Merge pull request #949 from fluxcd/k8s-ver-check

Include prerelease data in k8s version constraints

.github/workflows/bootstrap.yaml

@@ -2,12 +2,14 @@ name: bootstrap
 
 on:
   push:
-    branches:
+    branches: [ main ]
-      - '*'
+  pull_request:
+    branches: [ main ]
 
 jobs:
   github:
     runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'fluxcd' }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/docs.yaml

@@ -1,9 +1,8 @@
 name: Publish docs via GitHub Pages
+
 on:
   push:
-    branches:
+    branches: [ 'docs*', main ]
-      - docs*
-      - main
 
 jobs:
   build:

.github/workflows/e2e.yaml

@@ -1,10 +1,10 @@
 name: e2e
 
 on:
-  pull_request:
   push:
-    branches:
+    branches: [ main ]
-      - main
+  pull_request:
+    branches: [ main ]
 
 jobs:
   kind:

.github/workflows/rebase.yaml

@@ -2,9 +2,9 @@ name: rebase
 
 on:
   pull_request:
-    types: [opened]
+    types: [ opened ]
   issue_comment:
-    types: [created]
+    types: [ created ]
 
 jobs:
   rebase:

.github/workflows/release.yaml

@@ -2,8 +2,7 @@ name: release
 
 on:
   push:
-    tags:
+    tags: [ '*' ]
-      - '*'
 
 jobs:
   goreleaser:

.github/workflows/scan.yaml

@@ -0,0 +1,55 @@
+name: Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '18 10 * * 3'
+
+jobs:
+  fossa:
+    name: FOSSA
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run FOSSA scan and upload build data
+        uses: fossa-contrib/fossa-action@v1
+        with:
+          # FOSSA Push-Only API Token
+          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
+          github-token: ${{ github.token }}
+
+  snyk:
+    name: Snyk
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'fluxcd' }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif
+
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: go
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/scan.yml

@@ -1,44 +0,0 @@
-name: scan
-on:
-  push:
-  pull_request:
-    branches: [main]
-
-jobs:
-  analyze:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: 1.15.x
-      - name: FOSSA Analysis
-        if: github.event_name == 'pull_request'
-        uses: fossa-contrib/fossa-action@v1
-        with:
-          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
-          github-token: ${{ github.token }}
-      - name: CodeQL Init
-        if: github.event_name == 'pull_request'
-        uses: github/codeql-action/init@v1
-        with:
-          languages: "go"
-      - name: CodeQL Autobuild
-        if: github.event_name == 'pull_request'
-        uses: github/codeql-action/autobuild@v1
-      - name: CodeQL Analysis
-        if: github.event_name == 'pull_request'
-        uses: github/codeql-action/analyze@v1
-      - name: Snyk Init
-        if: github.event_name == 'push'
-        uses: snyk/actions/setup@master
-      - name: Snyk Analysis
-        if: github.event_name == 'push'
-        run: snyk test --sarif-file-output=snyk.sarif
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      - name: Snyk Upload result to GitHub Code Scanning
-        if: github.event_name == 'push'
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: snyk.sarif

cmd/flux/check.go

@@ -81,11 +81,11 @@ func runCheckCmd(cmd *cobra.Command, args []string) error {
 
 	fluxCheck()
 
-	if !kubectlCheck(ctx, ">=1.18.0") {
+	if !kubectlCheck(ctx, ">=1.18.0-0") {
 		checkFailed = true
 	}
 
-	if !kubernetesCheck(">=1.16.0") {
+	if !kubernetesCheck(">=1.16.0-0") {
 		checkFailed = true
 	}
 
@@ -158,7 +158,7 @@ func kubectlCheck(ctx context.Context, constraint string) bool {
 
 	c, _ := semver.NewConstraint(constraint)
 	if !c.Check(v) {
-		logger.Failuref("kubectl version must be %s", constraint)
+		logger.Failuref("kubectl version %s < %s", v.Original(), constraint)
 		return false
 	}
 
@@ -193,7 +193,7 @@ func kubernetesCheck(constraint string) bool {
 
 	c, _ := semver.NewConstraint(constraint)
 	if !c.Check(v) {
-		logger.Failuref("Kubernetes version must be %s", constraint)
+		logger.Failuref("Kubernetes version %s < %s", v.Original(), constraint)
 		return false
 	}
 

docs/internal/release.md

@@ -130,7 +130,7 @@ Upgrade procedure:
 
 `fluxcd/flux2`:
 
-1. Update the `github.com/fluxcd/*-controller/api` version in `flux2/go.mod` (automated with [GitHub Actions](../../.github/workflows/update.yml))
+1. Update the `github.com/fluxcd/*-controller/api` version in `flux2/go.mod` (automated with [GitHub Actions](../../.github/workflows/update.yaml))
 1. Update the `github.com/fluxcd/pkg/*` version in `flux2/go.mod`
 1. Update the `k8s.io/*` and `github.com/fluxcd/pkg/runtime` version in `flux2/go.mod`
 

docs/roadmap/index.md

@@ -1,15 +1,49 @@
 # Roadmap
 
-In our planning discussions we identified broad three areas of work:
+!!! hint "Production readiness"
+    The Flux custom resource definitions which are at `v1beta1` and `v2beta1`
+    and their controllers are considered stable and production ready.
+    Going forward, breaking changes to the beta CRDs will be accompanied by a conversion mechanism.
+
+The following components (included by default in [flux bootstrap](../guides/installation.md#bootstrap))
+are considered production ready:
+
+- [source-controller](../components/source)
+- [kustomize-controller](../components/kustomize)
+- [notification-controller](../components/notification)
+- [helm-controller](../components/helm)
+
+The following GitOps Toolkit APIs are considered production ready:
+
+- `source.toolkit.fluxcd.io/v1beta1`
+- `kustomize.toolkit.fluxcd.io/v1beta1`
+- `notification.toolkit.fluxcd.io/v1beta1`
+- `helm.toolkit.fluxcd.io/v2beta1`
+
+## The road to Flux v2 GA
+
+In our planning discussions we have identified these possible areas of work,
+this list is subject to change while we gather feedback:
+
+- Stabilize the image automation APIs
+    * Review the spec of `ImageRepository`, `ImagePolicy` and `ImageUpdateAutomation`
+    * Promote the image automation APIs to `v1beta1`
+    * Include the image automation controllers in the default components list
+
+- Improve the documentation
+    * Gather feedback on the [migration guides](https://github.com/fluxcd/flux2/discussions/413) and address more use-cases
+    * Incident management and troubleshooting guides
+    * Cloud specific guides (AWS, Azure, Google Cloud, more?)
+    * Consolidate the docs under [fluxcd.io](https://fluxcd.io) website
+    
+## The road to Flux v1 feature parity
+
+In our planning discussions we identified three areas of work:
 
 - Feature parity with Flux v1 in read-only mode
 - Feature parity with the image-update functionality in Flux v1
 - Feature parity with Helm Operator v1
 
-All of the above will constitute "Flux v2".
-
-## The road to Flux v2
-
 ### Flux read-only feature parity
 
 [= 100% "100%"]
@@ -43,6 +77,7 @@ Tasks
 - [x]  <span style="color:grey">Implement a notification controller for Slack, MS Teams, Discord, Rocket</span>
 - [x]  <span style="color:grey">Implement Prometheus metrics in source and kustomize controllers</span>
 - [x]  <span style="color:grey">Review the git source and kustomize APIs</span>
+- [x]  <span style="color:grey">Support [bash-style variable substitution](https://toolkit.fluxcd.io/components/kustomize/kustomization/#variable-substitution) as an alternative to `flux.yaml` envsubst/sed usage</span>
 - [x]  <span style="color:grey">Create a migration guide for `flux.yaml` kustomize users</span>
 - [x]  <span style="color:grey">Include support for SOPS</span>
 
@@ -61,6 +96,7 @@ Goals
 Non-Goals
 
 -  Maintain backwards compatibility with Flux v1 annotations
+-  [Order by timestamps found inside image layers](https://github.com/fluxcd/flux2/discussions/802)
 
 Tasks
 
@@ -75,8 +111,6 @@ Tasks
 - [x] <span style="color:grey">ACR/ECR/GCR integration ([guide here](https://toolkit.fluxcd.io/guides/image-update/#imagerepository-cloud-providers-authentication))</span>
 - [x] <span style="color:grey">Write a migration guide from Flux v1 annotations ([guide here](https://toolkit.fluxcd.io/guides/flux-v1-automation-migration/))</span>
 
-## The road to Helm Operator v2
-
 ### Helm v3 feature parity
 
 [= 100% "100%"]
@@ -111,4 +145,3 @@ Tasks
 - [x]  <span style="color:grey">Implement support for referring to an alternative chart values file</span>
 - [x]  <span style="color:grey">Stabilize API</span>
 - [x]  <span style="color:grey">[Create a migration guide for Helm Operator users](../guides/helm-operator-migration.md)</span>
-- [ ] [Gather feedback on the migration guide](https://github.com/fluxcd/flux2/discussions/413)