Merge pull request #36 from DoodleScheduling/DK-3721_release

refactor: go1.20, kustomized e2e tests, renovate
DoodleScheduling · Apr 24, 2023 · 07c5d90 · 07c5d90
2 parents 60f0841 + 2e8f48d
commit 07c5d90
Show file tree

Hide file tree

Showing 30 changed files with 436 additions and 343 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -0,0 +1,30 @@
+name: main
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
+      - name: Setup Go
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+        with:
+          go-version: 1.20.x
+      - name: Restore Go cache
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Tests
+        run: make test
+      - name: Send go coverage report
+        uses: shogo82148/actions-goveralls@31ee804b8576ae49f6dc3caa22591bc5080e7920 #v1.6.0
+        with:
+          path-to-profile: coverage.out
diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml
@@ -16,7 +16,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 #v3.5.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Restore Go cache
         uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d #v3.2.2
         with:
@@ -47,58 +47,21 @@ jobs:
           fi
       - name: Build container image
         run: |
-          make docker-build IMG=test/k8stcpmap-controller:latest BUILD_PLATFORMS=linux/amd64 \
-            BUILD_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache \
-            --cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max"
+          make docker-build
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
         with:
           version: v0.17.0
-      - name: Setup nginx ingress
-        env:
-          NGINX_INGRESS_VER: ${{ '4.0.13' }}
+      - name: Setup Kustomize
+        uses: imranismail/setup-kustomize@6691bdeb1b0a3286fb7f70fd1423c10e81e5375f # v2.0.0
+      - name: Run test
         run: |
-          kubectl create ns ingress-nginx
-          kubectl -n ingress-nginx create cm tcp-services-configmap
-          helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-          helm upgrade --wait -i ingress-nginx ingress-nginx/ingress-nginx \
-          --version $NGINX_INGRESS_VER \
-          --namespace ingress-nginx \
-          --set controller.extraArgs.tcp-services-configmap="\$(POD_NAMESPACE)/tcp-services-configmap" \
-          --set controller.service.type=ClusterIP
-      - name: Load test image
-        run: kind load docker-image test/k8stcpmap-controller:latest
-      - name: Deploy controller
-        run: make deploy IMG=test/k8stcpmap-controller:latest
-      - name: Setup podinfo
-        env:
-          PODINFO_VER: ${{ '6.0.3' }}
-        run: |
-          kubectl create ns podinfo
-          helm repo add podinfo https://stefanprodan.github.io/podinfo
-          helm upgrade --install --wait backend podinfo/podinfo \
-          --version $PODINFO_VER \
-          --namespace podinfo \
-          --set replicaCount=2
-      - name: Run tcpmap tests
-        run: |
-          kubectl -n podinfo apply -f ./config/testdata
-          kubectl -n podinfo wait tcpingressmappings/backend-podinfo --for=condition=Ready --timeout=1m
-          electedPort=$(kubectl -n podinfo get tcpingressmappings/backend-podinfo -o jsonpath='{.status.electedPort}')
-          echo "bound port $electedPort"
-          kubectl -n ingress-nginx port-forward svc/ingress-nginx-controller 8080:$electedPort &>/dev/null &
-          #We need to wait a bit til nginx reloaded the map
-          sleep 10
-          curl --haproxy-protocol -v --fail http://localhost:8080
+          make kind-test
       - name: Debug failure
         if: failure()
         run: |
           kubectl -n kube-system describe pods
-          kubectl -n prometheus get pods
-          kubectl -n k8sprom-patch-system describe pods
-          kubectl -n k8sprom-patch-system get all
-          kubectl -n k8sprom-patch-system logs deploy/k8stcpmap
-          kubectl -n default get prometheuspatchrules -o yaml
-          kubectl -n podinfo get all
-          kubectl -n ingress-nginx get all
-          kubectl -n ingress-nginx get cm -o yaml
+          kubectl -n k8stcpmap-system describe pods
+          kubectl -n k8stcpmap-system get all
+          kubectl -n k8stcpmap-system logs deploy/k8stcpmap-controller
+          kubectl -n k8stcpmap-system get tcpmapping -o yaml
diff --git a/.github/workflows/pr-chart.yaml b/.github/workflows/pr-chart.yaml
@@ -1,4 +1,4 @@
-name: Lint and Test Charts
+name: pr-chart
 
 on: pull_request
 

diff --git a/.github/workflows/rebase.yaml b/.github/workflows/rebase.yaml
@@ -18,4 +18,4 @@ jobs:
       - name: Automatic Rebase
         uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 #1.8
         env:
-          GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml
@@ -1,4 +1,4 @@
-name: Release Chart
+name: release-chart
 
 on:
   push:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 #v3.5.0
         with:
-          go-version: '1.19'
+          go-version: '1.20'
       - name: Docker Login
         uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #v2.1.0
         with:

diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -0,0 +1,41 @@
+name: scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  schedule:
+    - cron: '18 10 * * 3'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for codeQL to write security events
+
+jobs:
+  fossa:
+    name: FOSSA
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - name: Run FOSSA scan and upload build data
+        uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
+        with:
+          # FOSSA Push-Only API Token
+          fossa-api-key: 956b9b92c5b16eeca1467cebe104f2c3
+          github-token: ${{ github.token }}
+
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020
+        with:
+          languages: go
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020
diff --git a/.gitignore b/.gitignore
@@ -1,11 +1,12 @@
-
 # Binaries for programs and plugins
 *.exe
 *.exe~
 *.dll
 *.so
 *.dylib
 bin
+manager
+config/**/charts
 
