feat: Add FluxCD GitOps templates and OpenMCP resources (#1)

* Add FluxCD GitOps templates and OpenMCP resources

- Introduced `gotk-sync.yaml` for Git repository synchronization with FluxCD.
- Created `kustomization.yaml` to manage FluxCD resources.
- Added `values.yaml` for Git repository configuration.
- Implemented `ClusterProvider` and `Deployment` for OpenMCP with Kind.
- Defined `kind-cluster-config.yaml` for Kind cluster configuration.
- Established OpenMCP operator deployment with necessary configurations and secrets.
- Added namespace and kustomization resources for OpenMCP.
- Included usage operator configuration for platform services.

* refactored build command

* refactor: streamline linting process in GitHub Actions and Taskfile

Author: n3rdc4ptn

.github/workflows/lint.yaml

@@ -0,0 +1,32 @@
+name: Lint YAML and Kustomization
+
+on:
+  pull_request:
+    paths:
+      - "templates/**.yaml"
+      - "templates/**.yml"
+  push:
+    paths:
+      - "templates/**.yaml"
+      - "templates/**.yml"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install Task
+        uses: arduino/setup-task@v2
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run lint task
+        run: task lint

.github/workflows/publish.yaml

@@ -0,0 +1,89 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - v*
+  workflow_dispatch:
+
+permissions:
+  packages: write
+
+env:
+  OCI_URL: ghcr.io/openmcp-project
+
+jobs:
+  release_tag:
+    name: Release version
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
+        id: app-token
+        with:
+          # required
+          app-id: 1312871
+          private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }}
+
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          fetch-tags: true
+          fetch-depth: 0
+          submodules: recursive
+
+      - name: Install Task
+        uses: arduino/setup-task@v2
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Read and validate VERSION
+        id: version
+        run: |
+          VERSION=$(task version)
+          if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then
+            echo "Invalid version format: $VERSION"
+            exit 1
+          fi
+          echo "New version: $VERSION"
+          echo "version=$VERSION" >> $GITHUB_ENV
+
+      - name: Skip release if version is a dev version
+        if: contains(env.version, '-dev')
+        run: |
+          echo "Skipping development version release: ${{ env.version }}"
+          echo "SKIP=true" >> $GITHUB_ENV
+          exit 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
+
+      - name: Set up Docker Context for Buildx
+        id: buildx-context
+        run: |
+          docker context create builders
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        timeout-minutes: 5
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+        with:
+          version: latest
+
+      - name: Set up Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: go.mod
+
+      - name: Build and Push OCM Component
+        run: |
+          task build --verbose
+          task push --verbose

.github/workflows/release.yaml

@@ -0,0 +1,120 @@
+name: Versioned Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write # we need this to be able to push tags
+  pull-requests: read
+
+env:
+  OCI_URL: ghcr.io/openmcp-project
+
+jobs:
+  release_tag:
+    name: Release version
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
+        id: app-token
+        with:
+          # required
+          app-id: 1312871
+          private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }}
+
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          fetch-tags: true
+          fetch-depth: 0
+          submodules: recursive
+      - name: test-action
+        run: cd hack/common; git status
+      - name: Install Task
+        uses: arduino/setup-task@v2
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Read and validate VERSION
+        id: version
+        run: |
+          VERSION=$(task version)
+          if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then
+            echo "Invalid version format: $VERSION"
+            exit 1
+          fi
+          echo "New version: $VERSION"
+          echo "version=$VERSION" >> $GITHUB_ENV
+
+      - name: Skip release if version is a dev version
+        if: contains(env.version, '-dev')
+        run: |
+          echo "Skipping development version release: ${{ env.version }}"
+          echo "SKIP=true" >> $GITHUB_ENV
+          exit 0
+
+      - name: Check if VERSION is already tagged
+        id: check_tag
+        run: |
+          if git rev-parse "refs/tags/${{ env.version }}" >/dev/null 2>&1; then
+            echo "Tag ${{ env.version }} already exists. Skipping release."
+            echo "SKIP=true" >> $GITHUB_ENV
+            exit 0
+          fi
+          echo "Tag ${{ env.version }} doesn't exists. Proceeding with release."
+
+      - name: Create Git tag
+        if: ${{ env.SKIP != 'true' }}
+        run: |
+          AUTHOR_NAME=$(git log -1 --pretty=format:'%an')
+          AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae')
+          echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>"
+
+          echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV
+          echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV
+
+          git config user.name "$AUTHOR_NAME"
+          git config user.email "$AUTHOR_EMAIL"
+
+          git tag -a "${{ env.version }}" -m "Release ${{ env.version }}"
+          git push origin "${{ env.version }}"
+
+          NESTED_GO_MODULES="$(task release:list-nested-modules)"
+
+          for MODULE in $NESTED_GO_MODULES; do
+            git tag -a "${MODULE}/${{ env.version }}" -m "Release ${{ env.version }}"
+            git push origin "${MODULE}/${{ env.version }}"
+          done
+
+      - name: Build Changelog
+        id: github_release
+        run: task r:generate-changelog
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create GitHub release
+        if: ${{ env.SKIP != 'true' }}
+        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2
+        with:
+          tag_name: ${{ env.version }}
+          name: Release ${{ env.version }}
+          body_path: ./CHANGELOG.md
+          draft: true
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push dev VERSION
+        if: ${{ env.SKIP != 'true' }}
+        run: |
+          task release:set-version --verbose -- "${{ env.version }}-dev"
+          git config user.name "${{ env.AUTHOR_NAME }}"
+          git config user.email "${{ env.AUTHOR_EMAIL }}"
+          git add VERSION
+          git commit -m "chore(release): Update VERSION to ${{ env.version }}-dev"
+          git push origin main

.github/workflows/reuse.yaml

@@ -0,0 +1,11 @@
+name: REUSE Compliance Check
+
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  run_reuse:
+    uses: openmcp-project/build/.github/workflows/reuse.lib.yaml@main
+    secrets: inherit

.gitignore

@@ -0,0 +1 @@
+**/config/*

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "hack/common"]
+	path = hack/common
+	url = https://github.com/openmcp-project/build.git

Taskfile.yml

@@ -0,0 +1,68 @@
+version: '3'
+
+includes:
+  release:
+    taskfile: hack/common/tasks_rls.yaml
+    aliases:
+    - rls
+    - r
+
+tasks:
+  build:
+    desc: Build ocm component
+    cmds:
+      - |
+        ocm add componentversions \
+        --copy-resources --force --create \
+        --file .out \
+        --settings settings.yaml \
+        component-constructor.yaml
+  lint:
+    desc: Lint YAML files in templates directory
+    cmds:
+      - yamllint templates
+
+  push:
+    desc: Push to OCM Registry
+    cmds:
+      - ocm transfer ctf -f .out "{{.COMPONENT_REGISTRY}}" {{.overwrite_mod}}
+    vars:
+      overwrite_mod:
+        sh: 'if [[ -n ${OVERWRITE_COMPONENTS:-} ]] && [[ ${OVERWRITE_COMPONENTS} != "false" ]]; then echo -n "--overwrite"; fi'
+      COMPONENT_REGISTRY:
+        sh: 'PROJECT_ROOT="{{.ROOT_DIR2}}" hack/common/get-registry.sh --component'
+
+  flux:
+    desc: Renders the latest flux template using the flux cli
+    cmds:
+      - |
+        flux install --export \
+        --components-extra="image-reflector-controller,image-automation-controller" \
+        > gotk-components.yaml
+    dir: ./templates/fluxcd
+
+  pull:
+    desc: Pulls the resources from the gitops-template ocm.
+    cmds:
+      - |
+        ocm download resources \
+        --downloader ocm/dirtree \
+        --repo OCIRegistry::ghcr.io/n3rdc4ptn/ocm \
+        github.com/openmcp-project/gitops-templates:0.0.2 \
+        openmcp fluxcd
+
+  template:
+    desc: Testing command just to show the templates
+    cmds:
+      - |
+        helm template --output-dir {{.OUTPUT_DIR}} \
+        --set openmcpOperator.image="ghcr.io/openmcp-project/images/openmcp-operator" \
+        --set openmcpOperator.tag="latest" \
+        ./github.com/openmcp-project/gitops-templates/0.0.2/openmcp
+      - |
+        helm template --output-dir {{.OUTPUT_DIR}} \
+        --set openmcpOperator.image="ghcr.io/openmcp-project/images/openmcp-operator" \
+        --set openmcpOperator.tag="latest" \
+        ./github.com/openmcp-project/gitops-templates/0.0.2/openmcp
+    vars:
+      OUTPUT_DIR: "output"

VERSION

@@ -0,0 +1 @@
+v0.0.1

component-constructor.yaml

@@ -0,0 +1,32 @@
+components:
+  - name: "github.com/openmcp-project/gitops-templates"
+    version: "${OPENMCP_VERSION}"
+    labels:
+      - name: "org.opencontainers.image.source"
+        value: "https://github.com/openmcp-project/gitops-templates"
+    provider:
+      name: openmcp-project
+    resources:
+      - name: openmcp-operator
+        type: ociImage
+        input:
+          type: ociImage
+          path: ghcr.io/openmcp-project/images/openmcp-operator:${OPENMCP_OPERATOR_VERSION}
+          repository: openmcp-project/openmcp-operator
+      - name: openmcp
+        type: fileSystem
+        input:
+          type: dir
+          path: ./templates/openmcp
+      - name: fluxcd
+        type: fileSystem
+        input:
+          type: dir
+          path: ./templates/fluxcd
+      - name: gitops-templates
+        type: blob
+        version: ${OPENMCP_VERSION}
+        access:
+          type: gitHub
+          repoUrl: "https://github.com/openmcp-project/gitops-templates"
+          commit: "2bdf15aab6df0234ef7621d4a876e4e37eaf1fa0"

docs/commands.md

@@ -0,0 +1,7 @@
+```
+ocm add componentversions --copy-resources --force  --create --file .out --settings settings.yaml component-constructor.yaml
+
+ocm transfer ctf --copy-resources --enforce -f .out ghcr.io/n3rdc4ptn/ocm
+
+ocm download resources --downloader ocm/dirtree --repo OCIRegistry::ghcr.io/n3rdc4ptn/ocm github.com/openmcp-project/gitops-templates:0.0.1 openmcp openmcpdir
+```