster.Kind, cluster.Identifier, cluster.Condition, ns, timeoutString), nil + cluster.Kind, cluster.Name, cluster.Condition, ns, timeoutString), nil } network := wait.Network diff --git a/src/pkg/packager/composer/list.go b/src/pkg/packager/composer/list.go index 06f67ec816..0edb04d448 100644 --- a/src/pkg/packager/composer/list.go +++ b/src/pkg/packager/composer/list.go @@ -71,8 +71,8 @@ func (n *Node) Prev() *Node { // otherwise the name of the component will be used func (n *Node) ImportName() string { name := n.ZarfComponent.Name - if n.Import.ComponentName != "" { - name = n.Import.ComponentName + if n.Import.Name != "" { + name = n.Import.Name } return name } diff --git a/src/pkg/packager/publish.go b/src/pkg/packager/publish.go index bf664f2739..4cefc1d872 100644 --- a/src/pkg/packager/publish.go +++ b/src/pkg/packager/publish.go @@ -112,8 +112,8 @@ func (p *Packager) Publish(ctx context.Context) (err error) { ex = append(ex, types.ZarfComponent{ Name: fmt.Sprintf("import-%s", c.Name), Import: types.ZarfComponentImport{ - ComponentName: c.Name, - URL: helpers.OCIURLPrefix + remote.Repo().Reference.String(), + Name: c.Name, + URL: helpers.OCIURLPrefix + remote.Repo().Reference.String(), }, }) } diff --git a/src/pkg/variables/types.go b/src/pkg/variables/types.go index b106e911fa..6b3be2863b 100644 --- a/src/pkg/variables/types.go +++ b/src/pkg/variables/types.go @@ -29,35 +29,48 @@ var ( // Variable represents a variable that has a value set programmatically type Variable struct { - Name string `json:"name" jsonschema:"description=The name to be used for the variable,pattern=^[A-Z0-9_]+$"` - Sensitive bool `json:"sensitive,omitempty" jsonschema:"description=Whether to mark this variable as sensitive to not print it in the log"` - AutoIndent bool `json:"autoIndent,omitempty" jsonschema:"description=Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_VAR_."` - Pattern string `json:"pattern,omitempty" jsonschema:"description=An optional regex pattern that a variable value must match before a package deployment can continue."` - Type VariableType `json:"type,omitempty" jsonschema:"description=Changes the handling of a variable to load contents differently (i.e. from a file rather than as a raw variable - templated files should be kept below 1 MiB),enum=raw,enum=file"` + // The name to be used for the variable + Name string `json:"name" jsonschema:"pattern=^[A-Z0-9_]+$"` + // Whether to mark this variable as sensitive to not print it in the log + Sensitive bool `json:"sensitive,omitempty"` + // Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_VAR_. + AutoIndent bool `json:"autoIndent,omitempty"` + // An optional regex pattern that a variable value must match before a package deployment can continue. + Pattern string `json:"pattern,omitempty"` + // Changes the handling of a variable to load contents differently (i.e. from a file rather than as a raw variable - templated files should be kept below 1 MiB) + Type VariableType `json:"type,omitempty" jsonschema:"enum=raw,enum=file"` } // InteractiveVariable is a variable that can be used to prompt a user for more information type InteractiveVariable struct { - Variable `json:",inline"` - Description string `json:"description,omitempty" jsonschema:"description=A description of the variable to be used when prompting the user a value"` - Default string `json:"default,omitempty" jsonschema:"description=The default value to use for the variable"` - Prompt bool `json:"prompt,omitempty" jsonschema:"description=Whether to prompt the user for input for this variable"` + Variable `json:",inline"` + // A description of the variable to be used when prompting the user a value + Description string `json:"description,omitempty"` + // The default value to use for the variable + Default string `json:"default,omitempty"` + // Whether to prompt the user for input for this variable + Prompt bool `json:"prompt,omitempty"` } // Constant are constants that can be used to dynamically template K8s resources or run in actions. type Constant struct { - Name string `json:"name" jsonschema:"description=The name to be used for the constant,pattern=^[A-Z0-9_]+$"` - Value string `json:"value" jsonschema:"description=The value to set for the constant during deploy"` - // Include a description that will only be displayed during package create/deploy confirm prompts - Description string `json:"description,omitempty" jsonschema:"description=A description of the constant to explain its purpose on package create or deploy confirmation prompts"` - AutoIndent bool `json:"autoIndent,omitempty" jsonschema:"description=Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_CONST_."` - Pattern string `json:"pattern,omitempty" jsonschema:"description=An optional regex pattern that a constant value must match before a package can be created."` + // The name to be used for the constant + Name string `json:"name" jsonschema:"pattern=^[A-Z0-9_]+$"` + // The value to set for the constant during deploy + Value string `json:"value"` + // A description of the constant to explain its purpose on package create or deploy confirmation prompts + Description string `json:"description,omitempty"` + // Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_CONST_. + AutoIndent bool `json:"autoIndent,omitempty"` + // An optional regex pattern that a constant value must match before a package can be created. + Pattern string `json:"pattern,omitempty"` } // SetVariable tracks internal variables that have been set during this run of Zarf type SetVariable struct { Variable `json:",inline"` - Value string `json:"value" jsonschema:"description=The value the variable is currently set with"` + // The value the variable is currently set with + Value string `json:"value"` } // Validate runs all validation checks on a package constant. diff --git a/src/types/component.go b/src/types/component.go index 4ccf392970..b43493ad0a 100644 --- a/src/types/component.go +++ b/src/types/component.go @@ -13,61 +13,59 @@ import ( // ZarfComponent is the primary functional grouping of assets to deploy by Zarf. type ZarfComponent struct { - // Name is the unique identifier for this component - Name string `json:"name" jsonschema:"description=The name of the component,pattern=^[a-z0-9][a-z0-9\\-]*$"` + // The name of the component. + Name string `json:"name" jsonschema:"pattern=^[a-z0-9][a-z0-9\\-]*$"` - // Description is a message given to a user when deciding to enable this component or not - Description string `json:"description,omitempty" jsonschema:"description=Message to include during package deploy describing the purpose of this component"` + // Message to include during package deploy describing the purpose of this component. + Description string `json:"description,omitempty"` - // Default changes the default option when deploying this component - Default bool `json:"default,omitempty" jsonschema:"description=Determines the default Y/N state for installing this component on package deploy"` + // Determines the default Y/N state for installing this component on package deploy. + Default bool `json:"default,omitempty"` - // Required makes this component mandatory for package deployment - Required *bool `json:"required,omitempty" jsonschema:"description=Do not prompt user to install this component, always install on package deploy."` + // Do not prompt user to install this component. + Required *bool `json:"required,omitempty"` - // Only include compatible components during package deployment - Only ZarfComponentOnlyTarget `json:"only,omitempty" jsonschema:"description=Filter when this component is included in package creation or deployment"` + // Filter when this component is included in package creation or deployment. + Only ZarfComponentOnlyTarget `json:"only,omitempty"` - // DeprecatedGroup is a key to match other components to produce a user selector field, used to create a BOOLEAN XOR for a set of components - // - // Note: ignores default and required flags - DeprecatedGroup string `json:"group,omitempty" jsonschema:"description=[Deprecated] Create a user selector field based on all components in the same group. This will be removed in Zarf v1.0.0. Consider using 'only.flavor' instead.,deprecated=true"` + // [Deprecated] Create a user selector field based on all components in the same group. This will be removed in Zarf v1.0.0. Consider using 'only.flavor' instead. + DeprecatedGroup string `json:"group,omitempty" jsonschema:"deprecated=true"` - // DeprecatedCosignKeyPath to cosign public key for signed online resources - DeprecatedCosignKeyPath string `json:"cosignKeyPath,omitempty" jsonschema:"description=[Deprecated] Specify a path to a public key to validate signed online resources. This will be removed in Zarf v1.0.0.,deprecated=true"` + // [Deprecated] Specify a path to a public key to validate signed online resources. This will be removed in Zarf v1.0.0. + DeprecatedCosignKeyPath string `json:"cosignKeyPath,omitempty" jsonschema:"deprecated=true"` - // Import refers to another zarf.yaml package component. - Import ZarfComponentImport `json:"import,omitempty" jsonschema:"description=Import a component from another Zarf package"` + // Import a component from another Zarf package. + Import ZarfComponentImport `json:"import,omitempty"` - // Manifests are raw manifests that get converted into zarf-generated helm charts during deploy - Manifests []ZarfManifest `json:"manifests,omitempty" jsonschema:"description=Kubernetes manifests to be included in a generated Helm chart on package deploy"` + // Kubernetes manifests to be included in a generated Helm chart on package deploy. + Manifests []ZarfManifest `json:"manifests,omitempty"` - // Charts are helm charts to install during package deploy - Charts []ZarfChart `json:"charts,omitempty" jsonschema:"description=Helm charts to install during package deploy"` + // Helm charts to install during package deploy. + Charts []ZarfChart `json:"charts,omitempty"` - // Data packages to push into a running cluster - DataInjections []ZarfDataInjection `json:"dataInjections,omitempty" jsonschema:"description=Datasets to inject into a container in the target cluster"` + // Datasets to inject into a container in the target cluster. + DataInjections []ZarfDataInjection `json:"dataInjections,omitempty"` - // Files are files to place on disk during deploy - Files []ZarfFile `json:"files,omitempty" jsonschema:"description=Files or folders to place on disk during package deployment"` + // Files or folders to place on disk during package deployment. + Files []ZarfFile `json:"files,omitempty"` - // Images are the online images needed to be included in the zarf package - Images []string `json:"images,omitempty" jsonschema:"description=List of OCI images to include in the package"` + // List of OCI images to include in the package. + Images []string `json:"images,omitempty"` - // Repos are any git repos that need to be pushed into the git server - Repos []string `json:"repos,omitempty" jsonschema:"description=List of git repos to include in the package"` + // List of git repos to include in the package. + Repos []string `json:"repos,omitempty"` - // Extensions provide additional functionality to a component - Extensions extensions.ZarfComponentExtensions `json:"extensions,omitempty" jsonschema:"description=Extend component functionality with additional features"` + // Extend component functionality with additional features. + Extensions extensions.ZarfComponentExtensions `json:"extensions,omitempty"` - // DeprecatedScripts are custom commands that run before or after package deployment - DeprecatedScripts DeprecatedZarfComponentScripts `json:"scripts,omitempty" jsonschema:"description=[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0.,deprecated=true"` + // [Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0. + DeprecatedScripts DeprecatedZarfComponentScripts `json:"scripts,omitempty" jsonschema:"deprecated=true"` - // Replaces scripts, fine-grained control over commands to run at various stages of a package lifecycle - Actions ZarfComponentActions `json:"actions,omitempty" jsonschema:"description=Custom commands to run at various stages of a package lifecycle"` + // Custom commands to run at various stages of a package lifecycle. + Actions ZarfComponentActions `json:"actions,omitempty"` } -// RequiresCluster returns if the component requires a cluster connection to deploy +// RequiresCluster returns if the component requires a cluster connection to deploy. func (c ZarfComponent) RequiresCluster() bool { hasImages := len(c.Images) > 0 hasCharts := len(c.Charts) > 0 @@ -93,153 +91,232 @@ func (c ZarfComponent) IsRequired() bool { // ZarfComponentOnlyTarget filters a component to only show it for a given local OS and cluster. type ZarfComponentOnlyTarget struct { - LocalOS string `json:"localOS,omitempty" jsonschema:"description=Only deploy component to specified OS,enum=linux,enum=darwin,enum=windows"` - Cluster ZarfComponentOnlyCluster `json:"cluster,omitempty" jsonschema:"description=Only deploy component to specified clusters"` - Flavor string `json:"flavor,omitempty" jsonschema:"description=Only include this component when a matching '--flavor' is specified on 'zarf package create'"` + // Only deploy component to specified OS. + LocalOS string `json:"localOS,omitempty" jsonschema:"enum=linux,enum=darwin,enum=windows"` + // Only deploy component to specified clusters. + Cluster ZarfComponentOnlyCluster `json:"cluster,omitempty"` + // Only include this component when a matching '--flavor' is specified on 'zarf package create'. + Flavor string `json:"flavor,omitempty"` } // ZarfComponentOnlyCluster represents the architecture and K8s cluster distribution to filter on. type ZarfComponentOnlyCluster struct { - Architecture string `json:"architecture,omitempty" jsonschema:"description=Only create and deploy to clusters of the given architecture,enum=amd64,enum=arm64"` - Distros []string `json:"distros,omitempty" jsonschema:"description=A list of kubernetes distros this package works with (Reserved for future use),example=k3s,example=eks"` + // Only create and deploy to clusters of the given architecture. + Architecture string `json:"architecture,omitempty" jsonschema:"enum=amd64,enum=arm64"` + // A list of kubernetes distros this package works with (Reserved for future use). + Distros []string `json:"distros,omitempty" jsonschema:"example=k3s,example=eks"` } // ZarfFile defines a file to deploy. type ZarfFile struct { - Source string `json:"source" jsonschema:"description=Local folder or file path or remote URL to pull into the package"` - Shasum string `json:"shasum,omitempty" jsonschema:"description=(files only) Optional SHA256 checksum of the file"` - Target string `json:"target" jsonschema:"description=The absolute or relative path where the file or folder should be copied to during package deploy"` - Executable bool `json:"executable,omitempty" jsonschema:"description=(files only) Determines if the file should be made executable during package deploy"` - Symlinks []string `json:"symlinks,omitempty" jsonschema:"description=List of symlinks to create during package deploy"` - ExtractPath string `json:"extractPath,omitempty" jsonschema:"description=Local folder or file to be extracted from a 'source' archive"` + // Local folder or file path or remote URL to pull into the package. + Source string `json:"source"` + // (files only) Optional SHA256 checksum of the file. + Shasum string `json:"shasum,omitempty"` + // The absolute or relative path where the file or folder should be copied to during package deploy. + Target string `json:"target"` + // (files only) Determines if the file should be made executable during package deploy. + Executable bool `json:"executable,omitempty"` + // List of symlinks to create during package deploy. + Symlinks []string `json:"symlinks,omitempty"` + // Local folder or file to be extracted from a 'source' archive. + ExtractPath string `json:"extractPath,omitempty"` } // ZarfChart defines a helm chart to be deployed. type ZarfChart struct { - Name string `json:"name" jsonschema:"description=The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo"` - Version string `json:"version,omitempty" jsonschema:"description=The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos')"` - URL string `json:"url,omitempty" jsonschema:"example=OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo,example=helm chart repo: https://stefanprodan.github.io/podinfo,example=git repo: https://github.com/stefanprodan/podinfo (note the '@' syntax for 'repos' is supported here too)" jsonschema_description:"The URL of the OCI registry, chart repository, or git repo where the helm chart is stored"` - RepoName string `json:"repoName,omitempty" jsonschema:"description=The name of a chart within a Helm repository (defaults to the Zarf name of the chart)"` - GitPath string `json:"gitPath,omitempty" jsonschema:"description=(git repo only) The sub directory to the chart within a git repo,example=charts/your-chart"` - LocalPath string `json:"localPath,omitempty" jsonschema:"description=The path to a local chart's folder or .tgz archive"` - Namespace string `json:"namespace,omitempty" jsonschema:"description=The namespace to deploy the chart to"` - ReleaseName string `json:"releaseName,omitempty" jsonschema:"description=The name of the Helm release to create (defaults to the Zarf name of the chart)"` - NoWait bool `json:"noWait,omitempty" jsonschema:"description=Whether to not wait for chart resources to be ready before continuing"` - ValuesFiles []string `json:"valuesFiles,omitempty" jsonschema:"description=List of local values file paths or remote URLs to include in the package; these will be merged together when deployed"` - Variables []ZarfChartVariable `json:"variables,omitempty" jsonschema:"description=[alpha] List of variables to set in the Helm chart"` + // The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo. + Name string `json:"name"` + // The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos'). + Version string `json:"version,omitempty"` + // The URL of the OCI registry, chart repository, or git repo where the helm chart is stored. + URL string `json:"url,omitempty" jsonschema:"example=OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo,example=helm chart repo: https://stefanprodan.github.io/podinfo,example=git repo: https://github.com/stefanprodan/podinfo (note the '@' syntax for 'repos' is supported here too)"` + // The name of a chart within a Helm repository (defaults to the Zarf name of the chart). + RepoName string `json:"repoName,omitempty"` + // (git repo only) The sub directory to the chart within a git repo. + GitPath string `json:"gitPath,omitempty" jsonschema:"example=charts/your-chart"` + // The path to a local chart's folder or .tgz archive. + LocalPath string `json:"localPath,omitempty"` + // The namespace to deploy the chart to. + Namespace string `json:"namespace,omitempty"` + // The name of the Helm release to create (defaults to the Zarf name of the chart). + ReleaseName string `json:"releaseName,omitempty"` + // Whether to not wait for chart resources to be ready before continuing. + NoWait bool `json:"noWait,omitempty"` + // List of local values file paths or remote URLs to include in the package; these will be merged together when deployed. + ValuesFiles []string `json:"valuesFiles,omitempty"` + // [alpha] List of variables to set in the Helm chart. + Variables []ZarfChartVariable `json:"variables,omitempty"` } // ZarfChartVariable represents a variable that can be set for a Helm chart overrides. type ZarfChartVariable struct { - Name string `json:"name" jsonschema:"description=The name of the variable,pattern=^[A-Z0-9_]+$"` - Description string `json:"description" jsonschema:"description=A brief description of what the variable controls"` - Path string `json:"path" jsonschema:"description=The path within the Helm chart values where this variable applies"` + // The name of the variable. + Name string `json:"name" jsonschema:"pattern=^[A-Z0-9_]+$"` + // A brief description of what the variable controls. + Description string `json:"description"` + // The path within the Helm chart values where this variable applies. + Path string `json:"path"` } // ZarfManifest defines raw manifests Zarf will deploy as a helm chart. type ZarfManifest struct { - Name string `json:"name" jsonschema:"description=A name to give this collection of manifests; this will become the name of the dynamically-created helm chart"` - Namespace string `json:"namespace,omitempty" jsonschema:"description=The namespace to deploy the manifests to"` - Files []string `json:"files,omitempty" jsonschema:"description=List of local K8s YAML files or remote URLs to deploy (in order)"` - KustomizeAllowAnyDirectory bool `json:"kustomizeAllowAnyDirectory,omitempty" jsonschema:"description=Allow traversing directory above the current directory if needed for kustomization"` - Kustomizations []string `json:"kustomizations,omitempty" jsonschema:"description=List of local kustomization paths or remote URLs to include in the package"` - NoWait bool `json:"noWait,omitempty" jsonschema:"description=Whether to not wait for manifest resources to be ready before continuing"` + // A name to give this collection of manifests; this will become the name of the dynamically-created helm chart. + Name string `json:"name"` + // The namespace to deploy the manifests to. + Namespace string `json:"namespace,omitempty"` + // List of local K8s YAML files or remote URLs to deploy (in order). + Files []string `json:"files,omitempty"` + // Allow traversing directory above the current directory if needed for kustomization. + KustomizeAllowAnyDirectory bool `json:"kustomizeAllowAnyDirectory,omitempty"` + // List of local kustomization paths or remote URLs to include in the package. + Kustomizations []string `json:"kustomizations,omitempty"` + // Whether to not wait for manifest resources to be ready before continuing. + NoWait bool `json:"noWait,omitempty"` } -// DeprecatedZarfComponentScripts are scripts that run before or after a component is deployed +// DeprecatedZarfComponentScripts are scripts that run before or after a component is deployed. type