Merge pull request #173 from fluxcd/include-author-changelog

Include PR author in changelog

.github/actions/kustomize/Dockerfile

@@ -1,6 +0,0 @@
-FROM giantswarm/tiny-tools
-
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

.github/actions/kustomize/action.yml

@@ -1,9 +0,0 @@
-name: 'kustomize'
-description: 'A GitHub Action to run kustomize commands'
-author: 'Stefan Prodan'
-branding:
-  icon: 'command'
-  color: 'blue'
-runs:
-  using: 'docker'
-  image: 'Dockerfile'

.github/actions/kustomize/entrypoint.sh

@@ -1,12 +0,0 @@
-#!/bin/sh -l
-
-VERSION=3.5.4
-curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${VERSION}/kustomize_v${VERSION}_linux_amd64.tar.gz | tar xz
-
-mkdir -p $GITHUB_WORKSPACE/bin
-cp ./kustomize $GITHUB_WORKSPACE/bin
-chmod +x $GITHUB_WORKSPACE/bin/kustomize
-ls -lh $GITHUB_WORKSPACE/bin
-
-echo "::add-path::$GITHUB_WORKSPACE/bin"
-echo "::add-path::$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin"

.github/workflows/docs.yaml

@@ -16,7 +16,7 @@ jobs:
         env:
           SOURCE_VER: ${{ 'v0.0.10' }}
           KUSTOMIZE_VER: ${{ 'v0.0.8' }}
-          HELM_VER: ${{ 'v0.0.3' }}
+          HELM_VER: ${{ 'v0.0.4' }}
           NOTIFICATION_VER: ${{ 'v0.0.7' }}
         run: |
           # source-controller CRDs

.github/workflows/release.yaml

@@ -24,9 +24,9 @@ jobs:
       - name: Generate release notes
         run: |
           echo 'CHANGELOG' > /tmp/release.txt
-          github-release-notes -org fluxcd -repo toolkit -since-latest-release >> /tmp/release.txt
+          github-release-notes -org fluxcd -repo toolkit -since-latest-release -include-author >> /tmp/release.txt
       - name: Setup Kustomize
-        uses: ./.github/actions/kustomize
+        uses: fluxcd/pkg//actions/kustomize@master
       - name: Generate manifests tarball
         run: |
           mkdir -p ./output

cmd/tk/bootstrap_gitlab.go

@@ -57,13 +57,14 @@ the bootstrap command will perform an upgrade if needed.`,
 }
 
 var (
-	glOwner      string
-	glRepository string
-	glInterval   time.Duration
-	glPersonal   bool
-	glPrivate    bool
-	glHostname   string
-	glPath       string
+	glOwner       string
+	glRepository  string
+	glInterval    time.Duration
+	glPersonal    bool
+	glPrivate     bool
+	glHostname    string
+	glSSHHostname string
+	glPath        string
 )
 
 func init() {
@@ -73,6 +74,7 @@ func init() {
 	bootstrapGitLabCmd.Flags().BoolVar(&glPrivate, "private", true, "is private repository")
 	bootstrapGitLabCmd.Flags().DurationVar(&glInterval, "interval", time.Minute, "sync interval")
 	bootstrapGitLabCmd.Flags().StringVar(&glHostname, "hostname", git.GitLabDefaultHostname, "GitLab hostname")
+	bootstrapGitLabCmd.Flags().StringVar(&glSSHHostname, "ssh-hostname", "", "GitLab SSH hostname, defaults to hostname if not specified")
 	bootstrapGitLabCmd.Flags().StringVar(&glPath, "path", "", "repository path, when specified the cluster sync will be scoped to this path")
 
 	bootstrapCmd.AddCommand(bootstrapGitLabCmd)
@@ -89,6 +91,10 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if glSSHHostname != "" {
+		repository.SSHHost = glSSHHostname
+	}
+
 	provider := &git.GitLabProvider{
 		IsPrivate:  glPrivate,
 		IsPersonal: glPersonal,

