Quay notification support for ImageRepository

Dockerfile

@@ -1,7 +1,7 @@
 # Build the manager binary
 # For more details and updates, refer to
 # https://catalog.redhat.com/software/containers/ubi9/go-toolset/61e5c00b4ec9945c18787690
-FROM registry.access.redhat.com/ubi9/go-toolset:1.20.10 as builder
+FROM registry.access.redhat.com/ubi9/go-toolset:1.21.9-1 as builder
 
 # Copy the Go Modules manifests
 COPY go.mod go.mod

api/v1alpha1/imagerepository_types.go

@@ -29,6 +29,10 @@ type ImageRepositorySpec struct {
 	// Credentials management.
 	// +optional
 	Credentials *ImageCredentials `json:"credentials,omitempty"`
+
+	// Notifications defines configuration for image repository notifications.
+	// +optional
+	Notifications []Notifications `json:"notifications,omitempty"`
 }
 
 // ImageParameters describes requested image repository configuration.
@@ -62,6 +66,37 @@ type ImageCredentials struct {
 	RegenerateToken *bool `json:"regenerate-token,omitempty"`
 }
 
+type Notifications struct {
+	Title string `json:"title,omitempty"`
+	// +kubebuilder:validation:Enum=repo_push
+	Event NotificationEvent `json:"event,omitempty"`
+	// +kubebuilder:validation:Enum=email;webhook
+	Method NotificationMethod `json:"method,omitempty"`
+	Config NotificationConfig `json:"config,omitempty"`
+}
+
+type NotificationEvent string
+
+const (
+	NotificationEventRepoPush NotificationEvent = "repo_push"
+)
+
+type NotificationMethod string
+
+const (
+	NotificationMethodEmail   NotificationMethod = "email"
+	NotificationMethodWebhook NotificationMethod = "webhook"
+)
+
+type NotificationConfig struct {
+	// Email is the email address to send notifications to.
+	// +optional
+	Email string `json:"email,omitempty"`
+	// Webhook is the URL to send notifications to.
+	// +optional
+	Url string `json:"url,omitempty"`
+}
+
 // ImageRepositoryStatus defines the observed state of ImageRepository
 type ImageRepositoryStatus struct {
 	// State shows if image repository could be used.
@@ -79,6 +114,10 @@ type ImageRepositoryStatus struct {
 
 	// Credentials contain information related to image repository credentials.
 	Credentials CredentialsStatus `json:"credentials,omitempty"`
+
+	// Notifications shows the status of the notifications configuration.
+	// +optional
+	Notifications []NotificationStatus `json:"notifications,omitempty"`
 }
 
 type ImageRepositoryState string
@@ -126,6 +165,12 @@ type CredentialsStatus struct {
 	PullRemoteSecretName string `json:"pull-remote-secret,omitempty"`
 }
 
+// NotificationStatus shows the status of the notification configuration.
+type NotificationStatus struct {
+	Title string `json:"title,omitempty"`
+	UUID  string `json:"uuid,omitempty"`
+}
+
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 

config/crd/bases/appstudio.redhat.com_imagerepositories.yaml

@@ -69,6 +69,34 @@ spec:
                     - private
                     type: string
                 type: object
+              notifications:
+                description: Notifications defines configuration for image repository
+                  notifications.
+                items:
+                  properties:
+                    config:
+                      properties:
+                        email:
+                          description: Email is the email address to send notifications
+                            to.
+                          type: string
+                        url:
+                          description: Webhook is the URL to send notifications to.
+                          type: string
+                      type: object
+                    event:
+                      enum:
+                      - repo_push
+                      type: string
+                    method:
+                      enum:
+                      - email
+                      - webhook
+                      type: string
+                    title:
+                      type: string
+                  type: object
+                type: array
             type: object
           status:
             description: ImageRepositoryStatus defines the observed state of ImageRepository
@@ -140,6 +168,18 @@ spec:
                   contain non critical error, like failed to change image visibility,
                   while the state is ready and image resitory could be used.
                 type: string
+              notifications:
+                description: Notifications shows the status of the notifications configuration.
+                items:
+                  description: NotificationStatus shows the status of the notification
+                    configuration.
+                  properties:
+                    title:
+                      type: string
+                    uuid:
+                      type: string
+                  type: object
+                type: array
               state:
                 description: State shows if image repository could be used. "ready"
                   means repository was created and usable, "failed" means that the

controllers/imagerepository_controller.go

@@ -231,6 +231,51 @@ func (r *ImageRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	return ctrl.Result{}, nil
 }
 
+func (r *ImageRepositoryReconciler) AddNotifications(ctx context.Context, imageRepository *imagerepositoryv1alpha1.ImageRepository) ([]imagerepositoryv1alpha1.NotificationStatus, error) {
+	log := ctrllog.FromContext(ctx).WithName("ConfigureNotifications")
+
+	if imageRepository.Spec.Notifications == nil {
+		// No notifications to configure
+		return nil, nil
+	}
+
+	log.Info("Configuring notifications")
+	notificationStatus := []imagerepositoryv1alpha1.NotificationStatus{}
+
+	for _, notification := range imageRepository.Spec.Notifications {
+		log.Info("Creating notification in Quay", "Title", notification.Title, "Event", notification.Event, "Method", notification.Method)
+		quayNotification, err := r.QuayClient.CreateNotification(
+			r.QuayOrganization,
+			imageRepository.Spec.Image.Name,
+			quay.Notification{
+				Title:  notification.Title,
+				Event:  string(notification.Event),
+				Method: string(notification.Method),
+				Config: quay.NotificationConfig{
+					Url: notification.Config.Url,
+				},
+				EventConfig: quay.NotificationEventConfig{},
+			})
+		if err != nil {
+			log.Error(err, "failed to create notification", "Title", notification.Title, "Event", notification.Event, "Method", notification.Method)
+			return nil, err
+		}
+		notificationStatus = append(
+			notificationStatus,
+			imagerepositoryv1alpha1.NotificationStatus{
+				UUID:  quayNotification.UUID,
+				Title: notification.Title,
+			})
+
+		log.Info("Notification added",
+			"Title", notification.Title,
+			"Event", notification.Event,
+			"Method", notification.Method,
+			"QuayNotification", quayNotification)
+	}
+	return notificationStatus, nil
+}
+
 // ProvisionImageRepository creates image repository, robot account(s) and secret(s) to access the image repository.
 // If labels with Application and Component name are present, robot account with pull only access
 // will be created and pull token will be propagated to all environments via Remote Secret.
@@ -319,6 +364,11 @@ func (r *ImageRepositoryReconciler) ProvisionImageRepository(ctx context.Context
 		}
 	}
 
+	var notificationStatus []imagerepositoryv1alpha1.NotificationStatus
+	if notificationStatus, err = r.AddNotifications(ctx, imageRepository); err != nil {
+		return err
+	}
+
 	status := imagerepositoryv1alpha1.ImageRepositoryStatus{}
 	status.State = imagerepositoryv1alpha1.ImageRepositoryStateReady
 	status.Image.URL = quayImageURL
@@ -332,6 +382,7 @@ func (r *ImageRepositoryReconciler) ProvisionImageRepository(ctx context.Context
 		status.Credentials.PullRemoteSecretName = pullCredentialsInfo.RemoteSecretName
 		status.Credentials.PullSecretName = pullCredentialsInfo.SecretName
 	}
+	status.Notifications = notificationStatus
 
 	imageRepository.Spec.Image.Name = imageRepositoryName
 	controllerutil.AddFinalizer(imageRepository, ImageRepositoryFinalizer)

controllers/imagerepository_controller_test.go

@@ -94,6 +94,13 @@ var _ = Describe("Image repository controller", func() {
 				return nil
 			}
 
+			isCreateNotificationInvoked := false
+			quay.CreateNotificationFunc = func(organization, repository string, notification quay.Notification) (*quay.Notification, error) {
+				isCreateNotificationInvoked = true
+				Expect(organization).To(Equal(quay.TestQuayOrg))
+				return &quay.Notification{UUID: "uuid"}, nil
+			}
+
 			createImageRepository(imageRepositoryConfig{})
 
 			uploadSecretKey := types.NamespacedName{Name: "upload-secret-" + resourceKey.Name + "-image-push", Namespace: resourceKey.Namespace}
@@ -102,6 +109,7 @@ var _ = Describe("Image repository controller", func() {
 			Eventually(func() bool { return isCreateRepositoryInvoked }, timeout, interval).Should(BeTrue())
 			Eventually(func() bool { return isCreateRobotAccountInvoked }, timeout, interval).Should(BeTrue())
 			Eventually(func() bool { return isAddPushPermissionsToRobotAccountInvoked }, timeout, interval).Should(BeTrue())
+			Eventually(func() bool { return isCreateNotificationInvoked }, timeout, interval).Should(BeFalse())
 
 			waitImageRepositoryFinalizerOnImageRepository(resourceKey)
 
