Merge branch 'main' into szinn-add-checkout-token

allenporter · Jan 13, 2024 · a355fc7 · a355fc7
2 parents ad4d5df + e76c0fe
commit a355fc7
Show file tree

Hide file tree

Showing 137 changed files with 8,047 additions and 3,704 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,24 @@
+# Docker environment for local development in devcontainer
+
+FROM ubuntu:jammy-20231128
+
+RUN apt-get update --fix-missing && \
+    apt-get upgrade -y && \
+    apt-get install -y --fix-missing \
+        curl \
+        unzip \
+        software-properties-common \
+        vim \
+        git \
+        python3-pip
+
+COPY --from=docker.io/bitnami/kubectl:1.29.0            /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/kubectl
+COPY --from=registry.k8s.io/kustomize/kustomize:v5.3.0  /app/kustomize                   /usr/local/bin/kustomize
+COPY --from=ghcr.io/kyverno/kyverno-cli:v1.11.3         /ko-app/kubectl-kyverno          /usr/local/bin/kyverno
+COPY --from=docker.io/alpine/helm:3.13.3                /usr/bin/helm                    /usr/local/bin/helm
+COPY --from=ghcr.io/fluxcd/flux-cli:v2.2.2              /usr/local/bin/flux              /usr/local/bin/flux
+
+COPY requirements.txt /src/
+RUN pip3 install -r /src/requirements.txt
+
+SHELL ["/bin/bash", "-c"]
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,9 +1,13 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
-// README at: https://github.com/devcontainers/templates/tree/main/src/kubernetes-helm
 {
 	"name": "Kubernetes - Local Configuration",
 	"build": {
 		"context": "..",
-		"dockerfile": "../Dockerfile"
-	}
+		"dockerfile": "./Dockerfile"
+	},
+	// Creates a local volume where you the developer need to clone the git
+	// repo inside the container. Uses a local volume since this project
+	// relies heavily on local disk performance.
+	//"workspaceMount": "source=flux-local,target=/workspaces,type=volume",
+	//"workspaceFolder": "/workspaces/",
+	//"postCreateCommand": "chown vscode /workspaces",
 }
diff --git a/.github/workflows/container-release.yaml b/.github/workflows/container-release.yaml
@@ -0,0 +1,53 @@
+---
+name: Container Release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          flavor: |
+            latest=true
+            prefix=v
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/container-test.yaml b/.github/workflows/container-test.yaml
@@ -0,0 +1,52 @@
+---
+name: Container Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    if: ${{ github.event.pull_request.head.repo.full_name == 'allenporter/flux-local' || github.event_name != 'pull_request' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/flux-local-diff.yaml b/.github/workflows/flux-local-diff.yaml
@@ -28,6 +28,8 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v4
+    - name: Setup Flux CLI
+      uses: fluxcd/flux2/[email protected]
     - uses: ./action/diff
       id: diff
       with:

diff --git a/.github/workflows/flux-local-test.yaml b/.github/workflows/flux-local-test.yaml
@@ -24,6 +24,8 @@ jobs:
         - tests/testdata/cluster7
     steps:
     - uses: actions/checkout@v4
+    - name: Setup Flux CLI
+      uses: fluxcd/flux2/[email protected]
     - uses: ./action/test
       with:
         enable-helm: true

diff --git a/.github/workflows/pages.yaml b/.github/workflows/pages.yaml
@@ -15,6 +15,7 @@ permissions:
   contents: read
   pages: write
   id-token: write
+  actions: read
 
 # Allow one concurrent deployment
 concurrency:
@@ -30,25 +31,23 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
-      matrix:
-        python-version: ["3.10"]
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: '3.x'
       - name: Install dependencies
         run: |
           pip install -r requirements.txt
       - run: pdoc ./flux_local -o docs/
       - name: Setup Pages
-        uses: actions/configure-pages@v3
+        uses: actions/configure-pages@v4
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v2
+        uses: actions/upload-pages-artifact@v3
         with:
           # Upload entire repository
           path: 'docs/'
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v2
+        uses: actions/deploy-pages@v4
diff --git a/.github/workflows/python-package.yaml b/.github/workflows/python-package.yaml
@@ -19,29 +19,28 @@ jobs:
         python-version:
         - "3.10"
         - "3.11"
+        - "3.12"
 
     steps:
     - uses: actions/checkout@v4
-    - uses: actions/setup-python@v4
+    - name: Setup Flux CLI
+      uses: fluxcd/flux2/[email protected]
+    - uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
-        cache: "pip"
+        cache: pip
     - name: Install dependencies
       run: |
-        python -m pip install --upgrade pip
         pip install -r requirements.txt
+        pip install -e .
     - uses: supplypike/setup-bin@v3
       with:
-        uri: https://github.com/kyverno/kyverno/releases/download/v1.9.0/kyverno-cli_v1.9.0_linux_x86_64.tar.gz
+        uri: https://github.com/kyverno/kyverno/releases/download/v1.11.3/kyverno-cli_v1.11.3_linux_x86_64.tar.gz
         name: kyverno-cli
-        version: v1.9.0
+        version: v1.11.3
     - name: Test with pytest
       run: |
-        SKIP_DIFF_TESTS=1 pytest --cov=flux_local --cov-report=term-missing
-    - name: Test with pytest pydantic v1
-      run: |
-        pip install pydantic==1.10.11
-        SKIP_DIFF_TESTS=1 pytest --cov=flux_local --cov-report=term-missing
+        SKIP_DIFF_TESTS=1 pytest --cov=flux_local --cov-report=term-missing --snapshot-warn-unused
     - uses: codecov/codecov-action@v3
       with:
         token: ${{ secrets.CODECOV_TOKEN }}

