Merge branch 'master' into release

Author: phlogistonjohn

.github/mergify.yml

@@ -0,0 +1,95 @@
+---
+defaults:
+  actions:
+    queue:
+      name: default
+      method: rebase
+      update_method: rebase
+
+
+# each test should be listed separately, do not use regular expressions:
+# https://docs.mergify.io/conditions.html#validating-all-status-check
+# TODO: Use mergify's recently added 'shared configuration support'
+# to dedup some of the check-x=y repetition in the future.
+queue_rules:
+  - name: default
+    conditions:
+      - check-success=check
+      - check-success=build
+      - check-success=podmanbuild
+      - check-success=dockerbuild
+      - check-success=test
+      - check-success=test-kubernetes
+      - check-success=centos-ci/sink-clustered/mini-k8s-latest
+      - check-success=dpulls
+
+
+pull_request_rules:
+  # Clearing approvals after content changes
+  - name: Remove outdated approvals
+    conditions:
+      - base=master
+    actions:
+      dismiss_reviews:
+        approved: true
+        changes_requested: false
+  # Perform automatic merge on conditions
+  - name: Automatic merge on approval
+    conditions:
+      - check-success=check
+      - check-success=build
+      - check-success=podmanbuild
+      - check-success=dockerbuild
+      - check-success=test
+      - check-success=test-kubernetes
+      - check-success=centos-ci/sink-clustered/mini-k8s-latest
+      - check-success=dpulls
+      - "-draft"
+      # Contributors should set the 'do-not-merge' label if they don't want
+      # the PR to be (auto)merged for some reason.
+      - "label!=do-not-merge"
+      # A reviewer should set a label starting with 'review-in-progress' (and
+      # suffixed by their username) in order to indicate a detailed review has been
+      # started and not completed. This will hold the PR until the label has been
+      # removed.
+      - "-label~=^review-in-progress"
+      - "base=master"
+      # Even if there are 2 or more approvals we won't automerge if there are
+      # any changes requested.
+      - "#changes-requested-reviews-by=0"
+      - or:
+          # Any contributor's PR can be automerged with 2 (or more) reviews.
+          - "#approved-reviews-by>=2"
+          # A maintainer's contribution that has already aged long enough to
+          # earn the "priority-review" label can be merged immediately.
+          # The label can also be applied manually in case of an important
+          # bugfix, etc.
+          - and:
+              - "label=priority-review"
+              - "author=@maintainers"
+              - "#approved-reviews-by>=1"
+    actions:
+      queue: {}
+      dismiss_reviews: {}
+  # Conflict resolution prompt
+  - name: Ask contributor to resolve a conflict
+    conditions:
+      - conflict
+    actions:
+      comment:
+        message: "This pull request now has conflicts with the target branch.
+        Please resolve these conflicts and force push the updated branch."
+  # Label PRs that have been sitting there unchanged, aging like a fine wine
+  #
+  # NOTE: the updated-at "counter" resets every time the PR is changed so
+  # reacting to a reviewer's feedback and fixing a typo (for example) will
+  # reset the counter. Thus we now apply a label once we hit the 15 day window
+  # so that we know that PR had, at some time, sat unchanged for that long.
+  - name: Label aged PRs
+    conditions:
+      - "updated-at<15 days ago"
+      - "-draft"
+    actions:
+      label:
+        add:
+          - "priority-review"

.github/workflows/main.yml

@@ -11,31 +11,43 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2
+          go-version: "1.18"
+      - uses: actions/checkout@v3
       - name: Build
         run: make
   # Run static/code-quality checks
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2
+          go-version: "1.18"
+      - uses: actions/checkout@v3
       - name: Install revive
         run: go install github.com/mgechev/revive@latest
       - name: Run checks
         run: make check
+  check-commits:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Ensure branches
+        run: git fetch
+      - name: Lint git commit messages
+        run: make check-gitlint
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2
+          go-version: "1.18"
+      - uses: actions/checkout@v3
       - name: run the tests
         run: make test
   podmanbuild:
@@ -44,7 +56,7 @@ jobs:
     # image build step, so no need to do it twice.
     if: github.event_name == 'pull_request'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Install fuse-overlayfs
         run: sudo apt-get -y install fuse-overlayfs
       - name: Setup podman config
@@ -72,7 +84,7 @@ jobs:
     # image build step, so no need to do it twice.
     if: github.event_name == 'pull_request'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: build container image
         # note: forcing use of podman here since we are
         # using podman explicitly for the push job
@@ -85,10 +97,10 @@ jobs:
       CONTAINER_CMD: docker
       PR_NUM: ${{ github.event.pull_request.number }}
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
         with:
-          go-version: "1.16"
+          go-version: "1.18"
       - name: Install k3d
         run: curl -L --silent --fail "https://raw.githubusercontent.com/rancher/k3d/main/install.sh" | bash
       # The TAG env var can interfere with the k3d install script.
@@ -140,7 +152,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'push'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: log in to quay.io
         # using docker for now, since podman has an issue with space
         # consumption: image build fails with no space left on device...

.gitlint

@@ -0,0 +1,119 @@
+# Edit this file as you like.
+#
+# All these sections are optional. Each section with the exception of [general] represents
+# one rule and each key in it is an option for that specific rule.
+#
+# Rules and sections can be referenced by their full name or by id. For example
+# section "[body-max-line-length]" could also be written as "[B1]". Full section names are
+# used in here for clarity.
+#
+[general]
+# Ignore certain rules, this example uses both full name and id
+# ignore=title-trailing-punctuation, T3
+
+# verbosity should be a value between 1 and 3, the commandline -v flags take precedence over this
+verbosity=3
+
+# By default gitlint will ignore merge, revert, fixup and squash commits.
+ignore-merge-commits=true
+# ignore-revert-commits=true
+# ignore-fixup-commits=true
+# ignore-squash-commits=true
+
+# Ignore any data send to gitlint via stdin
+# ignore-stdin=true
+
+# Fetch additional meta-data from the local repository when manually passing a
+# commit message to gitlint via stdin or --commit-msg. Disabled by default.
+# staged=true
+
+# Enable debug mode (prints more output). Disabled by default.
+# debug=true
+
+# Enable community contributed rules
+# See http://jorisroovers.github.io/gitlint/contrib_rules for details
+# contrib=contrib-body-requires-signed-off-by
+
+# Set the extra-path where gitlint will search for user defined rules
+# See http://jorisroovers.github.io/gitlint/user_defined_rules for details
+# extra-path=examples/
+
+# This is an example of how to configure the "title-max-length" rule and
+# set the line-length it enforces to 80
+[title-max-length]
+line-length=72
+
+# Conversely, you can also enforce minimal length of a title with the
+# "title-min-length" rule:
+# [title-min-length]
+# min-length=5
+
+[title-must-not-contain-word]
+# Comma-separated list of words that should not occur in the title. Matching is case
+# insensitive. It's fine if the keyword occurs as part of a larger word (so "WIPING"
+# will not cause a violation, but "WIP: my title" will.
+words=wip,WIP
+
+[title-match-regex]
+# python-style regex that the commit-msg title must match
+# Note that the regex can contradict with other rules if not used correctly
+# (e.g. title-must-not-contain-word).
+regex=^.*
+
+# [body-max-line-length]
+# line-length=72
+
+# [body-min-length]
+# min-length=5
+
+# [body-is-missing]
+# Whether to ignore this rule on merge commits (which typically only have a title)
+# default = True
+# ignore-merge-commits=false
+
+# [body-changed-file-mention]
+# List of files that need to be explicitly mentioned in the body when they are changed
+# This is useful for when developers often erroneously edit certain files or git submodules.
+# By specifying this rule, developers can only change the file when they explicitly reference
+# it in the commit message.
+# files=gitlint/rules.py,README.md
+
+# [body-match-regex]
+# python-style regex that the commit-msg body must match.
+# E.g. body must end in My-Commit-Tag: foo
+# regex=My-Commit-Tag: foo$
+
+# [author-valid-email]
+# python-style regex that the commit author email address must match.
+# For example, use the following regex if you only want to allow email addresses from foo.com
+# regex=[^@][email protected]
+
+# [ignore-by-title]
+# Ignore certain rules for commits of which the title matches a regex
+# E.g. Match commit titles that start with "Release"
+# regex=^Release(.*)
+
+# Ignore certain rules, you can reference them by their id or by their full name
+# Use 'all' to ignore all rules
+# ignore=T1,body-min-length
+
+# [ignore-by-body]
+# Ignore certain rules for commits of which the body has a line that matches a regex
+# E.g. Match bodies that have a line that that contain "release"
+# regex=(.*)release(.*)
+#
+# Ignore certain rules, you can reference them by their id or by their full name
+# Use 'all' to ignore all rules
+# ignore=T1,body-min-length
+
+# [ignore-body-lines]
+# Ignore certain lines in a commit body that match a regex.
+# E.g. Ignore all lines that start with 'Co-Authored-By'
+# regex=^Co-Authored-By
+
+# This is a contrib rule - a community contributed rule. These are disabled by default.
+# You need to explicitly enable them one-by-one by adding them to the "contrib" option
+# under [general] section above.
+# [contrib-title-conventional-commits]
+# Specify allowed commit types. For details see: https://www.conventionalcommits.org/
+# types = bugfix,user-story,epic

.golangci.yaml

@@ -5,7 +5,7 @@ linters:
   disable-all: true
   enable:
     - asciicheck
-    - deadcode
+    # - deadcode
     - depguard
     - dupl
     - errcheck
@@ -30,7 +30,7 @@ linters:
     # - nolintlint
     - revive
     - staticcheck
-    - structcheck
+    # - structcheck
     # - tagliatelle
     # - testpackage
     - typecheck

Dockerfile

@@ -24,7 +24,10 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} GO111MODULE=on \
     -ldflags "-X main.Version=${GIT_VERSION} -X main.CommitID=${COMMIT_ID}" \
     -o manager main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
+LABEL org.opencontainers.image.title="Samba operator"
+LABEL org.opencontainers.image.vendor="Samba in Kubernetes"
+LABEL org.opencontainers.image.url="https://github.com/samba-in-kubernetes/samba-operator"
 
 WORKDIR /
 COPY --from=builder /workspace/manager .