From d8aa695809a8c969d5b5b562304d7c9b17e74ad8 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:06:10 +0100 Subject: [PATCH 01/10] migrate reuse --- .reuse/dep5 | 29 ----------------------------- REUSE.toml | 11 +++++++++++ 2 files changed, 11 insertions(+), 29 deletions(-) delete mode 100644 .reuse/dep5 create mode 100644 REUSE.toml diff --git a/.reuse/dep5 b/.reuse/dep5 deleted file mode 100644 index 77d9d47..0000000 --- a/.reuse/dep5 +++ /dev/null @@ -1,29 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: replication-controller -Upstream-Contact: ospo@sap.com -Source: https://github.com/open-component-model/replication-controller -Disclaimer: The code in this project may include calls to APIs ("API Calls") of - SAP or third-party products or services developed outside of this project - ("External Products"). - "APIs" means application programming interfaces, as well as their respective - specifications and implementing code that allows software to communicate with - other software. - API Calls to External Products are not licensed under the open source license - that governs this project. The use of such API Calls and related External - Products are subject to applicable additional agreements with the relevant - provider of the External Products. In no event shall the open source license - that governs this project grant any rights in or to any External Products, or - alter, expand or supersede any terms of the applicable additional agreements. - If you have a valid license agreement with SAP for the use of a particular SAP - External Product, then you may make use of any API Calls included in this - project's code for that SAP External Product, subject to the terms of such - license agreement. If you do not have a valid license agreement for the use of - a particular SAP External Product, then you may only make use of any API Calls - in this project for that SAP External Product for your internal, non-productive - and non-commercial test and evaluation of such API Calls. Nothing herein grants - you any rights to use or access any SAP External Product, or provide any third - parties the right to use of access any SAP External Product, through API Calls. - -Files: ** -Copyright: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors -License: Apache-2.0 diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 0000000..5e6fdac --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,11 @@ +version = 1 +SPDX-PackageName = "replication-controller" +SPDX-PackageSupplier = "ospo@sap.com" +SPDX-PackageDownloadLocation = "https://github.com/open-component-model/replication-controller" +SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products, or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls." + +[[annotations]] +path = "**" +precedence = "aggregate" +SPDX-FileCopyrightText = "2025 SAP SE or an SAP affiliate company and Open Component Model contributors" +SPDX-License-Identifier = "Apache-2.0" From a8497b3f1997db3b1bab94b6c547e5ae179a416e Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:06:36 +0100 Subject: [PATCH 02/10] add gosec --- .github/workflows/code-scan.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/code-scan.yml diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml new file mode 100644 index 0000000..5149e72 --- /dev/null +++ b/.github/workflows/code-scan.yml @@ -0,0 +1,20 @@ +name: "Code scanning" + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: "26 14 * * 2" + +jobs: + gosec: + permissions: + # Required to upload SARIF files + security-events: write + # for actions/checkout to fetch code + contents: read + # call reusable workflow from central '.github' repo + uses: open-component-model/.github/.github/workflows/code-scan.yml@main + secrets: inherit From a002c0f487485d688bace45851464f28ec9fd856 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:06:49 +0100 Subject: [PATCH 03/10] 2025 --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 735bef7..29d3a56 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -[![REUSE status](https://api.reuse.software/badge/github.com/open-component-model/replication-controller)](https://api.reuse.software/info/github.com/open-component-model/replication-controller) - # replication-controller +[![REUSE status](https://api.reuse.software/badge/github.com/open-component-model/replication-controller)](https://api.reuse.software/info/github.com/open-component-model/replication-controller) + The `replication-controller` is part of the Open Component Model Kubernetes controller set that enables transferring components from one OCM repository to another. The behaviour of the `replication-controller` is similar to that of the `ocm transfer` command with the addition of a reconciliation loop. It can therefore be used to "subscribe" to components and ensure that any component versions matching a semantic version constraint will be replicated from the source OCM repository to the destination. -### Installation +## Installation Install the latest version of the controller using the following command: @@ -16,7 +16,7 @@ VERSION=$(curl -sL https://api.github.com/repos/open-component-model/replication kubectl apply -f https://github.com/open-component-model/replication-controller/releases/download/$VERSION/install.yaml ``` -### Usage +## Usage ```yaml