vshn
diff --git a/‎.github/workflows/merge.yml‎
Lines changed: 77 additions & 9 deletions b/‎.github/workflows/merge.yml‎
Lines changed: 77 additions & 9 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cmd/controller.go‎
Lines changed: 44 additions & 1 deletion b/‎cmd/controller.go‎
Lines changed: 44 additions & 1 deletion
diff --git a/‎cmd/maintenance.go‎
Lines changed: 12 additions & 3 deletions b/‎cmd/maintenance.go‎
Lines changed: 12 additions & 3 deletions
diff --git a/‎config/controller/cluster-role.yaml‎
Lines changed: 9 additions & 0 deletions b/‎config/controller/cluster-role.yaml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎config/controller/service.yaml‎
Lines changed: 15 additions & 0 deletions b/‎config/controller/service.yaml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎config/controller/servicemonitor.yaml‎
Lines changed: 12 additions & 0 deletions b/‎config/controller/servicemonitor.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎config/controller/webhooks.yaml‎
Lines changed: 0 additions & 19 deletions b/‎config/controller/webhooks.yaml‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎pkg/comp-functions/functions/vshnpostgres/billing.go‎
Lines changed: 1 addition & 1 deletion b/‎pkg/comp-functions/functions/vshnpostgres/billing.go‎
Lines changed: 1 addition & 1 deletion
@@ -164,19 +164,92 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
     steps:
+      - name: Merge PR in appcat repo
+        run: |
+          echo "✅ Merging appcat PR: https://github.com/$APPCAT_REPO/pull/${{ needs.check-conditions.outputs.pr-number }}"
+          gh pr merge -R "$APPCAT_REPO" ${{ needs.check-conditions.outputs.pr-number }} --merge --delete-branch
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get merge commit SHA from PR
+        id: merge-commit
+        run: |
+          # Wait for merge to be reflected in API
+          sleep 2
+
+          # Get the merge commit SHA directly from the PR
+          MERGE_COMMIT_SHA=$(gh pr view ${{ needs.check-conditions.outputs.pr-number }} \
+            -R "$APPCAT_REPO" \
+            --json mergeCommit \
+            --jq '.mergeCommit.oid')
+
+          # Verify we got the commit that contains our PR's changes
+          LAST_PR_COMMIT="${{ needs.check-conditions.outputs.last-sha }}"
+
+          # Check if the merge commit has our last PR commit as a parent
+          PARENTS=$(gh api repos/$APPCAT_REPO/commits/$MERGE_COMMIT_SHA --jq '[.parents[].sha] | join(" ")')
+
+          if ! echo "$PARENTS" | grep -q "$LAST_PR_COMMIT"; then
+            echo "❌ Merge commit $MERGE_COMMIT_SHA does not contain PR commit $LAST_PR_COMMIT"
+            echo "Parents: $PARENTS"
+            exit 1
+          fi
+
+          echo "🔧 Merge commit SHA: $MERGE_COMMIT_SHA (verified)"
+          echo "sha=$MERGE_COMMIT_SHA" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout appcat repository at merge commit
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ env.APPCAT_REPO }}
+          ref: ${{ steps.merge-commit.outputs.sha }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Determine Go version from go.mod
+        run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image with merge commit SHA
+        run: |
+          echo "🐳 Building and pushing image with tag: ${{ steps.merge-commit.outputs.sha }}"
+          make docker-push -e IMG_TAG=${{ steps.merge-commit.outputs.sha }} -e APP_NAME=${{ env.APP_NAME }}
+
+      - name: Build and push function package with merge commit SHA
+        run: |
+          echo "📦 Building and pushing function package with tag: ${{ steps.merge-commit.outputs.sha }}"
+          make package-push -e IMG_TAG=${{ steps.merge-commit.outputs.sha }} -e APP_NAME=${{ env.APP_NAME }}
+
       - name: Clone and patch component repo
         run: |
           COMPONENT_BRANCH="${{ needs.check-conditions.outputs.comp-feature-branch }}"
-          APPCAT_FR_COMMIT_SHA="${{ needs.check-conditions.outputs.last-sha }}"
-          echo "🔧 Using commit: $APPCAT_FR_COMMIT_SHA"
+          APPCAT_MERGE_COMMIT_SHA="${{ steps.merge-commit.outputs.sha }}"
+          echo "🔧 Using merge commit: $APPCAT_MERGE_COMMIT_SHA"
           echo "🔧 Cloning branch: $COMPONENT_BRANCH"
 
           git clone https://x-access-token:$GH_TOKEN@github.com/"$COMPONENT_REPO".git
           cd component-appcat
           git checkout "$COMPONENT_BRANCH"
 
           echo "🔧 Patching class/defaults.yml..."
-          yq e ".parameters.appcat.images.appcat.tag = \"$APPCAT_FR_COMMIT_SHA\"" class/defaults.yml \
+          yq e ".parameters.appcat.images.appcat.tag = \"$APPCAT_MERGE_COMMIT_SHA\"" class/defaults.yml \
             | diff -B class/defaults.yml - \
             | patch class/defaults.yml - || echo "✅ No patch needed"
 
