events: avoid having to keep individal kind maps

Signed-off-by: Hidde Beydals <hidde@hhh.computer>

.github/workflows/e2e-arm64.yaml

@@ -16,14 +16,15 @@ jobs:
     strategy:
       matrix:
         # Keep this list up-to-date with https://endoflife.date/kubernetes
-        KUBERNETES_VERSION: [ 1.23.13, 1.24.7, 1.25.3 ]
+        # Check which versions are available on DockerHub with 'crane ls kindest/node'
+        KUBERNETES_VERSION: [ 1.24.7, 1.25.3, 1.26.0 ]
     steps:
       - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Prepare
         id: prep
         run: |

.github/workflows/e2e-azure.yaml

@@ -15,18 +15,18 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Restore Go cache
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
+        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go1.18-
+            ${{ runner.os }}-go1.20-
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Setup Flux CLI
         run: |
           make build

.github/workflows/e2e-bootstrap.yaml

@@ -16,25 +16,29 @@ jobs:
     if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
       - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Restore Go cache
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
+        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go1.18-
+            ${{ runner.os }}-go1.20-
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Setup Kubernetes
-        uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0
+        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0
         with:
-          version: v0.16.0
+          version: v0.17.0
-          image: kindest/node:v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace
+          cluster_name: kind
+          # The versions below should target the newest Kubernetes version
+          # Keep this up-to-date with https://endoflife.date/kubernetes
+          node_image: kindest/node:v1.26.0
+          kubectl_version: v1.26.2
       - name: Setup Kustomize
-        uses: fluxcd/pkg//actions/kustomize@main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Build
         run: |
           make cmd/flux/.manifests.done
@@ -47,7 +51,7 @@ jobs:
           COMMIT_SHA=$(git rev-parse HEAD)
           PSEUDO_RAND_SUFFIX=$(echo "${BRANCH_NAME}-${COMMIT_SHA}" | shasum | awk '{print $1}')
           TEST_REPO_NAME="${REPOSITORY_NAME}-${PSEUDO_RAND_SUFFIX}"
-          echo "::set-output name=test_repo_name::$TEST_REPO_NAME"
+          echo "test_repo_name=$TEST_REPO_NAME" >> $GITHUB_OUTPUT
       - name: bootstrap init
         run: |
           /tmp/flux bootstrap github --manifests ./manifests/install/ \
@@ -84,13 +88,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
           GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
           GITHUB_ORG_NAME: fluxcd-testing
-      - name: libgit2
-        run: |
-          /tmp/flux create source git test-libgit2 \
-          --url=ssh://git@github.com/fluxcd-testing/${{ steps.vars.outputs.test_repo_name }} \
-          --git-implementation=libgit2 \
-          --secret-ref=flux-system \
-          --branch=main
       - name: uninstall
         run: |
           /tmp/flux uninstall -s --keep-namespace

.github/workflows/e2e.yaml

@@ -20,30 +20,34 @@ jobs:
           - 5000:5000
     steps:
       - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Restore Go cache
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
+        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go1.18-
+            ${{ runner.os }}-go1.20-
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Setup Kubernetes
-        uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0
+        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0
         with:
-          version: v0.11.1
+          version: v0.17.0
-          image: kindest/node:v1.23.13
+          cluster_name: kind
           config: .github/kind/config.yaml # disable KIND-net
+          # The versions below should target the newest Kubernetes version
+          # Keep this up-to-date with https://endoflife.date/kubernetes
+          node_image: kindest/node:v1.26.0
+          kubectl_version: v1.26.2
       - name: Setup Calico for network policy
         run: |
-          kubectl apply -f https://docs.projectcalico.org/v3.20/manifests/calico.yaml
+          kubectl apply -f https://docs.projectcalico.org/v3.25/manifests/calico.yaml
           kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
       - name: Setup Kustomize
-        uses: fluxcd/pkg//actions/kustomize@main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Run tests
         run: make test
       - name: Run e2e tests
@@ -77,21 +81,14 @@ jobs:
         run: |
           /tmp/flux create source git podinfo \
             --url https://github.com/stefanprodan/podinfo  \
-            --tag-semver=">=3.2.3"
+            --tag-semver=">=6.3.5"
       - name: flux create source git export apply
         run: |
           /tmp/flux create source git podinfo-export \
             --url https://github.com/stefanprodan/podinfo  \
-            --tag-semver=">=3.2.3" \
+            --tag-semver=">=6.3.5" \
             --export | kubectl apply -f -
           /tmp/flux delete source git podinfo-export --silent
-      - name: flux create source git libgit2 semver
-        run: |
-          /tmp/flux create source git podinfo-libgit2 \
-            --url https://github.com/stefanprodan/podinfo  \
-            --tag-semver=">=3.2.3" \
-            --git-implementation=libgit2
-          /tmp/flux delete source git podinfo-libgit2 --silent
       - name: flux get sources git
         run: |
           /tmp/flux get sources git
@@ -146,7 +143,7 @@ jobs:
             --target-namespace=default \
             --source=HelmRepository/podinfo.flux-system \
             --chart=podinfo \
-            --chart-version=">4.0.0 <5.0.0"
+            --chart-version=">6.0.0 <7.0.0"
       - name: flux create helmrelease --source=GitRepository/podinfo
         run: |
           /tmp/flux create hr podinfo-git \
@@ -182,7 +179,7 @@ jobs:
           /tmp/flux push artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
             --path="./manifests" \
             --source="${{ github.repositoryUrl }}" \
-            --revision="${{ github.ref }}/${{ github.sha }}"
+            --revision="${{ github.ref }}@sha1:${{ github.sha }}"
           /tmp/flux tag artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
             --tag latest
           /tmp/flux list artifacts oci://localhost:5000/fluxcd/flux
@@ -190,11 +187,11 @@ jobs:
         run: |
           /tmp/flux create source oci podinfo-oci \
             --url oci://ghcr.io/stefanprodan/manifests/podinfo \
-            --tag-semver 6.1.x \
+            --tag-semver 6.3.x \
             --interval 10m
           /tmp/flux create kustomization podinfo-oci \
             --source=OCIRepository/podinfo-oci \
-            --path="./kustomize" \
+            --path="./" \
             --prune=true \
             --interval=5m \
             --target-namespace=default \
@@ -215,7 +212,7 @@ jobs:
           /tmp/flux -n apps create hr podinfo-helm \
             --source=HelmRepository/podinfo \
             --chart=podinfo \
-            --chart-version="5.0.x" \
+            --chart-version="6.3.x" \
             --service-account=dev-team
       - name: flux2-kustomize-helm-example
         run: |

.github/workflows/release.yaml

@@ -16,32 +16,32 @@ jobs:
       packages: write # needed for ghcr access
     steps:
       - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Unshallow
         run: git fetch --prune --unshallow
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325  # v2
+        uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7  # v2.4.1
       - name: Setup Syft
-        uses: anchore/sbom-action/download-syft@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1
+        uses: anchore/sbom-action/download-syft@07978da4bdb4faa726e52dfc6b1bed63d4b56479 # v0.13.3
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
+        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
       - name: Setup Kustomize
-        uses: fluxcd/pkg//actions/kustomize@main
+        uses: fluxcd/pkg/actions/kustomize@main
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Login to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a  # v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a  # v2.1.0
         with:
           username: fluxcdbot
           password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
@@ -54,7 +54,7 @@ jobs:
         run: |
           kustomize build manifests/crds > all-crds.yaml
       - name: Generate OpenAPI JSON schemas from CRDs
-        uses: fluxcd/pkg//actions/crdjsonschema@main
+        uses: fluxcd/pkg/actions/crdjsonschema@main
         with:
           crd: all-crds.yaml
           output: schemas
@@ -73,7 +73,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v3
+        uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
         with:
           version: latest
           args: release --release-notes=output/notes.md --skip-validate
@@ -88,7 +88,7 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Setup Kustomize
         uses: fluxcd/pkg/actions/kustomize@main
       - name: Setup Flux CLI
@@ -97,15 +97,15 @@ jobs:
         id: prep
         run: |
           VERSION=$(flux version --client | awk '{ print $NF }')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
       - name: Login to GHCR
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Login to DockerHub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           username: fluxcdbot
           password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
@@ -117,10 +117,10 @@ jobs:
           --export > ./ghcr.io/flux-system/gotk-components.yaml
           
           cd ./ghcr.io && flux push artifact \
-          oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
+          oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
           --path="./flux-system" \
           --source=${{ github.repositoryUrl }} \
-          --revision="${{ github.ref_name }}/${{ github.sha }}"
+          --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
       - name: Push manifests to DockerHub
         run: |
           mkdir -p ./docker.io/flux-system
@@ -129,21 +129,21 @@ jobs:
           --export > ./docker.io/flux-system/gotk-components.yaml
           
           cd ./docker.io && flux push artifact \
-          oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
+          oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
           --path="./flux-system" \
           --source=${{ github.repositoryUrl }} \
-          --revision="${{ github.ref_name }}/${{ github.sha }}"
+          --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
-      - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
+      - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
       - name: Sign manifests
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
-          cosign sign ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }}
+          cosign sign --yes ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }}
-          cosign sign docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }}
+          cosign sign --yes docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }}
       - name: Tag manifests
         run: |
-          flux tag artifact oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
+          flux tag artifact oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
           --tag latest
 
-          flux tag artifact oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
+          flux tag artifact oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
           --tag latest

.github/workflows/scan.yaml

@@ -17,9 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     if: github.actor != 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Run FOSSA scan and upload build data
-        uses: fossa-contrib/fossa-action@6cffaa064112e1cf9b5798c6224f9487dc1ec316 # v1
+        uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
         with:
           # FOSSA Push-Only API Token
           fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
@@ -31,21 +31,26 @@ jobs:
       security-events: write
     if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Setup Kustomize
-        uses: fluxcd/pkg//actions/kustomize@main
+        uses: fluxcd/pkg/actions/kustomize@main
-      - name: Build manifests
+      - name: Setup Go
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        with:
+          go-version: 1.20.x
+      - name: Download modules and build manifests
         run: |
+          make tidy
           make cmd/flux/.manifests.done
-      - name: Run Snyk to check for vulnerabilities
+      - uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
-        uses: snyk/actions/golang@1cc9026f51d822442cb4b872d8d7ead8cc69a018 # v0.3.0
+      - name:  Run Snyk to check for vulnerabilities
         continue-on-error: true
+        run: |
+          snyk test --sarif-file-output=snyk.sarif
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --sarif-file-output=snyk.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
+        uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5
         with:
           sarif_file: snyk.sarif
 
@@ -56,16 +61,16 @@ jobs:
     if: github.actor != 'dependabot[bot]'
     steps:
       - name: Checkout repository
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
+        uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5
         with:
           languages: go
       - name: Autobuild
-        uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
+        uses: github/codeql-action/autobuild@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
+        uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5

.github/workflows/update.yaml

@@ -18,15 +18,15 @@ jobs:
       pull-requests: write
     steps:
       - name: Check out code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Update component versions
         id: update
         run: |
-          PR_BODY=""
+          PR_BODY=$(mktemp)
 
           bump_version() {
             local LATEST_VERSION=$(curl -s https://api.github.com/repos/fluxcd/$1/releases | jq -r 'sort_by(.published_at) | .[-1] | .tag_name')
@@ -53,7 +53,8 @@ jobs:
             fi
 
             if [[ "$changed" == true ]]; then
-              PR_BODY="$PR_BODY- $1 to ${LATEST_VERSION}%0A  https://github.com/fluxcd/$1/blob/${LATEST_VERSION}/CHANGELOG.md%0A"
+              echo "- $1 to ${LATEST_VERSION}" >> $PR_BODY
+              echo "  https://github.com/fluxcd/$1/blob/${LATEST_VERSION}/CHANGELOG.md" >> $PR_BODY
             fi
           }
 
@@ -70,12 +71,17 @@ jobs:
             git diff
 
             # export PR_BODY for PR and commit
-            echo "::set-output name=pr_body::$PR_BODY"
+            # NB: this may look strange but it is the way it should be done to
+            # maintain our precious newlines
+            # Ref: https://github.com/github/docs/issues/21529
+            echo 'pr_body<<EOF' >> $GITHUB_OUTPUT
+            cat $PR_BODY >> $GITHUB_OUTPUT
+            echo 'EOF' >> $GITHUB_OUTPUT
           }
 
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4
+        uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
         with:
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
           commit-message: |

.goreleaser.yml

@@ -65,6 +65,7 @@ signs:
     certificate: '${artifact}.pem'
     args:
       - sign-blob
+      - "--yes"
       - '--output-certificate=${certificate}'
       - '--output-signature=${signature}'
       - '${artifact}'
@@ -175,6 +176,7 @@ docker_signs:
       - COSIGN_EXPERIMENTAL=1
     args:
       - sign
+      - "--yes"
       - '${artifact}'
     artifacts: all
     output: true

CONTRIBUTING.md

@@ -67,7 +67,7 @@ for source changes.
 
