Merge pull request #943 from fluxcd/disable-darwin-arm64

Exclude ARM archs from Darwin release builds

.github/workflows/fossa.yml

@@ -1,25 +0,0 @@
-name: FOSSA
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: "^1.14.x"
-      - name: Add GOPATH to GITHUB_ENV
-        run: echo "GOPATH=$(go env GOPATH)" >>"$GITHUB_ENV"
-      - name: Add GOPATH to GITHUB_PATH
-        run: echo "$GOPATH/bin" >>"$GITHUB_PATH"
-      - name: Run FOSSA scan and upload build data
-        uses: fossa-contrib/fossa-action@v1
-        with:
-          # FOSSA Push-Only API Token
-          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
-          github-token: ${{ github.token }}

.github/workflows/scan.yml

@@ -0,0 +1,44 @@
+name: scan
+on:
+  push:
+  pull_request:
+    branches: [main]
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.15.x
+      - name: FOSSA Analysis
+        if: github.event_name == 'pull_request'
+        uses: fossa-contrib/fossa-action@v1
+        with:
+          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
+          github-token: ${{ github.token }}
+      - name: CodeQL Init
+        if: github.event_name == 'pull_request'
+        uses: github/codeql-action/init@v1
+        with:
+          languages: "go"
+      - name: CodeQL Autobuild
+        if: github.event_name == 'pull_request'
+        uses: github/codeql-action/autobuild@v1
+      - name: CodeQL Analysis
+        if: github.event_name == 'pull_request'
+        uses: github/codeql-action/analyze@v1
+      - name: Snyk Init
+        if: github.event_name == 'push'
+        uses: snyk/actions/setup@master
+      - name: Snyk Analysis
+        if: github.event_name == 'push'
+        run: snyk test --sarif-file-output=snyk.sarif
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - name: Snyk Upload result to GitHub Code Scanning
+        if: github.event_name == 'push'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif

.goreleaser.yml

@@ -20,6 +20,8 @@ builds:
     id: darwin
     goos:
       - darwin
+    goarch:
+      - amd64
   - <<: *build_defaults
     id: windows
     goos:

action/Dockerfile

@@ -1,6 +0,0 @@
-FROM stefanprodan/alpine-base:latest
-
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

action/README.md

@@ -10,15 +10,20 @@ Usage:
         run: flux -v
 ```
 
-This action places the `flux` binary inside your repository root under `bin/flux`.
-You should add `bin/flux` to your `.gitignore` file, as in the following example:
-
-```gitignore
-# ignore flux binary
-bin/flux
-```
-
 Note that this action can only be used on GitHub **Linux AMD64** runners.
+The latest stable version of the `flux` binary is downloaded from
+GitHub [releases](https://github.com/fluxcd/flux2/releases)
+and placed at `/usr/local/bin/flux`.
+
+You can download a specific version with:
+
+```yaml
+    steps:
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+        with:
+          version: 0.8.0
+```
 
 ### Automate Flux updates
 

action/action.yml

@@ -1,15 +1,38 @@
-name: 'kustomize'
+name: Setup Flux CLI
-description: 'A GitHub Action for running Flux commands'
+description: A GitHub Action for running Flux commands
-author: 'Flux project'
+author: Stefan Prodan
 branding:
-  icon: 'command'
+  color: blue
-  color: 'blue'
+  icon: command
 inputs:
   version:
-    description: 'strict semver'
+    description: "Flux version e.g. 0.8.0 (defaults to latest stable release)"
     required: false
 runs:
-  using: 'docker'
+  using: composite
-  image: 'Dockerfile'
+  steps:
-  args:
+    - name: "Download flux binary to tmp"
-    - ${{ inputs.version }}
+      shell: bash
+      run: |
+        VERSION=${{ inputs.version }}
+
+        if [ -z $VERSION ]; then
+          VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
+        fi
+
+        BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_amd64.tar.gz"
+        curl -sL ${BIN_URL} -o /tmp/flux.tar.gz
+        mkdir -p /tmp/flux
+        tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz
+    - name: "Add flux binary to /usr/local/bin"
+      shell: bash
+      run: |
+        sudo cp /tmp/flux/flux /usr/local/bin
+    - name: "Cleanup tmp"
+      shell: bash
+      run: |
+        rm -rf /tmp/flux/ /tmp/flux.tar.gz
+    - name: "Verify correct installation of binary"
+      shell: bash
+      run: |
+        flux -v

action/entrypoint.sh

@@ -1,40 +0,0 @@
-#!/bin/bash
-
-#  Copyright 2020 The Flux authors
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-set -e
-
-VERSION=$1
-
-if [ -z $VERSION ]; then
-  # Find latest release if no version is specified
-  VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
-fi
-
-# Download linux binary
-BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_amd64.tar.gz"
-curl -sL $BIN_URL | tar xz
-
-# Copy binary to GitHub runner
-mkdir -p $GITHUB_WORKSPACE/bin
-mv ./flux $GITHUB_WORKSPACE/bin
-chmod +x $GITHUB_WORKSPACE/bin/flux
-
-# Print version
-$GITHUB_WORKSPACE/bin/flux -v
-
-# Add binary to GitHub runner path
-echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-echo "$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin" >> $GITHUB_PATH

cmd/flux/bootstrap.go

@@ -132,6 +132,17 @@ func generateInstallManifests(targetPath, namespace, tmpDir string, localManifes
 			return "", err
 		}
 		bootstrapArgs.version = version
+	} else {
+		if ok, err := install.ExistingVersion(bootstrapArgs.version); err != nil || !ok {
+			if err == nil {
+				err = fmt.Errorf("targeted version '%s' does not exist", bootstrapArgs.version)
+			}
+			return "", err
+		}
+	}
+
+	if !utils.CompatibleVersion(VERSION, bootstrapArgs.version) {
+		return "", fmt.Errorf("targeted version '%s' is not compatible with your current version of flux (%s)", bootstrapArgs.version, VERSION)
 	}
 
 	opts := install.Options{

cmd/flux/check.go

@@ -21,14 +21,19 @@ import (
 	"encoding/json"
 	"os"
 	"os/exec"
-	"strings"
 	"time"
 
-	"github.com/blang/semver/v4"
+	"github.com/Masterminds/semver/v3"
-	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/spf13/cobra"
+	v1 "k8s.io/api/apps/v1"
