Commit Graph

98 Commits

Author SHA1 Message Date
Sunny 8b43f6d7a7 gitrepo: Add more reconciler design improvements
- Remove ArtifactUnavailable condition and use Reconciling condition to
  convey the same.
- Make Reconciling condition affect the ready condition.
- Introduce summarizeAndPatch() to calculate the final status conditions
  and patch them.
- Introduce reconcile() to iterate through the sub-reconcilers and
  execute them.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-02-15 15:55:38 +05:30
Hidde Beydals 6ee2b95345 Implement new runtime interfaces, prepare testenv
This commit ensures all API objects implement the interfaces used by
the runtime package to work with conditions, etc., and prepares the
test suite to work with the `pkg/runtime/testenv` wrapper.

Changes are made in a backwards compatible way (that being: the
existing code can still be build and works as expected), but without
proper dependency boundaries. The result of this is that the API
package temporary depends on the runtime package, which is resolved
when all reconcilers have been refactored and the API package does
no longer contain condition modifying functions.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-02-15 15:40:57 +05:30
Sunny c40e6829ec
Update git2go to v31.7.6
Keeping the git2go version the same as in image-automation-controller.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-01-21 16:39:16 +05:30
Robert Clarke 3d276b679b libgit2: Configured libgit2 clone ProxyOptions
This configures ProxyOptions for all libgit2 Checkout functions when
cloning and configures the options based on current environment
settings using the git2go.ProxyTypeAuto option.

Refs: #131
Signed-off-by: Robert Clarke <rob@robertandrewclarke.com>
Co-authored-by: Aurélien GARNIER <aurelien.garnier@atos.net>
2022-01-18 19:35:47 +00:00
Stefan Prodan 641aac496c
Update containerd to v1.5.9 (fix CVE-2021-43816)
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-07 10:03:18 +02:00
Stefan Prodan 509a0dd983
Update containerd to v1.5.8 (fix GHSA-5j5w-g665-5m35)
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-05 15:47:29 +02:00
Aurel Canciu 22d0880e4d
Update flux pkg components
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
2021-12-20 14:47:44 +01:00
Aurel Canciu 27ef5c10d8
Remove mod replaces
The mod replaces are no longer required since helm v3.7.1.

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
2021-12-20 13:11:21 +01:00
Aurel Canciu e3d04b31bc
Update Go to v1.17
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
2021-12-20 13:11:21 +01:00
Paulo Gomes 058788b623
Bump dependencies to patch security advisories
Advisories fixed:
github.com/opencontainers/runc: CVE-2021-43784 GO-2021-0085 GO-2021-0087

