fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,541 Commits 28 Branches 272 Tags 16 MiB
Commit Graph

2541 Commits

Author SHA1 Message Date
Stefan Prodan 39c0c12410
Update docker to v27.2.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-09-04 09:42:03 +03:00
dependabot[bot] 0e8d794cfd
build(deps): bump the go-deps group across 1 directory with 8 updates 
Bumps the go-deps group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.2.1` | `3.3.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.75` | `7.0.76` |
| [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) | `1.0.3` | `1.1.0` |
| [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) | `1.1.1` | `1.2.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.34.1` | `1.34.2` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.20.0` | `1.20.2` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.190.0` | `0.196.0` |



Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.0
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0)

Updates `github.com/minio/minio-go/v7` from 7.0.75 to 7.0.76
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.75...v7.0.76)

Updates `github.com/notaryproject/notation-core-go` from 1.0.3 to 1.1.0
- [Release notes](https://github.com/notaryproject/notation-core-go/releases)
- [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.0.3...v1.1.0)

Updates `github.com/notaryproject/notation-go` from 1.1.1 to 1.2.0
- [Release notes](https://github.com/notaryproject/notation-go/releases)
- [Changelog](https://github.com/notaryproject/notation-go/blob/main/RELEASE_CHECKLIST.md)
- [Commits](https://github.com/notaryproject/notation-go/compare/v1.1.1...v1.2.0)

Updates `github.com/onsi/gomega` from 1.34.1 to 1.34.2
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.34.1...v1.34.2)

Updates `github.com/prometheus/client_golang` from 1.20.0 to 1.20.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.0...v1.20.2)

Updates `github.com/sigstore/sigstore` from 1.8.8 to 1.8.9
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9)

Updates `google.golang.org/api` from 0.190.0 to 0.196.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.190.0...v0.196.0)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/notaryproject/notation-core-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/notaryproject/notation-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-04 02:52:43 +00:00
Stefan Prodan 53f7581a06
Merge pull request #1592 from fluxcd/bucket-v1-ga 
Promote Bucket API to v1
 2024-08-28 09:59:08 +03:00
Stefan Prodan 36a4889ea2
Alias Bucket providers from v1beta2 to v1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-27 17:16:14 +03:00
Stefan Prodan 2fa8c58d9f
Remove unused `accessFrom` field from Bucket v1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-24 11:43:54 +03:00
Stefan Prodan 297b5f1941
Update samples to Bucket v1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-23 14:34:27 +03:00
Stefan Prodan 5acef7b169
Add API docs for Bucket v1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-23 13:57:38 +03:00
Stefan Prodan cd48373d6c
Update controller-gen to v0.16.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-23 13:42:28 +03:00
Stefan Prodan 5be0c53729
Promote Bucket API to v1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-23 13:25:57 +03:00
Stefan Prodan 823224ea0d
Merge pull request #1589 from fluxcd/new-bucket-provider-constants 
Introduce Bucket provider constants with the common part as a prefix
 2024-08-23 12:46:59 +03:00
Matheus Pimenta 02d492bc43 Introduce Bucket provider constants with the common part as a prefix 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-22 14:48:53 -03:00
Stefan Prodan b2f08f59d3
Merge pull request #1588 from fluxcd/dependabot/github_actions/ci-4516fd8e81 
build(deps): bump the ci group across 1 directory with 3 updates
 2024-08-22 18:57:30 +03:00
dependabot[bot] 29a40bc195
build(deps): bump the ci group across 1 directory with 3 updates 
Bumps the ci group with 3 updates in the / directory: [korthout/backport-action](https://github.com/korthout/backport-action), [anchore/sbom-action](https://github.com/anchore/sbom-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `korthout/backport-action` from 3.0.2 to 3.1.0
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](bd410d37cd...be567af183)

Updates `anchore/sbom-action` from 0.17.1 to 0.17.2
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](ab9d16d4b4...61119d458a)

