Merge pull request #4069 from fluxcd/backport-4068-to-release/v2.0.x

[release/v2.0.x] Update dependencies

.github/workflows/action.yaml

@@ -1,29 +0,0 @@
-name: test-gh-action
-
-on:
-  pull_request:
-    paths:
-      - 'action/**'
-  push:
-    paths:
-      - 'action/**'
-    branches:
-      - 'main'
-      - 'release/**'
-
-permissions: read-all
-
-jobs:
-  actions:
-    strategy:
-      fail-fast: false
-      matrix:
-        version: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.version }}
-    name: action on ${{ matrix.version }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Setup flux
-        uses: ./action

.github/workflows/e2e-bootstrap.yaml

@@ -26,7 +26,7 @@ jobs:
             **/go.sum
             **/go.mod
       - name: Setup Kubernetes
-        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
+        uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0
         with:
           version: v0.20.0
           cluster_name: kind

.github/workflows/e2e.yaml

@@ -30,7 +30,7 @@ jobs:
             **/go.sum
             **/go.mod
       - name: Setup Kubernetes
-        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
+        uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0
         with:
           version: v0.20.0
           cluster_name: kind

.github/workflows/release.yaml

@@ -32,7 +32,7 @@ jobs:
         uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1  # v2.9.1
+        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a  # v2.8.0
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
       - name: Setup Cosign

action/README.md

@@ -1,22 +1,216 @@
 # Flux GitHub Action
 
-To install the latest Flux CLI on Linux, macOS or Windows GitHub runners:
+Usage:
 
 ```yaml
-steps:
+    steps:
-  - name: Setup Flux CLI
+      - name: Setup Flux CLI
-    uses: fluxcd/flux2/action@main
+        uses: fluxcd/flux2/action@main
-    with:
+      - name: Run Flux commands
-      version: 'latest'
+        run: flux -v
-  - name: Run Flux CLI
-    run: flux version --client
 ```
 
-The Flux GitHub Action can be used to automate various tasks in CI, such as:
+The latest stable version of the `flux` binary is downloaded from
+GitHub [releases](https://github.com/fluxcd/flux2/releases)
+and placed at `/usr/local/bin/flux`.
 
-- [Automate Flux upgrades on clusters via Pull Requests](https://fluxcd.io/flux/flux-gh-action/#automate-flux-updates)
+Note that this action can only be used on GitHub **Linux** runners.
-- [Push Kubernetes manifests to container registries](https://fluxcd.io/flux/flux-gh-action/#push-kubernetes-manifests-to-container-registries)
+You can change the arch (defaults to `amd64`) with:
-- [Run end-to-end testing with Flux and Kubernetes Kind](https://fluxcd.io/flux/flux-gh-action/#end-to-end-testing)
 
-For more information, please see the [Flux GitHub Action documentation](/flux/flux-gh-action.md).
+```yaml
+    steps:
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+        with:
+          arch: arm64 # can be amd64, arm64 or arm
+```
 