@@ -117,6 +125,7 @@ var _ = Describe("Image repository controller", func() {
 			Expect(imageRepository.Status.Credentials.PushRemoteSecretName).To(Equal(imageRepository.Name + "-image-push"))
 			Expect(imageRepository.Status.Credentials.PushSecretName).To(Equal(imageRepository.Name + "-image-push"))
 			Expect(imageRepository.Status.Credentials.GenerationTimestamp).ToNot(BeNil())
+			Expect(imageRepository.Status.Notifications).To(HaveLen(0))
 
 			remoteSecretKey := types.NamespacedName{Name: imageRepository.Status.Credentials.PushRemoteSecretName, Namespace: imageRepository.Namespace}
 			remoteSecret := waitRemoteSecretExist(remoteSecretKey)
@@ -316,12 +325,28 @@ var _ = Describe("Image repository controller", func() {
 				}
 				return nil
 			}
+			isCreateNotificationInvoked := false
+			quay.CreateNotificationFunc = func(organization, repository string, notification quay.Notification) (*quay.Notification, error) {
+				isCreateNotificationInvoked = true
+				Expect(organization).To(Equal(quay.TestQuayOrg))
+				return &quay.Notification{UUID: "uuid"}, nil
+			}
 
 			imageRepositoryConfigObject := imageRepositoryConfig{
 				Labels: map[string]string{
 					ApplicationNameLabelName: defaultComponentApplication,
 					ComponentNameLabelName:   defaultComponentName,
 				},
+				Notifications: []imagerepositoryv1alpha1.Notifications{
+					{
+						Title:  "test-notification",
+						Event:  imagerepositoryv1alpha1.NotificationEventRepoPush,
+						Method: imagerepositoryv1alpha1.NotificationMethodWebhook,
+						Config: imagerepositoryv1alpha1.NotificationConfig{
+							Url: "http://test-url",
+						},
+					},
+				},
 			}
 
 			if updateComponentAnnotation {
@@ -340,6 +365,7 @@ var _ = Describe("Image repository controller", func() {
 			Eventually(func() bool { return isCreatePullRobotAccountInvoked }, timeout, interval).Should(BeTrue())
 			Eventually(func() bool { return isAddPushPermissionsToRobotAccountInvoked }, timeout, interval).Should(BeTrue())
 			Eventually(func() bool { return isAddPullPermissionsToRobotAccountInvoked }, timeout, interval).Should(BeTrue())
+			Eventually(func() bool { return isCreateNotificationInvoked }, timeout, interval).Should(BeTrue())
 
 			waitImageRepositoryFinalizerOnImageRepository(resourceKey)
 
@@ -371,6 +397,9 @@ var _ = Describe("Image repository controller", func() {
 			Expect(imageRepository.Status.Credentials.PullRemoteSecretName).To(Equal(imageRepository.Name + "-image-pull"))
 			Expect(imageRepository.Status.Credentials.PullSecretName).To(Equal(imageRepository.Name + "-image-pull"))
 			Expect(imageRepository.Status.Credentials.GenerationTimestamp).ToNot(BeNil())
+			Expect(imageRepository.Status.Notifications).To(HaveLen(1))
+			Expect(imageRepository.Status.Notifications[0].UUID).To(Equal("uuid"))
+			Expect(imageRepository.Status.Notifications[0].Title).To(Equal("test-notification"))
 
 			pushRemoteSecretKey := types.NamespacedName{Name: imageRepository.Status.Credentials.PushRemoteSecretName, Namespace: imageRepository.Namespace}
 			pushRemoteSecret := waitRemoteSecretExist(pushRemoteSecretKey)

controllers/suite_util_test.go

@@ -56,11 +56,12 @@ const (
 )
 
 type imageRepositoryConfig struct {
-	ResourceKey *types.NamespacedName
-	ImageName   string
-	Visibility  string
-	Labels      map[string]string
-	Annotations map[string]string
+	ResourceKey   *types.NamespacedName
+	ImageName     string
+	Visibility    string
+	Labels        map[string]string
+	Annotations   map[string]string
+	Notifications []imagerepositoryv1alpha1.Notifications
 }
 
 func getImageRepositoryConfig(config imageRepositoryConfig) *imagerepositoryv1alpha1.ImageRepository {
@@ -93,6 +94,7 @@ func getImageRepositoryConfig(config imageRepositoryConfig) *imagerepositoryv1al
 				Name:       config.ImageName,
 				Visibility: imagerepositoryv1alpha1.ImageVisibility(visibility),
 			},
+			Notifications: config.Notifications,
 		},
 	}
 }

go.mod

@@ -1,6 +1,8 @@
 module github.com/konflux-ci/image-controller
 
-go 1.20
+go 1.21
+
+toolchain go1.21.9
 
 require (
 	github.com/go-logr/logr v1.4.1