Updates `github/codeql-action` from 3.26.2 to 3.26.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](429e197704...f0f3afee80)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-22 11:55:56 +00:00
Matheus Pimenta 74e82d2467
Merge pull request #1585 from fluxcd/bucket-sts-endpoint-ldap 
Add LDAP provider for Bucket STS API
 2024-08-22 08:50:09 -03:00
Matheus Pimenta 10ac11314d Add LDAP provider for Bucket STS API 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-22 08:41:23 -03:00
Matheus Pimenta 7c4fdd5f36
Merge pull request #1536 from matheuscscp/ocirepo-proxy 
Add proxy support for OCIRepository API
 2024-08-15 11:11:07 -03:00
Matheus Pimenta 03a118a94c Add proxy support for OCIRepository API 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-15 10:29:57 -03:00
Stefan Prodan 145ed4a0bb
Merge pull request #1583 from fluxcd/cosign-v2.4.0 
Update cosign to v2.4.0
 2024-08-15 12:12:51 +03:00
Stefan Prodan cfccdb5491
Update cosign to v2.4.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-15 11:18:32 +03:00
Stefan Prodan 5b980f1d02
Merge pull request #1579 from fluxcd/dependabot/github_actions/ci-392b9cf7da 
build(deps): bump github/codeql-action from 3.26.1 to 3.26.2 in the ci group
 2024-08-15 10:34:30 +03:00
dependabot[bot] da32ec205f
build(deps): bump github/codeql-action in the ci group 
Bumps the ci group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.26.1 to 3.26.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](29d86d22a3...429e197704)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-15 07:05:30 +00:00
Stefan Prodan 164e1a7c7d
Merge pull request #1582 from fluxcd/go-1.23 
Build with Go 1.23
 2024-08-15 10:03:29 +03:00
Stefan Prodan 4eaedd54b8
Build with Go 1.23 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-15 09:52:45 +03:00
Stefan Prodan d39592f7d9
Merge pull request #1578 from fluxcd/k8s-1.31 
Update dependencies to Kubernetes v1.31.0
 2024-08-15 09:48:34 +03:00
Stefan Prodan 93ad04b6c8
Update dependencies to Kubernetes v1.31.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2024-08-14 21:40:29 +03:00
Stefan Prodan 20c9d7f296
Merge pull request #1576 from fluxcd/dependabot/github_actions/ci-da4bee5f54 
build(deps): bump the ci group across 1 directory with 9 updates
 2024-08-14 21:04:59 +03:00
dependabot[bot] 87c564e1f0
build(deps): bump the ci group across 1 directory with 9 updates 
Bumps the ci group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.6` | `4.1.7` |
| [actions/setup-go](https://github.com/actions/setup-go) | `5.0.1` | `5.0.2` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.0.0` | `3.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.3.0` | `3.6.1` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `5.4.0` | `6.7.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.5.0` | `3.6.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.16.0` | `0.17.1` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.8` | `3.26.1` |



Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a5ac7e51b4...692973e3d9)

Updates `actions/setup-go` from 5.0.1 to 5.0.2
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](cdcb360436...0a12ed9d6a)

Updates `docker/setup-qemu-action` from 3.0.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](68827325e0...49b3bc8e6b)

Updates `docker/setup-buildx-action` from 3.3.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](d70bba72b1...988b5a0280)

Updates `docker/build-push-action` from 5.4.0 to 6.7.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](ca052bb54a...5cd11c3a4c)

Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)

Updates `sigstore/cosign-installer` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](59acb6260d...4959ce089c)

Updates `anchore/sbom-action` from 0.16.0 to 0.17.1
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](e8d2a6937e...ab9d16d4b4)

Updates `github/codeql-action` from 3.25.8 to 3.26.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2e230e8fe0...29d86d22a3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-14 02:39:26 +00:00
Matheus Pimenta e1ff038fca
Merge pull request #1568 from fluxcd/bucket-aws-proxy 
Add proxy support for AWS S3 buckets
 2024-08-11 21:51:52 +01:00
Matheus Pimenta 08fff6500a
Merge pull request #1567 from fluxcd/bucket-azure-proxy 
Add proxy support for Azure buckets
 2024-08-11 21:34:12 +01:00
Matheus Pimenta 625e672c7a Add proxy support for AWS S3 buckets 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-09 22:26:53 +01:00
Matheus Pimenta b6bd2abe2d Add proxy support for Azure buckets 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-09 22:17:06 +01:00
Sunny f494cf8574
Merge pull request #1574 from fluxcd/az-blob-int-visitobjects 
azure-blob: Fix VisitObjects() in integration test
 2024-08-10 00:43:20 +05:30
Sunny 0618f54717
azure-blob: Fix VisitObjects() in integration test 
Signed-off-by: Sunny <github@darkowlzz.space>
 2024-08-09 18:58:17 +00:00
Matheus Pimenta 67f6cba19d
Merge pull request #1565 from matheuscscp/bucket-gcp-proxy 
Add proxy support for GCS buckets
 2024-08-09 19:15:28 +01:00
Matheus Pimenta 31ed900a90 Add proxy support for GCS buckets 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-09 19:05:10 +01:00
Matheus Pimenta c41c2d6f09
Merge pull request #1552 from matheuscscp/bucket-sts-endpoint 
Add support for AWS STS endpoint in the Bucket API
 2024-08-08 22:20:36 +01:00
Matheus Pimenta 7536ab4b02 Add support for AWS STS endpoint in the Bucket API 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-08-08 16:35:01 +01:00
Sunny 218af573a3
Merge pull request #1516 from bb-Ricardo/main 
Fix Helm index validation for Artifactory
 2024-07-22 19:45:05 +05:30
ricardo.bartels@telekom.de a65f6fda92 mitigate issue with chart validation in Helm 3.14 #1515 
Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
 2024-07-19 20:07:29 +02:00
Sunny 58b4e6d719
Merge pull request #1550 from matheuscscp/fix-bucket-err-msg 
Improve invalid proxy error message for Bucket API
 2024-07-16 18:05:00 +05:30
Matheus Pimenta 8d19782683 Improve invalid proxy error message for Bucket API 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-07-16 09:57:31 +01:00
Matheus Pimenta 54cb2d8fd9
Merge pull request #1539 from matheuscscp/debug-dup-subcharts 
Fix HelmChart local dependency resolution for name-based path
 2024-07-10 15:01:30 +01:00
Matheus Pimenta d941101697 Fix HelmChart local dependency resolution for name-based path 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-07-10 12:09:59 +01:00
Stefan Prodan 8d8e7cc982
Merge pull request #1529 from octo/fix-conditions-usage 
Fix incorrect use of format strings with the `conditions` package.
 2024-07-05 17:14:46 +03:00
Florian Forster 277e5c1d55
Prefer `%s` over `%v` when formatting errors. 
Signed-off-by: Florian Forster <fforster@gitlab.com>
 2024-07-05 15:55:33 +02:00
Florian Forster fa3022443c
fix: Print `strings.Builder` by calling `String()` explicitly. 
The `String()` method is only defined for the pointer receiver.

Signed-off-by: Florian Forster <fforster@gitlab.com>
 2024-07-05 15:55:32 +02:00
Florian Forster 8be37ef1d2
Fix incorrect use of format strings with the `conditions` package. 
Many of the functions in the `conditions` package accept a format string and
(optional) arguments, just like `fmt.Printf` and friends.

In many places, the code passed an error message as the format string, causing
it to be interpreted by the `fmt` package. This leads to issues when the
message contains percent signs, e.g. URL-encoded values.

Consider the following code:

```go
// internal/controller/ocirepository_controller.go
revision, err := r.getRevision(ref, opts)
if err != nil {
	e := serror.NewGeneric(
		fmt.Errorf("failed to determine artifact digest: %w", err),
		ociv1.OCIPullFailedReason,
	)
	conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, e.Reason, e.Err.Error())
	return sreconcile.ResultEmpty, e
}
```

Since `getRevision()` includes the URL in the error message and the error
message is used as a format string, the resulting condition reads:

```
failed to determine artifact digest: GET https://gitlab.com/jwt/auth?scope=repository%!A(MISSING)fforster%!F(MISSING)<REDACTED>%!F(MISSING)k8s-resource-manifests%!A(MISSING)pull&service=container_registry: DENIED: access forbidden
```

This adds an explicit format string and shortens `e.Error()` and
`e.Err.Error()` to `e`, which yields the same output.

To the best of my knowledge, Go is safe from format string attacks. I **don't**
think this is a security vulnerability, but I'm also not a security expert.

Signed-off-by: Florian Forster <fforster@gitlab.com>
 2024-07-05 15:55:31 +02:00
Stefan Prodan 3c0dda47d3
Merge pull request #1535 from matheuscscp/matheuscscp-maintainer 
Add matheuscscp as maintainer
 2024-07-05 09:30:10 +03:00
Matheus Pimenta b5d881357f Add matheuscscp as maintainer 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2024-07-03 15:33:53 +01:00
Stefan Prodan c7e8330442
Merge pull request #1500 from matheuscscp/bucket-generic-proxy 
Add support for `.spec.proxySecretRef` for generic provider of Bucket API
 2024-07-03 17:20:11 +03:00