 # Test binary, build with `go test -c`
 *.test

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -1,39 +1,101 @@
 project_name: k8stcpmap-controller
 
 builds:
-  - skip: true
+- id: manager
+  binary: manager
+  goos:
+  - linux
+  env:
+  - CGO_ENABLED=0
 
-release:
-  prerelease: "true"
-  extra_files:
-    - glob: config/release/*.yaml
+archives:
+- id: manager
+  name_template: "manager_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+  builds:
+  - manager
 
 checksum:
-  extra_files:
-    - glob: config/release/*.yaml
+  name_template: 'checksums.txt'
 
 source:
   enabled: true
   name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
 
+changelog:
+  use: github-native
+
 sboms:
-  - id: source
-    artifacts: source
-    documents:
-      - "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
-
-# signs the checksum file
-# all files (including the sboms) are included in the checksum
-# https://goreleaser.com/customization/sign
-#signs:
-#  - cmd: cosign
-#   env:
-#      - COSIGN_EXPERIMENTAL=1
-#    certificate: "${artifact}.pem"
-#    args:
-#      - sign-blob
-#      - "--output-certificate=${certificate}"
-#      - "--output-signature=${signature}"
-#      - "${artifact}"
-#    artifacts: checksum
-#    output: true
+- id: source
+  artifacts: source
+  documents:
+  - "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
+
+dockers:
+- image_templates:
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64
+  dockerfile: Dockerfile
+  use: buildx
+  ids:
+  - manager
+  build_flag_templates:
+  - --platform=linux/amd64
+  - --label=org.opencontainers.image.title={{ .ProjectName }}
+  - --label=org.opencontainers.image.description={{ .ProjectName }}
+  - --label=org.opencontainers.image.url=https://github.com/doodlescheduling/{{ .ProjectName }}
+  - --label=org.opencontainers.image.source=https://github.com/doodlescheduling/{{ .ProjectName }}
+  - --label=org.opencontainers.image.version={{ .Version }}
+  - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
+  - --label=org.opencontainers.image.revision={{ .FullCommit }}
+  - --label=org.opencontainers.image.licenses=Apache-2.0
+- image_templates: 
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8
+  goarch: arm64
+  dockerfile: Dockerfile
+  use: buildx
+  ids:
+  - manager
+  build_flag_templates:
+  - --platform=linux/arm64/v8
+  - --label=org.opencontainers.image.title={{ .ProjectName }}
+  - --label=org.opencontainers.image.description={{ .ProjectName }}
+  - --label=org.opencontainers.image.url=https://github.com/doodlescheduling/{{ .ProjectName }}
+  - --label=org.opencontainers.image.source=https://github.com/doodlescheduling/{{ .ProjectName }}
+  - --label=org.opencontainers.image.version={{ .Version }}
+  - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
+  - --label=org.opencontainers.image.revision={{ .FullCommit }}
+  - --label=org.opencontainers.image.licenses=Apache-2.0
+
+docker_manifests:
+- name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}
+  image_templates:
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8
+- name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}:latest
+  image_templates:
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8
+
+signs:
+- cmd: cosign
+  certificate: "${artifact}.pem"
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  args:
+  - sign-blob
+  - "--output-certificate=${certificate}"
+  - "--output-signature=${signature}"
+  - "${artifact}"
+  - --yes
+  artifacts: checksum
+  output: true
+
+docker_signs:
+- cmd: cosign
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  artifacts: images
+  output: true
+  args:
+  - 'sign'
+  - '${artifact}'
+  - --yes
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1 @@
+* @DoodleScheduling/DevOps
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,17 +2,11 @@
 
 ### Controller release
 1. Merge all pr's to master which need to be part of the new release
-2. Create pr to master with these changes:
-  1. Bump kustomization
-  2. Create CHANGELOG.md entry with release and date
-3. Merge pr
-4. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically.
-5. Create new branch and add the following changes:
+2. Create pr to master and bump the kustomization base
+3. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically.
+4. Create a new pr and add the following changes:
   1. Bump chart version
   2. Bump charts app version
-6. Create pr to master and merge
 
 ### Helm chart change only
-1. Create branch with changes
-2. Bump chart version
-3. Create pr to master and merge
+1. Bump the helm chart version in the pr
diff --git a/Dockerfile b/Dockerfile
@@ -1,21 +1,8 @@
-# Build the manager binary
-FROM golang:1.19 as builder
-
-WORKDIR /workspace
-COPY . .
-
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
-
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+COPY manager manager
+USER 65532:65532
 
 ENTRYPOINT ["/manager"]
diff --git a/Dockerfile.release b/Dockerfile.release