 Prerequisites:
 
-* go >= 1.19
+* go >= 1.20
 * kubectl >= 1.20
 * kustomize >= 4.4
 * coreutils (on Mac OS)

Dockerfile

@@ -1,15 +1,15 @@
-FROM alpine:3.16 as builder
+FROM alpine:3.17 as builder
 
 RUN apk add --no-cache ca-certificates curl
 
 ARG ARCH=linux/amd64
-ARG KUBECTL_VER=1.25.4
+ARG KUBECTL_VER=1.26.2
 
 RUN curl -sL https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/${ARCH}/kubectl \
     -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
     kubectl version --client=true
 
-FROM alpine:3.16 as flux-cli
+FROM alpine:3.17 as flux-cli
 
 RUN apk add --no-cache ca-certificates
 

Makefile

@@ -17,8 +17,8 @@ rwildcard=$(foreach d,$(wildcard $(addsuffix *,$(1))),$(call rwildcard,$(d)/,$(2
 all: test build
 
 tidy:
-	go mod tidy -compat=1.19
+	go mod tidy -compat=1.20
-	cd tests/azure && go mod tidy -compat=1.19
+	cd tests/azure && go mod tidy -compat=1.20
 
 fmt:
 	go fmt ./...

action/README.md

@@ -35,6 +35,20 @@ You can download a specific version with:
           version: 0.32.0
 ```
 
+You can also authenticate against the GitHub API using GitHub Actions' `GITHUB_TOKEN` secret.
+
+For more information, please [read about the GitHub token secret](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret).
+
+```yaml
+    steps:
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+This is useful if you are seeing failures on shared runners, those failures are usually API limits being hit.
+
 ### Automate Flux updates
 
 Example workflow for updating Flux's components generated with `flux bootstrap --path=clusters/production`:
@@ -47,12 +61,16 @@ on:
   schedule:
     - cron: "0 * * * *"
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   components:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Setup Flux CLI
         uses: fluxcd/flux2/action@main
       - name: Check for updates
@@ -62,9 +80,9 @@ jobs:
             --export > ./clusters/production/flux-system/gotk-components.yaml
 
           VERSION="$(flux -v)"
-          echo "::set-output name=flux_version::$VERSION"
+          echo "flux_version=$VERSION" >> $GITHUB_OUTPUT
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v4
         with:
             token: ${{ secrets.GITHUB_TOKEN }}
             branch: update-flux
@@ -114,24 +132,31 @@ jobs:
           flux push artifact $OCI_REPO:$(git rev-parse --short HEAD) \
             --path="./deploy" \
             --source="$(git config --get remote.origin.url)" \
-            --revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+            --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
       - name: Deploy manifests to staging
         run: |
           flux tag artifact $OCI_REPO:$(git rev-parse --short HEAD) --tag staging
 ```
 
-Example workflow for publishing Kubernetes manifests bundled as OCI artifacts to Docker Hub:
+### Push and sign Kubernetes manifests to container registries
+
+Example workflow for publishing Kubernetes manifests bundled as OCI artifacts
+which are signed with Cosign and GitHub OIDC:
 
 ```yaml
-name: push-artifact-production
+name: push-sign-artifact
 
 on:
   push:
-    tags:
+    branches:
-      - '*'
+      - 'main'
+
+permissions:
+  packages: write # needed for ghcr.io access
+  id-token: write # needed for keyless signing
 
 env:
-  OCI_REPO: "oci://docker.io/my-org/app-config"
+  OCI_REPO: "oci://ghcr.io/my-org/manifests/${{ github.event.repository.name }}"
 
 jobs:
   kubernetes:
@@ -141,23 +166,24 @@ jobs:
         uses: actions/checkout@v3
       - name: Setup Flux CLI
         uses: fluxcd/flux2/action@main
-      - name: Login to Docker Hub
+      - name: Setup Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Login to GHCR
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
+          registry: ghcr.io
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          username: ${{ github.actor }}
-      - name: Generate manifests
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push and sign manifests
         run: |
-          kustomize build ./manifests/production > ./deploy/app.yaml
+          digest_url=$(flux push artifact \
-      - name: Push manifests
+          $OCI_REPO:$(git rev-parse --short HEAD) \
-        run: |
+          --path="./manifests" \
-          flux push artifact $OCI_REPO:$(git tag --points-at HEAD) \
+          --source="$(git config --get remote.origin.url)" \
-            --path="./deploy" \
+          --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" |\
-            --source="$(git config --get remote.origin.url)" \
+          jq -r '. | .repository + "@" + .digest')
-            --revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
+
-      - name: Deploy manifests to production
+          cosign sign $digest_url
-        run: |
-          flux tag artifact $OCI_REPO:$(git tag --points-at HEAD) --tag production
 ```
 
 ### End-to-end testing
@@ -177,7 +203,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Setup Flux CLI
         uses: fluxcd/flux2/action@main
       - name: Setup Kubernetes Kind

action/action.yml

@@ -15,6 +15,9 @@ inputs:
   bindir:
     description: "Optional location of the Flux binary. Will not use sudo if set. Updates System Path."
     required: false
+  token:
+    description: "GitHub Token used to authentication against the API (generally only needed to prevent quota limit errors)"
+    required: false
 runs:
   using: composite
   steps:
@@ -23,20 +26,29 @@ runs:
       run: |
         ARCH=${{ inputs.arch }}
         VERSION=${{ inputs.version }}
+        TOKEN=${{ inputs.token }}
 
-        if [ -z $VERSION ]; then
+        if [ -z "${VERSION}" ]; then
-          VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
+          if [ -n "${TOKEN}" ]; then
+            VERSION_SLUG=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest --silent --location --header "Authorization: token ${TOKEN}" | grep tag_name)
+          else
+            # With no GITHUB_TOKEN you will experience occasional failures due to rate limiting
+            # Ref: https://github.com/fluxcd/flux2/issues/3509#issuecomment-1400820992
+            VERSION_SLUG=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest --silent --location | grep tag_name)
+          fi
+
+          VERSION=$(echo "${VERSION_SLUG}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
         fi
 
         BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_${ARCH}.tar.gz"
-        curl -sL ${BIN_URL} -o /tmp/flux.tar.gz
+        curl --silent --fail --location "${BIN_URL}" --output /tmp/flux.tar.gz
         mkdir -p /tmp/flux
         tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz
     - name: "Copy Flux binary to execute location"
       shell: bash
       run: |
         BINDIR=${{ inputs.bindir }}
-        if [ -z $BINDIR ]; then
+        if [ -z "${BINDIR}" ]; then
           sudo cp /tmp/flux/flux /usr/local/bin
         else
           cp /tmp/flux/flux "${BINDIR}"

cmd/flux/alert.go

@@ -19,7 +19,7 @@ package main
 import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 // notificationv1.Alert

cmd/flux/alert_provider.go

@@ -19,7 +19,7 @@ package main
 import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 // notificationv1.Provider

cmd/flux/bootstrap.go

@@ -31,13 +31,13 @@ import (
 
 var bootstrapCmd = &cobra.Command{
 	Use:   "bootstrap",
-	Short: "Bootstrap toolkit components",
+	Short: "Deploy Flux on a cluster the GitOps way.",
-	Long:  "The bootstrap sub-commands bootstrap the toolkit components on the targeted Git provider.",
+	Long: `The bootstrap sub-commands push the Flux manifests to a Git repository
+and deploy Flux on the cluster.`,
 }
 
 type bootstrapFlags struct {
 	version  string
-	arch     flags.Arch
 	logLevel flags.LogLevel
 
 	branch            string
@@ -91,9 +91,9 @@ func init() {
 		"list of components in addition to those supplied or defaulted, accepts values such as 'image-reflector-controller,image-automation-controller'")
 
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "ghcr.io/fluxcd",
-		"container registry where the toolkit images are published")
+		"container registry where the Flux controller images are published")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.imagePullSecret, "image-pull-secret", "",
-		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+		"Kubernetes secret name used for pulling the controller images from a private registry")
 
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.branch, "branch", bootstrapDefaultBranch, "Git branch")
 	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.recurseSubmodules, "recurse-submodules", false,
@@ -102,15 +102,15 @@ func init() {
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.manifestsPath, "manifests", "", "path to the manifest directory")
 
 	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.watchAllNamespaces, "watch-all-namespaces", true,
-		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
+		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the Flux controllers are installed")
 	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.networkPolicy, "network-policy", true,
-		"deny ingress access to the toolkit controllers from other namespaces using network policies")
+		"setup Kubernetes network policies to deny ingress access to the Flux controllers from other namespaces")
 	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.tokenAuth, "token-auth", false,
-		"when enabled, the personal access token will be used instead of SSH deploy key")
+		"when enabled, the personal access token will be used instead of the SSH deploy key")
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.logLevel, "log-level", bootstrapArgs.logLevel.Description())
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.clusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.tolerationKeys, "toleration-keys", nil,
-		"list of toleration keys used to schedule the components pods onto nodes with matching taints")
+		"list of toleration keys used to schedule the controller pods onto nodes with matching taints")
 
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.secretName, "secret-name", rootArgs.defaults.Namespace, "name of the secret the sync credentials can be found in or stored to")
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyAlgorithm, "ssh-key-algorithm", bootstrapArgs.keyAlgorithm.Description())
@@ -129,8 +129,6 @@ func init() {
 
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.commitMessageAppendix, "commit-message-appendix", "", "string to add to the commit messages, e.g. '[ci skip]'")
 
-	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.arch, "arch", bootstrapArgs.arch.Description())
-	bootstrapCmd.PersistentFlags().MarkDeprecated("arch", "multi-arch container image is now available for AMD64, ARMv7 and ARM64")
 	bootstrapCmd.PersistentFlags().MarkHidden("manifests")
 
 	rootCmd.AddCommand(bootstrapCmd)

cmd/flux/bootstrap_bitbucket_server.go

@@ -38,29 +38,26 @@ import (
 
 var bootstrapBServerCmd = &cobra.Command{
 	Use:   "bitbucket-server",
-	Short: "Bootstrap toolkit components in a Bitbucket Server repository",
+	Short: "Deploy Flux on a cluster connected to a Bitbucket Server repository",
 	Long: `The bootstrap bitbucket-server command creates the Bitbucket Server repository if it doesn't exists and
-commits the toolkit components manifests to the master branch.
+commits the Flux manifests to the master branch.
 Then it configures the target cluster to synchronize with the repository.
-If the toolkit components are present on the cluster,
+If the Flux components are present on the cluster,
 the bootstrap command will perform an upgrade if needed.`,
 	Example: `  # Create a Bitbucket Server API token and export it as an env var
   export BITBUCKET_TOKEN=<my-token>
 
   # Run bootstrap for a private repository using HTTPS token authentication
-  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth --path=clusters/my-cluster
 
   # Run bootstrap for a private repository using SSH authentication
-  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain>
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --path=clusters/my-cluster
-
-  # Run bootstrap for a repository path
-  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --path=dev-cluster --hostname=<domain>
 
   # Run bootstrap for a public repository on a personal account
-  flux bootstrap bitbucket-server --owner=<user> --repository=<repository name> --private=false --personal --hostname=<domain> --token-auth
+  flux bootstrap bitbucket-server --owner=<user> --repository=<repository name> --private=false --personal --hostname=<domain> --token-auth --path=clusters/my-cluster
 
   # Run bootstrap for a an existing repository with a branch named main
-  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --branch=main --hostname=<domain> --token-auth`,
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --branch=main --hostname=<domain> --token-auth --path=clusters/my-cluster`,
 	RunE: bootstrapBServerCmdRun,
 }
 
@@ -247,7 +244,6 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
 		Secret:            bootstrapArgs.secretName,
 		TargetPath:        bServerArgs.path.ToSlash(),
 		ManifestFile:      sync.MakeDefaultOptions().ManifestFile,
-		GitImplementation: sourceGitArgs.gitImplementation.String(),
 		RecurseSubmodules: bootstrapArgs.recurseSubmodules,
 	}
 

cmd/flux/bootstrap_git.go

@@ -41,31 +41,31 @@ import (
 
 var bootstrapGitCmd = &cobra.Command{
 	Use:   "git",
-	Short: "Bootstrap toolkit components in a Git repository",
+	Short: "Deploy Flux on a cluster connected to a Git repository",
-	Long: `The bootstrap git command commits the toolkit components manifests to the
+	Long: `The bootstrap git command commits the Flux manifests to the
-branch of a Git repository. It then configures the target cluster to synchronize with
+branch of a Git repository. And then it configures the target cluster to synchronize with
-the repository. If the toolkit components are present on the cluster, the bootstrap
+that repository. If the Flux components are present on the cluster, the bootstrap
 command will perform an upgrade if needed.`,
 	Example: `  # Run bootstrap for a Git repository and authenticate with your SSH agent
-  flux bootstrap git --url=ssh://git@example.com/repository.git
+  flux bootstrap git --url=ssh://git@example.com/repository.git --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository and authenticate using a password
-  flux bootstrap git --url=https://example.com/repository.git --password=<password>
+  flux bootstrap git --url=https://example.com/repository.git --password=<password> --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository and authenticate using a password from environment variable
-  GIT_PASSWORD=<password> && flux bootstrap git --url=https://example.com/repository.git
+  GIT_PASSWORD=<password> && flux bootstrap git --url=https://example.com/repository.git --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository with a passwordless private key
-  flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key>
+  flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository with a private key and password
-  flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --password=<password>
+  flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --password=<password> --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository on AWS CodeCommit
-  flux bootstrap git --url=ssh://<SSH-Key-ID>@git-codecommit.<region>.amazonaws.com/v1/repos/<repository> --private-key-file=<path/to/private.key> --password=<SSH-passphrase>
+  flux bootstrap git --url=ssh://<SSH-Key-ID>@git-codecommit.<region>.amazonaws.com/v1/repos/<repository> --private-key-file=<path/to/private.key> --password=<SSH-passphrase> --path=clusters/my-cluster
 