docs/cmd/tk_bootstrap_gitlab.md

@@ -37,14 +37,15 @@ tk bootstrap gitlab [flags]
 ### Options
 
 ```
-  -h, --help                help for gitlab
-      --hostname string     GitLab hostname (default "gitlab.com")
-      --interval duration   sync interval (default 1m0s)
-      --owner string        GitLab user or group name
-      --path string         repository path, when specified the cluster sync will be scoped to this path
-      --personal            is personal repository
-      --private             is private repository (default true)
-      --repository string   GitLab repository name
+  -h, --help                  help for gitlab
+      --hostname string       GitLab hostname (default "gitlab.com")
+      --interval duration     sync interval (default 1m0s)
+      --owner string          GitLab user or group name
+      --path string           repository path, when specified the cluster sync will be scoped to this path
+      --personal              is personal repository
+      --private               is private repository (default true)
+      --repository string     GitLab repository name
+      --ssh-hostname string   GitLab SSH hostname, defaults to hostname if not specified
 ```
 
 ### Options inherited from parent commands

docs/components/notification/controller.md

@@ -4,7 +4,7 @@ The Notification Controller is a Kubernetes operator, specialized in handling in
 
 ![](../../_files/notification-controller.png)
 
-The controller handles events coming from external systems (GitHub, GitLab, Bitbucket, Harbour, Jenkins, etc)
+The controller handles events coming from external systems (GitHub, GitLab, Bitbucket, Harbor, Jenkins, etc)
 and notifies the GitOps toolkit controllers about source changes.
 
 The controller handles events emitted by the GitOps toolkit controllers (source, kustomize, helm)

docs/guides/helmreleases.md

@@ -87,7 +87,7 @@ artifact of the referenced `HelmRepository`, fetch the chart, and make
 it available as a `HelmChart` artifact to be used by the
 helm-controller.
 
-!!! Note
+!!! hint "Advanced configuration"
     The `HelmRelease` offers an extensive set of configurable flags
     for finer grain control over how Helm actions are performed.
     See the [`HelmRelease` CRD docs](../components/helm/helmreleases.md)
@@ -106,9 +106,11 @@ spec:
   valuesFrom:
   - kind: ConfigMap
     name: prod-env-values
+    valuesKey: values-prod.yaml
   - kind: Secret
-    name: prod-secret-values
-    valuesKey: secret.yaml
+    name: prod-tls-values
+    valuesKey: crt
+    targetPath: tls.crt
 ```
 
 The definition of the listed keys is as follows:
@@ -116,8 +118,20 @@ The definition of the listed keys is as follows:
 - `kind`: Kind of the values referent (`ConfigMap` or `Secret`).
 - `name`: Name of the values referent, in the same namespace as the
   `HelmRelease`.
-- `valuesKey` _(Optional)_: The key in the referent the values can be
-  found at. Defaults to `values.yaml` when ommitted.
+- `valuesKey` _(Optional)_: The data key where the values.yaml or a
+   specific value can be found. Defaults to `values.yaml` when omitted.
+- `targetPath` _(Optional)_: The YAML dot notation path at which the
+   value should be merged. When set, the `valuesKey` is expected to be
+   a single flat value. Defaults to `None` when omitted, which results
+   in the values getting merged at the root.
+
+!!! hint "Note"
+    The `targetPath` supports the same formatting as you would supply
+    as an argument to the `helm` binary using `--set [path]=[value]`.
+    In addition to this, the referred value can contain the same
+    value formats (e.g. `{a,b,c}` for a list).
+    You can read more about the available formats and limitations in
+    the [Helm documentation](https://helm.sh/docs/intro/using_helm/#the-format-and-limitations-of---set).
 
 ## Configure notifications
 

docs/guides/webhook-receivers.md

@@ -15,7 +15,7 @@ or the [installation guide](installation.md).
 
 The [notification controller](../components/notification/controller.md)
 can handle events coming from external systems
-(GitHub, GitLab, Bitbucket, Harbour, Jenkins, etc)
+(GitHub, GitLab, Bitbucket, Harbor, Jenkins, etc)
 and notify the GitOps toolkit controllers about source changes.
 The notification controller is part of the default toolkit installation.
 
@@ -107,7 +107,7 @@ spec:
 ```
 
