99e5fe790a
Merge pull request #1299 from fluxcd/oci-insecure-fix
...
oci: rename `OCIChartRepository.insecure` to `insecureHTTP`
2023-11-30 17:10:26 +05:30
6a88d10bf1
oci: rename `OCIChartRepository.insecure` to `insecureHTTP`
...
Rename `OCIChartRepository.insecure` to `OCIChartRepository.insecureHTTP` in
`internal/helm/repository` to match the code docs and the related setter
method.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-11-28 18:44:35 +05:30
dc79750fbb
Merge pull request #1296 from fluxcd/dependabot/github_actions/ci-9cf97fb57d
...
build(deps): bump the ci group with 3 updates
2023-11-27 08:42:59 +01:00
a9e7ec4dd8
build(deps): bump the ci group with 3 updates
...
Bumps the ci group with 3 updates: [anchore/sbom-action](https://github.com/anchore/sbom-action ), [fossa-contrib/fossa-action](https://github.com/fossa-contrib/fossa-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `anchore/sbom-action` from 0.14.3 to 0.15.0
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](78fc58e266...fd74a6fb98https://github.com/fossa-contrib/fossa-action/releases )
- [Changelog](https://github.com/fossa-contrib/fossa-action/blob/master/CHANGELOG.md )
- [Commits](6728dc6fe9...cdc5065bcdhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](66b90a5db1...407ffafae6
2023-11-27 02:30:23 +00:00
bd95d35ee3
Merge pull request #1288 from fluxcd/helm-repo-insecure
...
Add `.spec.insecure` to `HelmRepository` for `type: oci`
2023-11-23 10:18:15 +02:00
4086c25acb
helmrepo: allow OCI helmrepos to connect to insecure registries
...
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-11-23 12:32:14 +05:30
6e78779720
Add `.spec.insecure` to `HelmRepository`
...
Allow connecting to Helm OCI repositories over plain HTTP (non-TLS endpoint).
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-11-23 12:05:37 +05:30
936cfd6716
Merge pull request #1243 from fluxcd/helmrepo-oci-static
...
Static HelmRepository OCI
2023-11-22 19:16:51 +02:00
1a7adeb801
Fix helmrepo reconciler unfinished worker bug
...
Although all the APIs had interval as a required field, when tests
objects were created, they had the zero value of interval, which the API
server accepts. A zero interval value results in the test objects to
reconcile only once when they are created and never reconcile again
unless there's an update to the object. Most of the tests worked with
this behavior.
With HelmRepository removing the interval requirement and adding an
internal default, all the HelmRepository objects created in the tests
without any interval have a default interval value which results in
objects to reconcile automatically if they are not cleaned up after
running tests. TestHelmRepositoryReconciler_InMemoryCaching and
TestHelmChartReconciler_Reconcile create HelmRepository but doesn't
delete it at the end. This leads to a reconciliation of HelmRepository
outside of the test in the envtest environment. It just happened to be
that the reconciliation time matches with the end of test time. At the
end of the test run, the reconcilers receive shutdown signal and any
test server, like helmrepository server, are stopped. A HelmRepository
reconciliation triggered just before the shutdown signal gets stuck in
the reconciliation. HelmRepository can't download the index as the test
index server has stopped and hangs for some time. The HelmRepository
reconciler worker remains in active state, unlike other reconciler
workers that shut down, resulting in the test to timeout at the end.
The is fixed by deleting the HelmRepository object created in
TestHelmRepositoryReconciler_InMemoryCaching and
TestHelmChartReconciler_Reconcile at the end of the test similar to
other tests.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-11-22 21:05:57 +05:30
3dacb3140e
optional interval and default timeout for helmrepo
...
With static HelmRepository OCI, the interval become optional. Make
interval optional in the API. Introduce getters for interval, in the
form of GetRequeueAfter(), and timeout with internal default values.
HelmRepository will not have interval and timeout fields unless it's
explicitly set.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-11-22 21:05:57 +05:30
b518499857
Update HelmRepository OCI spec doc
...
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-11-22 21:05:57 +05:30
cf3735e2a2
Static helmrepository OCI
...