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2021-12-09 10:11:34 +00:00
Hidde Beydals 78f4bdc8f6 Update github.com/minio/minio-go to `v7.0.15`
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-22 16:27:10 +01:00
Stefan Prodan de09b6ee9b Update controller-runtime to v0.10.2
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-22 14:36:43 +01:00
Stefan Prodan 058a016a60 Add ACL optional field to Source API
Cherry-picked from 525be388ec.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-22 11:41:55 +01:00
Sunny 7c910e37a2 internal/helm: local builder & dep manager test
Add more chart local builder and dependency manager tests.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-11-19 17:04:00 +01:00
Hidde Beydals 4ce894a62c Update opencontainers/image-spec to v1.0.2
Another patch for CVE-2021-41190.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-19 13:58:30 +01:00
Hidde Beydals f933cb5923 Update docker/cli to v20.10.9
To mitigate warnings for CVE-2021-41092. Because even if there is no
impact whatsoever, we are nice people.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-19 13:58:30 +01:00
Hidde Beydals 19eb3d5ce7 Update docker/distribution to v2.7.0-rc.0
This mitigates another warning for CVE-2017-11468, which is mostly
triggered because a part of Helm depends on it that our code paths
never reach.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-19 13:58:30 +01:00
Hidde Beydals d10c51547a Update containerd and runc dependencies
To mitigate warnings for CVE-2021-41190 which effects both.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-19 13:58:30 +01:00
Sunny 68a3ea2e4d Add tests for libgit2 remote callbacks
- Adds tests for the libgit2 remote callbacks
- Adds tests for CheckoutStrategyForImplementation with context timeout
  and verify timeout is respected by both the git implementations.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-11-04 16:17:23 +05:30
Sunny f9a34045e1 Update gittestserver
New gittestserver fixes the issue with custom branch in an
initialized repo.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-10-27 00:43:31 +05:30
Sunny 8c581ddfbc Add git.CheckoutStrategy auth tests
Adds tests for git.CheckoutStrategy to check if both the git
implementations work with all the authentication methods.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-10-27 00:43:31 +05:30
pa250194 5077c1f9f6 Added more tests and cleaned up GCP provider logic
Signed-off-by: pa250194 <pa250194@ncr.com>
2021-10-14 14:26:33 -05:00
pa250194 be1ed50ac4 Service Account Key Authentication to GCP Provider
Signed-off-by: pa250194 <pa250194@ncr.com>
2021-10-14 14:16:53 -05:00
pa250194 39811ed46a Add Support for GCP storage with workload identity
Added Support for Google Cloud Storage with Workload Identity as
Source Provider. This enables the use of GCP without enabling S3
compatible access.

Signed-off-by: pa250194 <pa250194@ncr.com>
2021-10-14 14:07:11 -05:00
Stefan Prodan 6fe6f07d5e Update containerd and runc to fix CVEs
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-14 13:49:52 -05:00
Hidde Beydals 869c7960e3 Update github.com/libgit2/git2go to v31.6.1
This commit updates `github.com/libgit2/git2go` to `v31.6.1` (with
`libgit2` `1.1.1`), and changes the container image build process so
that it makes use of `ghcr.io/hiddeco/golang-with-libgit2`.

This image provides a pre-build dynamic `libgit2` dependency linked
against OpenSSL and LibSSH2 (without gcrypt), and a set of cross-compile
build tools (see
[rationale](https://github.com/hiddeco/golang-with-libgit2#rationale) and
[usage](https://github.co/hiddeco/golang-with-libgit2#usage) for more
detailed information).

The linked set of dependency should solve most known issues around
unsupport private key types, but does not resolve the issues with ECDSA*
and ED25519 hostkeys yet. Solving this requires a newer version of
`libgit2` (`>=1.2.0`), which currently does not seem to work properly
with `git2go/v32`.

Some small changes have been made to the `libgit2` package to address
(future) deprecations.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-10-14 13:48:15 -05:00
pa250194 6ff5970fe1 Added more tests and cleaned up GCP provider logic
Signed-off-by: pa250194 <pa250194@ncr.com>
2021-09-16 09:49:56 -05:00
pa250194 0444c6e16d Service Account Key Authentication to GCP Provider
Signed-off-by: pa250194 <pa250194@ncr.com>
2021-09-16 09:49:56 -05:00
pa250194 7da9619b58 Feature: Add Support for Google Cloud Storage along with Workload Identity
Added Support for Google Cloud Storage with Workload Identity as Source Provider. This enables the use of GCP without enabling S3 compatible access.

Signed-off-by: pa250194 <pa250194@ncr.com>
2021-09-16 09:49:56 -05:00
Hidde Beydals d0560e5dbe Use same SemVer logic in both Git implementations
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-08-05 12:40:54 +02:00
Stefan Prodan 7001b34f10
Update dependencies
- k8s.io/* v0.21.3
- controller-runtime v0.9.5
- kubectl 1.21.3

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-08-05 12:43:08 +03:00
Hidde Beydals 5e8e0ab65c Update Helm to v3.6.3
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-07-14 23:24:26 +02:00
Hidde Beydals 1f27410b34 Update Helm to v3.6.1
v3.6.1 is a a security update from Helm, ensuring that credentials are
always only passed to the defined repository host.