+You can download a specific version with:
+
+```yaml
+    steps:
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+        with:
+          version: 0.32.0
+```
+
+You can also authenticate against the GitHub API using GitHub Actions' `GITHUB_TOKEN` secret.
+
+For more information, please [read about the GitHub token secret](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret).
+
+```yaml
+    steps:
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+This is useful if you are seeing failures on shared runners, those failures are usually API limits being hit.
+
+### Automate Flux updates
+
+Example workflow for updating Flux's components generated with `flux bootstrap --path=clusters/production`:
+
+```yaml
+name: update-flux
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 * * * *"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  components:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+      - name: Check for updates
+        id: update
+        run: |
+          flux install \
+            --export > ./clusters/production/flux-system/gotk-components.yaml
+
+          VERSION="$(flux -v)"
+          echo "flux_version=$VERSION" >> $GITHUB_OUTPUT
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+            token: ${{ secrets.GITHUB_TOKEN }}
+            branch: update-flux
+            commit-message: Update to ${{ steps.update.outputs.flux_version }}
+            title: Update to ${{ steps.update.outputs.flux_version }}
+            body: |
+              ${{ steps.update.outputs.flux_version }}
+```
+
+### Push Kubernetes manifests to container registries
+
+Example workflow for publishing Kubernetes manifests bundled as OCI artifacts to GitHub Container Registry:
+
+```yaml
+name: push-artifact-staging
+
+on:
+  push:
+    branches:
+      - 'main'
+
+permissions:
+  packages: write # needed for ghcr.io access
+
+env:
+  OCI_REPO: "oci://ghcr.io/my-org/manifests/${{ github.event.repository.name }}"
+
+jobs:
+  kubernetes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate manifests
+        run: |
+          kustomize build ./manifests/staging > ./deploy/app.yaml
+      - name: Push manifests
+        run: |
+          flux push artifact $OCI_REPO:$(git rev-parse --short HEAD) \
+            --path="./deploy" \
+            --source="$(git config --get remote.origin.url)" \
+            --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
+      - name: Deploy manifests to staging
+        run: |
+          flux tag artifact $OCI_REPO:$(git rev-parse --short HEAD) --tag staging
+```
+
+### Push and sign Kubernetes manifests to container registries
+
+Example workflow for publishing Kubernetes manifests bundled as OCI artifacts
+which are signed with Cosign and GitHub OIDC:
+
+```yaml
+name: push-sign-artifact
+
+on:
+  push:
+    branches:
+      - 'main'
+
+permissions:
+  packages: write # needed for ghcr.io access
+  id-token: write # needed for keyless signing
+
+env:
+  OCI_REPO: "oci://ghcr.io/my-org/manifests/${{ github.event.repository.name }}"
+
+jobs:
+  kubernetes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+      - name: Setup Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push and sign manifests
+        run: |
+          digest_url=$(flux push artifact \
+          $OCI_REPO:$(git rev-parse --short HEAD) \
+          --path="./manifests" \
+          --source="$(git config --get remote.origin.url)" \
+          --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" |\
+          jq -r '. | .repository + "@" + .digest')
+
+          cosign sign $digest_url
+```
+
+### End-to-end testing
+
+Example workflow for running Flux in Kubernetes Kind:
+
+```yaml
+name: e2e
+
+on:
+  push:
+    branches:
+      - '*'
+
+jobs:
+  kubernetes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+      - name: Setup Kubernetes Kind
+        uses: engineerd/setup-kind@v0.5.0
+      - name: Install Flux in Kubernetes Kind
+        run: flux install
+```
+
+A complete e2e testing workflow is available here
+[flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example/blob/main/.github/workflows/e2e.yaml)

action/action.yml

@@ -1,120 +1,64 @@
 name: Setup Flux CLI
-description: A GitHub Action for installing the Flux CLI
+description: A GitHub Action for running Flux commands
-author: Flux project
+author: Stefan Prodan
 branding:
   color: blue
   icon: command
 inputs:
   version:
-    description: "Flux version e.g. 2.0.0 (defaults to latest stable release)"
+    description: "Flux version e.g. 0.8.0 (defaults to latest stable release)"
     required: false
   arch:
     description: "arch can be amd64, arm64 or arm"
-    required: false
+    required: true
-    deprecationMessage: "No longer required, action will now detect runner arch."
+    default: "amd64"
   bindir:
-    description: "Alternative location for the Flux binary, defaults to path relative to $RUNNER_TOOL_CACHE."
+    description: "Optional location of the Flux binary. Will not use sudo if set. Updates System Path."
     required: false
   token:
-    description: "Token used to authentication against the GitHub.com API. Defaults to the token from the GitHub context of the workflow."
+    description: "GitHub Token used to authentication against the API (generally only needed to prevent quota limit errors)"
     required: false
 runs:
   using: composite
   steps:
-    - name: "Download the binary to the runner's cache dir"
+    - name: "Download flux binary to tmp"
       shell: bash
       run: |
+        ARCH=${{ inputs.arch }}
         VERSION=${{ inputs.version }}
-
         TOKEN=${{ inputs.token }}
-        if [[ -z "$TOKEN" ]]; then
-          TOKEN=${{ github.token }}
-        fi
 
-        if [[ -z "$VERSION" ]] || [[ "$VERSION" = "latest" ]]; then
+        if [ -z "${VERSION}" ]; then
-          VERSION=$(curl -fsSL -H "Authorization: token ${TOKEN}" https://api.github.com/repos/fluxcd/flux2/releases/latest | grep tag_name | cut -d '"' -f 4)
+          if [ -n "${TOKEN}" ]; then
-        fi
+            VERSION_SLUG=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest --silent --location --header "Authorization: token ${TOKEN}" | grep tag_name)
-        if [[ -z "$VERSION" ]]; then
-          echo "Unable to determine Flux CLI version"
-          exit 1
-        fi
-        if [[ $VERSION = v* ]]; then
-          VERSION="${VERSION:1}"
-        fi
-
-        OS=$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]')
-        if [[ "$OS" == "macos" ]]; then
-          OS="darwin"
-        fi
-
-        ARCH=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')
-        if [[ "$ARCH" == "x64" ]]; then
-          ARCH="amd64"
-        elif [[ "$ARCH" == "x86" ]]; then
-          ARCH="386"
-        fi
-
-        FLUX_EXEC_FILE="flux"
-        if [[ "$OS" == "windows" ]]; then
-            FLUX_EXEC_FILE="${FLUX_EXEC_FILE}.exe"
-        fi
-
-        FLUX_TOOL_DIR=${{ inputs.bindir }}
-        if [[ -z "$FLUX_TOOL_DIR" ]]; then
-          FLUX_TOOL_DIR="${RUNNER_TOOL_CACHE}/flux2/${VERSION}/${OS}/${ARCH}"
-        fi
-        if [[ ! -x "$FLUX_TOOL_DIR/FLUX_EXEC_FILE" ]]; then
-          DL_DIR="$(mktemp -dt flux2-XXXXXX)"
-          trap 'rm -rf $DL_DIR' EXIT
-
-          echo "Downloading flux ${VERSION} for ${OS}/${ARCH}"
-          FLUX_TARGET_FILE="flux_${VERSION}_${OS}_${ARCH}.tar.gz"
-          if [[ "$OS" == "windows" ]]; then
-            FLUX_TARGET_FILE="flux_${VERSION}_${OS}_${ARCH}.zip"
-          fi
-
-          FLUX_CHECKSUMS_FILE="flux_${VERSION}_checksums.txt"
-
-          FLUX_DOWNLOAD_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/"
-
-          curl -fsSL -o "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_TARGET_FILE"
-          curl -fsSL -o "$DL_DIR/$FLUX_CHECKSUMS_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_CHECKSUMS_FILE"
-
-          echo "Verifying checksum"
-          sum=""
-          if command -v openssl > /dev/null; then
-            sum=$(openssl sha256 "$DL_DIR/$FLUX_TARGET_FILE" | awk '{print $2}')
-          elif command -v sha256sum > /dev/null; then
-            sum=$(sha256sum "$DL_DIR/$FLUX_TARGET_FILE" | awk '{print $1}')
-          fi
-
-          if [[ -z "$sum" ]]; then
-            echo "Neither openssl nor sha256sum found. Cannot calculate checksum."
-            exit 1
-          fi
-
-          expected_sum=$(grep " $FLUX_TARGET_FILE\$" "$DL_DIR/$FLUX_CHECKSUMS_FILE" | awk '{print $1}')
-          if [ "$sum" != "$expected_sum" ]; then
-            echo "SHA sum of ${FLUX_TARGET_FILE} does not match. Aborting."
-            exit 1
-          fi
-
-          echo "Installing flux to ${FLUX_TOOL_DIR}"
-          mkdir -p "$FLUX_TOOL_DIR"
-        
-          if [[ "$OS" == "windows" ]]; then
-            unzip "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_EXEC_FILE" -d "$FLUX_TOOL_DIR"
           else
-            tar xzf "$DL_DIR/$FLUX_TARGET_FILE" -C "$FLUX_TOOL_DIR" $FLUX_EXEC_FILE
+            # With no GITHUB_TOKEN you will experience occasional failures due to rate limiting
+            # Ref: https://github.com/fluxcd/flux2/issues/3509#issuecomment-1400820992
+            VERSION_SLUG=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest --silent --location | grep tag_name)
           fi
 
-          chmod +x "$FLUX_TOOL_DIR/$FLUX_EXEC_FILE"
+          VERSION=$(echo "${VERSION_SLUG}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
         fi
 
-        echo "Adding flux to path"
+        BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_${ARCH}.tar.gz"
-        echo "$FLUX_TOOL_DIR" >> "$GITHUB_PATH"
+        curl --silent --fail --location "${BIN_URL}" --output /tmp/flux.tar.gz
-
+        mkdir -p /tmp/flux
-    - name: "Print installed flux version"
+        tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz
+    - name: "Copy Flux binary to execute location"
+      shell: bash
+      run: |
+        BINDIR=${{ inputs.bindir }}
+        if [ -z "${BINDIR}" ]; then
+          sudo cp /tmp/flux/flux /usr/local/bin
+        else
+          cp /tmp/flux/flux "${BINDIR}"
+          echo "${BINDIR}" >> $GITHUB_PATH
+        fi
+    - name: "Cleanup tmp"
+      shell: bash
+      run: |
+        rm -rf /tmp/flux/ /tmp/flux.tar.gz
+    - name: "Verify correct installation of binary"
       shell: bash
       run: |
         flux -v

