Skip to content

Consider all SHA's of a manifest #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions .github/workflows/build-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,12 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup Golang
uses: actions/setup-go@v5
with:
go-version-file: go.mod

- name: Run golangci-lint
uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0
with:
Expand All @@ -34,6 +36,10 @@ jobs:
runs-on: ubuntu-latest
name: Run govulncheck
steps:
# We only need to checkout as govuln does the go setup...
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- id: govulncheck
uses: golang/govulncheck-action@v1
with:
Expand All @@ -45,8 +51,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4 # v3.5.3
- name: Setup Go
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup Golang
uses: actions/setup-go@v5
with:
go-version-file: go.mod
Expand Down Expand Up @@ -88,6 +95,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

Expand All @@ -106,6 +114,9 @@ jobs:
tags: quay.io/jetstack/version-checker:${{github.sha}}
cache-from: type=gha
cache-to: type=gha,mode=max
attests: |-
type=sbom,generator=image
type=provenance,mode=max

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.30.0
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/helm-docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ on:
workflow_call:
push:
paths:
- '!*.md'
- 'deploy/charts/version-checker/**'
- "!*.md"
- "deploy/charts/version-checker/**"
branches:
- main

Expand Down
28 changes: 19 additions & 9 deletions .github/workflows/helm-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ name: Test Helm Chart
on:
pull_request:
paths:
- '!*.md'
- 'deploy/charts/version-checker/**'
- "!*.md"
- "deploy/charts/version-checker/**"
branches:
- 'main'
- "main"

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
Expand All @@ -14,14 +14,19 @@ concurrency:
jobs:
lint:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Lint Helm Chart
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup Golang
uses: actions/setup-go@v5
with:
go-version-file: go.mod

- uses: azure/setup-helm@v4

- run: helm lint deploy/charts/version-checker
Expand All @@ -33,9 +38,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- uses: azure/setup-helm@v4
- name: Setup Golang
uses: actions/setup-go@v5
with:
token: ${{ github.token }}
go-version-file: go.mod

- uses: azure/setup-helm@v4

- name: Install helm Plugins
run: |
Expand All @@ -57,7 +65,9 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Install Kyverno CLI
uses: kyverno/action-install-cli@v0.2.0
- uses: azure/setup-helm@v4
- run: kyverno apply -p https://github.com/kyverno/policies/pod-security/restricted --git-branch main --resource <(helm template deploy/charts/version-checker/)

- run: |-
kyverno apply -p https://github.com/kyverno/policies/pod-security/restricted --git-branch main --resource <(helm template deploy/charts/version-checker/)
29 changes: 19 additions & 10 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,19 @@ jobs:
prepare-release:
# Don't push back to a tag!
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
name: Prepair release
name: Prepare release
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Golang
uses: actions/setup-go@v5
with:
fetch-depth: 0
go-version-file: go.mod

- uses: bhowell2/github-substring-action@1.0.2
id: release_number
with:
Expand Down Expand Up @@ -113,10 +117,8 @@ jobs:
helm-release:
runs-on: ubuntu-latest
steps:
# Checkout our Repo
- uses: actions/checkout@v4
with:
path: version-checker
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: checkout jetstack-charts
uses: actions/checkout@v4
Expand All @@ -134,6 +136,9 @@ jobs:
run: |
helm package version-checker/deploy/charts/version-checker -d jetstack-charts/charts/

- name: Login to Quay.io
run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin

- name: Creating PR
if: startsWith(github.ref, 'refs/tags/')
uses: peter-evans/create-pull-request@v7
Expand All @@ -149,10 +154,16 @@ jobs:
base: main
draft: ${{ !startsWith(github.ref, 'refs/tags/') }}

- name: Push to Quay
run: |-
helm push jetstack-charts/charts/version-checker-${{ github.ref_name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart

docker-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

Expand Down Expand Up @@ -185,8 +196,6 @@ jobs:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Create Release / Change Logs
uses: softprops/action-gh-release@v2
with:
Expand Down
3 changes: 2 additions & 1 deletion cmd/app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func NewCommand(ctx context.Context) *cobra.Command {
return fmt.Errorf("failed to build kubernetes rest config: %s", err)
}

log.Infof("flag --test-all-containers=%t %s", opts.DefaultTestAll, defaultTestAllInfoMsg)
log.Warnf("flag --test-all-containers=%t %s", opts.DefaultTestAll, defaultTestAllInfoMsg)

mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
LeaderElection: false,
Expand Down Expand Up @@ -115,6 +115,7 @@ func NewCommand(ctx context.Context) *cobra.Command {
client,
mgr.GetClient(),
log,
opts.RequeueDuration,
opts.DefaultTestAll,
)

Expand Down
112 changes: 74 additions & 38 deletions cmd/app/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,19 +64,26 @@ var (

// Options is a struct to hold options for the version-checker.
type Options struct {
kubeConfigFlags *genericclioptions.ConfigFlags

Client client.Options
MetricsServingAddress string
DefaultTestAll bool
CacheTimeout time.Duration
LogLevel string

PprofBindAddress string
PprofBindAddress string
selfhosted selfhosted.Options

CacheTimeout time.Duration
RequeueDuration time.Duration
GracefulShutdownTimeout time.Duration
CacheSyncPeriod time.Duration

kubeConfigFlags *genericclioptions.ConfigFlags
selfhosted selfhosted.Options
DefaultTestAll bool
}

Client client.Options
type envMatcher struct {
re *regexp.Regexp
action func(matches []string, value string)
}

func (o *Options) addFlags(cmd *cobra.Command) {
Expand Down Expand Up @@ -124,6 +131,10 @@ func (o *Options) addAppFlags(fs *pflag.FlagSet) {
"The time for an image version in the cache to be considered fresh. Images "+
"will be rechecked after this interval.")

fs.DurationVarP(&o.RequeueDuration,
"requeue-duration", "r", time.Hour,
"The time a pod will be re-checked for new versions/tags")

fs.StringVarP(&o.LogLevel,
"log-level", "v", "info",
"Log level (debug, info, warn, error, fatal, panic).")
Expand Down Expand Up @@ -358,56 +369,81 @@ func (o *Options) assignSelfhosted(envs []string) {
}

initOptions := func(name string) {
if name == "" {
panic("Not meant to be empty!")
}
if o.Client.Selfhosted[name] == nil {
o.Client.Selfhosted[name] = new(selfhosted.Options)
}
}

regexActions := map[*regexp.Regexp]func(matches []string, value string){
selfhostedHostReg: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Host = value
// Go maps iterate in random order - Using a slice to consistency
regexActions := []envMatcher{
{
re: selfhostedTokenPath,
action: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].TokenPath = value
},
},
selfhostedUsernameReg: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Username = value
{
re: selfhostedTokenReg,
action: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Bearer = value
},
},
selfhostedPasswordReg: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Password = value
// All your other patterns (host, username, password, insecure, capath...)
{
re: selfhostedHostReg,
action: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Host = value
},
},
selfhostedTokenPath: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].TokenPath = value
{
re: selfhostedUsernameReg,
action: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Username = value
},
},
selfhostedTokenReg: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Bearer = value
{
re: selfhostedPasswordReg,
action: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].Password = value
},
},
selfhostedInsecureReg: func(matches []string, value string) {
initOptions(matches[1])
if val, err := strconv.ParseBool(value); err == nil {
o.Client.Selfhosted[matches[1]].Insecure = val
}
{
re: selfhostedInsecureReg,
action: func(matches []string, value string) {
initOptions(matches[1])
if b, err := strconv.ParseBool(value); err == nil {
o.Client.Selfhosted[matches[1]].Insecure = b
}
},
},
selfhostedCAPath: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].CAPath = value
{
re: selfhostedCAPath,
action: func(matches []string, value string) {
initOptions(matches[1])
o.Client.Selfhosted[matches[1]].CAPath = value
},
},
}

for _, env := range envs {
pair := strings.SplitN(env, "=", 2)
if len(pair) != 2 || len(pair[1]) == 0 {
parts := strings.SplitN(env, "=", 2)
if len(parts) != 2 || parts[1] == "" {
continue
}
key := strings.ToUpper(parts[0])
val := parts[1]

key := strings.ToUpper(pair[0])
value := pair[1]

for regex, action := range regexActions {
if matches := regex.FindStringSubmatch(key); len(matches) == 2 {
action(matches, value)
for _, p := range regexActions {
if match := p.re.FindStringSubmatch(key); len(match) == 2 {
p.action(match, val)
break
}
}
Expand Down
Loading
Loading