 !!! hint "Note"
-    Besides GitHub, you can define receivers for **GitLab**, **Bitbucket**, **Harbour**
+    Besides GitHub, you can define receivers for **GitLab**, **Bitbucket**, **Harbor**
     and any other system that supports webhooks e.g. Jenkins, CircleCI, etc.
     See the [Receiver CRD docs](../components/notification/receiver.md) for more details.
 

docs/roadmap/index.md

@@ -65,28 +65,29 @@ Tasks
 
 ### Helm v3 feature parity
 
-[= 50% "50%"]
+[= 70% "70%"]
 
 Goals
 
--  Offer a migration guide for those that are using Helm Operator with Helm v3 and Helm repositories
+-  Offer a migration guide for those that are using Helm Operator with Helm v3 and charts from
+   Helm and Git repositories
 
 Non-Goals
 
 -  Migrate users that are using Helm v2
 
-Stretch-Goals
-
--  [Migrate users that are using Helm charts from Git](https://github.com/fluxcd/toolkit/discussions/75#discussioncomment-38589)
-
 Tasks
 
 - [x]  <span style="color:grey">Implement a Helm controller for Helm v3 covering all the current release options</span>
-- [ ]  Discuss and design Helm releases based on source API:
-    * [ ]  [Providing values from sources](https://github.com/fluxcd/toolkit/discussions/100)
-    * [ ]  [Conditional remediation on failed Helm actions](https://github.com/fluxcd/toolkit/discussions/102)
-    * [ ]  [Support running Helm test actions on an interval](https://github.com/fluxcd/toolkit/discussions/103)
+- [x]  <span style="color:grey">Discuss and design Helm releases based on source API:</span>
+    * [x]  <span style="color:grey">Providing values from sources</span>
+    * [x]  <span style="color:grey">Conditional remediation on failed Helm actions</span>
+    * [x]  <span style="color:grey">Support for Helm charts from Git</span>
 - [x]  <span style="color:grey">Review the Helm release, chart and repository APIs</span>
 - [x]  <span style="color:grey">Implement events in Helm controller</span>
 - [x]  <span style="color:grey">Implement Prometheus metrics in Helm controller</span>
+- [x]  <span style="color:grey">Implement support for values from `Secret` and `ConfigMap` resources</span>
+- [ ]  [Implement conditional remediation on (failed) Helm actions](https://github.com/fluxcd/helm-controller/issues/41)
+- [ ]  [Implement support for Helm charts from Git](https://github.com/fluxcd/source-controller/issues/56)
+- [ ]  [Implement support for referring to an alternative chart values file](https://github.com/fluxcd/helm-controller/issues/4)
 - [ ]  Create a migration guide for Helm Operator users

go.mod

@@ -4,9 +4,9 @@ go 1.14
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/fluxcd/helm-controller/api v0.0.3
+	github.com/fluxcd/helm-controller/api v0.0.4
 	github.com/fluxcd/kustomize-controller/api v0.0.8
-	github.com/fluxcd/pkg/git v0.0.5
+	github.com/fluxcd/pkg/git v0.0.6
 	github.com/fluxcd/pkg/ssh v0.0.5
 	github.com/fluxcd/pkg/untar v0.0.5
 	github.com/fluxcd/source-controller/api v0.0.10

