Merge pull request #4489 from fluxcd/backport-4488-to-release/v2.2.x

[release/v2.2.x] tests: update API dependencies

.github/kind/config.yaml

@@ -1,9 +1,5 @@
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
-nodes:
-  - role: control-plane
-  - role: worker
-  - role: worker
 networking:
   disableDefaultCNI: true   # disable kindnet
   podSubnet: 192.168.0.0/16 # set to Calico's default subnet

.github/labels.yaml

@@ -50,9 +50,3 @@
 - name: backport:release/v2.1.x
   description: To be backported to release/v2.1.x
   color: '#ffd700'
-- name: backport:release/v2.2.x
-  description: To be backported to release/v2.2.x
-  color: '#ffd700'
-- name: backport:release/v2.3.x
-  description: To be backported to release/v2.3.x
-  color: '#ffd700'

.github/runners/README.md

@@ -5,17 +5,15 @@ The Flux ARM64 end-to-end tests run on Equinix Metal instances provisioned with
 ## Current instances
 
 | Repository                  | Runner           | Instance               | Location      |
-|-----------------------------|------------------|----------------|---------------|
-| flux2                       | equinix-arm-dc-1 | flux-arm-dc-01 | Washington DC |
-| flux2                       | equinix-arm-dc-2 | flux-arm-dc-01 | Washington DC |
-| flux2                       | equinix-arm-da-1 | flux-arm-da-01 | Dallas        |
-| flux2                       | equinix-arm-da-2 | flux-arm-da-01 | Dallas        |
-| flux-benchmark              | equinix-arm-dc-1 | flux-arm-dc-01 | Washington DC |
-| flux-benchmark              | equinix-arm-da-1 | flux-arm-da-01 | Dallas        |
-| source-controller           | equinix-arm-dc-1 | flux-arm-dc-01 | Washington DC |
-| source-controller           | equinix-arm-da-1 | flux-arm-da-01 | Dallas        |
-| image-automation-controller | equinix-arm-dc-1 | flux-arm-dc-01 | Washington DC |
-| image-automation-controller | equinix-arm-da-1 | flux-arm-da-01 | Dallas        |
+|-----------------------------|------------------|------------------------|---------------|
+| flux2                       | equinix-arm-dc-1 | flux-equinix-arm-dc-01 | Washington DC |
+| flux2                       | equinix-arm-dc-2 | flux-equinix-arm-dc-01 | Washington DC |
+| flux2                       | equinix-arm-da-1 | flux-equinix-arm-da-01 | Dallas        |
+| flux2                       | equinix-arm-da-2 | flux-equinix-arm-da-01 | Dallas        |
+| source-controller           | equinix-arm-dc-1 | flux-equinix-arm-dc-01 | Washington DC |
+| source-controller           | equinix-arm-da-1 | flux-equinix-arm-da-01 | Dallas        |
+| image-automation-controller | equinix-arm-dc-1 | flux-equinix-arm-dc-01 | Washington DC |
+| image-automation-controller | equinix-arm-da-1 | flux-equinix-arm-da-01 | Dallas        |
 
 Instance spec:
 - Ampere Altra Q80-30 80-core processor @ 2.8GHz

.github/runners/prereq.sh

@@ -18,11 +18,11 @@
 
 set -eu
 
-KIND_VERSION=0.22.0
-KUBECTL_VERSION=1.29.0
-KUSTOMIZE_VERSION=5.3.0
-HELM_VERSION=3.14.1
-GITHUB_RUNNER_VERSION=2.313.0
+KIND_VERSION=0.17.0
+KUBECTL_VERSION=1.24.0
+KUSTOMIZE_VERSION=4.5.7
+HELM_VERSION=3.10.1
+GITHUB_RUNNER_VERSION=2.298.2
 PACKAGES="apt-transport-https ca-certificates software-properties-common build-essential libssl-dev gnupg lsb-release jq pkg-config"
 
 # install prerequisites

.github/runners/runner-setup.sh

@@ -22,7 +22,7 @@ RUNNER_NAME=$1
 REPOSITORY_TOKEN=$2
 REPOSITORY_URL=${3:-https://github.com/fluxcd/flux2}
 
-GITHUB_RUNNER_VERSION=2.313.0
+GITHUB_RUNNER_VERSION=2.298.2
 
 # download runner
 curl -o actions-runner-linux-arm64.tar.gz -L https://github.com/actions/runner/releases/download/v${GITHUB_RUNNER_VERSION}/actions-runner-linux-arm64-${GITHUB_RUNNER_VERSION}.tar.gz \

.github/workflows/action.yaml

@@ -24,6 +24,6 @@ jobs:
     name: action on ${{ matrix.version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup flux
         uses: ./action

.github/workflows/backport.yaml

@@ -4,9 +4,6 @@ on:
   pull_request_target:
     types: [closed, labeled]
 
-permissions: 
-  contents: read
-
 jobs:
   pull-request:
     runs-on: ubuntu-latest
@@ -16,11 +13,11 @@ jobs:
     if: github.event.pull_request.state == 'closed' && github.event.pull_request.merged && (github.event_name != 'labeled' || startsWith('backport:', github.event.label.name))
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Create backport PRs
-        uses: korthout/backport-action@be567af183754f6a5d831ae90f648954763f17f5 # v3.1.0
+        uses: korthout/backport-action@b982d297e31f500652b2246cf26714796312bd23 # v2.2.0
         # xref: https://github.com/korthout/backport-action#inputs
         with:
           # Use token to allow workflows to be triggered for the created PR

.github/workflows/conformance.yaml

@@ -1,256 +0,0 @@
-name: conformance
-
-on:
-  workflow_dispatch:
-  push:
-    branches: [ 'main', 'update-components', 'release/**', 'conform*' ]
-
-permissions:
-  contents: read
-
-env:
-  GO_VERSION: 1.22.x
-
-jobs:
-  conform-kubernetes:
-    runs-on:
-      group: "ARM64"
-    strategy:
-      matrix:
-        # Keep this list up-to-date with https://endoflife.date/kubernetes
-        # Build images with https://github.com/fluxcd/flux-benchmark/actions/workflows/build-kind.yaml
-        KUBERNETES_VERSION: [ 1.28.11, 1.29.6, 1.30.2, 1.31.0 ]
-      fail-fast: false
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          cache-dependency-path: |
-            **/go.sum
-            **/go.mod
-      - name: Prepare
-        id: prep
-        run: |
-          ID=${GITHUB_SHA:0:7}-${{ matrix.KUBERNETES_VERSION }}-$(date +%s)
-          echo "CLUSTER=arm64-${ID}" >> $GITHUB_OUTPUT
-      - name: Build
-        run: |
-          make build
-      - name: Setup Kubernetes
-        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
-        with:
-          version: v0.22.0
-          cluster_name: ${{ steps.prep.outputs.CLUSTER }}
-          node_image: ghcr.io/fluxcd/kindest/node:v${{ matrix.KUBERNETES_VERSION }}-arm64
-      - name: Run e2e tests
-        run: TEST_KUBECONFIG=$HOME/.kube/config make e2e
-      - name: Run multi-tenancy tests
-        run: |
-          ./bin/flux install
-          ./bin/flux create source git flux-system \
-          --interval=15m \
-          --url=https://github.com/fluxcd/flux2-multi-tenancy \
-          --branch=main \
-          --ignore-paths="./clusters/**/flux-system/"
-          ./bin/flux create kustomization flux-system \
-          --interval=15m \
-          --source=flux-system \
-          --path=./clusters/staging
-          kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=5m
-          kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
-          kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
-      - name: Debug failure
-        if: failure()
-        run: |
-          kubectl -n flux-system get all
-          kubectl -n flux-system describe po 
-          kubectl -n flux-system logs deploy/source-controller
-          kubectl -n flux-system logs deploy/kustomize-controller
-
-  conform-k3s:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        # Keep this list up-to-date with https://endoflife.date/kubernetes
-        # Available versions can be found with "replicated cluster versions"
-        K3S_VERSION: [ 1.28.7,  1.29.2 ]
-      fail-fast: false
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          cache-dependency-path: |
-            **/go.sum
-            **/go.mod
-      - name: Prepare
-        id: prep
-        run: |
-          ID=${GITHUB_SHA:0:7}-${{ matrix.K3S_VERSION }}-$(date +%s)
-          PSEUDO_RAND_SUFFIX=$(echo "${ID}" | shasum | awk '{print $1}')
-          echo "cluster=flux2-k3s-${PSEUDO_RAND_SUFFIX}" >> $GITHUB_OUTPUT
-          KUBECONFIG_PATH="$(git rev-parse --show-toplevel)/bin/kubeconfig.yaml"
-          echo "kubeconfig-path=${KUBECONFIG_PATH}" >> $GITHUB_OUTPUT
-      - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
-      - name: Build
-        run: make build-dev
-      - name: Create repository
-        run: |
-          gh repo create --private --add-readme fluxcd-testing/${{ steps.prep.outputs.cluster }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-      - name: Create cluster
-        id: create-cluster
-        uses: replicatedhq/compatibility-actions/create-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2
-        with:
-          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
-          kubernetes-distribution: "k3s"
-          kubernetes-version: ${{ matrix.K3S_VERSION }}
-          ttl: 20m
-          cluster-name: "${{ steps.prep.outputs.cluster }}"
-          kubeconfig-path: ${{ steps.prep.outputs.kubeconfig-path }}
-          export-kubeconfig: true
-      - name: Run e2e tests
-        run: TEST_KUBECONFIG=${{ steps.prep.outputs.kubeconfig-path }} make e2e
-      - name: Run flux bootstrap
-        run: |
-          ./bin/flux bootstrap git --manifests ./manifests/install/ \
-          --components-extra=image-reflector-controller,image-automation-controller \
-          --url=https://github.com/fluxcd-testing/${{ steps.prep.outputs.cluster }} \
-          --branch=main \
-          --path=clusters/k3s \
-          --token-auth
-        env:
-          GIT_PASSWORD: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-      - name: Run flux check
-        run: |
-          ./bin/flux check
-      - name: Run flux reconcile
-        run: |
-          ./bin/flux reconcile ks flux-system --with-source
-          ./bin/flux get all
-          ./bin/flux events
-      - name: Collect reconcile logs
-        if: ${{ always() }}
-        continue-on-error: true
-        run: |
-          kubectl -n flux-system get all
-          kubectl -n flux-system describe pods
-          kubectl -n flux-system logs deploy/source-controller
-          kubectl -n flux-system logs deploy/kustomize-controller
-          kubectl -n flux-system logs deploy/notification-controller
-      - name: Delete flux
-        run: |
-          ./bin/flux uninstall -s --keep-namespace
-          kubectl delete ns flux-system --wait
-      - name: Delete cluster
-        if: ${{ always() }}
-        uses: replicatedhq/replicated-actions/remove-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2
-        continue-on-error: true
-        with:
-          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
-          cluster-id: ${{ steps.create-cluster.outputs.cluster-id }}
-      - name: Delete repository
-        if: ${{ always() }}
-        continue-on-error: true
-        run: |
-          gh repo delete fluxcd-testing/${{ steps.prep.outputs.cluster }} --yes
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-
-  conform-openshift:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        # Keep this list up-to-date with https://endoflife.date/red-hat-openshift
-        OPENSHIFT_VERSION: [ 4.15.0-okd ]
-      fail-fast: false
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          cache-dependency-path: |
-            **/go.sum
-            **/go.mod
-      - name: Prepare
-        id: prep
-        run: |
-          ID=${GITHUB_SHA:0:7}-${{ matrix.OPENSHIFT_VERSION }}-$(date +%s)
-          PSEUDO_RAND_SUFFIX=$(echo "${ID}" | shasum | awk '{print $1}')
-          echo "cluster=flux2-openshift-${PSEUDO_RAND_SUFFIX}" >> $GITHUB_OUTPUT
-          KUBECONFIG_PATH="$(git rev-parse --show-toplevel)/bin/kubeconfig.yaml"
-          echo "kubeconfig-path=${KUBECONFIG_PATH}" >> $GITHUB_OUTPUT
-      - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
-      - name: Build
-        run: make build-dev
-      - name: Create repository
-        run: |
-          gh repo create --private --add-readme fluxcd-testing/${{ steps.prep.outputs.cluster }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-      - name: Create cluster
-        id: create-cluster
-        uses: replicatedhq/compatibility-actions/create-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2
-        with:
-          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
-          kubernetes-distribution: "openshift"
-          kubernetes-version: ${{ matrix.OPENSHIFT_VERSION }}
-          ttl: 20m
-          cluster-name: "${{ steps.prep.outputs.cluster }}"
-          kubeconfig-path: ${{ steps.prep.outputs.kubeconfig-path }}
-          export-kubeconfig: true
-      - name: Run flux bootstrap
-        run: |
-          ./bin/flux bootstrap git --manifests ./manifests/openshift/ \
-          --components-extra=image-reflector-controller,image-automation-controller \
-          --url=https://github.com/fluxcd-testing/${{ steps.prep.outputs.cluster }} \
-          --branch=main \
-          --path=clusters/openshift \
-          --token-auth
-        env:
-          GIT_PASSWORD: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-      - name: Run flux check
-        run: |
-          ./bin/flux check
-      - name: Run flux reconcile
-        run: |
-          ./bin/flux reconcile ks flux-system --with-source
-          ./bin/flux get all
-          ./bin/flux events
-      - name: Collect reconcile logs
-        if: ${{ always() }}
-        continue-on-error: true
-        run: |
-          kubectl -n flux-system get all
-          kubectl -n flux-system describe pods
-          kubectl -n flux-system logs deploy/source-controller
-          kubectl -n flux-system logs deploy/kustomize-controller
-          kubectl -n flux-system logs deploy/notification-controller
-      - name: Delete flux
-        run: |
-          ./bin/flux uninstall -s --keep-namespace
-          kubectl delete ns flux-system --wait
-      - name: Delete cluster
-        if: ${{ always() }}
-        uses: replicatedhq/replicated-actions/remove-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2
-        continue-on-error: true
-        with:
-          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
-          cluster-id: ${{ steps.create-cluster.outputs.cluster-id }}
-      - name: Delete repository
-        if: ${{ always() }}
-        continue-on-error: true
-        run: |
-          gh repo delete fluxcd-testing/${{ steps.prep.outputs.cluster }} --yes
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}

.github/workflows/e2e-arm64.yaml

@@ -0,0 +1,106 @@
+name: e2e-arm64
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ 'main', 'update-components', 'e2e-*', 'release/**' ]
+
+permissions:
+  contents: read
+
+jobs:
+  e2e-arm64-kubernetes:
+    # Hosted on Equinix
+    # Docs: https://github.com/fluxcd/flux2/tree/main/.github/runners
+    runs-on: [self-hosted, Linux, ARM64, equinix]
+    strategy:
+      matrix:
+        # Keep this list up-to-date with https://endoflife.date/kubernetes
+        # Check which versions are available on DockerHub with 'crane ls kindest/node'
+        KUBERNETES_VERSION: [ 1.26.6, 1.27.3, 1.28.0, 1.29.0 ]
+      fail-fast: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: 1.20.x
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
+      - name: Prepare
+        id: prep
+        run: |
+          ID=${GITHUB_SHA:0:7}-${{ matrix.KUBERNETES_VERSION }}-$(date +%s)
+          echo "CLUSTER=arm64-${ID}" >> $GITHUB_OUTPUT
+      - name: Build
+        run: |
+          make build
+      - name: Setup Kubernetes Kind
+        run: |
+          kind create cluster \
+          --wait 5m \
+          --name ${{ steps.prep.outputs.CLUSTER }} \
+          --kubeconfig=/tmp/${{ steps.prep.outputs.CLUSTER }} \
+          --image=kindest/node:v${{ matrix.KUBERNETES_VERSION }}
+      - name: Run e2e tests
+        run: TEST_KUBECONFIG=/tmp/${{ steps.prep.outputs.CLUSTER }} make e2e
+      - name: Run multi-tenancy tests
+        env:
+          KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
+        run: |
+          ./bin/flux install
+          ./bin/flux create source git flux-system \
+          --interval=15m \
+          --url=https://github.com/fluxcd/flux2-multi-tenancy \
+          --branch=main \
+          --ignore-paths="./clusters/**/flux-system/"
+          ./bin/flux create kustomization flux-system \
+          --interval=15m \
+          --source=flux-system \
+          --path=./clusters/staging
+          kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=5m
+          kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
+          kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
+      - name: Run monitoring tests
+        # Keep this test in sync with https://fluxcd.io/flux/guides/monitoring/
+        env:
+          KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
+        run: |
+          ./bin/flux create source git flux-monitoring \
+          --interval=30m \
+          --url=https://github.com/fluxcd/flux2 \
+          --branch=${GITHUB_REF#refs/heads/}
+          ./bin/flux create kustomization kube-prometheus-stack \
+          --interval=1h \
+          --prune \
+          --source=flux-monitoring \
+          --path="./manifests/monitoring/kube-prometheus-stack" \
+          --health-check-timeout=5m \
+          --wait
+          ./bin/flux create kustomization monitoring-config \
+          --depends-on=kube-prometheus-stack \
+          --interval=1h \
+          --prune=true \
+          --source=flux-monitoring \
+          --path="./manifests/monitoring/monitoring-config" \
+          --health-check-timeout=1m \
+          --wait
+          kubectl -n flux-system wait kustomization/kube-prometheus-stack --for=condition=ready --timeout=5m
+          kubectl -n flux-system wait kustomization/monitoring-config --for=condition=ready --timeout=5m
+          kubectl -n monitoring wait helmrelease/kube-prometheus-stack --for=condition=ready --timeout=1m
+      - name: Debug failure
+        if: failure()
+        env:
+          KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
+        run: |
+          kubectl -n flux-system get all
+          kubectl -n flux-system describe po 
+          kubectl -n flux-system logs deploy/source-controller
+          kubectl -n flux-system logs deploy/kustomize-controller
+      - name: Cleanup
+        if: always()
+        run: |
+          kind delete cluster --name ${{ steps.prep.outputs.CLUSTER }}
+          rm /tmp/${{ steps.prep.outputs.CLUSTER }}

