Add an optional flag called `--registry-creds` to the bootstrap
command for generating an image pull secret for container images
stored in private registries.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This change set implements support for the `--deploy-token-auth` option
in the `flux bootstrap gitlab` command.
That option will reconcile a GitLab Project Deploy Token to use for the
authentication of the GitLab git repository.
A GitLab Project Deploy Token can be used the same way as a Personal
Access Token which is already supported via `--token-auth`.
The difference with the GitLab Project Deploy Token is that the token is
managed (created, updated, deleted) by Flux and not provided by the
user.
This change is transparent to the source-controller.
A prerequisite for this change is the
`fluxcd/go-git-providers` change here:
* https://github.com/fluxcd/go-git-providers/pull/191
See related discussion here: https://github.com/fluxcd/flux2/discussions/3595
GitLab Issue here: https://gitlab.com/gitlab-org/gitlab/-/issues/392605
Signed-off-by: Timo Furrer <tuxtimo@gmail.com>
Use default known_hosts and ssh configuration when no private key file
is provided while bootstraping using ssh.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This change adds functionality to both, `bootstrap github` and
`bootstrap gitlab` to prompt the user for the personal access tokens
if those can't be derived from the shell environment. Echoing is
turned off for better privacy.
Instead of having to interactively type the token or manually paste it
from the clipboard, users can also pipe it to Flux which comes in
handy e.g. when executing Flux remotely over an SSH connection:
```
$ echo 'asdf' | flux bootstrap github
```
Otherwise, Flux will prompt the user:
```
$ flux bootstrap github
Please type your GitHub personal access token:
```
closes#2011
Signed-off-by: Max Jonas Werner <mail@makk.es>
StringSliceVar allows for more flexibility when passing vars to list
flags.
Both formats will be supported:
- '--foo=one --foo=two'
- '--foo=one,two'
Signed-off-by: Claudia Beresford <claudiaberesford@gmail.com>
The behavior introduced during the introduction of go-git-providers
was more strict, and has proven pretty quickly to not be useful to
all users. Therefore, the reconciliation behavior for repository
configuration has been put behind an opt-in flag, so that it does
not overwrite people their configs by accident.
Signed-off-by: Hidde Beydals <hello@hidde.co>
To highlight the fact that it configures the repository as defined,
which was not _really_ clear to some users and has resulted in public
repositories accidentally being changed to private (losing important
goodies like stars and linked forks).
Discussion on this is ongoing and there will likely be other
improvements in the near future to protect users against this.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes making a lot of things configurable (e.g. SSH key
algorithm, RSA bit size, etc.) that used to be static.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds a flag for supplying extra components to bootstrap
(and its subcommands), to match the one for `flux install`.
Since the bootstrapComponents global is used in a few places, I made
it a func and renamed the variable. For consistency, I also renamed
the var used in install.go.
Lastly, so that the flag sorts next to `--components`, I changed it to
`--components-extra` in both commands.
Signed-off-by: Michael Bridgen <michael@weave.works>
Stefan Prodan
Ernest Wong
Somtochi Onyekwere
Max Jonas Werner
Timo Furrer
Sanskar Jaiswal
Boris Kreitchman
Philip Laine
Robert Wittman
Jakob Schrettenbrunner
Dmitry Rybin
Claudia Beresford
Hidde Beydals
Michael Bridgen
Sylvain Rabot