DeprecatedZarfComponentScripts struct { - ShowOutput bool `json:"showOutput,omitempty" jsonschema:"description=Show the output of the script during package deployment"` - TimeoutSeconds int `json:"timeoutSeconds,omitempty" jsonschema:"description=Timeout in seconds for the script"` - Retry bool `json:"retry,omitempty" jsonschema:"description=Retry the script if it fails"` - Prepare []string `json:"prepare,omitempty" jsonschema:"description=Scripts to run before the component is added during package create"` - Before []string `json:"before,omitempty" jsonschema:"description=Scripts to run before the component is deployed"` - After []string `json:"after,omitempty" jsonschema:"description=Scripts to run after the component successfully deploys"` + // Show the output of the script during package deployment. + ShowOutput bool `json:"showOutput,omitempty"` + // Timeout in seconds for the script. + TimeoutSeconds int `json:"timeoutSeconds,omitempty"` + // Retry the script if it fails. + Retry bool `json:"retry,omitempty"` + // Scripts to run before the component is added during package create. + Prepare []string `json:"prepare,omitempty"` + // Scripts to run before the component is deployed. + Before []string `json:"before,omitempty"` + // Scripts to run after the component successfully deploys. + After []string `json:"after,omitempty"` } -// ZarfComponentActions are ActionSets that map to different zarf package operations +// ZarfComponentActions are ActionSets that map to different zarf package operations. type ZarfComponentActions struct { - OnCreate ZarfComponentActionSet `json:"onCreate,omitempty" jsonschema:"description=Actions to run during package creation"` - OnDeploy ZarfComponentActionSet `json:"onDeploy,omitempty" jsonschema:"description=Actions to run during package deployment"` - OnRemove ZarfComponentActionSet `json:"onRemove,omitempty" jsonschema:"description=Actions to run during package removal"` + // Actions to run during package creation. + OnCreate ZarfComponentActionSet `json:"onCreate,omitempty"` + // Actions to run during package deployment. + OnDeploy ZarfComponentActionSet `json:"onDeploy,omitempty"` + // Actions to run during package removal. + OnRemove ZarfComponentActionSet `json:"onRemove,omitempty"` } -// ZarfComponentActionSet is a set of actions to run during a zarf package operation +// ZarfComponentActionSet is a set of actions to run during a zarf package operation. type ZarfComponentActionSet struct { - Defaults ZarfComponentActionDefaults `json:"defaults,omitempty" jsonschema:"description=Default configuration for all actions in this set"` - Before []ZarfComponentAction `json:"before,omitempty" jsonschema:"description=Actions to run at the start of an operation"` - After []ZarfComponentAction `json:"after,omitempty" jsonschema:"description=Actions to run at the end of an operation"` - OnSuccess []ZarfComponentAction `json:"onSuccess,omitempty" jsonschema:"description=Actions to run if all operations succeed"` - OnFailure []ZarfComponentAction `json:"onFailure,omitempty" jsonschema:"description=Actions to run if all operations fail"` + // Default configuration for all actions in this set. + Defaults ZarfComponentActionDefaults `json:"defaults,omitempty"` + // Actions to run at the start of an operation. + Before []ZarfComponentAction `json:"before,omitempty"` + // Actions to run at the end of an operation. + After []ZarfComponentAction `json:"after,omitempty"` + // Actions to run if all operations succeed. + OnSuccess []ZarfComponentAction `json:"onSuccess,omitempty"` + // Actions to run if all operations fail. + OnFailure []ZarfComponentAction `json:"onFailure,omitempty"` } -// ZarfComponentActionDefaults sets the default configs for child actions +// ZarfComponentActionDefaults sets the default configs for child actions. type ZarfComponentActionDefaults struct { - Mute bool `json:"mute,omitempty" jsonschema:"description=Hide the output of commands during execution (default false)"` - MaxTotalSeconds int `json:"maxTotalSeconds,omitempty" jsonschema:"description=Default timeout in seconds for commands (default to 0, no timeout)"` - MaxRetries int `json:"maxRetries,omitempty" jsonschema:"description=Retry commands given number of times if they fail (default 0)"` - Dir string `json:"dir,omitempty" jsonschema:"description=Working directory for commands (default CWD)"` - Env []string `json:"env,omitempty" jsonschema:"description=Additional environment variables for commands"` - Shell exec.Shell `json:"shell,omitempty" jsonschema:"description=(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems"` + // Hide the output of commands during execution (default false). + Mute bool `json:"mute,omitempty"` + // Default timeout in seconds for commands (default to 0, no timeout). + MaxTotalSeconds int `json:"maxTotalSeconds,omitempty"` + // Retry commands given number of times if they fail (default 0). + MaxRetries int `json:"maxRetries,omitempty"` + // Working directory for commands (default CWD). + Dir string `json:"dir,omitempty"` + // Additional environment variables for commands. + Env []string `json:"env,omitempty"` + // (cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems. + Shell exec.Shell `json:"shell,omitempty"` } -// ZarfComponentAction represents a single action to run during a zarf package operation +// ZarfComponentAction represents a single action to run during a zarf package operation. type ZarfComponentAction struct { - Mute *bool `json:"mute,omitempty" jsonschema:"description=Hide the output of the command during package deployment (default false)"` - MaxTotalSeconds *int `json:"maxTotalSeconds,omitempty" jsonschema:"description=Timeout in seconds for the command (default to 0, no timeout for cmd actions and 300, 5 minutes for wait actions)"` - MaxRetries *int `json:"maxRetries,omitempty" jsonschema:"description=Retry the command if it fails up to given number of times (default 0)"` - Dir *string `json:"dir,omitempty" jsonschema:"description=The working directory to run the command in (default is CWD)"` - Env []string `json:"env,omitempty" jsonschema:"description=Additional environment variables to set for the command"` - Cmd string `json:"cmd,omitempty" jsonschema:"description=The command to run. Must specify either cmd or wait for the action to do anything."` - Shell *exec.Shell `json:"shell,omitempty" jsonschema:"description=(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems"` - DeprecatedSetVariable string `json:"setVariable,omitempty" jsonschema:"description=[Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0,pattern=^[A-Z0-9_]+$"` - SetVariables []variables.Variable `json:"setVariables,omitempty" jsonschema:"description=(onDeploy/cmd only) An array of variables to update with the output of the command. These variables will be available to all remaining actions and components in the package."` - Description string `json:"description,omitempty" jsonschema:"description=Description of the action to be displayed during package execution instead of the command"` - Wait *ZarfComponentActionWait `json:"wait,omitempty" jsonschema:"description=Wait for a condition to be met before continuing. Must specify either cmd or wait for the action. See the 'zarf tools wait-for' command for more info."` + // Hide the output of the command during package deployment (default false). + Mute *bool `json:"mute,omitempty"` + // Timeout in seconds for the command (default to 0, no timeout for cmd actions and 300, 5 minutes for wait actions). + MaxTotalSeconds *int `json:"maxTotalSeconds,omitempty"` + // Retry the command if it fails up to given number of times (default 0). + MaxRetries *int `json:"maxRetries,omitempty"` + // The working directory to run the command in (default is CWD). + Dir *string `json:"dir,omitempty"` + // Additional environment variables to set for the command. + Env []string `json:"env,omitempty"` + // The command to run. Must specify either cmd or wait for the action to do anything. + Cmd string `json:"cmd,omitempty"` + // (cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems. + Shell *exec.Shell `json:"shell,omitempty"` + // [Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0. + DeprecatedSetVariable string `json:"setVariable,omitempty" jsonschema:"pattern=^[A-Z0-9_]+$"` + // (onDeploy/cmd only) An array of variables to update with the output of the command. These variables will be available to all remaining actions and components in the package. + SetVariables []variables.Variable `json:"setVariables,omitempty"` + // Description of the action to be displayed during package execution instead of the command. + Description string `json:"description,omitempty"` + // Wait for a condition to be met before continuing. Must specify either cmd or wait for the action. See the 'zarf tools wait-for' command for more info. + Wait *ZarfComponentActionWait `json:"wait,omitempty"` } // ZarfComponentActionWait specifies a condition to wait for before continuing type ZarfComponentActionWait struct { - Cluster *ZarfComponentActionWaitCluster `json:"cluster,omitempty" jsonschema:"description=Wait for a condition to be met in the cluster before continuing. Only one of cluster or network can be specified."` - Network *ZarfComponentActionWaitNetwork `json:"network,omitempty" jsonschema:"description=Wait for a condition to be met on the network before continuing. Only one of cluster or network can be specified."` + // Wait for a condition to be met in the cluster before continuing. Only one of cluster or network can be specified. + Cluster *ZarfComponentActionWaitCluster `json:"cluster,omitempty"` + // Wait for a condition to be met on the network before continuing. Only one of cluster or network can be specified. + Network *ZarfComponentActionWaitNetwork `json:"network,omitempty"` } // ZarfComponentActionWaitCluster specifies a condition to wait for before continuing type ZarfComponentActionWaitCluster struct { - Kind string `json:"kind" jsonschema:"description=The kind of resource to wait for,example=Pod,example=Deployment)"` - Identifier string `json:"name" jsonschema:"description=The name of the resource or selector to wait for,example=podinfo,example=app=podinfo"` - Namespace string `json:"namespace,omitempty" jsonschema:"description=The namespace of the resource to wait for"` - Condition string `json:"condition,omitempty" jsonschema:"description=The condition or jsonpath state to wait for; defaults to exist, a special condition that will wait for the resource to exist,example=Ready,example=Available,'{.status.availableReplicas}'=23"` + // The kind of resource to wait for. + Kind string `json:"kind" jsonschema:"example=Pod,example=Deployment"` + // The name of the resource or selector to wait for. + Name string `json:"name" jsonschema:"example=podinfo,example=app=podinfo"` + // The namespace of the resource to wait for. + Namespace string `json:"namespace,omitempty"` + // The condition or jsonpath state to wait for; defaults to exist, a special condition that will wait for the resource to exist. + Condition string `json:"condition,omitempty" jsonschema:"example=Ready,example=Available,'{.status.availableReplicas}'=23"` } // ZarfComponentActionWaitNetwork specifies a condition to wait for before continuing type ZarfComponentActionWaitNetwork struct { - Protocol string `json:"protocol" jsonschema:"description=The protocol to wait for,enum=tcp,enum=http,enum=https"` - Address string `json:"address" jsonschema:"description=The address to wait for,example=localhost:8080,example=1.1.1.1"` - Code int `json:"code,omitempty" jsonschema:"description=The HTTP status code to wait for if using http or https,example=200,example=404"` + // The protocol to wait for. + Protocol string `json:"protocol" jsonschema:"enum=tcp,enum=http,enum=https"` + // The address to wait for. + Address string `json:"address" jsonschema:"example=localhost:8080,example=1.1.1.1"` + // The HTTP status code to wait for if using http or https. + Code int `json:"code,omitempty" jsonschema:"example=200,example=404"` } // ZarfContainerTarget defines the destination info for a ZarfData target type ZarfContainerTarget struct { - Namespace string `json:"namespace" jsonschema:"description=The namespace to target for data injection"` - Selector string `json:"selector" jsonschema:"description=The K8s selector to target for data injection,example=app=data-injection"` - Container string `json:"container" jsonschema:"description=The container name to target for data injection"` - Path string `json:"path" jsonschema:"description=The path within the container to copy the data into"` + // The namespace to target for data injection. + Namespace string `json:"namespace"` + // The K8s selector to target for data injection. + Selector string `json:"selector" jsonschema:"example=app=data-injection"` + // The container name to target for data injection. + Container string `json:"container"` + // The path within the container to copy the data into. + Path string `json:"path"` } // ZarfDataInjection is a data-injection definition. type ZarfDataInjection struct { - Source string `json:"source" jsonschema:"description=Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container"` - Target ZarfContainerTarget `json:"target" jsonschema:"description=The target pod + container to inject the data into"` - Compress bool `json:"compress,omitempty" jsonschema:"description=Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image."` + // Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container. + Source string `json:"source"` + // The target pod + container to inject the data into. + Target ZarfContainerTarget `json:"target"` + // Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image. + Compress bool `json:"compress,omitempty"` } // ZarfComponentImport structure for including imported Zarf components. type ZarfComponentImport struct { - ComponentName string `json:"name,omitempty" jsonschema:"description=The name of the component to import from the referenced zarf.yaml"` - // For further explanation see https://regex101.com/r/nxX8vx/1 - Path string `json:"path,omitempty" jsonschema:"description=The relative path to a directory containing a zarf.yaml to import from"` - // For further explanation see https://regex101.com/r/nxX8vx/1 - URL string `json:"url,omitempty" jsonschema:"description=[beta] The URL to a Zarf package to import via OCI,pattern=^oci://.*$"` + // The name of the component to import from the referenced zarf.yaml. + Name string `json:"name,omitempty"` + // The path to the directory containing the zarf.yaml to import. + Path string `json:"path,omitempty"` + // [beta] The URL to a Zarf package to import via OCI. + URL string `json:"url,omitempty" jsonschema:"pattern=^oci://.*$"` } // JSONSchemaExtend extends the generated json schema during `zarf internal gen-config-schema` diff --git a/src/types/extensions/bigbang.go b/src/types/extensions/bigbang.go index 8078e0be04..af357d5990 100644 --- a/src/types/extensions/bigbang.go +++ b/src/types/extensions/bigbang.go @@ -4,11 +4,16 @@ // Package extensions contains the types for all official extensions. package extensions -// BigBang defines a file to deploy. +// BigBang holds the configuration for the Big Bang extension. type BigBang struct { - Version string `json:"version" jsonschema:"description=The version of Big Bang to use"` - Repo string `json:"repo,omitempty" jsonschema:"description=Override repo to pull Big Bang from instead of Repo One"` - ValuesFiles []string `json:"valuesFiles,omitempty" jsonschema:"description=The list of values files to pass to Big Bang; these will be merged together"` - SkipFlux bool `json:"skipFlux,omitempty" jsonschema:"description=Whether to skip deploying flux; Defaults to false"` - FluxPatchFiles []string `json:"fluxPatchFiles,omitempty" jsonschema:"description=Optional paths to Flux kustomize strategic merge patch files"` + // The version of Big Bang to use. + Version string `json:"version"` + // Override repo to pull Big Bang from instead of Repo One. + Repo string `json:"repo,omitempty"` + // The list of values files to pass to Big Bang; these will be merged together. + ValuesFiles []string `json:"valuesFiles,omitempty"` + // Whether to skip deploying flux; Defaults to false. + SkipFlux bool `json:"skipFlux,omitempty"` + // Optional paths to Flux kustomize strategic merge patch files. + FluxPatchFiles []string `json:"fluxPatchFiles,omitempty"` } diff --git a/src/types/extensions/common.go b/src/types/extensions/common.go index e84091e339..1df82730ab 100644 --- a/src/types/extensions/common.go +++ b/src/types/extensions/common.go @@ -4,8 +4,8 @@ // Package extensions contains the types for all official extensions. package extensions -// ZarfComponentExtensions is a struct that contains all the official extensions +// ZarfComponentExtensions is a struct that contains all the official extensions. type ZarfComponentExtensions struct { - // Big Bang Configurations - BigBang *BigBang `json:"bigbang,omitempty" jsonschema:"description=Configurations for installing Big Bang and Flux in the cluster"` + // Configurations for installing Big Bang and Flux in the cluster. + BigBang *BigBang `json:"bigbang,omitempty"` } diff --git a/src/types/k8s.go b/src/types/k8s.go index a8f61856ce..6804de17ee 100644 --- a/src/types/k8s.go +++ b/src/types/k8s.go @@ -58,15 +58,23 @@ type GeneratedPKI struct { // ZarfState is maintained as a secret in the Zarf namespace to track Zarf init data. type ZarfState struct { - ZarfAppliance bool `json:"zarfAppliance" jsonschema:"description=Indicates if Zarf was initialized while deploying its own k8s cluster"` - Distro string `json:"distro" jsonschema:"description=K8s distribution of the cluster Zarf was deployed to"` - Architecture string `json:"architecture" jsonschema:"description=Machine architecture of the k8s node(s)"` - StorageClass string `json:"storageClass" jsonschema:"Default StorageClass value Zarf uses for variable templating"` - AgentTLS GeneratedPKI `json:"agentTLS" jsonschema:"PKI certificate information for the agent pods Zarf manages"` - - GitServer GitServerInfo `json:"gitServer" jsonschema:"description=Information about the repository Zarf is configured to use"` - RegistryInfo RegistryInfo `json:"registryInfo" jsonschema:"description=Information about the container registry Zarf is configured to use"` - ArtifactServer ArtifactServerInfo `json:"artifactServer" jsonschema:"description=Information about the artifact registry Zarf is configured to use"` + // Indicates if Zarf was initialized while deploying its own k8s cluster + ZarfAppliance bool `json:"zarfAppliance"` + // K8s distribution of the cluster Zarf was deployed to + Distro string `json:"distro"` + // Machine architecture of the k8s node(s) + Architecture string `json:"architecture"` + // Default StorageClass value Zarf uses for variable templating + StorageClass string `json:"storageClass"` + // PKI certificate information for the agent pods Zarf manages + AgentTLS GeneratedPKI `json:"agentTLS"` + + // Information about the repository Zarf is configured to use + GitServer GitServerInfo `json:"gitServer"` + // Information about the container registry Zarf is configured to use + RegistryInfo RegistryInfo `json:"registryInfo"` + // Information about the artifact registry Zarf is configured to use + ArtifactServer ArtifactServerInfo `json:"artifactServer"` } // DeployedPackage contains information about a Zarf Package that has been deployed to a cluster @@ -81,6 +89,17 @@ type DeployedPackage struct { ConnectStrings ConnectStrings `json:"connectStrings,omitempty"` } +// ConnectString contains information about a connection made with Zarf connect. +type ConnectString struct { + // Descriptive text that explains what the resource you would be connecting to is used for + Description string `json:"description"` + // URL path that gets appended to the k8s port-forward result + URL string `json:"url"` +} + +// ConnectStrings is a map of connect names to connection information. +type ConnectStrings map[string]ConnectString + // DeployedComponent contains information about a Zarf Package Component that has been deployed to a cluster. type DeployedComponent struct { Name string `json:"name"` @@ -105,13 +124,18 @@ type InstalledChart struct { // GitServerInfo contains information Zarf uses to communicate with a git repository to push/pull repositories to. type GitServerInfo struct { - PushUsername string `json:"pushUsername" jsonschema:"description=Username of a user with push access to the git repository"` - PushPassword string `json:"pushPassword" jsonschema:"description=Password of a user with push access to the git repository"` - PullUsername string `json:"pullUsername" jsonschema:"description=Username of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used"` - PullPassword string `json:"pullPassword" jsonschema:"description=Password of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used"` - - Address string `json:"address" jsonschema:"description=URL address of the git server"` - InternalServer bool `json:"internalServer" jsonschema:"description=Indicates if we are using a git server that Zarf is directly managing"` + // Username of a user with push access to the git repository + PushUsername string `json:"pushUsername"` + // Password of a user with push access to the git repository + PushPassword string `json:"pushPassword"` + // Username of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used + PullUsername string `json:"pullUsername"` + // Password of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used + PullPassword string `json:"pullPassword"` + // URL address of the git server + Address string `json:"address"` + // Indicates if we are using a git server that Zarf is directly managing + InternalServer bool `json:"internalServer"` } // FillInEmptyValues sets every necessary value that's currently empty to a reasonable default @@ -153,11 +177,14 @@ func (gs *GitServerInfo) FillInEmptyValues() error { // ArtifactServerInfo contains information Zarf uses to communicate with a artifact registry to push/pull repositories to. type ArtifactServerInfo struct { - PushUsername string `json:"pushUsername" jsonschema:"description=Username of a user with push access to the artifact registry"` - PushToken string `json:"pushPassword" jsonschema:"description=Password of a user with push access to the artifact registry"` - - Address string `json:"address" jsonschema:"description=URL address of the artifact registry"` - InternalServer bool `json:"internalServer" jsonschema:"description=Indicates if we are using a artifact registry that Zarf is directly managing"` + // Username of a user with push access to the artifact registry + PushUsername string `json:"pushUsername"` + // Password of a user with push access to the artifact registry + PushToken string `json:"pushPassword"` + // URL address of the artifact registry + Address string `json:"address"` + // Indicates if we are using a artifact registry that Zarf is directly managing + InternalServer bool `json:"internalServer"` } // FillInEmptyValues sets every necessary value that's currently empty to a reasonable default @@ -176,16 +203,22 @@ func (as *ArtifactServerInfo) FillInEmptyValues() { // RegistryInfo contains information Zarf uses to communicate with a container registry to push/pull images. type RegistryInfo struct { - PushUsername string `json:"pushUsername" jsonschema:"description=Username of a user with push access to the registry"` - PushPassword string `json:"pushPassword" jsonschema:"description=Password of a user with push access to the registry"` - PullUsername string `json:"pullUsername" jsonschema:"description=Username of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used"` - PullPassword string `json:"pullPassword" jsonschema:"description=Password of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used"` - - Address string `json:"address" jsonschema:"description=URL address of the registry"` - NodePort int `json:"nodePort" jsonschema:"description=Nodeport of the registry. Only needed if the registry is running inside the kubernetes cluster"` - InternalRegistry bool `json:"internalRegistry" jsonschema:"description=Indicates if we are using a registry that Zarf is directly managing"` - - Secret string `json:"secret" jsonschema:"description=Secret value that the registry was seeded with"` + // Username of a user with push access to the registry + PushUsername string `json:"pushUsername"` + // Password of a user with push access to the registry + PushPassword string `json:"pushPassword"` + // Username of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used + PullUsername string `json:"pullUsername"` + // Password of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used + PullPassword string `json:"pullPassword"` + // URL address of the registry + Address string `json:"address"` + // Nodeport of the registry. Only needed if the registry is running inside the kubernetes cluster + NodePort int `json:"nodePort"` + // Indicates if we are using a registry that Zarf is directly managing + InternalRegistry bool `json:"internalRegistry"` + // Secret value that the registry was seeded with + Secret string `json:"secret"` } // FillInEmptyValues sets every necessary value not already set to a reasonable default diff --git a/src/types/package.go b/src/types/package.go index cb097d6e42..bb4b0edc0a 100644 --- a/src/types/package.go +++ b/src/types/package.go @@ -18,12 +18,18 @@ const ( // ZarfPackage the top-level structure of a Zarf config file. type ZarfPackage struct { - Kind ZarfPackageKind `json:"kind" jsonschema:"description=The kind of Zarf package,enum=ZarfInitConfig,enum=ZarfPackageConfig,default=ZarfPackageConfig"` - Metadata ZarfMetadata `json:"metadata,omitempty" jsonschema:"description=Package metadata"` - Build ZarfBuildData `json:"build,omitempty" jsonschema:"description=Zarf-generated package build data"` - Components []ZarfComponent `json:"components" jsonschema:"description=List of components to deploy in this package,minItems=1"` - Constants []variables.Constant `json:"constants,omitempty" jsonschema:"description=Constant template values applied on deploy for K8s resources"` - Variables []variables.InteractiveVariable `json:"variables,omitempty" jsonschema:"description=Variable template values applied on deploy for K8s resources"` + // The kind of Zarf package. + Kind ZarfPackageKind `json:"kind" jsonschema:"enum=ZarfInitConfig,enum=ZarfPackageConfig,default=ZarfPackageConfig"` + // Package metadata. + Metadata ZarfMetadata `json:"metadata,omitempty"` + // Zarf-generated package build data. + Build ZarfBuildData `json:"build,omitempty"` + // List of components to deploy in this package. + Components []ZarfComponent `json:"components" jsonschema:"minItems=1"` + // Constant template values applied on deploy for K8s resources. + Constants []variables.Constant `json:"constants,omitempty"` + // Variable template values applied on deploy for K8s resources. + Variables []variables.InteractiveVariable `json:"variables,omitempty"` } // IsInitConfig returns whether a Zarf package is an init config. @@ -43,35 +49,58 @@ func (pkg ZarfPackage) IsSBOMAble() bool { // ZarfMetadata lists information about the current ZarfPackage. type ZarfMetadata struct { - // The Name regex permits lowercase letters, numbers, and hyphens not at the start - // https://regex101.com/r/FLdG9G/2 - Name string `json:"name" jsonschema:"description=Name to identify this Zarf package,pattern=^[a-z0-9][a-z0-9\\-]*$"` - Description string `json:"description,omitempty" jsonschema:"description=Additional information about this package"` - Version string `json:"version,omitempty" jsonschema:"description=Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with)"` - URL string `json:"url,omitempty" jsonschema:"description=Link to package information when online"` - Image string `json:"image,omitempty" jsonschema:"description=An image URL to embed in this package (Reserved for future use in Zarf UI)"` - Uncompressed bool `json:"uncompressed,omitempty" jsonschema:"description=Disable compression of this package"` - Architecture string `json:"architecture,omitempty" jsonschema:"description=The target cluster architecture for this package,example=arm64,example=amd64"` - YOLO bool `json:"yolo,omitempty" jsonschema:"description=Yaml OnLy Online (YOLO): True enables deploying a Zarf package without first running zarf init against the cluster. This is ideal for connected environments where you want to use existing VCS and container registries."` - Authors string `json:"authors,omitempty" jsonschema:"description=Comma-separated list of package authors (including contact info),example=Doug <hello@defenseunicorns.com>, Pepr <hello@defenseunicorns.com>"` - Documentation string `json:"documentation,omitempty" jsonschema:"description=Link to package documentation when online"` - Source string `json:"source,omitempty" jsonschema:"description=Link to package source code when online"` - Vendor string `json:"vendor,omitempty" jsonschema_description:"Name of the distributing entity, organization or individual."` - AggregateChecksum string `json:"aggregateChecksum,omitempty" jsonschema:"description=Checksum of a checksums.txt file that contains checksums all the layers within the package."` + // Name to identify this Zarf package. + Name string `json:"name" jsonschema:"pattern=^[a-z0-9][a-z0-9\\-]*$"` + // Additional information about this package. + Description string `json:"description,omitempty"` + // Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with). + Version string `json:"version,omitempty"` + // Link to package information when online. + URL string `json:"url,omitempty"` + // An image URL to embed in this package (Reserved for future use in Zarf UI). + Image string `json:"image,omitempty"` + // Disable compression of this package. + Uncompressed bool `json:"uncompressed,omitempty"` + // The target cluster architecture for this package. + Architecture string `json:"architecture,omitempty" jsonschema:"example=arm64,example=amd64"` + // Yaml OnLy Online (YOLO): True enables deploying a Zarf package without first running zarf init against the cluster. This is ideal for connected environments where you want to use existing VCS and container registries. + YOLO bool `json:"yolo,omitempty"` + // Comma-separated list of package authors (including contact info). + Authors string `json:"authors,omitempty" jsonschema:"example=Doug <hello@defenseunicorns.com>, Pepr <hello@defenseunicorns.com>"` + // Link to package documentation when online. + Documentation string `json:"documentation,omitempty"` + // Link to package source code when online. + Source string `json:"source,omitempty"` + // Name of the distributing entity, organization or individual. + Vendor string `json:"vendor,omitempty"` + // Checksum of a checksums.txt file that contains checksums all the layers within the package. + AggregateChecksum string `json:"aggregateChecksum,omitempty"` } // ZarfBuildData is written during the packager.Create() operation to track details of the created package. type ZarfBuildData struct { - Terminal string `json:"terminal" jsonschema:"description=The machine name that created this package"` - User string `json:"user" jsonschema:"description=The username who created this package"` - Architecture string `json:"architecture" jsonschema:"description=The architecture this package was created on"` - Timestamp string `json:"timestamp" jsonschema:"description=The timestamp when this package was created"` - Version string `json:"version" jsonschema:"description=The version of Zarf used to build this package"` - Migrations []string `json:"migrations,omitempty" jsonschema:"description=Any migrations that have been run on this package"` - RegistryOverrides map[string]string `json:"registryOverrides,omitempty" jsonschema:"description=Any registry domains that were overridden on package create when pulling images"` - Differential bool `json:"differential,omitempty" jsonschema:"description=Whether this package was created with differential components"` - DifferentialPackageVersion string `json:"differentialPackageVersion,omitempty" jsonschema:"description=Version of a previously built package used as the basis for creating this differential package"` - DifferentialMissing []string `json:"differentialMissing,omitempty" jsonschema:"description=List of components that were not included in this package due to differential packaging"` - LastNonBreakingVersion string `json:"lastNonBreakingVersion,omitempty" jsonschema:"description=The minimum version of Zarf that does not have breaking package structure changes"` - Flavor string `json:"flavor,omitempty" jsonschema:"description=The flavor of Zarf used to build this package"` + // The machine name that created this package. + Terminal string `json:"terminal"` + // The username who created this package. + User string `json:"user"` + // The architecture this package was created on. + Architecture string `json:"architecture"` + // The timestamp when this package was created. + Timestamp string `json:"timestamp"` + // The version of Zarf used to build this package. + Version string `json:"version"` + // Any migrations that have been run on this package. + Migrations []string `json:"migrations,omitempty"` + // Any registry domains that were overridden on package create when pulling images. + RegistryOverrides map[string]string `json:"registryOverrides,omitempty"` + // Whether this package was created with differential components. + Differential bool `json:"differential,omitempty"` + // Version of a previously built package used as the basis for creating this differential package. + DifferentialPackageVersion string `json:"differentialPackageVersion,omitempty"` + // List of components that were not included in this package due to differential packaging. + DifferentialMissing []string `json:"differentialMissing,omitempty"` + // The minimum version of Zarf that does not have breaking package structure changes. + LastNonBreakingVersion string `json:"lastNonBreakingVersion,omitempty"` + // The flavor of Zarf used to build this package. + Flavor string `json:"flavor,omitempty"` } diff --git a/src/types/runtime.go b/src/types/runtime.go index b4a7d44ad2..0298d80346 100644 --- a/src/types/runtime.go +++ b/src/types/runtime.go @@ -18,22 +18,34 @@ const ( // ZarfCommonOptions tracks the user-defined preferences used across commands. type ZarfCommonOptions struct { - Confirm bool `json:"confirm" jsonschema:"description=Verify that Zarf should perform an action"` - Insecure bool `json:"insecure" jsonschema:"description=Allow insecure connections for remote packages"` - CachePath string `json:"cachePath" jsonschema:"description=Path to use to cache images and git repos on package create"` - TempDirectory string `json:"tempDirectory" jsonschema:"description=Location Zarf should use as a staging ground when managing files and images for package creation and deployment"` - OCIConcurrency int `jsonschema:"description=Number of concurrent layer operations to perform when interacting with a remote package"` + // Verify that Zarf should perform an action + Confirm bool + // Allow insecure connections for remote packages + Insecure bool + // Path to use to cache images and git repos on package create + CachePath string + // Location Zarf should use as a staging ground when managing files and images for package creation and deployment + TempDirectory string + // Number of concurrent layer operations to perform when interacting with a remote package + OCIConcurrency int } // ZarfPackageOptions tracks the user-defined preferences during common package operations. type ZarfPackageOptions struct { - Shasum string `json:"shasum" jsonschema:"description=The SHA256 checksum of the package"` - PackageSource string `json:"packageSource" jsonschema:"description=Location where a Zarf package can be found"` - OptionalComponents string `json:"optionalComponents" jsonschema:"description=Comma separated list of optional components"` - SGetKeyPath string `json:"sGetKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` - SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template manifests and files in the Zarf package"` - PublicKeyPath string `json:"publicKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` - Retries int `json:"retries" jsonschema:"description=The number of retries to perform for Zarf deploy operations like image pushes or Helm installs"` + // The SHA256 checksum of the package + Shasum string + // Location where a Zarf package can be found + PackageSource string + // Comma separated list of optional components + OptionalComponents string + // Location where the public key component of a cosign key-pair can be found + SGetKeyPath string + // Key-Value map of variable names and their corresponding values that will be used to template manifests and files in the Zarf package + SetVariables map[string]string + // Location where the public key component of a cosign key-pair can be found + PublicKeyPath string + // The number of retries to perform for Zarf deploy operations like image pushes or Helm installs + Retries int } // ZarfInspectOptions tracks the user-defined preferences during a package inspection. @@ -48,125 +60,125 @@ type ZarfInspectOptions struct { // ZarfFindImagesOptions tracks the user-defined preferences during a prepare find-images search. type ZarfFindImagesOptions struct { - RepoHelmChartPath string `json:"repoHelmChartPath" jsonschema:"description=Path to the helm chart directory"` - KubeVersionOverride string `json:"kubeVersionOverride" jsonschema:"description=Kubernetes version to use for the helm chart"` - RegistryURL string `json:"registryURL" jsonschema:"description=Manual override for ###ZARF_REGISTRY###"` - Why string `json:"why" jsonschema:"description=Find the location of the image given as an argument and print it to the console"` - SkipCosign bool `json:"skip-cosign" jsonschema:"description=Optionally skip lookup of cosign artifacts when finding images"` + // Path to the helm chart directory + RepoHelmChartPath string + // Kubernetes version to use for the helm chart + KubeVersionOverride string + // Manual override for ###ZARF_REGISTRY### + RegistryURL string + // Find the location of the image given as an argument and print it to the console + Why string + // Optionally skip lookup of cosign artifacts when finding images + SkipCosign bool } // ZarfDeployOptions tracks the user-defined preferences during a package deploy. type ZarfDeployOptions struct { - AdoptExistingResources bool `json:"adoptExistingResources" jsonschema:"description=Whether to adopt any pre-existing K8s resources into the Helm charts managed by Zarf"` - SkipWebhooks bool `json:"componentWebhooks" jsonschema:"description=Skip waiting for external webhooks to execute as each package component is deployed"` - Timeout time.Duration `json:"timeout" jsonschema:"description=Timeout for performing Helm operations"` - - // TODO (@WSTARR): This is a library only addition to Zarf and should be refactored in the future (potentially to utilize component composability). As is it should NOT be exposed directly on the CLI - ValuesOverridesMap map[string]map[string]map[string]interface{} `json:"valuesOverridesMap" jsonschema:"description=[Library Only] A map of component names to chart names containing Helm Chart values to override values on deploy"` + // Whether to adopt any pre-existing K8s resources into the Helm charts managed by Zarf + AdoptExistingResources bool + // Skip waiting for external webhooks to execute as each package component is deployed + SkipWebhooks bool + // Timeout for performing Helm operations + Timeout time.Duration + // [Library Only] A map of component names to chart names containing Helm Chart values to override values on deploy + ValuesOverridesMap map[string]map[string]map[string]interface{} } // ZarfMirrorOptions tracks the user-defined preferences during a package mirror. type ZarfMirrorOptions struct { - NoImgChecksum bool `json:"noImgChecksum" jsonschema:"description=Whether to skip adding a Zarf checksum to image references."` + // Whether to skip adding a Zarf checksum to image references + NoImgChecksum bool } // ZarfPublishOptions tracks the user-defined preferences during a package publish. type ZarfPublishOptions struct { - PackageDestination string `json:"packageDestination" jsonschema:"description=Location where the Zarf package will be published to"` - SigningKeyPassword string `json:"signingKeyPassword" jsonschema:"description=Password to the private key signature file that will be used to sign the published package"` - SigningKeyPath string `json:"signingKeyPath" jsonschema:"description=Location where the private key component of a cosign key-pair can be found"` + // Location where the Zarf package will be published to + PackageDestination string + // Password to the private key signature file that will be used to sign the published package + SigningKeyPassword string + // Location where the private key component of a cosign key-pair can be found + SigningKeyPath string } // ZarfPullOptions tracks the user-defined preferences during a package pull. type ZarfPullOptions struct { - OutputDirectory string `json:"outputDirectory" jsonschema:"description=Location where the pulled Zarf package will be placed"` + // Location where the pulled Zarf package will be placed + OutputDirectory string } // ZarfGenerateOptions tracks the user-defined options during package generation. type ZarfGenerateOptions struct { - Name string `json:"name" jsonschema:"description=Name of the package being generated"` - URL string `json:"url" jsonschema:"description=URL to the source git repository"` - Version string `json:"version" jsonschema:"description=Version of the chart to use"` - GitPath string `json:"gitPath" jsonschema:"description=Relative path to the chart in the git repository"` - Output string `json:"output" jsonschema:"description=Location where the finalized zarf.yaml will be placed"` + // Name of the package being generated + Name string + // URL to the source git repository + URL string + // Version of the chart to use + Version string + // Relative path to the chart in the git repository + GitPath string + // Location where the finalized zarf.yaml will be placed + Output string } // ZarfInitOptions tracks the user-defined options during cluster initialization. type ZarfInitOptions struct { - // Zarf init is installing the k3s component - ApplianceMode bool `json:"applianceMode" jsonschema:"description=Indicates if Zarf was initialized while deploying its own k8s cluster"` - - // Using alternative services - GitServer GitServerInfo `json:"gitServer" jsonschema:"description=Information about the repository Zarf is going to be using"` - RegistryInfo RegistryInfo `json:"registryInfo" jsonschema:"description=Information about the container registry Zarf is going to be using"` - ArtifactServer ArtifactServerInfo `json:"artifactServer" jsonschema:"description=Information about the artifact registry Zarf is going to be using"` - - StorageClass string `json:"storageClass" jsonschema:"description=StorageClass of the k8s cluster Zarf is initializing"` + // Indicates if Zarf was initialized while deploying its own k8s cluster + ApplianceMode bool + // Information about the repository Zarf is going to be using + GitServer GitServerInfo + // Information about the container registry Zarf is going to be using + RegistryInfo RegistryInfo + // Information about the artifact registry Zarf is going to be using + ArtifactServer ArtifactServerInfo + // StorageClass of the k8s cluster Zarf is initializing + StorageClass string } // ZarfCreateOptions tracks the user-defined options used to create the package. type ZarfCreateOptions struct { - SkipSBOM bool `json:"skipSBOM" jsonschema:"description=Disable the generation of SBOM materials during package creation"` - BaseDir string `json:"baseDir" jsonschema:"description=Location where the Zarf package will be created from"` - Output string `json:"output" jsonschema:"description=Location where the finalized Zarf package will be placed"` - ViewSBOM bool `json:"sbom" jsonschema:"description=Whether to pause to allow for viewing the SBOM post-creation"` - SBOMOutputDir string `json:"sbomOutput" jsonschema:"description=Location to output an SBOM into after package creation"` - SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template against the