.github/workflows/e2e-azure.yaml

@@ -21,7 +21,52 @@ permissions:
   contents: read
 
 jobs:
-  e2e-aks:
+  e2e-amd64-aks:
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: ./tests/azure
+    # This job is currently disabled. Remove the false check when Azure subscription is enabled.
+    if: false && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: 1.20.x
+          cache-dependency-path: tests/azure/go.sum
+      - name: Setup Flux CLI
+        run: |
+          make build
+          mkdir -p $HOME/.local/bin
+          mv ./bin/flux $HOME/.local/bin
+        working-directory: ./
+      - name: Setup SOPS
+        run: |
+          mkdir -p $HOME/.local/bin
+          wget https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux -O $HOME/.local/bin/sops
+          chmod +x $HOME/.local/bin/sops
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v2
+        with:
+          terraform_version: 1.2.8
+          terraform_wrapper: false
+      - name: Setup Azure CLI
+        run: |
+          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+      - name: Run Azure e2e tests
+        env:
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+          ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+        run: |
+          ls $HOME/.local/bin
+          az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} -t ${ARM_TENANT_ID}
+          go test -v -coverprofile cover.out -timeout 60m .
+
+  refactored-e2e-amd64-aks:
     runs-on: ubuntu-22.04
     defaults:
       run:
@@ -30,11 +75,11 @@ jobs:
     if: false && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
       - name: CheckoutD
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.23.x
+          go-version: 1.20.x
           cache-dependency-path: tests/integration/go.sum
       - name: Setup Flux CLI
         run: make build
@@ -47,7 +92,7 @@ jobs:
         env:
           SOPS_VER: 3.7.1
       - name: Authenticate to Azure
-        uses: Azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v1.4.6
+        uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.4.6
         with:
           creds: '{"clientId":"${{ secrets.AZ_ARM_CLIENT_ID }}","clientSecret":"${{ secrets.AZ_ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZ_ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZ_ARM_TENANT_ID }}"}'
       - name: Set dynamic variables in .env
@@ -78,14 +123,3 @@ jobs:
           echo $GITREPO_SSH_PUB_CONTENTS | base64 -d > ./build/ssh/key.pub
           export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
           make test-azure
-      - name: Ensure resource cleanup
-        if: ${{ always() }}
-        env:
-          ARM_CLIENT_ID: ${{ secrets.AZ_ARM_CLIENT_ID }}
-          ARM_CLIENT_SECRET: ${{ secrets.AZ_ARM_CLIENT_SECRET }}
-          ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_ARM_SUBSCRIPTION_ID }}
-          ARM_TENANT_ID: ${{ secrets.AZ_ARM_TENANT_ID }}
-          TF_VAR_azuredevops_org: ${{ secrets.TF_VAR_azuredevops_org }}
-          TF_VAR_azuredevops_pat: ${{ secrets.TF_VAR_azuredevops_pat }}
-          TF_VAR_location: ${{ vars.TF_VAR_azure_location }}
-        run: source .env && make destroy-azure

.github/workflows/e2e-bootstrap.yaml

@@ -17,29 +17,29 @@ jobs:
     if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.23.x
+          go-version: 1.20.x
           cache-dependency-path: |
             **/go.sum
             **/go.mod
       - name: Setup Kubernetes
-        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
         with:
-          version: v0.22.0
+          version: v0.20.0
           cluster_name: kind
           # The versions below should target the newest Kubernetes version
           # Keep this up-to-date with https://endoflife.date/kubernetes
-          node_image: ghcr.io/fluxcd/kindest/node:v1.30.0-amd64
-          kubectl_version: v1.30.0
+          node_image: kindest/node:v1.28.0@sha256:9f3ff58f19dcf1a0611d11e8ac989fdb30a28f40f236f59f0bea31fb956ccf5c
+          kubectl_version: v1.28.0
       - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
-      - name: Setup yq
-        uses: fluxcd/pkg/actions/yq@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Build
-        run: make build-dev
+        run: |
+          make cmd/flux/.manifests.done
+          go build -o /tmp/flux ./cmd/flux
       - name: Set outputs
         id: vars
         run: |
@@ -51,24 +51,18 @@ jobs:
           echo "test_repo_name=$TEST_REPO_NAME" >> $GITHUB_OUTPUT
       - name: bootstrap init
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
-          --image-pull-secret=ghcr-auth \
-          --registry-creds=fluxcd:$GITHUB_TOKEN \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster \
           --team=team-z
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-      - name: verify image pull secret
-        run: |
-          kubectl -n flux-system get secret ghcr-auth | grep dockerconfigjson
       - name: bootstrap no-op
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
-          --image-pull-secret=ghcr-auth \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster \
@@ -78,7 +72,7 @@ jobs:
       - name: bootstrap customize
         run: |
           make setup-bootstrap-patch
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
@@ -93,31 +87,46 @@ jobs:
           GITHUB_ORG_NAME: fluxcd-testing
       - name: uninstall
         run: |
-          ./bin/flux uninstall -s --keep-namespace
+          /tmp/flux uninstall -s --keep-namespace
           kubectl delete ns flux-system --timeout=10m --wait=true
       - name: test image automation
         run: |
           make setup-image-automation
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster \
           --read-write-key
-          ./bin/flux reconcile image repository podinfo
-          ./bin/flux reconcile image update flux-system
-          ./bin/flux get images all
-          kubectl -n flux-system get -o yaml ImageUpdateAutomation flux-system | \
-           yq '.status.lastPushCommit | length > 1' | grep 'true'
+          /tmp/flux reconcile image repository podinfo
+          /tmp/flux get images all
+          
+          retries=10
+          count=0
+          ok=false
+          until ${ok}; do
+              /tmp/flux get image update flux-system | grep 'commit' && ok=true || ok=false
+              count=$(($count + 1))
+              if [[ ${count} -eq ${retries} ]]; then
+                  echo "No more retries left"
+                  exit 1
+              fi
+              sleep 6
+              /tmp/flux reconcile image update flux-system
+          done
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
           GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
           GITHUB_ORG_NAME: fluxcd-testing
       - name: delete repository
         if: ${{ always() }}
-        continue-on-error: true
         run: |
-          gh repo delete fluxcd-testing/${{ steps.vars.outputs.test_repo_name }} --yes
+          curl \
+            -X DELETE \
+            -H "Accept: application/vnd.github.v3+json" \
+            -H "Authorization: token ${GITHUB_TOKEN}" \
+            --fail --silent \
+            https://api.github.com/repos/fluxcd-testing/${{ steps.vars.outputs.test_repo_name }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
       - name: Debug failure

.github/workflows/e2e-gcp.yaml

@@ -29,11 +29,11 @@ jobs:
     if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.23.x
+          go-version: 1.20.x
           cache-dependency-path: tests/integration/go.sum
       - name: Setup Flux CLI
         run: make build
@@ -46,19 +46,19 @@ jobs:
         env:
           SOPS_VER: 3.7.1
       - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
+        uses: google-github-actions/auth@67e9c72af6e0492df856527b474995862b7b6591 # v2.0.0
         id: 'auth'
         with:
           credentials_json: '${{ secrets.FLUX2_E2E_GOOGLE_CREDENTIALS }}'
           token_format: 'access_token'
       - name: Setup gcloud
-        uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
+        uses: google-github-actions/setup-gcloud@825196879a077b7efa50db2e88409f44de4635c2 # v2.0.0
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
       - name: Log into us-central1-docker.pkg.dev
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           registry: us-central1-docker.pkg.dev
           username: oauth2accesstoken
@@ -90,13 +90,3 @@ jobs:
           echo $GITREPO_SSH_PUB_CONTENTS | base64 -d > ./build/ssh/key.pub
           export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
           make test-gcp
-      - name: Ensure resource cleanup
-        if: ${{ always() }}
-        env:
-          TF_VAR_gcp_project_id: ${{ vars.TF_VAR_gcp_project_id }}
-          TF_VAR_gcp_region: ${{ vars.TF_VAR_gcp_region }}
-          TF_VAR_gcp_zone: ${{ vars.TF_VAR_gcp_zone }}
-          TF_VAR_gcp_email: ${{ secrets.TF_VAR_gcp_email }}
-          TF_VAR_gcp_keyring: ${{ secrets.TF_VAR_gcp_keyring }}
-          TF_VAR_gcp_crypto_key: ${{ secrets.TF_VAR_gcp_crypto_key }}
-        run: source .env && make destroy-gcp

.github/workflows/e2e.yaml

@@ -13,9 +13,7 @@ permissions:
 
 jobs:
   e2e-amd64-kubernetes:
-    runs-on:
-      group: "Default Larger Runners"
-      labels: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     services:
       registry:
         image: registry:2
@@ -23,30 +21,30 @@ jobs:
           - 5000:5000
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.23.x
+          go-version: 1.20.x
           cache-dependency-path: |
             **/go.sum
             **/go.mod
       - name: Setup Kubernetes
-        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
         with:
-          version: v0.22.0
+          version: v0.20.0
           cluster_name: kind
-          wait: 5s
           config: .github/kind/config.yaml # disable KIND-net
-          # The versions below should target the oldest supported Kubernetes version
+          # The versions below should target the newest Kubernetes version
           # Keep this up-to-date with https://endoflife.date/kubernetes
-          node_image: ghcr.io/fluxcd/kindest/node:v1.28.9-amd64
-          kubectl_version: v1.28.9
+          node_image: kindest/node:v1.28.0@sha256:9f3ff58f19dcf1a0611d11e8ac989fdb30a28f40f236f59f0bea31fb956ccf5c
+          kubectl_version: v1.28.0
       - name: Setup Calico for network policy
         run: |
-          kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/calico.yaml
+          kubectl apply -f https://docs.projectcalico.org/v3.25/manifests/calico.yaml
+          kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
       - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Run tests
         run: make test
       - name: Run e2e tests
@@ -59,43 +57,44 @@ jobs:
             exit 1
           fi
       - name: Build
-        run: make build-dev
+        run: |
+          go build -o /tmp/flux ./cmd/flux
       - name: flux check --pre
         run: |
-          ./bin/flux check --pre
+          /tmp/flux check --pre
       - name: flux install --manifests
         run: |
-          ./bin/flux install --manifests ./manifests/install/
+          /tmp/flux install --manifests ./manifests/install/
       - name: flux create secret
         run: |
-          ./bin/flux create secret git git-ssh-test \
+          /tmp/flux create secret git git-ssh-test \
             --url ssh://git@github.com/stefanprodan/podinfo
-          ./bin/flux create secret git git-https-test \
+          /tmp/flux create secret git git-https-test \
             --url https://github.com/stefanprodan/podinfo \
             --username=test --password=test
-          ./bin/flux create secret helm helm-test \
+          /tmp/flux create secret helm helm-test \
             --username=test --password=test
       - name: flux create source git
         run: |
-          ./bin/flux create source git podinfo \
+          /tmp/flux create source git podinfo \
             --url https://github.com/stefanprodan/podinfo  \
             --tag-semver=">=6.3.5"
       - name: flux create source git export apply
         run: |
-          ./bin/flux create source git podinfo-export \
+          /tmp/flux create source git podinfo-export \
             --url https://github.com/stefanprodan/podinfo  \
             --tag-semver=">=6.3.5" \
             --export | kubectl apply -f -
-          ./bin/flux delete source git podinfo-export --silent
+          /tmp/flux delete source git podinfo-export --silent
       - name: flux get sources git
         run: |
-          ./bin/flux get sources git
+          /tmp/flux get sources git
       - name: flux get sources git --all-namespaces
         run: |
-          ./bin/flux get sources git --all-namespaces
+          /tmp/flux get sources git --all-namespaces
       - name: flux create kustomization
         run: |
-          ./bin/flux create kustomization podinfo \
+          /tmp/flux create kustomization podinfo \
             --source=podinfo \
             --path="./deploy/overlays/dev" \
             --prune=true \
@@ -105,89 +104,89 @@ jobs:
             --health-check-timeout=3m
       - name: flux trace
         run: |
-          ./bin/flux trace frontend \
+          /tmp/flux trace frontend \
             --kind=deployment \
             --api-version=apps/v1 \
             --namespace=dev
       - name: flux reconcile kustomization --with-source
         run: |
-          ./bin/flux reconcile kustomization podinfo --with-source
+          /tmp/flux reconcile kustomization podinfo --with-source
       - name: flux get kustomizations
         run: |
-          ./bin/flux get kustomizations
+          /tmp/flux get kustomizations
       - name: flux get kustomizations --all-namespaces
         run: |
-          ./bin/flux get kustomizations --all-namespaces
+          /tmp/flux get kustomizations --all-namespaces
       - name: flux suspend kustomization
         run: |
-          ./bin/flux suspend kustomization podinfo
+          /tmp/flux suspend kustomization podinfo
       - name: flux resume kustomization
         run: |
-          ./bin/flux resume kustomization podinfo
+          /tmp/flux resume kustomization podinfo
       - name: flux export
         run: |
-          ./bin/flux export source git --all
-          ./bin/flux export kustomization --all
+          /tmp/flux export source git --all
+          /tmp/flux export kustomization --all
       - name: flux delete kustomization
         run: |
-          ./bin/flux delete kustomization podinfo --silent
+          /tmp/flux delete kustomization podinfo --silent
       - name: flux create source helm
         run: |
-          ./bin/flux create source helm podinfo \
+          /tmp/flux create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
       - name: flux create helmrelease --source=HelmRepository/podinfo
         run: |
-          ./bin/flux create hr podinfo-helm \
+          /tmp/flux create hr podinfo-helm \
             --target-namespace=default \
             --source=HelmRepository/podinfo.flux-system \
             --chart=podinfo \
             --chart-version=">6.0.0 <7.0.0"
       - name: flux create helmrelease --source=GitRepository/podinfo
         run: |
-          ./bin/flux create hr podinfo-git \
+          /tmp/flux create hr podinfo-git \
             --target-namespace=default \
             --source=GitRepository/podinfo \
             --chart=./charts/podinfo
       - name: flux reconcile helmrelease --with-source
         run: |
-          ./bin/flux reconcile helmrelease podinfo-git --with-source
+          /tmp/flux reconcile helmrelease podinfo-git --with-source
       - name: flux get helmreleases
         run: |
-          ./bin/flux get helmreleases
+          /tmp/flux get helmreleases
       - name: flux get helmreleases --all-namespaces
         run: |
-          ./bin/flux get helmreleases --all-namespaces
+          /tmp/flux get helmreleases --all-namespaces
       - name: flux export helmrelease
         run: |
-          ./bin/flux export hr --all
+          /tmp/flux export hr --all
       - name: flux delete helmrelease podinfo-helm
         run: |
-          ./bin/flux delete hr podinfo-helm --silent
+          /tmp/flux delete hr podinfo-helm --silent
       - name: flux delete helmrelease podinfo-git
         run: |
-          ./bin/flux delete hr podinfo-git --silent
+          /tmp/flux delete hr podinfo-git --silent
       - name: flux delete source helm
         run: |
-          ./bin/flux delete source helm podinfo --silent
+          /tmp/flux delete source helm podinfo --silent
       - name: flux delete source git
         run: |
-          ./bin/flux delete source git podinfo --silent
+          /tmp/flux delete source git podinfo --silent
       - name: flux oci artifacts
         run: |
-          ./bin/flux push artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
+          /tmp/flux push artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
             --path="./manifests" \
             --source="${{ github.repositoryUrl }}" \
             --revision="${{ github.ref }}@sha1:${{ github.sha }}"
-          ./bin/flux tag artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
+          /tmp/flux tag artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
             --tag latest
-          ./bin/flux list artifacts oci://localhost:5000/fluxcd/flux
+          /tmp/flux list artifacts oci://localhost:5000/fluxcd/flux
       - name: flux oci repositories
         run: |
-          ./bin/flux create source oci podinfo-oci \
+          /tmp/flux create source oci podinfo-oci \
             --url oci://ghcr.io/stefanprodan/manifests/podinfo \
             --tag-semver 6.3.x \
             --interval 10m
-          ./bin/flux create kustomization podinfo-oci \
+          /tmp/flux create kustomization podinfo-oci \
             --source=OCIRepository/podinfo-oci \
             --path="./" \
             --prune=true \
@@ -195,31 +194,31 @@ jobs:
             --target-namespace=default \
             --wait=true \
             --health-check-timeout=3m
-          ./bin/flux reconcile source oci podinfo-oci
-          ./bin/flux suspend source oci podinfo-oci
-          ./bin/flux get sources oci
-          ./bin/flux resume source oci podinfo-oci
-          ./bin/flux export source oci podinfo-oci
-          ./bin/flux delete ks podinfo-oci --silent
-          ./bin/flux delete source oci podinfo-oci --silent
+          /tmp/flux reconcile source oci podinfo-oci
+          /tmp/flux suspend source oci podinfo-oci
+          /tmp/flux get sources oci
+          /tmp/flux resume source oci podinfo-oci
+          /tmp/flux export source oci podinfo-oci
+          /tmp/flux delete ks podinfo-oci --silent
+          /tmp/flux delete source oci podinfo-oci --silent
       - name: flux create tenant
         run: |
-          ./bin/flux create tenant dev-team --with-namespace=apps
-          ./bin/flux -n apps create source helm podinfo \
+          /tmp/flux create tenant dev-team --with-namespace=apps
+          /tmp/flux -n apps create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
-          ./bin/flux -n apps create hr podinfo-helm \
+          /tmp/flux -n apps create hr podinfo-helm \
             --source=HelmRepository/podinfo \
             --chart=podinfo \
             --chart-version="6.3.x" \
             --service-account=dev-team
       - name: flux2-kustomize-helm-example
         run: |
-          ./bin/flux create source git flux-system \
+          /tmp/flux create source git flux-system \
           --url=https://github.com/fluxcd/flux2-kustomize-helm-example \
           --branch=main \
           --ignore-paths="./clusters/**/flux-system/" \
           --recurse-submodules
-          ./bin/flux create kustomization flux-system \
+          /tmp/flux create kustomization flux-system \
           --source=flux-system \
           --path=./clusters/staging
           kubectl -n flux-system wait kustomization/infra-controllers --for=condition=ready --timeout=5m
@@ -227,23 +226,13 @@ jobs:
           kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
       - name: flux tree
         run: |
-          ./bin/flux tree kustomization flux-system | grep Service/podinfo
-      - name: flux events
-        run: |
-          ./bin/flux -n flux-system events --for Kustomization/apps | grep 'HelmRelease/podinfo'
-          ./bin/flux -n podinfo events --for HelmRelease/podinfo | grep 'podinfo.v1'
-      - name: flux stats
-        run: |
-          ./bin/flux stats -A
+          /tmp/flux tree kustomization flux-system | grep Service/podinfo
       - name: flux check
         run: |
-          ./bin/flux check
-      - name: flux version
-        run: |
-          ./bin/flux version
+          /tmp/flux check
       - name: flux uninstall
         run: |
-          ./bin/flux uninstall --silent
+          /tmp/flux uninstall --silent
       - name: Debug failure
         if: failure()
         run: |

