Integrating new --patch-templates for score-compose init and score-k8s init (#176)

mathieu-benoit · web-flow · commit 666b2290ad04 · 2025-03-13T17:09:52.000-04:00
* Update score.yaml

* score-* init --patch-templates

* No more kubectl patch

* Update score.yaml - rollback tests
diff --git a/Makefile b/Makefile
@@ -17,13 +17,13 @@ CONTAINER_IMAGE = ${WORKLOAD_NAME}:test
 
 .score-compose/state.yaml:
 	score-compose init \
-		--no-sample
+		--no-sample \
+		--patch-templates https://raw.githubusercontent.com/score-spec/community-patchers/refs/heads/main/score-compose/unprivileged.tpl
 
 compose.yaml: score/score.yaml .score-compose/state.yaml Makefile
 	score-compose generate score/score.yaml \
 		--build '${CONTAINER_NAME}={"context":"app/","tags":["${CONTAINER_IMAGE}"]}' \
 		--override-property containers.${CONTAINER_NAME}.variables.MESSAGE="Hello, Compose!"
-	echo '{"services":{"${WORKLOAD_NAME}-${CONTAINER_NAME}":{"read_only":"true","user":"65532","cap_drop":["ALL"]}}}' | yq e -P > compose.override.yaml
 
 ## Generate a compose.yaml file from the score spec and launch it.
 .PHONY: compose-up
@@ -43,15 +43,15 @@ compose-down:
 
 .score-k8s/state.yaml:
 	score-k8s init \
-		--no-sample
+		--no-sample \
+		--patch-templates https://raw.githubusercontent.com/score-spec/community-patchers/refs/heads/main/score-k8s/unprivileged.tpl \
+        --patch-templates https://raw.githubusercontent.com/score-spec/community-patchers/refs/heads/main/score-k8s/service-account.tpl
+
 
 manifests.yaml: score/score.yaml .score-k8s/state.yaml Makefile
 	score-k8s generate score/score.yaml \
 		--image ${CONTAINER_IMAGE} \
-		--override-property containers.${CONTAINER_NAME}.variables.MESSAGE="Hello, Kubernetes!" \
-		--patch-manifests 'Deployment/*/spec.template.spec.automountServiceAccountToken=false' \
-		--patch-manifests 'Deployment/*/spec.template.spec.securityContext={"fsGroup":65532,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}'
-	echo '{"spec":{"template":{"spec":{"containers":[{"name":"${CONTAINER_NAME}","securityContext":{"allowPrivilegeEscalation":false,"privileged": false,"readOnlyRootFilesystem": true,"capabilities":{"drop":["ALL"]}}}]}}}}' > deployment-patch.yaml
+		--override-property containers.${CONTAINER_NAME}.variables.MESSAGE="Hello, Kubernetes!"
 
 ## Create a local Kind cluster.
 .PHONY: kind-create-cluster
@@ -70,10 +70,6 @@ k8s-up: manifests.yaml
 	kubectl apply \
 		-f manifests.yaml \
 		-n ${NAMESPACE}
-	kubectl patch \
-		deployment ${WORKLOAD_NAME} \
-		--patch-file deployment-patch.yaml \
-		-n ${NAMESPACE}
 	kubectl wait deployments/${WORKLOAD_NAME} \
 		-n ${NAMESPACE} \
 		--for condition=Available \
