Merge pull request #1262 from fluxcd/reconcile-opt

Put potentially destructive reconcile behind flag
2026-03-01 19:26:55 +00:00 · 2021-04-13 17:38:35 +02:00 · 2021-04-13 17:19:19 +02:00 · 2021-04-13 15:17:38 +03:00 · 2021-04-13 13:17:36 +03:00 · 2021-04-13 09:26:29 +03:00
8 changed files with 77 additions and 30 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,6 +53,17 @@ jobs:
          make cmd/flux/manifests
          ./manifests/scripts/bundle.sh "" ./output manifests.tar.gz
          kustomize build ./manifests/install > ./output/install.yaml
+      - name: Build CRDs
+        run: |
+          kustomize build manifests/crds > all-crds.yaml
+      - name: Generate OpenAPI JSON schemas from CRDs
+        uses: fluxcd/pkg//actions/crdjsonschema@main
+        with:
+          crd: all-crds.yaml
+          output: schemas
+      - name: Archive the OpenAPI JSON schemas
+        run: |
+          tar -czvf ./output/crd-schemas.tar.gz -C schemas .
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v1
        with:
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -72,6 +72,7 @@ publishers:
      .github/aur/flux-go/publish.sh {{ .Version }}
 release:
  extra_files:
+    - glob: ./output/crd-schemas.tar.gz
    - glob: ./output/manifests.tar.gz
    - glob: ./output/install.yaml
 dockers:
--- a/cmd/flux/bootstrap_github.go
+++ b/cmd/flux/bootstrap_github.go
@@ -80,6 +80,7 @@ type githubFlags struct {
 	path         flags.SafeRelativePath
 	teams        []string
 	readWriteKey bool
+	reconcile    bool
 }

 const (
@@ -95,11 +96,12 @@ func init() {
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.repository, "repository", "", "GitHub repository name")
 	bootstrapGitHubCmd.Flags().StringArrayVar(&githubArgs.teams, "team", []string{}, "GitHub team to be given maintainer access")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.personal, "personal", false, "if true, the owner is assumed to be a GitHub user; otherwise an org")
-	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.private, "private", true, "if true, the repository is assumed to be private")
+	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.private, "private", true, "if true, the repository is setup or configured as private")
 	bootstrapGitHubCmd.Flags().DurationVar(&githubArgs.interval, "interval", time.Minute, "sync interval")
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.hostname, "hostname", ghDefaultDomain, "GitHub hostname")
 	bootstrapGitHubCmd.Flags().Var(&githubArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.readWriteKey, "read-write-key", false, "if true, the deploy key is configured with read/write permissions")
+	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.reconcile, "reconcile", false, "if true, the configured options are also reconciled if the repository already exists")

 	bootstrapCmd.AddCommand(bootstrapGitHubCmd)
 }
@@ -235,6 +237,9 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	if !githubArgs.private {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
 	}
+	if githubArgs.reconcile {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithReconcile())
+	}

 	// Setup bootstrapper with constructed configs
 	b, err := bootstrap.NewGitProviderBootstrapper(gitClient, providerClient, kubeClient, bootstrapOpts...)
--- a/cmd/flux/bootstrap_gitlab.go
+++ b/cmd/flux/bootstrap_gitlab.go
@@ -86,6 +86,7 @@ type gitlabFlags struct {
 	path         flags.SafeRelativePath
 	teams        []string
 	readWriteKey bool
+	reconcile    bool
 }

 var gitlabArgs gitlabFlags
@@ -95,11 +96,12 @@ func init() {
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.repository, "repository", "", "GitLab repository name")
 	bootstrapGitLabCmd.Flags().StringArrayVar(&gitlabArgs.teams, "team", []string{}, "GitLab teams to be given maintainer access")
 	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.personal, "personal", false, "if true, the owner is assumed to be a GitLab user; otherwise a group")
-	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.private, "private", true, "if true, the repository is assumed to be private")
+	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.private, "private", true, "if true, the repository is setup or configured as private")
 	bootstrapGitLabCmd.Flags().DurationVar(&gitlabArgs.interval, "interval", time.Minute, "sync interval")
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.hostname, "hostname", glDefaultDomain, "GitLab hostname")
 	bootstrapGitLabCmd.Flags().Var(&gitlabArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.readWriteKey, "read-write-key", false, "if true, the deploy key is configured with read/write permissions")
+	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.reconcile, "reconcile", false, "if true, the configured options are also reconciled if the repository already exists")

 	bootstrapCmd.AddCommand(bootstrapGitLabCmd)
 }
@@ -251,6 +253,9 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	if !gitlabArgs.private {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
 	}
+	if gitlabArgs.reconcile {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithReconcile())
+	}

 	// Setup bootstrapper with constructed configs
 	b, err := bootstrap.NewGitProviderBootstrapper(gitClient, providerClient, kubeClient, bootstrapOpts...)
--- a/docs/cmd/flux_bootstrap_github.md
+++ b/docs/cmd/flux_bootstrap_github.md
@@ -54,8 +54,9 @@ flux bootstrap github [flags]
      --owner string            GitHub user or organization name
      --path safeRelativePath   path relative to the repository root, when specified the cluster sync will be scoped to this path
      --personal                if true, the owner is assumed to be a GitHub user; otherwise an org
-      --private                 if true, the repository is assumed to be private (default true)
+      --private                 if true, the repository is setup or configured as private (default true)
      --read-write-key          if true, the deploy key is configured with read/write permissions
+      --reconcile               if true, the configured options are also reconciled if the repository already exists
      --repository string       GitHub repository name
      --team stringArray        GitHub team to be given maintainer access
 ```
--- a/docs/cmd/flux_bootstrap_gitlab.md
+++ b/docs/cmd/flux_bootstrap_gitlab.md
@@ -51,8 +51,9 @@ flux bootstrap gitlab [flags]
      --owner string            GitLab user or group name
      --path safeRelativePath   path relative to the repository root, when specified the cluster sync will be scoped to this path
      --personal                if true, the owner is assumed to be a GitLab user; otherwise a group
-      --private                 if true, the repository is assumed to be private (default true)
+      --private                 if true, the repository is setup or configured as private (default true)
      --read-write-key          if true, the deploy key is configured with read/write permissions
+      --reconcile               if true, the configured options are also reconciled if the repository already exists
      --repository string       GitLab repository name
      --team stringArray        GitLab teams to be given maintainer access
 ```
--- a/internal/bootstrap/bootstrap_provider.go
+++ b/internal/bootstrap/bootstrap_provider.go
@@ -45,6 +45,8 @@ type GitProviderBootstrapper struct {
 	defaultBranch string
 	visibility    string

+	reconcile bool
+
 	teams map[string]string

 	readWriteKey bool
@@ -168,6 +170,16 @@ func (o sshHostnameOption) applyGitProvider(b *GitProviderBootstrapper) {
 	b.sshHostname = string(o)
 }

+func WithReconcile() GitProviderOption {
+	return reconcileOption(true)
+}
+
+type reconcileOption bool
+
+func (o reconcileOption) applyGitProvider(b *GitProviderBootstrapper) {
+	b.reconcile = true
+}
+
 func (b *GitProviderBootstrapper) ReconcileSyncConfig(ctx context.Context, options sync.Options) error {
 	repo, err := b.getRepository(ctx)
 	if err != nil {
@@ -279,18 +291,20 @@ func (b *GitProviderBootstrapper) reconcileOrgRepository(ctx context.Context) (g
 		b.logger.Successf("repository %q created", repoRef.String())
 	}

-	// Set default branch before calling Reconcile due to bug described
-	// above.
-	repoInfo.DefaultBranch = repo.Get().DefaultBranch
 	var changed bool
-	if err = retry(1, 2*time.Second, func() (err error) {
-		repo, changed, err = b.provider.OrgRepositories().Reconcile(ctx, repoRef, repoInfo)
-		return
-	}); err != nil {
-		return nil, fmt.Errorf("failed to reconcile Git repository %q: %w", repoRef.String(), err)
-	}
-	if changed {
-		b.logger.Successf("repository %q reconciled", repoRef.String())
+	if b.reconcile {
+		// Set default branch before calling Reconcile due to bug described
+		// above.
+		repoInfo.DefaultBranch = repo.Get().DefaultBranch
+		if err = retry(1, 2*time.Second, func() (err error) {
+			repo, changed, err = b.provider.OrgRepositories().Reconcile(ctx, repoRef, repoInfo)
+			return
+		}); err != nil {
+			return nil, fmt.Errorf("failed to reconcile Git repository %q: %w", repoRef.String(), err)
+		}
+		if changed {
+			b.logger.Successf("repository %q reconciled", repoRef.String())
+		}
 	}