.github/workflows/ossf.yaml

@@ -19,21 +19,21 @@ jobs:
       actions: read
       contents: read
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Run analysis
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           publish_results: true
       - name: Upload artifact
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       - name: Upload SARIF results
-        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
         with:
           sarif_file: results.sarif

.github/workflows/release.yaml

@@ -20,33 +20,33 @@ jobs:
       packages: write # needed for ghcr access
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Unshallow
         run: git fetch --prune --unshallow
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.23.x
+          go-version: 1.20.x
           cache: false
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db  # v3.6.1
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226  # v3.0.0
       - name: Setup Syft
-        uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
+        uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
       - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567  # v3.3.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d  # v3.0.0
         with:
           username: fluxcdbot
           password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
@@ -59,7 +59,7 @@ jobs:
         run: |
           kustomize build manifests/crds > all-crds.yaml
       - name: Generate OpenAPI JSON schemas from CRDs
-        uses: fluxcd/pkg/actions/crdjsonschema@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
+        uses: fluxcd/pkg/actions/crdjsonschema@main
         with:
           crd: all-crds.yaml
           output: schemas
@@ -79,10 +79,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         with:
           version: latest
-          args: release --release-notes=output/notes.md --skip=validate
+          args: release --release-notes=output/notes.md --skip-validate
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
@@ -110,9 +110,9 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Setup Flux CLI
         uses: ./action/
       - name: Prepare
@@ -121,13 +121,13 @@ jobs:
           VERSION=$(flux version --client | awk '{ print $NF }')
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
       - name: Login to GHCR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Login to DockerHub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           username: fluxcdbot
           password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
@@ -155,7 +155,7 @@ jobs:
           --path="./flux-system" \
           --source=${{ github.repositoryUrl }} \
           --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
-      - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+      - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
       - name: Sign manifests
         env:
           COSIGN_EXPERIMENTAL: 1
@@ -176,7 +176,7 @@ jobs:
       actions: read # for detecting the Github Actions environment.
       id-token: write # for creating OIDC tokens for signing.
       contents: write # for uploading attestations to GitHub releases.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
     with:
       provenance-name: "provenance.intoto.jsonl"
       base64-subjects: "${{ needs.release-flux-cli.outputs.hashes }}"
@@ -188,7 +188,7 @@ jobs:
       actions: read # for detecting the Github Actions environment.
       id-token: write # for creating OIDC tokens for signing.
       packages: write # for uploading attestations.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
     with:
       image: ${{ needs.release-flux-cli.outputs.image_url }}
       digest: ${{ needs.release-flux-cli.outputs.image_digest }}
@@ -202,7 +202,7 @@ jobs:
       actions: read # for detecting the Github Actions environment.
       id-token: write # for creating OIDC tokens for signing.
       packages: write # for uploading attestations.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
     with:
       image: ghcr.io/${{ needs.release-flux-cli.outputs.image_url }}
       digest: ${{ needs.release-flux-cli.outputs.image_digest }}

.github/workflows/scan.yaml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.actor != 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Run FOSSA scan and upload build data
         uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 # v3.0.0
         with:
@@ -31,13 +31,13 @@ jobs:
       security-events: write
     if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Kustomize
-        uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version-file: 'go.mod'
+          go-version: 1.20.x
           cache-dependency-path: |
             **/go.sum
             **/go.mod
@@ -49,12 +49,11 @@ jobs:
       - name:  Run Snyk to check for vulnerabilities
         continue-on-error: true
         run: |
-          snyk test --all-projects --sarif-file-output=snyk.sarif
+          snyk test --sarif-file-output=snyk.sarif
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       - name: Upload result to GitHub Code Scanning
-        continue-on-error: true
-        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
         with:
           sarif_file: snyk.sarif
 
@@ -65,22 +64,22 @@ jobs:
     if: github.actor != 'dependabot[bot]'
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version-file: 'go.mod'
+          go-version: 1.20.x
           cache-dependency-path: |
             **/go.sum
             **/go.mod
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
         with:
           languages: go
           # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # xref: https://codeql.github.com/codeql-query-help/go/
           queries: security-and-quality
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4

.github/workflows/sync-labels.yaml

@@ -17,8 +17,8 @@ jobs:
     permissions:
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: EndBug/label-sync@52074158190acb45f3077f9099fea818aa43f97a # v2.3.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # v2.3.2
         with:
           # Configuration file
           config-file: |

.github/workflows/update.yaml

@@ -18,11 +18,11 @@ jobs:
       pull-requests: write
     steps:
       - name: Check out code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.23.x
+          go-version: 1.20.x
           cache-dependency-path: |
             **/go.sum
             **/go.mod
@@ -84,7 +84,7 @@ jobs:
 
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
         with:
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
           commit-message: |

.goreleaser.yml

@@ -15,7 +15,7 @@ builds:
       - arm64
       - arm
     goarm:
-      - "7"
+      - 7
   - <<: *build_defaults
     id: darwin
     goos:
@@ -73,11 +73,11 @@ signs:
     output: true
 brews:
   - name: flux
-    repository:
+    tap:
       owner: fluxcd
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
-    directory: Formula
+    folder: Formula
     homepage: "https://fluxcd.io/"
     description: "Flux CLI"
     install: |

Dockerfile

@@ -1,15 +1,15 @@
-FROM alpine:3.20 as builder
+FROM alpine:3.19 as builder
 
 RUN apk add --no-cache ca-certificates curl
 
 ARG ARCH=linux/amd64
-ARG KUBECTL_VER=1.31.0
+ARG KUBECTL_VER=1.28.4
 
 RUN curl -sL https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/${ARCH}/kubectl \
     -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
     kubectl version --client=true
 
-FROM alpine:3.20 as flux-cli
+FROM alpine:3.19 as flux-cli
 
 RUN apk add --no-cache ca-certificates
 

Makefile

@@ -17,8 +17,9 @@ rwildcard=$(foreach d,$(wildcard $(addsuffix *,$(1))),$(call rwildcard,$(d)/,$(2
 all: test build
 
 tidy:
-	go mod tidy -compat=1.22
-	cd tests/integration && go mod tidy -compat=1.22
+	go mod tidy -compat=1.20
+	cd tests/azure && go mod tidy -compat=1.20
+	cd tests/integration && go mod tidy -compat=1.20
 
 fmt:
 	go fmt ./...

README.md

@@ -2,7 +2,7 @@
 
 [![release](https://img.shields.io/github/release/fluxcd/flux2/all.svg)](https://github.com/fluxcd/flux2/releases)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4782/badge)](https://bestpractices.coreinfrastructure.org/projects/4782)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/fluxcd/flux2/badge)](https://scorecard.dev/viewer/?uri=github.com/fluxcd/flux2)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/fluxcd/flux2/badge)](https://api.securityscorecards.dev/projects/github.com/fluxcd/flux2)
 [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ffluxcd%2Fflux2.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ffluxcd%2Fflux2?ref=badge_shield)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/flux2)](https://artifacthub.io/packages/helm/fluxcd-community/flux2)
 [![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://fluxcd.io/flux/security/slsa-assessment)
@@ -21,7 +21,7 @@ Flux v2 is constructed with the [GitOps Toolkit](#gitops-toolkit), a
 set of composable APIs and specialized tools for building Continuous
 Delivery on top of Kubernetes.
 
-Flux is a Cloud Native Computing Foundation ([CNCF](https://www.cncf.io/)) graduated project, used in
+Flux is a Cloud Native Computing Foundation ([CNCF](https://www.cncf.io/)) project, used in
 production by various [organisations](https://fluxcd.io/adopters) and [cloud providers](https://fluxcd.io/ecosystem).
 
 ## Quickstart and documentation
@@ -44,7 +44,7 @@ runtime for Flux v2. The APIs comprise Kubernetes custom resources,
 which can be created and updated by a cluster user, or by other
 automation tooling.
 
-![overview](https://raw.githubusercontent.com/fluxcd/flux2/main/docs/diagrams/fluxcd-controllers.png)
+![overview](https://fluxcd.io/img/diagrams/gitops-toolkit.png)
 
 You can use the toolkit to extend Flux, or to build your own systems
 for continuous delivery -- see [the developer

cmd/flux/bootstrap.go

@@ -22,7 +22,6 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/fluxcd/pkg/git"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -54,7 +53,6 @@ type bootstrapFlags struct {
 	requiredComponents []string
 
 	registry        string
-	registryCredential string
 	imagePullSecret string
 
 	secretName     string
@@ -65,7 +63,6 @@ type bootstrapFlags struct {
 	sshHostname    string
 	caFile         string
 	privateKeyFile string
-	sshHostKeyAlgorithms []string
 
 	watchAllNamespaces bool
 	networkPolicy      bool
@@ -101,8 +98,6 @@ func init() {
 
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "ghcr.io/fluxcd",
 		"container registry where the Flux controller images are published")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registryCredential, "registry-creds", "",
-		"container registry credentials in the format 'user:password', requires --image-pull-secret to be set")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.imagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the controller images from a private registry")
 
@@ -126,7 +121,6 @@ func init() {
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.secretName, "secret-name", rootArgs.defaults.Namespace, "name of the secret the sync credentials can be found in or stored to")
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyAlgorithm, "ssh-key-algorithm", bootstrapArgs.keyAlgorithm.Description())
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyRSABits, "ssh-rsa-bits", bootstrapArgs.keyRSABits.Description())
-	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.sshHostKeyAlgorithms, "ssh-hostkey-algos", nil, "list of host key algorithms to be used by the CLI for SSH connections")
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyECDSACurve, "ssh-ecdsa-curve", bootstrapArgs.keyECDSACurve.Description())
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.sshHostname, "ssh-hostname", "", "SSH hostname, to be used when the SSH host differs from the HTTPS one")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
@@ -141,7 +135,7 @@ func init() {
 
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.commitMessageAppendix, "commit-message-appendix", "", "string to add to the commit messages, e.g. '[ci skip]'")
 
-	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.force, "force", false, "override existing Flux installation if it's managed by a different tool such as Helm")
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.force, "force", false, "override existing Flux installation if it's managed by a diffrent tool such as Helm")
 	bootstrapCmd.PersistentFlags().MarkHidden("manifests")
 
 	rootCmd.AddCommand(bootstrapCmd)
@@ -187,18 +181,6 @@ func bootstrapValidate() error {
 		return err
 	}
 
-	if bootstrapArgs.registryCredential != "" && bootstrapArgs.imagePullSecret == "" {
-		return fmt.Errorf("--registry-creds requires --image-pull-secret to be set")
-	}
-
-	if bootstrapArgs.registryCredential != "" && len(strings.Split(bootstrapArgs.registryCredential, ":")) != 2 {
-		return fmt.Errorf("invalid --registry-creds format, expected 'user:password'")
-	}
-
-	if len(bootstrapArgs.sshHostKeyAlgorithms) > 0 {
-		git.HostKeyAlgos = bootstrapArgs.sshHostKeyAlgorithms
-	}
-
 	return nil
 }
 

cmd/flux/bootstrap_bitbucket_server.go

@@ -196,7 +196,6 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
 		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             bootstrapComponents(),
 		Registry:               bootstrapArgs.registry,
-		RegistryCredential:     bootstrapArgs.registryCredential,
 		ImagePullSecret:        bootstrapArgs.imagePullSecret,
 		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
 		NetworkPolicy:          bootstrapArgs.networkPolicy,

cmd/flux/bootstrap_git.go

@@ -28,9 +28,6 @@ import (
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 
-	"github.com/fluxcd/pkg/git"
-	"github.com/fluxcd/pkg/git/gogit"
-
 	"github.com/fluxcd/flux2/v2/internal/flags"
 	"github.com/fluxcd/flux2/v2/internal/utils"
 	"github.com/fluxcd/flux2/v2/pkg/bootstrap"
@@ -38,6 +35,8 @@ import (
 	"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
 	"github.com/fluxcd/flux2/v2/pkg/manifestgen/sync"
+	"github.com/fluxcd/pkg/git"
+	"github.com/fluxcd/pkg/git/gogit"
 )
 
 var bootstrapGitCmd = &cobra.Command{
@@ -66,10 +65,7 @@ command will perform an upgrade if needed.`,
   flux bootstrap git --url=ssh://<SSH-Key-ID>@git-codecommit.<region>.amazonaws.com/v1/repos/<repository> --private-key-file=<path/to/private.key> --password=<SSH-passphrase> --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository on Azure Devops
-  flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --private-key-file=<path/to/rsa-sha2-private.key> --ssh-hostkey-algos=rsa-sha2-512,rsa-sha2-256 --path=clusters/my-cluster
-
-  # Run bootstrap for a Git repository on Oracle VBS
-  flux bootstrap git --url=https://repository_url.git --with-bearer-token=true --password=<PAT> --path=clusters/my-cluster
+  flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster
 `,
 	RunE: bootstrapGitCmdRun,
 }
@@ -82,7 +78,6 @@ type gitFlags struct {
 	password            string
 	silent              bool
 	insecureHttpAllowed bool
-	withBearerToken     bool
 }
 
 const (
@@ -99,16 +94,11 @@ func init() {
 	bootstrapGitCmd.Flags().StringVarP(&gitArgs.password, "password", "p", "", "basic authentication password")
 	bootstrapGitCmd.Flags().BoolVarP(&gitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
 	bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows insecure HTTP connections")
-	bootstrapGitCmd.Flags().BoolVar(&gitArgs.withBearerToken, "with-bearer-token", false, "use password as bearer token for Authorization header")
 
 	bootstrapCmd.AddCommand(bootstrapGitCmd)
 }
 
 func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
-	if gitArgs.withBearerToken {
-		bootstrapArgs.tokenAuth = true
-	}
-
 	gitPassword := os.Getenv(gitPasswordEnvVar)
 	if gitPassword != "" && gitArgs.password == "" {
 		gitArgs.password = gitPassword
@@ -211,7 +201,6 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             bootstrapComponents(),
 		Registry:               bootstrapArgs.registry,
-		RegistryCredential:     bootstrapArgs.registryCredential,
 		ImagePullSecret:        bootstrapArgs.imagePullSecret,
 		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
 		NetworkPolicy:          bootstrapArgs.networkPolicy,
@@ -234,15 +223,9 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 		TargetPath:   gitArgs.path.String(),
 		ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
 	}
-
 	if bootstrapArgs.tokenAuth {
-		if gitArgs.withBearerToken {
-			secretOpts.BearerToken = gitArgs.password
-		} else {
 		secretOpts.Username = gitArgs.username
 		secretOpts.Password = gitArgs.password
-		}
-
 		secretOpts.CAFile = caBundle
 
 		// Remove port of the given host when not syncing over HTTP/S to not assume port for protocol
@@ -335,28 +318,18 @@ func getAuthOpts(u *url.URL, caBundle []byte) (*git.AuthOptions, error) {
 		if !gitArgs.insecureHttpAllowed {
 			return nil, fmt.Errorf("scheme http is insecure, pass --allow-insecure-http=true to allow it")
 		}
-		httpAuth := git.AuthOptions{
+		return &git.AuthOptions{
 			Transport: git.HTTP,
-		}
-		if gitArgs.withBearerToken {
-			httpAuth.BearerToken = gitArgs.password
-		} else {
-			httpAuth.Username = gitArgs.username
-			httpAuth.Password = gitArgs.password
-		}
-		return &httpAuth, nil
+			Username:  gitArgs.username,
+			Password:  gitArgs.password,
+		}, nil
 	case "https":
-		httpsAuth := git.AuthOptions{
+		return &git.AuthOptions{
 			Transport: git.HTTPS,
+			Username:  gitArgs.username,
+			Password:  gitArgs.password,
 			CAFile:    caBundle,
-		}
-		if gitArgs.withBearerToken {
-			httpsAuth.BearerToken = gitArgs.password
-		} else {
-			httpsAuth.Username = gitArgs.username
-			httpsAuth.Password = gitArgs.password
-		}
-		return &httpsAuth, nil
+		}, nil
 	case "ssh":
 		authOpts := &git.AuthOptions{
 			Transport: git.SSH,

cmd/flux/bootstrap_gitea.go

@@ -184,7 +184,6 @@ func bootstrapGiteaCmdRun(cmd *cobra.Command, args []string) error {
 		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             bootstrapComponents(),
 		Registry:               bootstrapArgs.registry,
-		RegistryCredential:     bootstrapArgs.registryCredential,
 		ImagePullSecret:        bootstrapArgs.imagePullSecret,
 		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
 		NetworkPolicy:          bootstrapArgs.networkPolicy,

cmd/flux/bootstrap_github.go

@@ -191,7 +191,6 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             bootstrapComponents(),
 		Registry:               bootstrapArgs.registry,
-		RegistryCredential:     bootstrapArgs.registryCredential,
 		ImagePullSecret:        bootstrapArgs.imagePullSecret,
 		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
 		NetworkPolicy:          bootstrapArgs.networkPolicy,

cmd/flux/bootstrap_gitlab.go

@@ -24,7 +24,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/fluxcd/go-git-providers/gitprovider"
 	"github.com/fluxcd/pkg/git"
 	"github.com/fluxcd/pkg/git/gogit"
 	"github.com/spf13/cobra"
@@ -59,14 +58,14 @@ the bootstrap command will perform an upgrade if needed.`,
   # Run bootstrap for a repository path
   flux bootstrap gitlab --owner=<group> --repository=<repository name> --path=dev-cluster
 