@@ -189,7 +262,7 @@ jobs:
           if git diff --cached --quiet; then
             echo "✅ No changes to commit"
           else
-            git commit -m "Auto update from appcat PR https://github.com/${{ env.APPCAT_REPO }}/pull/${{ needs.check-conditions.outputs.pr-number }}, dependency $APPCAT_FR_COMMIT_SHA"
+            git commit -m "Auto update from appcat PR https://github.com/${{ env.APPCAT_REPO }}/pull/${{ needs.check-conditions.outputs.pr-number }}, dependency $APPCAT_MERGE_COMMIT_SHA"
             git push origin "$COMPONENT_BRANCH"
           fi
 
@@ -210,11 +283,6 @@ jobs:
           echo "✅ Merging component PR: ${{ needs.check-conditions.outputs.comp-url }}"
           gh pr merge -R "$COMPONENT_REPO" ${{ needs.check-conditions.outputs.comp-pr-number }} --merge --delete-branch
 
-      - name: Merge PR in appcat repo
-        run: |
-          echo "✅ Merging appcat PR: https://github.com/$APPCAT_REPO/pull/${{ needs.check-conditions.outputs.pr-number }}"
-          gh pr merge -R "$APPCAT_REPO" ${{ needs.check-conditions.outputs.pr-number }} --merge --delete-branch
-
   merge-hotfix:
     needs: check-conditions
     if: needs.check-conditions.outputs.base-branch == 'master' && needs.check-conditions.outputs.is-hotfix == 'true'
 
@@ -1,4 +1,4 @@
-SHELL := /bin/bash
+SHELL := /usr/bin/env bash
 
 PROJECT_ROOT_DIR = .
 PROJECT_NAME ?= appcat
 
@@ -141,6 +141,7 @@ The controller manages and achieves the following:
 | --------------------- | ----------------------------------------------- | -------------------------------------------- |
 | `XVSHNPostgreSQL`     | Deletion Protection Support                     | Manages finalizers before and after deletion |
 | `validation webhooks` | Provide validation webhooks for AppCat services | See Goal                                     |
+| `crossplane metrics`  | Provides crossplane resource metrics            | See [here](pkg/controller/crossplane_metrics/README.md) for more information |
 
 ### Local Webhook debugging
 
 
@@ -1,20 +1,24 @@
 package cmd
 
 import (
+	"encoding/json"
 	"fmt"
 
 	"github.com/go-logr/logr"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/vshn/appcat/v4/pkg"
 	"github.com/vshn/appcat/v4/pkg/controller/billing"
+	"github.com/vshn/appcat/v4/pkg/controller/crossplane_metrics"
 	"github.com/vshn/appcat/v4/pkg/controller/events"
 	"github.com/vshn/appcat/v4/pkg/controller/webhooks"
 	"github.com/vshn/appcat/v4/pkg/odoo"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/dynamic"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
@@ -29,6 +33,7 @@ type controller struct {
 	enableQuotas            bool
 	enableEventForwarding   bool
 	enableBilling           bool
+	enableCrossplaneMetrics bool
 	certDir                 string
 }
 
@@ -55,6 +60,7 @@ func init() {
 	ControllerCMD.Flags().BoolVar(&c.enableQuotas, "quotas", false, "Enable the quota webhooks, is only active if webhooks is also true")
 	ControllerCMD.Flags().BoolVar(&c.enableEventForwarding, "event-forwarding", true, "Disable event-forwarding")
 	ControllerCMD.Flags().BoolVar(&c.enableBilling, "billing", true, "Disable billing")
+	ControllerCMD.Flags().BoolVar(&c.enableCrossplaneMetrics, "crossplane-metrics", false, "Enable Crossplane resource metrics collector")
 	viper.AutomaticEnv()
 	if !viper.IsSet("PLANS_NAMESPACE") {
 		viper.Set("PLANS_NAMESPACE", "syn-appcat")
@@ -132,6 +138,43 @@ func (c *controller) executeController(cmd *cobra.Command, _ []string) error {
 		}
 	}
 