cmd/flux/check.go

@@ -57,7 +57,7 @@ type checkFlags struct {
 }
 
 var kubernetesConstraints = []string{
-	">=1.25.0-0",
+	">=1.24.0-0",
 }
 
 var checkArgs checkFlags

cmd/flux/create_image_repository.go

@@ -101,7 +101,7 @@ func createImageRepositoryRun(cmd *cobra.Command, args []string) error {
 	var repo = imagev1.ImageRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      objectName,
-			Namespace: GetDesiredNamespace(kubeconfigArgs),
+			Namespace: *kubeconfigArgs.Namespace,
 			Labels:    labels,
 		},
 		Spec: imagev1.ImageRepositorySpec{

cmd/flux/diff_kustomization_test.go

@@ -91,12 +91,6 @@ func TestDiffKustomization(t *testing.T) {
 			objectFile: "./testdata/diff-kustomization/stringdata-sops-secret.yaml",
 			assert:     assertGoldenFile("./testdata/diff-kustomization/diff-with-drifted-stringdata-sops-secret.golden"),
 		},
-		{
-			name:       "diff where kustomization file has multiple objects with the same name",
-			args:       "diff kustomization podinfo --path ./testdata/build-kustomization/podinfo --progress-bar=false --kustomization-file ./testdata/diff-kustomization/flux-kustomization-multiobj.yaml",
-			objectFile: "",
-			assert:     assertGoldenFile("./testdata/diff-kustomization/nothing-is-deployed.golden"),
-		},
 	}
 
 	tmpl := map[string]string{

cmd/flux/get.go

@@ -146,11 +146,9 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	ns := GetDesiredNamespace(kubeconfigArgs)
-
 	var listOpts []client.ListOption
 	if !getArgs.allNamespaces {
-		listOpts = append(listOpts, client.InNamespace(ns))
+		listOpts = append(listOpts, client.InNamespace(*kubeconfigArgs.Namespace))
 	}
 
 	if len(args) > 0 {
@@ -192,12 +190,12 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 			logger.Failuref("%s object '%s' not found in %s namespace",
 				get.kind,
 				args[0],
-				namespaceNameOrAny(getArgs.allNamespaces, ns),
+				namespaceNameOrAny(getArgs.allNamespaces, *kubeconfigArgs.Namespace),
 			)
 		} else if !getAll {
 			logger.Failuref("no %s objects found in %s namespace",
 				get.kind,
-				namespaceNameOrAny(getArgs.allNamespaces, ns),
+				namespaceNameOrAny(getArgs.allNamespaces, *kubeconfigArgs.Namespace),
 			)
 		}
 		return nil

cmd/flux/install.go

@@ -146,7 +146,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	opts := install.Options{
 		BaseURL:                installArgs.manifestsPath,
 		Version:                installArgs.version,
-		Namespace:              GetDesiredNamespace(kubeconfigArgs),
+		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             components,
 		Registry:               installArgs.registry,
 		ImagePullSecret:        installArgs.imagePullSecret,
@@ -181,7 +181,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	logger.Successf("manifests build completed")
-	logger.Actionf("installing components in %s namespace", opts.Namespace)
+	logger.Actionf("installing components in %s namespace", *kubeconfigArgs.Namespace)
 
 	applyOutput, err := utils.Apply(ctx, kubeconfigArgs, kubeclientOptions, tmpDir, filepath.Join(tmpDir, manifest.Path))
 	if err != nil {

cmd/flux/main.go

@@ -105,10 +105,6 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.`,
 			return fmt.Errorf("error getting namespace: %w", err)
 		}
 
-		if ns == "" {
-			return nil
-		}
-
 		if e := validation.IsDNS1123Label(ns); len(e) > 0 {
 			return fmt.Errorf("namespace must be a valid DNS label: %q", ns)
 		}
@@ -144,6 +140,7 @@ func init() {
 	rootCmd.PersistentFlags().DurationVar(&rootArgs.timeout, "timeout", 5*time.Minute, "timeout for this operation")
 	rootCmd.PersistentFlags().BoolVar(&rootArgs.verbose, "verbose", false, "print generated objects")
 
+	configureDefaultNamespace()
 	kubeconfigArgs.APIServer = nil // prevent AddFlags from configuring --server flag
 	kubeconfigArgs.Timeout = nil   // prevent AddFlags from configuring --request-timeout flag, we have --timeout instead
 	kubeconfigArgs.AddFlags(rootCmd.PersistentFlags())
@@ -201,10 +198,8 @@ func main() {
 	}
 }
 
