ee1aebfa6a
Update Helm to v3.19.0
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2025-09-12 14:21:55 +01:00
eb1ff724ea
Merge pull request #1887 from fluxcd/external-artifact-conform-runtime
...
api: Make ExternalArtifact conform to runtime Getter/Setter interface
2025-09-05 23:20:13 +03:00
8d7ef1d5bf
api: Make ExternalArtifact conform to runtime Getter/Setter interface
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-05 23:12:02 +03:00
5f4f360a0d
Merge pull request #1886 from fluxcd/ea-conform-source
...
api: Make ExternalArtifact conform to the Source interface
2025-09-04 22:14:27 +03:00
48806528b7
api: Make ExternalArtifact conform to the Source interface
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-04 22:05:04 +03:00
cf7222108c
Merge pull request #1883 from fluxcd/refactor-artifact
...
[RFC-0012] Refactor controller to use `fluxcd/pkg/artifact`
2025-09-04 19:43:18 +03:00
87ca533b83
Refactor controller to use `fluxcd/pkg/artifact`
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-04 16:50:36 +03:00
c8358d063c
Merge pull request #1881 from fluxcd/external-artifact
...
[RFC-0012] Implement ExternalArtifact API
2025-09-04 14:13:16 +03:00
ba87b2ad0f
Add ExternalArtifact API documentation
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-03 23:46:16 +03:00
425b7a3300
Generate ExternalArtifact CRD
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-03 21:45:46 +03:00
4900324ab0
Add ExternalArtifact types to API
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-03 21:45:22 +03:00
c9a5e76d24
Refactor the API and controller to use the `meta.Artifact` type
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-03 20:57:45 +03:00
46516fd54f
Merge pull request #1880 from fluxcd/update-otel
...
Update otel packages to v1.38.0
2025-09-03 15:25:02 +03:00
85ac374067
Update otel packages to v1.38.0
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-09-03 15:07:16 +03:00
04ab27b42a
Merge pull request #1875 from dipti-pai/azure-blob-oidc
...
[RFC-0010] Add multi-tenant workload identity support for Azure Blob Storage
2025-09-02 10:07:52 -07:00
995f3538dc
[RFC-0010] Add multi-tenant workload identity support for Azure Blob Storage
...
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
2025-09-02 09:58:31 -07:00
4702fe6c41
Merge pull request #1878 from fluxcd/dependabot/github_actions/ci-9946de816f
...
build(deps): bump the ci group across 1 directory with 10 updates
2025-08-31 15:02:39 +03:00
bc85b79a63
build(deps): bump the ci group across 1 directory with 10 updates
...
Bumps the ci group with 10 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.2` | `5.0.0` |
| [korthout/backport-action](https://github.com/korthout/backport-action ) | `3.2.0` | `3.3.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.10.0` | `3.11.1` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.17.0` | `6.18.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.4.0` | `3.5.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action ) | `5.7.0` | `5.8.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.8.2` | `3.9.2` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.0` | `0.20.5` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) | `6.3.0` | `6.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.28.18` | `3.29.11` |
Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8https://github.com/korthout/backport-action/releases )
- [Commits](436145e922...ca4972adcehttps://github.com/docker/setup-buildx-action/releases )
- [Commits](b5ca514318...e468171a9dhttps://github.com/docker/build-push-action/releases )
- [Commits](1dc7386353...263435318dhttps://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072https://github.com/docker/metadata-action/releases )
- [Commits](902fa8ec7d...c1e51972afhttps://github.com/sigstore/cosign-installer/releases )
- [Commits](3454372f43...d58896d6a1https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](e11c554f70...da167eac91https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](9c156ee8a1...e435ccd777https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ff0a06e83c...3c3833e0f8
2025-08-31 11:55:02 +00:00
d81947c6d8
Merge pull request #1876 from fluxcd/k8s-1.34
...
Update to Go 1.25, Kubernetes v1.34.0 and Helm v3.18.6
2025-08-31 12:40:57 +03:00
18badd7849
Build with Go 1.25
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-31 10:29:43 +03:00
321957c8c6
Regenerate CRDs with controller-gen v0.19
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-31 10:29:36 +03:00
3749be4d26
Migrate tests from gotest to gomega
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-31 10:29:36 +03:00
1a244f7c30
Update dependencies to Kubernetes v1.34.0 and Helm v3.18.6
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-30 22:48:10 +03:00
12b5f6f0c5
Merge pull request #1874 from fluxcd/dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
...
build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0
2025-08-22 12:28:14 +03:00
1bb3050fd9
build(deps): bump github.com/go-viper/mapstructure/v2
...
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases )
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
dependency-version: 2.4.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-08-21 15:24:04 +00:00
e5189f6791
Merge pull request #1872 from cappyzawa/feat/default-service-account-flag
...
[RFC-0010] Add default-service-account for lockdown
2025-08-17 17:49:20 +01:00
dc3eba62b0
[RFC-0010] Add default-service-account for lockdown
...
Add --default-service-account flag for multi-tenant workload identity
lockdown support. This flag sets the default service account name to
be used when .spec.serviceAccountName is not specified in resources.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-08-18 01:32:07 +09:00
24412ed278
Merge pull request #1871 from dipti-pai/azure-obj-level-gitrepo
...
[RFC-0010] Add multi-tenant workload identity support for Azure GitRepository
2025-08-15 18:33:32 +01:00
4fe3434ee8
[RFC-0010] Add multi-tenant workload identity support for Azure GitRepository
...