go.sum

@@ -110,12 +110,12 @@ github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi
 github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/helm-controller/api v0.0.3 h1:W3/XAKjd6QOu6NG1KXsDXFlgEAukygLK8fhrAshtoyY=
-github.com/fluxcd/helm-controller/api v0.0.3/go.mod h1:YCQhNz7LkYyBGxDdMGSRK78nvhuHV2x/lrn2vuRlBNE=
+github.com/fluxcd/helm-controller/api v0.0.4 h1:ZV+VGQg8ch3icvIl/BJZDfGwV61a2jRlB2B0jLmyMCA=
+github.com/fluxcd/helm-controller/api v0.0.4/go.mod h1:YCQhNz7LkYyBGxDdMGSRK78nvhuHV2x/lrn2vuRlBNE=
 github.com/fluxcd/kustomize-controller/api v0.0.8 h1:Yi5/MZuS2jXiRV73fuUkBCyRTuG0yx2HJTpWZaM+WHA=
 github.com/fluxcd/kustomize-controller/api v0.0.8/go.mod h1:c4035rZrt2p3RExpLe64ASVEvePm7FjiY4PzHKpRJXI=
-github.com/fluxcd/pkg/git v0.0.5 h1:6ahtjxZid8r94jmfOf1JUO42jX98FgdzBHrOaTGMCqY=
-github.com/fluxcd/pkg/git v0.0.5/go.mod h1:9AI9yPkb2ruIcE70moVG3WhunA2/RAMJPc3rtoH8QFE=
+github.com/fluxcd/pkg/git v0.0.6 h1:4qktw8M3zj98MAs4ny6qSi36sYvTiI1czif5FqlQl4o=
+github.com/fluxcd/pkg/git v0.0.6/go.mod h1:9AI9yPkb2ruIcE70moVG3WhunA2/RAMJPc3rtoH8QFE=
 github.com/fluxcd/pkg/ssh v0.0.5 h1:rnbFZ7voy2JBlUfMbfyqArX2FYaLNpDhccGFC3qW83A=
 github.com/fluxcd/pkg/ssh v0.0.5/go.mod h1:7jXPdXZpc0ttMNz2kD9QuMi3RNn/e0DOFbj0Tij/+Hs=
 github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7gk=

install/tk.sh

@@ -1,51 +1,183 @@
 #!/usr/bin/env bash
-
 set -e
 
 DEFAULT_BIN_DIR="/usr/local/bin"
-BIN_DIR=${1:-"$DEFAULT_BIN_DIR"}
+BIN_DIR=${1:-"${DEFAULT_BIN_DIR}"}
+GITHUB_REPO="fluxcd/toolkit"
 
-opsys=""
-if [[ "$OSTYPE" == linux* ]]; then
-  opsys=linux
-elif [[ "$OSTYPE" == darwin* ]]; then
-  opsys=darwin
-fi
-
-if [[ "$opsys" == "" ]]; then
-  echo "OS $OSTYPE not supported"
-  exit 1
-fi
-
-if [[ ! -x "$(command -v curl)" ]]; then
-    echo "curl not found"
-    exit 1
-fi
-
-tmpDir=`mktemp -d`
-if [[ ! "$tmpDir" || ! -d "$tmpDir" ]]; then
-  echo "could not create temp dir"
-  exit 1
-fi
-
-function cleanup {
-  rm -rf "$tmpDir"
+# Helper functions for logs
+info() {
+    echo '[INFO] ' "$@"
 }
 
-trap cleanup EXIT
+warn() {
+    echo '[WARN] ' "$@" >&2
+}
 
-pushd $tmpDir >& /dev/null
+fatal() {
+    echo '[ERROR] ' "$@" >&2
+    exit 1
+}
 
-curl -s https://api.github.com/repos/fluxcd/toolkit/releases/latest |\
-  grep browser_download |\
-  grep $opsys |\
-  cut -d '"' -f 4 |\
-  xargs curl -sL -o tk.tar.gz
+# Set os, fatal if operating system not supported
+setup_verify_os() {
+    if [[ -z "${OS}" ]]; then
+        OS=$(uname)
+    fi
+    case ${OS} in
+        Darwin)
+            OS=darwin
+            ;;
+        Linux)
+            OS=linux
+            ;;
+        *)
+            fatal "Unsupported operating system ${OS}"
+    esac
+}
 
-tar xzf ./tk.tar.gz
+# Set arch, fatal if architecture not supported
+setup_verify_arch() {
+    if [[ -z "${ARCH}" ]]; then
+        ARCH=$(uname -m)
+    fi
+    case ${ARCH} in
+        amd64)
+            ARCH=amd64
+            ;;
+        x86_64)
+            ARCH=amd64
+            ;;
+        *)
+            fatal "Unsupported architecture ${ARCH}"
+    esac
+}
 
-mv ./tk $BIN_DIR
+# Verify existence of downloader executable
+verify_downloader() {
+    # Return failure if it doesn't exist or is no executable
+    [[ -x "$(which "$1")" ]] || return 1
 
-popd >& /dev/null
+    # Set verified executable as our downloader program and return success
+    DOWNLOADER=$1
+    return 0
+}
 