-  # Run bootstrap for a public repository
-  flux bootstrap gitlab --owner=<group> --repository=<repository name> --visibility=public  --token-auth
+  # Run bootstrap for a public repository on a personal account
+  flux bootstrap gitlab --owner=<user> --repository=<repository name> --private=false --personal --token-auth
 
   # Run bootstrap for a private repository hosted on a GitLab server
-  flux bootstrap gitlab --owner=<group> --repository=<repository name> --hostname=<gitlab_url> --token-auth
+  flux bootstrap gitlab --owner=<group> --repository=<repository name> --hostname=<domain> --token-auth
 
   # Run bootstrap for an existing repository with a branch named main
-  flux bootstrap gitlab --owner=<group> --repository=<repository name> --branch=main --token-auth
+  flux bootstrap gitlab --owner=<organization> --repository=<repository name> --branch=main --token-auth
 
   # Run bootstrap for a private repository using Deploy Token authentication
   flux bootstrap gitlab --owner=<group> --repository=<repository name> --deploy-token-auth
@@ -86,7 +85,6 @@ type gitlabFlags struct {
 	repository      string
 	interval        time.Duration
 	personal        bool
-	visibility      flags.GitLabVisibility
 	private         bool
 	hostname        string
 	path            flags.SafeRelativePath
@@ -96,13 +94,7 @@ type gitlabFlags struct {
 	deployTokenAuth bool
 }
 
-func NewGitlabFlags() gitlabFlags {
-	return gitlabFlags{
-		visibility: flags.GitLabVisibility(gitprovider.RepositoryVisibilityPrivate),
-	}
-}
-
-var gitlabArgs = NewGitlabFlags()
+var gitlabArgs gitlabFlags
 
 func init() {
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.owner, "owner", "", "GitLab user or group name")
@@ -110,8 +102,6 @@ func init() {
 	bootstrapGitLabCmd.Flags().StringSliceVar(&gitlabArgs.teams, "team", []string{}, "GitLab teams to be given maintainer access (also accepts comma-separated values)")
 	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.personal, "personal", false, "if true, the owner is assumed to be a GitLab user; otherwise a group")
 	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.private, "private", true, "if true, the repository is setup or configured as private")
-	bootstrapGitLabCmd.Flags().MarkDeprecated("private", "use --visibility instead")
-	bootstrapGitLabCmd.Flags().Var(&gitlabArgs.visibility, "visibility", gitlabArgs.visibility.Description())
 	bootstrapGitLabCmd.Flags().DurationVar(&gitlabArgs.interval, "interval", time.Minute, "sync interval")
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.hostname, "hostname", glDefaultDomain, "GitLab hostname")
 	bootstrapGitLabCmd.Flags().Var(&gitlabArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
@@ -143,11 +133,6 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("--token-auth and --deploy-token-auth cannot be set both.")
 	}
 
-	if !gitlabArgs.private {
-		gitlabArgs.visibility.Set(string(gitprovider.RepositoryVisibilityPublic))
-		cmd.Println("Using visibility public as --private=false")
-	}
-
 	if err := bootstrapValidate(); err != nil {
 		return err
 	}
@@ -231,7 +216,6 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             bootstrapComponents(),
 		Registry:               bootstrapArgs.registry,
-		RegistryCredential:     bootstrapArgs.registryCredential,
 		ImagePullSecret:        bootstrapArgs.imagePullSecret,
 		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
 		NetworkPolicy:          bootstrapArgs.networkPolicy,
@@ -297,7 +281,6 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	// Bootstrap config
 	bootstrapOpts := []bootstrap.GitProviderOption{
 		bootstrap.WithProviderRepository(gitlabArgs.owner, gitlabArgs.repository, gitlabArgs.personal),
-		bootstrap.WithProviderVisibility(gitlabArgs.visibility.String()),
 		bootstrap.WithBranch(bootstrapArgs.branch),
 		bootstrap.WithBootstrapTransportType("https"),
 		bootstrap.WithSignature(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
@@ -317,6 +300,9 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	if gitlabArgs.deployTokenAuth {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithDeployTokenAuth())
 	}
+	if !gitlabArgs.private {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
+	}
 	if gitlabArgs.reconcile {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithReconcile())
 	}

cmd/flux/build_kustomization.go

@@ -21,10 +21,10 @@ import (
 	"os"
 	"os/signal"
 
+	"github.com/fluxcd/pkg/ssa"
 	"github.com/spf13/cobra"
 
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
-	ssautil "github.com/fluxcd/pkg/ssa/utils"
 
 	"github.com/fluxcd/flux2/v2/internal/build"
 )
@@ -63,7 +63,6 @@ type buildKsFlags struct {
 	path              string
 	ignorePaths       []string
 	dryRun            bool
-	strictSubst       bool
 }
 
 var buildKsArgs buildKsFlags
@@ -73,8 +72,6 @@ func init() {
 	buildKsCmd.Flags().StringVar(&buildKsArgs.kustomizationFile, "kustomization-file", "", "Path to the Flux Kustomization YAML file.")
 	buildKsCmd.Flags().StringSliceVar(&buildKsArgs.ignorePaths, "ignore-paths", nil, "set paths to ignore in .gitignore format")
 	buildKsCmd.Flags().BoolVar(&buildKsArgs.dryRun, "dry-run", false, "Dry run mode.")
-	buildKsCmd.Flags().BoolVar(&buildKsArgs.strictSubst, "strict-substitute", false,
-		"When enabled, the post build substitutions will fail if a var without a default value is declared in files but is missing from the input vars.")
 	buildCmd.AddCommand(buildKsCmd)
 }
 
@@ -110,7 +107,6 @@ func buildKsCmdRun(cmd *cobra.Command, args []string) (err error) {
 			build.WithDryRun(buildKsArgs.dryRun),
 			build.WithNamespace(*kubeconfigArgs.Namespace),
 			build.WithIgnore(buildKsArgs.ignorePaths),
-			build.WithStrictSubstitute(buildKsArgs.strictSubst),
 		)
 	} else {
 		builder, err = build.NewBuilder(name, buildKsArgs.path,
@@ -118,7 +114,6 @@ func buildKsCmdRun(cmd *cobra.Command, args []string) (err error) {
 			build.WithTimeout(rootArgs.timeout),
 			build.WithKustomizationFile(buildKsArgs.kustomizationFile),
 			build.WithIgnore(buildKsArgs.ignorePaths),
-			build.WithStrictSubstitute(buildKsArgs.strictSubst),
 		)
 	}
 
@@ -137,7 +132,7 @@ func buildKsCmdRun(cmd *cobra.Command, args []string) (err error) {
 			errChan <- err
 		}
 
-		manifests, err := ssautil.ObjectsToYAML(objects)
+		manifests, err := ssa.ObjectsToYAML(objects)
 		if err != nil {
 			errChan <- err
 		}

cmd/flux/check.go

@@ -40,7 +40,6 @@ import (
 
 var checkCmd = &cobra.Command{
 	Use:   "check",
-	Args:  cobra.NoArgs,
 	Short: "Check requirements and installation",
 	Long: withPreviewNote(`The check command will perform a series of checks to validate that
 the local environment is configured correctly and if the installed components are healthy.`),
@@ -60,7 +59,7 @@ type checkFlags struct {
 }
 
 var kubernetesConstraints = []string{
-	">=1.28.0-0",
+	">=1.26.0-0",
 }
 
 var checkArgs checkFlags

cmd/flux/cluster_info_test.go

@@ -29,7 +29,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
-	ssautil "github.com/fluxcd/pkg/ssa/utils"
+	"github.com/fluxcd/pkg/ssa"
 )
 
 func Test_getFluxClusterInfo(t *testing.T) {
@@ -37,7 +37,7 @@ func Test_getFluxClusterInfo(t *testing.T) {
 	f, err := os.Open("./testdata/cluster_info/gitrepositories.yaml")
 	g.Expect(err).To(BeNil())
 
-	objs, err := ssautil.ReadObjects(f)
+	objs, err := ssa.ReadObjects(f)
 	g.Expect(err).To(Not(HaveOccurred()))
 	gitrepo := objs[0]
 

cmd/flux/create_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -24,6 +24,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/fluxcd/pkg/apis/meta"
+	"github.com/fluxcd/pkg/runtime/transform"
+
+	"github.com/fluxcd/flux2/v2/internal/flags"
+	"github.com/fluxcd/flux2/v2/internal/utils"
+
 	"github.com/spf13/cobra"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -33,21 +39,14 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
-	"github.com/fluxcd/pkg/apis/meta"
-	"github.com/fluxcd/pkg/runtime/transform"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
-	sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2"
-
-	"github.com/fluxcd/flux2/v2/internal/flags"
-	"github.com/fluxcd/flux2/v2/internal/utils"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 var createHelmReleaseCmd = &cobra.Command{
 	Use:     "helmrelease [name]",
 	Aliases: []string{"hr"},
 	Short:   "Create or update a HelmRelease resource",
-	Long:    `The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.`,
+	Long:    withPreviewNote(`The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.`),
 	Example: `  # Create a HelmRelease with a chart from a HelmRepository source
   flux create hr podinfo \
     --interval=10m \
@@ -106,17 +105,7 @@ var createHelmReleaseCmd = &cobra.Command{
     --source=HelmRepository/podinfo \
     --chart=podinfo \
     --values=./values.yaml \
-    --export > podinfo-release.yaml
-		
-  # Create a HelmRelease using a chart from a HelmChart resource
-  flux create hr podinfo \
-    --namespace=default \
-    --chart-ref=HelmChart/podinfo.flux-system \
-
-  # Create a HelmRelease using a chart from an OCIRepository resource
-  flux create hr podinfo \
-    --namespace=default \
-    --chart-ref=OCIRepository/podinfo.flux-system`,
+    --export > podinfo-release.yaml`,
 	RunE: createHelmReleaseCmdRun,
 }
 
@@ -126,7 +115,6 @@ type helmReleaseFlags struct {
 	dependsOn           []string
 	chart               string
 	chartVersion        string
-	chartRef            string
 	targetNamespace     string
 	createNamespace     bool
 	valuesFiles         []string
@@ -142,8 +130,6 @@ var helmReleaseArgs helmReleaseFlags
 
 var supportedHelmReleaseValuesFromKinds = []string{"Secret", "ConfigMap"}
 
-var supportedHelmReleaseReferenceKinds = []string{sourcev1b2.OCIRepositoryKind, sourcev1.HelmChartKind}
-
 func init() {
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.name, "release-name", "", "name used for the Helm release, defaults to a composition of '[<target-namespace>-]<HelmRelease-name>'")
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.source, "source", helmReleaseArgs.source.Description())
@@ -159,15 +145,14 @@ func init() {
 	createHelmReleaseCmd.Flags().StringSliceVar(&helmReleaseArgs.valuesFrom, "values-from", nil, "a Kubernetes object reference that contains the values.yaml data key in the format '<kind>/<name>', where kind must be one of: (Secret,ConfigMap)")
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.crds, "crds", helmReleaseArgs.crds.Description())
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.kubeConfigSecretRef, "kubeconfig-secret-ref", "", "the name of the Kubernetes Secret that contains a key with the kubeconfig file for connecting to a remote cluster")
-	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.chartRef, "chart-ref", "", "the name of the HelmChart resource to use as source for the HelmRelease, in the format '<kind>/<name>.<namespace>', where kind must be one of: (OCIRepository,HelmChart)")
 	createCmd.AddCommand(createHelmReleaseCmd)
 }
 
 func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	name := args[0]
 
-	if helmReleaseArgs.chart == "" && helmReleaseArgs.chartRef == "" {
-		return fmt.Errorf("chart or chart-ref is required")
+	if helmReleaseArgs.chart == "" {
+		return fmt.Errorf("chart name or path is required")
 	}
 
 	sourceLabels, err := parseLabels()
@@ -197,13 +182,8 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 				Duration: createArgs.interval,
 			},
 			TargetNamespace: helmReleaseArgs.targetNamespace,
-			Suspend:         false,
-		},
-	}
 
-	switch {
-	case helmReleaseArgs.chart != "":
-		helmRelease.Spec.Chart = &helmv2.HelmChartTemplate{
+			Chart: helmv2.HelmChartTemplate{
 				Spec: helmv2.HelmChartTemplateSpec{
 					Chart:   helmReleaseArgs.chart,
 					Version: helmReleaseArgs.chartVersion,
@@ -214,23 +194,9 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 					},
 					ReconcileStrategy: helmReleaseArgs.reconcileStrategy,
 				},
-		}
-		if helmReleaseArgs.chartInterval != 0 {
-			helmRelease.Spec.Chart.Spec.Interval = &metav1.Duration{
-				Duration: helmReleaseArgs.chartInterval,
-			}
-		}
-	case helmReleaseArgs.chartRef != "":
-		kind, name, ns := utils.ParseObjectKindNameNamespace(helmReleaseArgs.chartRef)
-		if kind != sourcev1.HelmChartKind && kind != sourcev1b2.OCIRepositoryKind {
-			return fmt.Errorf("chart reference kind '%s' is not supported, must be one of: %s",
-				kind, strings.Join(supportedHelmReleaseReferenceKinds, ", "))
-		}
-		helmRelease.Spec.ChartRef = &helmv2.CrossNamespaceSourceReference{
-			Kind:      kind,
-			Name:      name,
-			Namespace: ns,
-		}
+			},
+			Suspend: false,
+		},
 	}
 
 	if helmReleaseArgs.kubeConfigSecretRef != "" {
@@ -241,6 +207,12 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	if helmReleaseArgs.chartInterval != 0 {
+		helmRelease.Spec.Chart.Spec.Interval = &metav1.Duration{
+			Duration: helmReleaseArgs.chartInterval,
+		}
+	}
+
 	if helmReleaseArgs.createNamespace {
 		if helmRelease.Spec.Install == nil {
 			helmRelease.Spec.Install = &helmv2.Install{}
@@ -337,7 +309,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Successf("HelmRelease %s is ready", name)
 
-	logger.Successf("applied revision %s", getHelmReleaseRevision(helmRelease))
+	logger.Successf("applied revision %s", helmRelease.Status.LastAppliedRevision)
 	return nil
 }
 

cmd/flux/create_helmrelease_test.go

@@ -1,86 +0,0 @@
-//go:build unit
-// +build unit
-
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import "testing"
-
-func TestCreateHelmRelease(t *testing.T) {
-	tmpl := map[string]string{
-		"fluxns": allocateNamespace("flux-system"),
-	}
-	setupHRSource(t, tmpl)
-
-	tests := []struct {
-		name   string
-		args   string
-		assert assertFunc
-	}{
-		{
-			name:   "missing name",
-			args:   "create helmrelease --export",
-			assert: assertError("name is required"),
-		},
-		{
-			name:   "missing chart template and chartRef",
-			args:   "create helmrelease podinfo --export",
-			assert: assertError("chart or chart-ref is required"),
-		},
-		{
-			name:   "unknown source kind",
-			args:   "create helmrelease podinfo --source foobar/podinfo --chart podinfo --export",
-			assert: assertError(`invalid argument "foobar/podinfo" for "--source" flag: source kind 'foobar' is not supported, must be one of: HelmRepository, GitRepository, Bucket`),
-		},
-		{
-			name:   "unknown chart reference kind",
-			args:   "create helmrelease podinfo --chart-ref foobar/podinfo --export",
-			assert: assertError(`chart reference kind 'foobar' is not supported, must be one of: OCIRepository, HelmChart`),
-		},
-		{
-			name:   "basic helmrelease",
-			args:   "create helmrelease podinfo --source Helmrepository/podinfo --chart podinfo --interval=1m0s --export",
-			assert: assertGoldenTemplateFile("testdata/create_hr/basic.yaml", tmpl),
-		},
-		{
-			name:   "chart with OCIRepository source",
-			args:   "create helmrelease podinfo --chart-ref OCIRepository/podinfo --interval=1m0s --export",
-			assert: assertGoldenTemplateFile("testdata/create_hr/or_basic.yaml", tmpl),
-		},
-		{
-			name:   "chart with HelmChart source",
-			args:   "create helmrelease podinfo --chart-ref HelmChart/podinfo --interval=1m0s --export",
-			assert: assertGoldenTemplateFile("testdata/create_hr/hc_basic.yaml", tmpl),
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			cmd := cmdTestCase{
-				args:   tt.args + " -n " + tmpl["fluxns"],
-				assert: tt.assert,
-			}
-			cmd.runTestCmd(t)
-		})
-	}
-}
-
-func setupHRSource(t *testing.T, tmpl map[string]string) {
-	t.Helper()
-	testEnv.CreateObjectFile("./testdata/create_hr/setup-source.yaml", tmpl, t)
-}

cmd/flux/create_image_update.go

@@ -22,7 +22,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1"
 )
 

cmd/flux/create_kustomization.go

@@ -29,7 +29,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
 	"github.com/fluxcd/pkg/apis/meta"
 