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
2025-08-15 10:10:00 -07:00
5f9702bb01
Merge pull request #1868 from cappyzawa/feat/bucket-workload-identity-aws
...
[RFC-0010] Add multi-tenant workload identity support for AWS Bucket
2025-08-14 18:50:35 +01:00
041aa6c993
[RFC-0010] Add multi-tenant workload identity support for AWS Bucket
...
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-08-15 02:36:04 +09:00
48da00dba2
Merge pull request #1870 from cappyzawa/remove-tlsconfig-servername-pinning
...
Remove ServerName pinning from TLS config
2025-08-14 15:21:35 +01:00
683719d33c
Remove ServerName pinning from TLS config
...
Remove ServerName pinning functionality that can cause TLS
verification failures in production environments with redirects,
proxies, and multi-host scenarios.
The Go standard library automatically handles SNI and hostname
verification based on the actual connection target, providing
better compatibility and security than fixed ServerName values.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-08-14 22:52:50 +09:00
cd5eebfb32
Merge pull request #1860 from abhijith-darshan/feat/gh_app_tls
...
Add support for mTLS to GitHub App transport
2025-08-14 10:22:23 +03:00
46522f9815
(chore): adds tls config for GitHub App auth
...
this commit ensures that if ca.crt or caFile is available in the github app secret, a tls config with user provided certs is appended to system cert pool and passed to the underlying http transport
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): update target URL for TLSConfigFromSecret
this commit ensures that the target URL for runtime/secrets.TLSConfigFromSecret has the scheme and host
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): adds test scenarios
this commit adds test scenarios for mTLS GitHub app in reconcile source auth strategy
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): use runtime/secrets authMethods
this commit ensures that GitHubApp secret resolution happens via pkg/runtime/secrets
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): update docs
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): adds github app data check
this commit ensures that when provider is github and no github app data is present in the secret, it will error out with invalid configuration
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): removes getProxyOpts helper func
this commit removes the helper method getProxyOpts and uses the standardized pkg/runtime/secrets APIs to get proxy options.
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): removes getProxyOpts test
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): improves test coverage
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): do not stall on missing github app data
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): adds a note on mTLS configuration in docs
This commit mentions in the docs that if tls.crt and tls.key is part of the secret then mutual TLS configuration will be automatically enabled and should be used optionally.
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
2025-08-12 23:32:12 +02:00
bd6d090ef0
Merge pull request #1865 from fluxcd/fix-stalled-errors
...
Fix GitRepository controller stalling when it shouldn't
2025-08-12 14:53:01 +01:00
1f4fc2fe87
Fix GitRepository controller stalling when it shouldn't
...
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2025-08-12 14:34:12 +01:00
a84403c95b
Merge pull request #1864 from fluxcd/refactor-pkg
...
Refactor pkg structure
2025-08-12 15:31:30 +03:00
9e789f6d9a
Extract storage operations to a dedicated package
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-12 14:57:15 +03:00
ac8ec2e32a
Refactor bucket pkg structure
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-12 14:43:17 +03:00
d69d743e75
Merge pull request #1862 from cappyzawa/feat/bucket-workload-identity-gcp
...
[RFC-0010] Add multi-tenant workload identity support for GCP Bucket
2025-08-12 08:37:42 +01:00
3733163358
[RFC-0010] Add multi-tenant workload identity support for GCP Bucket
...
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-08-12 07:58:39 +09:00
1469073055
Merge pull request #1861 from fluxcd/remove-v1beta1-api
...
Remove deprecated APIs in group `source.toolkit.fluxcd.io/v1beta1`
2025-08-11 17:54:32 +03:00
ca43631480
Remove deprecated APIs in group `source.toolkit.fluxcd.io/v1beta1`
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-08-08 15:09:11 +03:00
c2b572bae0
Merge pull request #1852 from cappyzawa/feat/bucket-controller-runtime-secrets-migration
...
Migrate Bucket controller to runtime/secrets
2025-07-31 18:58:56 +03:00
9463bcf0ee
Fix missing namespace in Helm Repository Controller secret error
...
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-07-31 22:05:37 +09:00
4b18040e22
Fix missing namespace in OCI Repository Controller secret error
...
Include namespace in secret error message for better debugging context.
The secret name was already present in the error, but namespace information
was missing, making it harder to identify which secret in which namespace
was not found.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-07-31 22:05:37 +09:00
3caf8f1db9
Migrate Bucket controller to runtime/secrets
...
Replaces internal credential management with runtime/secrets package
to standardize authentication, proxy configuration, and TLS handling
across controllers. This migration eliminates code duplication by
leveraging shared utilities and improves maintainability through
consistent error handling patterns.
The refactoring splits the large reconcileSource method into focused
helper functions for better separation of concerns.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-07-31 22:05:37 +09:00
44098cfd2f
Merge pull request #1857 from cappyzawa/docs/mtls-documentation-unification
...
docs: unify mTLS authentication section titles
2025-07-31 14:02:27 +01:00
a65166578d
docs: unify mTLS authentication section titles
...
Update HelmRepository, OCIRepository, and Bucket documentation to use
"Mutual TLS Authentication" section titles instead of "Cert secret
reference". This improves discoverability of mTLS capabilities and
follows GitRepository's established pattern.
The previous generic titles obscured mutual TLS functionality, causing
users to miss this important security feature. Updated descriptions
explicitly mention mutual TLS authentication while maintaining all
existing YAML examples and technical accuracy.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
2025-07-30 23:03:51 +09:00
Matheus Pimenta
Stefan Prodan
dipti-pai
Dipti Pai
dependabot[bot]
cappyzawa
abhijith-darshan