Add exclude patterns to copy operations

Signed-off-by: Stefan Prodan <[email protected]>

Author: stefanprodan

api/v1beta1/artifactgenerator_types.go

@@ -137,6 +137,12 @@ type CopyOperation struct {
 	// +kubebuilder:validation:MaxLength=1024
 	// +required
 	To string `json:"to"`
+
+	// Exclude specifies a list of glob patterns to exclude
+	// files and dirs matched by the 'From' field.
+	// +kubebuilder:validation:MaxItems=100
+	// +optional
+	Exclude []string `json:"exclude,omitempty"`
 }
 
 // ArtifactGeneratorStatus defines the observed state of ArtifactGenerator.

api/v1beta1/zz_generated.deepcopy.go

@@ -53,6 +53,14 @@ spec:
                         being overwritten by later copy operations.
                       items:
                         properties:
+                          exclude:
+                            description: |-
+                              Exclude specifies a list of glob patterns to exclude
+                              files and dirs matched by the 'From' field.
+                            items:
+                              type: string
+                            maxItems: 100
+                            type: array
                           from:
                             description: |-
                               From specifies the source (by alias) and the glob pattern to match files.

config/crd/bases/source.extensions.fluxcd.io_artifactgenerators.yaml

@@ -31,5 +31,6 @@ spec:
       copy:
         - from: "@chart/**"
           to: "@artifact/"
+          exclude: ["*.md"]
         - from: "@repo/charts/podinfo/values-prod.yaml"
           to: "@artifact/podinfo/values.yaml"

config/samples/source_v1beta1_artifactgenerator.yaml

@@ -17,5 +17,6 @@ spec:
       copy:
         - from: "@chart/**"
           to: "@artifact/"
+          exclude: ["*.md"]
         - from: "@repo/charts/podinfo/values-prod.yaml"
           to: "@artifact/podinfo/values.yaml"

config/testdata/composition/generators.yaml

@@ -33,7 +33,7 @@ spec:
       copy:
         - from: "@backend/deploy/**"
           to: "@artifact/my-app/backend/"
-        - from: "@frontend/deploy/**/*.yaml"
+        - from: "@frontend/deploy/*.yaml"
           to: "@artifact/my-app/frontend/"
         - from: "@config/envs/prod/configmap.yaml"
           to: "@artifact/my-app/env.yaml"
@@ -244,9 +244,10 @@ spec:
       revision: "@backend"
       originRevision: "@frontend"
       copy:
-        - from: "@backend/deploy/*.yaml"
+        - from: "@backend/deploy/**"
           to: "@artifact/backend/"
-        - from: "@frontend/manifests/**"
+          exclude: ["**/charts/**"]
+        - from: "@frontend/manifests/*.yaml"
           to: "@artifact/frontend/"
         - from: "@config/envs/prod/configmap.yaml"
           to: "@artifact/env.yaml"
@@ -260,6 +261,8 @@ Each copy operation specifies how to copy files from sources into the generated
   a source and `pattern` is a glob pattern or a specific file/directory path within that source.
 - `to`: Destination path in the format `@artifact/path` where `artifact` is
   the root of the generated artifact and `path` is the relative path to a file or directory.
+- `exclude` (optional): A list of glob patterns to filter out from the source selection.
+  Any file matched by `from` that also matches an exclude pattern will be ignored.
 
 Copy operations use `cp`-like semantics:
 
@@ -270,11 +273,11 @@ Copy operations use `cp`-like semantics:
 Examples of copy operations:
 
 ```yaml
-# Copy file to specific path (like `cp source/config.yaml artifact/apps/app.yaml`)
+# Copy file to specific path - (like `cp source/config.yaml artifact/apps/app.yaml`)
 - from: "@source/config.yaml"
   to: "@artifact/apps/app.yaml"    # Creates apps/app.yaml file
 
-# Copy file to directory (like `cp source/config.yaml artifact/apps/`)
+# Copy file to directory - (like `cp source/config.yaml artifact/apps/`)
 - from: "@source/config.yaml"
   to: "@artifact/apps/"            # Creates apps/config.yaml
 
@@ -289,6 +292,9 @@ Examples of copy operations:
 # Copy files and dirs recursively - (like `cp -r source/configs/** artifact/apps/`)
 - from: "@source/configs/**"       # All files and sub-dirs under configs/  
   to: "@artifact/apps/"            # Creates apps/file1.yaml, apps/subdir/file2.yaml
+  exclude:
+    - "*.md"                       # Excludes all .md files
+    - "**/testdata/**"             # Excludes all files under any testdata/ dir
 ```
 
