- Controller change to use the GitHub authentication information specified in Git Repository's `.spec.secretRef` to create the auth options to authenticate to git repositories when the `provider` field is set to `github`,
- Tests for new `github` provider field in IAC
- Updated docs to use GitHub Apps for authentication in image-automation-controller.
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
This adds .spec.git.commit.messageTemplateValues as a map of strings
that can be used to supplement the rendering of the commit message
template.
Signed-off-by: Kevin McDermott <bigkevmcd@gmail.com>
- Controller changes to set the provider options in git authOptions to fetch provider credentials while building git config if `.spec.provider` field is set to `azure`.
- API docs for setting up Azure workload identity in IAC
- Unit tests for testing provider settings in git config
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
The `Mark…` functions in the `conditions` package accept a format string and
(optional) arguments, just like `fmt.Printf` and friends.
In many places, the code passed an error message as the format string, causing
it to be interpreted as a format string by the `fmt` package. This leads to
issues when the message contains percent signs, e.g. URL-encoded values.
This PR adds a format string and shortens `err.Error()` to `err`, which yields
the same output.
This change is identical in principle to fluxcd/source-controller#1529.
Signed-off-by: Florian Forster <fforster@gitlab.com>
Rewrite the controller tests to test the new behavior of the reconciler
and also simplify the tests for scenarios that are now being tests in
internal/source package, especially the git operations related tests.
Some of the old controller tests are still kept to ensure those
functionalities continue to work after the controller rewrite, even if
some of them are redundant. They can be removed in the future for the
tests in the respective subpackages, internal/policy and
internal/source.
New tests that focus the status conditions and notifications have been
added for various possible scenarios.
The test helpers have been modified to simplify their usage and some
have been replaced with their equivalent version from the testutils
package.
Signed-off-by: Sunny <github@darkowlzz.space>
Introduce the rewritten reconciler which uses v1beta2 API and the new
internal/policy and internal/source packages for performing all the
operations. The reconciliation model is written similar to the other
flux controller, with simplified events and logs, and kstatus support.
The reconciliation result computation similar to
image-reflector-controller, using the same reconciler helpers from
pkg/runtime repo.
With the new status fields ObservedPolicies and ObservedSourceRevision,
the reconciler now avoid full sync of the source which involves cloning
the source every time. If the policies and the remote source have not
changed since the last reconciliation, the reconciliation is returned
early without cloning and apply the updates. This is only applicable
when the checkout branch and the push branch are the same. For a
different push branch and refspec, full sync is always performed as
before.
Notifications are now only sent when there's something new to inform
about. If there is no change, an source up-to-date notification is sent.
When there's an update, the details about the pushed commit with any
rendered commit template is send. When there's a failure, the error is
sent in the notification. And when there's an error recovery, a success
notification is sent to rely that the automation has recovered.
Signed-off-by: Sunny <github@darkowlzz.space>
Since the reconciler is being completely rewritten, remove the old
controller file. A new controller file with the new implemementation
will be added in the following commit.
Signed-off-by: Sunny <github@darkowlzz.space>
Move all the Git source management code into a new package and introduce
abstractions to manage the source as per the needs of image update
automation. A new type, SourceManager, is introduced which configures
and manages the source. It provides methods to perform relevant actions
on the source and also the ability to customize those actions. It also
introduces PushResult which contains the information about the changes
that were pushed. It can be used to gather information about the pushed
commit and get a summary of the operation.
All the source related operations are tested in this package,
independent of the reconciler. The tests from the controller e2e tests
have been rewritten in terms of source manager, making the tests focused
and simpler.
The source change commit operation uses the new ResultV2 update result
which includes the old and new strings that are part of the update. The
previous Result type is still available to use.
Signed-off-by: Sunny <github@darkowlzz.space>
Move the policy applying code to a separate package so that it can be
tested and maintained independent of the other components, and imported
to other packages where needed.
Signed-off-by: Sunny <github@darkowlzz.space>
Move all the common test utilities that are needed for testing different
packages into a common testutil package. Modify the test helpers to be
more generic to be reusable.
Signed-off-by: Sunny <github@darkowlzz.space>
ImageUpdateAutomationReconciler watches GitRepository and ImagePolicy
kinds for every event. This leads to unnecessary extra reconciliations
at times. For example when the controller starts with existing
resources, the same ImageUpdateAutomation object gets reconciled at
least twice, once due to the watch on ImageUpdateAutomation startup
and again due to the watches on GitRepository and ImagePolicy for create
event, as they get registered in the cache.
Add predicates to filter the ImagePolicy to only allow events for latest
image update, and GitRepository to only allow events for change in the
source configuration.
Signed-off-by: Sunny <github@darkowlzz.space>
Fix the push branch reported in the logs and status if
`.spec.git.push.branch==.spec.git.checkout.branch`.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Retry reconciliation in `TestImageUpdateAutomationReconciler_deleteBeforeFinalizer`
as sometimes it fails with a latest version conflict error.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add proxy support for Git operations using the proxy configuration
specified in the source GitRepository's `.spec.proxySecretRef`.
Refactor the Git client building process to make it more testable.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add `.spec.git.push.refspec` to allow specifying a refspec to be used
for performing a push operation. If specified alongside
`.spec.git.push.branch`, two push operations, one for each specified
push configuration will be performed.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
The metrics helper now accepts owned finalizers to determine if an
object is no longer managed by the controller and is being deleted, and
deletes the metrics associated with the object.
Call the metrics recording defer function in controller early to be able
to record the object in deleting state.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
In Reconcile() method, move the object deletion above add finalizer.
Finalizers can't be set when an object is being deleted.
Introduce a cacheless client in suite_test to use for testing this
change. It ensures that the Reconcile() call always operates on the
latest version of the object which has the deletion timestamp and
existing finalizer.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Set package name in the files under internal/controller to have the
base name of the directory.
This style is recommended by Go, and certain text editors/IDEs get
confused when the names don't match.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This replaces the `fluxcd/go-git` fork with official go-git v5.7.0
release, after all patches from the fork have been included
upstream.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This deals with various breaking changes in controller-runtime, as
documented in the release notes:
https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.15.0
In short:
- `Watches` now use a `client.Object` instead of a `source.Kind`.
- `handler.MapFunc` signature accepts a Go context, which is used to
log any errors, instead of silently ignoring them and/or panicking.
- Fake clients used in tests are now configured using
`WithStatusSubresource` to enable the correct behavior for status
updates and patches.
- Max concurrent reconciles and panic recovery is configured on the
manager, instead of configuring them per reconciler instance.
- Various manager configuration options have been moved to new
structures and/or fields.
In addition to this, all other dependencies which had updates are
updated to their latest (compatible) versions as well. Including an
update of kyaml to match Kustomize v5.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Add support for decrypting the private key of the commit signing PGP
key. The secret specified in `spec.commit.signingKey.secretRef` can now
optionally have a `passphrase` key where it's value is the password to
be used for decryptin the private key.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
The new feature gate enables users to toggle the download of all branch
head references when push branches are configured.
Tests were refactored to ensure that they are feature gate sensitive.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
ForceGoGitImplementation ignores the value set for gitImplementation
and ensures that go-git is used for all GitRepository objects.
This can be used to confirm that Flux instances won't break if/when
the libgit2 implementation was to be deprecated.
When enabled, libgit2 won't be initialized, nor will any git2go cgo
code be called.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Automations using a different push branch can now
enable force push to ensure that it gets refreshed
with the latest version of the branch used for the
clone operation.
Initially this was going to be added in combination
with Shallow clones for the `go-git` implementation.
However, force push is required for feature completeness
whilst Shallow clones are mostly an optimisation, and
will therefore be implemented at a later stage.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
kane8n
Matheus Pimenta
lukas8219
Dipti Pai
Kevin McDermott
Sunny
Max Jonas Werner
Florian Forster
Maxim Samoilov
Max Jonas Werner
Sanskar Jaiswal
Sunny
Hidde Beydals
Paulo Gomes