cmd/flux/create_secret_helm.go

@@ -32,7 +32,7 @@ import (
 var createSecretHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Create or update a Kubernetes secret for Helm repository authentication",
-	Long:  `The create secret helm command generates a Kubernetes secret with basic authentication credentials.`,
+	Long:  withPreviewNote(`The create secret helm command generates a Kubernetes secret with basic authentication credentials.`),
 	Example: ` # Create a Helm authentication secret on disk and encrypt it with Mozilla SOPS
   flux create secret helm repo-auth \
     --namespace=my-namespace \

cmd/flux/create_secret_notation.go

@@ -1,150 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/v2/internal/utils"
-	"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
-)
-
-var createSecretNotationCmd = &cobra.Command{
-	Use:   "notation [name]",
-	Short: "Create or update a Kubernetes secret for verifications of artifacts signed by Notation",
-	Long:  withPreviewNote(`The create secret notation command generates a Kubernetes secret with root ca certificates and trust policy.`),
-	Example: ` # Create a Notation configuration secret on disk and encrypt it with Mozilla SOPS
-  flux create secret notation my-notation-cert \
-    --namespace=my-namespace \
-    --trust-policy-file=./my-trust-policy.json \
-    --ca-cert-file=./my-cert.crt \
-    --export > my-notation-cert.yaml
-
-  sops --encrypt --encrypted-regex '^(data|stringData)$' \
-    --in-place my-notation-cert.yaml`,
-
-	RunE: createSecretNotationCmdRun,
-}
-
-type secretNotationFlags struct {
-	trustPolicyFile string
-	caCrtFile       []string
-}
-
-var secretNotationArgs secretNotationFlags
-
-func init() {
-	createSecretNotationCmd.Flags().StringVar(&secretNotationArgs.trustPolicyFile, "trust-policy-file", "", "notation trust policy file path")
-	createSecretNotationCmd.Flags().StringSliceVar(&secretNotationArgs.caCrtFile, "ca-cert-file", []string{}, "root ca cert file path")
-
-	createSecretCmd.AddCommand(createSecretNotationCmd)
-}
-
-func createSecretNotationCmdRun(cmd *cobra.Command, args []string) error {
-	if len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	if secretNotationArgs.caCrtFile == nil || len(secretNotationArgs.caCrtFile) == 0 {
-		return fmt.Errorf("--ca-cert-file is required")
-	}
-
-	if secretNotationArgs.trustPolicyFile == "" {
-		return fmt.Errorf("--trust-policy-file is required")
-	}
-
-	name := args[0]
-
-	labels, err := parseLabels()
-	if err != nil {
-		return err
-	}
-
-	policy, err := os.ReadFile(secretNotationArgs.trustPolicyFile)
-	if err != nil {
-		return fmt.Errorf("unable to read trust policy file: %w", err)
-	}
-
-	var (
-		caCerts []sourcesecret.VerificationCrt
-		fileErr error
-	)
-	for _, caCrtFile := range secretNotationArgs.caCrtFile {
-		fileName := filepath.Base(caCrtFile)
-		if !strings.HasSuffix(fileName, ".crt") && !strings.HasSuffix(fileName, ".pem") {
-			fileErr = errors.Join(fileErr, fmt.Errorf("%s must end with either .crt or .pem", fileName))
-			continue
-		}
-		caBundle, err := os.ReadFile(caCrtFile)
-		if err != nil {
-			fileErr = errors.Join(fileErr, fmt.Errorf("unable to read TLS CA file: %w", err))
-			continue
-		}
-		caCerts = append(caCerts, sourcesecret.VerificationCrt{Name: fileName, CACrt: caBundle})
-	}
-
-	if fileErr != nil {
-		return fileErr
-	}
-
-	if len(caCerts) == 0 {
-		return fmt.Errorf("no CA certs found")
-	}
-
-	opts := sourcesecret.Options{
-		Name:             name,
-		Namespace:        *kubeconfigArgs.Namespace,
-		Labels:           labels,
-		VerificationCrts: caCerts,
-		TrustPolicy:      policy,
-	}
-	secret, err := sourcesecret.Generate(opts)
-	if err != nil {
-		return err
-	}
-
-	if createArgs.export {
-		rootCmd.Println(secret.Content)
-		return nil
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfigArgs, kubeclientOptions)
-	if err != nil {
-		return err
-	}
-	var s corev1.Secret
-	if err := yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
-		return err
-	}
-	if err := upsertSecret(ctx, kubeClient, s); err != nil {
-		return err
-	}
-
-	logger.Actionf("notation configuration secret '%s' created in '%s' namespace", name, *kubeconfigArgs.Namespace)
-	return nil
-}

cmd/flux/create_secret_notation_test.go

@@ -1,112 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-const (
-	trustPolicy    = "./testdata/create_secret/notation/test-trust-policy.json"
-	testCertFolder = "./testdata/create_secret/notation"
-)
-
-func TestCreateNotationSecret(t *testing.T) {
-	crt, err := os.Create(filepath.Join(t.TempDir(), "ca.crt"))
-	if err != nil {
-		t.Fatal("could not create ca.crt file")
-	}
-
-	pem, err := os.Create(filepath.Join(t.TempDir(), "ca.pem"))
-	if err != nil {
-		t.Fatal("could not create ca.pem file")
-	}
-
-	invalidCert, err := os.Create(filepath.Join(t.TempDir(), "ca.p12"))
-	if err != nil {
-		t.Fatal("could not create ca.p12 file")
-	}
-
-	_, err = crt.Write([]byte("ca-data-crt"))
-	if err != nil {
-		t.Fatal("could not write to crt certificate file")
-	}
-
-	_, err = pem.Write([]byte("ca-data-pem"))
-	if err != nil {
-		t.Fatal("could not write to pem certificate file")
-	}
-
-	tests := []struct {
-		name   string
-		args   string
-		assert assertFunc
-	}{
-		{
-			name:   "no args",
-			args:   "create secret notation",
-			assert: assertError("name is required"),
-		},
-		{
-			name:   "no trust policy",
-			args:   fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s", testCertFolder),
-			assert: assertError("--trust-policy-file is required"),
-		},
-		{
-			name:   "no cert",
-			args:   fmt.Sprintf("create secret notation notation-config --trust-policy-file=%s", trustPolicy),
-			assert: assertError("--ca-cert-file is required"),
-		},
-		{
-			name:   "non pem and crt cert",
-			args:   fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s", invalidCert.Name(), trustPolicy),
-			assert: assertError("ca.p12 must end with either .crt or .pem"),
-		},
-		{
-			name:   "crt secret",
-			args:   fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s --namespace=my-namespace --export", crt.Name(), trustPolicy),
-			assert: assertGoldenFile("./testdata/create_secret/notation/secret-ca-crt.yaml"),
-		},
-		{
-			name:   "pem secret",
-			args:   fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s --namespace=my-namespace --export", pem.Name(), trustPolicy),
-			assert: assertGoldenFile("./testdata/create_secret/notation/secret-ca-pem.yaml"),
-		},
-		{
-			name:   "multi secret",
-			args:   fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --ca-cert-file=%s --trust-policy-file=%s --namespace=my-namespace --export", crt.Name(), pem.Name(), trustPolicy),
-			assert: assertGoldenFile("./testdata/create_secret/notation/secret-ca-multi.yaml"),
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			defer func() {
-				secretNotationArgs = secretNotationFlags{}
-			}()
-
-			cmd := cmdTestCase{
-				args:   tt.args,
-				assert: tt.assert,
-			}
-			cmd.runTestCmd(t)
-		})
-	}
-}

cmd/flux/create_source_chart.go

@@ -1,217 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/util/wait"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	"github.com/fluxcd/pkg/apis/meta"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
-
-	"github.com/fluxcd/flux2/v2/internal/flags"
-	"github.com/fluxcd/flux2/v2/internal/utils"
-)
-
-var createSourceChartCmd = &cobra.Command{
-	Use:   "chart [name]",
-	Short: "Create or update a HelmChart source",
-	Long:  `The create source chart command generates a HelmChart resource and waits for the chart to be available.`,
-	Example: `  # Create a source for a chart residing in a HelmRepository
-  flux create source chart podinfo \
-    --source=HelmRepository/podinfo \
-    --chart=podinfo \
-    --chart-version=6.x
-
-  # Create a source for a chart residing in a Git repository
-  flux create source chart podinfo \
-    --source=GitRepository/podinfo \
-    --chart=./charts/podinfo
-
-  # Create a source for a chart residing in a S3 Bucket
-  flux create source chart podinfo \
-    --source=Bucket/podinfo \
-    --chart=./charts/podinfo
-
-  # Create a source for a chart from OCI and verify its signature
-  flux create source chart podinfo \
-    --source HelmRepository/podinfo \
-    --chart podinfo \
-    --chart-version=6.6.2 \
-    --verify-provider=cosign \
-    --verify-issuer=https://token.actions.githubusercontent.com \
-    --verify-subject=https://github.com/stefanprodan/podinfo/.github/workflows/release.yml@refs/tags/6.6.2`,
-	RunE: createSourceChartCmdRun,
-}
-
-type sourceChartFlags struct {
-	chart             string
-	chartVersion      string
-	source            flags.LocalHelmChartSource
-	reconcileStrategy string
-	verifyProvider    flags.SourceOCIVerifyProvider
-	verifySecretRef   string
-	verifyOIDCIssuer  string
-	verifySubject     string
-}
-
-var sourceChartArgs sourceChartFlags
-
-func init() {
-	createSourceChartCmd.Flags().StringVar(&sourceChartArgs.chart, "chart", "", "Helm chart name or path")
-	createSourceChartCmd.Flags().StringVar(&sourceChartArgs.chartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
-	createSourceChartCmd.Flags().Var(&sourceChartArgs.source, "source", sourceChartArgs.source.Description())
-	createSourceChartCmd.Flags().StringVar(&sourceChartArgs.reconcileStrategy, "reconcile-strategy", "ChartVersion", "the reconcile strategy for helm chart (accepted values: Revision and ChartRevision)")
-	createSourceChartCmd.Flags().Var(&sourceChartArgs.verifyProvider, "verify-provider", sourceOCIRepositoryArgs.verifyProvider.Description())
-	createSourceChartCmd.Flags().StringVar(&sourceChartArgs.verifySecretRef, "verify-secret-ref", "", "the name of a secret to use for signature verification")
-	createSourceChartCmd.Flags().StringVar(&sourceChartArgs.verifySubject, "verify-subject", "", "regular expression to use for the OIDC subject during signature verification")
-	createSourceChartCmd.Flags().StringVar(&sourceChartArgs.verifyOIDCIssuer, "verify-issuer", "", "regular expression to use for the OIDC issuer during signature verification")
-
-	createSourceCmd.AddCommand(createSourceChartCmd)
-}
-
-func createSourceChartCmdRun(cmd *cobra.Command, args []string) error {
-	name := args[0]
-
-	if sourceChartArgs.source.Kind == "" || sourceChartArgs.source.Name == "" {
-		return fmt.Errorf("chart source is required")
-	}
-
-	if sourceChartArgs.chart == "" {
-		return fmt.Errorf("chart name or path is required")
-	}
-
-	logger.Generatef("generating HelmChart source")
-
-	sourceLabels, err := parseLabels()
-	if err != nil {
-		return err
-	}
-
-	helmChart := &sourcev1.HelmChart{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      name,
-			Namespace: *kubeconfigArgs.Namespace,
-			Labels:    sourceLabels,
-		},
-		Spec: sourcev1.HelmChartSpec{
-			Chart:   sourceChartArgs.chart,
-			Version: sourceChartArgs.chartVersion,
-			Interval: metav1.Duration{
-				Duration: createArgs.interval,
-			},
-			ReconcileStrategy: sourceChartArgs.reconcileStrategy,
-			SourceRef: sourcev1.LocalHelmChartSourceReference{
-				Kind: sourceChartArgs.source.Kind,
-				Name: sourceChartArgs.source.Name,
-			},
-		},
-	}
-
-	if provider := sourceChartArgs.verifyProvider.String(); provider != "" {
-		helmChart.Spec.Verify = &sourcev1.OCIRepositoryVerification{
-			Provider: provider,
-		}
-		if secretName := sourceChartArgs.verifySecretRef; secretName != "" {
-			helmChart.Spec.Verify.SecretRef = &meta.LocalObjectReference{
-				Name: secretName,
-			}
-		}
-		verifyIssuer := sourceChartArgs.verifyOIDCIssuer
-		verifySubject := sourceChartArgs.verifySubject
-		if verifyIssuer != "" || verifySubject != "" {
-			helmChart.Spec.Verify.MatchOIDCIdentity = []sourcev1.OIDCIdentityMatch{{
-				Issuer:  verifyIssuer,
-				Subject: verifySubject,
-			}}
-		}
-	} else if sourceChartArgs.verifySecretRef != "" {
-		return fmt.Errorf("a verification provider must be specified when a secret is specified")
-	} else if sourceChartArgs.verifyOIDCIssuer != "" || sourceOCIRepositoryArgs.verifySubject != "" {
-		return fmt.Errorf("a verification provider must be specified when OIDC issuer/subject is specified")
-	}
-
-	if createArgs.export {
-		return printExport(exportHelmChart(helmChart))
-	}
-
-	logger.Actionf("applying HelmChart source")
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(kubeconfigArgs, kubeclientOptions)
-	if err != nil {
-		return err
-	}
-
-	namespacedName, err := upsertHelmChart(ctx, kubeClient, helmChart)
-	if err != nil {
-		return err
-	}
-
-	logger.Waitingf("waiting for HelmChart source reconciliation")
-	readyConditionFunc := isObjectReadyConditionFunc(kubeClient, namespacedName, helmChart)
-	if err := wait.PollUntilContextTimeout(ctx, rootArgs.pollInterval, rootArgs.timeout, true, readyConditionFunc); err != nil {
-		return err
-	}
-	logger.Successf("HelmChart source reconciliation completed")
-
-	if helmChart.Status.Artifact == nil {
-		return fmt.Errorf("HelmChart source reconciliation completed but no artifact was found")
-	}
-	logger.Successf("fetched revision: %s", helmChart.Status.Artifact.Revision)
-	return nil
-}
-
-func upsertHelmChart(ctx context.Context, kubeClient client.Client,
-	helmChart *sourcev1.HelmChart) (types.NamespacedName, error) {
-	namespacedName := types.NamespacedName{
-		Namespace: helmChart.GetNamespace(),
-		Name:      helmChart.GetName(),
-	}
-
-	var existing sourcev1.HelmChart
-	err := kubeClient.Get(ctx, namespacedName, &existing)
-	if err != nil {
-		if errors.IsNotFound(err) {
-			if err := kubeClient.Create(ctx, helmChart); err != nil {
-				return namespacedName, err
-			} else {
-				logger.Successf("source created")
-				return namespacedName, nil
-			}
-		}
-		return namespacedName, err
-	}
-
-	existing.Labels = helmChart.Labels
-	existing.Spec = helmChart.Spec
-	if err := kubeClient.Update(ctx, &existing); err != nil {
-		return namespacedName, err
-	}
-	helmChart = &existing
-	logger.Successf("source updated")
-	return namespacedName, nil
-}

cmd/flux/create_source_chart_test.go

@@ -1,91 +0,0 @@
-//go:build unit
-// +build unit
-
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import "testing"
-
-func TestCreateSourceChart(t *testing.T) {
-	tmpl := map[string]string{
-		"fluxns": allocateNamespace("flux-system"),
-	}
-	setupSourceChart(t, tmpl)
-
-	tests := []struct {
-		name   string
-		args   string
-		assert assertFunc
-	}{
-		{
-			name:   "missing name",
-			args:   "create source chart --export",
-			assert: assertError("name is required"),
-		},
-		{
-			name:   "missing source reference",
-			args:   "create source chart podinfo --export ",
-			assert: assertError("chart source is required"),
-		},
-		{
-			name:   "missing chart name",
-			args:   "create source chart podinfo --source helmrepository/podinfo --export",
-			assert: assertError("chart name or path is required"),
-		},
-		{
-			name:   "unknown source kind",
-			args:   "create source chart podinfo --source foobar/podinfo --export",
-			assert: assertError(`invalid argument "foobar/podinfo" for "--source" flag: source kind 'foobar' is not supported, must be one of: HelmRepository, GitRepository, Bucket`),
-		},
-		{
-			name:   "basic chart",
-			args:   "create source chart podinfo --source helmrepository/podinfo --chart podinfo --export",
-			assert: assertGoldenTemplateFile("testdata/create_source_chart/basic.yaml", tmpl),
-		},
-		{
-			name:   "chart with basic signature verification",
-			args:   "create source chart podinfo --source helmrepository/podinfo --chart podinfo --verify-provider cosign --export",
-			assert: assertGoldenTemplateFile("testdata/create_source_chart/verify_basic.yaml", tmpl),
-		},
-		{
-			name:   "unknown signature verification provider",
-			args:   "create source chart podinfo --source helmrepository/podinfo --chart podinfo --verify-provider foobar --export",
-			assert: assertError(`invalid argument "foobar" for "--verify-provider" flag: source OCI verify provider 'foobar' is not supported, must be one of: cosign`),
-		},
-		{
-			name:   "chart with complete signature verification",
-			args:   "create source chart podinfo --source helmrepository/podinfo --chart podinfo --verify-provider cosign --verify-issuer foo --verify-subject bar --export",
-			assert: assertGoldenTemplateFile("testdata/create_source_chart/verify_complete.yaml", tmpl),
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			cmd := cmdTestCase{
-				args:   tt.args + " -n " + tmpl["fluxns"],
-				assert: tt.assert,
-			}
-			cmd.runTestCmd(t)
-		})
-	}
-}
-
-func setupSourceChart(t *testing.T, tmpl map[string]string) {
-	t.Helper()
-	testEnv.CreateObjectFile("./testdata/create_source_chart/setup-source.yaml", tmpl, t)
-}

cmd/flux/create_source_helm.go

@@ -22,6 +22,7 @@ import (
 	"net/url"
 	"os"
 
+	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -31,8 +32,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
-	"github.com/fluxcd/pkg/apis/meta"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/utils"
 	"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
@@ -41,8 +41,8 @@ import (
 var createSourceHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Create or update a HelmRepository source",
-	Long: `The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
-For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
+	Long: withPreviewNote(`The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
+For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`),
 	Example: `  # Create a source for an HTTPS public Helm repository
   flux create source helm podinfo \
     --url=https://stefanprodan.github.io/podinfo \

cmd/flux/create_source_oci.go

@@ -30,8 +30,7 @@ import (
 
 	"github.com/fluxcd/pkg/apis/meta"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
-	sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/flags"
 	"github.com/fluxcd/flux2/v2/internal/utils"
@@ -44,17 +43,8 @@ var createSourceOCIRepositoryCmd = &cobra.Command{
 	Example: `  # Create an OCIRepository for a public container image
   flux create source oci podinfo \
     --url=oci://ghcr.io/stefanprodan/manifests/podinfo \
-    --tag=6.6.2 \
+    --tag=6.1.6 \
     --interval=10m
-
-  # Create an OCIRepository with OIDC signature verification
-  flux create source oci podinfo \
-    --url=oci://ghcr.io/stefanprodan/manifests/podinfo \
-    --tag=6.6.2 \
-    --interval=10m \
-    --verify-provider=cosign \
-    --verify-subject="^https://github.com/stefanprodan/podinfo/.github/workflows/release.yml@refs/tags/6.6.2$" \
-    --verify-issuer="^https://token.actions.githubusercontent.com$"
 `,
 	RunE: createSourceOCIRepositoryCmdRun,
 }
@@ -69,8 +59,6 @@ type sourceOCIRepositoryFlags struct {
 	certSecretRef   string
 	verifyProvider  flags.SourceOCIVerifyProvider
 	verifySecretRef string
-	verifyOIDCIssuer string
-	verifySubject    string
 	ignorePaths     []string
 	provider        flags.SourceOCIProvider
 	insecure        bool
@@ -80,7 +68,7 @@ var sourceOCIRepositoryArgs = newSourceOCIFlags()
 
 func newSourceOCIFlags() sourceOCIRepositoryFlags {
 	return sourceOCIRepositoryFlags{
-		provider: flags.SourceOCIProvider(sourcev1b2.GenericOCIProvider),
+		provider: flags.SourceOCIProvider(sourcev1.GenericOCIProvider),
 	}
 }
 
@@ -95,8 +83,6 @@ func init() {
 	createSourceOCIRepositoryCmd.Flags().StringVar(&sourceOCIRepositoryArgs.certSecretRef, "cert-ref", "", "the name of a secret to use for TLS certificates")
 	createSourceOCIRepositoryCmd.Flags().Var(&sourceOCIRepositoryArgs.verifyProvider, "verify-provider", sourceOCIRepositoryArgs.verifyProvider.Description())
 	createSourceOCIRepositoryCmd.Flags().StringVar(&sourceOCIRepositoryArgs.verifySecretRef, "verify-secret-ref", "", "the name of a secret to use for signature verification")
-	createSourceOCIRepositoryCmd.Flags().StringVar(&sourceOCIRepositoryArgs.verifySubject, "verify-subject", "", "regular expression to use for the OIDC subject during signature verification")
-	createSourceOCIRepositoryCmd.Flags().StringVar(&sourceOCIRepositoryArgs.verifyOIDCIssuer, "verify-issuer", "", "regular expression to use for the OIDC issuer during signature verification")
 	createSourceOCIRepositoryCmd.Flags().StringSliceVar(&sourceOCIRepositoryArgs.ignorePaths, "ignore-paths", nil, "set paths to ignore resources (can specify multiple paths with commas: path1,path2)")
 	createSourceOCIRepositoryCmd.Flags().BoolVar(&sourceOCIRepositoryArgs.insecure, "insecure", false, "for when connecting to a non-TLS registries over plain HTTP")
 
@@ -125,20 +111,20 @@ func createSourceOCIRepositoryCmdRun(cmd *cobra.Command, args []string) error {
 		ignorePaths = &ignorePathsStr
 	}
 
-	repository := &sourcev1b2.OCIRepository{
+	repository := &sourcev1.OCIRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: *kubeconfigArgs.Namespace,
 			Labels:    sourceLabels,
 		},
-		Spec: sourcev1b2.OCIRepositorySpec{
+		Spec: sourcev1.OCIRepositorySpec{
 			Provider: sourceOCIRepositoryArgs.provider.String(),
 			URL:      sourceOCIRepositoryArgs.url,
 			Insecure: sourceOCIRepositoryArgs.insecure,
 			Interval: metav1.Duration{
 				Duration: createArgs.interval,
 			},
-			Reference: &sourcev1b2.OCIRepositoryRef{},
+			Reference: &sourcev1.OCIRepositoryRef{},
 			Ignore:    ignorePaths,
 		},
 	}
@@ -182,18 +168,8 @@ func createSourceOCIRepositoryCmdRun(cmd *cobra.Command, args []string) error {
 				Name: secretName,
 			}
 		}
-		verifyIssuer := sourceOCIRepositoryArgs.verifyOIDCIssuer
-		verifySubject := sourceOCIRepositoryArgs.verifySubject
-		if verifyIssuer != "" || verifySubject != "" {
-			repository.Spec.Verify.MatchOIDCIdentity = []sourcev1.OIDCIdentityMatch{{
-				Issuer:  verifyIssuer,
-				Subject: verifySubject,
-			}}
-		}
 	} else if sourceOCIRepositoryArgs.verifySecretRef != "" {
 		return fmt.Errorf("a verification provider must be specified when a secret is specified")
-	} else if sourceOCIRepositoryArgs.verifyOIDCIssuer != "" || sourceOCIRepositoryArgs.verifySubject != "" {
-		return fmt.Errorf("a verification provider must be specified when OIDC issuer/subject is specified")
 	}
 
 	if createArgs.export {
@@ -229,13 +205,13 @@ func createSourceOCIRepositoryCmdRun(cmd *cobra.Command, args []string) error {
 }
 
 func upsertOCIRepository(ctx context.Context, kubeClient client.Client,
-	ociRepository *sourcev1b2.OCIRepository) (types.NamespacedName, error) {
+	ociRepository *sourcev1.OCIRepository) (types.NamespacedName, error) {
 	namespacedName := types.NamespacedName{
 		Namespace: ociRepository.GetNamespace(),
 		Name:      ociRepository.GetName(),
 	}
 
-	var existing sourcev1b2.OCIRepository
+	var existing sourcev1.OCIRepository
 	err := kubeClient.Get(ctx, namespacedName, &existing)
 	if err != nil {
 		if errors.IsNotFound(err) {

cmd/flux/create_source_oci_test.go

@@ -37,35 +37,10 @@ func TestCreateSourceOCI(t *testing.T) {
 			assertFunc: assertError("url is required"),
 		},
 		{
-			name:       "verify secret specified but provider missing",
+			name:       "verify provider not specified",
 			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --verify-secret-ref=cosign-pub",
 			assertFunc: assertError("a verification provider must be specified when a secret is specified"),
 		},
-		{
-			name:       "verify issuer specified but provider missing",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --verify-issuer=github.com",
-			assertFunc: assertError("a verification provider must be specified when OIDC issuer/subject is specified"),
-		},
-		{
-			name:       "verify identity specified but provider missing",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --verify-subject=developer",
-			assertFunc: assertError("a verification provider must be specified when OIDC issuer/subject is specified"),
-		},
-		{
-			name:       "verify issuer specified but subject missing",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --verify-issuer=github --verify-provider=cosign --export",
-			assertFunc: assertGoldenFile("./testdata/oci/export_with_issuer.golden"),
-		},
-		{
-			name:       "all verify fields set",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --verify-issuer=github verify-subject=stefanprodan --verify-provider=cosign --export",
-			assertFunc: assertGoldenFile("./testdata/oci/export_with_issuer.golden"),
-		},
-		{
-			name:       "verify subject specified but issuer missing",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --verify-subject=stefanprodan --verify-provider=cosign --export",
-			assertFunc: assertGoldenFile("./testdata/oci/export_with_subject.golden"),
-		},
 		{
 			name:       "export manifest",
 			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --interval 10m --export",

cmd/flux/delete_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,14 +19,14 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 var deleteHelmReleaseCmd = &cobra.Command{
 	Use:     "helmrelease [name]",
 	Aliases: []string{"hr"},
 	Short:   "Delete a HelmRelease resource",
-	Long:    "The delete helmrelease command removes the given HelmRelease from the cluster.",
+	Long:    withPreviewNote("The delete helmrelease command removes the given HelmRelease from the cluster."),
 	Example: `  # Delete a Helm release and the Kubernetes resources created by it
   flux delete hr podinfo`,
 	ValidArgsFunction: resourceNamesCompletionFunc(helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)),

cmd/flux/delete_image_update.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var deleteImageUpdateCmd = &cobra.Command{

cmd/flux/delete_source_chart.go

@@ -1,40 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"github.com/spf13/cobra"
-
-	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
-)
-
-var deleteSourceChartCmd = &cobra.Command{
-	Use:   "chart [name]",
-	Short: "Delete a HelmChart source",
-	Long:  "The delete source chart command deletes the given HelmChart from the cluster.",
-	Example: `  # Delete a HelmChart
-  flux delete source chart podinfo`,
-	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmChartKind)),
-	RunE: deleteCommand{
-		apiType: helmChartType,
-		object:  universalAdapter{&sourcev1.HelmChart{}},
-	}.run,
-}
-
-func init() {
-	deleteSourceCmd.AddCommand(deleteSourceChartCmd)
-}

cmd/flux/delete_source_helm.go

@@ -19,13 +19,13 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var deleteSourceHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Delete a HelmRepository source",
-	Long:  "The delete source helm command deletes the given HelmRepository from the cluster.",
+	Long:  withPreviewNote("The delete source helm command deletes the given HelmRepository from the cluster."),
 	Example: `  # Delete a Helm repository
   flux delete source helm podinfo`,
 	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)),

cmd/flux/diff_kustomization.go

@@ -23,9 +23,8 @@ import (
 
 	"github.com/spf13/cobra"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
-
 	"github.com/fluxcd/flux2/v2/internal/build"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
 )
 
 var diffKsCmd = &cobra.Command{
@@ -54,7 +53,6 @@ type diffKsFlags struct {
 	path              string
 	ignorePaths       []string
 	progressBar       bool
-	strictSubst       bool
 }
 
 var diffKsArgs diffKsFlags
@@ -64,8 +62,6 @@ func init() {
 	diffKsCmd.Flags().BoolVar(&diffKsArgs.progressBar, "progress-bar", true, "Boolean to set the progress bar. The default value is true.")
 	diffKsCmd.Flags().StringSliceVar(&diffKsArgs.ignorePaths, "ignore-paths", nil, "set paths to ignore in .gitignore format")
 	diffKsCmd.Flags().StringVar(&diffKsArgs.kustomizationFile, "kustomization-file", "", "Path to the Flux Kustomization YAML file.")
-	diffKsCmd.Flags().BoolVar(&diffKsArgs.strictSubst, "strict-substitute", false,
-		"When enabled, the post build substitutions will fail if a var without a default value is declared in files but is missing from the input vars.")
 	diffCmd.AddCommand(diffKsCmd)
 }
 
@@ -100,7 +96,6 @@ func diffKsCmdRun(cmd *cobra.Command, args []string) error {
 			build.WithKustomizationFile(diffKsArgs.kustomizationFile),
 			build.WithProgressBar(),
 			build.WithIgnore(diffKsArgs.ignorePaths),
-			build.WithStrictSubstitute(diffKsArgs.strictSubst),
 		)
 	} else {
 		builder, err = build.NewBuilder(name, diffKsArgs.path,
@@ -108,7 +103,6 @@ func diffKsCmdRun(cmd *cobra.Command, args []string) error {
 			build.WithTimeout(rootArgs.timeout),
 			build.WithKustomizationFile(diffKsArgs.kustomizationFile),
 			build.WithIgnore(diffKsArgs.ignorePaths),
-			build.WithStrictSubstitute(diffKsArgs.strictSubst),
 		)
 	}
 

cmd/flux/envsubst.go

@@ -1,74 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"bufio"
-	"fmt"
-
-	"github.com/fluxcd/pkg/envsubst"
-	"github.com/spf13/cobra"
-)
-
-var envsubstCmd = &cobra.Command{
-	Use:   "envsubst",
-	Args:  cobra.NoArgs,
-	Short: "envsubst substitutes the values of environment variables",
-	Long: withPreviewNote(`The envsubst command substitutes the values of environment variables
-in the string piped as standard input and writes the result to the standard output. This command can be used
-to replicate the behavior of the Flux Kustomization post-build substitutions.`),
-	Example: `  # Run env var substitutions on the kustomization build output
-  export cluster_region=eu-central-1
-  kustomize build . | flux envsubst
-
-  # Run env var substitutions and error out if a variable is not set
-  kustomize build . | flux envsubst --strict
-`,
-	RunE: runEnvsubstCmd,
-}
-
-type envsubstFlags struct {
-	strict bool
-}
-
-var envsubstArgs envsubstFlags
-
-func init() {
-	envsubstCmd.Flags().BoolVar(&envsubstArgs.strict, "strict", false,
-		"fail if a variable without a default value is declared in the input but is missing from the environment")
-	rootCmd.AddCommand(envsubstCmd)
-}
-
-func runEnvsubstCmd(cmd *cobra.Command, args []string) error {
-	stdin := bufio.NewScanner(rootCmd.InOrStdin())
-	stdout := bufio.NewWriter(rootCmd.OutOrStdout())
-	for stdin.Scan() {
-		line, err := envsubst.EvalEnv(stdin.Text(), envsubstArgs.strict)
-		if err != nil {
-			return err
-		}
-		_, err = fmt.Fprintln(stdout, line)
-		if err != nil {
-			return err
-		}
-		err = stdout.Flush()
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

cmd/flux/envsubst_test.go

@@ -1,50 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"bytes"
-	"os"
-	"testing"
-
-	. "github.com/onsi/gomega"
-)
-
-func TestEnvsubst(t *testing.T) {
-	g := NewWithT(t)
-	input, err := os.ReadFile("testdata/envsubst/file.yaml")
-	g.Expect(err).NotTo(HaveOccurred())
-
-	t.Setenv("REPO_NAME", "test")
-
-	output, err := executeCommandWithIn("envsubst", bytes.NewReader(input))
-	g.Expect(err).NotTo(HaveOccurred())
-
-	expected, err := os.ReadFile("testdata/envsubst/file.gold")
-	g.Expect(err).NotTo(HaveOccurred())
-	g.Expect(output).To(Equal(string(expected)))
-}
-
-func TestEnvsubst_Strinct(t *testing.T) {
-	g := NewWithT(t)
-	input, err := os.ReadFile("testdata/envsubst/file.yaml")
-	g.Expect(err).NotTo(HaveOccurred())
-
-	_, err = executeCommandWithIn("envsubst --strict", bytes.NewReader(input))
-	g.Expect(err).To(HaveOccurred())
-	g.Expect(err.Error()).To(ContainSubstring("variable not set (strict mode)"))
-}

cmd/flux/events.go

@@ -39,8 +39,8 @@ import (
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1"
@@ -422,7 +422,7 @@ var fluxKindMap = refMap{
 		gvk:             helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind),
 		crossNamespaced: true,
 		otherRefs: func(namespace, name string) []string {
-			return []string{fmt.Sprintf("%s/%s-%s", sourcev1.HelmChartKind, namespace, name)}
+			return []string{fmt.Sprintf("%s/%s-%s", sourcev1b2.HelmChartKind, namespace, name)}
 		},
 		field: []string{"spec", "chart", "spec", "sourceRef"},
 	},
@@ -440,15 +440,15 @@ var fluxKindMap = refMap{
 		crossNamespaced: true,
 		field:           []string{"spec", "imageRepositoryRef"},
 	},
-	sourcev1.HelmChartKind: {
-		gvk:             sourcev1.GroupVersion.WithKind(sourcev1.HelmChartKind),
+	sourcev1b2.HelmChartKind: {
+		gvk:             sourcev1b2.GroupVersion.WithKind(sourcev1b2.HelmChartKind),
 		crossNamespaced: true,
 		field:           []string{"spec", "sourceRef"},
 	},
 	sourcev1.GitRepositoryKind:       {gvk: sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)},
 	sourcev1b2.OCIRepositoryKind:     {gvk: sourcev1b2.GroupVersion.WithKind(sourcev1b2.OCIRepositoryKind)},
 	sourcev1b2.BucketKind:            {gvk: sourcev1b2.GroupVersion.WithKind(sourcev1b2.BucketKind)},
-	sourcev1.HelmRepositoryKind:      {gvk: sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)},
+	sourcev1b2.HelmRepositoryKind:    {gvk: sourcev1b2.GroupVersion.WithKind(sourcev1b2.HelmRepositoryKind)},
 	autov1.ImageUpdateAutomationKind: {gvk: autov1.GroupVersion.WithKind(autov1.ImageUpdateAutomationKind)},
 	imagev1.ImageRepositoryKind:      {gvk: imagev1.GroupVersion.WithKind(imagev1.ImageRepositoryKind)},
 }

cmd/flux/events_test.go

@@ -31,7 +31,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1"
-	ssautil "github.com/fluxcd/pkg/ssa/utils"
+	"github.com/fluxcd/pkg/ssa"
 