   # Run bootstrap for a Git repository on Azure Devops
-  flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096
+  flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster
 `,
 	RunE: bootstrapGitCmdRun,
 }
@@ -93,7 +93,7 @@ func init() {
 	bootstrapGitCmd.Flags().StringVarP(&gitArgs.username, "username", "u", "git", "basic authentication username")
 	bootstrapGitCmd.Flags().StringVarP(&gitArgs.password, "password", "p", "", "basic authentication password")
 	bootstrapGitCmd.Flags().BoolVarP(&gitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
-	bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows http git url connections")
+	bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows insecure HTTP connections")
 
 	bootstrapCmd.AddCommand(bootstrapGitCmd)
 }
@@ -271,7 +271,6 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 		Secret:            bootstrapArgs.secretName,
 		TargetPath:        gitArgs.path.ToSlash(),
 		ManifestFile:      sync.MakeDefaultOptions().ManifestFile,
-		GitImplementation: sourceGitArgs.gitImplementation.String(),
 		RecurseSubmodules: bootstrapArgs.recurseSubmodules,
 	}
 

cmd/flux/bootstrap_github.go

@@ -38,38 +38,35 @@ import (
 
 var bootstrapGitHubCmd = &cobra.Command{
 	Use:   "github",
-	Short: "Bootstrap toolkit components in a GitHub repository",
+	Short: "Deploy Flux on a cluster connected to a GitHub repository",
 	Long: `The bootstrap github command creates the GitHub repository if it doesn't exists and
-commits the toolkit components manifests to the main branch.
+commits the Flux manifests to the specified branch.
-Then it configures the target cluster to synchronize with the repository.
+Then it configures the target cluster to synchronize with that repository.
-If the toolkit components are present on the cluster,
+If the Flux components are present on the cluster,
 the bootstrap command will perform an upgrade if needed.`,
 	Example: `  # Create a GitHub personal access token and export it as an env var
   export GITHUB_TOKEN=<my-token>
 
   # Run bootstrap for a private repository owned by a GitHub organization
-  flux bootstrap github --owner=<organization> --repository=<repository name>
+  flux bootstrap github --owner=<organization> --repository=<repository name> --path=clusters/my-cluster
 
   # Run bootstrap for a private repository and assign organization teams to it
-  flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug> --team=<team2 slug>
+  flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug> --team=<team2 slug> --path=clusters/my-cluster
 
   # Run bootstrap for a private repository and assign organization teams with their access level(e.g maintain, admin) to it
-  flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug>:<access-level>
+  flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug>:<access-level> --path=clusters/my-cluster
-
-  # Run bootstrap for a repository path
-  flux bootstrap github --owner=<organization> --repository=<repository name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  flux bootstrap github --owner=<user> --repository=<repository name> --private=false --personal=true
+  flux bootstrap github --owner=<user> --repository=<repository name> --private=false --personal=true --path=clusters/my-cluster
 
   # Run bootstrap for a private repository hosted on GitHub Enterprise using SSH auth
-  flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --ssh-hostname=<domain>
+  flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --ssh-hostname=<domain> --path=clusters/my-cluster
 
   # Run bootstrap for a private repository hosted on GitHub Enterprise using HTTPS auth
-  flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --token-auth
+  flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --token-auth --path=clusters/my-cluster
 
   # Run bootstrap for an existing repository with a branch named main
-  flux bootstrap github --owner=<organization> --repository=<repository name> --branch=main`,
+  flux bootstrap github --owner=<organization> --repository=<repository name> --branch=main --path=clusters/my-cluster`,
 	RunE: bootstrapGitHubCmdRun,
 }
 
@@ -233,7 +230,6 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		Secret:            bootstrapArgs.secretName,
 		TargetPath:        githubArgs.path.ToSlash(),
 		ManifestFile:      sync.MakeDefaultOptions().ManifestFile,
-		GitImplementation: sourceGitArgs.gitImplementation.String(),
 		RecurseSubmodules: bootstrapArgs.recurseSubmodules,
 	}
 

cmd/flux/bootstrap_gitlab.go

@@ -40,11 +40,11 @@ import (
 
 var bootstrapGitLabCmd = &cobra.Command{
 	Use:   "gitlab",
-	Short: "Bootstrap toolkit components in a GitLab repository",
+	Short: "Deploy Flux on a cluster connected to a GitLab repository",
 	Long: `The bootstrap gitlab command creates the GitLab repository if it doesn't exists and
-commits the toolkit components manifests to the master branch.
+commits the Flux manifests to the specified branch.
-Then it configures the target cluster to synchronize with the repository.
+Then it configures the target cluster to synchronize with that repository.
-If the toolkit components are present on the cluster,
+If the Flux components are present on the cluster,
 the bootstrap command will perform an upgrade if needed.`,
 	Example: `  # Create a GitLab API token and export it as an env var
   export GITLAB_TOKEN=<my-token>
@@ -250,7 +250,6 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		Secret:            bootstrapArgs.secretName,
 		TargetPath:        gitlabArgs.path.ToSlash(),
 		ManifestFile:      sync.MakeDefaultOptions().ManifestFile,
-		GitImplementation: sourceGitArgs.gitImplementation.String(),
 		RecurseSubmodules: bootstrapArgs.recurseSubmodules,
 	}
 

cmd/flux/build_artifact_test.go

@@ -54,7 +54,7 @@ data:
 			tmpFile, err := saveReaderToFile(strings.NewReader(tt.string))
 			g.Expect(err).To(BeNil())
 
-			defer os.Remove(tmpFile)
+			t.Cleanup(func() { _ = os.Remove(tmpFile) })
 
 			b, err := os.ReadFile(tmpFile)
 			if tt.expectErr {

cmd/flux/build_kustomization_test.go

@@ -171,8 +171,7 @@ spec:
 	if err != nil {
 		t.Fatal(err)
 	}
-
+	t.Cleanup(func() { _ = os.Remove("./testdata/build-kustomization/podinfo.yaml") })
-	defer os.Remove("./testdata/build-kustomization/podinfo.yaml")
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

cmd/flux/check.go

@@ -242,8 +242,9 @@ func crdsCheck() bool {
 		}
 
 		for _, crd := range list.Items {
-			if len(crd.Status.StoredVersions) > 0 {
+			versions := crd.Status.StoredVersions
-				logger.Successf(crd.Name + "/" + crd.Status.StoredVersions[0])
+			if len(versions) > 0 {
+				logger.Successf(crd.Name + "/" + versions[len(versions)-1])
 			} else {
 				ok = false
 				logger.Failuref("no stored versions for %s", crd.Name)

cmd/flux/completion_powershell.go

@@ -34,12 +34,12 @@ To configure your powershell shell to load completions for each session add to y
 Windows:
 
 cd "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
-flux completion >> flux-completion.ps1
+flux completion powershell >> flux-completion.ps1
 
 Linux:
 
 cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
-flux completion >> flux-completions.ps1`,
+flux completion powershell >> flux-completions.ps1`,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenPowerShellCompletion(os.Stdout)
 	},

cmd/flux/create_alert.go

@@ -28,7 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/utils"

cmd/flux/create_alertprovider.go

@@ -28,7 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/utils"

cmd/flux/create_helmrelease.go

@@ -200,7 +200,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if helmReleaseArgs.kubeConfigSecretRef != "" {
-		helmRelease.Spec.KubeConfig = &helmv2.KubeConfig{
+		helmRelease.Spec.KubeConfig = &meta.KubeConfigReference{
 			SecretRef: meta.SecretKeyReference{
 				Name: helmReleaseArgs.kubeConfigSecretRef,
 			},

cmd/flux/create_image_policy.go

@@ -28,7 +28,7 @@ import (
 
 	"github.com/fluxcd/pkg/apis/meta"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var createImagePolicyCmd = &cobra.Command{

cmd/flux/create_image_repository.go

@@ -26,7 +26,7 @@ import (
 
 	"github.com/fluxcd/pkg/apis/meta"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var createImageRepositoryCmd = &cobra.Command{

cmd/flux/create_receiver.go

@@ -28,7 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/utils"

cmd/flux/create_source_git.go

@@ -55,7 +55,6 @@ type sourceGitFlags struct {
 	keyRSABits        flags.RSAKeyBits
 	keyECDSACurve     flags.ECDSACurve
 	secretRef         string
-	gitImplementation flags.GitImplementation
 	caFile            string
 	privateKeyFile    string
 	recurseSubmodules bool
@@ -136,7 +135,6 @@ func init() {
 	createSourceGitCmd.Flags().Var(&sourceGitArgs.keyRSABits, "ssh-rsa-bits", sourceGitArgs.keyRSABits.Description())
 	createSourceGitCmd.Flags().Var(&sourceGitArgs.keyECDSACurve, "ssh-ecdsa-curve", sourceGitArgs.keyECDSACurve.Description())
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.secretRef, "secret-ref", "", "the name of an existing secret containing SSH or basic credentials")
-	createSourceGitCmd.Flags().Var(&sourceGitArgs.gitImplementation, "git-implementation", sourceGitArgs.gitImplementation.Description())
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
 	createSourceGitCmd.Flags().BoolVar(&sourceGitArgs.recurseSubmodules, "recurse-submodules", false,
@@ -178,10 +176,6 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("specifying a CA file is not supported for Git over SSH")
 	}
 
-	if sourceGitArgs.recurseSubmodules && sourceGitArgs.gitImplementation == sourcev1.LibGit2Implementation {
-		return fmt.Errorf("recurse submodules requires --git-implementation=%s", sourcev1.GoGitImplementation)
-	}
-
 	tmpDir, err := os.MkdirTemp("", name)
 	if err != nil {
 		return err
@@ -220,10 +214,6 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		gitRepository.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
 	}
 
-	if sourceGitArgs.gitImplementation != "" {
-		gitRepository.Spec.GitImplementation = sourceGitArgs.gitImplementation.String()
-	}
-
 	if sourceGitArgs.semver != "" {
 		gitRepository.Spec.Reference.SemVer = sourceGitArgs.semver
 	} else if sourceGitArgs.tag != "" {

cmd/flux/create_source_oci_test.go

@@ -38,12 +38,12 @@ func TestCreateSourceOCI(t *testing.T) {
 		},
 		{
 			name:       "export manifest",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.1.6 --interval 10m --export",
+			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --interval 10m --export",
 			assertFunc: assertGoldenFile("./testdata/oci/export.golden"),
 		},
 		{
 			name:       "export manifest with secret",
-			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.1.6 --interval 10m --secret-ref=creds --export",
+			args:       "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --interval 10m --secret-ref=creds --export",
 			assertFunc: assertGoldenFile("./testdata/oci/export_with_secret.golden"),
 		},
 	}

cmd/flux/delete_alert.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var deleteAlertCmd = &cobra.Command{

cmd/flux/delete_alertprovider.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var deleteAlertProviderCmd = &cobra.Command{

cmd/flux/delete_image_policy.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var deleteImagePolicyCmd = &cobra.Command{

cmd/flux/delete_image_repository.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var deleteImageRepositoryCmd = &cobra.Command{

cmd/flux/delete_receiver.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var deleteReceiverCmd = &cobra.Command{

cmd/flux/diff_kustomization_test.go

@@ -109,7 +109,9 @@ func TestDiffKustomization(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if tt.objectFile != "" {
-				resourceManager.ApplyAll(context.Background(), createObjectFromFile(tt.objectFile, tmpl, t), ssa.DefaultApplyOptions())
+				if _, err := resourceManager.ApplyAll(context.Background(), createObjectFromFile(tt.objectFile, tmpl, t), ssa.DefaultApplyOptions()); err != nil {
+					t.Error(err)
+				}
 			}
 			cmd := cmdTestCase{
 				args:   tt.args + " -n " + tmpl["fluxns"],

