diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index ef4bc8bf..d6c23218 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -188,7 +188,8 @@ jobs: run: | /tmp/flux create source git flux-system \ --url=https://github.com/fluxcd/flux2-kustomize-helm-example \ - --branch=main + --branch=main \ + --recurse-submodules /tmp/flux create kustomization flux-system \ --source=flux-system \ --path=./clusters/staging diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go index 05139ab4..1c1dc1c2 100644 --- a/cmd/flux/bootstrap.go +++ b/cmd/flux/bootstrap.go @@ -39,8 +39,9 @@ type bootstrapFlags struct { arch flags.Arch logLevel flags.LogLevel - branch string - manifestsPath string + branch string + recurseSubmodules bool + manifestsPath string defaultComponents []string extraComponents []string @@ -89,8 +90,10 @@ func init() { bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.imagePullSecret, "image-pull-secret", "", "Kubernetes secret name used for pulling the toolkit images from a private registry") - bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.branch, "branch", bootstrapDefaultBranch, - "default branch (for GitHub this must match the default branch setting for the organization)") + bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.branch, "branch", bootstrapDefaultBranch, "Git branch") + bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.recurseSubmodules, "recurse-submodules", false, + "when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces") + bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.manifestsPath, "manifests", "", "path to the manifest directory") bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.watchAllNamespaces, "watch-all-namespaces", true, diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go index fa8eb584..2f4c49d1 100644 --- a/cmd/flux/bootstrap_git.go +++ b/cmd/flux/bootstrap_git.go @@ -189,6 +189,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error { TargetPath: gitArgs.path.String(), ManifestFile: sync.MakeDefaultOptions().ManifestFile, GitImplementation: sourceGitArgs.gitImplementation.String(), + RecurseSubmodules: bootstrapArgs.recurseSubmodules, } // Bootstrap config diff --git a/cmd/flux/bootstrap_github.go b/cmd/flux/bootstrap_github.go index 81238331..5f0f594d 100644 --- a/cmd/flux/bootstrap_github.go +++ b/cmd/flux/bootstrap_github.go @@ -211,6 +211,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error { TargetPath: githubArgs.path.String(), ManifestFile: sync.MakeDefaultOptions().ManifestFile, GitImplementation: sourceGitArgs.gitImplementation.String(), + RecurseSubmodules: bootstrapArgs.recurseSubmodules, } // Bootstrap config diff --git a/cmd/flux/bootstrap_gitlab.go b/cmd/flux/bootstrap_gitlab.go index a57b9aa5..d66003cf 100644 --- a/cmd/flux/bootstrap_gitlab.go +++ b/cmd/flux/bootstrap_gitlab.go @@ -227,6 +227,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error { TargetPath: gitlabArgs.path.String(), ManifestFile: sync.MakeDefaultOptions().ManifestFile, GitImplementation: sourceGitArgs.gitImplementation.String(), + RecurseSubmodules: bootstrapArgs.recurseSubmodules, } // Bootstrap config diff --git a/cmd/flux/create_source_git.go b/cmd/flux/create_source_git.go index 0a87610f..c4b2fb18 100644 --- a/cmd/flux/create_source_git.go +++ b/cmd/flux/create_source_git.go @@ -56,6 +56,7 @@ type sourceGitFlags struct { gitImplementation flags.GitImplementation caFile string privateKeyFile string + recurseSubmodules bool } var createSourceGitCmd = &cobra.Command{ @@ -122,8 +123,10 @@ func init() { createSourceGitCmd.Flags().Var(&sourceGitArgs.keyECDSACurve, "ssh-ecdsa-curve", sourceGitArgs.keyECDSACurve.Description()) createSourceGitCmd.Flags().StringVar(&sourceGitArgs.secretRef, "secret-ref", "", "the name of an existing secret containing SSH or basic credentials") createSourceGitCmd.Flags().Var(&sourceGitArgs.gitImplementation, "git-implementation", sourceGitArgs.gitImplementation.Description()) - createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates, requires libgit2") + createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates") createSourceGitCmd.Flags().StringVar(&sourceGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server") + createSourceGitCmd.Flags().BoolVar(&sourceGitArgs.recurseSubmodules, "recurse-submodules", false, + "when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces") createSourceCmd.AddCommand(createSourceGitCmd) } @@ -146,16 +149,6 