Initial commit

Author: rsmitty

.conform.yaml

@@ -0,0 +1,29 @@
+policies:
+  - type: commit
+    spec:
+      headerLength: 89
+      dco: true
+      gpg: false
+      imperative: true
+      maximumOfOneCommit: true
+      requireCommitBody: true
+      conventional:
+        types:
+          - chore
+          - docs
+          - perf
+          - refactor
+          - style
+          - test
+        scopes:
+          - '*'
+  - type: license
+    spec:
+      skipPaths:
+        - .git/
+      includeSuffixes:
+        - .go
+      header: |
+        // This Source Code Form is subject to the terms of the Mozilla Public
+        // License, v. 2.0. If a copy of the MPL was not distributed with this
+        // file, You can obtain one at http://mozilla.org/MPL/2.0/.

.dockerignore

@@ -0,0 +1,10 @@
+*
+!api
+!config
+!controllers
+!hack
+!internal
+!pkg
+!go.mod
+!go.sum
+!main.go

.drone.yml

@@ -0,0 +1,151 @@
+---
+kind: secret
+name: kubeconfig
+
+get:
+  path: buildx
+  name: kubeconfig
+
+---
+kind: pipeline
+name: default
+
+services:
+  - name: docker
+    image: docker:19.03-dind
+    entrypoint:
+      - dockerd
+    command:
+      - --dns=8.8.8.8
+      - --dns=8.8.4.4
+      - --log-level=error
+    privileged: true
+    volumes:
+      - name: docker-socket
+        path: /var/run
+
+steps:
+  - name: setup-ci
+    image: autonomy/build-container:latest
+    commands:
+      - git fetch --tags
+      - apk add coreutils
+      - echo -e "$BUILDX_KUBECONFIG" > /root/.kube/config
+      - docker buildx create --driver kubernetes --driver-opt replicas=2 --driver-opt namespace=ci --driver-opt image=moby/buildkit:v0.6.2 --name ci --buildkitd-flags="--allow-insecure-entitlement security.insecure" --use
+      - docker buildx inspect --bootstrap
+    environment:
+      BUILDX_KUBECONFIG:
+        from_secret: kubeconfig
+    privileged: true
+    volumes:
+      - name: docker-socket
+        path: /var/run
+      - name: docker
+        path: /root/.docker/buildx
+      - name: kube
+        path: /root/.kube
+
+  - name: build-pull-request
+    image: autonomy/build-container:latest
+    pull: always
+    commands:
+      - make
+    when:
+      event:
+        include:
+          - pull_request
+    volumes:
+      - name: docker-socket
+        path: /var/run
+      - name: docker
+        path: /root/.docker/buildx
+      - name: kube
+        path: /root/.kube
+
+  - name: build-and-publish
+    image: autonomy/build-container:latest
+    pull: always
+    environment:
+      DOCKER_USERNAME:
+        from_secret: docker_username
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+    commands:
+      - docker login --username "$${DOCKER_USERNAME}" --password "$${DOCKER_PASSWORD}"
+      - make PUSH=true
+    when:
+      event:
+        exclude:
+          - pull_request
+    volumes:
+      - name: docker-socket
+        path: /var/run
+      - name: docker
+        path: /root/.docker/buildx
+      - name: kube
+        path: /root/.kube
+
+  - name: build-release
+    image: autonomy/build-container:latest
+    pull: always
+    commands:
+      - make release
+    when:
+      event:
+        - tag
+    volumes:
+      - name: docker-socket
+        path: /var/run
+      - name: docker
+        path: /root/.docker/buildx
+      - name: kube
+        path: /root/.kube
+
+  - name: release
+    image: plugins/github-release
+    settings:
+      api_key:
+        from_secret: github_token
+      checksum:
+        - sha256
+        - sha512
+      draft: true
+      files:
+        - _out/*
+    when:
+      event:
+        - tag
+
+volumes:
+  - name: docker-socket
+    temp: {}
+  - name: docker
+    temp: {}
+  - name: kube
+    temp: {}
+---
+kind: pipeline
+name: notify
+
+clone:
+  disable: true
+
+steps:
+  - name: slack
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: slack_webhook
+      channel: proj-talos-maintainers
+    when:
+      status:
+        - success
+        - failure
+
+trigger:
+  status:
+    - success
+    - failure
+
+depends_on:
+  - default

.gitignore

@@ -0,0 +1 @@
+_out

Dockerfile

@@ -0,0 +1,55 @@
+# syntax = docker/dockerfile-upstream:1.1.4-experimental
+
+FROM golang:1.13 AS build
+ENV GO111MODULE on
+ENV GOPROXY https://proxy.golang.org
+ENV CGO_ENABLED 0
+WORKDIR /tmp
+RUN go get sigs.k8s.io/controller-tools/cmd/[email protected]
+WORKDIR /src
+COPY ./go.mod ./
+COPY ./go.sum ./
+RUN go mod download
+RUN go mod verify
+COPY ./ ./
+RUN go list -mod=readonly all >/dev/null
+RUN ! go mod tidy -v 2>&1 | grep .
+
+FROM build AS manifests-build
+ARG NAME
+RUN controller-gen rbac:roleName=${NAME}-role crd paths="./..." output:rbac:artifacts:config=config/rbac output:crd:artifacts:config=config/crd/bases
+FROM scratch AS manifests
+COPY --from=manifests-build /src/config/crd /config/crd
+COPY --from=manifests-build /src/config/rbac /config/rbac
+
+FROM build AS generate-build
+RUN controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
+FROM scratch AS generate
+COPY --from=generate-build /src/api /api
+
+FROM k8s.gcr.io/hyperkube:v1.17.0 AS release-build
+RUN apt update -y \
+  && apt install -y curl \
+  && curl -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv3.4.0/kustomize_v3.4.0_linux_amd64.tar.gz \
+  && tar -xf kustomize_v3.4.0_linux_amd64.tar.gz -C /usr/local/bin \
+  && rm kustomize_v3.4.0_linux_amd64.tar.gz
+COPY ./config ./config
+ARG REGISTRY_AND_USERNAME
+ARG NAME
+ARG TAG
+RUN cd config/manager \
+  && kustomize edit set image controller=${REGISTRY_AND_USERNAME}/${NAME}:${TAG} \
+  && cd - \
+  && kubectl kustomize config >/release.yaml
+FROM scratch AS release
+COPY --from=release-build /release.yaml /release.yaml
+
+FROM build AS binary
+RUN --mount=type=cache,target=/root/.cache/go-build GOOS=linux go build -ldflags "-s -w" -o /manager
+RUN chmod +x /manager
+
+FROM scratch AS container
+COPY --from=docker.io/autonomy/ca-certificates:v0.1.0 / /
+COPY --from=docker.io/autonomy/fhs:v0.1.0 / /
+COPY --from=binary /manager /manager
+ENTRYPOINT [ "/manager" ]