 	"github.com/fluxcd/flux2/v2/internal/utils"
 )
@@ -78,7 +78,7 @@ spec:
   timeout: 1m0s
   url: ssh://git@github.com/example/repo
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
   name: podinfo
@@ -95,7 +95,7 @@ spec:
       version: '*'
   interval: 5m0s
 ---
-apiVersion: source.toolkit.fluxcd.io/v1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
   name: podinfo
@@ -104,7 +104,7 @@ spec:
   interval: 1m0s
   url: https://stefanprodan.github.io/podinfo
 ---
-apiVersion: source.toolkit.fluxcd.io/v1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmChart
 metadata:
   name: default-podinfo
@@ -160,7 +160,7 @@ metadata:
 
 func Test_getObjectRef(t *testing.T) {
 	g := NewWithT(t)
-	objs, err := ssautil.ReadObjects(strings.NewReader(objects))
+	objs, err := ssa.ReadObjects(strings.NewReader(objects))
 	g.Expect(err).To(Not(HaveOccurred()))
 
 	builder := fake.NewClientBuilder().WithScheme(utils.NewScheme())
@@ -244,7 +244,7 @@ func Test_getObjectRef(t *testing.T) {
 
 func Test_getRows(t *testing.T) {
 	g := NewWithT(t)
-	objs, err := ssautil.ReadObjects(strings.NewReader(objects))
+	objs, err := ssa.ReadObjects(strings.NewReader(objects))
 	g.Expect(err).To(Not(HaveOccurred()))
 
 	builder := fake.NewClientBuilder().WithScheme(utils.NewScheme())

cmd/flux/export_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -20,14 +20,14 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 var exportHelmReleaseCmd = &cobra.Command{
 	Use:     "helmrelease [name]",
 	Aliases: []string{"hr"},
 	Short:   "Export HelmRelease resources in YAML format",
-	Long:    "The export helmrelease command exports one or all HelmRelease resources in YAML format.",
+	Long:    withPreviewNote("The export helmrelease command exports one or all HelmRelease resources in YAML format."),
 	Example: `  # Export all HelmRelease resources
   flux export helmrelease --all > kustomizations.yaml
 

cmd/flux/export_image_update.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var exportImageUpdateCmd = &cobra.Command{

cmd/flux/export_source_chart.go

@@ -1,67 +0,0 @@
-/*
-Copyright 2024 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"github.com/spf13/cobra"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
-)
-
-var exportSourceChartCmd = &cobra.Command{
-	Use:   "chart [name]",
-	Short: "Export HelmChart sources in YAML format",
-	Long:  withPreviewNote("The export source chart command exports one or all HelmChart sources in YAML format."),
-	Example: `  # Export all chart sources
-  flux export source chart --all > sources.yaml`,
-	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmChartKind)),
-	RunE: exportCommand{
-		list:   helmChartListAdapter{&sourcev1.HelmChartList{}},
-		object: helmChartAdapter{&sourcev1.HelmChart{}},
-	}.run,
-}
-
-func init() {
-	exportSourceCmd.AddCommand(exportSourceChartCmd)
-}
-
-func exportHelmChart(source *sourcev1.HelmChart) interface{} {
-	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmChartKind)
-	export := sourcev1.HelmChart{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       gvk.Kind,
-			APIVersion: gvk.GroupVersion().String(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:        source.Name,
-			Namespace:   source.Namespace,
-			Labels:      source.Labels,
-			Annotations: source.Annotations,
-		},
-		Spec: source.Spec,
-	}
-	return export
-}
-
-func (ex helmChartAdapter) export() interface{} {
-	return exportHelmChart(ex.HelmChart)
-}
-
-func (ex helmChartListAdapter) exportItem(i int) interface{} {
-	return exportHelmChart(&ex.HelmChartList.Items[i])
-}

cmd/flux/export_source_helm.go

@@ -21,13 +21,13 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var exportSourceHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Export HelmRepository sources in YAML format",
-	Long:  "The export source git command exports one or all HelmRepository sources in YAML format.",
+	Long:  withPreviewNote("The export source git command exports one or all HelmRepository sources in YAML format."),
 	Example: `  # Export all HelmRepository sources
   flux export source helm --all > sources.yaml
 

cmd/flux/export_test.go

@@ -58,12 +58,6 @@ func TestExport(t *testing.T) {
 			"testdata/export/git-repo.yaml",
 			tmpl,
 		},
-		{
-			"source chart",
-			"export source chart flux-system",
-			"testdata/export/helm-chart.yaml",
-			tmpl,
-		},
 		{
 			"source helm",
 			"export source helm flux-system",

cmd/flux/get_all.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1"
 	notificationv1b3 "github.com/fluxcd/notification-controller/api/v1beta3"

cmd/flux/get_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -25,14 +25,14 @@ import (
 	"golang.org/x/text/language"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 var getHelmReleaseCmd = &cobra.Command{
 	Use:     "helmreleases",
 	Aliases: []string{"hr", "helmrelease"},
 	Short:   "Get HelmRelease statuses",
-	Long:    "The get helmreleases command prints the statuses of the resources.",
+	Long:    withPreviewNote("The get helmreleases command prints the statuses of the resources."),
 	Example: `  # List all Helm releases and their status
   flux get helmreleases`,
 	ValidArgsFunction: resourceNamesCompletionFunc(helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)),
@@ -72,16 +72,9 @@ func init() {
 	getCmd.AddCommand(getHelmReleaseCmd)
 }
 
-func getHelmReleaseRevision(helmRelease helmv2.HelmRelease) string {
-	if helmRelease.Status.History != nil && len(helmRelease.Status.History) > 0 {
-		return helmRelease.Status.History[0].ChartVersion
-	}
-	return helmRelease.Status.LastAttemptedRevision
-}
-
 func (a helmReleaseListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
-	revision := getHelmReleaseRevision(item)
+	revision := item.Status.LastAppliedRevision
 	status, msg := statusAndMessage(item.Status.Conditions)
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, cases.Title(language.English).String(strconv.FormatBool(item.Spec.Suspend)), status, msg)

cmd/flux/get_image_all.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 

cmd/flux/get_image_update.go

@@ -26,7 +26,7 @@ import (
 	"golang.org/x/text/language"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var getImageUpdateCmd = &cobra.Command{

cmd/flux/get_source_all.go

@@ -54,11 +54,11 @@ var getSourceAllCmd = &cobra.Command{
 			},
 			{
 				apiType: helmRepositoryType,
-				list:    &helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
+				list:    &helmRepositoryListAdapter{&sourcev1b2.HelmRepositoryList{}},
 			},
 			{
 				apiType: helmChartType,
-				list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
+				list:    &helmChartListAdapter{&sourcev1b2.HelmChartList{}},
 			},
 		}
 

cmd/flux/get_source_chart.go

@@ -25,7 +25,7 @@ import (
 	"golang.org/x/text/language"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/utils"
 )
@@ -33,7 +33,7 @@ import (
 var getSourceHelmChartCmd = &cobra.Command{
 	Use:   "chart",
 	Short: "Get HelmChart statuses",
-	Long:  "The get sources chart command prints the status of the HelmCharts.",
+	Long:  withPreviewNote("The get sources chart command prints the status of the HelmCharts."),
 	Example: `  # List all Helm charts and their status
   flux get sources chart
 

cmd/flux/get_source_helm.go

@@ -26,7 +26,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/utils"
 )
@@ -34,7 +34,7 @@ import (
 var getSourceHelmCmd = &cobra.Command{
 	Use:   "helm",
 	Short: "Get HelmRepository source statuses",
-	Long:  "The get sources helm command prints the status of the HelmRepository sources.",
+	Long:  withPreviewNote("The get sources helm command prints the status of the HelmRepository sources."),
 	Example: `  # List all Helm repositories and their status
   flux get sources helm
 

cmd/flux/helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2021 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ package main
 import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 // helmv2.HelmRelease

cmd/flux/image.go

@@ -19,7 +19,7 @@ package main
 import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 

cmd/flux/install.go

@@ -21,20 +21,16 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 	"time"
 
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
-	"sigs.k8s.io/yaml"
 
 	"github.com/fluxcd/flux2/v2/internal/flags"
 	"github.com/fluxcd/flux2/v2/internal/utils"
 	"github.com/fluxcd/flux2/v2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
-	"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
 	"github.com/fluxcd/flux2/v2/pkg/status"
 )
 
@@ -70,7 +66,6 @@ type installFlags struct {
 	defaultComponents  []string
 	extraComponents    []string
 	registry           string
-	registryCredential string
 	imagePullSecret    string
 	branch             string
 	watchAllNamespaces bool
@@ -97,8 +92,6 @@ func init() {
 	installCmd.Flags().StringVar(&installArgs.manifestsPath, "manifests", "", "path to the manifest directory")
 	installCmd.Flags().StringVar(&installArgs.registry, "registry", rootArgs.defaults.Registry,
 		"container registry where the toolkit images are published")
-	installCmd.Flags().StringVar(&installArgs.registryCredential, "registry-creds", "",
-		"container registry credentials in the format 'user:password', requires --image-pull-secret to be set")
 	installCmd.Flags().StringVar(&installArgs.imagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	installCmd.Flags().BoolVar(&installArgs.watchAllNamespaces, "watch-all-namespaces", rootArgs.defaults.WatchAllNamespaces,
@@ -109,7 +102,7 @@ func init() {
 	installCmd.Flags().StringVar(&installArgs.clusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
 	installCmd.Flags().StringSliceVar(&installArgs.tolerationKeys, "toleration-keys", nil,
 		"list of toleration keys used to schedule the components pods onto nodes with matching taints")
-	installCmd.Flags().BoolVar(&installArgs.force, "force", false, "override existing Flux installation if it's managed by a different tool such as Helm")
+	installCmd.Flags().BoolVar(&installArgs.force, "force", false, "override existing Flux installation if it's managed by a diffrent tool such as Helm")
 	installCmd.Flags().MarkHidden("manifests")
 
 	rootCmd.AddCommand(installCmd)
@@ -131,14 +124,6 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	if installArgs.registryCredential != "" && installArgs.imagePullSecret == "" {
-		return fmt.Errorf("--registry-creds requires --image-pull-secret to be set")
-	}
-
-	if installArgs.registryCredential != "" && len(strings.Split(installArgs.registryCredential, ":")) != 2 {
-		return fmt.Errorf("invalid --registry-creds format, expected 'user:password'")
-	}
-
 	if ver, err := getVersion(installArgs.version); err != nil {
 		return err
 	} else {
@@ -169,7 +154,6 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		Namespace:              *kubeconfigArgs.Namespace,
 		Components:             components,
 		Registry:               installArgs.registry,
-		RegistryCredential:     installArgs.registryCredential,
 		ImagePullSecret:        installArgs.imagePullSecret,
 		WatchAllNamespaces:     installArgs.watchAllNamespaces,
 		NetworkPolicy:          installArgs.networkPolicy,
@@ -240,29 +224,6 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 
 	fmt.Fprintln(os.Stderr, applyOutput)
 
-	if opts.ImagePullSecret != "" && opts.RegistryCredential != "" {
-		logger.Actionf("generating image pull secret %s", opts.ImagePullSecret)
-		credentials := strings.SplitN(opts.RegistryCredential, ":", 2)
-		secretOpts := sourcesecret.Options{
-			Name:      opts.ImagePullSecret,
-			Namespace: opts.Namespace,
-			Registry:  opts.Registry,
-			Username:  credentials[0],
-			Password:  credentials[1],
-		}
-		imagePullSecret, err := sourcesecret.Generate(secretOpts)
-		if err != nil {
-			return fmt.Errorf("install failed: %w", err)
-		}
-		var s corev1.Secret
-		if err := yaml.Unmarshal([]byte(imagePullSecret.Content), &s); err != nil {
-			return fmt.Errorf("install failed: %w", err)
-		}
-		if err := upsertSecret(ctx, kubeClient, s); err != nil {
-			return fmt.Errorf("install failed: %w", err)
-		}
-	}
-
 	kubeConfig, err := utils.KubeConfig(kubeconfigArgs, kubeclientOptions)
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)

cmd/flux/install_test.go

@@ -42,11 +42,6 @@ func TestInstall(t *testing.T) {
 			args:   "install unexpectedPosArg --namespace=example",
 			assert: assertError(`unknown command "unexpectedPosArg" for "flux install"`),
 		},
-		{
-			name:   "missing image pull secret",
-			args:   "install --registry-creds=fluxcd:test",
-			assert: assertError(`--registry-creds requires --image-pull-secret to be set`),
-		},
 	}
 
 	for _, tt := range tests {

cmd/flux/logs.go

@@ -235,7 +235,7 @@ func parallelPodLogs(ctx context.Context, requests []rest.ResponseWrapper) error
 	return errors.Join(<-stdoutErrCh, <-stderrErrCh)
 }
 
-// asyncCopy copies all data from dst to src asynchronously and returns a channel for reading an error value.
+// asyncCopy copies all data from from dst to src asynchronously and returns a channel for reading an error value.
 // This is basically an asynchronous wrapper around `io.Copy`. The returned channel is unbuffered and always is sent
 // a value (either nil or the error from `io.Copy`) as soon as `io.Copy` returns.
 // This function lets you copy from multiple sources into multiple destinations in parallel.

cmd/flux/main_test.go

@@ -31,6 +31,7 @@ import (
 	"text/template"
 	"time"
 
+	"github.com/fluxcd/flux2/v2/internal/utils"
 	"github.com/google/go-cmp/cmp"
 	"github.com/mattn/go-shellwords"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -39,8 +40,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
-
-	"github.com/fluxcd/flux2/v2/internal/utils"
 )
 
 var nextNamespaceId int64
@@ -394,29 +393,6 @@ func executeCommand(cmd string) (string, error) {
 	return result, err
 }
 
-// Run the command while passing the string as input and return the captured output.
-func executeCommandWithIn(cmd string, in io.Reader) (string, error) {
-	defer resetCmdArgs()
-	args, err := shellwords.Parse(cmd)
-	if err != nil {
-		return "", err
-	}
-
-	buf := new(bytes.Buffer)
-
-	rootCmd.SetOut(buf)
-	rootCmd.SetErr(buf)
-	rootCmd.SetArgs(args)
-	if in != nil {
-		rootCmd.SetIn(in)
-	}
-
-	_, err = rootCmd.ExecuteC()
-	result := buf.String()
-
-	return result, err
-}
-
 // resetCmdArgs resets the flags for various cmd
 // Note: this will also clear default value of the flags set in init()
 func resetCmdArgs() {
@@ -465,7 +441,7 @@ func resetCmdArgs() {
 	versionArgs = versionFlags{
 		output: "yaml",
 	}
-	envsubstArgs = envsubstFlags{}
+
 }
 
 func isChangeError(err error) bool {

cmd/flux/push_artifact.go

@@ -114,7 +114,6 @@ type pushArtifactFlags struct {
 	annotations []string
 	output      string
 	debug       bool
-	reproducible bool
 }
 
 var pushArtifactArgs = newPushArtifactFlags()
@@ -136,7 +135,6 @@ func init() {
 	pushArtifactCmd.Flags().StringVarP(&pushArtifactArgs.output, "output", "o", "",
 		"the format in which the artifact digest should be printed, can be 'json' or 'yaml'")
 	pushArtifactCmd.Flags().BoolVarP(&pushArtifactArgs.debug, "debug", "", false, "display logs from underlying library")
-	pushArtifactCmd.Flags().BoolVar(&pushArtifactArgs.reproducible, "reproducible", false, "ensure reproducible image digests by setting the created timestamp to '1970-01-01T00:00:00Z'")
 
 	pushCmd.AddCommand(pushArtifactCmd)
 }
@@ -204,11 +202,6 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 		Annotations: annotations,
 	}
 
-	if pushArtifactArgs.reproducible {
-		zeroTime := time.Unix(0, 0)
-		meta.Created = zeroTime.Format(time.RFC3339)
-	}
-
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 

cmd/flux/reconcile.go

@@ -31,7 +31,7 @@ import (
 	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/v2/internal/utils"

cmd/flux/reconcile_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,8 +22,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 	sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
@@ -32,7 +31,7 @@ var reconcileHrCmd = &cobra.Command{
 	Aliases: []string{"hr"},
 	Short:   "Reconcile a HelmRelease resource",
 	Long: `
-The reconcile helmrelease command triggers a reconciliation of a HelmRelease resource and waits for it to finish.`,
+The reconcile kustomization command triggers a reconciliation of a HelmRelease resource and waits for it to finish.`,
 	Example: `  # Trigger a HelmRelease apply outside of the reconciliation interval
   flux reconcile hr podinfo
 
@@ -69,47 +68,21 @@ func (obj helmReleaseAdapter) reconcileSource() bool {
 }
 
 func (obj helmReleaseAdapter) getSource() (reconcileSource, types.NamespacedName) {
-	var (
-		name string
-		ns   string
-	)
-	switch {
-	case obj.Spec.ChartRef != nil:
-		name, ns = obj.Spec.ChartRef.Name, obj.Spec.ChartRef.Namespace
+	cmd := reconcileWithSourceCommand{
+		apiType: helmChartType,
+		object:  helmChartAdapter{&sourcev1b2.HelmChart{}},
+		force:   true,
+	}
+
+	ns := obj.Spec.Chart.Spec.SourceRef.Namespace
 	if ns == "" {
 		ns = obj.Namespace
 	}
-		namespacedName := types.NamespacedName{
-			Name:      name,
+
+	return cmd, types.NamespacedName{
+		Name:      fmt.Sprintf("%s-%s", obj.Namespace, obj.Name),
 		Namespace: ns,
 	}
-		if obj.Spec.ChartRef.Kind == sourcev1.HelmChartKind {
-			return reconcileWithSourceCommand{
-				apiType: helmChartType,
-				object:  helmChartAdapter{&sourcev1.HelmChart{}},
-				force:   true,
-			}, namespacedName
-		}
-		return reconcileCommand{
-			apiType: ociRepositoryType,
-			object:  ociRepositoryAdapter{&sourcev1b2.OCIRepository{}},
-		}, namespacedName
-	default:
-		// default case assumes the HelmRelease is using a HelmChartTemplate
-		ns = obj.Spec.Chart.Spec.SourceRef.Namespace
-		if ns == "" {
-			ns = obj.Namespace
-		}
-		name = fmt.Sprintf("%s-%s", obj.Namespace, obj.Name)
-		return reconcileWithSourceCommand{
-				apiType: helmChartType,
-				object:  helmChartAdapter{&sourcev1.HelmChart{}},
-				force:   true,
-			}, types.NamespacedName{
-				Name:      name,
-				Namespace: ns,
-			}
-	}
 }
 
 func (obj helmReleaseAdapter) isStatic() bool {

cmd/flux/reconcile_image_updateauto.go

@@ -22,7 +22,7 @@ import (
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 	meta "github.com/fluxcd/pkg/apis/meta"
 )
 

cmd/flux/reconcile_source_chart.go

@@ -33,10 +33,10 @@ var reconcileSourceHelmChartCmd = &cobra.Command{
  
   # Trigger a reconciliation of the HelmCharts's source and apply changes
   flux reconcile helmchart podinfo --with-source`,
-	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmChartKind)),
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1b2.GroupVersion.WithKind(sourcev1b2.HelmChartKind)),
 	RunE: reconcileWithSourceCommand{
 		apiType: helmChartType,
-		object:  helmChartAdapter{&sourcev1.HelmChart{}},
+		object:  helmChartAdapter{&sourcev1b2.HelmChart{}},
 	}.run,
 }
 