 ## Working with ArtifactGenerators

docs/spec/v1beta1/artifactgenerators.md

@@ -7,6 +7,7 @@ go 1.25.0
 replace github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.1-0.20220411205349-bde1400a84be
 
 require (
+	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/fluxcd/pkg/apis/meta v1.21.0
 	github.com/fluxcd/pkg/artifact v0.3.0
 	github.com/fluxcd/pkg/http/fetch v0.19.0

go.mod

@@ -12,6 +12,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE=
+github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=

go.sum

@@ -24,6 +24,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/bmatcuk/doublestar/v4"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1"
 	"golang.org/x/mod/sumdb/dirhash"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -129,7 +130,7 @@ func applyCopyOperations(ctx context.Context,
 // applyCopyOperation applies a single copy operation from the sources to the staging directory.
 // This function implements cp-like semantics by first analyzing the source pattern to determine
 // if it's a glob, direct file/directory reference, or wildcard pattern, then making copy decisions
-// based on the actual source types found.
+// based on the actual source types found. Files matching exclude patterns are filtered out.
 func applyCopyOperation(ctx context.Context,
 	op swapi.CopyOperation,
 	sources map[string]string,
@@ -149,6 +150,12 @@ func applyCopyOperation(ctx context.Context,
 		return fmt.Errorf("source alias '%s' not found", srcAlias)
 	}
 
+	for _, pattern := range op.Exclude {
+		if _, err := doublestar.Match(pattern, "."); err != nil {
+			return fmt.Errorf("invalid exclude pattern '%s'", pattern)
+		}
+	}
+
 	// Create secure roots for file operations
 	srcRoot, err := os.OpenRoot(srcDir)
 	if err != nil {
@@ -168,7 +175,7 @@ func applyCopyOperation(ctx context.Context,
 
 	if !isGlobPattern {
 		// Direct path reference - check what it actually is first (cp-like behavior)
-		return applySingleSourceCopy(ctx, srcRoot, srcPattern, stagingRoot, destRelPath, destEndsWithSlash)
+		return applySingleSourceCopy(ctx, srcRoot, srcPattern, stagingRoot, destRelPath, destEndsWithSlash, op.Exclude)
 	}
 
 	// Glob pattern - find all matches and copy each
@@ -181,15 +188,27 @@ func applyCopyOperation(ctx context.Context,
 		return fmt.Errorf("no files match pattern '%s' in source '%s'", srcPattern, srcAlias)
 	}
 
-	// For glob patterns, destination should be a directory (like cp *.txt dest/)
+	// Filter out excluded files
+	filteredMatches := make([]string, 0, len(matches))
 	for _, match := range matches {
+		if !shouldExclude(match, op.Exclude) {
+			filteredMatches = append(filteredMatches, match)
+		}
+	}
+
+	if len(filteredMatches) == 0 {
+		return fmt.Errorf("all files matching pattern '%s' in source '%s' were excluded", srcPattern, srcAlias)
+	}
+
+	// For glob patterns, destination should be a directory (like cp *.txt dest/)
+	for _, match := range filteredMatches {
 		if err := ctx.Err(); err != nil {
 			return err
 		}
 
 		// Calculate destination path based on glob pattern type
 		destFile := calculateGlobDestination(srcPattern, match, destRelPath)
-		if err := copyFileWithRoots(ctx, srcRoot, match, stagingRoot, destFile); err != nil {
+		if err := copyFileWithRoots(ctx, srcRoot, match, stagingRoot, destFile, op.Exclude); err != nil {
 			return fmt.Errorf("failed to copy file '%s' to '%s': %w", match, destFile, err)
 		}
 	}
@@ -204,7 +223,8 @@ func applySingleSourceCopy(ctx context.Context,
 	srcPath string,
 	stagingRoot *os.Root,
 	destPath string,
-	destEndsWithSlash bool) error {
+	destEndsWithSlash bool,
+	excludePatterns []string) error {
 	// Clean the source path to handle trailing slashes
 	srcPath = filepath.Clean(srcPath)
 
@@ -218,9 +238,9 @@ func applySingleSourceCopy(ctx context.Context,
 	}
 
 	if srcInfo.IsDir() {
-		return applySingleDirectoryCopy(ctx, srcRoot, srcPath, stagingRoot, destPath)
+		return applySingleDirectoryCopy(ctx, srcRoot, srcPath, stagingRoot, destPath, excludePatterns)
 	} else {
-		return applySingleFileCopy(ctx, srcRoot, srcPath, stagingRoot, destPath, destEndsWithSlash)
+		return applySingleFileCopy(ctx, srcRoot, srcPath, stagingRoot, destPath, destEndsWithSlash, excludePatterns)
 	}
 }
 
