From c1cf0f19ee5aa8ff1c0613cc4a760bb0c150c198 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 13:14:52 +0100 Subject: [PATCH 01/12] migrate reuse --- .reuse/dep5 | 29 ----------------------------- REUSE.toml | 11 +++++++++++ 2 files changed, 11 insertions(+), 29 deletions(-) delete mode 100644 .reuse/dep5 create mode 100644 REUSE.toml diff --git a/.reuse/dep5 b/.reuse/dep5 deleted file mode 100644 index 0eca527..0000000 --- a/.reuse/dep5 +++ /dev/null @@ -1,29 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: git-controller -Upstream-Contact: ospo@sap.com -Source: https://github.com/open-component-model/git-controller -Disclaimer: The code in this project may include calls to APIs ("API Calls") of - SAP or third-party products or services developed outside of this project - ("External Products"). - "APIs" means application programming interfaces, as well as their respective - specifications and implementing code that allows software to communicate with - other software. - API Calls to External Products are not licensed under the open source license - that governs this project. The use of such API Calls and related External - Products are subject to applicable additional agreements with the relevant - provider of the External Products. In no event shall the open source license - that governs this project grant any rights in or to any External Products, or - alter, expand or supersede any terms of the applicable additional agreements. - If you have a valid license agreement with SAP for the use of a particular SAP - External Product, then you may make use of any API Calls included in this - project's code for that SAP External Product, subject to the terms of such - license agreement. If you do not have a valid license agreement for the use of - a particular SAP External Product, then you may only make use of any API Calls - in this project for that SAP External Product for your internal, non-productive - and non-commercial test and evaluation of such API Calls. Nothing herein grants - you any rights to use or access any SAP External Product, or provide any third - parties the right to use of access any SAP External Product, through API Calls. - -Files: ** -Copyright: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors -License: Apache-2.0 diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 0000000..33e0b6c --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,11 @@ +version = 1 +SPDX-PackageName = "git-controller" +SPDX-PackageSupplier = "ospo@sap.com" +SPDX-PackageDownloadLocation = "https://github.com/open-component-model/git-controller" +SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products, or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls." + +[[annotations]] +path = "**" +precedence = "aggregate" +SPDX-FileCopyrightText = "2025 SAP SE or an SAP affiliate company and Open Component Model contributors" +SPDX-License-Identifier = "Apache-2.0" From ef0534c6ecc9d08ab3470366763cd951ce35005b Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 13:15:26 +0100 Subject: [PATCH 02/12] 2025 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d0c6c71..fff5165 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ pullRequestTemplate: The Repository object manages git repositories for supported providers. At the moment of this writing the following providers are supported: + - GitHub - Gitlab - Gitea @@ -110,6 +111,6 @@ To get started simple run `tilt up` then hit `` to enter Tilt's ui. You s ## Licensing -Copyright 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +Copyright 2025 SAP SE or an SAP affiliate company and Open Component Model contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/open-component-model/ocm-controller). From 913861348946456ab14893c5333e6e32a5d0d55e Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 14:54:04 +0100 Subject: [PATCH 03/12] remove headerFile="hack/boilerplate.go.txt" --- Makefile | 2 +- hack/boilerplate.go.txt | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) delete mode 100644 hack/boilerplate.go.txt diff --git a/Makefile b/Makefile index d0e4420..8eabbb2 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + $(CONTROLLER_GEN) object paths="./..." .PHONY: fmt fmt: ## Run go fmt against code. diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt deleted file mode 100644 index 0129fcb..0000000 --- a/hack/boilerplate.go.txt +++ /dev/null @@ -1,3 +0,0 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 From 7a8d28bb5a5d7754c7b6b942d1d823cce82d83bd Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 14:54:54 +0100 Subject: [PATCH 04/12] remove "SPDX-FileCopyrightText: 2022 SAP SE ..." --- Makefile | 4 ---- apis/delivery/v1alpha1/condition_types.go | 4 ---- apis/delivery/v1alpha1/doc.go | 4 ---- apis/delivery/v1alpha1/groupversion_info.go | 4 ---- apis/delivery/v1alpha1/sync_types.go | 4 ---- apis/delivery/v1alpha1/zz_generated.deepcopy.go | 4 ---- apis/mpas/v1alpha1/condition_types.go | 4 ---- apis/mpas/v1alpha1/doc.go | 4 ---- apis/mpas/v1alpha1/groupversion_info.go | 4 ---- apis/mpas/v1alpha1/repository_types.go | 4 ---- apis/mpas/v1alpha1/zz_generated.deepcopy.go | 4 ---- controllers/delivery/suite_test.go | 4 ---- controllers/delivery/sync_controller.go | 4 ---- controllers/delivery/sync_controller_test.go | 4 ---- controllers/mpas/repository_controller.go | 4 ---- controllers/mpas/repository_controller_test.go | 4 ---- controllers/mpas/suite_test.go | 4 ---- main.go | 4 ---- pkg/event/event.go | 4 ---- pkg/event/event_test.go | 4 ---- pkg/git.go | 4 ---- pkg/gogit/git.go | 4 ---- pkg/providers/fakes/fake_provider.go | 4 ---- pkg/providers/gitea/gitea.go | 4 ---- pkg/providers/github/github.go | 4 ---- pkg/providers/gitlab/gitlab.go | 4 ---- pkg/providers/gogit/gogit.go | 4 ---- pkg/providers/providers.go | 4 ---- pkg/version/generate/release_generate.go | 4 ---- pkg/version/release.go | 4 ---- 30 files changed, 120 deletions(-) diff --git a/Makefile b/Makefile index 8eabbb2..bc2f9b8 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,3 @@ -# SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Gardener contributors. -# -# SPDX-License-Identifier: Apache-2.0 - # Image URL to use all building/pushing image targets IMG ?= controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. diff --git a/apis/delivery/v1alpha1/condition_types.go b/apis/delivery/v1alpha1/condition_types.go index 749293a..db0ce9f 100644 --- a/apis/delivery/v1alpha1/condition_types.go +++ b/apis/delivery/v1alpha1/condition_types.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package v1alpha1 const ( diff --git a/apis/delivery/v1alpha1/doc.go b/apis/delivery/v1alpha1/doc.go index d080a5c..85a5533 100644 --- a/apis/delivery/v1alpha1/doc.go +++ b/apis/delivery/v1alpha1/doc.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Package v1alpha1 contains API Schema definitions for the delivery v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=delivery.ocm.software diff --git a/apis/delivery/v1alpha1/groupversion_info.go b/apis/delivery/v1alpha1/groupversion_info.go index 1033a2f..83a369b 100644 --- a/apis/delivery/v1alpha1/groupversion_info.go +++ b/apis/delivery/v1alpha1/groupversion_info.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Package v1alpha1 contains API Schema definitions for the delivery v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=delivery.ocm.software diff --git a/apis/delivery/v1alpha1/sync_types.go b/apis/delivery/v1alpha1/sync_types.go index 6b55667..397db80 100644 --- a/apis/delivery/v1alpha1/sync_types.go +++ b/apis/delivery/v1alpha1/sync_types.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package v1alpha1 import ( diff --git a/apis/delivery/v1alpha1/zz_generated.deepcopy.go b/apis/delivery/v1alpha1/zz_generated.deepcopy.go index 639ef9a..4102712 100644 --- a/apis/delivery/v1alpha1/zz_generated.deepcopy.go +++ b/apis/delivery/v1alpha1/zz_generated.deepcopy.go @@ -1,10 +1,6 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Code generated by controller-gen. DO NOT EDIT. package v1alpha1 diff --git a/apis/mpas/v1alpha1/condition_types.go b/apis/mpas/v1alpha1/condition_types.go index c047cb7..51d3ce7 100644 --- a/apis/mpas/v1alpha1/condition_types.go +++ b/apis/mpas/v1alpha1/condition_types.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package v1alpha1 const ( diff --git a/apis/mpas/v1alpha1/doc.go b/apis/mpas/v1alpha1/doc.go index cf49492..e1098e2 100644 --- a/apis/mpas/v1alpha1/doc.go +++ b/apis/mpas/v1alpha1/doc.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Package v1alpha1 contains API Schema definitions for the mpas v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=mpas.ocm.software diff --git a/apis/mpas/v1alpha1/groupversion_info.go b/apis/mpas/v1alpha1/groupversion_info.go index 2e254dc..0b5f13c 100644 --- a/apis/mpas/v1alpha1/groupversion_info.go +++ b/apis/mpas/v1alpha1/groupversion_info.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Package v1alpha1 contains API Schema definitions for the mpas v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=mpas.ocm.software diff --git a/apis/mpas/v1alpha1/repository_types.go b/apis/mpas/v1alpha1/repository_types.go index ed6faa6..55dbeff 100644 --- a/apis/mpas/v1alpha1/repository_types.go +++ b/apis/mpas/v1alpha1/repository_types.