Merge pull request #1336 from fluxcd/update-components

To ensure the `go.sum` is always up-to-date when the following `go mod
edit` is executed.

Signed-off-by: Hidde Beydals <hello@hidde.co>

.github/workflows/update.yaml

@@ -42,6 +42,8 @@ jobs:
 
             if [[ "${MOD_VERSION}" != "${LATEST_VERSION}" ]]; then
               go mod edit -require="github.com/fluxcd/$1/api@${LATEST_VERSION}"
+              rm go.sum
+              go mod tidy
               changed=true
             fi
 
@@ -59,9 +61,6 @@ jobs:
             bump_version image-reflector-controller
             bump_version image-automation-controller
 
-            # add missing and remove unused modules
-            go mod tidy
-
             # diff change
             git diff
 
@@ -73,21 +72,21 @@ jobs:
         id: cpr
         uses: peter-evans/create-pull-request@v3
         with:
-            token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
-            commit-message: |
+          commit-message: |
-              Update toolkit components
+            Update toolkit components
 
-              ${{ steps.update.outputs.pr_body }}
+            ${{ steps.update.outputs.pr_body }}
-            committer: GitHub <noreply@github.com>
+          committer: GitHub <noreply@github.com>
-            author: fluxcdbot <fluxcdbot@users.noreply.github.com>
+          author: fluxcdbot <fluxcdbot@users.noreply.github.com>
-            signoff: true
+          signoff: true
-            branch: update-components
+          branch: update-components
-            title: Update toolkit components
+          title: Update toolkit components
-            body: |
+          body: |
-              ${{ steps.update.outputs.pr_body }}
+            ${{ steps.update.outputs.pr_body }}
-            labels: |
+          labels: |
-              area/build
+            area/build
-            reviewers: ${{ secrets.ASSIGNEES }}
+          reviewers: ${{ secrets.ASSIGNEES }}
 
       - name: Check output
         run: |

cmd/flux/create_helmrelease.go

@@ -116,6 +116,7 @@ type helmReleaseFlags struct {
 	valuesFiles     []string
 	valuesFrom      flags.HelmReleaseValuesFrom
 	saName          string
+	crds            flags.CRDsPolicy
 }
 
 var helmReleaseArgs helmReleaseFlags
@@ -130,6 +131,7 @@ func init() {
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.saName, "service-account", "", "the name of the service account to impersonate when reconciling this HelmRelease")
 	createHelmReleaseCmd.Flags().StringArrayVar(&helmReleaseArgs.valuesFiles, "values", nil, "local path to values.yaml files")
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.valuesFrom, "values-from", helmReleaseArgs.valuesFrom.Description())
+	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.crds, "crds", helmReleaseArgs.crds.Description())
 	createCmd.AddCommand(createHelmReleaseCmd)
 }
 
@@ -184,6 +186,11 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		helmRelease.Spec.ServiceAccountName = helmReleaseArgs.saName
 	}
 
+	if helmReleaseArgs.crds != "" {
+		helmRelease.Spec.Install = &helmv2.Install{CRDs: helmv2.Create}
+		helmRelease.Spec.Upgrade = &helmv2.Upgrade{CRDs: helmv2.CRDsPolicy(helmReleaseArgs.crds.String())}
+	}
+
 	if len(helmReleaseArgs.valuesFiles) > 0 {
 		valuesMap := make(map[string]interface{})
 		for _, v := range helmReleaseArgs.valuesFiles {

docs/cmd/flux_create_helmrelease.md

@@ -81,6 +81,7 @@ flux create helmrelease [name] [flags]
 ```
       --chart string                        Helm chart name or path
       --chart-version string                Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)
+      --crds crds                           upgrade CRDs policy, available options are: (Skip, Create, CreateReplace)
       --depends-on stringArray              HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'
   -h, --help                                help for helmrelease
       --release-name string                 name used for the Helm release, defaults to a composition of '[<target-namespace>-]<HelmRelease-name>'

docs/guides/sealed-secrets.md

@@ -52,11 +52,12 @@ flux create helmrelease sealed-secrets \
 --target-namespace=flux-system \
 --source=HelmRepository/sealed-secrets \
 --chart=sealed-secrets \
---chart-version="1.13.x"
+--chart-version=">=1.15.0-0" \
+--crds=CreateReplace
 ```
 
-With chart version `1.13.x` we configure helm-controller to automatically upgrade the release
+With chart version `>=1.15.0-0` we configure helm-controller to automatically upgrade the release
-when a new chart patch version is fetched by source-controller.
+when a new chart version is fetched by source-controller.
 
 At startup, the sealed-secrets controller generates a 4096-bit RSA key pair and 
 persists the private and public keys as Kubernetes secrets in the `flux-system` namespace.
@@ -119,11 +120,11 @@ Helm repository manifest:
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: HelmRepository
 metadata:
-  name: stable
+  name: sealed-secrets
   namespace: flux-system
 spec:
   interval: 1h0m0s
-  url: https://charts.helm.sh/stable
+  url: https://bitnami-labs.github.io/sealed-secrets
 ```
 
 Helm release manifest:
@@ -140,11 +141,15 @@ spec:
       chart: sealed-secrets
       sourceRef:
         kind: HelmRepository
-        name: stable
+        name: sealed-secrets
-      version: "1.13.x"
+      version: ">=1.15.0-0"
   interval: 1h0m0s
   releaseName: sealed-secrets
   targetNamespace: flux-system
+  install:
+    crds: Create
+  upgrade:
+    crds: CreateReplace
 ```
 
 !!! hint

docs/guides/sortable-image-tags.md

@@ -36,6 +36,7 @@ $ date +%s
 Alternatively, you can use a serial number as part of the tag.  Some CI platforms will provide a
 build number in an environment variable, but that may not be reliable to use as a serial number --
 check the platform documentation.
+For example, Github makes availabe the variable `github.run_number` which can be used as a reliable ever increasing serial number.
 
 A commit count can be a reasonable stand-in for a serial number, if you build an image per commit
 and you don't rewrite the branch in question:
@@ -105,6 +106,39 @@ jobs:
             ${{ env.IMAGE }}:${{ steps.prep.outputs.BUILD_ID }}
 ```
 
+### Alternative example utilizing github.run_number
+
+Here is another example example of a [GitHub Actions job][gha-syntax] which tags images using Github action's built in `run_number`
+and the git SHA1:
+
+```yaml
+jobs:
+  build-push:
+    env:
+        IMAGE: org/my-app
+    runs-on: ubuntu-latest
+    steps:
+    # These are prerequisites for the docker build step
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+    - name: Login to DockerHub
+      uses: docker/login-action@v1
+      with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Build and publish container image with tag
+      uses: docker/build-push-action@v2
+      with:
+          push: true
+          context: .
+          file: ./Dockerfile
+          tags: |
+            ${{ env.IMAGE }}:${{ github.sha }}-${{ github.run_number }}
+```
+
 ## Using in an `ImagePolicy` object
 
 When creating an `ImagePolicy` object, you will need to extract just the timestamp part of the tag,
@@ -112,7 +146,7 @@ using the `tagFilter` field. You can filter for a particular branch to restrict
 built from that branch.
 
 Here is an example that filters for only images built from `main` branch, and selects the most
-recent according the timestamp (created with `date +%s`):
+recent according to a timestamp (created with `date +%s`) or according to the run number (`github.run_number` for example):
 
 ```yaml
 apiVersion: image.toolkit.fluxcd.io/v1alpha2
@@ -124,6 +158,7 @@ spec:
   imageRepositoryRef:
     name: image-repo
   filterTags:
+    ## use "pattern: '(?P<ts>.*)-.+'" if you copied the workflow example using github.run_number
     pattern: '^main-[a-f0-9]+-(?P<ts>[0-9]+)'
     extract: '$ts'
   policy:

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/fluxcd/pkg/ssh v0.0.5
 	github.com/fluxcd/pkg/untar v0.0.5
 	github.com/fluxcd/pkg/version v0.0.1
-	github.com/fluxcd/source-controller/api v0.12.0
+	github.com/fluxcd/source-controller/api v0.12.1
 	github.com/go-git/go-git/v5 v5.1.0
 	github.com/google/go-containerregistry v0.2.0
 	github.com/manifoldco/promptui v0.7.0

go.sum

@@ -212,8 +212,9 @@ github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7g
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
 github.com/fluxcd/pkg/version v0.0.1 h1:/8asQoDXSThz3csiwi4Qo8Zb6blAxLXbtxNgeMJ9bCg=
 github.com/fluxcd/pkg/version v0.0.1/go.mod h1:WAF4FEEA9xyhngF8TDxg3UPu5fA1qhEYV8Pmi2Il01Q=
-github.com/fluxcd/source-controller/api v0.12.0 h1:ATzWCIXE96Q1iOHElzM0V4xCVEn95QLKpOSmVLiY/lo=
 github.com/fluxcd/source-controller/api v0.12.0/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
+github.com/fluxcd/source-controller/api v0.12.1 h1:ubO3gwGaxnXwayJeDHpdsh96NXwOLpFcbLjZo/pqWCg=
+github.com/fluxcd/source-controller/api v0.12.1/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=

internal/flags/crds.go

@@ -0,0 +1,60 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flags
+
+import (
+	"fmt"
+	"strings"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+
+	"github.com/fluxcd/flux2/internal/utils"
+)
+
+var supportedCRDsPolicies = []string{
+	string(helmv2.Skip),
+	string(helmv2.Create),
+	string(helmv2.CreateReplace),
+}
+
+type CRDsPolicy string
+
+func (a *CRDsPolicy) String() string {
+	return string(*a)
+}
+
+func (a *CRDsPolicy) Set(str string) error {
+	if strings.TrimSpace(str) == "" {
+		return fmt.Errorf("no upgrade CRDs policy given, must be one of: %s",
+			strings.Join(supportedCRDsPolicies, ", "))
+	}
+	if !utils.ContainsItemString(supportedCRDsPolicies, str) {
+		return fmt.Errorf("unsupported upgrade CRDs policy '%s', must be one of: %s",
+			str, strings.Join(supportedCRDsPolicies, ", "))
+
+	}
+	*a = CRDsPolicy(str)
+	return nil
+}
+
+func (a *CRDsPolicy) Type() string {
+	return "crds"
+}
+
+func (a *CRDsPolicy) Description() string {
+	return fmt.Sprintf("upgrade CRDs policy, available options are: (%s)", strings.Join(supportedCRDsPolicies, ", "))
+}

internal/flags/crds_test.go

@@ -0,0 +1,45 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flags
+
+import (
+	"testing"
+)
+
+func TestCRDsPolicy_Set(t *testing.T) {
+	tests := []struct {
+		name      string
+		str       string
+		expect    string
+		expectErr bool
+	}{
+		{"supported", "CreateReplace", "CreateReplace", false},
+		{"unsupported", "createreplace", "", true},
+		{"empty", "", "", true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var a CRDsPolicy
+			if err := a.Set(tt.str); (err != nil) != tt.expectErr {
+				t.Errorf("Set() error = %v, expectErr %v", err, tt.expectErr)
+			}
+			if str := a.String(); str != tt.expect {
+				t.Errorf("Set() = %v, expect %v", str, tt.expect)
+			}
+		})
+	}
+}

manifests/bases/source-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.12.0/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.12.1/source-controller.crds.yaml
-- https://github.com/fluxcd/source-controller/releases/download/v0.12.0/source-controller.deployment.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.12.1/source-controller.deployment.yaml
 - account.yaml
 patchesJson6902:
 - target:

manifests/crds/kustomization.yaml

@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.12.0/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.12.1/source-controller.crds.yaml
 - https://github.com/fluxcd/kustomize-controller/releases/download/v0.11.1/kustomize-controller.crds.yaml
 - https://github.com/fluxcd/helm-controller/releases/download/v0.10.0/helm-controller.crds.yaml
 - https://github.com/fluxcd/notification-controller/releases/download/v0.13.0/notification-controller.crds.yaml