From 9b88648520b40fb4f36c0e94f8ae9c68138bdda2 Mon Sep 17 00:00:00 2001 From: Feny Mehta Date: Fri, 5 Apr 2024 15:07:23 +0530 Subject: [PATCH 1/4] Split ci-build.yml (#557) Signed-off-by: Feny Mehta --- .github/workflows/ci-golang-sbom.yml | 48 +++++++++++++++++++ .../{ci-build.yml => test-with-coverage.yml} | 37 -------------- 2 files changed, 48 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/ci-golang-sbom.yml rename .github/workflows/{ci-build.yml => test-with-coverage.yml} (57%) diff --git a/.github/workflows/ci-golang-sbom.yml b/.github/workflows/ci-golang-sbom.yml new file mode 100644 index 00000000..76ccb78b --- /dev/null +++ b/.github/workflows/ci-golang-sbom.yml @@ -0,0 +1,48 @@ +name: ci-build +on: + push: + branches: + - master + tags-ignore: + - '*.*' + pull_request: + branches: + - master + +jobs: + golangci: + name: GolangCI Lint + runs-on: ubuntu-20.04 + steps: + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: 1.20.x + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Generate Assets + run: | + make generate-assets + + - name: Lint + uses: golangci/golangci-lint-action@v4 + with: + version: v1.56.2 + skip-pkg-cache: true + skip-build-cache: true + args: --config=./.golangci.yml --verbose + + sbom: + name: Generate SBOM + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Generate SBOM + uses: CycloneDX/gh-gomod-generate-sbom@v2 + with: + version: v1 + args: mod -licenses -json -output - \ No newline at end of file diff --git a/.github/workflows/ci-build.yml b/.github/workflows/test-with-coverage.yml similarity index 57% rename from .github/workflows/ci-build.yml rename to .github/workflows/test-with-coverage.yml index 16fef7bd..e03c9d8a 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/test-with-coverage.yml @@ -43,40 +43,3 @@ jobs: flags: unittests # optional fail_ci_if_error: true # optional (default = false) verbose: true # optional (default = false) - - golangci: - name: GolangCI Lint - runs-on: ubuntu-20.04 - steps: - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: 1.20.x - - - name: Checkout code - uses: actions/checkout@v4 - - - name: Generate Assets - run: | - make generate-assets - - - name: Lint - uses: golangci/golangci-lint-action@v4 - with: - version: v1.56.2 - skip-pkg-cache: true - skip-build-cache: true - args: --config=./.golangci.yml --verbose - - sbom: - name: Generate SBOM - runs-on: ubuntu-20.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Generate SBOM - uses: CycloneDX/gh-gomod-generate-sbom@v2 - with: - version: v1 - args: mod -licenses -json -output - From 77aa3d4fed0f4ccc2c5592a0c04777f88c63e0db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 18:11:55 +0000 Subject: [PATCH 2/4] build(deps): bump octokit/request-action from 2.2.0 to 2.3.0 (#558) Bumps [octokit/request-action](https://github.com/octokit/request-action) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/octokit/request-action/releases) - [Commits](https://github.com/octokit/request-action/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: octokit/request-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-operators-for-e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-operators-for-e2e-tests.yml b/.github/workflows/publish-operators-for-e2e-tests.yml index 264cac62..217c9ad7 100644 --- a/.github/workflows/publish-operators-for-e2e-tests.yml +++ b/.github/workflows/publish-operators-for-e2e-tests.yml @@ -29,7 +29,7 @@ jobs: # Is executed only for comment events - in that case the pull_request field is empty - name: Send Github API Request to get PR data id: request - uses: octokit/request-action@v2.2.0 + uses: octokit/request-action@v2.3.0 if: ${{ github.event.pull_request == '' }} with: route: ${{ github.event.issue.pull_request.url }} From 5a3ab8e6f114aec7edd7611e0d2b4cad84a1c568 Mon Sep 17 00:00:00 2001 From: Francesco Ilario Date: Mon, 8 Apr 2024 21:13:11 +0200 Subject: [PATCH 3/4] fix some linter's complaints (#556) * fix some linter complaints Signed-off-by: Francesco Ilario * Update controllers/idler/idler_controller.go Co-authored-by: Alexey Kazakov * Update controllers/nstemplateset/space_roles.go Co-authored-by: Francisc Munteanu --------- Signed-off-by: Francesco Ilario Co-authored-by: Alexey Kazakov Co-authored-by: Francisc Munteanu --- controllers/idler/idler_controller.go | 3 ++- controllers/nstemplateset/space_roles.go | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/controllers/idler/idler_controller.go b/controllers/idler/idler_controller.go index 0d367b8e..d8a82606 100644 --- a/controllers/idler/idler_controller.go +++ b/controllers/idler/idler_controller.go @@ -132,6 +132,7 @@ func (r *Reconciler) ensureIdling(ctx context.Context, idler *toolchainv1alpha1. } newStatusPods := make([]toolchainv1alpha1.Pod, 0, 10) for _, pod := range podList.Items { + pod := pod // TODO We won't need it after upgrading to go 1.22: https://go.dev/blog/loopvar-preview logger := log.FromContext(ctx) podLogger := logger.WithValues("pod_name", pod.Name, "pod_phase", pod.Status.Phase) if trackedPod := findPodByName(idler, pod.Name); trackedPod != nil { @@ -154,7 +155,7 @@ func (r *Reconciler) ensureIdling(ctx context.Context, idler *toolchainv1alpha1. } if !deletedByController { // Pod not managed by a controller. We can just delete the pod. logger.Info("Deleting pod without controller") - if err := r.AllNamespacesClient.Delete(ctx, &pod); err != nil { // nolint:gosec + if err := r.AllNamespacesClient.Delete(ctx, &pod); err != nil { return err } podLogger.Info("Pod deleted") diff --git a/controllers/nstemplateset/space_roles.go b/controllers/nstemplateset/space_roles.go index 85227cd1..60768494 100644 --- a/controllers/nstemplateset/space_roles.go +++ b/controllers/nstemplateset/space_roles.go @@ -31,6 +31,7 @@ func (r *spaceRolesManager) ensure(ctx context.Context, nsTmplSet *toolchainv1al } logger.Info("ensuring space roles", "namespace_count", len(nss), "role_count", len(nsTmplSet.Spec.SpaceRoles)) for _, ns := range nss { + ns := ns // TODO We won't need it after upgrading to go 1.22: https://go.dev/blog/loopvar-preview // space roles previously applied // read annotation to see what was applied last time, so we can compare with the new SpaceRoles and remove all obsolete resources (based on their kind/names) var lastAppliedSpaceRoles []toolchainv1alpha1.NSTemplateSetSpaceRole @@ -47,12 +48,12 @@ func (r *spaceRolesManager) ensure(ctx context.Context, nsTmplSet *toolchainv1al return false, err } } - lastAppliedSpaceRoleObjs, err := r.getSpaceRolesObjects(lctx, &ns, lastAppliedSpaceRoles) // nolint:gosec + lastAppliedSpaceRoleObjs, err := r.getSpaceRolesObjects(lctx, &ns, lastAppliedSpaceRoles) if err != nil { return false, r.wrapErrorWithStatusUpdateForSpaceRolesFailure(lctx, nsTmplSet, err, "failed to retrieve last applied space roles") } // space roles to apply now - spaceRoleObjs, err := r.getSpaceRolesObjects(lctx, &ns, nsTmplSet.Spec.SpaceRoles) // nolint:gosec + spaceRoleObjs, err := r.getSpaceRolesObjects(lctx, &ns, nsTmplSet.Spec.SpaceRoles) if err != nil { return false, r.wrapErrorWithStatusUpdateForSpaceRolesFailure(lctx, nsTmplSet, err, "failed to retrieve space roles to apply") } @@ -84,7 +85,7 @@ func (r *spaceRolesManager) ensure(ctx context.Context, nsTmplSet *toolchainv1al ns.Annotations = map[string]string{} } ns.Annotations[toolchainv1alpha1.LastAppliedSpaceRolesAnnotationKey] = string(sr) - if err := r.Client.Update(ctx, &ns); err != nil { // nolint:gosec + if err := r.Client.Update(ctx, &ns); err != nil { return false, r.wrapErrorWithStatusUpdate(lctx, nsTmplSet, r.setStatusProvisionFailed, err, fmt.Sprintf("failed to update namespace with '%s' annotation", toolchainv1alpha1.LastAppliedSpaceRolesAnnotationKey)) } From fa6693ae6ea3165ef9ccf9129439def343349ee1 Mon Sep 17 00:00:00 2001 From: Francisc Munteanu Date: Thu, 18 Apr 2024 08:39:24 +0200 Subject: [PATCH 4/4] add toolchainclusterresources controller (#555) * add toolchaincluster resource controller --- deploy/resources.go | 6 ++++++ .../{ => templates}/toolchaincluster/member-sa.yaml | 13 +++++++++++++ go.mod | 4 ++-- go.sum | 7 ++++--- main.go | 10 ++++++++++ 5 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 deploy/resources.go rename deploy/{ => templates}/toolchaincluster/member-sa.yaml (86%) diff --git a/deploy/resources.go b/deploy/resources.go new file mode 100644 index 00000000..e118556e --- /dev/null +++ b/deploy/resources.go @@ -0,0 +1,6 @@ +package deploy + +import "embed" + +//go:embed templates/toolchaincluster/* +var ToolchainClusterTemplateFS embed.FS diff --git a/deploy/toolchaincluster/member-sa.yaml b/deploy/templates/toolchaincluster/member-sa.yaml similarity index 86% rename from deploy/toolchaincluster/member-sa.yaml rename to deploy/templates/toolchaincluster/member-sa.yaml index 89ef50cc..5d996bd5 100644 --- a/deploy/toolchaincluster/member-sa.yaml +++ b/deploy/templates/toolchaincluster/member-sa.yaml @@ -111,4 +111,17 @@ subjects: roleRef: kind: ClusterRole name: toolchaincluster-{{.Namespace}} + apiGroup: rbac.authorization.k8s.io +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: toolchaincluster-member + namespace: {{.Namespace}} +subjects: +- kind: ServiceAccount + name: toolchaincluster-member +roleRef: + kind: Role + name: toolchaincluster-member apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/go.mod b/go.mod index 49bcdab4..9849fb34 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/codeready-toolchain/member-operator require ( github.com/codeready-toolchain/api v0.0.0-20240322110702-5ab3840476e9 - github.com/codeready-toolchain/toolchain-common v0.0.0-20240404090512-046d250d7d78 + github.com/codeready-toolchain/toolchain-common v0.0.0-20240417084737-d3c148491687 github.com/go-logr/logr v1.2.3 github.com/google/go-cmp v0.5.9 // using latest commit from 'github.com/openshift/api branch release-4.12' @@ -65,7 +65,7 @@ require ( github.com/google/go-github/v52 v52.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/uuid v1.1.2 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect github.com/huandu/xstrings v1.3.1 // indirect diff --git a/go.sum b/go.sum index fc3ee5fd..7496101f 100644 --- a/go.sum +++ b/go.sum @@ -136,8 +136,8 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codeready-toolchain/api v0.0.0-20240322110702-5ab3840476e9 h1:Lm7bFLrzfJzrUiRGVqtsSaZMpj+akLiR/fvAFjjE9gM= github.com/codeready-toolchain/api v0.0.0-20240322110702-5ab3840476e9/go.mod h1:cfNN6YPX4TORvhhZXMSjSPesqAHlB3nD/WAfGe4WLKQ= -github.com/codeready-toolchain/toolchain-common v0.0.0-20240404090512-046d250d7d78 h1:4jFHu6xN/T+hml9egbiZyJmptrMO0azWfF94liICmrM= -github.com/codeready-toolchain/toolchain-common v0.0.0-20240404090512-046d250d7d78/go.mod h1:OJ3L9aaTRMGjxr2WeH/9l6m5OjExwEK3Bp/+P+efoGg= +github.com/codeready-toolchain/toolchain-common v0.0.0-20240417084737-d3c148491687 h1:ZPURdFfMNOsEyNKtCTzY9Gsj0jKQL13tR/uj7OAlZL4= +github.com/codeready-toolchain/toolchain-common v0.0.0-20240417084737-d3c148491687/go.mod h1:Iat3N+zBZcVgm/HWxa/ltSEoelM/YCXQUvbL9C8OSTw= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -325,8 +325,9 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= diff --git a/main.go b/main.go index a688c965..e3e12d4f 100644 --- a/main.go +++ b/main.go @@ -11,11 +11,13 @@ import ( "github.com/codeready-toolchain/member-operator/controllers/memberstatus" "github.com/codeready-toolchain/member-operator/controllers/nstemplateset" "github.com/codeready-toolchain/member-operator/controllers/useraccount" + "github.com/codeready-toolchain/member-operator/deploy" "github.com/codeready-toolchain/member-operator/pkg/apis" "github.com/codeready-toolchain/member-operator/pkg/klog" "github.com/codeready-toolchain/member-operator/pkg/metrics" "github.com/codeready-toolchain/member-operator/version" "github.com/codeready-toolchain/toolchain-common/controllers/toolchainclustercache" + "github.com/codeready-toolchain/toolchain-common/controllers/toolchainclusterresources" commonclient "github.com/codeready-toolchain/toolchain-common/pkg/client" "github.com/codeready-toolchain/toolchain-common/pkg/cluster" commonconfig "github.com/codeready-toolchain/toolchain-common/pkg/configuration" @@ -204,6 +206,14 @@ func main() { } // Setup all Controllers + if err = (&toolchainclusterresources.Reconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Templates: &deploy.ToolchainClusterTemplateFS, + }).SetupWithManager(mgr, namespace); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "ToolchainClusterResources") + os.Exit(1) + } if err = toolchainclustercache.NewReconciler( mgr, namespace,