Merge pull request #35 from bouskaJ/cleanup

chore: repo migration cleanup

Author: miyunari

.gitignore

@@ -1 +1,12 @@
 /vendor/
+
+/bin
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~
+.DS_Store
+*.iml

Containerfile

@@ -1,19 +1,33 @@
-# Use the official Golang image as a base
-FROM golang:1.23
+# Build the manager binary
+FROM golang:1.23 AS builder
+ARG TARGETOS
+ARG TARGETARCH
 
-# Set the working directory
-WORKDIR /app
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
 
-# Copy all files
-COPY . .
+# Copy the go source
+COPY cmd/main.go cmd/main.go
+COPY api/ api/
+COPY internal/ internal/
 
-# Download dependencies
-RUN go mod download && go mod verify
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
 
-# Build the application
-RUN CGO_ENABLED=0 go build -v -o app .
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
 
-FROM scratch
-COPY --from=0 /app/app /app
-EXPOSE 8080
-CMD ["/app"]
+ENTRYPOINT ["/manager"]

Dockerfile

@@ -9,14 +9,14 @@ plugins:
   manifests.sdk.operatorframework.io/v2: {}
   scorecard.sdk.operatorframework.io/v2: {}
 projectName: sdk-init
-repo: github.com/miyunari/model-validation-controller
+repo: github.com/sigstore/model-validation-operator
 resources:
 - api:
     crdVersion: v1
     namespaced: true
   domain: sigstore.dev
   group: ml
   kind: ModelValidation
-  path: github.com/miyunari/model-validation-controller/api/v1alpha1
+  path: github.com/sigstore/model-validation-controller/api/v1alpha1
   version: v1alpha1
 version: "3"

PROJECT

@@ -19,14 +19,14 @@ This project is a proof of concept based on the [sigstore/model-transperency-cli
 
 The controller can be installed in the `model-validation-controller` namespace via [kustomize](https://kustomize.io/).
 ```bash
-kubectl apply -k https://raw.githubusercontent.com/miyunari/model-validation-controller/main/manifests
+kubectl apply -k https://raw.githubusercontent.com/sigstore/model-validation-operator/main/manifests
 # or local
 kubectl apply -k manifests
 ```
 
 Run delete to uninstall the controller.
 ```bash
-kubectl delete -k https://raw.githubusercontent.com/miyunari/model-validation-controller/main/manifests
+kubectl delete -k https://raw.githubusercontent.com/sigstore/model-validation-operator/main/manifests
 # or local
 kubectl delete -k manifests
 ```
@@ -84,7 +84,7 @@ metadata:
 spec:
   config:
     sigstoreConfig:
-      certificateIdentity: "https://github.com/miyunari/model-validation-controller/.github/workflows/sign-model.yaml@refs/tags/v0.0.2"
+      certificateIdentity: "https://github.com/sigstore/model-validation-operator/.github/workflows/sign-model.yaml@refs/tags/v0.0.2"
       certificateOidcIssuer: "https://token.actions.githubusercontent.com"
   model:
     path: /data/tensorflow_saved_model
@@ -123,13 +123,13 @@ The example folder contains two files `prepare.yaml` and `signed.yaml`.
 
 - prepare: contains a persistent volume claim and a job that downloads a signed test model.
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/miyunari/model-validation-controller/main/examples/prepare.yaml
+kubectl apply -f https://raw.githubusercontent.com/sigstore/model-validation-operator/main/examples/prepare.yaml
 # or local
 kubectl apply -f examples/prepare.yaml
 ```
 - signed: contains a model validation manifest for the validation of this model and a demo pod, which is provided with the appropriate label for validation.
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/miyunari/model-validation-controller/main/examples/verify.yaml
+kubectl apply -f https://raw.githubusercontent.com/sigstore/model-validation-operator/main/examples/verify.yaml
 # or local
 kubectl apply -f examples/verify.yaml
 ```

README.md

@@ -21,11 +21,14 @@ import (
 	"flag"
 	"os"
 
+	"github.com/sigstore/model-validation-controller/internal/constants"
+	"github.com/sigstore/model-validation-controller/internal/utils"
+
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
-	"github.com/miyunari/model-validation-controller/internal/webhooks"
+	"github.com/sigstore/model-validation-controller/internal/webhooks"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -37,7 +40,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
-	mlv1alpha1 "github.com/miyunari/model-validation-controller/api/v1alpha1"
+	mlv1alpha1 "github.com/sigstore/model-validation-controller/api/v1alpha1"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -70,6 +73,7 @@ func main() {
 		"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
+	utils.StringFlagOrEnv(&constants.ModelTransparencyCliImage, "model-transparency-cli-image", "MODEL_TRANSPARENCY_CLI_IMAGE", constants.ModelTransparencyCliImage, "Model transparency CLI image to be used.")
 	opts := zap.Options{
 		Development: true,
 	}

bin/controller-gen

@@ -24,7 +24,7 @@ spec:
             - /bin/sh
             - -c
             - |
-              wget -O /data/tensorflow_saved_model.tar.gz https://github.com/miyunari/model-validation-controller/releases/download/v0.0.1/signed_model.tar.gz
+              wget -O /data/tensorflow_saved_model.tar.gz https://github.com/sigstore/model-validation-operator/releases/download/v0.0.1/signed_model.tar.gz
               tar -xzvf /data/tensorflow_saved_model.tar.gz -C /data
               rm /data/tensorflow_saved_model.tar.gz
           volumeMounts:

bin/controller-gen-v0.16.1

@@ -12,7 +12,7 @@ spec:
     # privateKeyConfig:
     #   keyPath: /root/pub.key
     sigstoreConfig:
-      certificateIdentity: "https://github.com/miyunari/model-validation-controller/.github/workflows/sign-model.yaml@refs/tags/v0.0.2"
+      certificateIdentity: "https://github.com/sigstore/model-validation-operator/.github/workflows/sign-model.yaml@refs/tags/v0.0.2"
       certificateOidcIssuer: "https://token.actions.githubusercontent.com"
   model:
     path: /data