 	apimachineryversion "k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/kubernetes"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/fluxcd/pkg/version"
+
+	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 )
 
 var checkCmd = &cobra.Command{
@@ -74,6 +79,8 @@ func runCheckCmd(cmd *cobra.Command, args []string) error {
 	logger.Actionf("checking prerequisites")
 	checkFailed := false
 
+	fluxCheck()
+
 	if !kubectlCheck(ctx, ">=1.18.0") {
 		checkFailed = true
 	}
@@ -101,7 +108,29 @@ func runCheckCmd(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
-func kubectlCheck(ctx context.Context, version string) bool {
+func fluxCheck() {
+	curSv, err := version.ParseVersion(VERSION)
+	if err != nil {
+		return
+	}
+	// Exclude development builds.
+	if curSv.Prerelease() != "" {
+		return
+	}
+	latest, err := install.GetLatestVersion()
+	if err != nil {
+		return
+	}
+	latestSv, err := version.ParseVersion(latest)
+	if err != nil {
+		return
+	}
+	if latestSv.GreaterThan(curSv) {
+		logger.Failuref("flux %s <%s (new version is available, please upgrade)", curSv, latestSv)
+	}
+}
+
+func kubectlCheck(ctx context.Context, constraint string) bool {
 	_, err := exec.LookPath("kubectl")
 	if err != nil {
 		logger.Failuref("kubectl not found")
@@ -117,58 +146,58 @@ func kubectlCheck(ctx context.Context, version string) bool {
 
 	kv := &kubectlVersion{}
 	if err = json.Unmarshal([]byte(output), kv); err != nil {
-		logger.Failuref("kubectl version output can't be unmarshaled")
+		logger.Failuref("kubectl version output can't be unmarshalled")
 		return false
 	}
 
-	v, err := semver.ParseTolerant(kv.ClientVersion.GitVersion)
+	v, err := version.ParseVersion(kv.ClientVersion.GitVersion)
 	if err != nil {
 		logger.Failuref("kubectl version can't be parsed")
 		return false
 	}
 
-	rng, _ := semver.ParseRange(version)
+	c, _ := semver.NewConstraint(constraint)
-	if !rng(v) {
+	if !c.Check(v) {
-		logger.Failuref("kubectl version must be %s", version)
+		logger.Failuref("kubectl version must be %s", constraint)
 		return false
 	}
 
-	logger.Successf("kubectl %s %s", v.String(), version)
+	logger.Successf("kubectl %s %s", v.String(), constraint)
 	return true
 }
 
-func kubernetesCheck(version string) bool {
+func kubernetesCheck(constraint string) bool {
 	cfg, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		logger.Failuref("Kubernetes client initialization failed: %s", err.Error())
 		return false
 	}
 
-	client, err := kubernetes.NewForConfig(cfg)
+	clientSet, err := kubernetes.NewForConfig(cfg)
 	if err != nil {
 		logger.Failuref("Kubernetes client initialization failed: %s", err.Error())
 		return false
 	}
 
-	ver, err := client.Discovery().ServerVersion()
+	kv, err := clientSet.Discovery().ServerVersion()
 	if err != nil {
 		logger.Failuref("Kubernetes API call failed: %s", err.Error())
 		return false
 	}
 
-	v, err := semver.ParseTolerant(ver.String())
+	v, err := version.ParseVersion(kv.String())
 	if err != nil {
 		logger.Failuref("Kubernetes version can't be determined")
 		return false
 	}
 
-	rng, _ := semver.ParseRange(version)
+	c, _ := semver.NewConstraint(constraint)
-	if !rng(v) {
+	if !c.Check(v) {
-		logger.Failuref("Kubernetes version must be %s", version)
+		logger.Failuref("Kubernetes version must be %s", constraint)
 		return false
 	}
 
-	logger.Successf("Kubernetes %s %s", v.String(), version)
+	logger.Successf("Kubernetes %s %s", v.String(), constraint)
 	return true
 }
 
@@ -176,23 +205,29 @@ func componentsCheck() bool {
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 
-	statusChecker, err := NewStatusChecker(time.Second, 30*time.Second)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return false
+	}
+
+	statusChecker, err := NewStatusChecker(time.Second, rootArgs.timeout)
 	if err != nil {
 		return false
 	}
 
 	ok := true
-	deployments := append(checkArgs.components, checkArgs.extraComponents...)
+	selector := client.MatchingLabels{"app.kubernetes.io/instance": rootArgs.namespace}
