- add the Flux manifests and API schemas to checksums
- sign the checksum.txt with Cosign and GitHub OIDC
- sign the flux-cli container images with Cosign and GitHub OIDC
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- generate SBOM for Flux Go modules with Syft
- publish the SBOM SPDX JSON files to GitHub releases with GoReleaser
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Refactor logic to install helper tools into one function in the
Makefile. Add support for envtest to help install tools like kubectl,
etcd which helps users run tests more conveniently.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
This change publishes the auto-generated JSON schemas as a single URL,
so that it is consumable by a tool like VS Code.
The CRD generator creates 2 files, a tar.gz for Kubeval,
and another one is a JSON file. The JSON file is a combination of
all schemas, put under the "oneOf" operator.
There's another location which uses the "manifests directory" target
directly, but isn't run when testing a PR: the release workflow.
Signed-off-by: Michael Bridgen <michael@weave.works>
Using the directory cmd/flux/manifests as a prerequisite causes a
problem: if the script that creates the files within fails, the next
invocation of make will see the directory and assume it
succeeded. Since the executable expects certain files to be present,
but they are not explicit prerequisites of the recipe for building the
binary, this results in a successful build but a broken `flux`
executable.
Instead, depend on a file that's explicitly updated when the script
has succeeded, and which itself depends on the inputs.
A couple of the CI workflows run
make cmd/flux/manifests
before doing other things, presumably as a way to avoid running the
whole test suite in a CI pipeline for some purpose other than testing,
so these needed changing as well.
Signed-off-by: Michael Bridgen <michael@weave.works>
This includes updating the version in the `manifests/crds` directory
for the component thas has a newer latest version.
Signed-off-by: Hidde Beydals <hello@hidde.co>
We noticed that some of our components had not received `go.mod` updates
while they did receive updates for the versions declared in the YAML
manifests.
Was able to trace this back to a behavior change in Go since `1.16.x`,
resulting in it no longer making automated changes to `go.mod` and
`go.sum`[1]. This is an issue for our updater script as it relies
on `go list -m all`, which now after the first `go mod edit` returns:
```console
$ go list -m all
go: github.com/fluxcd/notification-controller/api@v0.10.0: missing
go.sum entry; to add it:
go mod download github.com/fluxcd/notification-controller/api
```
To work around the issue without having to repeatedly call `go mod
tidy`, I have opted to simply `grep` on the contents of `go.mod` as a
workaround.
[1]: https://blog.golang.org/go116-module-changes#TOC_3.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This changes the name of the repository that is used for the GitHub
end-to-end tests to a name that is still traceable to the source
(repository) that created it, by using the format
`<ORIGIN_REPOSITORY_NAME>-<PSEUDO_RAND_SUFFIX>`.
The `PSEUDO_RAND_SUFFIX` is a SHA1 sum of the name of the branch and
commit SHA the tests run for, resulting in a 40 character suffix that
unlike the short commit SHA used before, should not result in collisions.
Signed-off-by: Hidde Beydals <hello@hidde.co>
There was an assumption in this script that it is always executed in Git
repository/directory, this is however not always true, for example when
one downloads the `.tar.gz` that is made available for every release
by GitHub (and used in one of our AUR packages).
This commit changes this, and makes the first argument of `bundle.sh`
configurable, so a custom manifests directory can always be defined
_without_ relying on Git.
Omitting it, or passing an empty string, will still fall back to the
previous behavior of using `git rev-parse --show-toplevel`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan
Sanskar Jaiswal
Aurel Canciu
Hidde Beydals
Chanwit Kaewkasi
Somtochi Onyekwere
Philip Laine
Michael Bridgen
Daniel Holbach