Zarf package being used"` - MaxPackageSizeMB int `json:"maxPackageSizeMB" jsonschema:"description=Size of chunks to use when splitting a zarf package into multiple files in megabytes"` - SigningKeyPath string `json:"signingKeyPath" jsonschema:"description=Location where the private key component of a cosign key-pair can be found"` - SigningKeyPassword string `json:"signingKeyPassword" jsonschema:"description=Password to the private key signature file that will be used to sigh the created package"` - DifferentialPackagePath string `json:"differentialPackagePath" jsonschema:"description=Path to a previously built package used as the basis for creating a differential package"` - RegistryOverrides map[string]string `json:"registryOverrides" jsonschema:"description=A map of domains to override on package create when pulling images"` - Flavor string `json:"flavor" jsonschema:"description=An optional variant that controls which components will be included in a package"` - IsSkeleton bool `json:"isSkeleton" jsonschema:"description=Whether to create a skeleton package"` - NoYOLO bool `json:"noYOLO" jsonschema:"description=Whether to create a YOLO package"` + // Disable the generation of SBOM materials during package creation + SkipSBOM bool + // Location where the Zarf package will be created from + BaseDir string + // Location where the finalized Zarf package will be placed + Output string + // Whether to pause to allow for viewing the SBOM post-creation + ViewSBOM bool + // Location to output an SBOM into after package creation + SBOMOutputDir string + // Key-Value map of variable names and their corresponding values that will be used to template against the Zarf package being used + SetVariables map[string]string + // Size of chunks to use when splitting a zarf package into multiple files in megabytes + MaxPackageSizeMB int + // Location where the private key component of a cosign key-pair can be found + SigningKeyPath string + // Password to the private key signature file that will be used to sigh the created package + SigningKeyPassword string + // Path to a previously built package used as the basis for creating a differential package + DifferentialPackagePath string + // A map of domains to override on package create when pulling images + RegistryOverrides map[string]string + // An optional variant that controls which components will be included in a package + Flavor string + // Whether to create a skeleton package + IsSkeleton bool + // Whether to create a YOLO package + NoYOLO bool } // ZarfSplitPackageData contains info about a split package. type ZarfSplitPackageData struct { - Sha256Sum string `json:"sha256Sum" jsonschema:"description=The sha256sum of the package"` - Bytes int64 `json:"bytes" jsonschema:"description=The size of the package in bytes"` - Count int `json:"count" jsonschema:"description=The number of parts the package is split into"` -} - -// ConnectString contains information about a connection made with Zarf connect. -type ConnectString struct { - Description string `json:"description" jsonschema:"description=Descriptive text that explains what the resource you would be connecting to is used for"` - URL string `json:"url" jsonschema:"description=URL path that gets appended to the k8s port-forward result"` + // The sha256sum of the package + Sha256Sum string + // The size of the package in bytes + Bytes int64 + // The number of parts the package is split into + Count int } -// ConnectStrings is a map of connect names to connection information. -type ConnectStrings map[string]ConnectString - // DifferentialData contains image and repository information about the package a Differential Package is Based on. type DifferentialData struct { DifferentialImages map[string]bool DifferentialRepos map[string]bool DifferentialPackageVersion string } - -// PackageFinding is a struct that contains a finding about something wrong with a package -type PackageFinding struct { - // YqPath is the path to the key where the error originated from, this is sometimes empty in the case of a general error - YqPath string - Description string - // Item is the value of a key that is causing an error, for example a bad image name - Item string - // PackageNameOverride shows the name of the package that the error originated from - // If it is not set the base package will be used when displaying the error - PackageNameOverride string - // PackagePathOverride shows the path to the package that the error originated from - // If it is not set the base package will be used when displaying the error - PackagePathOverride string - Severity Severity -} - -// Severity is the type of package error -// Either Err or Warning -type Severity int - -// different severities of package errors -const ( - SevErr Severity = iota + 1 - SevWarn -) diff --git a/zarf.schema.json b/zarf.schema.json index b5c7a971d4..f4a0690553 100644 --- a/zarf.schema.json +++ b/zarf.schema.json @@ -6,29 +6,29 @@ "properties": { "version": { "type": "string", - "description": "The version of Big Bang to use" + "description": "The version of Big Bang to use." }, "repo": { "type": "string", - "description": "Override repo to pull Big Bang from instead of Repo One" + "description": "Override repo to pull Big Bang from instead of Repo One." }, "valuesFiles": { "items": { "type": "string" }, "type": "array", - "description": "The list of values files to pass to Big Bang; these will be merged together" + "description": "The list of values files to pass to Big Bang; these will be merged together." }, "skipFlux": { "type": "boolean", - "description": "Whether to skip deploying flux; Defaults to false" + "description": "Whether to skip deploying flux; Defaults to false." }, "fluxPatchFiles": { "items": { "type": "string" }, "type": "array", - "description": "Optional paths to Flux kustomize strategic merge patch files" + "description": "Optional paths to Flux kustomize strategic merge patch files." } }, "additionalProperties": false, @@ -36,6 +36,7 @@ "required": [ "version" ], + "description": "BigBang holds the configuration for the Big Bang extension.", "patternProperties": { "^x-": {} } @@ -70,6 +71,7 @@ "name", "value" ], + "description": "Constant are constants that can be used to dynamically template K8s resources or run in actions.", "patternProperties": { "^x-": {} } @@ -78,40 +80,41 @@ "properties": { "showOutput": { "type": "boolean", - "description": "Show the output of the script during package deployment" + "description": "Show the output of the script during package deployment." }, "timeoutSeconds": { "type": "integer", - "description": "Timeout in seconds for the script" + "description": "Timeout in seconds for the script." }, "retry": { "type": "boolean", - "description": "Retry the script if it fails" + "description": "Retry the script if it fails." }, "prepare": { "items": { "type": "string" }, "type": "array", - "description": "Scripts to run before the component is added during package create" + "description": "Scripts to run before the component is added during package create." }, "before": { "items": { "type": "string" }, "type": "array", - "description": "Scripts to run before the component is deployed" + "description": "Scripts to run before the component is deployed." }, "after": { "items": { "type": "string" }, "type": "array", - "description": "Scripts to run after the component successfully deploys" + "description": "Scripts to run after the component successfully deploys." } }, "additionalProperties": false, "type": "object", + "description": "DeprecatedZarfComponentScripts are scripts that run before or after a component is deployed.", "patternProperties": { "^x-": {} } @@ -161,6 +164,7 @@ "required": [ "name" ], + "description": "InteractiveVariable is a variable that can be used to prompt a user for more information", "patternProperties": { "^x-": {} } @@ -241,6 +245,7 @@ "required": [ "name" ], + "description": "Variable represents a variable that has a value set programmatically", "patternProperties": { "^x-": {} } @@ -249,60 +254,60 @@ "properties": { "terminal": { "type": "string", - "description": "The machine name that created this package" + "description": "The machine name that created this package." }, "user": { "type": "string", - "description": "The username who created this package" + "description": "The username who created this package." }, "architecture": { "type": "string", - "description": "The architecture this package was created on" + "description": "The architecture this package was created on." }, "timestamp": { "type": "string", - "description": "The timestamp when this package was created" + "description": "The timestamp when this package was created." }, "version": { "type": "string", - "description": "The version of Zarf used to build this package" + "description": "The version of Zarf used to build this package." }, "migrations": { "items": { "type": "string" }, "type": "array", - "description": "Any migrations that have been run on this package" + "description": "Any migrations that have been run on this package." }, "registryOverrides": { "additionalProperties": { "type": "string" }, "type": "object", - "description": "Any registry domains that were overridden on package create when pulling images" + "description": "Any registry domains that were overridden on package create when pulling images." }, "differential": { "type": "boolean", - "description": "Whether this package was created with differential components" + "description": "Whether this package was created with differential components." }, "differentialPackageVersion": { "type": "string", - "description": "Version of a previously built package used as the basis for creating this differential package" + "description": "Version of a previously built package used as the basis for creating this differential package." }, "differentialMissing": { "items": { "type": "string" }, "type": "array", - "description": "List of components that were not included in this package due to differential packaging" + "description": "List of components that were not included in this package due to differential packaging." }, "lastNonBreakingVersion": { "type": "string", - "description": "The minimum version of Zarf that does not have breaking package structure changes" + "description": "The minimum version of Zarf that does not have breaking package structure changes." }, "flavor": { "type": "string", - "description": "The flavor of Zarf used to build this package" + "description": "The flavor of Zarf used to build this package." } }, "additionalProperties": false, @@ -314,6 +319,7 @@ "timestamp", "version" ], + "description": "ZarfBuildData is written during the packager.Create() operation to track details of the created package.", "patternProperties": { "^x-": {} } @@ -322,15 +328,15 @@ "properties": { "name": { "type": "string", - "description": "The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo" + "description": "The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo." }, "version": { "type": "string", - "description": "The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos')" + "description": "The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos')." }, "url": { "type": "string", - "description": "The URL of the OCI registry, chart repository, or git repo where the helm chart is stored", + "description": "The URL of the OCI registry, chart repository, or git repo where the helm chart is stored.", "examples": [ "OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo", "helm chart repo: https://stefanprodan.github.io/podinfo", @@ -339,44 +345,44 @@ }, "repoName": { "type": "string", - "description": "The name of a chart within a Helm repository (defaults to the Zarf name of the chart)" + "description": "The name of a chart within a Helm repository (defaults to the Zarf name of the chart)." }, "gitPath": { "type": "string", - "description": "(git repo only) The sub directory to the chart within a git repo", + "description": "(git repo only) The sub directory to the chart within a git repo.", "examples": [ "charts/your-chart" ] }, "localPath": { "type": "string", - "description": "The path to a local chart's folder or .tgz archive" + "description": "The path to a local chart's folder or .tgz archive." }, "namespace": { "type": "string", - "description": "The namespace to deploy the chart to" + "description": "The namespace to deploy the chart to." }, "releaseName": { "type": "string", - "description": "The name of the Helm release to create (defaults to the Zarf name of the chart)" + "description": "The name of the Helm release to create (defaults to the Zarf name of the chart)." }, "noWait": { "type": "boolean", - "description": "Whether to not wait for chart resources to be ready before continuing" + "description": "Whether to not wait for chart resources to be ready before continuing." }, "valuesFiles": { "items": { "type": "string" }, "type": "array", - "description": "List of local values file paths or remote URLs to include in the package; these will be merged together when deployed" + "description": "List of local values file paths or remote URLs to include in the package; these will be merged together when deployed." }, "variables": { "items": { "$ref": "#/$defs/ZarfChartVariable" }, "type": "array", - "description": "[alpha] List of variables to set in the Helm chart" + "description": "[alpha] List of variables to set in the Helm chart." } }, "additionalProperties": false, @@ -384,6 +390,7 @@ "required": [ "name" ], + "description": "ZarfChart defines a helm chart to be deployed.", "patternProperties": { "^x-": {} } @@ -393,15 +400,15 @@ "name": { "type": "string", "pattern": "^[A-Z0-9_]+$", - "description": "The name of the variable" + "description": "The name of the variable." }, "description": { "type": "string", - "description": "A brief description of what the variable controls" + "description": "A brief description of what the variable controls." }, "path": { "type": "string", - "description": "The path within the Helm chart values where this variable applies" + "description": "The path within the Helm chart values where this variable applies." } }, "additionalProperties": false, @@ -411,6 +418,7 @@ "description", "path" ], + "description": "ZarfChartVariable represents a variable that can be set for a Helm chart overrides.", "patternProperties": { "^x-": {} } @@ -420,23 +428,23 @@ "name": { "type": "string", "pattern": "^[a-z0-9][a-z0-9\\-]*$", - "description": "The name of the component" + "description": "The name of the component." }, "description": { "type": "string", - "description": "Message to include during package deploy describing the purpose of this component" + "description": "Message to include during package deploy describing the purpose of this component." }, "default": { "type": "boolean", - "description": "Determines the default Y/N state for installing this component on package deploy" + "description": "Determines the default Y/N state for installing this component on package deploy." }, "required": { "type": "boolean", - "description": "Do not prompt user to install this component" + "description": "Do not prompt user to install this component." }, "only": { "$ref": "#/$defs/ZarfComponentOnlyTarget", - "description": "Filter when this component is included in package creation or deployment" + "description": "Filter when this component is included in package creation or deployment." }, "group": { "type": "string", @@ -448,61 +456,61 @@ }, "import": { "$ref": "#/$defs/ZarfComponentImport", - "description": "Import a component from another Zarf package" + "description": "Import a component from another Zarf package." }, "manifests": { "items": { "$ref": "#/$defs/ZarfManifest" }, "type": "array", - "description": "Kubernetes manifests to be included in a generated Helm chart on package deploy" + "description": "Kubernetes manifests to be included in a generated Helm chart on package deploy." }, "charts": { "items": { "$ref": "#/$defs/ZarfChart" }, "type": "array", - "description": "Helm charts to install during package deploy" + "description": "Helm charts to install during package deploy." }, "dataInjections": { "items": { "$ref": "#/$defs/ZarfDataInjection" }, "type": "array", - "description": "Datasets to inject into a container in the target cluster" + "description": "Datasets to inject into a container in the target cluster." }, "files": { "items": { "$ref": "#/$defs/ZarfFile" }, "type": "array", - "description": "Files or folders to place on disk during package deployment" + "description": "Files or folders to place on disk during package deployment." }, "images": { "items": { "type": "string" }, "type": "array", - "description": "List of OCI images to include in the package" + "description": "List of OCI images to include in the package." }, "repos": { "items": { "type": "string" }, "type": "array", - "description": "List of git repos to include in the package" + "description": "List of git repos to include in the package." }, "extensions": { "$ref": "#/$defs/ZarfComponentExtensions", - "description": "Extend component functionality with additional features" + "description": "Extend component functionality with additional features." }, "scripts": { "$ref": "#/$defs/DeprecatedZarfComponentScripts", - "description": "[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0." + "description": "[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0." }, "actions": { "$ref": "#/$defs/ZarfComponentActions", - "description": "Custom commands to run at various stages of a package lifecycle" + "description": "Custom commands to run at various stages of a package lifecycle." } }, "additionalProperties": false, @@ -510,6 +518,7 @@ "required": [ "name" ], + "description": "ZarfComponent is the primary functional grouping of assets to deploy by Zarf.", "patternProperties": { "^x-": {} } @@ -518,26 +527,26 @@ "properties": { "mute": { "type": "boolean", - "description": "Hide the output of the command during package deployment (default false)" + "description": "Hide the output of the command during package deployment (default false)." }, "maxTotalSeconds": { "type": "integer", - "description": "Timeout in seconds for the command (default to 0" + "description": "Timeout in seconds for the command (default to 0, no timeout for cmd actions and 300, 5 minutes for wait actions)." }, "maxRetries": { "type": "integer", - "description": "Retry the command if it fails up to given number of times (default 0)" + "description": "Retry the command if it fails up to given number of times (default 0)." }, "dir": { "type": "string", - "description": "The working directory to run the command in (default is CWD)" + "description": "The working directory to run the command in (default is CWD)." }, "env": { "items": { "type": "string" }, "type": "array", - "description": "Additional environment variables to set for the command" + "description": "Additional environment variables to set for the command." }, "cmd": { "type": "string", @@ -545,12 +554,12 @@ }, "shell": { "$ref": "#/$defs/Shell", - "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems" + "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems." }, "setVariable": { "type": "string", "pattern": "^[A-Z0-9_]+$", - "description": "[Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0" + "description": "[Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0." }, "setVariables": { "items": { @@ -561,7 +570,7 @@ }, "description": { "type": "string", - "description": "Description of the action to be displayed during package execution instead of the command" + "description": "Description of the action to be displayed during package execution instead of the command." }, "wait": { "$ref": "#/$defs/ZarfComponentActionWait", @@ -570,6 +579,7 @@ }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentAction represents a single action to run during a zarf package operation.", "patternProperties": { "^x-": {} } @@ -578,34 +588,35 @@ "properties": { "mute": { "type": "boolean", - "description": "Hide the output of commands during execution (default false)" + "description": "Hide the output of commands during execution (default false)." }, "maxTotalSeconds": { "type": "integer", - "description": "Default timeout in seconds for commands (default to 0" + "description": "Default timeout in seconds for commands (default to 0, no timeout)." }, "maxRetries": { "type": "integer", - "description": "Retry commands given number of times if they fail (default 0)" + "description": "Retry commands given number of times if they fail (default 0)." }, "dir": { "type": "string", - "description": "Working directory for commands (default CWD)" + "description": "Working directory for commands (default CWD)." }, "env": { "items": { "type": "string" }, "type": "array", - "description": "Additional environment variables for commands" + "description": "Additional environment variables for commands." }, "shell": { "$ref": "#/$defs/Shell", - "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems" + "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActionDefaults sets the default configs for child actions.", "patternProperties": { "^x-": {} } @@ -614,39 +625,40 @@ "properties": { "defaults": { "$ref": "#/$defs/ZarfComponentActionDefaults", - "description": "Default configuration for all actions in this set" + "description": "Default configuration for all actions in this set." }, "before": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run at the start of an operation" + "description": "Actions to run at the start of an operation." }, "after": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run at the end of an operation" + "description": "Actions to run at the end of an operation." }, "onSuccess": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run if all operations succeed" + "description": "Actions to run if all operations succeed." }, "onFailure": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run if all operations fail" + "description": "Actions to run if all operations fail." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActionSet is a set of actions to run during a zarf package operation.", "patternProperties": { "^x-": {} } @@ -664,6 +676,7 @@ }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActionWait specifies a condition to wait for before continuing", "patternProperties": { "^x-": {} } @@ -672,27 +685,27 @@ "properties": { "kind": { "type": "string", - "description": "The kind of resource to wait for", + "description": "The kind of resource to wait for.", "examples": [ "Pod", - "Deployment)" + "Deployment" ] }, "name": { "type": "string", - "description": "The name of the resource or selector to wait for", + "description": "The name of the resource or selector to wait for.", "examples": [ "podinfo", - "app=podinfo" + "app=podinfo" ] }, "namespace": { "type": "string", - "description": "The namespace of the resource to wait for" + "description": "The namespace of the resource to wait for." }, "condition": { "type": "string", - "description": "The condition or jsonpath state to wait for; defaults to exist", + "description": "The condition or jsonpath state to wait for; defaults to exist, a special condition that will wait for the resource to exist.", "examples": [ "Ready", "Available" @@ -705,6 +718,7 @@ "kind", "name" ], + "description": "ZarfComponentActionWaitCluster specifies a condition to wait for before continuing", "patternProperties": { "^x-": {} } @@ -718,11 +732,11 @@ "http", "https" ], - "description": "The protocol to wait for" + "description": "The protocol to wait for." }, "address": { "type": "string", - "description": "The address to wait for", + "description": "The address to wait for.", "examples": [ "localhost:8080", "1.1.1.1" @@ -730,7 +744,7 @@ }, "code": { "type": "integer", - "description": "The HTTP status code to wait for if using http or https", + "description": "The HTTP status code to wait for if using http or https.", "examples": [ 200, 404 @@ -743,6 +757,7 @@ "protocol", "address" ], + "description": "ZarfComponentActionWaitNetwork specifies a condition to wait for before continuing", "patternProperties": { "^x-": {} } @@ -751,19 +766,20 @@ "properties": { "onCreate": { "$ref": "#/$defs/ZarfComponentActionSet", - "description": "Actions to run during package creation" + "description": "Actions to run during package creation." }, "onDeploy": { "$ref": "#/$defs/ZarfComponentActionSet", - "description": "Actions to run during package deployment" + "description": "Actions to run during package deployment." }, "onRemove": { "$ref": "#/$defs/ZarfComponentActionSet", - "description": "Actions to run during package removal" + "description": "Actions to run during package removal." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActions are ActionSets that map to different zarf package operations.", "patternProperties": { "^x-": {} } @@ -772,11 +788,12 @@ "properties": { "bigbang": { "$ref": "#/$defs/BigBang", - "description": "Configurations for installing Big Bang and Flux in the cluster" + "description": "Configurations for installing Big Bang and Flux in the cluster." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentExtensions is a struct that contains all the official extensions.", "patternProperties": { "^x-": {} } @@ -785,14 +802,14 @@ "properties": { "name": { "type": "string", - "description": "The name of the component to import from the referenced zarf.yaml" + "description": "The name of the component to import from the referenced zarf.yaml." }, "path": { "not": { "pattern": "###ZARF_PKG_TMPL_" }, "type": "string", - "description": "The relative path to a directory containing a zarf.yaml to import from" + "description": "The path to the directory containing the zarf.yaml to import." }, "url": { "not": { @@ -800,11 +817,12 @@ }, "type": "string", "pattern": "^oci://.*$", - "description": "[beta] The URL to a Zarf package to import via OCI" + "description": "[beta] The URL to a Zarf package to import via OCI." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentImport structure for including imported Zarf components.", "patternProperties": { "^x-": {} } @@ -817,7 +835,7 @@ "amd64", "arm64" ], - "description": "Only create and deploy to clusters of the given architecture" + "description": "Only create and deploy to clusters of the given architecture." }, "distros": { "items": { @@ -828,11 +846,12 @@ ] }, "type": "array", - "description": "A list of kubernetes distros this package works with (Reserved for future use)" + "description": "A list of kubernetes distros this package works with (Reserved for future use)." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentOnlyCluster represents the architecture and K8s cluster distribution to filter on.", "patternProperties": { "^x-": {} } @@ -846,19 +865,20 @@ "darwin", "windows" ], - "description": "Only deploy component to specified OS" + "description": "Only deploy component to specified OS." }, "cluster": { "$ref": "#/$defs/ZarfComponentOnlyCluster", - "description": "Only deploy component to specified clusters" + "description": "Only deploy component to specified clusters." }, "flavor": { "type": "string", - "description": "Only include this component when a matching '--flavor' is specified on 'zarf package create'" + "description": "Only include this component when a matching '--flavor' is specified on 'zarf package create'." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentOnlyTarget filters a component to only show it for a given local OS and cluster.", "patternProperties": { "^x-": {} } @@ -867,22 +887,22 @@ "properties": { "namespace": { "type": "string", - "description": "The namespace to target for data injection" + "description": "The namespace to target for data injection." }, "selector": { "type": "string", - "description": "The K8s selector to target for data injection", + "description": "The K8s selector to target for data injection.", "examples": [ - "app=data-injection" + "app=data-injection" ] }, "container": { "type": "string", - "description": "The container name to target for data injection" + "description": "The container name to target for data injection." }, "path": { "type": "string", - "description": "The path within the container to copy the data into" + "description": "The path within the container to copy the data into." } }, "additionalProperties": false, @@ -893,6 +913,7 @@ "container", "path" ], + "description": "ZarfContainerTarget defines the destination info for a ZarfData target", "patternProperties": { "^x-": {} } @@ -901,15 +922,15 @@ "properties": { "source": { "type": "string", - "description": "Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container" + "description": "Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container." }, "target": { "$ref": "#/$defs/ZarfContainerTarget", - "description": "The target pod + container to inject the data into" + "description": "The target pod + container to inject the data into." }, "compress": { "type": "boolean", - "description": "Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image." + "description": "Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image." } }, "additionalProperties": false, @@ -918,6 +939,7 @@ "source", "target" ], + "description": "ZarfDataInjection is a data-injection definition.", "patternProperties": { "^x-": {} } @@ -926,30 +948,30 @@ "properties": { "source": { "type": "string", - "description": "Local folder or file path or remote URL to pull into the package" + "description": "Local folder or file path or remote URL to pull into the package." }, "shasum": { "type": "string", - "description": "(files only) Optional SHA256 checksum of the file" + "description": "(files only) Optional SHA256 checksum of the file." }, "target": { "type": "string", - "description": "The absolute or relative path where the file or folder should be copied to during package deploy" + "description": "The absolute or relative path where the file or folder should be copied to during package deploy." }, "executable": { "type": "boolean", - "description": "(files only) Determines if the file should be made executable during package deploy" + "description": "(files only) Determines if the file should be made executable during package deploy." }, "symlinks": { "items": { "type": "string" }, "type": "array", - "description": "List of symlinks to create during package deploy" + "description": "List of symlinks to create during package deploy." }, "extractPath": { "type": "string", - "description": "Local folder or file to be extracted from a 'source' archive" + "description": "Local folder or file to be extracted from a 'source' archive." } }, "additionalProperties": false, @@ -958,6 +980,7 @@ "source", "target" ], + "description": "ZarfFile defines a file to deploy.", "patternProperties": { "^x-": {} } @@ -966,33 +989,33 @@ "properties": { "name": { "type": "string", - "description": "A name to give this collection of manifests; this will become the name of the dynamically-created helm chart" + "description": "A name to give this collection of manifests; this will become the name of the dynamically-created helm chart." }, "namespace": { "type": "string", - "description": "The namespace to deploy the manifests to" + "description": "The namespace to deploy the manifests to." }, "files": { "items": { "type": "string" }, "type": "array", - "description": "List of local K8s YAML files or remote URLs to deploy (in order)" + "description": "List of local K8s YAML files or remote URLs to deploy (in order)." }, "kustomizeAllowAnyDirectory": { "type": "boolean", - "description": "Allow traversing directory above the current directory if needed for kustomization" + "description": "Allow traversing directory above the current directory if needed for kustomization." }, "kustomizations": { "items": { "type": "string" }, "type": "array", - "description": "List of local kustomization paths or remote URLs to include in the package" + "description": "List of local kustomization paths or remote URLs to include in the package." }, "noWait": { "type": "boolean", - "description": "Whether to not wait for manifest resources to be ready before continuing" + "description": "Whether to not wait for manifest resources to be ready before continuing." } }, "additionalProperties": false, @@ -1000,6 +1023,7 @@ "required": [ "name" ], + "description": "ZarfManifest defines raw manifests Zarf will deploy as a helm chart.", "patternProperties": { "^x-": {} } @@ -1009,31 +1033,31 @@ "name": { "type": "string", "pattern": "^[a-z0-9][a-z0-9\\-]*$", - "description": "Name to identify this Zarf package" + "description": "Name to identify this Zarf package." }, "description": { "type": "string", - "description": "Additional information about this package" + "description": "Additional information about this package." }, "version": { "type": "string", - "description": "Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with)" + "description": "Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with)." }, "url": { "type": "string", - "description": "Link to package information when online" + "description": "Link to package information when online." }, "image": { "type": "string", - "description": "An image URL to embed in this package (Reserved for future use in Zarf UI)" + "description": "An image URL to embed in this package (Reserved for future use in Zarf UI)." }, "uncompressed": { "type": "boolean", - "description": "Disable compression of this package" + "description": "Disable compression of this package." }, "architecture": { "type": "string", - "description": "The target cluster architecture for this package", + "description": "The target cluster architecture for this package.", "examples": [ "arm64", "amd64" @@ -1045,18 +1069,18 @@ }, "authors": { "type": "string", - "description": "Comma-separated list of package authors (including contact info)", + "description": "Comma-separated list of package authors (including contact info).", "examples": [ "Doug <hello@defenseunicorns.com>, Pepr <hello@defenseunicorns.com>" ] }, "documentation": { "type": "string", - "description": "Link to package documentation when online" + "description": "Link to package documentation when online." }, "source": { "type": "string", - "description": "Link to package source code when online" + "description": "Link to package source code when online." }, "vendor": { "type": "string", @@ -1072,6 +1096,7 @@ "required": [ "name" ], + "description": "ZarfMetadata lists information about the current ZarfPackage.", "patternProperties": { "^x-": {} } @@ -1084,16 +1109,16 @@ "ZarfInitConfig", "ZarfPackageConfig" ], - "description": "The kind of Zarf package", + "description": "The kind of Zarf package.", "default": "ZarfPackageConfig" }, "metadata": { "$ref": "#/$defs/ZarfMetadata", - "description": "Package metadata" + "description": "Package metadata." }, "build": { "$ref": "#/$defs/ZarfBuildData", - "description": "Zarf-generated package build data" + "description": "Zarf-generated package build data." }, "components": { "items": { @@ -1101,21 +1126,21 @@ }, "type": "array", "minItems": 1, - "description": "List of components to deploy in this package" + "description": "List of components to deploy in this package." }, "constants": { "items": { "$ref": "#/$defs/Constant" }, "type": "array", - "description": "Constant template values applied on deploy for K8s resources" + "description": "Constant template values applied on deploy for K8s resources." }, "variables": { "items": { "$ref": "#/$defs/InteractiveVariable" }, "type": "array", - "description": "Variable template values applied on deploy for K8s resources" + "description": "Variable template values applied on deploy for K8s resources." } }, "additionalProperties": false, @@ -1124,6 +1149,7 @@ "kind", "components" ], + "description": "ZarfPackage the top-level structure of a Zarf config file.", "patternProperties": { "^x-": {} } From 44fc6b76cc57e5a354e67e65c38a00bf98d4cf63 Mon Sep 17 00:00:00 2001 From: James Gardner Date: Wed, 31 Jul 2024 09:01:14 -0500 Subject: [PATCH 07/25] fix: detect invalid helm release names (#2784) Signed-off-by: jamestexas --- src/types/validate.go | 33 ++++++++++++- src/types/validate_test.go | 97 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 125 insertions(+), 5 deletions(-) diff --git a/src/types/validate.go b/src/types/validate.go index e045e69520..05289a1781 100644 --- a/src/types/validate.go +++ b/src/types/validate.go @@ -9,14 +9,18 @@ import ( "fmt" "path/filepath" "regexp" + "strings" "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config/lang" + "k8s.io/apimachinery/pkg/util/validation" ) const ( // ZarfMaxChartNameLength limits helm chart name size to account for K8s/helm limits and zarf prefix - ZarfMaxChartNameLength = 40 + ZarfMaxChartNameLength = 40 + errChartReleaseNameEmpty = "release name empty, unable to fallback to chart name" + errChartReleaseNameInvalid = "invalid release name %s: a DNS-1035 label must consist of lower case alphanumeric characters or -, start with an alphabetic character, and end with an alphanumeric character" ) var ( @@ -252,6 +256,29 @@ func (action ZarfComponentAction) Validate() error { return err } +// validateReleaseName validates a release name against DNS 1035 spec, using chartName as fallback. +// https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#rfc-1035-label-names +func validateReleaseName(chartName, releaseName string) (err error) { + // Fallback to chartName if releaseName is empty + // NOTE: Similar fallback mechanism happens in src/internal/packager/helm/chart.go:InstallOrUpgradeChart + if releaseName == "" { + releaseName = chartName + } + + // Check if the final releaseName is empty and return an error if so + if releaseName == "" { + err = fmt.Errorf(errChartReleaseNameEmpty) + return + } + + // Validate the releaseName against DNS 1035 label spec + if errs := validation.IsDNS1035Label(releaseName); len(errs) > 0 { + err = fmt.Errorf("invalid release name '%s': %s", releaseName, strings.Join(errs, "; ")) + } + + return +} + // Validate runs all validation checks on a chart. func (chart ZarfChart) Validate() error { var err error @@ -277,6 +304,10 @@ func (chart ZarfChart) Validate() error { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrChartVersion, chart.Name)) } + if nameErr := validateReleaseName(chart.Name, chart.ReleaseName); nameErr != nil { + err = errors.Join(err, nameErr) + } + return err } diff --git a/src/types/validate_test.go b/src/types/validate_test.go index b0ebc60e8f..28895a8df8 100644 --- a/src/types/validate_test.go +++ b/src/types/validate_test.go @@ -186,17 +186,82 @@ func TestValidateManifest(t *testing.T) { } } +func TestValidateReleaseName(t *testing.T) { + tests := []struct { + name string + chartName string + releaseName string + expectError bool + errorSubstring string + }{ + { + name: "valid releaseName with hyphens", + chartName: "chart", + releaseName: "valid-release-hyphenated", + expectError: false, + }, + { + name: "valid releaseName with numbers", + chartName: "chart", + releaseName: "valid-0470", + expectError: false, + }, + { + name: "invalid releaseName with periods", + chartName: "chart", + releaseName: "namedwithperiods-a.b.c", + expectError: true, + errorSubstring: "invalid release name 'namedwithperiods-a.b.c'", + }, + { + name: "empty releaseName, valid chartName", + chartName: "valid-chart", + releaseName: "", + expectError: false, + }, + { + name: "empty releaseName and chartName", + chartName: "", + releaseName: "", + expectError: true, + errorSubstring: errChartReleaseNameEmpty, + }, + { + name: "empty releaseName, invalid chartName", + chartName: "invalid_chart!", + releaseName: "", + expectError: true, + errorSubstring: "invalid release name 'invalid_chart!'", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + err := validateReleaseName(tt.chartName, tt.releaseName) + if tt.expectError { + require.Error(t, err) + require.Contains(t, err.Error(), tt.errorSubstring) + } else { + require.NoError(t, err) + } + }) + } +} + func TestValidateChart(t *testing.T) { t.Parallel() longName := strings.Repeat("a", ZarfMaxChartNameLength+1) tests := []struct { + name string chart ZarfChart expectedErrs []string - name string + partialMatch bool }{ { name: "valid", - chart: ZarfChart{Name: "chart1", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0"}, + chart: ZarfChart{Name: "chart1", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0", ReleaseName: "this-is-valid"}, expectedErrs: nil, }, { @@ -222,6 +287,22 @@ func TestValidateChart(t *testing.T) { fmt.Sprintf(lang.PkgValidateErrChartURLOrPath, "invalid"), }, }, + { + name: "invalid releaseName", + chart: ZarfChart{ReleaseName: "namedwithperiods-0.47.0", Name: "releaseName", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0"}, + expectedErrs: []string{"invalid release name 'namedwithperiods-0.47.0'"}, + partialMatch: true, + }, + { + name: "missing releaseName fallsback to name", + chart: ZarfChart{Name: "chart3", Namespace: "namespace", URL: "http://whatever", Version: "v1.0.0"}, + expectedErrs: nil, + }, + { + name: "missing name and releaseName", + chart: ZarfChart{Namespace: "namespace", URL: "http://whatever", Version: "v1.0.0"}, + expectedErrs: []string{errChartReleaseNameEmpty}, + }, } for _, tt := range tests { tt := tt @@ -232,8 +313,16 @@ func TestValidateChart(t *testing.T) { require.NoError(t, err) return } - errs := strings.Split(err.Error(), "\n") - require.ElementsMatch(t, tt.expectedErrs, errs) + require.Error(t, err) + errString := err.Error() + if tt.partialMatch { + for _, expectedErr := range tt.expectedErrs { + require.Contains(t, errString, expectedErr) + } + } else { + errs := strings.Split(errString, "\n") + require.ElementsMatch(t, tt.expectedErrs, errs) + } }) } } From 6c5e914b017a0e05c16a3afd21017640f5412581 Mon Sep 17 00:00:00 2001 From: Philip Laine Date: Wed, 31 Jul 2024 16:19:30 +0200 Subject: [PATCH 08/25] refactor: move gitea code to separate package (#2785) Signed-off-by: Philip Laine --- src/cmd/internal.go | 80 ++++-- src/cmd/tools/zarf.go | 55 ++++- src/config/config.go | 2 - src/internal/gitea/gitea.go | 195 +++++++++++++++ src/internal/gitea/gitea_test.go | 20 ++ src/internal/packager/git/gitea.go | 322 ------------------------- src/internal/packager/git/push.go | 19 -- src/pkg/cluster/pvc.go | 45 ++++ src/pkg/cluster/pvc_test.go | 63 +++++ src/pkg/packager/deploy.go | 29 ++- src/test/e2e/22_git_and_gitops_test.go | 39 ++- 11 files changed, 477 insertions(+), 392 deletions(-) create mode 100644 src/internal/gitea/gitea.go create mode 100644 src/internal/gitea/gitea_test.go delete mode 100644 src/internal/packager/git/gitea.go create mode 100644 src/pkg/cluster/pvc.go create mode 100644 src/pkg/cluster/pvc_test.go diff --git a/src/cmd/internal.go b/src/cmd/internal.go index 3d77c01190..d212445cde 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -21,7 +21,7 @@ import ( "github.com/zarf-dev/zarf/src/cmd/common" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/internal/agent" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/types" @@ -232,8 +232,29 @@ var createReadOnlyGiteaUser = &cobra.Command{ if err != nil { return err } - if err = git.New(state.GitServer).CreateReadOnlyUser(cmd.Context()); err != nil { - return fmt.Errorf("unable to create a read only user in Gitea: %w", err) + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, state.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + err = giteaClient.CreateReadOnlyUser(cmd.Context(), state.GitServer.PullUsername, state.GitServer.PullPassword) + if err != nil { + return err + } + return nil + }) + if err != nil { + return err } return nil }, @@ -255,17 +276,37 @@ var createPackageRegistryToken = &cobra.Command{ if err != nil { return err } - if !state.ArtifactServer.InternalServer { - return nil - } - token, err := git.New(state.GitServer).CreatePackageRegistryToken(ctx) - if err != nil { - return fmt.Errorf("unable to create an artifact registry token for Gitea: %w", err) - } - state.ArtifactServer.PushToken = token.Sha1 - err = c.SaveZarfState(ctx, state) - if err != nil { - return err + + // If we are setup to use an internal artifact server, create the artifact registry token + if state.ArtifactServer.InternalServer { + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, state.