cmd/flux/events.go

@@ -0,0 +1,499 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/fields"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/duration"
+	"k8s.io/apimachinery/pkg/watch"
+	runtimeresource "k8s.io/cli-runtime/pkg/resource"
+	cmdutil "k8s.io/kubectl/pkg/cmd/util"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/printers"
+)
+
+var eventsCmd = &cobra.Command{
+	Use:   "events",
+	Short: "Display Kubernetes events for Flux resources",
+	Long:  "The events sub-command shows Kubernetes events from Flux resources",
+	Example: ` # Display events for flux resources in default namespace
+	flux events -n default
+	
+	# Display events for flux resources in all namespaces
+	flux events -A
+
+	# Display events for flux resources
+	flux events --for Kustomization/podinfo
+`,
+	RunE: eventsCmdRun,
+}
+
+type eventFlags struct {
+	allNamespaces bool
+	watch         bool
+	forSelector   string
+	filterTypes   []string
+}
+
+var eventArgs eventFlags
+
+func init() {
+	eventsCmd.Flags().BoolVarP(&eventArgs.allNamespaces, "all-namespaces", "A", false,
+		"display events from Flux resources across all namespaces")
+	eventsCmd.Flags().BoolVarP(&eventArgs.watch, "watch", "w", false,
+		"indicate if the events should be streamed")
+	eventsCmd.Flags().StringVar(&eventArgs.forSelector, "for", "",
+		"get events for a particular object")
+	eventsCmd.Flags().StringSliceVar(&eventArgs.filterTypes, "types", []string{}, "filter events for certain types")
+	rootCmd.AddCommand(eventsCmd)
+}
+
+func eventsCmdRun(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+
+	kubeclient, err := utils.KubeClient(kubeconfigArgs, kubeclientOptions)
+	if err != nil {
+		return err
+	}
+
+	namespace := *kubeconfigArgs.Namespace
+	if eventArgs.allNamespaces {
+		namespace = ""
+	}
+
+	var diffRefNs bool
+	clientListOpts := getListOpt(namespace, eventArgs.forSelector)
+	var refListOpts [][]client.ListOption
+	if eventArgs.forSelector != "" {
+		refs, err := getObjectRef(ctx, kubeclient, eventArgs.forSelector, *kubeconfigArgs.Namespace)
+		if err != nil {
+			return err
+		}
+
+		for _, ref := range refs {
+			kind, name, refNs := utils.ParseObjectKindNameNamespace(ref)
+			if refNs != namespace {
+				diffRefNs = true
+			}
+			refSelector := fmt.Sprintf("%s/%s", kind, name)
+			refListOpts = append(refListOpts, getListOpt(refNs, refSelector))
+		}
+	}
+
+	showNamespace := namespace == "" || diffRefNs
+	if eventArgs.watch {
+		return eventsCmdWatchRun(ctx, kubeclient, clientListOpts, refListOpts, showNamespace)
+	}
+
+	rows, err := getRows(ctx, kubeclient, clientListOpts, refListOpts, showNamespace)
+	if len(rows) == 0 {
+		if eventArgs.allNamespaces {
+			logger.Failuref("No events found.")
+		} else {
+			logger.Failuref("No events found in %s namespace.", *kubeconfigArgs.Namespace)
+		}
+
+		return nil
+	}
+	headers := getHeaders(showNamespace)
+	err = printers.TablePrinter(headers).Print(cmd.OutOrStdout(), rows)
+	return err
+}
+
+func getRows(ctx context.Context, kubeclient client.Client, clientListOpts []client.ListOption, refListOpts [][]client.ListOption, showNs bool) ([][]string, error) {
+	el := &corev1.EventList{}
+	if err := addEventsToList(ctx, kubeclient, el, clientListOpts); err != nil {
+		return nil, err
+	}
+
+	for _, refOpts := range refListOpts {
+		if err := addEventsToList(ctx, kubeclient, el, refOpts); err != nil {
+			return nil, err
+		}
+	}
+
+	sort.Sort(SortableEvents(el.Items))
+
+	var rows [][]string
+	for _, item := range el.Items {
+		if ignoreEvent(item) {
+			continue
+		}
+		rows = append(rows, getEventRow(item, showNs))
+	}
+
+	return rows, nil
+}
+
+func addEventsToList(ctx context.Context, kubeclient client.Client, el *corev1.EventList, clientListOpts []client.ListOption) error {
+	listOpts := &metav1.ListOptions{}
+	err := runtimeresource.FollowContinue(listOpts,
+		func(options metav1.ListOptions) (runtime.Object, error) {
+			newEvents := &corev1.EventList{}
+			err := kubeclient.List(ctx, newEvents, clientListOpts...)
+			if err != nil {
+				return nil, fmt.Errorf("error getting events: %w", err)
+			}
+			el.Items = append(el.Items, newEvents.Items...)
+			return newEvents, nil
+		})
+
+	return err
+}
+
+func getListOpt(namespace, selector string) []client.ListOption {
+	clientListOpts := []client.ListOption{client.Limit(cmdutil.DefaultChunkSize), client.InNamespace(namespace)}
+	if selector != "" {
+		kind, name := utils.ParseObjectKindName(selector)
+		sel := fields.AndSelectors(
+			fields.OneTermEqualSelector("involvedObject.kind", kind),
+			fields.OneTermEqualSelector("involvedObject.name", name))
+		clientListOpts = append(clientListOpts, client.MatchingFieldsSelector{Selector: sel})
+	}
+
+	return clientListOpts
+}
+
+func eventsCmdWatchRun(ctx context.Context, kubeclient client.WithWatch, listOpts []client.ListOption, refListOpts [][]client.ListOption, showNs bool) error {
+	event := &corev1.EventList{}
+	eventWatch, err := kubeclient.Watch(ctx, event, listOpts...)
+	if err != nil {
+		return err
+	}
+
+	firstIteration := true
+
+	handleEvent := func(e watch.Event) error {
+		if e.Type == watch.Deleted {
+			return nil
+		}
+
+		event, ok := e.Object.(*corev1.Event)
+		if !ok {
+			return nil
+		}
+		if ignoreEvent(*event) {
+			return nil
+		}
+		rows := getEventRow(*event, showNs)
+		var hdr []string
+		if firstIteration {
+			hdr = getHeaders(showNs)
+			firstIteration = false
+		}
+		err = printers.TablePrinter(hdr).Print(os.Stdout, [][]string{rows})
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+
+	for _, refOpts := range refListOpts {
+		refEventWatch, err := kubeclient.Watch(ctx, event, refOpts...)
+		if err != nil {
+			return err
+		}
+		go func() {
+			err := receiveEventChan(ctx, refEventWatch, handleEvent)
+			if err != nil {
+				logger.Failuref("error watching events: %s", err.Error())
+			}
+		}()
+	}
+
+	return receiveEventChan(ctx, eventWatch, handleEvent)
+}
+
+func receiveEventChan(ctx context.Context, eventWatch watch.Interface, f func(e watch.Event) error) error {
+	defer eventWatch.Stop()
+	for {
+		select {
+		case e, ok := <-eventWatch.ResultChan():
+			if !ok {
+				return nil
+			}
+			err := f(e)
+			if err != nil {
+				return err
+			}
+		case <-ctx.Done():
+			return nil
+		}
+	}
+}
+
+func getHeaders(showNs bool) []string {
+	headers := []string{"Last seen", "Type", "Reason", "Object", "Message"}
+	if showNs {
+		headers = append(namespaceHeader, headers...)
+	}
+
+	return headers
+}
+
+func getEventRow(e corev1.Event, showNs bool) []string {
+	var row []string
+	if showNs {
+		row = []string{e.Namespace}
+	}
+	row = append(row, getLastSeen(e), e.Type, e.Reason, fmt.Sprintf("%s/%s", e.InvolvedObject.Kind, e.InvolvedObject.Name), e.Message)
+
+	return row
+}
+
+// getObjectRef is used to get the metadata of a resource that the selector(in the format <kind/name>) references.
+// It returns an empty string if the resource doesn't reference any resource
+// and a string with the format `<kind>/<name>.<namespace>` if it does.
+func getObjectRef(ctx context.Context, kubeclient client.Client, selector string, ns string) ([]string, error) {
+	kind, name := utils.ParseObjectKindName(selector)
+	ref, err := fluxKindMap.getRefInfo(kind)
+	if err != nil {
+		return nil, fmt.Errorf("error getting groupversion: %w", err)
+	}
+
+	// the resource has no source ref
+	if len(ref.field) == 0 {
+		return nil, nil
+	}
+
+	obj := &unstructured.Unstructured{}
+	obj.SetGroupVersionKind(schema.GroupVersionKind{
+		Kind:    kind,
+		Version: ref.gv.Version,
+		Group:   ref.gv.Group,
+	})
+	objName := types.NamespacedName{
+		Namespace: ns,
+		Name:      name,
+	}
+
+	err = kubeclient.Get(ctx, objName, obj)
+	if err != nil {
+		return nil, err
+	}
+
+	var ok bool
+	refKind := ref.kind
+	if refKind == "" {
+		kindField := append(ref.field, "kind")
+		refKind, ok, err = unstructured.NestedString(obj.Object, kindField...)
+		if err != nil {
+			return nil, err
+		}
+		if !ok {
+			return nil, fmt.Errorf("field '%s' for '%s' not found", strings.Join(kindField, "."), objName)
+		}
+	}
+
+	nameField := append(ref.field, "name")
+	refName, ok, err := unstructured.NestedString(obj.Object, nameField...)
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return nil, fmt.Errorf("field '%s' for '%s' not found", strings.Join(nameField, "."), objName)
+	}
+
+	var allRefs []string
+	refNamespace := ns
+	if ref.crossNamespaced {
+		namespaceField := append(ref.field, "namespace")
+		namespace, ok, err := unstructured.NestedString(obj.Object, namespaceField...)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			refNamespace = namespace
+		}
+	}
+
+	allRefs = append(allRefs, fmt.Sprintf("%s/%s.%s", refKind, refName, refNamespace))
+	if ref.otherRefs != nil {
+		for _, otherRef := range ref.otherRefs(ns, name) {
+			allRefs = append(allRefs, fmt.Sprintf("%s.%s", otherRef, refNamespace))
+		}
+	}
+	return allRefs, nil
+}
+
+type refMap map[string]refInfo
+
+func (r refMap) getRefInfo(kind string) (refInfo, error) {
+	for key, ref := range r {
+		if strings.EqualFold(key, kind) {
+			return ref, nil
+		}
+	}
+	return refInfo{}, fmt.Errorf("'%s' is not a recognized Flux kind", kind)
+}
+
+func (r refMap) hasKind(kind string) bool {
+	_, err := r.getRefInfo(kind)
+	return err == nil
+}
+
+type refInfo struct {
+	gv              schema.GroupVersion
+	kind            string
+	crossNamespaced bool
+	otherRefs       func(namespace, name string) []string
+	field           []string
+}
+
+var fluxKindMap = refMap{
+	kustomizev1.KustomizationKind: {
+		gv:              kustomizev1.GroupVersion,
+		crossNamespaced: true,
+		field:           []string{"spec", "sourceRef"},
+	},
+	helmv2.HelmReleaseKind: {
+		gv:              helmv2.GroupVersion,
+		crossNamespaced: true,
+		otherRefs: func(namespace, name string) []string {
+			return []string{fmt.Sprintf("%s/%s-%s", sourcev1.HelmChartKind, namespace, name)}
+		},
+		field: []string{"spec", "chart", "spec", "sourceRef"},
+	},
+	notificationv1.AlertKind: {
+		gv:              notificationv1.GroupVersion,
+		kind:            notificationv1.ProviderKind,
+		crossNamespaced: false,
+		field:           []string{"spec", "providerRef"},
+	},
+	notificationv1.ReceiverKind: {gv: notificationv1.GroupVersion},
+	notificationv1.ProviderKind: {gv: notificationv1.GroupVersion},
+	imagev1.ImagePolicyKind: {
+		gv:              imagev1.GroupVersion,
+		kind:            imagev1.ImageRepositoryKind,
+		crossNamespaced: true,
+		field:           []string{"spec", "imageRepositoryRef"},
+	},
+	sourcev1.GitRepositoryKind:       {gv: sourcev1.GroupVersion},
+	sourcev1.OCIRepositoryKind:       {gv: sourcev1.GroupVersion},
+	sourcev1.BucketKind:              {gv: sourcev1.GroupVersion},
+	sourcev1.HelmRepositoryKind:      {gv: sourcev1.GroupVersion},
+	sourcev1.HelmChartKind:           {gv: sourcev1.GroupVersion},
+	autov1.ImageUpdateAutomationKind: {gv: autov1.GroupVersion},
+	imagev1.ImageRepositoryKind:      {gv: imagev1.GroupVersion},
+}
+
+func ignoreEvent(e corev1.Event) bool {
+	if !fluxKindMap.hasKind(e.InvolvedObject.Kind) {
+		return true
+	}
+
+	if len(eventArgs.filterTypes) > 0 {
+		_, equal := utils.ContainsEqualFoldItemString(eventArgs.filterTypes, e.Type)
+		if !equal {
+			return true
+		}
+	}
+
+	return false
+}
+
+// The functions below are copied from: https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/events/events.go#L347
+
+// SortableEvents implements sort.Interface for []api.Event by time
+type SortableEvents []corev1.Event
+
+func (list SortableEvents) Len() int {
+	return len(list)
+}
+
+func (list SortableEvents) Swap(i, j int) {
+	list[i], list[j] = list[j], list[i]
+}
+
+// Return the time that should be used for sorting, which can come from
+// various places in corev1.Event.
+func eventTime(event corev1.Event) time.Time {
+	if event.Series != nil {
+		return event.Series.LastObservedTime.Time
+	}
+	if !event.LastTimestamp.Time.IsZero() {
+		return event.LastTimestamp.Time
+	}
+	return event.EventTime.Time
+}
+
+func (list SortableEvents) Less(i, j int) bool {
+	return eventTime(list[i]).Before(eventTime(list[j]))
+}
+
+func getLastSeen(e corev1.Event) string {
+	var interval string
+	firstTimestampSince := translateMicroTimestampSince(e.EventTime)
+	if e.EventTime.IsZero() {
+		firstTimestampSince = translateTimestampSince(e.FirstTimestamp)
+	}
+	if e.Series != nil {
+		interval = fmt.Sprintf("%s (x%d over %s)", translateMicroTimestampSince(e.Series.LastObservedTime), e.Series.Count, firstTimestampSince)
+	} else if e.Count > 1 {
+		interval = fmt.Sprintf("%s (x%d over %s)", translateTimestampSince(e.LastTimestamp), e.Count, firstTimestampSince)
+	} else {
+		interval = firstTimestampSince
+	}
+
+	return interval
+}
+
+// translateMicroTimestampSince returns the elapsed time since timestamp in
+// human-readable approximation.
+func translateMicroTimestampSince(timestamp metav1.MicroTime) string {
+	if timestamp.IsZero() {
+		return "<unknown>"
+	}
+
+	return duration.HumanDuration(time.Since(timestamp.Time))
+}
+
+// translateTimestampSince returns the elapsed time since timestamp in
+// human-readable approximation.
+func translateTimestampSince(timestamp metav1.Time) string {
+	if timestamp.IsZero() {
+		return "<unknown>"
+	}
+
+	return duration.HumanDuration(time.Since(timestamp.Time))
+}

cmd/flux/events_test.go

@@ -0,0 +1,411 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/fluxcd/flux2/internal/utils"
+	helmv2beta1 "github.com/fluxcd/helm-controller/api/v2beta1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
+	eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1"
+	"github.com/fluxcd/pkg/ssa"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/fields"
+	"k8s.io/apimachinery/pkg/runtime"
+	cmdutil "k8s.io/kubectl/pkg/cmd/util"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+var objects = `
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  path: ./infrastructure/
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: podinfo
+  namespace: default
+spec:
+  interval: 5m0s
+  path: ./infrastructure/
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  timeout: 1m0s
+  url: ssh://git@github.com/example/repo
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: podinfo
+  namespace: default
+spec:
+  chart:
+    spec:
+      chart: podinfo
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+        namespace: flux-system
+      version: '*'
+  interval: 5m0s
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  url: https://stefanprodan.github.io/podinfo
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmChart
+metadata:
+  name: default-podinfo
+  namespace: flux-system
+spec:
+  chart: podinfo
+  interval: 1m0s
+  reconcileStrategy: ChartVersion
+  sourceRef:
+    kind: HelmRepository
+    name: podinfo-chart
+  version: '*'
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
+kind: Alert
+metadata:
+  name: webapp
+  namespace: flux-system
+spec:
+  eventSeverity: info
+  eventSources:
+  - kind: GitRepository
+    name: '*'
+  providerRef:
+    name: slack
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
+kind: Provider
+metadata:
+  name: slack
+  namespace: flux-system
+spec:
+  address: https://hooks.slack.com/services/mock
+  type: slack
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta2
+kind: ImagePolicy
+metadata:
+  name: podinfo
+  namespace: default
+spec:
+  imageRepositoryRef:
+    name: acr-podinfo
+    namespace: flux-system
+  policy:
+    semver:
+      range: 5.0.x
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system`
+
+func Test_getObjectRef(t *testing.T) {
+	g := NewWithT(t)
+	objs, err := ssa.ReadObjects(strings.NewReader(objects))
+	g.Expect(err).To(Not(HaveOccurred()))
+
+	builder := fake.NewClientBuilder().WithScheme(getScheme())
+	for _, obj := range objs {
+		builder = builder.WithObjects(obj)
+	}
+	c := builder.Build()
+
+	tests := []struct {
+		name      string
+		selector  string
+		namespace string
+		want      []string
+		wantErr   bool
+	}{
+		{
+			name:      "Source Ref for Kustomization",
+			selector:  "Kustomization/flux-system",
+			namespace: "flux-system",
+			want:      []string{"GitRepository/flux-system.flux-system"},
+		},
+		{
+			name:      "Crossnamespace Source Ref for Kustomization",
+			selector:  "Kustomization/podinfo",
+			namespace: "default",
+			want:      []string{"GitRepository/flux-system.flux-system"},
+		},
+		{
+			name:      "Source Ref for HelmRelease",
+			selector:  "HelmRelease/podinfo",
+			namespace: "default",
+			want:      []string{"HelmRepository/podinfo.flux-system", "HelmChart/default-podinfo.flux-system"},
+		},
+		{
+			name:      "Source Ref for Alert",
+			selector:  "Alert/webapp",
+			namespace: "flux-system",
+			want:      []string{"Provider/slack.flux-system"},
+		},
+		{
+			name:      "Source Ref for ImagePolicy",
+			selector:  "ImagePolicy/podinfo",
+			namespace: "default",
+			want:      []string{"ImageRepository/acr-podinfo.flux-system"},
+		},
+		{
+			name:      "Empty Ref for Provider",
+			selector:  "Provider/slack",
+			namespace: "flux-system",
+			want:      nil,
+		},
+		{
+			name:     "Non flux resource",
+			selector: "Namespace/flux-system",
+			wantErr:  true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			got, err := getObjectRef(context.Background(), c, tt.selector, tt.namespace)
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+				return
+			}
+
+			g.Expect(err).To(Not(HaveOccurred()))
+			g.Expect(got).To(Equal(tt.want))
+		})
+	}
+}
+
+func Test_getRows(t *testing.T) {
+	g := NewWithT(t)
+	objs, err := ssa.ReadObjects(strings.NewReader(objects))
+	g.Expect(err).To(Not(HaveOccurred()))
+
+	builder := fake.NewClientBuilder().WithScheme(getScheme())
+	for _, obj := range objs {
+		builder = builder.WithObjects(obj)
+	}
+	eventList := &corev1.EventList{}
+	for _, obj := range objs {
+		infoEvent := createEvent(obj, eventv1.EventSeverityInfo, "Info Message", "Info Reason")
+		warningEvent := createEvent(obj, eventv1.EventSeverityError, "Error Message", "Error Reason")
+		eventList.Items = append(eventList.Items, infoEvent, warningEvent)
+	}
+	builder = builder.WithLists(eventList)
+	builder.WithIndex(&corev1.Event{}, "involvedObject.kind/name", kindNameIndexer)
+	c := builder.Build()
+
+	tests := []struct {
+		name        string
+		selector    string
+		refSelector string
+		namespace   string
+		refNs       string
+		expected    [][]string
+	}{
+		{
+			name:      "events from all namespaces",
+			selector:  "",
+			namespace: "",
+			expected: [][]string{
+				{"default", "<unknown>", "error", "Error Reason", "HelmRelease/podinfo", "Error Message"},
+				{"default", "<unknown>", "info", "Info Reason", "HelmRelease/podinfo", "Info Message"},
+				{"default", "<unknown>", "error", "Error Reason", "ImagePolicy/podinfo", "Error Message"},
+				{"default", "<unknown>", "info", "Info Reason", "ImagePolicy/podinfo", "Info Message"},
+				{"default", "<unknown>", "error", "Error Reason", "Kustomization/podinfo", "Error Message"},
+				{"default", "<unknown>", "info", "Info Reason", "Kustomization/podinfo", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "Alert/webapp", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "Alert/webapp", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "GitRepository/flux-system", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "GitRepository/flux-system", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "HelmChart/default-podinfo", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "HelmChart/default-podinfo", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "HelmRepository/podinfo", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "HelmRepository/podinfo", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "Kustomization/flux-system", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "Kustomization/flux-system", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "Provider/slack", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "Provider/slack", "Info Message"},
+			},
+		},
+		{
+			name:      "events from default namespaces",
+			selector:  "",
+			namespace: "default",
+			expected: [][]string{
+				{"<unknown>", "error", "Error Reason", "HelmRelease/podinfo", "Error Message"},
+				{"<unknown>", "info", "Info Reason", "HelmRelease/podinfo", "Info Message"},
+				{"<unknown>", "error", "Error Reason", "ImagePolicy/podinfo", "Error Message"},
+				{"<unknown>", "info", "Info Reason", "ImagePolicy/podinfo", "Info Message"},
+				{"<unknown>", "error", "Error Reason", "Kustomization/podinfo", "Error Message"},
+				{"<unknown>", "info", "Info Reason", "Kustomization/podinfo", "Info Message"},
+			},
+		},
+		{
+			name:      "Kustomization with crossnamespaced GitRepository",
+			selector:  "Kustomization/podinfo",
+			namespace: "default",
+			expected: [][]string{
+				{"default", "<unknown>", "error", "Error Reason", "Kustomization/podinfo", "Error Message"},
+				{"default", "<unknown>", "info", "Info Reason", "Kustomization/podinfo", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "GitRepository/flux-system", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "GitRepository/flux-system", "Info Message"},
+			},
+		},
+		{
+			name:      "HelmRelease with crossnamespaced HelmRepository",
+			selector:  "HelmRelease/podinfo",
+			namespace: "default",
+			expected: [][]string{
+				{"default", "<unknown>", "error", "Error Reason", "HelmRelease/podinfo", "Error Message"},
+				{"default", "<unknown>", "info", "Info Reason", "HelmRelease/podinfo", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "HelmRepository/podinfo", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "HelmRepository/podinfo", "Info Message"},
+				{"flux-system", "<unknown>", "error", "Error Reason", "HelmChart/default-podinfo", "Error Message"},
+				{"flux-system", "<unknown>", "info", "Info Reason", "HelmChart/default-podinfo", "Info Message"},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			var refs []string
+			var refNs, refKind, refName string
+			if tt.selector != "" {
+				refs, err = getObjectRef(context.Background(), c, tt.selector, tt.namespace)
+				g.Expect(err).To(Not(HaveOccurred()))
+			}
+
+			g.Expect(err).To(Not(HaveOccurred()))
+
+			clientOpts := getTestListOpt(tt.namespace, tt.selector)
+			var refOpts [][]client.ListOption
+			for _, ref := range refs {
+				refKind, refName, refNs = utils.ParseObjectKindNameNamespace(ref)
+				refSelector := fmt.Sprintf("%s/%s", refKind, refName)
+				refOpts = append(refOpts, getTestListOpt(refNs, refSelector))
+			}
+
+			showNs := tt.namespace == "" || (refNs != "" && refNs != tt.namespace)
+			rows, err := getRows(context.Background(), c, clientOpts, refOpts, showNs)
+			g.Expect(err).To(Not(HaveOccurred()))
+			g.Expect(rows).To(Equal(tt.expected))
+		})
+	}
+}
+
+func getTestListOpt(namespace, selector string) []client.ListOption {
+	clientListOpts := []client.ListOption{client.Limit(cmdutil.DefaultChunkSize), client.InNamespace(namespace)}
+	if selector != "" {
+		sel := fields.OneTermEqualSelector("involvedObject.kind/name", selector)
+		clientListOpts = append(clientListOpts, client.MatchingFieldsSelector{Selector: sel})
+	}
+
+	return clientListOpts
+}
+
+func getScheme() *runtime.Scheme {
+	newscheme := runtime.NewScheme()
+	corev1.AddToScheme(newscheme)
+	kustomizev1.AddToScheme(newscheme)
+	helmv2beta1.AddToScheme(newscheme)
+	notificationv1.AddToScheme(newscheme)
+	imagev1.AddToScheme(newscheme)
+	autov1.AddToScheme(newscheme)
+	sourcev1.AddToScheme(newscheme)
+
+	return newscheme
+}
+
+func createEvent(obj client.Object, eventType, msg, reason string) corev1.Event {
+	return corev1.Event{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: obj.GetNamespace(),
+			// name of event needs to be unique so fak
+			Name: obj.GetNamespace() + obj.GetNamespace() + obj.GetObjectKind().GroupVersionKind().Kind + eventType,
+		},
+		Reason:  reason,
+		Message: msg,
+		Type:    eventType,
+		InvolvedObject: corev1.ObjectReference{
+			Kind:      obj.GetObjectKind().GroupVersionKind().Kind,
+			Namespace: obj.GetNamespace(),
+			Name:      obj.GetName(),
+		},
+	}
+}
+
+func kindNameIndexer(obj client.Object) []string {
+	e, ok := obj.(*corev1.Event)
+	if !ok {
+		panic(fmt.Sprintf("Expected a Event, got %T", e))
+	}
+
+	return []string{fmt.Sprintf("%s/%s", e.InvolvedObject.Kind, e.InvolvedObject.Name)}
+}

cmd/flux/export_alert.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var exportAlertCmd = &cobra.Command{

cmd/flux/export_alertprovider.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var exportAlertProviderCmd = &cobra.Command{

cmd/flux/export_image_policy.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var exportImagePolicyCmd = &cobra.Command{

cmd/flux/export_image_repository.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var exportImageRepositoryCmd = &cobra.Command{

cmd/flux/export_receiver.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var exportReceiverCmd = &cobra.Command{

cmd/flux/export_test.go

@@ -8,78 +8,92 @@ import (
 )
 
 func TestExport(t *testing.T) {
+	namespace := allocateNamespace("flux-system")
+
+	objectFile := "testdata/export/objects.yaml"
+	tmpl := map[string]string{
+		"fluxns": namespace,
+	}
+	testEnv.CreateObjectFile(objectFile, tmpl, t)
+
 	cases := []struct {
 		name       string
 		arg        string
 		goldenFile string
+		tmpl       map[string]string
 	}{
 		{
 			"alert-provider",
 			"export alert-provider slack",
 			"testdata/export/provider.yaml",
+			tmpl,
 		},
 		{
 			"alert",
 			"export alert flux-system",
 			"testdata/export/alert.yaml",
+			tmpl,
 		},
 		{
 			"image policy",
 			"export image policy flux-system",
 			"testdata/export/image-policy.yaml",
+			tmpl,
 		},
 		{
 			"image repository",
 			"export image repository flux-system",
 			"testdata/export/image-repo.yaml",
+			tmpl,
 		},
 		{
 			"image update",
 			"export image update flux-system",
 			"testdata/export/image-update.yaml",
+			tmpl,
 		},
 		{
 			"source git",
 			"export source git flux-system",
 			"testdata/export/git-repo.yaml",
+			tmpl,
 		},
 		{
 			"source helm",
 			"export source helm flux-system",
 			"testdata/export/helm-repo.yaml",
+			tmpl,
 		},
 		{
 			"receiver",
 			"export receiver flux-system",
 			"testdata/export/receiver.yaml",
+			tmpl,
 		},
 		{
 			"kustomization",
 			"export kustomization flux-system",
 			"testdata/export/ks.yaml",
+			tmpl,
 		},
 		{
 			"helmrelease",
 			"export helmrelease flux-system",
 			"testdata/export/helm-release.yaml",
+			tmpl,
 		},
 		{
 			"bucket",
 			"export source bucket flux-system",
 			"testdata/export/bucket.yaml",
+			tmpl,
 		},
 	}
 