Based on Helm user reports, disabling this behavior may be required for
some Helm repository solutions like Artifactory, and may be done by
setting `PassCredentials` in the `HelmRepositorySpec`.

For more information, see:
https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-18 12:31:23 +02:00
Hidde Beydals 2d8a540f0c Unpin docker Go Module dependency
No longer required as we do now depend on Helm v3.6.0, which no longer
pins the version.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-10 16:48:00 +02:00
Hidde Beydals a76b10cebb Update K8s, controller-runtime and fluxcd/pkg deps
Controller-runtime has been updated to `v0.9.0`, K8s dependencies to
`v0.21.1`, and all `fluxcd/pkg` and other dependencies to the versions
that have matching dependencies and/or build constraints.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-08 13:41:34 +02:00
Hidde Beydals e1682da795 Update go-git to v5.4.2
This should resolve `object not found` and
`empty git-upload-pack given` errors that were thrown for Git
repositories that used to work fine before the `v0.13.0` release.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-02 11:20:23 +02:00
Stefan Prodan 4f5b958806
Update libgit2/git2go to v31.4.14
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-05-26 14:08:01 +03:00
Stefan Prodan 79b180376d
Update go-git to v5.4.1
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-05-26 14:06:41 +03:00
Philip Laine fcf7048992 Add include property to GitRepositories
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Signed-off-by: Philip Laine <philip.laine@xenit.se>
2021-05-11 09:46:50 +02:00
Stefan Prodan bd0f1fdd19
Release v0.12.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-04-21 17:57:50 +03:00
Stefan Prodan cb491c9f10
Update fluxcd/pkg/runtime to v0.11.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-04-21 15:04:16 +03:00
Stefan Prodan 51a62a6043
Update fluxcd/pkg/runtime to v0.10.2
Followup: https://github.com/fluxcd/pkg/pull/96

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-04-19 15:05:40 +03:00
Stefan Prodan d7c90a533d
Update Helm to v3.5.4
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-04-15 11:57:01 +03:00
Stefan Prodan f0016cfad1
Enable self-signed certs for go-git
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-03-29 13:23:32 +03:00
Stefan Prodan a034c5d955
Set leader election deadline to 30s
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-03-25 13:43:22 +02:00
Somtochi Onyekwere 2624ba93a3 Record suspension metric
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
2021-03-17 14:04:21 +01:00
Stefan Prodan 2f04bd3043
Update dependencies
- helm.sh/helm/v3 v3.5.3
- github.com/minio/minio-go/v7 v7.0.10
- sigs.k8s.io/controller-runtime v0.8.3

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-03-12 12:39:23 +02:00
Michael Bridgen f7e08c4738 Tidy git clone errors
In some circumstances (that are rather hard to reproduce), cloning
from a GitLab repo gets a multiline response as described in
https://github.com/fluxcd/image-automation-controller/pull/115.

This uses the same remedy as in that PR, by calling the funcs provided
by fluxcd/pkg/gitutil on any error returned by libgit2 or gogit clone
operations.

Signed-off-by: Michael Bridgen <mikeb@squaremobius.net>
2021-03-03 13:41:53 +00:00
Stefan Prodan 22f5a6f6fb
Update dependencies
- helm.sh/helm/v3 v3.5.2 (forces us into pinning docker)
- sigs.k8s.io/controller-tools/cmd/controller-gen v0.4.1
- sigs.k8s.io/controller-runtime v0.8.2
- fluxcd/pkg/apis/meta v0.8.0
- fluxcd/pkg/runtime v0.8.3

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-02-23 13:18:21 +02:00
Philip Laine c063484761 Add custom certificate validation
Signed-off-by: Philip Laine <philip.laine@gmail.com>
2021-02-08 12:19:22 +01:00