 	// Build the team access config
@@ -343,27 +357,27 @@ func (b *GitProviderBootstrapper) reconcileUserRepository(ctx context.Context) (
 		// of the available Reconcile methods, and setting e.g. the default
 		// branch correctly. Resort to Create with AutoInit until this has
 		// been resolved.
-		repo, err = b.provider.UserRepositories().Create(ctx, repoRef, repoInfo, &gitprovider.RepositoryCreateOptions{
-			AutoInit: gitprovider.BoolVar(true),
-		})
+		repo, err = b.provider.UserRepositories().Create(ctx, repoRef, repoInfo, &gitprovider.RepositoryCreateOptions{})
 		if err != nil {
 			return nil, fmt.Errorf("failed to create new Git repository %q: %w", repoRef.String(), err)
 		}
 		b.logger.Successf("repository %q created", repoRef.String())
 	}

-	// Set default branch before calling Reconcile due to bug described
-	// above.
-	repoInfo.DefaultBranch = repo.Get().DefaultBranch
-	var changed bool
-	if err = retry(1, 2*time.Second, func() (err error) {
-		repo, changed, err = b.provider.UserRepositories().Reconcile(ctx, repoRef, repoInfo)
-		return
-	}); err != nil {
-		return nil, fmt.Errorf("failed to reconcile Git repository %q: %w", repoRef.String(), err)
-	}
-	if changed {
-		b.logger.Successf("repository %q reconciled", repoRef.String())
+	if b.reconcile {
+		// Set default branch before calling Reconcile due to bug described
+		// above.
+		repoInfo.DefaultBranch = repo.Get().DefaultBranch
+		var changed bool
+		if err = retry(1, 2*time.Second, func() (err error) {
+			repo, changed, err = b.provider.UserRepositories().Reconcile(ctx, repoRef, repoInfo)
+			return
+		}); err != nil {
+			return nil, fmt.Errorf("failed to reconcile Git repository %q: %w", repoRef.String(), err)
+		}
+		if changed {
+			b.logger.Successf("repository %q reconciled", repoRef.String())
+		}
 	}

 	return repo, nil
--- a/manifests/crds/kustomization.yaml
+++ b/manifests/crds/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- https://github.com/fluxcd/kustomize-controller/releases/download/v0.11.0/kustomize-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.11.0/source-controller.crds.yaml
+- https://github.com/fluxcd/helm-controller/releases/download/v0.9.0/helm-controller.crds.yaml
+- https://github.com/fluxcd/notification-controller/releases/download/v0.12.0/notification-controller.crds.yaml
+- https://github.com/fluxcd/image-reflector-controller/releases/download/v0.8.0/image-reflector-controller.crds.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.8.0/image-automation-controller.crds.yaml
Author	SHA1	Message	Date
Hidde Beydals	7dcf884e38	Merge pull request #1262 from fluxcd/reconcile-opt Put potentially destructive reconcile behind flag	2021-04-13 17:38:35 +02:00
Hidde Beydals	b6d349da8c	Put potentially destructive reconcile behind flag The behavior introduced during the introduction of go-git-providers was more strict, and has proven pretty quickly to not be useful to all users. Therefore, the reconciliation behavior for repository configuration has been put behind an opt-in flag, so that it does not overwrite people their configs by accident. Signed-off-by: Hidde Beydals <hello@hidde.co>	2021-04-13 17:19:19 +02:00
Stefan Prodan	40ce3d50c2	Merge pull request #1256 from fluxcd/openapi2jsonschema Publish OpenAPI schemas for Flux CRDs	2021-04-13 15:17:38 +03:00
Stefan Prodan	68046067c5	Generate OpenAPI schema in CI Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-04-13 13:17:36 +03:00
Stefan Prodan	e3b12a8a24	Merge pull request #1253 from fluxcd/btstrp-private-flag Change private flag description	2021-04-13 09:26:29 +03:00
Hidde Beydals	f123b9d3cb	Change private flag description To highlight the fact that it configures the repository as defined, which was not _really_ clear to some users and has resulted in public repositories accidentally being changed to private (losing important goodies like stars and linked forks). Discussion on this is ongoing and there will likely be other improvements in the near future to protect users against this. Signed-off-by: Hidde Beydals <hello@hidde.co>	2021-04-12 13:19:46 +02:00