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + tokenSha1, err := giteaClient.CreatePackageRegistryToken(ctx) + if err != nil { + return fmt.Errorf("unable to create an artifact registry token for Gitea: %w", err) + } + state.ArtifactServer.PushToken = tokenSha1 + return nil + }) + if err != nil { + return err + } + if err := c.SaveZarfState(ctx, state); err != nil { + return err + } } return nil }, @@ -275,16 +316,21 @@ var updateGiteaPVC = &cobra.Command{ Use: "update-gitea-pvc", Short: lang.CmdInternalUpdateGiteaPVCShort, Long: lang.CmdInternalUpdateGiteaPVCLong, - Run: func(cmd *cobra.Command, _ []string) { + RunE: func(cmd *cobra.Command, _ []string) error { ctx := cmd.Context() + pvcName := os.Getenv("ZARF_VAR_GIT_SERVER_EXISTING_PVC") + c, err := cluster.NewCluster() + if err != nil { + return err + } // There is a possibility that the pvc does not yet exist and Gitea helm chart should create it - helmShouldCreate, err := git.UpdateGiteaPVC(ctx, rollback) + helmShouldCreate, err := c.UpdateGiteaPVC(ctx, pvcName, rollback) if err != nil { message.WarnErr(err, lang.CmdInternalUpdateGiteaPVCErr) } - fmt.Print(helmShouldCreate) + return nil }, } diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 3f97be20eb..56198fe8ef 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -21,7 +21,7 @@ import ( "github.com/zarf-dev/zarf/src/cmd/common" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/template" "github.com/zarf-dev/zarf/src/pkg/cluster" @@ -149,13 +149,31 @@ var updateCredsCmd = &cobra.Command{ // Update artifact token (if internal) if slices.Contains(args, message.ArtifactKey) && newState.ArtifactServer.PushToken == "" && newState.ArtifactServer.InternalServer { - g := git.New(oldState.GitServer) - tokenResponse, err := g.CreatePackageRegistryToken(ctx) + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, oldState.GitServer.PushUsername, oldState.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + tokenSha1, err := giteaClient.CreatePackageRegistryToken(ctx) + if err != nil { + return err + } + newState.ArtifactServer.PushToken = tokenSha1 + return nil + }) if err != nil { // Warn if we couldn't actually update the git server (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableCreateToken, err.Error()) - } else { - newState.ArtifactServer.PushToken = tokenResponse.Sha1 } } @@ -176,8 +194,31 @@ var updateCredsCmd = &cobra.Command{ } } if slices.Contains(args, message.GitKey) && newState.GitServer.InternalServer { - g := git.New(newState.GitServer) - err = g.UpdateZarfGiteaUsers(ctx, oldState) + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, oldState.GitServer.PushUsername, oldState.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + err := giteaClient.UpdateGitUser(ctx, newState.GitServer.PullUsername, newState.GitServer.PullPassword) + if err != nil { + return err + } + err = giteaClient.UpdateGitUser(ctx, newState.GitServer.PushUsername, newState.GitServer.PushPassword) + if err != nil { + return err + } + return nil + }) if err != nil { // Warn if we couldn't actually update the git server (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateGit, err.Error()) diff --git a/src/config/config.go b/src/config/config.go index dc60ea2fd8..4a4001dce6 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -32,8 +32,6 @@ const ( // Zarf Constants for In-Cluster Services. const ( - ZarfArtifactTokenName = "zarf-artifact-registry-token" - ZarfImagePullSecretName = "private-registry" ZarfGitServerSecretName = "private-git-server" diff --git a/src/internal/gitea/gitea.go b/src/internal/gitea/gitea.go new file mode 100644 index 0000000000..94244d03f1 --- /dev/null +++ b/src/internal/gitea/gitea.go @@ -0,0 +1,195 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package gitea contains Gitea client specific functionality. +package gitea + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "time" +) + +const artifactTokenName = "zarf-artifact-registry-token" + +// Client is a client that communicates with the Gitea API. +type Client struct { + httpClient *http.Client + endpoint *url.URL + username string + password string +} + +// NewClient creates and returns a new Gitea client. +func NewClient(endpoint, username, password string) (*Client, error) { + u, err := url.Parse(endpoint) + if err != nil { + return nil, err + } + transport := http.DefaultTransport.(*http.Transport).Clone() + transport.MaxIdleConnsPerHost = transport.MaxIdleConns + httpClient := &http.Client{ + Timeout: 10 * time.Second, + Transport: transport, + } + client := &Client{ + httpClient: httpClient, + endpoint: u, + username: username, + password: password, + } + return client, nil +} + +// DoRequest performs a request to the Gitea API at the given path. +func (g *Client) DoRequest(ctx context.Context, method string, path string, body []byte) ([]byte, int, error) { + u, err := g.endpoint.Parse(path) + if err != nil { + return nil, 0, err + } + req, err := http.NewRequestWithContext(ctx, method, u.String(), bytes.NewBuffer(body)) + if err != nil { + return nil, 0, err + } + req.SetBasicAuth(g.username, g.password) + req.Header.Add("accept", "application/json") + req.Header.Add("content-type", "application/json") + resp, err := g.httpClient.Do(req) + if err != nil { + return nil, 0, err + } + defer resp.Body.Close() + b, err := io.ReadAll(resp.Body) + if err != nil { + return nil, 0, err + } + return b, resp.StatusCode, nil +} + +// CreateReadOnlyUser creates a non-admin Zarf user. +func (g *Client) CreateReadOnlyUser(ctx context.Context, username, password string) error { + // Create the read only user + createUserData := map[string]interface{}{ + "username": username, + "password": password, + "email": "zarf-reader@localhost.local", + "must_change_password": false, + } + body, err := json.Marshal(createUserData) + if err != nil { + return err + } + _, statusCode, err := g.DoRequest(ctx, http.MethodPost, "/api/v1/admin/users", body) + if statusCode == 422 { + return nil + } + if err != nil { + return err + } + + // Make sure the user can't create their own repos or orgs + updateUserData := map[string]interface{}{ + "login_name": username, + "max_repo_creation": 0, + "allow_create_organization": false, + } + body, err = json.Marshal(updateUserData) + if err != nil { + return err + } + _, _, err = g.DoRequest(ctx, http.MethodPatch, fmt.Sprintf("/api/v1/admin/users/%s", username), body) + if err != nil { + return err + } + return nil +} + +// UpdateGitUser updates Zarf git server users. +func (g *Client) UpdateGitUser(ctx context.Context, username string, password string) error { + updateUserData := map[string]interface{}{ + "login_name": username, + "password": password, + } + body, err := json.Marshal(updateUserData) + if err != nil { + return err + } + _, _, err = g.DoRequest(ctx, http.MethodPatch, fmt.Sprintf("/api/v1/admin/users/%s", username), body) + if err != nil { + return err + } + return nil +} + +// CreatePackageRegistryToken creates or replaces an existing package registry token. +func (g *Client) CreatePackageRegistryToken(ctx context.Context) (string, error) { + // Determine if the package token already exists. + b, _, err := g.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/users/%s/tokens", g.username), nil) + if err != nil { + return "", err + } + var tokens []map[string]interface{} + err = json.Unmarshal(b, &tokens) + if err != nil { + return "", err + } + hasPackageToken := false + for _, token := range tokens { + if token["name"] != artifactTokenName { + continue + } + hasPackageToken = true + break + } + + // Delete the token if it already exists. + if hasPackageToken { + _, _, err := g.DoRequest(ctx, http.MethodDelete, fmt.Sprintf("/api/v1/users/%s/tokens/%s", g.username, artifactTokenName), nil) + if err != nil { + return "", err + } + } + + // Create the new token. + createTokensData := map[string]interface{}{ + "name": artifactTokenName, + "scopes": []string{"read:user", "read:package", "write:package"}, + } + body, err := json.Marshal(createTokensData) + if err != nil { + return "", err + } + b, _, err = g.DoRequest(ctx, http.MethodPost, fmt.Sprintf("/api/v1/users/%s/tokens", g.username), body) + if err != nil { + return "", err + } + createTokenResponse := struct { + Sha1 string `json:"sha1"` + }{} + err = json.Unmarshal(b, &createTokenResponse) + if err != nil { + return "", err + } + return createTokenResponse.Sha1, nil +} + +// AddReadOnlyUserToRepository adds a read only user to a repository. +func (g *Client) AddReadOnlyUserToRepository(ctx context.Context, repo, username string) error { + addCollabData := map[string]string{ + "permission": "read", + } + body, err := json.Marshal(addCollabData) + if err != nil { + return err + } + _, _, err = g.DoRequest(ctx, http.MethodPut, fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s", g.username, repo, username), body) + if err != nil { + return err + } + return nil +} diff --git a/src/internal/gitea/gitea_test.go b/src/internal/gitea/gitea_test.go new file mode 100644 index 0000000000..984f6a7fae --- /dev/null +++ b/src/internal/gitea/gitea_test.go @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package gitea + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestNewClient(t *testing.T) { + t.Parallel() + + c, err := NewClient("https://example.com", "foo", "bar") + require.NoError(t, err) + require.Equal(t, "https", c.endpoint.Scheme) + require.Equal(t, "foo", c.username) + require.Equal(t, "bar", c.password) +} diff --git a/src/internal/packager/git/gitea.go b/src/internal/packager/git/gitea.go deleted file mode 100644 index a6715d29d5..0000000000 --- a/src/internal/packager/git/gitea.go +++ /dev/null @@ -1,322 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - netHttp "net/http" - "os" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" -) - -// CreateTokenResponse is the response given from creating a token in Gitea -type CreateTokenResponse struct { - ID int64 `json:"id"` - Name string `json:"name"` - Sha1 string `json:"sha1"` - TokenLastEight string `json:"token_last_eight"` -} - -// CreateReadOnlyUser uses the Gitea API to create a non-admin Zarf user. -func (g *Git) CreateReadOnlyUser(ctx context.Context) error { - c, err := cluster.NewCluster() - if err != nil { - return err - } - - // Establish a git tunnel to send the repo - tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) - if err != nil { - return err - } - _, err = tunnel.Connect(ctx) - if err != nil { - return err - } - defer tunnel.Close() - - tunnelURL := tunnel.HTTPEndpoint() - - // Create json representation of the create-user request body - createUserBody := map[string]interface{}{ - "username": g.Server.PullUsername, - "password": g.Server.PullPassword, - "email": "zarf-reader@localhost.local", - "must_change_password": false, - } - createUserData, err := json.Marshal(createUserBody) - if err != nil { - return err - } - - var out []byte - var statusCode int - - // Send API request to create the user - createUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users", tunnelURL) - createUserRequest, _ := netHttp.NewRequest("POST", createUserEndpoint, bytes.NewBuffer(createUserData)) - err = tunnel.Wrap(func() error { - out, statusCode, err = g.DoHTTPThings(createUserRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("POST %s:\n%s", createUserEndpoint, string(out)) - if err != nil { - if statusCode == 422 { - message.Debugf("Read-only git user already exists. Skipping...") - return nil - } - - return err - } - - // Make sure the user can't create their own repos or orgs - updateUserBody := map[string]interface{}{ - "login_name": g.Server.PullUsername, - "max_repo_creation": 0, - "allow_create_organization": false, - } - updateUserData, _ := json.Marshal(updateUserBody) - updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, g.Server.PullUsername) - updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) - return err -} - -// UpdateZarfGiteaUsers updates Zarf gitea users -func (g *Git) UpdateZarfGiteaUsers(ctx context.Context, oldState *types.ZarfState) error { - //Update git read only user password - err := g.UpdateGitUser(ctx, oldState.GitServer.PushPassword, g.Server.PullUsername, g.Server.PullPassword) - if err != nil { - return fmt.Errorf("unable to update gitea read only user password: %w", err) - } - - // Update Git admin password - err = g.UpdateGitUser(ctx, oldState.GitServer.PushPassword, g.Server.PushUsername, g.Server.PushPassword) - if err != nil { - return fmt.Errorf("unable to update gitea admin user password: %w", err) - } - return nil -} - -// UpdateGitUser updates Zarf git server users -func (g *Git) UpdateGitUser(ctx context.Context, oldAdminPass string, username string, userpass string) error { - c, err := cluster.NewCluster() - if err != nil { - return err - } - // Establish a git tunnel to send the repo - tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) - if err != nil { - return err - } - _, err = tunnel.Connect(ctx) - if err != nil { - return err - } - defer tunnel.Close() - tunnelURL := tunnel.HTTPEndpoint() - - var out []byte - - // Update the existing user's password - updateUserBody := map[string]interface{}{ - "login_name": username, - "password": userpass, - } - updateUserData, _ := json.Marshal(updateUserBody) - updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, username) - updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, oldAdminPass) - return err - }) - message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) - return err -} - -// CreatePackageRegistryToken uses the Gitea API to create a package registry token. -func (g *Git) CreatePackageRegistryToken(ctx context.Context) (CreateTokenResponse, error) { - c, err := cluster.NewCluster() - if err != nil { - return CreateTokenResponse{}, err - } - - // Establish a git tunnel to send the repo - tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) - if err != nil { - return CreateTokenResponse{}, err - } - _, err = tunnel.Connect(ctx) - if err != nil { - return CreateTokenResponse{}, err - } - defer tunnel.Close() - - tunnelURL := tunnel.Endpoint() - - var out []byte - - // Determine if the package token already exists - getTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens", tunnelURL, g.Server.PushUsername) - getTokensRequest, _ := netHttp.NewRequest("GET", getTokensEndpoint, nil) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(getTokensRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("GET %s:\n%s", getTokensEndpoint, string(out)) - if err != nil { - return CreateTokenResponse{}, err - } - - hasPackageToken := false - var tokens []map[string]interface{} - err = json.Unmarshal(out, &tokens) - if err != nil { - return CreateTokenResponse{}, err - } - - for _, token := range tokens { - if token["name"] == config.ZarfArtifactTokenName { - hasPackageToken = true - } - } - - if hasPackageToken { - // Delete the existing token to be replaced - deleteTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens/%s", tunnelURL, g.Server.PushUsername, config.ZarfArtifactTokenName) - deleteTokensRequest, _ := netHttp.NewRequest("DELETE", deleteTokensEndpoint, nil) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(deleteTokensRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("DELETE %s:\n%s", deleteTokensEndpoint, string(out)) - if err != nil { - return CreateTokenResponse{}, err - } - } - - createTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens", tunnelURL, g.Server.PushUsername) - createTokensBody := map[string]interface{}{ - "name": config.ZarfArtifactTokenName, - "scopes": []string{"read:user", "read:package", "write:package"}, - } - createTokensData, _ := json.Marshal(createTokensBody) - createTokensRequest, _ := netHttp.NewRequest("POST", createTokensEndpoint, bytes.NewBuffer(createTokensData)) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(createTokensRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("POST %s:\n%s", createTokensEndpoint, string(out)) - if err != nil { - return CreateTokenResponse{}, err - } - - createTokenResponse := CreateTokenResponse{} - err = json.Unmarshal(out, &createTokenResponse) - if err != nil { - return CreateTokenResponse{}, err - } - - return createTokenResponse, nil -} - -// UpdateGiteaPVC updates the existing Gitea persistent volume claim and tells Gitea whether to create or not. -func UpdateGiteaPVC(ctx context.Context, shouldRollBack bool) (string, error) { - c, err := cluster.NewCluster() - if err != nil { - return "false", err - } - - pvcName := os.Getenv("ZARF_VAR_GIT_SERVER_EXISTING_PVC") - - if shouldRollBack { - pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) - if err != nil { - return "false", err - } - delete(pvc.Labels, "app.kubernetes.io/managed-by") - delete(pvc.Annotations, "meta.helm.sh/release-name") - delete(pvc.Annotations, "meta.helm.sh/release-namespace") - _, err = c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) - if err != nil { - return "false", err - } - return "false", nil - } - - if pvcName == "data-zarf-gitea-0" { - pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) - if err != nil { - return "true", err - } - pvc.Labels["app.kubernetes.io/managed-by"] = "Helm" - pvc.Annotations["meta.helm.sh/release-name"] = "zarf-gitea" - pvc.Annotations["meta.helm.sh/release-namespace"] = "zarf" - _, err = c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) - if err != nil { - return "true", err - } - return "true", nil - } - - return "false", nil -} - -// DoHTTPThings adds http request boilerplate and perform the request, checking for a successful response. -func (g *Git) DoHTTPThings(request *netHttp.Request, username, secret string) ([]byte, int, error) { - // Prep the request with boilerplate - client := &netHttp.Client{Timeout: time.Second * 20} - request.SetBasicAuth(username, secret) - request.Header.Add("accept", "application/json") - request.Header.Add("Content-Type", "application/json") - - // Perform the request and get the response - response, err := client.Do(request) - if err != nil { - return []byte{}, 0, err - } - responseBody, _ := io.ReadAll(response.Body) - - // If we get a 'bad' status code we will have no error, create a useful one to return - if response.StatusCode < 200 || response.StatusCode >= 300 { - err = fmt.Errorf("got status code of %d during http request with body of: %s", response.StatusCode, string(responseBody)) - return []byte{}, response.StatusCode, err - } - - return responseBody, response.StatusCode, nil -} - -func (g *Git) addReadOnlyUserToRepo(tunnelURL, repo string) error { - // Add the readonly user to the repo - addCollabBody := map[string]string{ - "permission": "read", - } - addCollabData, err := json.Marshal(addCollabBody) - if err != nil { - return err - } - - // Send API request to add a user as a read-only collaborator to a repo - addCollabEndpoint := fmt.Sprintf("%s/api/v1/repos/%s/%s/collaborators/%s", tunnelURL, g.Server.PushUsername, repo, g.Server.PullUsername) - addCollabRequest, _ := netHttp.NewRequest("PUT", addCollabEndpoint, bytes.NewBuffer(addCollabData)) - out, _, err := g.DoHTTPThings(addCollabRequest, g.Server.PushUsername, g.Server.PushPassword) - message.Debugf("PUT %s:\n%s", addCollabEndpoint, string(out)) - return err -} diff --git a/src/internal/packager/git/push.go b/src/internal/packager/git/push.go index 98236d2316..60b7b2bdf6 100644 --- a/src/internal/packager/git/push.go +++ b/src/internal/packager/git/push.go @@ -52,25 +52,6 @@ func (g *Git) PushRepo(srcURL, targetFolder string) error { return fmt.Errorf("failed to push the git repo %q: %w", repoFolder, err) } - // Add the read-only user to this repo - if g.Server.InternalServer { - // Get the upstream URL - remote, err := repo.Remote(onlineRemoteName) - if err != nil { - message.Warn("unable to get the information needed to add the read-only user to the repo") - return err - } - remoteURL := remote.Config().URLs[0] - repoName, err := transform.GitURLtoRepoName(remoteURL) - if err != nil { - return err - } - err = g.addReadOnlyUserToRepo(g.Server.Address, repoName) - if err != nil { - return fmt.Errorf("unable to add the read only user to the repo %s: %w", repoName, err) - } - } - spinner.Success() return nil } diff --git a/src/pkg/cluster/pvc.go b/src/pkg/cluster/pvc.go new file mode 100644 index 0000000000..21a0a45ecf --- /dev/null +++ b/src/pkg/cluster/pvc.go @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package cluster + +import ( + "context" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// UpdateGiteaPVC updates the existing Gitea persistent volume claim and tells Gitea whether to create or not. +func (c *Cluster) UpdateGiteaPVC(ctx context.Context, pvcName string, shouldRollBack bool) (string, error) { + if shouldRollBack { + pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) + if err != nil { + return "false", err + } + delete(pvc.Labels, "app.kubernetes.io/managed-by") + delete(pvc.Annotations, "meta.helm.sh/release-name") + delete(pvc.Annotations, "meta.helm.sh/release-namespace") + _, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) + if err != nil { + return "false", err + } + return "false", nil + } + + if pvcName == "data-zarf-gitea-0" { + pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) + if err != nil { + return "true", err + } + pvc.Labels["app.kubernetes.io/managed-by"] = "Helm" + pvc.Annotations["meta.helm.sh/release-name"] = "zarf-gitea" + pvc.Annotations["meta.helm.sh/release-namespace"] = "zarf" + _, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) + if err != nil { + return "true", err + } + return "true", nil + } + + return "false", nil +} diff --git a/src/pkg/cluster/pvc_test.go b/src/pkg/cluster/pvc_test.go new file mode 100644 index 0000000000..6c267d1500 --- /dev/null +++ b/src/pkg/cluster/pvc_test.go @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package cluster + +import ( + "testing" + + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + + "github.com/zarf-dev/zarf/src/test/testutil" +) + +func TestUpdateGiteaPVC(t *testing.T) { + t.Parallel() + + ctx := testutil.TestContext(t) + c := &Cluster{ + Clientset: fake.NewSimpleClientset(), + } + pvc := &corev1.PersistentVolumeClaim{ + ObjectMeta: metav1.ObjectMeta{ + Name: "data-zarf-gitea-0", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + } + _, err := c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Create(ctx, pvc, metav1.CreateOptions{}) + require.NoError(t, err) + + v, err := c.UpdateGiteaPVC(ctx, "foobar", false) + require.NoError(t, err) + require.Equal(t, "false", v) + + v, err = c.UpdateGiteaPVC(ctx, "foobar", true) + require.EqualError(t, err, "persistentvolumeclaims \"foobar\" not found") + require.Equal(t, "false", v) + + v, err = c.UpdateGiteaPVC(ctx, "data-zarf-gitea-0", true) + require.NoError(t, err) + require.Equal(t, "false", v) + + v, err = c.UpdateGiteaPVC(ctx, "data-zarf-gitea-0", false) + require.NoError(t, err) + require.Equal(t, "true", v) + pvc, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, "data-zarf-gitea-0", metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, "Helm", pvc.Labels["app.kubernetes.io/managed-by"]) + require.Equal(t, "zarf-gitea", pvc.Annotations["meta.helm.sh/release-name"]) + require.Equal(t, "zarf", pvc.Annotations["meta.helm.sh/release-namespace"]) + + v, err = c.UpdateGiteaPVC(ctx, "data-zarf-gitea-0", true) + require.NoError(t, err) + require.Equal(t, "false", v) + pvc, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, "data-zarf-gitea-0", metav1.GetOptions{}) + require.NoError(t, err) + require.Empty(t, pvc.Labels["app.kubernetes.io/managed-by"]) + require.Empty(t, pvc.Labels["meta.helm.sh/release-name"]) + require.Empty(t, pvc.Labels["meta.helm.sh/release-namespace"]) +} diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 2f7304580b..428f2e1726 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -25,6 +25,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/internal/packager/git" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" @@ -546,8 +547,7 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, for _, repoURL := range repos { // Create an anonymous function to push the repo to the Zarf git server tryPush := func() error { - gitClient := git.New(p.state.GitServer) - namespace, name, port, err := serviceInfoFromServiceURL(gitClient.Server.Address) + namespace, name, port, err := serviceInfoFromServiceURL(p.state.GitServer.Address) // If this is a service (svcInfo is not nil), create a port-forward tunnel to that resource // TODO: Find a better way as ignoring the error is not a good solution to decide to port forward. @@ -565,17 +565,37 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, if err != nil { return err } - _, err = tunnel.Connect(ctx) if err != nil { return err } defer tunnel.Close() + gitClient := git.New(p.state.GitServer) gitClient.Server.Address = tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnel.HTTPEndpoint(), p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) + if err != nil { + return err + } + return tunnel.Wrap(func() error { + err = gitClient.PushRepo(repoURL, reposPath) + if err != nil { + return err + } - return tunnel.Wrap(func() error { return gitClient.PushRepo(repoURL, reposPath) }) + // Add the read-only user to this repo + repoName, err := transform.GitURLtoRepoName(repoURL) + if err != nil { + return err + } + err = giteaClient.AddReadOnlyUserToRepository(ctx, repoName, p.state.GitServer.PullUsername) + if err != nil { + return fmt.Errorf("unable to add the read only user to the repo %s: %w", repoName, err) + } + return nil + }) } + gitClient := git.New(p.state.GitServer) return gitClient.PushRepo(repoURL, reposPath) } @@ -584,7 +604,6 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, return fmt.Errorf("unable to push repo %s to the Git Server: %w", repoURL, err) } } - return nil } diff --git a/src/test/e2e/22_git_and_gitops_test.go b/src/test/e2e/22_git_and_gitops_test.go index 9394354e2c..901137125b 100644 --- a/src/test/e2e/22_git_and_gitops_test.go +++ b/src/test/e2e/22_git_and_gitops_test.go @@ -14,7 +14,7 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/types" ) @@ -71,20 +71,20 @@ func testGitServerReadOnly(ctx context.Context, t *testing.T, gitURL string) { require.NoError(t, err) // Init the state variable - zarfState, err := c.LoadZarfState(ctx) + state, err := c.LoadZarfState(ctx) require.NoError(t, err) - - gitCfg := git.New(zarfState.GitServer) + giteaClient, err := gitea.NewClient(gitURL, types.ZarfGitReadUser, state.GitServer.PullPassword) + require.NoError(t, err) + repoName := "zarf-public-test-2363058019" // Get the repo as the readonly user - repoName := "zarf-public-test-2363058019" - getRepoRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s", gitURL, zarfState.GitServer.PushUsername, repoName), nil) - getRepoResponseBody, _, err := gitCfg.DoHTTPThings(getRepoRequest, types.ZarfGitReadUser, zarfState.GitServer.PullPassword) + b, statusCode, err := giteaClient.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s", state.GitServer.PushUsername, repoName), nil) require.NoError(t, err) + require.Equal(t, http.StatusOK, statusCode) // Make sure the only permissions are pull (read) var bodyMap map[string]interface{} - err = json.Unmarshal(getRepoResponseBody, &bodyMap) + err = json.Unmarshal(b, &bodyMap) require.NoError(t, err) permissionsMap, ok := bodyMap["permissions"].(map[string]interface{}) require.True(t, ok, "permissions key is not of right type") @@ -100,30 +100,29 @@ func testGitServerTagAndHash(ctx context.Context, t *testing.T, gitURL string) { require.NoError(t, err) // Init the state variable - zarfState, err := c.LoadZarfState(ctx) + state, err := c.LoadZarfState(ctx) require.NoError(t, err, "Failed to load Zarf state") + giteaClient, err := gitea.NewClient(gitURL, types.ZarfGitReadUser, state.GitServer.PullPassword) + require.NoError(t, err) repoName := "zarf-public-test-2363058019" - gitCfg := git.New(zarfState.GitServer) - - // Get the Zarf repo tag + // Make sure the pushed tag exists repoTag := "v0.0.1" - getRepoTagsRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s/tags/%s", gitURL, types.ZarfGitPushUser, repoName, repoTag), nil) - getRepoTagsResponseBody, _, err := gitCfg.DoHTTPThings(getRepoTagsRequest, types.ZarfGitReadUser, zarfState.GitServer.PullPassword) + b, statusCode, err := giteaClient.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s/tags/%s", types.ZarfGitPushUser, repoName, repoTag), nil) require.NoError(t, err) - - // Make sure the pushed tag exists + require.Equal(t, http.StatusOK, statusCode) var tagMap map[string]interface{} - err = json.Unmarshal(getRepoTagsResponseBody, &tagMap) + err = json.Unmarshal(b, &tagMap) require.NoError(t, err) require.Equal(t, repoTag, tagMap["name"]) // Get the Zarf repo commit repoHash := "01a23218923f24194133b5eb11268cf8d73ff1bb" - getRepoCommitsRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s/git/commits/%s", gitURL, types.ZarfGitPushUser, repoName, repoHash), nil) - getRepoCommitsResponseBody, _, err := gitCfg.DoHTTPThings(getRepoCommitsRequest, types.ZarfGitReadUser, zarfState.GitServer.PullPassword) + b, statusCode, err = giteaClient.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s/git/commits/%s", types.ZarfGitPushUser, repoName, repoHash), nil) + require.NoError(t, err) + require.Equal(t, http.StatusOK, statusCode) require.NoError(t, err) - require.Contains(t, string(getRepoCommitsResponseBody), repoHash) + require.Contains(t, string(b), repoHash) } func waitFluxPodInfoDeployment(t *testing.T) { From 347a09454638abcec357d4b484773c6df69d8a81 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Wed, 31 Jul 2024 10:31:38 -0400 Subject: [PATCH 09/25] fix: add dependabot and disable renovate features (#2789) Signed-off-by: Austin Abro --- .github/dependabot.yaml | 18 ++++++++++++++++++ renovate.json | 41 ++--------------------------------------- 2 files changed, 20 insertions(+), 39 deletions(-) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000000..7465f35a07 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: gomod + directory: / + schedule: + interval: daily + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + - package-ecosystem: npm + directory: / + schedule: + interval: daily + - package-ecosystem: cargo + directory: / + schedule: + interval: daily diff --git a/renovate.json b/renovate.json index 91e8dd55b0..40b519c928 100644 --- a/renovate.json +++ b/renovate.json @@ -3,41 +3,14 @@ "config:base", "group:allNonMajor" ], - "ignoreDeps": [ - "sigs.k8s.io/kustomize/kyaml" - ], - "ignorePaths": [ - "**/node_modules/**", - "**/bower_components/**", - "**/vendor/**", - "**/__tests__/**", - "**/test/**", - "**/tests/**", - "**/__fixtures__/**" - ], "packageRules": [ { - "matchUpdateTypes": [ - "patch", - "pin", - "digest" - ], - "automerge": true, - "automergeType": "pr" - }, - { - "matchDepTypes": [ - "devDependencies" - ], - "automerge": true, - "automergeType": "pr" + "matchManagers": ["gomod","npm","github-actions", "cargo"], + "enabled": false } ], "platformAutomerge": true, "platformCommit": true, - "postUpdateOptions": [ - "gomodTidy" - ], "regexManagers": [ { "fileMatch": [ @@ -82,16 +55,6 @@ "https:\\/\\/github.com\\/(?[\\w\\/\\-\\.\\+\\%]+?)\\/releases\\/download\\/(?[\\w\\/\\-\\.\\+\\%]+?)\\/" ], "datasourceTemplate": "github-releases" - }, - { - "fileMatch": [ - "\\.*\\.ya?ml$" - ], - "matchStrings": [ - "# renovate: datasource=github-tags depName=anchore/grype versioning=semver\n\\s*VERSION: (?v[\\d.]+)" - ], - "datasourceTemplate": "github-tags", - "depNameTemplate": "anchore/grype" } ] } From b31e3178370174b64e5b36b6f24f0f25b5516ddb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:18:34 +0000 Subject: [PATCH 10/25] chore(deps): bump github/codeql-action from 3.24.0 to 3.25.15 (#2792) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scan-codeql.yml | 4 ++-- .github/workflows/scorecard.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml index dd72737ab2..b410931356 100644 --- a/.github/workflows/scan-codeql.yml +++ b/.github/workflows/scan-codeql.yml @@ -53,7 +53,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yaml @@ -62,6 +62,6 @@ jobs: run: make build-cli-linux-amd - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index f98ea7bdd1..4d2c24cf50 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 410849ddbc62cf80ac7dc2845aca73dca626b613 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:18:47 +0000 Subject: [PATCH 11/25] chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.4 (#2791) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yaml | 2 +- .github/workflows/test-bigbang.yml | 2 +- .github/workflows/test-e2e.yml | 2 +- .github/workflows/test-upgrade.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 00dda8debb..c9f6bb6724 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -72,7 +72,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: build-artifacts path: build/ @@ -186,7 +186,7 @@ jobs: HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }} - name: Save CVE report - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: cve-report path: build/zarf-known-cves.csv diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 4d2c24cf50..e776460573 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -36,7 +36,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 1dd568bb26..c7f7b62efe 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -63,7 +63,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 7a689ba7c0..e6026420b4 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -47,7 +47,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index 552d79e103..17179ff9ad 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -46,7 +46,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: build-artifacts path: build/ From 053fb3557617f3d3948a94335e86ded9777cd011 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:19:10 +0000 Subject: [PATCH 12/25] chore(deps): bump docker/login-action from 3.0.0 to 3.3.0 (#2794) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-application-packages.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-bigbang.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml index 59be8e3ff3..d075c7cecf 100644 --- a/.github/workflows/publish-application-packages.yml +++ b/.github/workflows/publish-application-packages.yml @@ -26,7 +26,7 @@ jobs: uses: defenseunicorns/setup-zarf@10e539efed02f75ec39eb8823e22a5c795f492ae #v1.0.1 - name: "Login to GHCR" - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: dummy diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c9f6bb6724..b3460ed000 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: make build-cli-linux-arm - name: "Zarf Agent: Login to GHCR" - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: dummy diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index c7f7b62efe..1b5d47bb7f 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -46,7 +46,7 @@ jobs: build-examples: "false" - name: Login to Iron Bank - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} env: IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} @@ -97,7 +97,7 @@ jobs: uses: ./.github/actions/k3d - name: Login to Iron Bank - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} env: IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} From 49b0e72a5e190c4f1ea6de448e796e8dcfa3a58a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:19:34 +0000 Subject: [PATCH 13/25] chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#2793) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scan-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-lint.yml b/.github/workflows/scan-lint.yml index d72450d66e..66eab288a7 100644 --- a/.github/workflows/scan-lint.yml +++ b/.github/workflows/scan-lint.yml @@ -13,4 +13,4 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 From 40a05a099413c1096dd871fffa491467c98e3608 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 16:07:38 +0000 Subject: [PATCH 14/25] chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.0 (#2795) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index e776460573..e53c293383 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From 4a1f32e6caf6611cdc257273d7537092026fe8d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 12:47:07 -0400 Subject: [PATCH 15/25] chore(deps): bump k8s.io/component-base from 0.30.0 to 0.30.3 (#2798) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index db29e4a620..eebb5ea6b7 100644 --- a/go.mod +++ b/go.mod @@ -49,10 +49,10 @@ require ( golang.org/x/sync v0.7.0 golang.org/x/term v0.22.0 helm.sh/helm/v3 v3.14.2 - k8s.io/api v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 + k8s.io/api v0.30.3 + k8s.io/apimachinery v0.30.3 + k8s.io/client-go v0.30.3 + k8s.io/component-base v0.30.3 k8s.io/klog/v2 v2.120.1 k8s.io/kubectl v0.29.1 oras.land/oras-go/v2 v2.5.0 diff --git a/go.sum b/go.sum index 23759f5ede..006c9add9a 100644 --- a/go.sum +++ b/go.sum @@ -2458,20 +2458,20 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= k8s.io/cli-runtime v0.29.1 h1:By3WVOlEWYfyxhGko0f/IuAOLQcbBSMzwSaDren2JUs= k8s.io/cli-runtime v0.29.1/go.mod h1:vjEY9slFp8j8UoMhV5AlO8uulX9xk6ogfIesHobyBDU= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= +k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= k8s.io/component-helpers v0.29.1 h1:54MMEDu6xeJmMtAKztsPwu0kJKr4+jCUzaEIn2UXRoc= k8s.io/component-helpers v0.29.1/go.mod h1:+I7xz4kfUgxWAPJIVKrqe4ml4rb9UGpazlOmhXYo+cY= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= From 7a5fb9ee0314adc3ade0f320699bb85c2e09b0be Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Wed, 31 Jul 2024 13:58:32 -0400 Subject: [PATCH 16/25] ci: remove unneeded cve checking (#2802) Signed-off-by: Austin Abro --- .github/actions/install-tools/action.yaml | 7 ---- .github/workflows/compare-cves.yml | 39 ----------------------- .github/workflows/scan-cves.yml | 24 -------------- .grype.yaml | 4 --- hack/check-vulnerabilities.sh | 30 ----------------- 5 files changed, 104 deletions(-) delete mode 100644 .github/workflows/compare-cves.yml delete mode 100644 .github/workflows/scan-cves.yml delete mode 100644 .grype.yaml delete mode 100755 hack/check-vulnerabilities.sh diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml index e8e052b640..92372d73b8 100644 --- a/.github/actions/install-tools/action.yaml +++ b/.github/actions/install-tools/action.yaml @@ -8,11 +8,4 @@ runs: - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 - - name: install grype - env: - # renovate: datasource=github-tags depName=anchore/grype versioning=semver - VERSION: v0.74.6 - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION" - shell: bash - - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 diff --git a/.github/workflows/compare-cves.yml b/.github/workflows/compare-cves.yml deleted file mode 100644 index dce4118ba5..0000000000 --- a/.github/workflows/compare-cves.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Compare CVEs to main - -permissions: - contents: read - -on: - pull_request: - paths: - - "go.mod" - - "go.sum" - - "cargo.toml" - - "cargo.lock" - merge_group: - paths: - - "go.mod" - - "go.sum" - - "cargo.toml" - - "cargo.lock" - -jobs: - validate: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ github.head_ref || github.ref_name }} - - - name: fetch main - run: git fetch origin main --depth 1 - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Install tools - uses: ./.github/actions/install-tools - - - name: Check for CVEs in Dependencies - run: "hack/check-vulnerabilities.sh" diff --git a/.github/workflows/scan-cves.yml b/.github/workflows/scan-cves.yml deleted file mode 100644 index 2851849bf7..0000000000 --- a/.github/workflows/scan-cves.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Analyze CVEs - -permissions: - contents: read - -on: - schedule: - - cron: "0 10 * * *" - -jobs: - validate: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Install tools - uses: ./.github/actions/install-tools - - - name: Check for CVEs in Dependencies - run: "make test-cves" diff --git a/.grype.yaml b/.grype.yaml deleted file mode 100644 index 1ed8fe29e9..0000000000 --- a/.grype.yaml +++ /dev/null @@ -1,4 +0,0 @@ -ignore: - # From helm - This behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). - # https://helm.sh/blog/response-cve-2019-25210/ - - vulnerability: GHSA-jw44-4f3j-q396 diff --git a/hack/check-vulnerabilities.sh b/hack/check-vulnerabilities.sh deleted file mode 100755 index 903e59a01a..0000000000 --- a/hack/check-vulnerabilities.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -MAIN_BRANCH="main" -TARGET_BRANCH=$(git rev-parse --abbrev-ref HEAD) -echo "target branch is $TARGET_BRANCH" - -mkdir -p build - -git checkout $MAIN_BRANCH -go run main.go tools sbom scan . -o json --exclude './site' --exclude './examples' > build/main-syft.json - -git checkout $TARGET_BRANCH -cat build/main-syft.json | grype -o template -t hack/compare.tmpl > build/main.json -go run main.go tools sbom scan . -o json --exclude './site' --exclude './examples' | grype -o template -t hack/compare.tmpl > build/target.json - - -result=$(jq --slurp '.[0] - .[1]' build/target.json build/main.json | jq '[.[] | select(.severity != "Low" and .severity != "Medium")]') - -echo "CVEs on $MAIN_BRANCH are $(cat build/main.json | jq )" -echo "CVEs on $TARGET_BRANCH are $(cat build/target.json | jq)" - -if [[ "$result" == "[]" ]]; then - echo "no new vulnerabilities on $TARGET_BRANCH" - exit 0 -else - echo "new CVEs have been added with IDs $result" - exit 1 -fi From 9be20095e7fdde34f317b80bacc8a796b8211e14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 16:56:08 -0600 Subject: [PATCH 17/25] chore(deps): bump github.com/mikefarah/yq/v4 from 4.43.1 to 4.44.2 (#2799) Signed-off-by: dependabot[bot] Signed-off-by: Austin Abro Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Austin Abro Co-authored-by: schristoff <28318173+schristoff@users.noreply.github.com> --- go.mod | 10 +- go.sum | 20 ++-- .../content/docs/commands/zarf_tools_yq.md | 1 + .../docs/commands/zarf_tools_yq_completion.md | 103 ++++++++++++++++++ 4 files changed, 119 insertions(+), 15 deletions(-) create mode 100644 site/src/content/docs/commands/zarf_tools_yq_completion.md diff --git a/go.mod b/go.mod index eebb5ea6b7..6c345a7fe3 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/derailed/k9s v0.31.7 github.com/distribution/reference v0.5.0 github.com/fairwindsops/pluto/v5 v5.18.4 - github.com/fatih/color v1.16.0 + github.com/fatih/color v1.17.0 github.com/fluxcd/helm-controller/api v1.0.1 github.com/fluxcd/pkg/apis/meta v1.5.0 github.com/fluxcd/source-controller/api v1.3.0 @@ -222,7 +222,7 @@ require ( github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/edsrzf/mmap-go v1.1.0 // indirect - github.com/elliotchance/orderedmap v1.5.1 // indirect + github.com/elliotchance/orderedmap v1.6.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emicklei/proto v1.12.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect @@ -263,7 +263,7 @@ require ( github.com/go-restruct/restruct v1.2.0-alpha // indirect github.com/go-test/deep v1.1.0 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-json v0.10.2 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect @@ -348,7 +348,7 @@ require ( github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect - github.com/mikefarah/yq/v4 v4.43.1 + github.com/mikefarah/yq/v4 v4.44.2 github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect @@ -392,7 +392,7 @@ require ( github.com/pborman/indent v1.2.1 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.2.0 // indirect + github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pierrec/lz4/v4 v4.1.18 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect diff --git a/go.sum b/go.sum index 006c9add9a..0e511de64e 100644 --- a/go.sum +++ b/go.sum @@ -662,8 +662,8 @@ github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/elliotchance/orderedmap v1.5.1 h1:G1X4PYlljzimbdQ3RXmtIZiQ9d6aRQ3sH1nzjq5mECE= -github.com/elliotchance/orderedmap v1.5.1/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= +github.com/elliotchance/orderedmap v1.6.0 h1:xjn+kbbKXeDq6v9RVE+WYwRbYfAZKvlWfcJNxM8pvEw= +github.com/elliotchance/orderedmap v1.6.