-func GetDesiredNamespace(cfg *genericclioptions.ConfigFlags) string {
+func configureDefaultNamespace() {
-	if *cfg.Namespace != "" {
+	*kubeconfigArgs.Namespace = rootArgs.defaults.Namespace
-		return *cfg.Namespace
-	}
 	fromEnv := os.Getenv("FLUX_SYSTEM_NAMESPACE")
 	if fromEnv != "" {
 		// namespace must be a valid DNS label. Assess against validation
@@ -212,28 +207,11 @@ func GetDesiredNamespace(cfg *genericclioptions.ConfigFlags) string {
 		// may not be actively provided by end-user.
 		if e := validation.IsDNS1123Label(fromEnv); len(e) > 0 {
 			logger.Warningf(" ignoring invalid FLUX_SYSTEM_NAMESPACE: %q", fromEnv)
-		} else {
+			return
-			return fromEnv
 		}
-	}
 
-	if _, has := os.LookupEnv("FLUX_NS_FOLLOW_KUBECONTEXT"); has {
+		kubeconfigArgs.Namespace = &fromEnv
-		rawCfg, err := cfg.ToRawKubeConfigLoader().RawConfig()
-		if err != nil {
-			logger.Warningf(" failed parsing kubeconfig, ignoring: %q", fromEnv)
-		} else {
-			ctx := *cfg.Context
-			if ctx == "" {
-				ctx = rawCfg.CurrentContext
-			}
-			ns := rawCfg.Contexts[ctx].Namespace
-			if ns != "" {
-				return ns
-			}
-		}
 	}
-
-	return rootArgs.defaults.Namespace
 }
 
 // readPasswordFromStdin reads a password from stdin and returns the input

cmd/flux/status.go

@@ -85,7 +85,7 @@ func buildComponentObjectRefs(components ...string) ([]object.ObjMetadata, error
 	var objRefs []object.ObjMetadata
 	for _, deployment := range components {
 		objRefs = append(objRefs, object.ObjMetadata{
-			Namespace: GetDesiredNamespace(kubeconfigArgs),
+			Namespace: *kubeconfigArgs.Namespace,
 			Name:      deployment,
 			GroupKind: schema.GroupKind{Group: "apps", Kind: "Deployment"},
 		})

cmd/flux/testdata/check/check_pre.golden

@@ -1,3 +1,3 @@
 ► checking prerequisites
-✔ Kubernetes {{ .serverVersion }} >=1.25.0-0
+✔ Kubernetes {{ .serverVersion }} >=1.24.0-0
 ✔ prerequisites checks passed

cmd/flux/testdata/diff-kustomization/flux-kustomization-multiobj.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: podinfo
-
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: podinfo
-spec:
-  interval: 5m0s
-  path: ./kustomize
-  force: true
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: podinfo
-  targetNamespace: default

internal/build/build.go

@@ -333,7 +333,7 @@ func (b *Builder) unMarshallKustomization() (*kustomizev1.Kustomization, error)
 	k := &kustomizev1.Kustomization{}
 	decoder := k8syaml.NewYAMLOrJSONDecoder(bytes.NewBuffer(data), len(data))
 	// check for kustomization in yaml with the same name and namespace
-	for {
+	for !(k.Name == b.name && (k.Namespace == b.namespace || k.Namespace == "")) {
 		err = decoder.Decode(k)
 		if err != nil {
 			if err == io.EOF {
@@ -343,13 +343,6 @@ func (b *Builder) unMarshallKustomization() (*kustomizev1.Kustomization, error)
 				return nil, fmt.Errorf("failed to unmarshall kustomization file %s: %w", b.kustomizationFile, err)
 			}
 		}
-
-		if strings.HasPrefix(k.APIVersion, kustomizev1.GroupVersion.Group+"/") &&
-			k.Kind == kustomizev1.KustomizationKind &&
-			k.Name == b.name &&
-			(k.Namespace == b.namespace || k.Namespace == "") {
-			break
-		}
 	}
 	return k, nil
 }

internal/build/build_test.go

@@ -189,12 +189,6 @@ func Test_unMarshallKustomization(t *testing.T) {
 			wantErr:     true,
 			errString:   "failed find kustomization with name",
 		},
-		{
-			name:        "yaml containing other resource with same name as kustomization",
-			localKsFile: "testdata/local-kustomization/invalid-resource.yaml",
-			wantErr:     true,
-			errString:   "failed find kustomization with name",
-		},
 	}
 
 	b := &Builder{
@@ -330,10 +324,7 @@ func Test_ResolveKustomization(t *testing.T) {
 		},
 	}
 
-	b := &Builder{
+	b := &Builder{}
-		name:      "podinfo",
-		namespace: "flux-system",
-	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			b.kustomizationFile = tt.localKsFile

internal/build/testdata/local-kustomization/invalid-resource.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: podinfo