@@ -62,10 +62,10 @@ func (obj helmChartAdapter) reconcileSource() bool {
 func (obj helmChartAdapter) getSource() (reconcileSource, types.NamespacedName) {
 	var cmd reconcileCommand
 	switch obj.Spec.SourceRef.Kind {
-	case sourcev1.HelmRepositoryKind:
+	case sourcev1b2.HelmRepositoryKind:
 		cmd = reconcileCommand{
 			apiType: helmRepositoryType,
-			object:  helmRepositoryAdapter{&sourcev1.HelmRepository{}},
+			object:  helmRepositoryAdapter{&sourcev1b2.HelmRepository{}},
 		}
 	case sourcev1.GitRepositoryKind:
 		cmd = reconcileCommand{

cmd/flux/reconcile_source_helm.go

@@ -23,7 +23,7 @@ import (
 
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/pkg/runtime/conditions"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var reconcileSourceHelmCmd = &cobra.Command{

cmd/flux/reconcile_with_source.go

@@ -10,9 +10,8 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 
-	"github.com/fluxcd/pkg/apis/meta"
-
 	"github.com/fluxcd/flux2/v2/internal/utils"
+	"github.com/fluxcd/pkg/apis/meta"
 )
 
 type reconcileWithSource interface {

cmd/flux/resume_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 var resumeHrCmd = &cobra.Command{
@@ -55,7 +55,7 @@ func (obj helmReleaseAdapter) setUnsuspended() {
 }
 
 func (obj helmReleaseAdapter) successMessage() string {
-	return fmt.Sprintf("applied revision %s", getHelmReleaseRevision(*obj.HelmRelease))
+	return fmt.Sprintf("applied revision %s", obj.Status.LastAppliedRevision)
 }
 
 func (a helmReleaseListAdapter) resumeItem(i int) resumable {

cmd/flux/resume_image_updateauto.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var resumeImageUpdateCmd = &cobra.Command{

cmd/flux/resume_source_chart.go

@@ -21,7 +21,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var resumeSourceHelmChartCmd = &cobra.Command{

cmd/flux/resume_source_helm.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var resumeSourceHelmCmd = &cobra.Command{

cmd/flux/source.go

@@ -95,16 +95,16 @@ func (a bucketListAdapter) len() int {
 	return len(a.BucketList.Items)
 }
 
-// sourcev1.HelmChart
+// sourcev1b2.HelmChart
 
 var helmChartType = apiType{
-	kind:         sourcev1.HelmChartKind,
+	kind:         sourcev1b2.HelmChartKind,
 	humanKind:    "source chart",
-	groupVersion: sourcev1.GroupVersion,
+	groupVersion: sourcev1b2.GroupVersion,
 }
 
 type helmChartAdapter struct {
-	*sourcev1.HelmChart
+	*sourcev1b2.HelmChart
 }
 
 func (a helmChartAdapter) asClientObject() client.Object {
@@ -115,10 +115,10 @@ func (a helmChartAdapter) deepCopyClientObject() client.Object {
 	return a.HelmChart.DeepCopy()
 }
 
-// sourcev1.HelmChartList
+// sourcev1b2.HelmChartList
 
 type helmChartListAdapter struct {
-	*sourcev1.HelmChartList
+	*sourcev1b2.HelmChartList
 }
 
 func (a helmChartListAdapter) asClientList() client.ObjectList {
@@ -163,16 +163,16 @@ func (a gitRepositoryListAdapter) len() int {
 	return len(a.GitRepositoryList.Items)
 }
 
-// sourcev1.HelmRepository
+// sourcev1b2.HelmRepository
 
 var helmRepositoryType = apiType{
-	kind:         sourcev1.HelmRepositoryKind,
+	kind:         sourcev1b2.HelmRepositoryKind,
 	humanKind:    "source helm",
-	groupVersion: sourcev1.GroupVersion,
+	groupVersion: sourcev1b2.GroupVersion,
 }
 
 type helmRepositoryAdapter struct {
-	*sourcev1.HelmRepository
+	*sourcev1b2.HelmRepository
 }
 
 func (a helmRepositoryAdapter) asClientObject() client.Object {
@@ -183,10 +183,10 @@ func (a helmRepositoryAdapter) deepCopyClientObject() client.Object {
 	return a.HelmRepository.DeepCopy()
 }
 
-// sourcev1.HelmRepositoryList
+// sourcev1b2.HelmRepositoryList
 
 type helmRepositoryListAdapter struct {
-	*sourcev1.HelmRepositoryList
+	*sourcev1b2.HelmRepositoryList
 }
 
 func (a helmRepositoryListAdapter) asClientList() client.ObjectList {

cmd/flux/stats.go

@@ -27,8 +27,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/fluxcd/cli-utils/pkg/kstatus/status"
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1"
@@ -42,7 +42,6 @@ import (
 
 var statsCmd = &cobra.Command{
 	Use:   "stats",
-	Args:  cobra.NoArgs,
 	Short: "Stats of Flux reconciles",
 	Long: withPreviewNote(`The stats command prints a report of Flux custom resources present on a cluster,
 including their reconcile status and the amount of cumulative storage used for each source type`),
@@ -87,14 +86,14 @@ func runStatsCmd(cmd *cobra.Command, args []string) error {
 			Group:   sourcev1b2.GroupVersion.Group,
 		},
 		{
-			Kind:    sourcev1.HelmRepositoryKind,
-			Version: sourcev1.GroupVersion.Version,
-			Group:   sourcev1.GroupVersion.Group,
+			Kind:    sourcev1b2.HelmRepositoryKind,
+			Version: sourcev1b2.GroupVersion.Version,
+			Group:   sourcev1b2.GroupVersion.Group,
 		},
 		{
-			Kind:    sourcev1.HelmChartKind,
-			Version: sourcev1.GroupVersion.Version,
-			Group:   sourcev1.GroupVersion.Group,
+			Kind:    sourcev1b2.HelmChartKind,
+			Version: sourcev1b2.GroupVersion.Version,
+			Group:   sourcev1b2.GroupVersion.Group,
 		},
 		{
 			Kind:    sourcev1b2.BucketKind,

cmd/flux/suspend_helmrelease.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2024 The Flux authors
+Copyright 2020 The Flux authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta2"
 )
 
 var suspendHrCmd = &cobra.Command{

cmd/flux/suspend_image_updateauto.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta2"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var suspendImageUpdateCmd = &cobra.Command{

cmd/flux/suspend_source_chart.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var suspendSourceHelmChartCmd = &cobra.Command{

cmd/flux/suspend_source_helm.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
 var suspendSourceHelmCmd = &cobra.Command{

cmd/flux/testdata/check/check_pre.golden

@@ -1,3 +1,3 @@
 ► checking prerequisites
-✔ Kubernetes {{ .serverVersion }} >=1.28.0-0
+✔ Kubernetes {{ .serverVersion }} >=1.26.0-0
 ✔ prerequisites checks passed

cmd/flux/testdata/create_hr/basic.yaml

@@ -1,15 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  chart:
-    spec:
-      chart: podinfo
-      reconcileStrategy: ChartVersion
-      sourceRef:
-        kind: HelmRepository
-        name: podinfo
-  interval: 1m0s

cmd/flux/testdata/create_hr/hc_basic.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  chartRef:
-    kind: HelmChart
-    name: podinfo
-  interval: 1m0s

cmd/flux/testdata/create_hr/or_basic.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  chartRef:
-    kind: OCIRepository
-    name: podinfo
-  interval: 1m0s

cmd/flux/testdata/create_hr/setup-source.yaml

@@ -1,39 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .fluxns }}
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  interval: 1m0s
-  provider: generic
-  type: oci
-  url: oci://ghcr.io/stefanprodan/charts
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmChart
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  interval: 1m0s
-  chart: podinfo
-  sourceRef:
-    kind: HelmRepository
-    name: podinfo
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
-metadata:
-  name: podinfo
-  namespace: flux-system
-spec:
-  interval: 10m
-  url: oci://ghcr.io/stefanprodan/manifests/podinfo
-  ref:
-    tag: latest

cmd/flux/testdata/create_secret/notation/secret-ca-crt.yaml

@@ -1,28 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: notation-config
-  namespace: my-namespace
-stringData:
-  ca.crt: ca-data-crt
-  trustpolicy.json: |
-    {
-        "version": "1.0",
-        "trustPolicies": [
-            {
-                "name": "fluxcd.io",
-                "registryScopes": [
-                    "*"
-                ],
-                "signatureVerification": {
-                    "level" : "strict"
-                },
-                "trustStores": [ "ca:fluxcd.io" ],
-                "trustedIdentities": [
-                    "*"
-                ]
-            }
-        ]
-    }
-

cmd/flux/testdata/create_secret/notation/secret-ca-multi.yaml

@@ -1,29 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: notation-config
-  namespace: my-namespace
-stringData:
-  ca.crt: ca-data-crt
-  ca.pem: ca-data-pem
-  trustpolicy.json: |
-    {
-        "version": "1.0",
-        "trustPolicies": [
-            {
-                "name": "fluxcd.io",
-                "registryScopes": [
-                    "*"
-                ],
-                "signatureVerification": {
-                    "level" : "strict"
-                },
-                "trustStores": [ "ca:fluxcd.io" ],
-                "trustedIdentities": [
-                    "*"
-                ]
-            }
-        ]
-    }
-

cmd/flux/testdata/create_secret/notation/secret-ca-pem.yaml

@@ -1,28 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: notation-config
-  namespace: my-namespace
-stringData:
-  ca.pem: ca-data-pem
-  trustpolicy.json: |
-    {
-        "version": "1.0",
-        "trustPolicies": [
-            {
-                "name": "fluxcd.io",
-                "registryScopes": [
-                    "*"
-                ],
-                "signatureVerification": {
-                    "level" : "strict"
-                },
-                "trustStores": [ "ca:fluxcd.io" ],
-                "trustedIdentities": [
-                    "*"
-                ]
-            }
-        ]
-    }
-

cmd/flux/testdata/create_secret/notation/test-ca.crt

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbDCCAlSgAwIBAgIUP7zhmTw5XTWLcgBGkBEsErMOkz4wDQYJKoZIhvcNAQEL
-BQAwWjELMAkGA1UEBhMCUk8xCzAJBgNVBAgMAkJVMRIwEAYDVQQHDAlCdWNoYXJl
-c3QxDzANBgNVBAoMBk5vdGFyeTEZMBcGA1UEAwwQc3RlZmFucHJvZGFuLmNvbTAe
-Fw0yNDAyMjUxMDAyMzZaFw0yOTAyMjQxMDAyMzZaMFoxCzAJBgNVBAYTAlJPMQsw
-CQYDVQQIDAJCVTESMBAGA1UEBwwJQnVjaGFyZXN0MQ8wDQYDVQQKDAZOb3Rhcnkx
-GTAXBgNVBAMMEHN0ZWZhbnByb2Rhbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDtH4oPi3SyX/DGv6NdjIvmApvD9eeSgsmHdwpAly8T9D2me+fx
-Z+wRNJmq4aq/A1anX+Sg28iwHzV+1WKpsHnjYzDAJSEYP2S8A5H1nGRKUoibdijw
-C3QBh5C75rjF/tmZVSX/Vgbf3HJJEsF4WUxWabLxoV2QLo7UlEsQd9+bSeKNMncx
-1+E6FdbRCrYo90iobvZJ8K/S2zCWq/JTeHfTnmSEDhx6nMJcaSjvMPn3zyauWcQw
-dDpkcaGiJ64fEJRT2OFxXv9u+vDmIMKzo/Wjbd+IzFj6YY4VisK88aU7tmDelnk5
-gQB9eu62PFoaVsYJp4VOhblFKvGJpQwbWB9BAgMBAAGjKjAoMA4GA1UdDwEB/wQE
-AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA
-6x+C6hAIbLwMvkNx4K5p7Qe/pLQR0VwQFAw10yr/5KSN+YKFpon6pQ0TebL7qll+
-uBGZvtQhN6v+DlnVqB7lvJKd+89isgirkkews5KwuXg7Gv5UPIugH0dXISZU8DMJ
-7J4oKREv5HzdFmfsUfNlQcfyVTjKL6UINXfKGdqNNxXxR9b4a1TY2JcmEhzBTHaq
-ZqX6HK784a0dB7aHgeFrFwPCCP4M684Hs7CFbk3jo2Ef4ljnB5AyWpe8pwCLMdRt
-UjSjL5xJWVQvRU+STQsPr6SvpokPCG4rLQyjgeYYk4CCj5piSxbSUZFavq8v1y7Y
-m91USVqfeUX7ZzjDxPHE2A==
------END CERTIFICATE-----

cmd/flux/testdata/create_secret/notation/test-ca2.crt

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbDCCAlSgAwIBAgIUP7zhmTw5XTWLcgBGkBEsErMOkz4wDQYJKoZIhvcNAQEL
-BQAwWjELMAkGA1UEBhMCUk8xCzAJBgNVBAgMAkJVMRIwEAYDVQQHDAlCdWNoYXJl
-c3QxDzANBgNVBAoMBk5vdGFyeTEZMBcGA1UEAwwQc3RlZmFucHJvZGFuLmNvbTAe
-Fw0yNDAyMjUxMDAyMzZaFw0yOTAyMjQxMDAyMzZaMFoxCzAJBgNVBAYTAlJPMQsw
-CQYDVQQIDAJCVTESMBAGA1UEBwwJQnVjaGFyZXN0MQ8wDQYDVQQKDAZOb3Rhcnkx
-GTAXBgNVBAMMEHN0ZWZhbnByb2Rhbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDtH4oPi3SyX/DGv6NdjIvmApvD9eeSgsmHdwpAly8T9D2me+fx
-Z+wRNJmq4aq/A1anX+Sg28iwHzV+1WKpsHnjYzDAJSEYP2S8A5H1nGRKUoibdijw
-C3QBh5C75rjF/tmZVSX/Vgbf3HJJEsF4WUxWabLxoV2QLo7UlEsQd9+bSeKNMncx
-1+E6FdbRCrYo90iobvZJ8K/S2zCWq/JTeHfTnmSEDhx6nMJcaSjvMPn3zyauWcQw
-dDpkcaGiJ64fEJRT2OFxXv9u+vDmIMKzo/Wjbd+IzFj6YY4VisK88aU7tmDelnk5
-gQB9eu62PFoaVsYJp4VOhblFKvGJpQwbWB9BAgMBAAGjKjAoMA4GA1UdDwEB/wQE
-AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA
-6x+C6hAIbLwMvkNx4K5p7Qe/pLQR0VwQFAw10yr/5KSN+YKFpon6pQ0TebL7qll+
-uBGZvtQhN6v+DlnVqB7lvJKd+89isgirkkews5KwuXg7Gv5UPIugH0dXISZU8DMJ
-7J4oKREv5HzdFmfsUfNlQcfyVTjKL6UINXfKGdqNNxXxR9b4a1TY2JcmEhzBTHaq
-ZqX6HK784a0dB7aHgeFrFwPCCP4M684Hs7CFbk3jo2Ef4ljnB5AyWpe8pwCLMdRt
-UjSjL5xJWVQvRU+STQsPr6SvpokPCG4rLQyjgeYYk4CCj5piSxbSUZFavq8v1y7Y
-m91USVqfeUX7ZzjDxPHE2A==
------END CERTIFICATE-----

cmd/flux/testdata/create_secret/notation/test-trust-policy.json

@@ -1,18 +0,0 @@
-{
-    "version": "1.0",
-    "trustPolicies": [
-        {
-            "name": "fluxcd.io",
-            "registryScopes": [
-                "*"
-            ],
-            "signatureVerification": {
-                "level" : "strict"
-            },
-            "trustStores": [ "ca:fluxcd.io" ],
-            "trustedIdentities": [
-                "*"
-            ]
-        }
-    ]
-}

cmd/flux/testdata/create_source_chart/basic.yaml

@@ -1,14 +0,0 @@
-✚ generating HelmChart source
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmChart
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  chart: podinfo
-  interval: 0s
-  reconcileStrategy: ChartVersion
-  sourceRef:
-    kind: HelmRepository
-    name: podinfo

cmd/flux/testdata/create_source_chart/setup-source.yaml

@@ -1,16 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .fluxns }}
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: podinfo
-  namespace: {{ .fluxns }}
-spec:
-  interval: 1m0s
-  provider: generic
-  type: oci
-  url: oci://ghcr.io/stefanprodan/charts