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package v1alpha1 import ( diff --git a/apis/mpas/v1alpha1/zz_generated.deepcopy.go b/apis/mpas/v1alpha1/zz_generated.deepcopy.go index d59c51f..e075f00 100644 --- a/apis/mpas/v1alpha1/zz_generated.deepcopy.go +++ b/apis/mpas/v1alpha1/zz_generated.deepcopy.go @@ -1,10 +1,6 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Code generated by controller-gen. DO NOT EDIT. package v1alpha1 diff --git a/controllers/delivery/suite_test.go b/controllers/delivery/suite_test.go index 49a9b46..80cac13 100644 --- a/controllers/delivery/suite_test.go +++ b/controllers/delivery/suite_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package delivery import ( diff --git a/controllers/delivery/sync_controller.go b/controllers/delivery/sync_controller.go index f054b80..4d082d7 100644 --- a/controllers/delivery/sync_controller.go +++ b/controllers/delivery/sync_controller.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package delivery import ( diff --git a/controllers/delivery/sync_controller_test.go b/controllers/delivery/sync_controller_test.go index 95d4bb7..dd0a68d 100644 --- a/controllers/delivery/sync_controller_test.go +++ b/controllers/delivery/sync_controller_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package delivery import ( diff --git a/controllers/mpas/repository_controller.go b/controllers/mpas/repository_controller.go index 724ecd2..a056a1c 100644 --- a/controllers/mpas/repository_controller.go +++ b/controllers/mpas/repository_controller.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package mpas import ( diff --git a/controllers/mpas/repository_controller_test.go b/controllers/mpas/repository_controller_test.go index 411f9e2..588d010 100644 --- a/controllers/mpas/repository_controller_test.go +++ b/controllers/mpas/repository_controller_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package mpas import ( diff --git a/controllers/mpas/suite_test.go b/controllers/mpas/suite_test.go index 1645ab8..9e81e56 100644 --- a/controllers/mpas/suite_test.go +++ b/controllers/mpas/suite_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package mpas import ( diff --git a/main.go b/main.go index 2432ff1..e21bc7f 100644 --- a/main.go +++ b/main.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package main import ( diff --git a/pkg/event/event.go b/pkg/event/event.go index 15615fb..d1fb57d 100644 --- a/pkg/event/event.go +++ b/pkg/event/event.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package event import ( diff --git a/pkg/event/event_test.go b/pkg/event/event_test.go index e1c747c..53ced8f 100644 --- a/pkg/event/event_test.go +++ b/pkg/event/event_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package event import ( diff --git a/pkg/git.go b/pkg/git.go index df1c3c0..ee42afe 100644 --- a/pkg/git.go +++ b/pkg/git.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package pkg import ( diff --git a/pkg/gogit/git.go b/pkg/gogit/git.go index 4bc4b21..c82abf7 100644 --- a/pkg/gogit/git.go +++ b/pkg/gogit/git.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package gogit import ( diff --git a/pkg/providers/fakes/fake_provider.go b/pkg/providers/fakes/fake_provider.go index 3bc509d..a675918 100644 --- a/pkg/providers/fakes/fake_provider.go +++ b/pkg/providers/fakes/fake_provider.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package fakes import ( diff --git a/pkg/providers/gitea/gitea.go b/pkg/providers/gitea/gitea.go index 7dc67b6..29a5f36 100644 --- a/pkg/providers/gitea/gitea.go +++ b/pkg/providers/gitea/gitea.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package gitea import ( diff --git a/pkg/providers/github/github.go b/pkg/providers/github/github.go index c93520c..b161acc 100644 --- a/pkg/providers/github/github.go +++ b/pkg/providers/github/github.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package github import ( diff --git a/pkg/providers/gitlab/gitlab.go b/pkg/providers/gitlab/gitlab.go index c1712b1..42e2185 100644 --- a/pkg/providers/gitlab/gitlab.go +++ b/pkg/providers/gitlab/gitlab.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package gitlab import ( diff --git a/pkg/providers/gogit/gogit.go b/pkg/providers/gogit/gogit.go index 9ece7f3..0f85124 100644 --- a/pkg/providers/gogit/gogit.go +++ b/pkg/providers/gogit/gogit.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package gogit import ( diff --git a/pkg/providers/providers.go b/pkg/providers/providers.go index b41dd99..8f94dcf 100644 --- a/pkg/providers/providers.go +++ b/pkg/providers/providers.