@@ -232,7 +252,12 @@ func applySingleFileCopy(ctx context.Context,
 	srcPath string,
 	stagingRoot *os.Root,
 	destPath string,
-	destEndsWithSlash bool) error {
+	destEndsWithSlash bool,
+	excludePatterns []string) error {
+	// Check if the file should be excluded
+	if shouldExclude(srcPath, excludePatterns) {
+		return nil // Skip excluded file
+	}
 	var finalDestPath string
 
 	if destEndsWithSlash {
@@ -250,7 +275,7 @@ func applySingleFileCopy(ctx context.Context,
 		}
 	}
 
-	return copyFileWithRoots(ctx, srcRoot, srcPath, stagingRoot, finalDestPath)
+	return copyFileWithRoots(ctx, srcRoot, srcPath, stagingRoot, finalDestPath, excludePatterns)
 }
 
 // applySingleDirectoryCopy handles copying a single directory using cp-like semantics.
@@ -260,11 +285,12 @@ func applySingleDirectoryCopy(ctx context.Context,
 	srcRoot *os.Root,
 	srcPath string,
 	stagingRoot *os.Root,
-	destPath string) error {
+	destPath string,
+	excludePatterns []string) error {
 	srcDirName := filepath.Base(srcPath)
 	finalDestPath := filepath.Join(destPath, srcDirName)
 
-	return copyFileWithRoots(ctx, srcRoot, srcPath, stagingRoot, finalDestPath)
+	return copyFileWithRoots(ctx, srcRoot, srcPath, stagingRoot, finalDestPath, excludePatterns)
 }
 
 // containsGlobChars returns true if the path contains glob metacharacters
@@ -318,19 +344,21 @@ func parseCopyDestinationRelative(to string) (string, error) {
 	return strings.TrimPrefix(to, "@artifact/"), nil
 }
 
-// copyFileWithRoots copies a file from srcRoot to stagingRoot os.Root.
+// copyFileWithRoots copies a file from srcRoot to stagingRoot os.Root,
+// excluding files matching exclude patterns.
 func copyFileWithRoots(ctx context.Context,
 	srcRoot *os.Root,
 	srcPath string,
 	stagingRoot *os.Root,
-	destPath string) error {
+	destPath string,
+	excludePatterns []string) error {
 	srcInfo, err := srcRoot.Stat(srcPath)
 	if err != nil {
 		return err
 	}
 
 	if srcInfo.IsDir() {
-		return copyDirWithRoots(ctx, srcRoot, srcPath, stagingRoot, destPath)
+		return copyDirWithRoots(ctx, srcRoot, srcPath, stagingRoot, destPath, excludePatterns)
 	}
 
 	return copyRegularFileWithRoots(ctx, srcRoot, srcPath, stagingRoot, destPath)
@@ -383,12 +411,14 @@ func copyRegularFileWithRoots(ctx context.Context,
 	return destFile.Chmod(srcInfo.Mode())
 }
 
-// copyDirWithRoots copies a directory recursively using os.Root.
+// copyDirWithRoots copies a directory recursively using os.Root,
+// skipping files and sub-dirs matching exclude patterns.
 func copyDirWithRoots(ctx context.Context,
 	srcRoot *os.Root,
 	srcPath string,
 	stagingRoot *os.Root,
-	destPath string) error {
+	destPath string,
+	excludePatterns []string) error {
 	return fs.WalkDir(srcRoot.FS(), srcPath, func(path string, d fs.DirEntry, err error) error {
 		if err := ctx.Err(); err != nil {
 			return err
@@ -410,6 +440,16 @@ func copyDirWithRoots(ctx context.Context,
 			return createDirRecursive(stagingRoot, destPath)
 		}
 
+		// Check if this path should be excluded
+		if shouldExclude(relPath, excludePatterns) {
+			if d.IsDir() {
+				// Skip entire directory
+				return fs.SkipDir
+			}
+			// Skip file
+			return nil
+		}
+
 		destFilePath := filepath.Join(destPath, relPath)
 
 		if d.IsDir() {
@@ -450,6 +490,23 @@ func createDirRecursive(root *os.Root, path string) error {
 	return err
 }
 
+// shouldExclude checks if a path matches any of the exclude patterns.
+func shouldExclude(filePath string, excludePatterns []string) bool {
+	if len(excludePatterns) == 0 {
+		return false
+	}
+
+	for _, pattern := range excludePatterns {
+		// We validate the patterns when parsing the copy operation,
+		// so it's safe to use MatchUnvalidated here.
+		if doublestar.MatchUnvalidated(pattern, filePath) {
+			return true
+		}
+	}
+
+	return false
+}
+
 // MkdirTempAbs creates a tmp dir and returns the absolute path to the dir.
 // This is required since certain OSes like MacOS create temporary files in
 // e.g. `/private/var`, to which `/var` is a symlink.