Merge pull request #255 from fluxcd/v2

Introduce ArtifactGenerator API

Author: stefanprodan

.github/dependabot.yaml

@@ -4,7 +4,7 @@ updates:
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
     groups:
       flux-deps:
         patterns:
@@ -22,15 +22,15 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
     groups:
       ci:
         patterns:
           - "*"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
     groups:
       docker:
         patterns:

.github/workflows/e2e.yaml

@@ -0,0 +1,71 @@
+name: e2e
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  kind:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Setup Go
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+        with:
+          go-version: 1.25.x
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
+      - name: Setup Kubernetes
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          version: v0.30.0
+          cluster_name: kind
+      - name: Setup Kustomize
+        uses: fluxcd/pkg/actions/kustomize@main
+      - name: Run tests
+        run: make test
+      - name: Check if working tree is dirty
+        run: |
+          if [[ $(git diff --stat) != '' ]]; then
+            git --no-pager diff
+            echo 'run make test and commit changes'
+            exit 1
+          fi
+      - name: Build container image
+        run: |
+          make docker-build IMG=test/source-watcher:latest \
+            BUILD_PLATFORMS=linux/amd64 \
+            BUILD_ARGS=--load
+      - name: Load test image
+        run: kind load docker-image test/source-watcher:latest
+      - name: Deploy controllers
+        run: |
+          make dev-deploy IMG=test/source-watcher:latest
+          kubectl -n source-system rollout status deploy/source-controller --timeout=1m
+          kubectl -n source-system rollout status deploy/source-watcher --timeout=1m
+      - name: Source composition tests
+        run: |
+          kubectl apply -k config/testdata/composition
+          kubectl -n composition wait artifactgenerator -l role=test --for=condition=ready --timeout=1m
+          kubectl -n composition get artifactgenerators -o yaml
+          kubectl -n composition get externalartifacts -o yaml
+      - name: Source decomposition tests
+        run: |
+          kubectl apply -k config/testdata/decomposition
+          kubectl -n decomposition wait artifactgenerator -l role=test --for=condition=ready --timeout=1m
+          kubectl -n decomposition get artifactgenerators -o yaml
+          kubectl -n decomposition get externalartifacts -o yaml
+      - name: Logs
+        if: always()
+        run: |
+          kubectl -n source-system logs deploy/source-controller
+          kubectl -n source-system logs deploy/source-watcher

.github/workflows/release.yaml

@@ -44,7 +44,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
-          go-version: 1.24.x
+          go-version: 1.25.x
           cache-dependency-path: |
             **/go.sum
             **/go.mod
@@ -91,6 +91,12 @@ jobs:
         run: |
           cosign sign --yes fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }}
           cosign sign --yes ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }}
+      - name: Generate release artifacts
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          mkdir -p config/release
+          kustomize build ./config/crd > ./config/release/${{ env.CONTROLLER }}.crds.yaml
+          kustomize build ./config/manager > ./config/release/${{ env.CONTROLLER }}.deployment.yaml
       - name: GoReleaser publish signed SBOM
         id: run-goreleaser
         if: startsWith(github.ref, 'refs/tags/v')

.github/workflows/test.yaml

@@ -15,3 +15,12 @@
 bin/
 testbin/
 build/
+
+# Test manifests generated at build time
+config/crd/bases/ocirepositories.yaml
+config/crd/bases/gitrepositories.yaml
+config/crd/bases/buckets.yaml
+config/crd/bases/externalartifacts.yaml
+
+# Release manifests generated at build time
+config/release/

.gitignore

@@ -4,6 +4,8 @@ builds:
   - skip: true
 
 release:
+  extra_files:
+    - glob: config/release/*.yaml
   prerelease: auto
   footer: |
     ## Container images
@@ -20,29 +22,32 @@ changelog:
   use: github-native
 
 checksum:
-  name_template: 'checksums.txt'
+  extra_files:
+    - glob: config/release/*.yaml
 
 source:
   enabled: true
+  name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
 
 sboms:
-  - artifacts: archive
   - id: source
     artifacts: source
+    documents:
+      - "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
 
 # signs the checksum file
-# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
+# all files (including the sboms) are included in the checksum
 # https://goreleaser.com/customization/sign
 signs:
   - cmd: cosign
     env:
       - COSIGN_EXPERIMENTAL=1
-    certificate: '${artifact}.pem'
+    certificate: "${artifact}.pem"
     args:
       - sign-blob
       - "--yes"
-      - '--output-certificate=${certificate}'
-      - '--output-signature=${signature}'
-      - '${artifact}'
+      - "--output-certificate=${certificate}"
+      - "--output-signature=${signature}"
+      - "${artifact}"
     artifacts: checksum
     output: true

.goreleaser.yaml

@@ -40,9 +40,9 @@ meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARD
 ### How to run the test suite
 
 Prerequisites:
-* go >= 1.20
-* docker >= 20.10
-* kustomize >= 4.4
+* go >= 1.25
+* docker >= 28.3
+* kustomize >= 5.7
 
 You can run the unit tests by simply doing
 

CONTRIBUTING.md

@@ -1,40 +1,47 @@
-ARG GO_VERSION=1.24
+ARG GO_VERSION=1.25
 ARG XX_VERSION=1.6.1
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 
+# Docker buildkit multi-arch build requires golang alpine
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS builder
 
 # Copy the build utilities.
 COPY --from=xx / /
 
 ARG TARGETPLATFORM
 
+# Configure workspace
 WORKDIR /workspace
 
-# copy modules manifests
+# Copy api submodule
+COPY api/ api/
+
+# Copy modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
 
-# cache modules
+# Cache modules
 RUN go mod download
 
-# copy source code
-COPY main.go main.go
-COPY controllers/ controllers/
+# Copy source code
+COPY internal/ internal/
+COPY cmd/ cmd/
+
+ARG TARGETPLATFORM
+ARG TARGETARCH
 
-# build
+# build without specifing the arch
 ENV CGO_ENABLED=0
-RUN xx-go build -a -o source-watcher main.go
+RUN xx-go build -trimpath -a -o source-watcher cmd/main.go
 
-FROM alpine:3.21
+FROM alpine:3.22
 
-RUN apk add --no-cache ca-certificates tini
+ARG TARGETPLATFORM
+RUN apk --no-cache add ca-certificates \
+  && update-ca-certificates
 
 COPY --from=builder /workspace/source-watcher /usr/local/bin/
 
-RUN addgroup -S controller && adduser -S controller -G controller
-
-USER controller
-
-ENTRYPOINT [ "/sbin/tini", "--", "source-watcher" ]
+USER 65534:65534
+ENTRYPOINT [ "source-watcher" ]