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE= @@ -698,8 +698,8 @@ github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwo github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fatih/set v0.2.1 h1:nn2CaJyknWE/6txyUDGwysr3G5QC6xWB/PtVjPBbeaA= github.com/fatih/set v0.2.1/go.mod h1:+RKtMCH+favT2+3YecHGxcc0b4KyVWA1QWWJUs4E0CI= github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g= @@ -832,8 +832,8 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I= github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -1270,8 +1270,8 @@ github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60 github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mikefarah/yq/v4 v4.43.1 h1:1bCrQwVDhjGnPboQidy30hu6U2TCd8sUQTy1hKCHOGI= -github.com/mikefarah/yq/v4 v4.43.1/go.mod h1:jcSqtyUKbPWvwaa8cNw8Ej4rmPb3iWE8zYvpkTvM7oc= +github.com/mikefarah/yq/v4 v4.44.2 h1:J+ezWCDTg+SUs0jXdcE0HIPH1+rEr0Tbn9Y1SwiWtH0= +github.com/mikefarah/yq/v4 v4.44.2/go.mod h1:9bnz36uZJDEyxdIjRronBcqStS953k3y3DrSRXr4F/w= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -1400,8 +1400,8 @@ github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo= -github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/petergtz/pegomock v2.9.0+incompatible h1:BKfb5XfkJfehe5T+O1xD4Zm26Sb9dnRj7tHxLYwUPiI= diff --git a/site/src/content/docs/commands/zarf_tools_yq.md b/site/src/content/docs/commands/zarf_tools_yq.md index 1ab66ec79f..7e865330fa 100644 --- a/site/src/content/docs/commands/zarf_tools_yq.md +++ b/site/src/content/docs/commands/zarf_tools_yq.md @@ -84,6 +84,7 @@ zarf tools yq -P sample.json ### SEE ALSO * [zarf tools](/commands/zarf_tools/) - Collection of additional tools to make airgap easier +* [zarf tools yq completion](/commands/zarf_tools_yq_completion/) - Generate the autocompletion script for the specified shell * [zarf tools yq eval](/commands/zarf_tools_yq_eval/) - (default) Apply the expression to each document in each yaml file in sequence * [zarf tools yq eval-all](/commands/zarf_tools_yq_eval-all/) - Loads _all_ yaml documents of _all_ yaml files and runs expression once diff --git a/site/src/content/docs/commands/zarf_tools_yq_completion.md b/site/src/content/docs/commands/zarf_tools_yq_completion.md new file mode 100644 index 0000000000..c67ed20899 --- /dev/null +++ b/site/src/content/docs/commands/zarf_tools_yq_completion.md @@ -0,0 +1,103 @@ +--- +title: zarf tools yq completion +description: Zarf CLI command reference for zarf tools yq completion. +tableOfContents: false +--- + + + +## zarf tools yq completion + +Generate the autocompletion script for the specified shell + +### Synopsis + +To load completions: + +Bash: + +$ source <(yq completion bash) + +# To load completions for each session, execute once: +Linux: + $ yq completion bash > /etc/bash_completion.d/yq +MacOS: + $ yq completion bash > /usr/local/etc/bash_completion.d/yq + +Zsh: + +# If shell completion is not already enabled in your environment you will need +# to enable it. You can execute the following once: + +$ echo "autoload -U compinit; compinit" >> ~/.zshrc + +# To load completions for each session, execute once: +$ yq completion zsh > "${fpath[1]}/_yq" + +# You will need to start a new shell for this setup to take effect. + +Fish: + +$ yq completion fish | source + +# To load completions for each session, execute once: +$ yq completion fish > ~/.config/fish/completions/yq.fish + + +``` +zarf tools yq completion [bash|zsh|fish|powershell] +``` + +### Options + +``` + -h, --help help for completion +``` + +### Options inherited from parent commands + +``` + -C, --colors force print with colors + --csv-auto-parse parse CSV YAML/JSON values (default true) + --csv-separator char CSV Separator character (default ,) + -e, --exit-status set exit status if there are no matches or null or false is returned + --expression string forcibly set the expression argument. Useful when yq argument detection thinks your expression is a file. + --from-file string Load expression from specified file. + -f, --front-matter string (extract|process) first input as yaml front-matter. Extract will pull out the yaml content, process will run the expression against the yaml content, leaving the remaining data intact + --header-preprocess Slurp any header comments and separators before processing expression. (default true) + -I, --indent int sets indent level for output (default 2) + -i, --inplace update the file in place of first file given. + -p, --input-format string [auto|a|yaml|y|json|j|props|p|csv|c|tsv|t|xml|x|base64|uri|toml|lua|l] parse format for input. (default "auto") + --lua-globals output keys as top-level global variables + --lua-prefix string prefix (default "return ") + --lua-suffix string suffix (default ";\n") + --lua-unquoted output unquoted string keys (e.g. {foo="bar"}) + -M, --no-colors force print with no colors + -N, --no-doc Don't print document separators (---) + -0, --nul-output Use NUL char to separate values. If unwrap scalar is also set, fail if unwrapped scalar contains NUL char. + -n, --null-input Don't read input, simply evaluate the expression given. Useful for creating docs from scratch. + -o, --output-format string [auto|a|yaml|y|json|j|props|p|csv|c|tsv|t|xml|x|base64|uri|toml|shell|s|lua|l] output format type. (default "auto") + -P, --prettyPrint pretty print, shorthand for '... style = ""' + --properties-array-brackets use [x] in array paths (e.g. for SpringBoot) + --properties-separator string separator to use between keys and values (default " = ") + -s, --split-exp string print each result (or doc) into a file named (exp). [exp] argument must return a string. You can use $index in the expression as the result counter. + --split-exp-file string Use a file to specify the split-exp expression. + --string-interpolation Toggles strings interpolation of \(exp) (default true) + --tsv-auto-parse parse TSV YAML/JSON values (default true) + -r, --unwrapScalar unwrap scalar, print the value with no quotes, colors or comments. Defaults to true for yaml (default true) + -v, --verbose verbose mode + --xml-attribute-prefix string prefix for xml attributes (default "+@") + --xml-content-name string name for xml content (if no attribute name is present). (default "+content") + --xml-directive-name string name for xml directives (e.g. ) (default "+directive") + --xml-keep-namespace enables keeping namespace after parsing attributes (default true) + --xml-proc-inst-prefix string prefix for xml processing instructions (e.g. ) (default "+p_") + --xml-raw-token enables using RawToken method instead Token. Commonly disables namespace translations. See https://pkg.go.dev/encoding/xml#Decoder.RawToken for details. (default true) + --xml-skip-directives skip over directives (e.g. ) + --xml-skip-proc-inst skip over process instructions (e.g. ) + --xml-strict-mode enables strict parsing of XML. See https://pkg.go.dev/encoding/xml for more details. +``` + +### SEE ALSO + +* [zarf tools yq](/commands/zarf_tools_yq/) - yq is a lightweight and portable command-line data file processor. + From b200e226f035d5e6d8004f9d36d1296ce843fb9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 07:30:37 +0200 Subject: [PATCH 18/25] chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 (#2808) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test-unit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 8ea2cc7bdb..ddb513fcaf 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -47,6 +47,6 @@ jobs: run: make test-unit - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} From 2b83a9373258c7952613d7957ac3c29bace112e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 07:32:33 +0200 Subject: [PATCH 19/25] chore(deps): bump actions/create-github-app-token from 1.9.0 to 1.10.3 (#2809) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b3460ed000..b6a50772e5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -167,7 +167,7 @@ jobs: - name: Get Brew tap repo token id: brew-tap-token - uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 + uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 with: app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }} private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }} From 81c89651d7d5a8e6630b42ca14c89bb910800775 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 05:59:46 +0000 Subject: [PATCH 20/25] chore(deps): bump actions/download-artifact from 4.1.2 to 4.1.8 (#2810) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- .github/workflows/test-bigbang.yml | 2 +- .github/workflows/test-e2e.yml | 10 +++++----- .github/workflows/test-upgrade.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b6a50772e5..b949f54cb3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -89,7 +89,7 @@ jobs: fetch-depth: 0 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -134,7 +134,7 @@ jobs: uses: ./.github/actions/install-tools - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 1b5d47bb7f..8a8ffc22c0 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -77,7 +77,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index e6026420b4..b8438f1ef5 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -61,7 +61,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -96,7 +96,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -134,7 +134,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -172,7 +172,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -212,7 +212,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index 17179ff9ad..592b848dd9 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -60,7 +60,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ From 6d86e48bd5de4b4cc961a32cbb4f64ba87a6168b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 07:41:12 +0000 Subject: [PATCH 21/25] chore(deps): bump actions/checkout from 4.1.1 to 4.1.7 (#2807) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-rust-injector.yml | 2 +- .github/workflows/commitlint.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/nightly-ecr.yml | 2 +- .github/workflows/nightly-eks.yml | 2 +- .github/workflows/publish-application-packages.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/scan-codeql.yml | 2 +- .github/workflows/scan-docs-and-schema.yml | 2 +- .github/workflows/scan-lint.yml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/test-bigbang.yml | 4 ++-- .github/workflows/test-e2e.yml | 12 ++++++------ .github/workflows/test-external.yml | 2 +- .github/workflows/test-site.yml | 2 +- .github/workflows/test-unit.yml | 2 +- .github/workflows/test-upgrade.yml | 4 ++-- .github/workflows/test-windows.yml | 4 ++-- 18 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml index eb41af52c7..b637a65261 100644 --- a/.github/workflows/build-rust-injector.yml +++ b/.github/workflows/build-rust-injector.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Repo" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install tools uses: ./.github/actions/install-tools diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index b83d5d3350..f6243f526e 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 8e12c590e0..01843002e6 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,6 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Dependency Review uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml index f922e89dba..cc05e5b358 100644 --- a/.github/workflows/nightly-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index eee9191155..85ee03b7c5 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml index d075c7cecf..3944aa0abb 100644 --- a/.github/workflows/publish-application-packages.yml +++ b/.github/workflows/publish-application-packages.yml @@ -18,7 +18,7 @@ jobs: packages: write steps: - name: "Checkout Repo" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.event.inputs.branchName }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b949f54cb3..cc5d405a95 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 @@ -84,7 +84,7 @@ jobs: steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 @@ -123,7 +123,7 @@ jobs: steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml index b410931356..4f651e704a 100644 --- a/.github/workflows/scan-codeql.yml +++ b/.github/workflows/scan-codeql.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/scan-docs-and-schema.yml b/.github/workflows/scan-docs-and-schema.yml index 4d18ba393f..e614faa5a1 100644 --- a/.github/workflows/scan-docs-and-schema.yml +++ b/.github/workflows/scan-docs-and-schema.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/scan-lint.yml b/.github/workflows/scan-lint.yml index 66eab288a7..45421e95de 100644 --- a/.github/workflows/scan-lint.yml +++ b/.github/workflows/scan-lint.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index e53c293383..9b1a7e9f3a 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 8a8ffc22c0..34e7ac5ca5 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -74,7 +74,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index b8438f1ef5..91a5f160a4 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -58,7 +58,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -93,7 +93,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -131,7 +131,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -169,7 +169,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -209,7 +209,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/test-external.yml b/.github/workflows/test-external.yml index f288989c8f..081ac7c461 100644 --- a/.github/workflows/test-external.yml +++ b/.github/workflows/test-external.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/test-site.yml b/.github/workflows/test-site.yml index af0a3baef9..1042f3a0b6 100644 --- a/.github/workflows/test-site.yml +++ b/.github/workflows/test-site.yml @@ -19,7 +19,7 @@ jobs: working-directory: ./site steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index ddb513fcaf..78b49b9c90 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index 592b848dd9..3ffe41a13c 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -57,7 +57,7 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 08b1a6e845..d9d9172a75 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -34,7 +34,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run Windows unit tests run: make test-unit @@ -44,7 +44,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build Windows binary and zarf packages uses: ./.github/actions/packages From 008c4fa905c5aded3ae8961d0dbce340f65857e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 11:09:00 +0200 Subject: [PATCH 22/25] chore(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#2813) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6c345a7fe3..49f32cccf1 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.9.0 github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/crypto v0.24.0 + golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 golang.org/x/term v0.22.0 helm.sh/helm/v3 v3.14.2 diff --git a/go.sum b/go.sum index 0e511de64e..0ffbde6fd0 100644 --- a/go.sum +++ b/go.sum @@ -1809,8 +1809,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= From 55ca6f58de46b0333b6e63cf892bc74c8690f5ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 11:09:20 +0200 Subject: [PATCH 23/25] chore(deps): bump github.com/goccy/go-yaml from 1.11.3 to 1.12.0 (#2811) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 49f32cccf1..223daea67b 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/fluxcd/pkg/apis/meta v1.5.0 github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.11.0 - github.com/goccy/go-yaml v1.11.3 + github.com/goccy/go-yaml v1.12.0 github.com/gofrs/flock v0.8.1 github.com/google/go-containerregistry v0.19.0 github.com/gosuri/uitable v0.0.4 diff --git a/go.sum b/go.sum index 0ffbde6fd0..a37a950db1 100644 --- a/go.sum +++ b/go.sum @@ -834,8 +834,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= -github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I= -github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= +github.com/goccy/go-yaml v1.12.0 h1:/1WHjnMsI1dlIBQutrvSMGZRQufVO3asrHfTwfACoPM= +github.com/goccy/go-yaml v1.12.0/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= From aa3cd6a31255037cb5097a06c2ac4edb5ea99a2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 17:13:19 +0200 Subject: [PATCH 24/25] chore(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to 4.0.2 (#2806) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-rust-injector.yml | 2 +- .github/workflows/nightly-ecr.yml | 2 +- .github/workflows/nightly-eks.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml index b637a65261..a302c1dfa0 100644 --- a/.github/workflows/build-rust-injector.yml +++ b/.github/workflows/build-rust-injector.yml @@ -34,7 +34,7 @@ jobs: shasum zarf-injector-arm64 >> checksums.txt - name: Auth with AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.AWS_WRITE_ROLE }} role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml index cc05e5b358..9ff144c4ff 100644 --- a/.github/workflows/nightly-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -28,7 +28,7 @@ jobs: run: make build-cli-linux-amd - name: Auth with AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 85ee03b7c5..18b23bb1c6 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -36,7 +36,7 @@ jobs: uses: ./.github/actions/packages - name: Auth with AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} From 296df54f21ce815b6fa863ae69e2e605d11d9af8 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 1 Aug 2024 14:18:00 -0400 Subject: [PATCH 25/25] fix: resolve CVE-2024-41110 (#2815) Signed-off-by: Austin Abro --- go.mod | 20 +++++++++++--------- go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 223daea67b..2410520b5b 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,9 @@ go 1.22.4 // TODO (@AABRO): Pending merge into github.com/gojsonschema/gojsonschema (https://github.com/gojsonschema/gojsonschema/pull/5) replace github.com/xeipuuv/gojsonschema => github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 +// TODO once helm updates to use v25.0.6 we can delete this +replace github.com/docker/docker => github.com/docker/docker v25.0.6+incompatible + require ( github.com/AlecAivazis/survey/v2 v2.3.7 github.com/Masterminds/semver/v3 v3.2.1 @@ -48,13 +51,13 @@ require ( golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 golang.org/x/term v0.22.0 - helm.sh/helm/v3 v3.14.2 + helm.sh/helm/v3 v3.15.3 k8s.io/api v0.30.3 k8s.io/apimachinery v0.30.3 k8s.io/client-go v0.30.3 k8s.io/component-base v0.30.3 k8s.io/klog/v2 v2.120.1 - k8s.io/kubectl v0.29.1 + k8s.io/kubectl v0.30.0 oras.land/oras-go/v2 v2.5.0 sigs.k8s.io/cli-utils v0.36.0 sigs.k8s.io/kustomize/api v0.16.0 @@ -213,9 +216,9 @@ require ( github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/cli v26.0.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v24.0.9+incompatible // indirect + github.com/docker/docker v25.0.6+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -366,7 +369,6 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect - github.com/morikuni/aec v1.0.0 // indirect github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect @@ -505,16 +507,16 @@ require ( gorm.io/gorm v1.25.5 // indirect k8s.io/apiextensions-apiserver v0.30.0 // indirect k8s.io/apiserver v0.30.0 // indirect - k8s.io/cli-runtime v0.29.1 // indirect - k8s.io/component-helpers v0.29.1 // indirect + k8s.io/cli-runtime v0.30.0 // indirect + k8s.io/component-helpers v0.30.0 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/metrics v0.29.1 // indirect + k8s.io/metrics v0.30.0 // indirect k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect modernc.org/libc v1.29.0 // indirect modernc.org/mathutil v1.6.0 // indirect modernc.org/memory v1.7.2 // indirect modernc.org/sqlite v1.28.0 // indirect - oras.land/oras-go v1.2.4 // indirect + oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/controller-runtime v0.18.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3 // indirect diff --git a/go.sum b/go.sum index a37a950db1..798f2f8915 100644 --- a/go.sum +++ b/go.sum @@ -265,8 +265,8 @@ github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= @@ -639,12 +639,12 @@ github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUy github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= -github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= +github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= @@ -2449,8 +2449,8 @@ gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls= gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA= -helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= +helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= +helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2466,22 +2466,22 @@ k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/cli-runtime v0.29.1 h1:By3WVOlEWYfyxhGko0f/IuAOLQcbBSMzwSaDren2JUs= -k8s.io/cli-runtime v0.29.1/go.mod h1:vjEY9slFp8j8UoMhV5AlO8uulX9xk6ogfIesHobyBDU= +k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= +k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= -k8s.io/component-helpers v0.29.1 h1:54MMEDu6xeJmMtAKztsPwu0kJKr4+jCUzaEIn2UXRoc= -k8s.io/component-helpers v0.29.1/go.mod h1:+I7xz4kfUgxWAPJIVKrqe4ml4rb9UGpazlOmhXYo+cY= +k8s.io/component-helpers v0.30.0 h1:xbJtNCfSM4SB/Tz5JqCKDZv4eT5LVi/AWQ1VOxhmStU= +k8s.io/component-helpers v0.30.0/go.mod h1:68HlSwXIumMKmCx8cZe1PoafQEYh581/sEpxMrkhmX4= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.29.1 h1:rWnW3hi/rEUvvg7jp4iYB68qW5un/urKbv7fu3Vj0/s= -k8s.io/kubectl v0.29.1/go.mod h1:SZzvLqtuOJYSvZzPZR9weSuP0wDQ+N37CENJf0FhDF4= -k8s.io/metrics v0.29.1 h1:qutc3aIPMCniMuEApuLaeYX47rdCn8eycVDx7R6wMlQ= -k8s.io/metrics v0.29.1/go.mod h1:JrbV2U71+v7d/9qb90UVKL8r0uJ6Z2Hy4V7mDm05cKs= +k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= +k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= +k8s.io/metrics v0.30.0 h1:tqB+T0GJY288KahaO3Eb41HaDVeLR18gBmyPo0R417s= +k8s.io/metrics v0.30.0/go.mod h1:nSDA8V19WHhCTBhRYuyzJT9yPJBxSpqbyrGCCQ4jPj4= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/libc v1.29.0 h1:tTFRFq69YKCF2QyGNuRUQxKBm1uZZLubf6Cjh/pVHXs= @@ -2492,8 +2492,8 @@ modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E= modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E= modernc.org/sqlite v1.28.0 h1:Zx+LyDDmXczNnEQdvPuEfcFVA2ZPyaD7UCZDjef3BHQ= modernc.org/sqlite v1.28.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0= -oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= -oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= +oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= +oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=