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package providers import ( diff --git a/pkg/version/generate/release_generate.go b/pkg/version/generate/release_generate.go index 6259e7f..67d15f5 100644 --- a/pkg/version/generate/release_generate.go +++ b/pkg/version/generate/release_generate.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package main import ( diff --git a/pkg/version/release.go b/pkg/version/release.go index 313caa9..e54edf6 100644 --- a/pkg/version/release.go +++ b/pkg/version/release.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package version // ReleaseVersion is the version number in semver format "vX.Y.Z", prefixed with "v". From b35291a2d18f1615bcb3dccd25423a77f5846964 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 14:55:53 +0100 Subject: [PATCH 05/12] use default codeql config --- .github/workflows/codeql.yml | 84 ------------------------------------ 1 file changed, 84 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 11696f9..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,84 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - schedule: - - cron: '19 11 * * 0' - -jobs: - analyze: - name: Analyze - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners - # Consider using larger runners for possible analysis time improvements. - runs-on: 'ubuntu-latest' - timeout-minutes: 360 - permissions: - # required for all workflows - security-events: write - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] - # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" From d30a2fd6dd88f8b20f1ff00c3f335b128c8b1334 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 14:56:25 +0100 Subject: [PATCH 06/12] add gosec --- .github/workflows/code-scan.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/code-scan.yml diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml new file mode 100644 index 0000000..5149e72 --- /dev/null +++ b/.github/workflows/code-scan.yml @@ -0,0 +1,20 @@ +name: "Code scanning" + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: "26 14 * * 2" + +jobs: + gosec: + permissions: + # Required to upload SARIF files + security-events: write + # for actions/checkout to fetch code + contents: read + # call reusable workflow from central '.github' repo + uses: open-component-model/.github/.github/workflows/code-scan.yml@main + secrets: inherit From 62ecd9dc57ff7a402fa9eae32efd30ab1ef658da Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:01:44 +0100 Subject: [PATCH 07/12] fix: WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4358e49..6907a0a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.21 as builder +FROM golang:1.21 AS builder ARG TARGETOS ARG TARGETARCH From ab4b3e6a6b659711619977bd3d01dec09eb0d3ad Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:37:01 +0100 Subject: [PATCH 08/12] CONTROLLER_TOOLS_VERSION ?= v0.17.1 --- Makefile | 2 +- apis/delivery/v1alpha1/zz_generated.deepcopy.go | 1 - apis/mpas/v1alpha1/zz_generated.deepcopy.go | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index bc2f9b8..276c4c3 100644 --- a/Makefile +++ b/Makefile @@ -145,7 +145,7 @@ GEN_CRD_API_REFERENCE_DOCS ?= $(LOCALBIN)/gen-crd-api-reference-docs ## Tool Versions KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.9.2 +CONTROLLER_TOOLS_VERSION ?= v0.17.1 GEN_API_REF_DOCS_VERSION ?= e327d0730470cbd61b06300f81c5fcf91c23c113 GOLANGCI_LINT_VERSION ?= v1.55.2 diff --git a/apis/delivery/v1alpha1/zz_generated.deepcopy.go b/apis/delivery/v1alpha1/zz_generated.deepcopy.go index 4102712..82316cb 100644 --- a/apis/delivery/v1alpha1/zz_generated.deepcopy.go +++ b/apis/delivery/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/apis/mpas/v1alpha1/zz_generated.deepcopy.go b/apis/mpas/v1alpha1/zz_generated.deepcopy.go index e075f00..e04efd6 100644 --- a/apis/mpas/v1alpha1/zz_generated.deepcopy.go +++ b/apis/mpas/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. From fabba66c3febc973138dcda18615419633f4047b Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:53:03 +0100 Subject: [PATCH 09/12] rm generate-license --- Makefile | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Makefile b/Makefile index 276c4c3..fe1f04a 100644 --- a/Makefile +++ b/Makefile @@ -165,16 +165,6 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. $(ENVTEST): $(LOCALBIN) test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest -.PHONY: generate-license -generate-license: - for f in $(shell find . -name "*.go" -o -name "*.sh"); do \ - reuse addheader -r \ - --copyright="SAP SE or an SAP affiliate company and Open Component Model contributors." \ - --license="Apache-2.0" \ - $$f \ - --skip-unrecognised; \ - done - # Find or download gen-crd-api-reference-docs .PHONY: gen-crd-api-reference-docs gen-crd-api-reference-docs: $(GEN_CRD_API_REFERENCE_DOCS) From 0aa47362992b5725930ea742f438e92e313fb40a Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 16:02:31 +0100 Subject: [PATCH 10/12] let `make generate` also create the manifests --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fe1f04a..7e36fae 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust $(CONTROLLER_GEN) rbac:roleName=git-controller-manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases .PHONY: generate -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. +generate: controller-gen manifests ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. $(CONTROLLER_GEN) object paths="./..." .PHONY: fmt From d3134d2ff48b640e1a02722732df5f7a7dfb8694 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 16:02:49 +0100 Subject: [PATCH 11/12] generate manifests --- .../bases/delivery.ocm.software_syncs.yaml | 81 +++++++++---------- .../bases/mpas.ocm.software_repositories.yaml | 81 +++++++++---------- config/rbac/role.yaml | 34 +------- 3 files changed, 78 insertions(+), 118 deletions(-) diff --git a/config/crd/bases/delivery.ocm.software_syncs.yaml b/config/crd/bases/delivery.ocm.software_syncs.yaml index e0420bf..fb70914 100644 --- a/config/crd/bases/delivery.ocm.software_syncs.yaml +++ b/config/crd/bases/delivery.ocm.software_syncs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 name: syncs.delivery.ocm.software spec: group: delivery.ocm.software @@ -21,14 +20,19 @@ spec: description: Sync is the Schema for the syncs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -73,8 +77,9 @@ spec: type: string type: object repositoryRef: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. + description: |- + NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any + namespace. properties: name: description: Name of the referent. @@ -87,12 +92,14 @@ spec: - name type: object snapshotRef: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic @@ -110,43 +117,35 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -161,10 +160,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/mpas.ocm.software_repositories.yaml b/config/crd/bases/mpas.ocm.software_repositories.yaml index bfacfd0..f0d69c4 100644 --- a/config/crd/bases/mpas.ocm.software_repositories.yaml +++ b/config/crd/bases/mpas.ocm.software_repositories.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 name: repositories.mpas.ocm.software spec: group: mpas.ocm.software @@ -21,14 +20,19 @@ spec: description: Repository is the Schema for the repositories API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,12 +59,14 @@ spec: of a repository. properties: secretRef: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic @@ -71,8 +77,9 @@ spec: default: main type: string domain: - description: Domain specifies an optional domain address to be used - instead of the defaults like github.com. Must NOT contain the scheme. + description: |- + Domain specifies an optional domain address to be used instead of the defaults like github.com. + Must NOT contain the scheme. pattern: ^\w+(\.|:[0-9]).*$ type: string existingRepositoryPolicy: @@ -117,43 +124,35 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -168,10 +167,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 41bfa92..b1b2736 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: git-controller-manager-role rules: - apiGroups: @@ -24,18 +23,8 @@ rules: - delivery.ocm.software resources: - ocmresources - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - delivery.ocm.software - resources: - snapshots + - syncs verbs: - create - delete @@ -48,36 +37,17 @@ rules: - delivery.ocm.software resources: - snapshots/status + - syncs/status verbs: - get - patch - update -- apiGroups: - - delivery.ocm.software - resources: - - syncs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - delivery.ocm.software resources: - syncs/finalizers verbs: - update -- apiGroups: - - delivery.ocm.software - resources: - - syncs/status - verbs: - - get - - patch - - update - apiGroups: - mpas.ocm.software resources: From ceb03036cacbd5a4880a1093c7cf03099e2836f6 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 6 Feb 2025 16:47:53 +0100 Subject: [PATCH 12/12] no cron necessary --- .github/workflows/code-scan.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 5149e72..361a493 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -5,8 +5,6 @@ on: branches: ["main"] pull_request: branches: ["main"] - schedule: - - cron: "26 14 * * 2" jobs: gosec: