Migration from open mfp (#6)

* feat: migrated dependencies from OpenMFP to Platform-mesh

* fix: updated dockerfile for pulling private packages

* updated imports

* migrated the latest changes from fga-operator

* fix: updated docker file

* Apply suggestions from code review

fixes

Co-authored-by: Aaron Schweig <[email protected]>

* ci: troubleshooting build

* fix: streamline Dockerfile git configuration commands

* fix: model generation does now respect resource scope

* fix: streamline Dockerfile git configuration commands

* ci: fixing build

* fix: update Go version and correct environment variable naming in Taskfile

* fix: update Go version in Dockerfile to 1.24.5

* fix: remove lint-ignore comment for logicalcluster import in initializer and store controller

---------

Co-authored-by: Angel Kafazov <[email protected]>
Co-authored-by: Aaron Schweig <[email protected]>
Co-authored-by: Bastian Echterhölter <[email protected]>
Co-authored-by: aaronschweig <[email protected]>

Author: 4 people

.github/workflows/pipeline.yaml

@@ -13,10 +13,10 @@ jobs:
     concurrency:
       group: ${{ github.ref }}
       cancel-in-progress: true
-    uses: openmfp/gha/.github/workflows/pipeline-golang-app.yml@main
+    uses: platform-mesh/.github/.github/workflows/pipeline-golang-app.yml@ci/with-token-arg
     secrets: inherit
     with:
-      imageTagName: ghcr.io/openmfp/fga-operator
+      imageTagName: ghcr.io/platform-mesh/security-operator
       useTask: true
       useLocalCoverageConfig: true
       coverageThresholdTotal: 90

CODEOWNERS

@@ -1,4 +1,4 @@
 # Default code owners
-* @openmfp/frame
+* @platform-mesh/frame
 go.mod
 go.sum

Dockerfile

@@ -1,16 +1,22 @@
 # Build the manager binary
-FROM docker.io/golang:1.24 AS builder
+FROM golang:1.24.5-bullseye AS builder
 ARG TARGETOS
 ARG TARGETARCH
 
+### BEGIN GHE Configurations ###
+ENV GOPRIVATE="github.com/platform-mesh"
+ENV GOSUMDB=off
+
+RUN git config --global credential.helper store
+RUN --mount=type=secret,id=org_token echo "https://gha:$(cat /run/secrets/org_token)@github.com" > /root/.git-credentials
 WORKDIR /workspace
+
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
-
 # Copy the go source
 COPY cmd/ cmd/
 COPY api/ api/

PROJECT

@@ -2,25 +2,27 @@
 # This file is used to track the info used to scaffold your project
 # and allow the plugins properly work.
 # More info: https://book.kubebuilder.io/reference/project-config.html
-domain: openmfp.io
+domain: platform-mesh.io
 layout:
 - go.kubebuilder.io/v4
-projectName: fga-operator
-repo: github.com/openmfp/fga-operator
+plugins:
+  helm.kubebuilder.io/v1-alpha: {}
+projectName: security-operator
+repo: github.com/platform-mesh/security-operator
 resources:
 - api:
     crdVersion: v1
   controller: true
-  domain: openmfp.org
+  domain: platform-mesh.io
   group: core
   kind: Store
-  path: github.com/openmfp/fga-operator/api/v1alpha1
+  path: github.com/platform-mesh/security-operator/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
-  domain: openmfp.org
+  domain: platform-mesh.io
   group: core
   kind: AuthorizationModel
-  path: github.com/openmfp/fga-operator/api/v1alpha1
+  path: github.com/platform-mesh/security-operator/api/v1alpha1
   version: v1alpha1
 version: "3"

README.md

@@ -1,4 +1,4 @@
-# fga-operator
+# security-operator
 // TODO(user): Add simple overview of use/purpose
 
 ## Description
@@ -16,7 +16,7 @@
 **Build and push your image to the location specified by `IMG`:**
 
 ```sh
-make docker-build docker-push IMG=<some-registry>/fga-operator:tag
+make docker-build docker-push IMG=<some-registry>/security-operator:tag
 ```
 
 **NOTE:** This image ought to be published in the personal registry you specified.
@@ -32,7 +32,7 @@ make install
 **Deploy the Manager to the cluster with the image specified by `IMG`:**
 
 ```sh
-make deploy IMG=<some-registry>/fga-operator:tag
+make deploy IMG=<some-registry>/security-operator:tag
 ```
 
 > **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin
@@ -75,7 +75,7 @@ Following the options to release and provide this solution to the users.
 1. Build the installer for the image built and published in the registry:
 
 ```sh
-make build-installer IMG=<some-registry>/fga-operator:tag
+make build-installer IMG=<some-registry>/security-operator:tag
 ```
 
 **NOTE:** The makefile target mentioned above generates an 'install.yaml'
@@ -89,7 +89,7 @@ Users can just run 'kubectl apply -f <URL for YAML BUNDLE>' to install
 the project, i.e.:
 
 ```sh
-kubectl apply -f https://raw.githubusercontent.com/<org>/fga-operator/<tag or branch>/dist/install.yaml
+kubectl apply -f https://raw.githubusercontent.com/<org>/security-operator/<tag or branch>/dist/install.yaml
 ```
 
 ### By providing a Helm Chart

Taskfile.yaml

@@ -8,6 +8,7 @@ vars:
   CRD_DIRECTORY: config/crd/bases
   KCP_APIGEN_VERSION: v0.21.0
   KCP_VERSION: 0.26.1
+  GOLANGCI_LINT_VERSION: v1.64.8
   GOARCH:
     sh: go env GOARCH
   GOOS:
@@ -28,7 +29,7 @@ tasks:
   setup:golangci-lint:
     internal: true
     cmds:
-      - test -s {{.LOCAL_BIN}}/golangci-lint || GOBIN=$(pwd)/{{.LOCAL_BIN}} go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+      - test -s {{.LOCAL_BIN}}/golangci-lint || GOBIN=$(pwd)/{{.LOCAL_BIN}} go install github.com/golangci/golangci-lint/cmd/golangci-lint@{{.GOLANGCI_LINT_VERSION}}
   setup:docker-compose:
     internal: true
     cmds:
@@ -72,10 +73,14 @@ tasks:
   envtest:
     internal: true
     env:
+      GOPRIVATE: github.com/platform-mesh 
       KUBEBUILDER_ASSETS:
         sh: $(pwd)/{{.LOCAL_BIN}}/setup-envtest use {{.ENVTEST_K8S_VERSION}} --bin-dir $(pwd)/{{.LOCAL_BIN}} -p path
       GO111MODULE: on
+      PLATFORM_MESH_TOKEN: ${PLATFORM_MESH_TOKEN}
     cmds:
+      - echo "https://openmfp:[email protected]" >> $HOME/.git-credentials
+      - git config --global url."https://${PLATFORM_MESH_TOKEN}@github.com/".insteadOf "https://github.com/"
       - go test -count=1 ./... {{.ADDITIONAL_COMMAND_ARGS}}
   test:
     deps: [setup:envtest]

api/v1alpha1/authorizationmodel_types.go

@@ -1,7 +1,7 @@
 package v1alpha1
 
 import (
-	"github.com/openmfp/golang-commons/controller/lifecycle"
+	lifecycleapi "github.com/platform-mesh/golang-commons/controller/lifecycle/api"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -46,7 +46,7 @@ func (in *AuthorizationModel) SetConditions(conditions []metav1.Condition) {
 	in.Status.Conditions = conditions
 }
 
-var _ lifecycle.RuntimeObjectConditions = &AuthorizationModel{}
+var _ lifecycleapi.RuntimeObjectConditions = &AuthorizationModel{}
 
 // +kubebuilder:object:root=true
 

api/v1alpha1/groupversion_info.go

@@ -1,6 +1,6 @@
 // Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group.
 // +kubebuilder:object:generate=true
-// +groupName=fga.openmfp.org
+// +groupName=core.platform-mesh.io
 package v1alpha1
 
 import (
@@ -10,7 +10,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects.
-	GroupVersion = schema.GroupVersion{Group: "fga.openmfp.org", Version: "v1alpha1"}
+	GroupVersion = schema.GroupVersion{Group: "core.platform-mesh.io", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

api/v1alpha1/store_types.go

@@ -3,12 +3,12 @@ package v1alpha1
 import (
 	"fmt"
 
-	"github.com/openmfp/golang-commons/controller/lifecycle"
+	lifecycleapi "github.com/platform-mesh/golang-commons/controller/lifecycle/api"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
-	StoreRefLabelKey = "fga.openmfp.org/store-name"
+	StoreRefLabelKey = "core.platform-mesh.io/store-name"
 )
 
 type Tuple struct {
@@ -59,7 +59,7 @@ func (in *Store) SetConditions(conditions []metav1.Condition) {
 	in.Status.Conditions = conditions
 }
 
-var _ lifecycle.RuntimeObjectConditions = &Store{}
+var _ lifecycleapi.RuntimeObjectConditions = &Store{}
 
 // +kubebuilder:object:root=true
 

cmd/initializer.go

@@ -12,7 +12,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/kcp"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
-	"github.com/openmfp/fga-operator/internal/controller"
+	"github.com/platform-mesh/security-operator/internal/controller"
 )
 
 var initializerCmd = &cobra.Command{
@@ -25,7 +25,7 @@ var initializerCmd = &cobra.Command{
 		mgrOpts := ctrl.Options{
 			Scheme:                 scheme,
 			LeaderElection:         defaultCfg.LeaderElection.Enabled,
-			LeaderElectionID:       "fga-operator-initializer.openmfp.org",
+			LeaderElectionID:       "security-operator-initializer.platform-mesh.io",
 			HealthProbeBindAddress: defaultCfg.HealthProbeBindAddress,
 			Metrics: server.Options{
 				BindAddress: defaultCfg.Metrics.BindAddress,