diff --git a/.github/workflows/python-publish.yaml b/.github/workflows/python-publish.yaml
@@ -16,7 +16,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
     - name: Install dependencies
@@ -26,7 +26,7 @@ jobs:
     - name: Build package
       run: python -m build
     - name: Publish package
-      uses: pypa/[email protected].10
+      uses: pypa/[email protected].11
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -4,34 +4,34 @@ repos:
   rev: v4.5.0
   hooks:
   - id: trailing-whitespace
-    exclude: '^tests/tool/testdata/.*\.yaml$'
+    exclude: '^tests/.*.ambr$'
   - id: end-of-file-fixer
-    exclude: '^tests/tool/testdata/.*\.yaml$'
+    exclude: '^tests/.*.ambr$'
   - id: check-yaml
     args:
     - --allow-multiple-documents
   - id: check-added-large-files
 - repo: https://github.com/codespell-project/codespell
-  rev: v2.2.5
+  rev: v2.2.6
   hooks:
   - id: codespell
 - repo: https://github.com/charliermarsh/ruff-pre-commit
-  rev: 'v0.0.292'
+  rev: 'v0.1.11'
   hooks:
   - id: ruff
     args: [--fix, --exit-non-zero-on-fix]
 - repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.32.0
+  rev: v1.33.0
   hooks:
   - id: yamllint
-    exclude: '^tests/tool/testdata/.*\.yaml$'
     args:
     - -c
     - ".yaml-lint.yaml"
 - repo: https://github.com/psf/black
-  rev: 23.10.0
+  rev: 23.12.1
   hooks:
   - id: black
+    exclude: '^tests/.*.ambr$'
 - repo: local
   hooks:
   - id: mypy

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -24,9 +24,9 @@ To run the tests locally, you can use the following command:
 $ pytest
 ```
 
-Some tests used `pytest-golden` to test against golden files. These can be updated with:
+Some tests used `syrup` to test against golden snapshot files. These can be updated with:
 ```bash
-$ pytest --update-goldens
+$ pytest --snapshot-update
 ```
 
 ## Documentation

diff --git a/Dockerfile b/Dockerfile
@@ -1,47 +1,21 @@
-# Docker environment for local development in devcontainer
-FROM ubuntu:jammy-20231004
+FROM python:3.12-alpine as base
 
-RUN apt-get update --fix-missing && \
-    apt-get upgrade -y && \
-    apt-get install -y --fix-missing \
-        curl \
-        unzip \
-        software-properties-common \
-        vim \
-        git \
-        python3-pip
+RUN apk add --no-cache ca-certificates git
 
-# renovate: datasource=github-releases depName=kubernetes-sigs/kustomize
-ARG KUSTOMIZE_VERSION=v5.0.3
-RUN cd /usr/local/bin/ && \
-    curl -OL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
-    tar xf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
-    chmod +x kustomize
-RUN kustomize version
+WORKDIR /app
+COPY requirements.txt /requirements.txt
+COPY flux_local/ ./flux_local
+COPY setup.py .
+COPY setup.cfg .
 
-# renovate: datasource=github-releases depName=helm/helm
-ARG HELM_CLI_VERSION=v3.12.1
-RUN mkdir -p /src && \
-    cd /src && \
-    curl -OL https://get.helm.sh/helm-${HELM_CLI_VERSION}-linux-amd64.tar.gz && \
-    tar xf helm-${HELM_CLI_VERSION}-linux-amd64.tar.gz && \
-    cp linux-amd64/helm /usr/local/bin/helm && \
-    rm -fr /src
-RUN helm version
+RUN pip install --no-cache-dir -r /requirements.txt
+RUN pip install -e .
 
-# renovate: datasource=github-releases depName=kyverno/kyverno
-ARG KYVERNO_VERSION=v1.10.0
-RUN mkdir -p /src && \
-    cd /src && \
-    curl -OL https://github.com/kyverno/kyverno/releases/download/${KYVERNO_VERSION}/kyverno-cli_${KYVERNO_VERSION}_linux_x86_64.tar.gz && \
-    tar xf kyverno-cli_${KYVERNO_VERSION}_linux_x86_64.tar.gz && \
-    cp kyverno /usr/local/bin/kyverno && \
-    chmod +x /usr/local/bin/kyverno && \
-    rm -fr /src
-RUN kyverno version
+COPY --from=ghcr.io/fluxcd/flux-cli:v2.2.2              /usr/local/bin/flux              /usr/local/bin/flux
+COPY --from=docker.io/alpine/helm:3.13.3                /usr/bin/helm                    /usr/local/bin/helm
+COPY --from=docker.io/bitnami/kubectl:1.29.0            /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/kubectl
+COPY --from=registry.k8s.io/kustomize/kustomize:v5.3.0  /app/kustomize                   /usr/local/bin/kustomize
+COPY --from=ghcr.io/kyverno/kyverno-cli:v1.11.3         /ko-app/kubectl-kyverno          /usr/local/bin/kyverno
 
-COPY . /src/
-WORKDIR /src/
-RUN pip3 install -r /src/requirements.txt
-
-SHELL ["/bin/bash", "-c"]
+USER 1001
+ENTRYPOINT ["/usr/local/bin/flux-local"]