-	for _, deployment := range deployments {
+	var list v1.DeploymentList
-		if err := statusChecker.Assess(deployment); err != nil {
+	if err := kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace), selector); err == nil {
-			ok = false
+		for _, d := range list.Items {
-		} else {
+			if err := statusChecker.Assess(d.Name); err != nil {
-			logger.Successf("%s: healthy", deployment)
+				ok = false
-		}
+			} else {
-
+				logger.Successf("%s: healthy", d.Name)
-		kubectlArgs := []string{"-n", rootArgs.namespace, "get", "deployment", deployment, "-o", "jsonpath=\"{..image}\""}
+			}
-		if output, err := utils.ExecKubectlCommand(ctx, utils.ModeCapture, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...); err == nil {
+			for _, c := range d.Spec.Template.Spec.Containers {
-			logger.Actionf(strings.TrimPrefix(strings.TrimSuffix(output, "\""), "\""))
+				logger.Actionf(c.Image)
+			}
 		}
 	}
 	return ok

cmd/flux/create_helmrelease.go

@@ -25,6 +25,7 @@ import (
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
+	"github.com/fluxcd/pkg/runtime/transform"
 
 	"github.com/spf13/cobra"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -198,7 +199,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 			if valuesMap == nil {
 				valuesMap = jsonMap
 			} else {
-				valuesMap = utils.MergeMaps(valuesMap, jsonMap)
+				valuesMap = transform.MergeMaps(valuesMap, jsonMap)
 			}
 		}
 

cmd/flux/install.go

@@ -106,19 +106,9 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 
-	tmpDir, err := ioutil.TempDir("", rootArgs.namespace)
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	if !installExport {
-		logger.Generatef("generating manifests")
-	}
-
 	components := append(installDefaultComponents, installExtraComponents...)
-
+	err := utils.ValidateComponents(components)
-	if err := utils.ValidateComponents(components); err != nil {
+	if err != nil {
 		return err
 	}
 
@@ -127,6 +117,27 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		if err != nil {
 			return err
 		}
+	} else {
+		if ok, err := install.ExistingVersion(installVersion); err != nil || !ok {
+			if err == nil {
+				err = fmt.Errorf("targeted version '%s' does not exist", installVersion)
+			}
+			return err
+		}
+	}
+
+	if !utils.CompatibleVersion(VERSION, installVersion) {
+		return fmt.Errorf("targeted version '%s' is not compatible with your current version of flux (%s)", installVersion, VERSION)
+	}
+
+	tmpDir, err := ioutil.TempDir("", rootArgs.namespace)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if !installExport {
+		logger.Generatef("generating manifests")
 	}
 
 	opts := install.Options{

docs/components/helm/controller.md

@@ -20,6 +20,7 @@ Features:
 - Runs Helm install/upgrade in a specific order, taking into account the depends-on relationship defined in a set of `HelmRelease` objects
 - Prunes Helm releases removed from cluster (garbage collection) 
 - Reports Helm releases statuses (alerting provided by [notification-controller](../notification/controller.md))
+- Built-in Kustomize compatible Helm post renderer, providing support for strategic merge, JSON 6902 and images patches
 
 Links:
 

docs/guides/monitoring.md

@@ -67,7 +67,7 @@ Ready status metrics:
 ```sh
 gotk_reconcile_condition{kind, name, namespace, type="Ready", status="True"}
 gotk_reconcile_condition{kind, name, namespace, type="Ready", status="False"}
-gotk_reconcile_condition{kind, name, namespace, type="Ready", status="Unkown"}
+gotk_reconcile_condition{kind, name, namespace, type="Ready", status="Unknown"}
 gotk_reconcile_condition{kind, name, namespace, type="Ready", status="Deleted"}
 ```
 

docs/guides/sealed-secrets.md

@@ -52,10 +52,10 @@ flux create helmrelease sealed-secrets \
 --target-namespace=flux-system \
 --source=HelmRepository/sealed-secrets \
 --chart=sealed-secrets \
---chart-version="1.10.x"
+--chart-version="1.13.x"
 ```
 