apiVersion: delivery.ocm.software/v1alpha1 @@ -52,6 +52,6 @@ OCM follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/m ## Licensing -Copyright 2022-2023 SAP SE or an SAP affiliate company and Open Component Model contributors. +Copyright 2025 SAP SE or an SAP affiliate company and Open Component Model contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/open-component-model/replication-controller). From 41421448832217d6d848fb1c3e671e7280788157 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:07:14 +0100 Subject: [PATCH 04/10] remove headerFile="hack/boilerplate.go.txt" --- Makefile | 2 +- hack/boilerplate.go.txt | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) delete mode 100644 hack/boilerplate.go.txt diff --git a/Makefile b/Makefile index 0c2f752..8e6634a 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + $(CONTROLLER_GEN) object paths="./..." .PHONY: fmt fmt: ## Run go fmt against code. diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt deleted file mode 100644 index 0129fcb..0000000 --- a/hack/boilerplate.go.txt +++ /dev/null @@ -1,3 +0,0 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 From 342f75bd58c5d54942e3f31a130e6204f53602da Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:07:37 +0100 Subject: [PATCH 05/10] remove "SPDX-FileCopyrightText: 2022 SAP SE ..." --- Makefile | 4 ---- api/v1alpha1/componentsubscription_types.go | 4 ---- api/v1alpha1/condition_types.go | 4 ---- api/v1alpha1/doc.go | 4 ---- api/v1alpha1/groupversion_info.go | 4 ---- api/v1alpha1/zz_generated.deepcopy.go | 4 ---- controllers/componentsubscription_controller.go | 4 ---- controllers/componentsubscription_controller_test.go | 4 ---- controllers/suite_test.go | 4 ---- main.go | 4 ---- pkg/ocm/fakes/fakes.go | 4 ---- pkg/ocm/ocm.go | 4 ---- pkg/ocm/ocm_test.go | 4 ---- pkg/ocm/setup_test.go | 4 ---- pkg/version/generate/release_generate.go | 4 ---- pkg/version/release.go | 4 ---- 16 files changed, 64 deletions(-) diff --git a/Makefile b/Makefile index 8e6634a..9b479bb 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,3 @@ -# SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Gardener contributors. -# -# SPDX-License-Identifier: Apache-2.0 - # Image URL to use all building/pushing image targets IMG ?= controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. diff --git a/api/v1alpha1/componentsubscription_types.go b/api/v1alpha1/componentsubscription_types.go index 5970e40..38b90a3 100644 --- a/api/v1alpha1/componentsubscription_types.go +++ b/api/v1alpha1/componentsubscription_types.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package v1alpha1 import ( diff --git a/api/v1alpha1/condition_types.go b/api/v1alpha1/condition_types.go index 1f2b26f..f01aa76 100644 --- a/api/v1alpha1/condition_types.go +++ b/api/v1alpha1/condition_types.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package v1alpha1 const ( diff --git a/api/v1alpha1/doc.go b/api/v1alpha1/doc.go index d080a5c..85a5533 100644 --- a/api/v1alpha1/doc.go +++ b/api/v1alpha1/doc.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Package v1alpha1 contains API Schema definitions for the delivery v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=delivery.ocm.software diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index 1033a2f..83a369b 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Package v1alpha1 contains API Schema definitions for the delivery v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=delivery.ocm.software diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 42905fc..f8e8f17 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1,10 +1,6 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - // Code generated by controller-gen. DO NOT EDIT. package v1alpha1 diff --git a/controllers/componentsubscription_controller.go b/controllers/componentsubscription_controller.go index 598944e..7f0aee5 100644 --- a/controllers/componentsubscription_controller.go +++ b/controllers/componentsubscription_controller.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package controllers import ( diff --git a/controllers/componentsubscription_controller_test.go b/controllers/componentsubscription_controller_test.go index d4ec3fa..99fc449 100644 --- a/controllers/componentsubscription_controller_test.go +++ b/controllers/componentsubscription_controller_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package controllers import ( diff --git a/controllers/suite_test.go b/controllers/suite_test.go index b36a428..b924aaf 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package controllers import ( diff --git a/main.go b/main.go index a5540b7..fe975bf 100644 --- a/main.go +++ b/main.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package main import ( diff --git a/pkg/ocm/fakes/fakes.go b/pkg/ocm/fakes/fakes.go index 70630af..3144c3a 100644 --- a/pkg/ocm/fakes/fakes.go +++ b/pkg/ocm/fakes/fakes.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package fakes import ( diff --git a/pkg/ocm/ocm.go b/pkg/ocm/ocm.go index a6f7ec0..a3c2e4d 100644 --- a/pkg/ocm/ocm.go +++ b/pkg/ocm/ocm.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package ocm import ( diff --git a/pkg/ocm/ocm_test.go b/pkg/ocm/ocm_test.go index f188e9e..a8e0bbd 100644 --- a/pkg/ocm/ocm_test.go +++ b/pkg/ocm/ocm_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package ocm import ( diff --git a/pkg/ocm/setup_test.go b/pkg/ocm/setup_test.go index 89f4bb8..133e65c 100644 --- a/pkg/ocm/setup_test.go +++ b/pkg/ocm/setup_test.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package ocm import ( diff --git a/pkg/version/generate/release_generate.go b/pkg/version/generate/release_generate.go index fb1c5ce..0385c4c 100644 --- a/pkg/version/generate/release_generate.go +++ b/pkg/version/generate/release_generate.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package main import ( diff --git a/pkg/version/release.go b/pkg/version/release.go index 865b8ae..b11d108 100644 --- a/pkg/version/release.go +++ b/pkg/version/release.go @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. -// -// SPDX-License-Identifier: Apache-2.0 - package version // ReleaseVersion is the version number in semver format "vX.Y.Z", prefixed with "v". From 658e99c34b0f6c8879383170c584fea8783c0de9 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:35:06 +0100 Subject: [PATCH 06/10] CONTROLLER_TOOLS_VERSION ?= v0.17.1 --- Makefile | 2 +- api/v1alpha1/zz_generated.deepcopy.go | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9b479bb..4c7864c 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,7 @@ GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint ## Tool Versions KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.9.2 +CONTROLLER_TOOLS_VERSION ?= v0.17.1 GEN_API_REF_DOCS_VERSION ?= e327d0730470cbd61b06300f81c5fcf91c23c113 GOLANGCI_LINT_VERSION ?= v1.55.2 diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index f8e8f17..7a642fa 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. From 983656719a9437528c537851564f522daa4a3191 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 15:53:35 +0100 Subject: [PATCH 07/10] rm generate-license --- Makefile | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Makefile b/Makefile index 4c7864c..410292c 100644 --- a/Makefile +++ b/Makefile @@ -169,16 +169,6 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. $(ENVTEST): $(LOCALBIN) test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest -.PHONY: generate-license -generate-license: - for f in $(shell find . -name "*.go" -o -name "*.sh"); do \ - reuse addheader -r \ - --copyright="SAP SE or an SAP affiliate company and Open Component Model contributors." \ - --license="Apache-2.0" \ - $$f \ - --skip-unrecognised; \ - done - .PHONY: golangci-lint golangci-lint: $(GOLANGCI_LINT) $(GOLANGCI_LINT): $(LOCALBIN) From 85d6066f32d029edaa196e9eab349b0b4ed9a464 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 30 Jan 2025 16:05:08 +0100 Subject: [PATCH 08/10] let `make generate` also create the manifests --- Makefile | 2 +- ...y.ocm.software_componentsubscriptions.yaml | 156 +++++++++--------- config/rbac/role.yaml | 12 -- 3 files changed, 79 insertions(+), 91 deletions(-) diff --git a/Makefile b/Makefile index 410292c..2b5be4c 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust $(CONTROLLER_GEN) rbac:roleName=replication-manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases .PHONY: generate -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. +generate: controller-gen manifests ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. $(CONTROLLER_GEN) object paths="./..." .PHONY: fmt diff --git a/config/crd/bases/delivery.ocm.software_componentsubscriptions.yaml b/config/crd/bases/delivery.ocm.software_componentsubscriptions.yaml index fb7c5dc..cd6e74f 100644 --- a/config/crd/bases/delivery.ocm.software_componentsubscriptions.yaml +++ b/config/crd/bases/delivery.ocm.software_componentsubscriptions.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 name: componentsubscriptions.delivery.ocm.software spec: group: delivery.ocm.software @@ -24,38 +23,45 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: ComponentSubscriptionSpec defines the desired state of ComponentSubscription. - It specifies the parameters that the replication controller will use - to replicate a desired Component from a source OCM repository to a destination - OCM repository. + description: |- + ComponentSubscriptionSpec defines the desired state of ComponentSubscription. It specifies + the parameters that the replication controller will use to replicate a desired Component from + a source OCM repository to a destination OCM repository. properties: component: description: Component specifies the name of the Component that should be replicated. type: string destination: - description: Destination holds the destination or target OCM Repository - details. The ComponentVersion will be transferred into this repository. + description: |- + Destination holds the destination or target OCM Repository details. The ComponentVersion + will be transferred into this repository. properties: secretRef: description: SecretRef specifies the credentials used to access the OCI registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic @@ -66,20 +72,21 @@ spec: - url type: object interval: - description: Interval is the reconciliation interval, i.e. at what - interval shall a reconciliation happen. This is used to requeue - objects for reconciliation in case of success as well as already - reconciling objects. + description: |- + Interval is the reconciliation interval, i.e. at what interval shall a reconciliation happen. + This is used to requeue objects for reconciliation in case of success as well as already reconciling objects. type: string semver: - description: Semver specifies an optional semver constraint that is - used to evaluate the component versions that should be replicated. + description: |- + Semver specifies an optional semver constraint that is used to evaluate the component + versions that should be replicated. type: string serviceAccountName: - description: ServiceAccountName can be used to configure access to - both destination and source repositories. If service account is - defined, it's usually redundant to define access to either source - or destination, but it is still allowed to do so. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + description: |- + ServiceAccountName can be used to configure access to both destination and source repositories. + If service account is defined, it's usually redundant to define access to either source or destination, but + it is still allowed to do so. + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account type: string source: description: Source holds the OCM Repository details for the replication @@ -90,8 +97,9 @@ spec: the OCI registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic @@ -102,28 +110,31 @@ spec: - url type: object verify: - description: Verify specifies a list signatures that must be verified - before a ComponentVersion is replicated. + description: |- + Verify specifies a list signatures that must be verified before a ComponentVersion + is replicated. items: description: Signature defines the details of a signature to use for verification. properties: name: - description: Name specifies the name of the signature. An OCM - component may have multiple signatures. + description: |- + Name specifies the name of the signature. An OCM component may have multiple + signatures. type: string publicKey: - description: PublicKey provides a reference to a Kubernetes - Secret of contain a blob of a public key that which will be - used to validate the named signature. + description: |- + PublicKey provides a reference to a Kubernetes Secret of contain a blob of a public key that + which will be used to validate the named signature. properties: secretRef: description: SecretRef is a reference to a Secret that contains a public key. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic @@ -148,43 +159,35 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -199,10 +202,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -219,11 +218,10 @@ spec: been applied to the destination component version. type: string lastAttemptedVersion: - description: LastAttemptedVersion defines the latest version encountered - while checking component versions. This might be different from - last applied version which should be the latest applied/replicated - version. The difference might be caused because of semver constraint - or failures during replication. + description: |- + LastAttemptedVersion defines the latest version encountered while checking component versions. + This might be different from last applied version which should be the latest applied/replicated version. + The difference might be caused because of semver constraint or failures during replication. type: string observedGeneration: description: ObservedGeneration is the last reconciled generation. @@ -241,21 +239,23 @@ spec: for verification. properties: name: - description: Name specifies the name of the signature. An OCM - component may have multiple signatures. + description: |- + Name specifies the name of the signature. An OCM component may have multiple + signatures. type: string publicKey: - description: PublicKey provides a reference to a Kubernetes - Secret of contain a blob of a public key that which will be - used to validate the named signature. + description: |- + PublicKey provides a reference to a Kubernetes Secret of contain a blob of a public key that + which will be used to validate the named signature. properties: secretRef: description: SecretRef is a reference to a Secret that contains a public key. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index fb9944a..b9f8bb6 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: replication-manager-role rules: - apiGroups: @@ -16,17 +15,6 @@ rules: - "" resources: - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - serviceaccounts verbs: - create From 924cf0aba21b6d66d5c30ea84464a000cc162665 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 6 Feb 2025 13:53:09 +0100 Subject: [PATCH 09/10] 0 5 * * 1 --- .github/workflows/code-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 5149e72..260ef9c 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -6,7 +6,7 @@ on: pull_request: branches: ["main"] schedule: - - cron: "26 14 * * 2" + - cron: "0 5 * * 1" jobs: gosec: From b973047204935752492338734e0e8a4810621320 Mon Sep 17 00:00:00 2001 From: Hilmar Falkenberg Date: Thu, 6 Feb 2025 17:39:44 +0100 Subject: [PATCH 10/10] no cron necessary --- .github/workflows/code-scan.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 260ef9c..361a493 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -5,8 +5,6 @@ on: branches: ["main"] pull_request: branches: ["main"] - schedule: - - cron: "0 5 * * 1" jobs: gosec: