- Add `.spec.sparseCheckout` and `.status.observedSparseCheckout` fields to `GitRepository`.
- Add controller support to send the sparse checkout directories to go-git via pkg methods.
- Use `.status/observedSparseCheckout` to detect drift in configuration.
- Trim leading "./" in directory paths.
- Validate spec configuration by checking directories specified in spec exist in the cloned repository after successful checkout
- Add tests for testing the observed sparse checkout behavior.
- Add docs describing the new fields.
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
- API change to add new `github` provider field in `GitRepository` spec.
- Controller change to use the GitHub authentication information specified in `.spec.secretRef` to create the auth options to authenticate to git repositories when the `provider` field is set to `github`,
- Tests for new `github` provider field
- Updated docs to use GitHub Apps for authentication in source-controller.
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
- Add a new provider field to GitRepository API spec which can be set to azure to enable passwordless authentication to Azure DevOps repositories.
- API docs for new provider field and guidance to setup Azure environment with workload identity.
- Controller changes to set the provider options in git authoptions to fetch credential while cloning the repository.
- Add unit tests for testing provider
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
If implemented a semver filter regex can be declared in conjuction with
a semver range in the OCIRepository `spec.Reference`
Signed-off-by: Soule BA <bah.soule@gmail.com>
With static HelmRepository OCI, the interval become optional. Make
interval optional in the API. Introduce getters for interval, in the
form of GetRequeueAfter(), and timeout with internal default values.
HelmRepository will not have interval and timeout fields unless it's
explicitly set.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Add `.spec.verify.matchOIDCIdentity` to OCIRepository and HelmChart.
It allows specifying regular expressions to match against the subject and
issuer of the certificate related to the artifact signature. Its used
only if the artifact was signed using Cosign keyless signing.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Adopt Kubernetes TLS secrets API to check for TLS data in the Secret
referred to by `.spec.certSecretRef`, i.e. check for keys `tls.crt` and
`tls.key` for the certificate and private key. Use `ca.crt` for the CA
certificate.
Deprecate the usage of `caFile`, `certFile` and `keyFile` keys.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Adopt Kubernetes TLS secrets API to check for TLS data in the Secret
referred to by `.spec.certSecretRef`, i.e. check for keys `tls.crt` and
`tls.key` for the certificate and private key. Use `ca.crt` for the CA
certificate.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add three new verification modes for `.spec.verify.mode`:
* `HEAD`: Verify the commit that the HEAD of the repo points to after
checking out to the ref specified in `.spec.ref`. Its the same as
`head`, which cannot be removed due to backwards compatibility
reasons and is converted to `HEAD` internally.
* `Tag`: Verify the tag referred to by `.spec.ref.tag`.
* `TagAndHEAD`: Verify the tag referred to by `.spec.ref.tag` and the
commit that the tag points to.
The default is `HEAD`, to ensure backwards compatibility.
Furthermore, add `.status.sourceVerificationMode` to record the last
successful verification mode used.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add `.spec.certSecretRef` to HelmRepository for specifying TLS auth data
in a secret using the `certFile`, `caFile` and `keyFile` keys. Mark
support for these keys in the secret specified in `.spec.secretRef` as
deprecated.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add `.spec.proxySecretRef.name` to the `GitRepository` API to allow
referencing a secret containing the proxy settings to be used for all
remote Git operations for the particular `GitRepository` object.
It takes precedence over any proxy configured through enviornment
variables.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add a new field `.spec.ref.name` which points to a Git reference which
enables checking out to a particular commit pointed to by the specified
reference.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
As discussed in RFC-0005, this introduces a `Digest` field to the
`Artifact` in favor of the now deprecated `Checksum`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
When using a TLS authentication, user can provide a custom certificate
by setting the caFile key in the secret, not caCert.
Signed-off-by: Yohan Belléguic <yohan.belleguic@arkea.com>
Delete a failed verification condition at the beginning of the source
reconciliation and set `SourceVerifiedCondition` to false approprietly.
Set the `BuildOptions.Verify` to true as long as Verify is enabled in the
API fields.
Signed-off-by: Soule BA <soule@weave.works>
Replace content config checksum with explicit artifact content config
observations. It makes the observations of the controller more
transparent and easier to debug.
Introduces `observedIgnore`, `observedRecurseSubmodules` and
`observedInclude` status fields.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Replace content config checksum with explicit artifact content config
observations. It makes the observations of the controller more
transparent and easier to debug.
Introduces `observedIgnore` and `observedLayerSelector` status fields.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Introduce contentConfigChecksum in the OCIRepository status to store a
checksum of the values that affect the source artifact. It is used to
detect when to rebuild an artifact when the spec changes.
The considerations for this are similar to the GitRepository
reconciler no-op clone implementation. Both reconcileSource and
reconcileArtifact need to consider the source configuration change
when deciding if the artifact in the storage is up-to-date.
Adds tests for reconcileSource and reconcileArtifact for the noop
cases.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Dipti Pai
Stefan Prodan
Matheus Pimenta
Robin Breathe
Soule BA
Sunny
Sanskar Jaiswal
Hidde Beydals
Hidde Beydals
Yohan Belléguic
Paulo Gomes
Soule BA