-With chart version `1.10.x` we configure helm-controller to automatically upgrade the release
+With chart version `1.13.x` we configure helm-controller to automatically upgrade the release
 when a new chart patch version is fetched by source-controller.
 
 At startup, the sealed-secrets controller generates a 4096-bit RSA key pair and 
@@ -81,7 +81,7 @@ Generate a Kubernetes secret manifest with kubectl:
 kubectl -n default create secret generic basic-auth \
 --from-literal=user=admin \
 --from-literal=password=change-me \
---dry-run \
+--dry-run=client \
 -o yaml > basic-auth.yaml
 ```
 
@@ -141,7 +141,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: stable
-      version: "1.10.x"
+      version: "1.13.x"
   interval: 1h0m0s
   releaseName: sealed-secrets
   targetNamespace: flux-system

go.mod

@@ -3,19 +3,20 @@ module github.com/fluxcd/flux2
 go 1.15
 
 require (
-	github.com/blang/semver/v4 v4.0.0
+	github.com/Masterminds/semver/v3 v3.1.0
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/fluxcd/helm-controller/api v0.7.0
 	github.com/fluxcd/image-automation-controller/api v0.5.0
 	github.com/fluxcd/image-reflector-controller/api v0.6.0
-	github.com/fluxcd/kustomize-controller/api v0.8.0
+	github.com/fluxcd/kustomize-controller/api v0.8.1
 	github.com/fluxcd/notification-controller/api v0.8.0
 	github.com/fluxcd/pkg/apis/meta v0.8.0
 	github.com/fluxcd/pkg/git v0.3.0
-	github.com/fluxcd/pkg/runtime v0.8.0
+	github.com/fluxcd/pkg/runtime v0.8.2
 	github.com/fluxcd/pkg/ssh v0.0.5
 	github.com/fluxcd/pkg/untar v0.0.5
-	github.com/fluxcd/source-controller/api v0.8.0
+	github.com/fluxcd/pkg/version v0.0.1
+	github.com/fluxcd/source-controller/api v0.8.1
 	github.com/google/go-containerregistry v0.2.0
 	github.com/manifoldco/promptui v0.7.0
 	github.com/olekukonko/tablewriter v0.0.4

go.sum

@@ -69,6 +69,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14=
 github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
+github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk=
+github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -112,10 +114,7 @@ github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
-github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bombsimon/wsl v1.2.5/go.mod h1:43lEF/i0kpXbLCeDXL9LMT8c92HyBywXb0AsgMHYngM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
@@ -201,8 +200,8 @@ github.com/fluxcd/image-automation-controller/api v0.5.0 h1:A8hXCPAbvfvEI+Z7E9+v
 github.com/fluxcd/image-automation-controller/api v0.5.0/go.mod h1:t1rcueSECYj/77cXWsji06uEQgzdTV+2Hdd+ryCqKhg=
 github.com/fluxcd/image-reflector-controller/api v0.6.0 h1:M62HPqw2UvFRVNKy0EMtNUJC9BJ6HC3VULnV0gnqlpg=
 github.com/fluxcd/image-reflector-controller/api v0.6.0/go.mod h1:MS3mGjZLnzZsfSqVLGbp0WNJr/k8XRFpw4G6ApLFTbc=
-github.com/fluxcd/kustomize-controller/api v0.8.0 h1:i8xFqIQweqvSFiYBaoAnYnaKw+M5n50n+8yb5LgjIss=
+github.com/fluxcd/kustomize-controller/api v0.8.1 h1:5kAQq98qdO2xaQL6qeb1accvdUnko4pB+dxYcSZRrrs=
-github.com/fluxcd/kustomize-controller/api v0.8.0/go.mod h1:RIaE0c/tgHr75OP9f1CAQzm0n7yGFqWf2jZcNb1ix28=
+github.com/fluxcd/kustomize-controller/api v0.8.1/go.mod h1:RIaE0c/tgHr75OP9f1CAQzm0n7yGFqWf2jZcNb1ix28=
 github.com/fluxcd/notification-controller/api v0.8.0 h1:lOLYX2H/owlL8I9ws1lS6uN9dmaJk3KtT+/MgQhPKIw=
 github.com/fluxcd/notification-controller/api v0.8.0/go.mod h1:nWQZb8DeTM/tdgTxCts6QRxfXTtTPQWuQGeoffwYUbw=
 github.com/fluxcd/pkg/apis/kustomize v0.0.1 h1:TkA80R0GopRY27VJqzKyS6ifiKIAfwBd7OHXtV3t2CI=
@@ -216,12 +215,16 @@ github.com/fluxcd/pkg/git v0.3.0/go.mod h1:ZwG0iLOqNSyNw6lsPIAO+v6+BqqCXyV+r1Oq6
 github.com/fluxcd/pkg/runtime v0.6.2/go.mod h1:RuqYOYCvBJwo4rg83d28WOt2vfSaemuZCVpUagAjWQc=
 github.com/fluxcd/pkg/runtime v0.8.0 h1:cnSBZJLcXlKgjXpFFFExu+4ZncIxmPgNIx+ErLcCLnA=
 github.com/fluxcd/pkg/runtime v0.8.0/go.mod h1:tQwEN+RESjJmtwSSv7I+6bkNM9raIXpGsCjruaIVX6A=
+github.com/fluxcd/pkg/runtime v0.8.2 h1:NeQPw9srRH4zmu2eM+NJ9QdJMd0RcyOr4j5WiWQU8as=
+github.com/fluxcd/pkg/runtime v0.8.2/go.mod h1:tQwEN+RESjJmtwSSv7I+6bkNM9raIXpGsCjruaIVX6A=
 github.com/fluxcd/pkg/ssh v0.0.5 h1:rnbFZ7voy2JBlUfMbfyqArX2FYaLNpDhccGFC3qW83A=
 github.com/fluxcd/pkg/ssh v0.0.5/go.mod h1:7jXPdXZpc0ttMNz2kD9QuMi3RNn/e0DOFbj0Tij/+Hs=
 github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7gk=
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
-github.com/fluxcd/source-controller/api v0.8.0 h1:jOgeOwCLXzmjinRiDT7e/IuSB7WNZMgrUwMLJm09K/o=
+github.com/fluxcd/pkg/version v0.0.1 h1:/8asQoDXSThz3csiwi4Qo8Zb6blAxLXbtxNgeMJ9bCg=
-github.com/fluxcd/source-controller/api v0.8.0/go.mod h1:u2sdc/QDm0tzXHL7mZVj928hc3MMU+4mKCuAQg+94Bk=
+github.com/fluxcd/pkg/version v0.0.1/go.mod h1:WAF4FEEA9xyhngF8TDxg3UPu5fA1qhEYV8Pmi2Il01Q=
+github.com/fluxcd/source-controller/api v0.8.1 h1:chxvMoOJLW1MLKXvaNqytZkwHxHMl4s0V5zBn9EFVuo=
+github.com/fluxcd/source-controller/api v0.8.1/go.mod h1:u2sdc/QDm0tzXHL7mZVj928hc3MMU+4mKCuAQg+94Bk=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=

internal/utils/utils.go

@@ -46,14 +46,16 @@ import (
 	kustypes "sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/yaml"
 
-	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	imageautov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
 	imagereflectv1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 	"github.com/fluxcd/pkg/runtime/dependency"
+	"github.com/fluxcd/pkg/version"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+
+	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 )
 
 type Utils struct {
@@ -203,41 +205,6 @@ func SplitKubeConfigPath(path string) []string {
 	return strings.Split(path, sep)
 }
 
-func WriteFile(content, filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return err
-	}
-	defer file.Close()
-
-	_, err = io.WriteString(file, content)
-	if err != nil {
-		return err
-	}
-
-	return file.Sync()
-}
-
-func CopyFile(src, dst string) error {
-	in, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer in.Close()
-
-	out, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer out.Close()
-
-	_, err = io.Copy(out, in)
-	if err != nil {
-		return err
-	}
-	return out.Close()
-}
-
 func ContainsItemString(s []string, e string) bool {
 	for _, a := range s {
 		if a == e {
@@ -400,23 +367,22 @@ func ValidateComponents(components []string) error {
 	return nil
 }
 
-// TODO(stefan): move this to fluxcd/pkg
+// CompatibleVersion returns if the provided binary version is compatible
-// taken from: https://github.com/fluxcd/helm-controller/blob/main/internal/util/util.go
+// with the given target version. At present, this is true if the target
-func MergeMaps(a, b map[string]interface{}) map[string]interface{} {
+// version is equal to the MINOR range of the binary, or if the binary
-	out := make(map[string]interface{}, len(a))
+// version is a prerelease.
-	for k, v := range a {
+func CompatibleVersion(binary, target string) bool {
-		out[k] = v
+	binSv, err := version.ParseVersion(binary)
+	if err != nil {
+		return false
 	}
-	for k, v := range b {
+	// Assume prerelease builds are compatible.
-		if v, ok := v.(map[string]interface{}); ok {
+	if binSv.Prerelease() != "" {
-			if bv, ok := out[k]; ok {
+		return true
-				if bv, ok := bv.(map[string]interface{}); ok {
-					out[k] = MergeMaps(bv, v)
-					continue
-				}
-			}
-		}
-		out[k] = v
 	}
-	return out
+	targetSv, err := version.ParseVersion(target)
+	if err != nil {
+		return false
+	}
+	return binSv.Major() == targetSv.Major() && binSv.Minor() == targetSv.Minor()
 }

internal/utils/utils_test.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package utils
+
+import "testing"
+
+func TestCompatibleVersion(t *testing.T) {
+	tests := []struct {
+		name   string
+		binary string
+		target string
+		want   bool
+	}{
+		{"different major version", "1.1.0", "0.1.0", false},
+		{"different minor version", "0.1.0", "0.2.0", false},
+		{"same version", "0.1.0", "0.1.0", true},
+		{"binary patch version ahead", "0.1.1", "0.1.0", true},
+		{"target patch version ahead", "0.1.1", "0.1.2", true},
+		{"prerelease binary", "0.0.0-dev.0", "0.1.0", true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := CompatibleVersion(tt.binary, tt.target); got != tt.want {
+				t.Errorf("CompatibleVersion() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

manifests/bases/kustomize-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/kustomize-controller/archive/v0.8.0.zip//kustomize-controller-0.8.0/config/crd
+- https://github.com/fluxcd/kustomize-controller/archive/v0.8.1.zip//kustomize-controller-0.8.1/config/crd
-- https://github.com/fluxcd/kustomize-controller/archive/v0.8.0.zip//kustomize-controller-0.8.0/config/manager
+- https://github.com/fluxcd/kustomize-controller/archive/v0.8.1.zip//kustomize-controller-0.8.1/config/manager
 - account.yaml
 patchesJson6902:
 - target:

manifests/bases/source-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/source-controller/archive/v0.8.0.zip//source-controller-0.8.0/config/crd
+- https://github.com/fluxcd/source-controller/archive/v0.8.1.zip//source-controller-0.8.1/config/crd
-- https://github.com/fluxcd/source-controller/archive/v0.8.0.zip//source-controller-0.8.0/config/manager
+- https://github.com/fluxcd/source-controller/archive/v0.8.1.zip//source-controller-0.8.1/config/manager
 - account.yaml
 patchesJson6902:
 - target:

pkg/manifestgen/install/install.go

@@ -87,7 +87,7 @@ func GetLatestVersion() (string, error) {
 
 	res, err := c.Get(ghURL)
 	if err != nil {
-		return "", fmt.Errorf("calling GitHub API failed: %w", err)
+		return "", fmt.Errorf("GitHub API call failed: %w", err)
 	}
 
 	if res.Body != nil {
@@ -104,3 +104,32 @@ func GetLatestVersion() (string, error) {
 
 	return m.Tag, err
 }
+
+// ExistingVersion calls the GitHub API to confirm the given version does exist.
+func ExistingVersion(version string) (bool, error) {
+	if !strings.HasPrefix(version, "v") {
+		version = "v" + version
+	}
+
+	ghURL := fmt.Sprintf("https://api.github.com/repos/fluxcd/flux2/releases/tags/%s", version)
+	c := http.DefaultClient
+	c.Timeout = 15 * time.Second
+
+	res, err := c.Get(ghURL)
+	if err != nil {
+		return false, fmt.Errorf("GitHub API call failed: %w", err)
+	}
+
+	if res.Body != nil {
+		defer res.Body.Close()
+	}
+
+	switch res.StatusCode {
+	case http.StatusOK:
+		return true, nil
+	case http.StatusNotFound:
+		return false, nil
+	default:
+		return false, fmt.Errorf("GitHub API returned an unexpected status code (%d)", res.StatusCode)
+	}
+}