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error { return fmt.Errorf("url is required") } - if sourceGitArgs.gitImplementation.String() != sourcev1.LibGit2Implementation && sourceGitArgs.caFile != "" { - return fmt.Errorf("specifing a CA file requires --git-implementation=%s", sourcev1.LibGit2Implementation) - } - - tmpDir, err := ioutil.TempDir("", name) - if err != nil { - return err - } - defer os.RemoveAll(tmpDir) - u, err := url.Parse(sourceGitArgs.url) if err != nil { return fmt.Errorf("git URL parse failed: %w", err) @@ -164,6 +157,20 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error { return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme) } + if sourceGitArgs.caFile != "" && u.Scheme == "ssh" { + return fmt.Errorf("specifing a CA file is not supported for Git over SSH") + } + + if sourceGitArgs.recurseSubmodules && sourceGitArgs.gitImplementation == sourcev1.LibGit2Implementation { + return fmt.Errorf("recurse submodules requires --git-implementation=%s", sourcev1.GoGitImplementation) + } + + tmpDir, err := ioutil.TempDir("", name) + if err != nil { + return err + } + defer os.RemoveAll(tmpDir) + sourceLabels, err := parseLabels() if err != nil { return err @@ -180,7 +187,8 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error { Interval: metav1.Duration{ Duration: createArgs.interval, }, - Reference: &sourcev1.GitRepositoryRef{}, + RecurseSubmodules: sourceGitArgs.recurseSubmodules, + Reference: &sourcev1.GitRepositoryRef{}, }, } diff --git a/docs/cmd/flux_bootstrap.md b/docs/cmd/flux_bootstrap.md index 7d944dbd..9f1adb8b 100644 --- a/docs/cmd/flux_bootstrap.md +++ b/docs/cmd/flux_bootstrap.md @@ -14,7 +14,7 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git ``` --author-email string author email for Git commits --author-name string author name for Git commits (default "Flux") - --branch string default branch (for GitHub this must match the default branch setting for the organization) (default "main") + --branch string Git branch (default "main") --ca-file string path to TLS CA file used for validating self-signed certificates --cluster-domain string internal cluster domain (default "cluster.local") --commit-message-appendix string string to add to the commit messages, e.g. '[ci skip]' @@ -25,6 +25,7 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git --log-level logLevel log level, available options are: (debug, info, error) (default info) --network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true) --private-key-file string path to a private key file used for authenticating to the Git SSH server + --recurse-submodules when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces --registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd") --secret-name string name of the secret the sync credentials can be found in or stored to (default "flux-system") --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) diff --git a/docs/cmd/flux_bootstrap_git.md b/docs/cmd/flux_bootstrap_git.md index 0587e536..0ba7ebf9 100644 --- a/docs/cmd/flux_bootstrap_git.md +++ b/docs/cmd/flux_bootstrap_git.md @@ -46,7 +46,7 @@ flux bootstrap git [flags] ``` --author-email string author email for Git commits --author-name string author name for Git commits (default "Flux") - --branch string default branch (for GitHub this must match the default branch setting for the organization) (default "main") + --branch string Git branch (default "main") --ca-file string path to TLS CA file used for validating self-signed certificates --cluster-domain string internal cluster domain (default "cluster.local") --commit-message-appendix string string to add to the commit messages, e.g. '[ci skip]' @@ -59,6 +59,7 @@ flux bootstrap git [flags] -n, --namespace string the namespace scope for this operation (default "flux-system") --network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true) --private-key-file string path to a private key file used for authenticating to the Git SSH server + --recurse-submodules when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces --registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd") --secret-name string name of the secret the sync credentials can be found in or stored to (default "flux-system") --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) diff --git a/docs/cmd/flux_bootstrap_github.md b/docs/cmd/flux_bootstrap_github.md index 05dbe90e..d99ba691 100644 --- a/docs/cmd/flux_bootstrap_github.md +++ b/docs/cmd/flux_bootstrap_github.md @@ -65,7 +65,7 @@ flux bootstrap github [flags] ``` --author-email string author email for Git commits --author-name string author name for Git commits (default "Flux") - --branch string default branch (for GitHub this must match the default branch setting for the organization) (default "main") + --branch string Git branch (default "main") --ca-file string path to TLS CA file used for validating self-signed certificates --cluster-domain string internal cluster domain (default "cluster.local") --commit-message-appendix string string to add to the commit messages, e.g. '[ci skip]' @@ -78,6 +78,7 @@ flux bootstrap github [flags] -n, --namespace string the namespace scope for this operation (default "flux-system") --network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true) --private-key-file string path to a private key file used for authenticating to the Git SSH server + --recurse-submodules when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces --registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd") --secret-name string name of the secret the sync credentials can be found in or stored to (default "flux-system") --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) diff --git a/docs/cmd/flux_bootstrap_gitlab.md b/docs/cmd/flux_bootstrap_gitlab.md index a3a6823f..fbf17666 100644 --- a/docs/cmd/flux_bootstrap_gitlab.md +++ b/docs/cmd/flux_bootstrap_gitlab.md @@ -62,7 +62,7 @@ flux bootstrap gitlab [flags] ``` --author-email string author email for Git commits --author-name string author name for Git commits (default "Flux") - --branch string default branch (for GitHub this must match the default branch setting for the organization) (default "main") + --branch string Git branch (default "main") --ca-file string path to TLS CA file used for validating self-signed certificates --cluster-domain string internal cluster domain (default "cluster.local") --commit-message-appendix string string to add to the commit messages, e.g. '[ci skip]' @@ -75,6 +75,7 @@ flux bootstrap gitlab [flags] -n, --namespace string the namespace scope for this operation (default "flux-system") --network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true) --private-key-file string path to a private key file used for authenticating to the Git SSH server + --recurse-submodules when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces --registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd") --secret-name string name of the secret the sync credentials can be found in or stored to (default "flux-system") --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) diff --git a/docs/cmd/flux_create_source_git.md b/docs/cmd/flux_create_source_git.md index 890f21bc..6d6daf23 100644 --- a/docs/cmd/flux_create_source_git.md +++ b/docs/cmd/flux_create_source_git.md @@ -65,11 +65,12 @@ flux create source git [name] [flags] ``` --branch string git branch (default "master") - --ca-file string path to TLS CA file used for validating self-signed certificates, requires libgit2 + --ca-file string path to TLS CA file used for validating self-signed certificates --git-implementation gitImplementation the Git implementation to use, available options are: (go-git, libgit2) -h, --help help for git -p, --password string basic authentication password --private-key-file string path to a passwordless private key file used for authenticating to the Git SSH server + --recurse-submodules when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces --secret-ref string the name of an existing secret containing SSH or basic credentials --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) --ssh-key-algorithm publicKeyAlgorithm SSH public key algorithm (rsa, ecdsa, ed25519) (default rsa) diff --git a/pkg/manifestgen/sync/options.go b/pkg/manifestgen/sync/options.go index d406435c..71da1e47 100644 --- a/pkg/manifestgen/sync/options.go +++ b/pkg/manifestgen/sync/options.go @@ -30,6 +30,7 @@ type Options struct { TargetPath string ManifestFile string GitImplementation string + RecurseSubmodules bool } func MakeDefaultOptions() Options { diff --git a/pkg/manifestgen/sync/sync.go b/pkg/manifestgen/sync/sync.go index 37f70f90..b2557208 100644 --- a/pkg/manifestgen/sync/sync.go +++ b/pkg/manifestgen/sync/sync.go @@ -56,6 +56,7 @@ func Generate(options Options) (*manifestgen.Manifest, error) { Name: options.Secret, }, GitImplementation: options.GitImplementation, + RecurseSubmodules: options.RecurseSubmodules, }, }