-echo "$(tk --version) installed"
+# Create tempory directory and cleanup when done
+setup_tmp() {
+    TMP_DIR=$(mktemp -d -t tk-install.XXXXXXXXXX)
+    TMP_METADATA="${TMP_DIR}/tk.json"
+    TMP_HASH="${TMP_DIR}/tk.hash"
+    TMP_BIN="${TMP_DIR}/tk.tar.gz"
+    cleanup() {
+        code=$?
+        set +e
+        trap - EXIT
+        rm -rf "${TMP_DIR}"
+        exit ${code}
+    }
+    trap cleanup INT EXIT
+}
+
+# Find version from Github metadata
+get_release_version() {
+    METADATA_URL="https://api.github.com/repos/${GITHUB_REPO}/releases/latest"
+
+    info "Downloading metadata ${METADATA_URL}"
+    download "${TMP_METADATA}" "${METADATA_URL}"
+
+    VERSION_TK=$(grep '"tag_name":' "${TMP_METADATA}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
+    if [[ -n "${VERSION_TK}" ]]; then
+        info "Using ${VERSION_TK} as release"
+    else
+        fatal "Unable to determine release version"
+    fi
+}
+
+# Download from file from URL
+download() {
+    [[ $# -eq 2 ]] || fatal 'download needs exactly 2 arguments'
+
+    case $DOWNLOADER in
+        curl)
+            curl -o "$1" -sfL "$2"
+            ;;
+        wget)
+            wget -qO "$1" "$2"
+            ;;
+        *)
+            fatal "Incorrect executable '${DOWNLOADER}'"
+            ;;
+    esac
+
+    # Abort if download command failed
+    [[ $? -eq 0 ]] || fatal 'Download failed'
+}
+
+# Download hash from Github URL
+download_hash() {
+    HASH_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_TK}/toolkit_${VERSION_TK}_checksums.txt"
+    info "Downloading hash ${HASH_URL}"
+    download "${TMP_HASH}" "${HASH_URL}"
+    HASH_EXPECTED=$(grep " tk_${VERSION_TK}_${OS}_${ARCH}.tar.gz$" "${TMP_HASH}")
+    HASH_EXPECTED=${HASH_EXPECTED%%[[:blank:]]*}
+}
+
+# Download binary from Github URL
+download_binary() {
+    BIN_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_TK}/tk_${VERSION_TK}_${OS}_${ARCH}.tar.gz"
+    info "Downloading binary ${BIN_URL}"
+    download "${TMP_BIN}" "${BIN_URL}"
+}
+
+compute_sha256sum() {
+  cmd=$(which sha256sum shasum | head -n 1)
+  case $(basename "$cmd") in
+    sha256sum)
+      sha256sum "$1" | cut -f 1 -d ' '
+      ;;
+    shasum)
+      shasum -a 256 "$1" | cut -f 1 -d ' '
+      ;;
+    *)
+      fatal "Can not find sha256sum or shasum to compute checksum"
+      ;;
+  esac
+}
+
+# Verify downloaded binary hash
+verify_binary() {
+    info "Verifying binary download"
+    HASH_BIN=$(compute_sha256sum "${TMP_BIN}")
+    HASH_BIN=${HASH_BIN%%[[:blank:]]*}
+    if [[ "${HASH_EXPECTED}" != "${HASH_BIN}" ]]; then
+        fatal "Download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}"
+    fi
+}
+
+# Setup permissions and move binary
+setup_binary() {
+    chmod 755 "${TMP_BIN}"
+    info "Installing tk to ${BIN_DIR}/tk"
+    tar -xzf "${TMP_BIN}" -C "${TMP_DIR}"
+
+    local CMD_MOVE="mv -f \"${TMP_DIR}/tk\" \"${BIN_DIR}\""
+    if [[ -w "${BIN_DIR}" ]]; then
+        eval "${CMD_MOVE}"
+    else
+        eval "sudo ${CMD_MOVE}"
+    fi
+}
+
+# Run the install process
+{
+    setup_verify_os
+    setup_verify_arch
+    verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
+    setup_tmp
+    get_release_version
+    download_hash
+    download_binary
+    verify_binary
+    setup_binary
+}

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.3
-- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.3
+- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.4
+- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.4
 patchesJson6902:
 - target:
     group: apps