Merge pull request #459 from vshn/develop

🔀 Merge develop into master (Release)

Author: Kidswiss

.github/workflows/merge.yml

@@ -82,15 +82,16 @@ jobs:
             exit 1
           fi
 
-      - name: Check required status checks on appcat PR
-        run: |
-          PASSED=$(gh api repos/${{ github.repository }}/commits/${{ steps.appcat.outputs.last-sha }}/check-runs \
-            --jq '[.check_runs[].conclusion] | all(. == "success" or . == "skipped")')
-
-          if [ "$PASSED" != "true" ]; then
-            echo "❌ Required status checks did not pass"
-            exit 1
-          fi
+      # Disable temporarily
+      #- name: Check required status checks on appcat PR
+      #  run: |
+      #    PASSED=$(gh api repos/${{ github.repository }}/commits/${{ steps.appcat.outputs.last-sha }}/check-runs \
+      #      --jq '[.check_runs[].conclusion] | all(. == "success" or . == "skipped")')
+      #
+      #    if [ "$PASSED" != "true" ]; then
+      #      echo "❌ Required status checks did not pass"
+      #      exit 1
+      #    fi
 
       - name: Check for merge conflicts on appcat PR
         id: check-conflicts

.github/workflows/pre-release.yml

@@ -85,6 +85,13 @@ jobs:
           git push origin $NEW_TAG
           echo "new_tag=$NEW_TAG" >> $GITHUB_OUTPUT
 
+      - name: Trigger Release Workflow
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repository: ${{ env.APPCAT_REPO }}
+          event-type: trigger-release
+          client-payload: '{"tag": "${{ steps.bump.outputs.new_tag }}"}'
 
   create-component-release-pr:
     needs: create-and-merge-appcat-pr
@@ -132,4 +139,3 @@ jobs:
             --body "This PR updates the version in defaults.yaml and regenerates golden files."
         env:
           GH_TOKEN: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
-

.github/workflows/release.yml

@@ -4,12 +4,8 @@ on:
   push:
     tags:
       - "*"
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: 'Tag to release'
-        required: true
-        type: string
+  repository_dispatch:
+    types: [trigger-release]
 
 env:
   APP_NAME: appcat
@@ -26,6 +22,16 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          # Checkout the specific tag when triggered by repository_dispatch
+          ref: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.tag || github.ref }}
+
+      - name: Set tag variable
+        run: |
+          if [ "${{ github.event_name }}" == "repository_dispatch" ]; then
+            echo "TAG=${{ github.event.client_payload.tag }}" >> $GITHUB_ENV
+          else
+            echo "TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
+          fi
 
       - name: Determine Go version from go.mod
         run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
@@ -56,11 +62,11 @@ jobs:
 
       - name: Push docker image
         if: env.PUSH_IMAGE == 'true'
-        run: make docker-push -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }}
+        run: make docker-push -e IMG_TAG=${{ env.TAG }} -e APP_NAME=${{ env.APP_NAME }}
 
       - name: Build and push function package
         if: env.PUSH_PACKAGE == 'true'
-        run: make package-push -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }}
+        run: make package-push -e IMG_TAG=${{ env.TAG }} -e APP_NAME=${{ env.APP_NAME }}
 
       - name: Login to Upbound
         if: env.PUSH_UPBOUND == 'true'
@@ -72,7 +78,7 @@ jobs:
 
       - name: Build branch and push package to upbound
         if: env.PUSH_UPBOUND == 'true' && env.PUSH_PACKAGE == 'true'
-        run: make package-push -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }} -e IMG_REPO=xpkg.upbound.io
+        run: make package-push -e IMG_TAG=${{ env.TAG }} -e APP_NAME=${{ env.APP_NAME }} -e IMG_REPO=xpkg.upbound.io
 
       - name: Build changelog from PRs with labels
         id: build_changelog
@@ -82,8 +88,9 @@ jobs:
           # PreReleases still get a changelog, but the next full release gets a diff since the last full release,
           # combining possible changelogs of all previous PreReleases in between. PreReleases show a partial changelog
           # since last PreRelease.
-          ignorePreReleases: "${{ !contains(github.ref, '-rc') }}"
+          ignorePreReleases: "${{ !contains(env.TAG, '-rc') }}"
           outputFile: .github/release-notes.md
+          toTag: ${{ env.TAG }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -95,4 +102,3 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CONTAINER_REGISTRY: ghcr.io
           IMAGE_NAME: ${{ github.repository }}${{ env.SUFFIX }}
-

apis/vshn/v1/common_types.go

@@ -196,7 +196,8 @@ type Security struct {
 
 	// DeletionProtection blocks the deletion of the instance if it is enabled (enabled by default)
 	// +kubebuilder:default=true
-	DeletionProtection bool `json:"deletionProtection,omitempty"`
+	// +kubebuilder:validation:Optional
+	DeletionProtection bool `json:"deletionProtection"`
 
 	// AllowedGroups defines a list of Groups that have limited access to the instance namespace
 	AllowedGroups []string `json:"allowedGroups,omitempty"`

apis/vshn/v1/dbaas_vshn_postgresql.go

@@ -186,7 +186,8 @@ type VSHNPostgreSQLBackup struct {
 	// DeletionProtection will protect the instance from being deleted for the given retention time.
 	// This is enabled by default.
 	// +kubebuilder:default=true
-	DeletionProtection *bool `json:"deletionProtection,omitempty"`
+	// +kubebuilder:validation:Optional
+	DeletionProtection *bool `json:"deletionProtection"`
 