+	if c.enableCrossplaneMetrics {
+		// Parse configuration from environment variables
+		labelMapping := make(map[string]string)
+		if labelMappingJSON := viper.GetString("CROSSPLANE_LABEL_MAPPING"); labelMappingJSON != "" {
+			if err := json.Unmarshal([]byte(labelMappingJSON), &labelMapping); err != nil {
+				return fmt.Errorf("failed to parse CROSSPLANE_LABEL_MAPPING: %w", err)
+			}
+		} else {
+			return fmt.Errorf("CROSSPLANE_LABEL_MAPPING environment variable is required when crossplane-metrics is enabled")
+		}
+
+		if len(labelMapping) == 0 {
+			return fmt.Errorf("CROSSPLANE_LABEL_MAPPING cannot be empty when crossplane-metrics is enabled")
+		}
+
+		// Parse extra resources (optional)
+		extraResources := make(map[string][]string)
+		if extraResourcesStr := viper.GetString("CROSSPLANE_EXTRA_RESOURCES"); extraResourcesStr != "" {
+			if err := json.Unmarshal([]byte(extraResourcesStr), &extraResources); err != nil {
+				return fmt.Errorf("failed to parse CROSSPLANE_EXTRA_RESOURCES: %w", err)
+			}
+		}
+
+		// Create dynamic client for Crossplane resources
+		dynamicClient, err := dynamic.NewForConfig(mgr.GetConfig())
+		if err != nil {
+			return fmt.Errorf("failed to create dynamic client: %w", err)
+		}
+
+		// Create and register the collector
+		collector := crossplane_metrics.NewMetricsCollector(dynamicClient, labelMapping, extraResources, log)
+		if err := metrics.Registry.Register(collector); err != nil {
+			return fmt.Errorf("failed to register Crossplane metrics collector: %w", err)
+		}
+		log.Info("Crossplane metrics collector registered successfully")
+	}
+
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		return err
 	}
@@ -218,5 +261,5 @@ func setupWebhooks(mgr manager.Manager, withQuota bool, withAppcatWebhooks bool,
 	if err != nil {
 		return err
 	}
-	return webhooks.SetupPVCDeletionProtectionHandlerWithManager(mgr)
+	return webhooks.SetupUnmanagedProtectionWebhookWithManager(mgr)
 }
@@ -53,6 +53,8 @@ var (
 type Maintenance interface {
 	DoMaintenance(ctx context.Context) error
 	ReleaseLatest(ctx context.Context, enabled bool, kubeClient client.Client, minAge time.Duration) error
+	// RunBackup runs a pre-maintenance backup if supported
+	RunBackup(ctx context.Context) error
 }
 
 type service enumflag.Flag
@@ -163,9 +165,16 @@ func (c *controller) runMaintenance(cmd *cobra.Command, _ []string) error {
 	}
 
 	if err = errors.Join(
-		// We do the release first and then the maintenance
-		// This is to avoid deadlocks, where a maintenance might be broken
-		// in a version and the fix is in the next version.
+		// Run backup before any changes, then release, then maintenance
+		func() error {
+			log.Info("Running pre-maintenance backup")
+			if err := m.RunBackup(ctx); err != nil {
+				log.Error(err, "Pre-maintenance backup failed")
+				return fmt.Errorf("pre-maintenance backup failed: %w", err)
+			}
+			log.Info("Pre-maintenance backup completed successfully")
+			return nil
+		}(),
 		func() error {
 			enabled, err := strconv.ParseBool(viper.GetString("RELEASE_MANAGEMENT_ENABLED"))
 			if err != nil {
 
@@ -126,9 +126,18 @@ rules:
   - xvshnpostgresqls/status
   - xvshnredis
   - xvshnredis/status
+  - xobjectbuckets
   verbs:
   - get
   - list
   - patch
   - update
   - watch
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources:
+  - compositeresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: appcat-controller
+  namespace: appcat
+  labels:
+    appcat-controller: appcat-controller
+spec:
+  ports:
+    - port: 8080
+      name: metrics
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    appcat-controller: appcat-controller
@@ -0,0 +1,12 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: appcat
+  namespace: appcat
+spec:
+  endpoints:
+  - path: /metrics
+    port: metrics
+  selector:
+    matchLabels:
+      appcat-controller: appcat-controller
@@ -141,25 +141,6 @@ webhooks:
     resources:
     - vshnpostgresqls
   sideEffects: None
-- admissionReviewVersions:
-  - v1
-  clientConfig:
-    service:
-      name: webhook-service
-      namespace: system
-      path: /validate--v1-persistentvolumeclaim
-  failurePolicy: Fail
-  name: pvc.vshn.appcat.vshn.io
-  rules:
-  - apiGroups:
-    - ""
-    apiVersions:
-    - v1
-    operations:
-    - DELETE
-    resources:
-    - persistentvolumeclaims
-  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
 
@@ -24,7 +24,7 @@ func AddBilling(ctx context.Context, comp *v1.VSHNPostgreSQL, svc *runtime.Servi
 		return prometheusResult
 	}
 
-	if comp.GetLabels()[runtime.OwnerCompositeAnnotation] != "" {
+	if comp.GetLabels()[runtime.OwnerCompositeLabel] != "" {
 		return runtime.NewNormalResult(fmt.Sprintf("Skipping Billing as composite is a subservice %s", comp.GetName()))
 	}
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-SHELL := /bin/bash`
	`1`	`+SHELL := /usr/bin/env bash`
`2`	`2`
`3`	`3`	`PROJECT_ROOT_DIR = .`
`4`	`4`	`PROJECT_NAME ?= appcat`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ func AddBilling(ctx context.Context, comp v1.VSHNPostgreSQL, svc runtime.Servi`
`24`	`24`	`return prometheusResult`
`25`	`25`	`}`
`26`	`26`
`27`		`- if comp.GetLabels()[runtime.OwnerCompositeAnnotation] != "" {`
	`27`	`+ if comp.GetLabels()[runtime.OwnerCompositeLabel] != "" {`
`28`	`28`	`return runtime.NewNormalResult(fmt.Sprintf("Skipping Billing as composite is a subservice %s", comp.GetName()))`
`29`	`29`	`}`
`30`	`30`