Added Support for Google Cloud Storage with Workload Identity as
Source Provider. This enables the use of GCP without enabling S3
compatible access.
Signed-off-by: pa250194 <pa250194@ncr.com>
The version was accidentally set to an invalid version, causing the
API documentation generation to fail.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds a `ReconcileStrategy` field to the `HelmChart` resource, which
allows defining when a new chart should be packaged and/or published if it
originates from a `Bucket` or `GitRepository` resource.
The two available strategies are:
- `ChartVersion`: creates a new artifact when the version of the Helm chart as
defined in the `Chart.yaml` from the Source is different from the current
version.
- `Revision`: creates a new artifact when the revision of the Source is
different from the current revision.
For the `Revision` strategy, the (checksum part of the) revision of the
artifact the chart originatesfrom is added as SemVer metadata.
A chart from a `GitRepository` with Artifact revision
`main/f0faacd5164a875ebdbd9e3fab778f49c5aadbbc` and a chart with e.g. SemVer
`0.1.0` will be published as `0.1.0+f0faacd5164a875ebdbd9e3fab778f49c5aadbbc`.
A chart from a `Bucket` with Artifact revision
`f0faacd5164a875ebdbd9e3fab778f49c5aadbbc` and a chart with e.g. SemVer `0.1.0`
will be published as `0.1.0+f0faacd5164a875ebdbd9e3fab778f49c5aadbbc`.
Signed-off-by: Dylan Arbour <arbourd@users.noreply.github.com>
This ensures the Dockerfile used for testing is making use of the
same scratch image to compile `libgit2` as the actual application
image.
In a future iteration we should restructure our GitHub Action
workflows to re-use the application image, saving us an additional
Dockerfile and a duplicate build. Inspiration for this (which makes
use of a local registry for the duration of the build) can be found
at: https://github.com/fluxcd/golang-with-libgit2/blob/main/.github/workflows/build.yaml
Signed-off-by: Hidde Beydals <hello@hidde.co>
This moves the `libgit2` compilation to the image, to ensure it
can be build on builders that aren't backed by AMD64.
The image is structured in such a way that e.g. running nightly
builds targeting a different Go version, or targeting a different
OS vendor would be possible in the future via build arguments.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This can be useful on machines where libgit2 is installed due to other
applications depending on it, but where the composition of this
installation does not properly work with the controller.
Reason the system version is still preferred, is because this lowers the
barrier for drive-by contributors, as a working set of (Git) dependencies
should only really be required if you are going to perform work in that
domain.
Signed-off-by: Hidde Beydals <hello@hidde.co>
To provide a better (contributing) experience to those with Apple
machines, as determining the correct paths there is a bit harder.
Signed-off-by: Hidde Beydals <hello@hidde.co>
To allow building a multi-platform container image using `buildx`.
Various configuration flags allow for fine(r)-grain control over the
build process:
- `BASE_IMG`: FQDN of the base image that should be used, without a
tag.
- `BASE_TAG: tag of the base image that should be used. Allows checksum
sum to be included.
- `BUILDX_PLATFORMS`: platforms to target for the final container
image.
- `BUILDX_ARGS`: additional `docker buildx build` arguments, e.g.
`--push` to push the result to a (local) image registry.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit updates `github.com/libgit2/git2go` to `v31.6.1` (with
`libgit2` `1.1.1`), and changes the container image build process so
that it makes use of `ghcr.io/hiddeco/golang-with-libgit2`.
This image provides a pre-build dynamic `libgit2` dependency linked
against OpenSSL and LibSSH2 (without gcrypt), and a set of cross-compile
build tools (see
[rationale](https://github.com/hiddeco/golang-with-libgit2#rationale) and
[usage](https://github.co/hiddeco/golang-with-libgit2#usage) for more
detailed information).
The linked set of dependency should solve most known issues around
unsupport private key types, but does not resolve the issues with ECDSA*
and ED25519 hostkeys yet. Solving this requires a newer version of
`libgit2` (`>=1.2.0`), which currently does not seem to work properly
with `git2go/v32`.
Some small changes have been made to the `libgit2` package to address
(future) deprecations.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This ensures the checksum is predictable, and not influenced by e.g.
different runtime configuration settings, or FS specific data.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Use fluxcd/pkg/actions/envtest to setup envtest.
Since the run-test action runs in a container, the host $PATH is not
passed to the test container. The ENV directive in actions/run-tests
Dockerfile is used to append the PATH with envtest binary path. This
helps avoid redownload of the envtest binaries when it's not found in
the path via the Makefile targets.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Use setup-envtest for installing the binaries required for using
envtest.
The latest envtest binaries for k8s v1.21.2 are not compatible with
kubebuilder < v3, which results in envtest suite test tear down
failure. envtest fails to stop the kube-apiserver.
```
timeout waiting for process kube-apiserver to stop
```
Pin to k8s v1.19.2 envtest binaries that work with kubebuilder v2.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
This commit changes the checksum method which is used to calculate the
revision of a Bucket source, so that the file paths are taken into
account and directory structure changes can be observed.
Signed-off-by: Hidde Beydals <hello@hidde.co>
controller-runtime's client package provides ObjectKeyFromObject() to
extract NamespacedName from a given object. ObjectKey() in
internal/util package is a helper for the same. Replace the internal
helper with controller-runtime's helper for the same.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
SetHeadDetached (git_repository_set_head_detached) only changes HEAD,
and does not actually checkout the files on disk. Use CheckoutHead with
the CheckoutForce Strategy to actually check the files out on disk.
Additionally add a test that validates the hash of a checked out file's
contents.
Previously, the hash of the desired tag was being reported as the
checked out revision by the GitRepository. However the wrong files were
checked out and an incorrect revision would be deployed by Flux.
Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
pa250194
Hidde Beydals
Hidde Beydals
Dylan Arbour
Stefan Prodan
Sunny
Blake Burkhart