 	// DeletionRetention specifies in days how long the instance should be kept after deletion.
 	// The default is keeping it one week.

pkg/comp-functions/functions/common/password.go

@@ -32,10 +32,22 @@ func AddCredentialsSecret(comp InfoGetter, svc *runtime.ServiceRuntime, fieldLis
 // This is helpful if multiple different random generated passwords are necessary.
 func AddGenericSecret(comp InfoGetter, svc *runtime.ServiceRuntime, suffix string, fieldList []string, allowDeletion bool, opts ...CredentialSecretOption) (string, error) {
 	secretObjectName := runtime.EscapeDNS1123(comp.GetName()+"-"+suffix, false)
+
 	secret := &corev1.Secret{}
 	cd := []xkube.ConnectionDetail{}
+
+	errObj := svc.GetObservedComposedResource(&xkube.Object{}, secretObjectName)
+
 	err := svc.GetObservedKubeObject(secret, secretObjectName)
-	if err == runtime.ErrNotFound {
+
+	// runtime.ErrNotFound for the secret alone isn't enough here to prevent re-creating passwords
+	// during provisioning it can happen that provider-kubernetes already applied a secret, but
+	// hasn't yet set the status. If the status of the object is empty, the runtime will
+	// also throw an ErrNotFound.
+	// So we also check for the existence of the `Object` itself from the observed state, by
+	// trying to get the object directly.
+	if err == runtime.ErrNotFound && errObj == runtime.ErrNotFound {
+
 		stringData := map[string]string{}
 
 		for _, field := range fieldList {
@@ -51,7 +63,7 @@ func AddGenericSecret(comp InfoGetter, svc *runtime.ServiceRuntime, suffix strin
 			},
 			StringData: stringData,
 		}
-	} else if err != nil {
+	} else if err != nil && err != runtime.ErrNotFound {
 		return secretObjectName, err
 	}
 

pkg/comp-functions/functions/common/schedule.go

@@ -9,9 +9,9 @@ import (
 )
 
 var (
-	maitenanceWindowStart = time.Date(1970, 1, 1, 21, 0, 0, 0, time.UTC)
-	maitenanceWindowEnd   = time.Date(1970, 1, 2, 5, 0, 0, 0, time.UTC)
-	maitenanceWindowRange = maitenanceWindowEnd.Unix() - maitenanceWindowStart.Unix()
+	maintenanceWindowStart = time.Date(1970, 1, 1, 21, 0, 0, 0, time.UTC)
+	maintenanceWindowEnd   = time.Date(1970, 1, 2, 5, 0, 0, 0, time.UTC)
+	maintenanceWindowRange = maintenanceWindowEnd.Unix() - maintenanceWindowStart.Unix()
 )
 
 // BackupScheduler can schedule backups
@@ -26,12 +26,26 @@ type MaintenanceScheduler interface {
 	GetMaintenanceTimeOfDay() *v1.TimeOfDay
 }
 
-// SetRandomSchedules initializes the backup and maintenance schedules  if the user did not explicitly provide a schedule.
-// The maintenance will be set to a random time on Tuesday night between 21:00 and 5:00, and the backup schedule will be set to once a day between 20:00 and 4:00.
+// SetRandomSchedules initializes the backup and maintenance schedules if the user did not explicitly provide a schedule.
+// The maintenance will be set to a random time on a random day (Sunday-Friday) between 21:00 and 5:00,
+// with the exception that Sunday maintenance only runs after 21:00 (not in the early morning hours).
+// The backup schedule will be set to once a day between 20:00 and 4:00.
 // If neither maintenance nor backup is set, the function will make sure that there will be backup scheduled one hour before the maintenance.
 func SetRandomSchedules(backup BackupScheduler, maintenance MaintenanceScheduler) {
 	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
-	maintTime := time.Unix(maitenanceWindowStart.Unix()+rng.Int63n(maitenanceWindowRange), 0).In(time.UTC)
+	availableDays := []string{"sunday", "monday", "tuesday", "wednesday", "thursday", "friday"}
+	selectedDay := availableDays[rng.Intn(len(availableDays))]
+	maintTime := time.Unix(maintenanceWindowStart.Unix()+rng.Int63n(maintenanceWindowRange), 0).In(time.UTC)
+
+	// Special handling for Sunday: only allow times after 21:00 (not early morning)
+	if selectedDay == "sunday" && maintTime.Hour() < 21 {
+		// If time is in early morning (0-5), shift to evening (21-23)
+		eveningStart := time.Date(1970, 1, 1, 21, 0, 0, 0, time.UTC)
+		eveningEnd := time.Date(1970, 1, 1, 23, 59, 59, 0, time.UTC)
+		eveningRange := eveningEnd.Unix() - eveningStart.Unix()
+		maintTime = time.Unix(eveningStart.Unix()+rng.Int63n(eveningRange), 0).In(time.UTC)
+	}
+
 	backupTime := maintTime.Add(-1 * time.Hour).In(time.UTC)
 
 	if backup.GetBackupSchedule() == "" {
@@ -45,10 +59,6 @@ func SetRandomSchedules(backup BackupScheduler, maintenance MaintenanceScheduler
 	}
 
 	if maintenance.GetMaintenanceDayOfWeek() == "" {
-		day := "tuesday"
-		if maintTime.Day() > 1 {
-			day = "wednesday"
-		}
-		maintenance.SetMaintenanceDayOfWeek(day)
+		maintenance.SetMaintenanceDayOfWeek(selectedDay)
 	}
 }