Remove the HelmRepositoryOCI reconciler and make HelmRepository of type
OCI static. The existing HelmRepository OCI objects are migrated to
static object by removing their finalizers and status. New
HelmRepository OCI objects go through one time migration to remove the
status. These are not reconciled again, unless the type is changed to
default. On type switching from HelmRepository default to OCI, the
finalizer, status and artifact are removed to make the object static. On
switching from OCI to default, a complete reconciliation of
HelmRepository takes place to build artifact and add status and
finalizer.
The HelmRepository .spec.url has a new validation to check the URL
scheme. This is to add some validation to HelmRepository OCI since it's
not backed by a reconciler for full validation.
Add HelmRepositoryOCIMigrationPredicate predicate to detect and allow
reconciliation of HelmRepository OCI objects that need migration. The
other predicates that filtered the HelmRepository events based on the
type have been removed as all the HelmRepositories will now be
reconciled by a single reconciler. HelmRepositoryOCIMigrationPredicate
readily allows non-OCI objects and only checks if a migration is needed
for OCI type object.
Add controller tests for different migration scenarios.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-11-22 21:05:51 +05:30
f54a59c60b
Merge pull request #1291 from fluxcd/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.1
...
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
2023-11-22 11:46:17 +01:00
daa2166d6e
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
...
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-22 08:44:48 +00:00
76c78b87a4
Merge pull request #1289 from fluxcd/generic-secret
...
helmrepo: only configure tls login option when required
2023-11-22 08:45:34 +02:00
dfcede03f2
helmrepo: only configure tls login option when required
...
Modify `GetHelmClientOpts()` to only configure the TLS login option when
an authentication login option is configured. This prevents the
reconciler from trying to authenticate against public registries.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-11-22 10:05:45 +05:30
9ae35e98e5
Merge pull request #1286 from fluxcd/k8s-1.28
...
Update dependencies to Kubernetes v1.28
2023-11-21 10:29:41 +02:00
bfa59f5563
Update `tonistiigi/xx` to v1.3.0
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-11-21 10:17:12 +02:00
2feec3198b
Build with Go 1.21
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-11-20 17:20:08 +02:00
71806b51ed
Update sigstore/cosign to v2.2.1
...
Fix CVE-2023-46737
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-11-20 17:04:45 +02:00
58828350d5
Update dependencies to Kubernetes 1.28
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-11-20 16:50:44 +02:00
af162947d5
Merge pull request #1285 from fluxcd/dependabot/github_actions/ci-4c0557044b
...
build(deps): bump the ci group with 2 updates
2023-11-20 08:08:47 +01:00
9df76cf451
build(deps): bump the ci group with 2 updates
...
Bumps the ci group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/build-push-action` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](0565240e2d...4a13e500e5https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](74483a38d3...66b90a5db1
2023-11-20 02:50:35 +00:00
bf2c30f472
Merge pull request #1281 from fluxcd/dependabot/github_actions/ci-da8bbba46e
...
build(deps): bump the ci group with 2 updates
2023-11-13 08:52:00 +01:00
60c9a3319f
build(deps): bump the ci group with 2 updates
...
Bumps the ci group with 2 updates: [korthout/backport-action](https://github.com/korthout/backport-action ) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ).
Updates `korthout/backport-action` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](cb79e4e5f4...08bafb375ehttps://github.com/sigstore/cosign-installer/releases )
- [Commits](11086d2504...1fc5bd396d
2023-11-13 02:37:22 +00:00
8b0eccd322
Merge pull request #1271 from fluxcd/upgrade-git-gogit
...
Upgrade `go-git` to v5.10.0
2023-11-09 12:10:17 +01:00
bbfe866796
Upgrade pkg/{git,git/gogit} and go-git/go-git
...
fixes #1239
Signed-off-by: Max Jonas Werner <mail@makk.es>
2023-11-08 12:01:29 +01:00
3ab56ae4c8
Merge pull request #1276 from fluxcd/default-file-perms
...
storage: change default file permissions
2023-11-06 12:46:10 +01:00
57e829fe6f
Update `fluxcd/pkg` dependencies
...
As this includes an update of ORAS compatible with newer versions of
`github.com/docker/docker`, we can unpin this dependency.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-11-06 12:36:03 +01:00
646089e07e
storage: change default file permissions
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-11-06 12:22:40 +01:00
db31688829
Merge pull request #1277 from fluxcd/dependabot/github_actions/ci-18c09be9f8
...
build(deps): bump the ci group with 1 update
2023-11-06 07:39:03 +01:00
563ad1e6d8
build(deps): bump the ci group with 1 update
...
Bumps the ci group with 1 update: [korthout/backport-action](https://github.com/korthout/backport-action ).
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](408fae11ed...cb79e4e5f4
2023-11-06 02:32:30 +00:00
a8a81965c7
Merge pull request #1250 from fluxcd/cosign-identity-matching
...
cosign: allow identity matching for keyless verification
2023-11-02 08:13:44 -07:00
fcaf86e7eb
docs: add docs for cosign identity matching
...
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-10-31 08:04:34 -07:00
d855805b8f
cosign: allow identity matching for keyless verification
...
Add `.spec.verify.matchOIDCIdentity` to OCIRepository and HelmChart.
It allows specifying regular expressions to match against the subject and
issuer of the certificate related to the artifact signature. Its used
only if the artifact was signed using Cosign keyless signing.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-10-31 08:04:34 -07:00
8c63fba06b
Merge pull request #1272 from fluxcd/dependabot/github_actions/ci-266d728e8a
...
build(deps): bump the ci group with 2 updates
2023-10-30 08:58:33 +01:00
6be8ac9a5b
build(deps): bump the ci group with 2 updates
...
Bumps the ci group with 2 updates: [korthout/backport-action](https://github.com/korthout/backport-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `korthout/backport-action` from 1.4.0 to 2.0.0
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](bd68141f07...408fae11edhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](49abf0ba24...74483a38d3
2023-10-30 02:38:11 +00:00
19345b3789
Merge pull request #1269 from fluxcd/dependabot/go_modules/google.golang.org/grpc-1.57.1
...
build(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1
2023-10-26 00:14:16 +02:00
20730e0719
build(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 21:24:54 +00:00
c664afe632
Merge pull request #1266 from fluxcd/dependabot/github_actions/ci-ff180a8d58
...
build(deps): bump the ci group with 2 updates
2023-10-23 09:06:20 +02:00
b135c09d25
build(deps): bump the ci group with 2 updates
...
Bumps the ci group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0116bc2df5...49abf0ba24
2023-10-23 02:10:22 +00:00
f2a1814aea
Merge pull request #1228 from fluxcd/bucket-prefix
...
bucket: Add prefix filtering capability
2023-10-17 15:24:11 +03:00
674c287dbd
Bucket: add prefix support for GCP
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-10-17 15:10:33 +03:00
6d4e654522
Document Bucket prefix field
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-10-17 14:36:16 +03:00
b655149786
bucket: Add prefix filtering capability
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-10-17 14:13:04 +03:00
3073c2c261
Merge pull request #1265 from fluxcd/dependabot/github_actions/ci-24b5ea99f0
...
build(deps): bump the ci group with 1 update
2023-10-16 10:18:09 +02:00
27ca7a8b98
build(deps): bump the ci group with 1 update
...
Bumps the ci group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2cb752a87e...0116bc2df5
2023-10-16 02:59:51 +00:00
1b7a8e118a
Merge pull request #1260 from fluxcd/dependabot/go_modules/api/golang.org/x/net-0.17.0
...
build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /api
2023-10-12 09:11:52 +02:00
5b642b12ac
build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /api
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-12 06:51:46 +00:00
a522e44768
Merge pull request #1261 from fluxcd/dependabot/go_modules/golang.org/x/net-0.17.0
...
build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0
2023-10-12 08:51:16 +02:00
Sanskar Jaiswal
Max Jonas Werner
dependabot[bot]
Stefan Prodan
Sunny
Max Jonas Werner
Hidde Beydals
Hidde Beydals