-	objectFile := "testdata/export/objects.yaml"
-	tmpl := map[string]string{
-		"fluxns": allocateNamespace("flux-system"),
-	}
-	testEnv.CreateObjectFile(objectFile, tmpl, t)
-
 	for _, tt := range cases {
 		t.Run(tt.name, func(t *testing.T) {
 			cmd := cmdTestCase{
-				args:   tt.arg + " -n=" + tmpl["fluxns"],
+				args:   tt.arg + " -n=" + namespace,
 				assert: assertGoldenTemplateFile(tt.goldenFile, tmpl),
 			}
 

cmd/flux/get.go

@@ -163,9 +163,16 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 
 	if get.list.len() == 0 {
 		if len(args) > 0 {
-			logger.Failuref("%s object '%s' not found in '%s' namespace", get.kind, args[0], *kubeconfigArgs.Namespace)
+			logger.Failuref("%s object '%s' not found in %s namespace",
+				get.kind,
+				args[0],
+				namespaceNameOrAny(getArgs.allNamespaces, *kubeconfigArgs.Namespace),
+			)
 		} else if !getAll {
-			logger.Failuref("no %s objects found in %s namespace", get.kind, *kubeconfigArgs.Namespace)
+			logger.Failuref("no %s objects found in %s namespace",
+				get.kind,
+				namespaceNameOrAny(getArgs.allNamespaces, *kubeconfigArgs.Namespace),
+			)
 		}
 		return nil
 	}
@@ -192,6 +199,13 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+func namespaceNameOrAny(allNamespaces bool, namespaceName string) string {
+	if allNamespaces {
+		return "any"
+	}
+	return fmt.Sprintf("%q", namespaceName)
+}
+
 func getRowsToPrint(getAll bool, list summarisable) ([][]string, error) {
 	noFilter := true
 	var conditionType, conditionStatus string

cmd/flux/get_alert.go

@@ -24,7 +24,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var getAlertCmd = &cobra.Command{

cmd/flux/get_alertprovider.go

@@ -22,7 +22,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var getAlertProviderCmd = &cobra.Command{

cmd/flux/get_all.go

@@ -23,7 +23,7 @@ import (
 
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var getAllCmd = &cobra.Command{

cmd/flux/get_image_all.go

@@ -22,7 +22,7 @@ import (
 	"github.com/spf13/cobra"
 
 	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var getImageAllCmd = &cobra.Command{

cmd/flux/get_image_policy.go

@@ -22,7 +22,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var getImagePolicyCmd = &cobra.Command{

cmd/flux/get_image_repository.go

@@ -25,7 +25,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var getImageRepositoryCmd = &cobra.Command{

cmd/flux/get_kustomization.go

@@ -18,15 +18,15 @@ package main
 
 import (
 	"fmt"
-	"regexp"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
 )
 
 var getKsCmd = &cobra.Command{
@@ -80,10 +80,8 @@ func (a kustomizationListAdapter) summariseItem(i int, includeNamespace bool, in
 	item := a.Items[i]
 	revision := item.Status.LastAppliedRevision
 	status, msg := statusAndMessage(item.Status.Conditions)
-	if status == string(metav1.ConditionTrue) {
+	revision = utils.TruncateHex(revision)
-		revision = shortenCommitSha(revision)
+	msg = utils.TruncateHex(msg)
-		msg = shortenCommitSha(msg)
-	}
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)), status, msg)
 }
@@ -100,13 +98,3 @@ func (a kustomizationListAdapter) statusSelectorMatches(i int, conditionType, co
 	item := a.Items[i]
 	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
 }
-
-func shortenCommitSha(msg string) string {
-	r := regexp.MustCompile("/([a-f0-9]{40})$")
-	sha := r.FindString(msg)
-	if sha != "" {
-		msg = strings.Replace(msg, sha, string([]rune(sha)[:8]), -1)
-	}
-
-	return msg
-}

cmd/flux/get_receiver.go

@@ -24,7 +24,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var getReceiverCmd = &cobra.Command{

cmd/flux/get_source_bucket.go

@@ -25,6 +25,8 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
 )
 
 var getSourceBucketCmd = &cobra.Command{
@@ -80,6 +82,8 @@ func (a *bucketListAdapter) summariseItem(i int, includeNamespace bool, includeK
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
+	revision = utils.TruncateHex(revision)
+	msg = utils.TruncateHex(msg)
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)), status, msg)
 }

cmd/flux/get_source_chart.go

@@ -25,6 +25,8 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
 )
 
 var getSourceHelmChartCmd = &cobra.Command{
@@ -80,6 +82,9 @@ func (a *helmChartListAdapter) summariseItem(i int, includeNamespace bool, inclu
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
+	// NB: do not shorten revision as it contains a SemVer
+	// Message may still contain reference of e.g. commit chart was build from
+	msg = utils.TruncateHex(msg)
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)), status, msg)
 }

cmd/flux/get_source_git.go

@@ -22,10 +22,11 @@ import (
 	"strings"
 
 	"github.com/spf13/cobra"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
 )
 
 var getSourceGitCmd = &cobra.Command{
@@ -81,10 +82,8 @@ func (a *gitRepositoryListAdapter) summariseItem(i int, includeNamespace bool, i
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
-	if status == string(metav1.ConditionTrue) {
+	revision = utils.TruncateHex(revision)
-		revision = shortenCommitSha(revision)
+	msg = utils.TruncateHex(msg)
-		msg = shortenCommitSha(msg)
-	}
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)), status, msg)
 }

cmd/flux/get_source_helm.go

@@ -25,6 +25,8 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
 )
 
 var getSourceHelmCmd = &cobra.Command{
@@ -80,6 +82,8 @@ func (a *helmRepositoryListAdapter) summariseItem(i int, includeNamespace bool,
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
+	revision = utils.TruncateHex(revision)
+	msg = utils.TruncateHex(msg)
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)), status, msg)
 }

cmd/flux/get_source_oci.go

@@ -25,6 +25,8 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+
+	"github.com/fluxcd/flux2/internal/utils"
 )
 
 var getSourceOCIRepositoryCmd = &cobra.Command{
@@ -80,6 +82,8 @@ func (a *ociRepositoryListAdapter) summariseItem(i int, includeNamespace bool, i
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
+	revision = utils.TruncateHex(revision)
+	msg = utils.TruncateHex(msg)
 	return append(nameColumns(&item, includeNamespace, includeKind),
 		revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)), status, msg)
 }

cmd/flux/helmrelease_test.go

@@ -22,51 +22,61 @@ package main
 import "testing"
 
 func TestHelmReleaseFromGit(t *testing.T) {
+	namespace := allocateNamespace("thrfg")
+	del, err := execSetupTestNamespace(namespace)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(del)
+
+	tmpl := map[string]string{"ns": namespace}
+
 	cases := []struct {
 		args       string
 		goldenFile string
+		tmpl       map[string]string
 	}{
 		{
-			"create source git thrfg --url=https://github.com/stefanprodan/podinfo --branch=main --tag=6.0.0",
+			"create source git thrfg --url=https://github.com/stefanprodan/podinfo --branch=main --tag=6.3.5",
 			"testdata/helmrelease/create_source_git.golden",
+			nil,
 		},
 		{
 			"create helmrelease thrfg --source=GitRepository/thrfg --chart=./charts/podinfo",
 			"testdata/helmrelease/create_helmrelease_from_git.golden",
+			nil,
 		},
 		{
 			"get helmrelease thrfg",
 			"testdata/helmrelease/get_helmrelease_from_git.golden",
+			nil,
 		},
 		{
 			"reconcile helmrelease thrfg --with-source",
 			"testdata/helmrelease/reconcile_helmrelease_from_git.golden",
+			tmpl,
 		},
 		{
 			"suspend helmrelease thrfg",
 			"testdata/helmrelease/suspend_helmrelease_from_git.golden",
+			tmpl,
 		},
 		{
 			"resume helmrelease thrfg",
 			"testdata/helmrelease/resume_helmrelease_from_git.golden",
+			tmpl,
 		},
 		{
 			"delete helmrelease thrfg --silent",
 			"testdata/helmrelease/delete_helmrelease_from_git.golden",
+			tmpl,
 		},
 	}
 
-	namespace := allocateNamespace("thrfg")
-	del, err := setupTestNamespace(namespace)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer del()
-
 	for _, tc := range cases {
 		cmd := cmdTestCase{
 			args:   tc.args + " -n=" + namespace,
-			assert: assertGoldenTemplateFile(tc.goldenFile, map[string]string{"ns": namespace}),
+			assert: assertGoldenTemplateFile(tc.goldenFile, tc.tmpl),
 		}
 		cmd.runTestCmd(t)
 	}

cmd/flux/image.go

@@ -20,7 +20,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 // These are general-purpose adapters for attaching methods to, for

cmd/flux/image_test.go

@@ -22,6 +22,13 @@ package main
 import "testing"
 
 func TestImageScanning(t *testing.T) {
+	namespace := allocateNamespace("tis")
+	del, err := execSetupTestNamespace(namespace)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(del)
+
 	cases := []struct {
 		args       string
 		goldenFile string
@@ -48,13 +55,6 @@ func TestImageScanning(t *testing.T) {
 		},
 	}
 
-	namespace := allocateNamespace("tis")
-	del, err := setupTestNamespace(namespace)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer del()
-
 	for _, tc := range cases {
 		cmd := cmdTestCase{
 			args:   tc.args + " -n=" + namespace,

cmd/flux/install.go

@@ -59,7 +59,6 @@ If a previous version is installed, then an in-place upgrade will be performed.`
 
 type installFlags struct {
 	export             bool
-	dryRun             bool
 	version            string
 	defaultComponents  []string
 	extraComponents    []string
@@ -69,7 +68,6 @@ type installFlags struct {
 	watchAllNamespaces bool
 	networkPolicy      bool
 	manifestsPath      string
-	arch               flags.Arch
 	logLevel           flags.LogLevel
 	tokenAuth          bool
 	clusterDomain      string
@@ -81,8 +79,6 @@ var installArgs = NewInstallFlags()
 func init() {
 	installCmd.Flags().BoolVar(&installArgs.export, "export", false,
 		"write the install manifests to stdout and exit")
-	installCmd.Flags().BoolVarP(&installArgs.dryRun, "dry-run", "", false,
-		"only print the object that would be applied")
 	installCmd.Flags().StringVarP(&installArgs.version, "version", "v", "",
 		"toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases")
 	installCmd.Flags().StringSliceVar(&installArgs.defaultComponents, "components", rootArgs.defaults.Components,
@@ -94,7 +90,6 @@ func init() {
 		"container registry where the toolkit images are published")
 	installCmd.Flags().StringVar(&installArgs.imagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
-	installCmd.Flags().Var(&installArgs.arch, "arch", installArgs.arch.Description())
 	installCmd.Flags().BoolVar(&installArgs.watchAllNamespaces, "watch-all-namespaces", rootArgs.defaults.WatchAllNamespaces,
 		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
 	installCmd.Flags().Var(&installArgs.logLevel, "log-level", installArgs.logLevel.Description())
@@ -104,8 +99,7 @@ func init() {
 	installCmd.Flags().StringSliceVar(&installArgs.tolerationKeys, "toleration-keys", nil,
 		"list of toleration keys used to schedule the components pods onto nodes with matching taints")
 	installCmd.Flags().MarkHidden("manifests")
-	installCmd.Flags().MarkDeprecated("arch", "multi-arch container image is now available for AMD64, ARMv7 and ARM64")
+
-	installCmd.Flags().MarkDeprecated("dry-run", "use 'flux install --export | kubectl apply --dry-run=client -f-'")
 	rootCmd.AddCommand(installCmd)
 }
 
@@ -189,11 +183,6 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("manifests build completed")
 	logger.Actionf("installing components in %s namespace", *kubeconfigArgs.Namespace)
 
-	if installArgs.dryRun {
-		logger.Successf("install dry-run finished")
-		return nil
-	}
-
 	applyOutput, err := utils.Apply(ctx, kubeconfigArgs, kubeclientOptions, tmpDir, filepath.Join(tmpDir, manifest.Path))
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)

cmd/flux/install_test.go

@@ -25,9 +25,7 @@ func TestInstall(t *testing.T) {
 	// Given that this test uses an invalid namespace, it ensures
 	// to restore whatever value it had previously.
 	currentNamespace := *kubeconfigArgs.Namespace
-	defer func() {
+	t.Cleanup(func() { *kubeconfigArgs.Namespace = currentNamespace })
-		*kubeconfigArgs.Namespace = currentNamespace
-	}()
 
 	tests := []struct {
 		name   string

cmd/flux/kustomization_test.go

@@ -22,51 +22,61 @@ package main
 import "testing"
 
 func TestKustomizationFromGit(t *testing.T) {
+	namespace := allocateNamespace("tkfg")
+	del, err := execSetupTestNamespace(namespace)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(del)
+
+	tmpl := map[string]string{"ns": namespace}
+
 	cases := []struct {
 		args       string
 		goldenFile string
+		tmpl       map[string]string
 	}{
 		{
-			"create source git tkfg --url=https://github.com/stefanprodan/podinfo --branch=main --tag=6.0.0",
+			"create source git tkfg --url=https://github.com/stefanprodan/podinfo --branch=main --tag=6.3.5",
 			"testdata/kustomization/create_source_git.golden",
+			nil,
 		},
 		{
 			"create kustomization tkfg --source=tkfg --path=./deploy/overlays/dev --prune=true --interval=5m --health-check=Deployment/frontend.dev --health-check=Deployment/backend.dev --health-check-timeout=3m",
 			"testdata/kustomization/create_kustomization_from_git.golden",
+			nil,
 		},
 		{
 			"get kustomization tkfg",
 			"testdata/kustomization/get_kustomization_from_git.golden",
+			nil,
 		},
 		{
 			"reconcile kustomization tkfg --with-source",
 			"testdata/kustomization/reconcile_kustomization_from_git.golden",
+			tmpl,
 		},
 		{
 			"suspend kustomization tkfg",
 			"testdata/kustomization/suspend_kustomization_from_git.golden",
+			tmpl,
 		},
 		{
 			"resume kustomization tkfg",
 			"testdata/kustomization/resume_kustomization_from_git.golden",
+			tmpl,
 		},
 		{
 			"delete kustomization tkfg --silent",
 			"testdata/kustomization/delete_kustomization_from_git.golden",
+			tmpl,
 		},
 	}
 
-	namespace := allocateNamespace("tkfg")
-	del, err := setupTestNamespace(namespace)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer del()
-
 	for _, tc := range cases {
 		cmd := cmdTestCase{
 			args:   tc.args + " -n=" + namespace,
-			assert: assertGoldenTemplateFile(tc.goldenFile, map[string]string{"ns": namespace}),
+			assert: assertGoldenTemplateFile(tc.goldenFile, tc.tmpl),
 		}
 		cmd.runTestCmd(t)
 	}

cmd/flux/main_e2e_test.go

@@ -65,7 +65,7 @@ func TestMain(m *testing.M) {
 	os.Exit(code)
 }
 
-func setupTestNamespace(namespace string) (func(), error) {
+func execSetupTestNamespace(namespace string) (func(), error) {
 	kubectlArgs := []string{"create", "namespace", namespace}
 	_, err := utils.ExecKubectlCommand(context.TODO(), utils.ModeStderrOS, *kubeconfigArgs.KubeConfig, *kubeconfigArgs.Context, kubectlArgs...)
 	if err != nil {

cmd/flux/push_artifact.go

@@ -18,12 +18,16 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+	reg "github.com/google/go-containerregistry/pkg/name"
 	"github.com/spf13/cobra"
+	"sigs.k8s.io/yaml"
 
 	oci "github.com/fluxcd/pkg/oci/client"
 )
@@ -38,26 +42,39 @@ The command can read the credentials from '~/.docker/config.json' but they can a
   flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
 
-  # Push manifests passed into stdin to GHCR
+  # Push and sign artifact with cosign
-  kustomize build . | flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) -p - \ 
+  digest_url = $(flux push artifact \
+	oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
+	--source="$(git config --get remote.origin.url)" \
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" \
+	--path="./path/to/local/manifest.yaml" \
+	--output json | \
+	jq -r '. | .repository + "@" + .digest')
+  cosign sign $digest_url
+
+  # Push manifests passed into stdin to GHCR and set custom OCI annotations
+  kustomize build . | flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) -f - \ 
     --source="$(git config --get remote.origin.url)" \
-    --revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+    --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" \
+    --annotations='org.opencontainers.image.licenses=Apache-2.0' \
+    --annotations='org.opencontainers.image.documentation=https://app.org/docs' \
+    --annotations='org.opencontainers.image.description=Production config.'
 
   # Push single manifest file to GHCR using the short Git SHA as the OCI artifact tag
   echo $GITHUB_PAT | docker login ghcr.io --username flux --password-stdin
   flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
 	--path="./path/to/local/manifest.yaml" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
 
   # Push manifests to Docker Hub using the Git tag as the OCI artifact tag
   echo $DOCKER_PAT | docker login --username flux --password-stdin
   flux push artifact oci://docker.io/org/app-config:$(git tag --points-at HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
+	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)"
 
   # Login directly to the registry provider
   # You might need to export the following variable if you use local config files for AWS:
@@ -65,14 +82,14 @@ The command can read the credentials from '~/.docker/config.json' but they can a
   flux push artifact oci://<account>.dkr.ecr.<region>.amazonaws.com/foo:v1:$(git tag --points-at HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)" \
+	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)" \
 	--provider aws
 
-  # Or pass credentials directly
+  # Login by passing credentials directly
   flux push artifact oci://docker.io/org/app-config:$(git tag --points-at HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)" \
+	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)" \
 	--creds flux:$DOCKER_PAT
 `,
 	RunE: pushArtifactCmdRun,
@@ -85,6 +102,8 @@ type pushArtifactFlags struct {
 	creds       string
 	provider    flags.SourceOCIProvider
 	ignorePaths []string
+	annotations []string
+	output      string
 }
 
 var pushArtifactArgs = newPushArtifactFlags()
@@ -96,12 +115,15 @@ func newPushArtifactFlags() pushArtifactFlags {
 }
 
 func init() {
-	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.path, "path", "", "path to the directory where the Kubernetes manifests are located")
+	pushArtifactCmd.Flags().StringVarP(&pushArtifactArgs.path, "path", "f", "", "path to the directory where the Kubernetes manifests are located")
 	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.source, "source", "", "the source address, e.g. the Git URL")
-	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.revision, "revision", "", "the source revision in the format '<branch|tag>/<commit-sha>'")
+	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.revision, "revision", "", "the source revision in the format '<branch|tag>@sha1:<commit-sha>'")
 	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format <username>[:<password>] if --provider is generic")
 	pushArtifactCmd.Flags().Var(&pushArtifactArgs.provider, "provider", pushArtifactArgs.provider.Description())
 	pushArtifactCmd.Flags().StringSliceVar(&pushArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format")
+	pushArtifactCmd.Flags().StringArrayVarP(&pushArtifactArgs.annotations, "annotations", "a", nil, "Set custom OCI annotations in the format '<key>=<value>'")
+	pushArtifactCmd.Flags().StringVarP(&pushArtifactArgs.output, "output", "o", "",
+		"the format in which the artifact digest should be printed, can be 'json' or 'yaml'")
 
 	pushCmd.AddCommand(pushArtifactCmd)
 }
@@ -143,9 +165,19 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("invalid path '%s', must point to an existing directory or file: %w", path, err)
 	}
 
+	annotations := map[string]string{}
+	for _, annotation := range pushArtifactArgs.annotations {
+		kv := strings.Split(annotation, "=")
+		if len(kv) != 2 {
+			return fmt.Errorf("invalid annotation %s, must be in the format key=value", annotation)
+		}
+		annotations[kv[0]] = kv[1]
+	}
+
 	meta := oci.Metadata{
-		Source:   pushArtifactArgs.source,
+		Source:      pushArtifactArgs.source,
-		Revision: pushArtifactArgs.revision,
+		Revision:    pushArtifactArgs.revision,
+		Annotations: annotations,
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
@@ -172,14 +204,54 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	logger.Actionf("pushing artifact to %s", url)
+	if pushArtifactArgs.output == "" {
+		logger.Actionf("pushing artifact to %s", url)
+	}
 
-	digest, err := ociClient.Push(ctx, url, path, meta, pushArtifactArgs.ignorePaths)
+	digestURL, err := ociClient.Push(ctx, url, path, meta, pushArtifactArgs.ignorePaths)
 	if err != nil {
 		return fmt.Errorf("pushing artifact failed: %w", err)
 	}
 
-	logger.Successf("artifact successfully pushed to %s", digest)
+	digest, err := reg.NewDigest(digestURL)
+	if err != nil {
+		return fmt.Errorf("artifact digest parsing failed: %w", err)
+	}
+
+	tag, err := reg.NewTag(url)
+	if err != nil {
+		return fmt.Errorf("artifact tag parsing failed: %w", err)
+	}
+
+	info := struct {
+		URL        string `json:"url"`
+		Repository string `json:"repository"`
+		Tag        string `json:"tag"`
+		Digest     string `json:"digest"`
+	}{
+		URL:        fmt.Sprintf("oci://%s", digestURL),
+		Repository: digest.Repository.Name(),
+		Tag:        tag.TagStr(),
+		Digest:     digest.DigestStr(),
+	}
+
+	switch pushArtifactArgs.output {
+	case "json":
+		marshalled, err := json.MarshalIndent(&info, "", "  ")
+		if err != nil {
+			return fmt.Errorf("artifact digest JSON conversion failed: %w", err)
+		}
+		marshalled = append(marshalled, "\n"...)
+		rootCmd.Print(string(marshalled))
+	case "yaml":
+		marshalled, err := yaml.Marshal(&info)
+		if err != nil {
+			return fmt.Errorf("artifact digest YAML conversion failed: %w", err)
+		}
+		rootCmd.Print(string(marshalled))
+	default:
+		logger.Successf("artifact successfully pushed to %s", digestURL)
+	}
 
 	return nil
 }

cmd/flux/receiver.go

@@ -19,7 +19,7 @@ package main
 import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 // notificationv1.Receiver

cmd/flux/reconcile.go

@@ -30,7 +30,7 @@ import (
 	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	"github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/utils"
@@ -111,7 +111,7 @@ func (reconcile reconcileCommand) run(cmd *cobra.Command, args []string) error {
 	}
 	logger.Successf("%s annotated", reconcile.kind)
 
-	if reconcile.kind == v1beta1.AlertKind || reconcile.kind == v1beta1.ReceiverKind {
+	if reconcile.kind == notificationv1.AlertKind || reconcile.kind == notificationv1.ReceiverKind {
 		if err = wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 			isReconcileReady(ctx, kubeClient, namespacedName, reconcile.object)); err != nil {
 			return err

cmd/flux/reconcile_alert.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var reconcileAlertCmd = &cobra.Command{

cmd/flux/reconcile_alertprovider.go

@@ -25,7 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/utils"

cmd/flux/reconcile_image_repository.go

@@ -21,7 +21,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var reconcileImageRepositoryCmd = &cobra.Command{

cmd/flux/reconcile_receiver.go

@@ -25,7 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/utils"

cmd/flux/resume_alert.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var resumeAlertCmd = &cobra.Command{

cmd/flux/resume_image_repository.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var resumeImageRepositoryCmd = &cobra.Command{

cmd/flux/resume_receiver.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var resumeReceiverCmd = &cobra.Command{

cmd/flux/source_oci_test.go

@@ -24,47 +24,56 @@ import (
 )
 
 func TestSourceOCI(t *testing.T) {
+	namespace := allocateNamespace("oci-test")
+	del, err := execSetupTestNamespace(namespace)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(del)
+
+	tmpl := map[string]string{"ns": namespace}
+
 	cases := []struct {
 		args       string
 		goldenFile string
+		tmpl       map[string]string
 	}{
 		{
-			"create source oci thrfg --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.1.6 --interval 10m",
+			"create source oci thrfg --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --interval 10m",
 			"testdata/oci/create_source_oci.golden",
+			nil,
 		},
 		{
 			"get source oci thrfg",
 			"testdata/oci/get_oci.golden",
+			nil,
 		},
 		{
 			"reconcile source oci thrfg",
 			"testdata/oci/reconcile_oci.golden",
+			tmpl,
 		},
 		{
 			"suspend source oci thrfg",
 			"testdata/oci/suspend_oci.golden",
+			tmpl,
 		},
 		{
 			"resume source oci thrfg",
 			"testdata/oci/resume_oci.golden",
+			tmpl,
 		},
 		{
 			"delete source oci thrfg --silent",
 			"testdata/oci/delete_oci.golden",
+			tmpl,
 		},
 	}
 
-	namespace := allocateNamespace("oci-test")
-	del, err := setupTestNamespace(namespace)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer del()
-
 	for _, tc := range cases {
 		cmd := cmdTestCase{
 			args:   tc.args + " -n=" + namespace,
-			assert: assertGoldenTemplateFile(tc.goldenFile, map[string]string{"ns": namespace}),
+			assert: assertGoldenTemplateFile(tc.goldenFile, tc.tmpl),
 		}
 		cmd.runTestCmd(t)
 	}

cmd/flux/stats.go

@@ -0,0 +1,219 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/printers"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"sigs.k8s.io/cli-utils/pkg/kstatus/status"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var statsCmd = &cobra.Command{
+	Use:   "stats",
+	Short: "Stats of Flux reconciles",
+	Long: `The stats command prints a report of Flux custom resources present on a cluster,
+including their reconcile status and the amount of cumulative storage used for each source type`,
+	Example: `  # Print the stats report for a namespace
+  flux stats --namespace default
+
+  #  Print the stats report for the whole cluster
+  flux stats -A`,
+	RunE: runStatsCmd,
+}
+
+type StatsFlags struct {
+	allNamespaces bool
+}
+
+var statsArgs StatsFlags
+
+func init() {
+	statsCmd.PersistentFlags().BoolVarP(&statsArgs.allNamespaces, "all-namespaces", "A", false,
+		"list the statistics for objects across all namespaces")
+	rootCmd.AddCommand(statsCmd)
+}
+
+func runStatsCmd(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+
+	kubeClient, err := utils.KubeClient(kubeconfigArgs, kubeclientOptions)
+	if err != nil {
+		return err
+	}
+
+	types := []metav1.GroupVersionKind{
+		{
+			Kind:    sourcev1.GitRepositoryKind,
+			Version: sourcev1.GroupVersion.Version,
+			Group:   sourcev1.GroupVersion.Group,
+		},
+		{
+			Kind:    sourcev1.OCIRepositoryKind,
+			Version: sourcev1.GroupVersion.Version,
+			Group:   sourcev1.GroupVersion.Group,
+		},
+		{
+			Kind:    sourcev1.HelmRepositoryKind,
+			Version: sourcev1.GroupVersion.Version,
+			Group:   sourcev1.GroupVersion.Group,
+		},
+		{
+			Kind:    sourcev1.HelmChartKind,
+			Version: sourcev1.GroupVersion.Version,
+			Group:   sourcev1.GroupVersion.Group,
+		},
+		{
+			Kind:    sourcev1.BucketKind,
+			Version: sourcev1.GroupVersion.Version,
+			Group:   sourcev1.GroupVersion.Group,
+		},
+		{
+			Kind:    kustomizev1.KustomizationKind,
+			Version: kustomizev1.GroupVersion.Version,
+			Group:   kustomizev1.GroupVersion.Group,
+		},
+		{
+			Kind:    helmv2.HelmReleaseKind,
+			Version: helmv2.GroupVersion.Version,
+			Group:   helmv2.GroupVersion.Group,
+		},
+		{
+			Kind:    notificationv1.AlertKind,
+			Version: notificationv1.GroupVersion.Version,
+			Group:   notificationv1.GroupVersion.Group,
+		},
+		{
+			Kind:    notificationv1.ProviderKind,
+			Version: notificationv1.GroupVersion.Version,
+			Group:   notificationv1.GroupVersion.Group,
+		},
+		{
+			Kind:    notificationv1.ReceiverKind,
+			Version: notificationv1.GroupVersion.Version,
+			Group:   notificationv1.GroupVersion.Group,
+		},
+		{
+			Kind:    autov1.ImageUpdateAutomationKind,
+			Version: autov1.GroupVersion.Version,
+			Group:   autov1.GroupVersion.Group,
+		},
+		{
+			Kind:    imagev1.ImagePolicyKind,
+			Version: imagev1.GroupVersion.Version,
+			Group:   imagev1.GroupVersion.Group,
+		},
+		{
+			Kind:    imagev1.ImageRepositoryKind,
+			Version: imagev1.GroupVersion.Version,
+			Group:   imagev1.GroupVersion.Group,
+		},
+	}
+
+	header := []string{"Reconcilers", "Running", "Failing", "Suspended", "Storage"}
+	var rows [][]string
+
+	for _, t := range types {
+		var total int
+		var suspended int
+		var failing int
+		var totalSize int64
+
+		list := unstructured.UnstructuredList{
+			Object: map[string]interface{}{
+				"apiVersion": t.Group + "/" + t.Version,
+				"kind":       t.Kind,
+			},
+		}
+
+		scope := client.InNamespace("")
+		if !statsArgs.allNamespaces {
+			scope = client.InNamespace(*kubeconfigArgs.Namespace)
+		}
+
+		if err := kubeClient.List(ctx, &list, scope); err == nil {
+			total = len(list.Items)
+
+			for _, item := range list.Items {
+				if s, _, _ := unstructured.NestedBool(item.Object, "spec", "suspend"); s {
+					suspended++
+				}
+
+				if obj, err := status.GetObjectWithConditions(item.Object); err == nil {
+					for _, cond := range obj.Status.Conditions {
+						if cond.Type == "Ready" && cond.Status == corev1.ConditionFalse {
+							failing++
+						}
+					}
+				}
+
+				if size, found, _ := unstructured.NestedInt64(item.Object, "status", "artifact", "size"); found {
+					totalSize += size
+				}
+			}
+		}
+
+		rows = append(rows, []string{
+			t.Kind,
+			formatInt(total - suspended),
+			formatInt(failing),
+			formatInt(suspended),
+			formatSize(totalSize),
+		})
+	}
+
+	err = printers.TablePrinter(header).Print(cmd.OutOrStdout(), rows)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func formatInt(i int) string {
+	return fmt.Sprintf("%d", i)
+}
+
+func formatSize(b int64) string {
+	if b == 0 {
+		return "-"
+	}
+	const unit = 1024
+	if b < unit {
+		return fmt.Sprintf("%d B", b)
+	}
+	div, exp := int64(unit), 0
+	for n := b / unit; n >= unit; n /= unit {
+		div *= unit
+		exp++
+	}
+	return fmt.Sprintf("%.1f %ciB",
+		float64(b)/float64(div), "KMGTPE"[exp])
+}

cmd/flux/suspend_alert.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var suspendAlertCmd = &cobra.Command{

cmd/flux/suspend_image_repository.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
 )
 
 var suspendImageRepositoryCmd = &cobra.Command{

cmd/flux/suspend_receiver.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
 )
 
 var suspendReceiverCmd = &cobra.Command{

cmd/flux/testdata/export/alert.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1beta1
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
 kind: Alert
 metadata:
   name: flux-system

cmd/flux/testdata/export/image-policy.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta1
+apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImagePolicy
 metadata:
   name: flux-system

cmd/flux/testdata/export/image-repo.yaml

@@ -1,10 +1,13 @@
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta1
+apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
 metadata:
   name: flux-system
   namespace: {{ .fluxns }}
 spec:
+  exclusionList:
+  - ^.*\.sig$
   image: ghcr.io/test/podinfo
   interval: 1m0s
+  provider: generic
 

cmd/flux/testdata/export/objects.yaml

@@ -4,7 +4,7 @@ kind: Namespace
 metadata:
   name: {{ .fluxns }}
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1beta1
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
 kind: Provider
 metadata:
   name: slack
@@ -14,7 +14,7 @@ spec:
   channel: 'A channel with spacess'
   address: https://hooks.slack.com/services/mock
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1beta1
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
 kind: Alert
 metadata:
   name: flux-system
@@ -30,7 +30,7 @@ spec:
     - kind: "Kustomization"
       name: "*"
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta1
+apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
 metadata:
   name: flux-system
@@ -39,7 +39,7 @@ spec:
   image: ghcr.io/test/podinfo
   interval: 1m0s
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta1
+apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImagePolicy
 metadata:
   name: flux-system
@@ -97,7 +97,7 @@ spec:
   interval: 5m
   prune: true
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1beta1
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
 kind: Receiver
 metadata:
   name: flux-system

cmd/flux/testdata/export/provider.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1beta1
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
 kind: Provider
 metadata:
   name: slack

cmd/flux/testdata/export/receiver.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1beta1
+apiVersion: notification.toolkit.fluxcd.io/v1beta2
 kind: Receiver
 metadata:
   name: flux-system

cmd/flux/testdata/helmrelease/create_helmrelease_from_git.golden

@@ -3,4 +3,4 @@
 ✔ HelmRelease created
 ◎ waiting for HelmRelease reconciliation
 ✔ HelmRelease thrfg is ready
-✔ applied revision 6.0.0
+✔ applied revision 6.3.5

cmd/flux/testdata/helmrelease/create_source_git.golden

@@ -3,4 +3,4 @@
 ✔ GitRepository source created
 ◎ waiting for GitRepository source reconciliation
 ✔ GitRepository source reconciliation completed
-✔ fetched revision: 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ fetched revision: 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9

cmd/flux/testdata/helmrelease/get_helmrelease_from_git.golden

@@ -1,2 +1,2 @@
 NAME 	REVISION	SUSPENDED	READY	MESSAGE                          
-thrfg	6.0.0   	False    	True 	Release reconciliation succeeded	
+thrfg	6.3.5   	False    	True 	Release reconciliation succeeded	

cmd/flux/testdata/helmrelease/reconcile_helmrelease_from_git.golden

@@ -1,8 +1,8 @@
 ► annotating GitRepository thrfg in {{ .ns }} namespace
 ✔ GitRepository annotated
 ◎ waiting for GitRepository reconciliation
-✔ fetched revision 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ fetched revision 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9
 ► annotating HelmRelease thrfg in {{ .ns }} namespace
 ✔ HelmRelease annotated
 ◎ waiting for HelmRelease reconciliation
-✔ applied revision 6.0.0
+✔ applied revision 6.3.5

cmd/flux/testdata/helmrelease/resume_helmrelease_from_git.golden

@@ -2,4 +2,4 @@
 ✔ helmrelease resumed
 ◎ waiting for HelmRelease reconciliation
 ✔ HelmRelease reconciliation completed
-✔ applied revision 6.0.0
+✔ applied revision 6.3.5

cmd/flux/testdata/image/get_image_policy_regex.golden

@@ -1,2 +1,2 @@
-NAME         	LATEST IMAGE                      	READY	MESSAGE                                                                
+NAME         	LATEST IMAGE                      	READY	MESSAGE                                                               
-podinfo-regex	ghcr.io/stefanprodan/podinfo:5.0.0	True 	Latest image tag for 'ghcr.io/stefanprodan/podinfo' resolved to: 5.0.0	
+podinfo-regex	ghcr.io/stefanprodan/podinfo:5.0.0	True 	Latest image tag for 'ghcr.io/stefanprodan/podinfo' resolved to 5.0.0	

cmd/flux/testdata/image/get_image_policy_semver.golden

@@ -1,2 +1,2 @@
-NAME          	LATEST IMAGE                      	READY	MESSAGE                                                                
+NAME          	LATEST IMAGE                      	READY	MESSAGE                                                               
-podinfo-semver	ghcr.io/stefanprodan/podinfo:5.0.3	True 	Latest image tag for 'ghcr.io/stefanprodan/podinfo' resolved to: 5.0.3	
+podinfo-semver	ghcr.io/stefanprodan/podinfo:5.0.3	True 	Latest image tag for 'ghcr.io/stefanprodan/podinfo' resolved to 5.0.3	

cmd/flux/testdata/kustomization/create_kustomization_from_git.golden

@@ -3,4 +3,4 @@
 ✔ Kustomization created
 ◎ waiting for Kustomization reconciliation
 ✔ Kustomization tkfg is ready
-✔ applied revision 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ applied revision 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9

cmd/flux/testdata/kustomization/create_source_git.golden

@@ -3,4 +3,4 @@
 ✔ GitRepository source created
 ◎ waiting for GitRepository source reconciliation
 ✔ GitRepository source reconciliation completed
-✔ fetched revision: 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ fetched revision: 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9

cmd/flux/testdata/kustomization/get_kustomization_from_git.golden

@@ -1,2 +1,2 @@
-NAME	REVISION     	SUSPENDED	READY	MESSAGE                         
+NAME	REVISION           	SUSPENDED	READY	MESSAGE                               
-tkfg	6.0.0/627d5c4	False    	True 	Applied revision: 6.0.0/627d5c4	
+tkfg	6.3.5@sha1:67e2c98a	False    	True 	Applied revision: 6.3.5@sha1:67e2c98a	

cmd/flux/testdata/kustomization/reconcile_kustomization_from_git.golden

@@ -1,8 +1,8 @@
 ► annotating GitRepository tkfg in {{ .ns }} namespace
 ✔ GitRepository annotated
 ◎ waiting for GitRepository reconciliation
-✔ fetched revision 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ fetched revision 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9
 ► annotating Kustomization tkfg in {{ .ns }} namespace
 ✔ Kustomization annotated
 ◎ waiting for Kustomization reconciliation
-✔ applied revision 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ applied revision 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9

cmd/flux/testdata/kustomization/resume_kustomization_from_git.golden

@@ -2,4 +2,4 @@
 ✔ kustomization resumed
 ◎ waiting for Kustomization reconciliation
 ✔ Kustomization reconciliation completed
-✔ applied revision 6.0.0/627d5c4bb67b77185f37e31d734b085019ff2951
+✔ applied revision 6.3.5@sha1:67e2c98a60dc92283531412a9e604dd4bae005a9