update readme; add version file; add gha workflows

.github/workflows/lint.yaml

@@ -0,0 +1,30 @@
+name: lint
+on:
+  push:
+    tags:
+      - v*
+    branches-ignore:
+      - master
+      - main
+permissions:
+  contents: read
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Golang"
+        uses: "actions/setup-go@v3"
+        with:
+          go-version: "1.18"
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: "Modules"
+        run: "go mod download"
+      - name: "Lint"
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: "latest"
+          skip-pkg-cache: true
+          skip-build-cache: true
+          args: "-c ./.golangci.yaml --timeout=10m --issues-exit-code=0 --max-issues-per-linter=0 --sort-results ./..."

.github/workflows/release.yaml

@@ -0,0 +1,43 @@
+name: release
+on:
+  push:
+    tags:
+      - 'v*'
+permissions:
+  contents: write
+jobs:
+  test:
+    uses: "dejanzele/kube-webhook-certgen/.github/workflows/test.yaml@master"
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+        with:
+          fetch-depth: 0
+      - name: "Golang"
+        uses: "actions/setup-go@v3"
+        with:
+          go-version: "1.18"
+      - name: "Login"
+        uses: "docker/login-action@v2"
+        with:
+          username: "${{ secrets.DOCKERHUB_USERNAME }}"
+          password: "${{ secrets.DOCKERHUB_SECRET }}"
+      - name: "Cache"
+        uses: "actions/cache@v3"
+        with:
+          path: "~/go/pkg/mod"
+          key: "${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}"
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: "Modules"
+        run: "go mod tidy"
+      - name: "Release"
+        uses: "goreleaser/goreleaser-action@v3"
+        with:
+          distribution: "goreleaser"
+          version: "latest"
+          args: "-f ./.goreleaser.yml release --rm-dist"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test.yaml

@@ -0,0 +1,39 @@
+name: test
+on:
+  workflow_call:
+  push:
+    tags:
+      - v*
+    branches-ignore:
+      - master
+      - main
+permissions:
+  contents: write
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+        with:
+          fetch-depth: 0
+      - name: "Golang"
+        uses: "actions/setup-go@v3"
+        with:
+          go-version: "1.18"
+      - name: "Cache"
+        uses: "actions/cache@v3"
+        with:
+          path: "~/go/pkg/mod"
+          key: "${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}"
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: "Modules"
+        run: "go mod download"
+      - name: "Test"
+        run: go test -json ./internal/... > test.json
+      - name: "Annotate"
+        if: always()
+        uses: guyarb/[email protected]
+        with:
+          test-results: test.json

.go-version

@@ -0,0 +1 @@
+1.19

.goreleaser.yml

@@ -11,9 +11,6 @@ archives:
 
 changelog:
   use: "github"
-  filters:
-    exclude:
-      - "^V2:"
 
 checksum:
   name_template: "checksums.txt"

Makefile

@@ -2,7 +2,7 @@
 IMG ?= dpejcev/kube-webhook-certgen:latest
 
 lint: # lint code using golangci-lint
-	golangci-lint run
+	golangci-lint run --max-issues-per-linter=0 --sort-results ./...
 
 test: # run tests using gotestsum
 	gotestsum ./...

README.md

@@ -31,17 +31,19 @@ Usage:
   kube-webhook-certgen [command]
 
 Available Commands:
+  completion  Generate the autocompletion script for the specified shell
   create      Generate a ca and server cert+key and store the results in a secret 'secret-name' in 'namespace'
   help        Help about any command
-  patch       Patch a validatingwebhookconfiguration and mutatingwebhookconfiguration 'webhook-name' by using the ca from 'secret-name' in 'namespace'
+  patch       Patch a ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CustomResourceDefinition
   version     Prints the CLI version information
 
 Flags:
-  -h, --help                           help for kube-webhook-certgen
-      --admission-registration-version admissionregistration.k8s.io api version
-      --kubeconfig string              Path to kubeconfig file: e.g. ~/.kube/kind-config-kind
-      --log-format string              Log format: text|json (default "text")
-      --log-level string               Log level: panic|fatal|error|warn|info|debug|trace (default "info")
+  -h, --help                help for kube-webhook-certgen
+      --kubeconfig string   Path to kubeconfig file: e.g. ~/.kube/kind-config-kind
+      --log-format string   Log format: text|json (default "json")
+      --log-level string    Log level: panic|fatal|error|warn|info|debug|trace (default "info")
+
+Use "kube-webhook-certgen [command] --help" for more information about a command.
 ```
 
 ### Create
@@ -52,6 +54,7 @@ Usage:
   kube-webhook-certgen create [flags]
 
 Flags:
+      --ca-name string       Name of ca file in the secret (default "ca.crt")
       --cert-name string     Name of cert file in the secret (default "cert")
   -h, --help                 help for create
       --host string          Comma-separated hostnames and IPs to generate a certificate for
@@ -67,26 +70,30 @@ Global Flags:
 
 ### Patch
 ```
-Patch a validatingwebhookconfiguration and mutatingwebhookconfiguration 'webhook-name' by using the ca from 'secret-name' in 'namespace'
+Patch a ValidatingWebhookConfiguration and MutatingWebhookConfiguration 'webhook-name' and CustomResourceDefinitions by using the ca from 'secret-name' in 'namespace'
 
 Usage:
   kube-webhook-certgen patch [flags]
 
 Flags:
-  -h, --help                          help for patch
-      --namespace string              Namespace of the secret where certificate information will be read from
-      --patch-failure-policy string   If set, patch the webhooks with this failure policy. Valid options are Ignore or Fail
-      --patch-mutating                If true, patch mutatingwebhookconfiguration (default true)
-      --patch-validating              If true, patch validatingwebhookconfiguration (default true)
-      --secret-name string            Name of the secret where certificate information will be read from
-      --webhook-name string           Name of validatingwebhookconfiguration and mutatingwebhookconfiguration that will be updated
+      --admission-registration-version string   admissionregistration.k8s.io api version (default "v1")
+      --crd-api-groups string                   Comma-separated CustomResourceDefinition API Groups for which to patch the conversion webhook caBundle
+      --crds string                             Comma-separated CustomResourceDefinition names for which to patch the conversion webhook caBundle
+  -h, --help                                    help for patch
+      --namespace string                        Namespace of the secret where certificate information will be read from
+      --patch-failure-policy string             If set, patch the webhooks with this failure policy. Valid options are Ignore or Fail
+      --patch-mutating                          If true, patch MutatingWebhookConfiguration (default true)
+      --patch-validating                        If true, patch ValidatingWebhookConfiguration (default true)
+      --secret-name string                      Name of the secret where certificate information will be read from
+      --webhook-name string                     Name of ValidatingWebhookConfiguration and MutatingWebhookConfiguration that will be updated
 
 Global Flags:
       --kubeconfig string   Path to kubeconfig file: e.g. ~/.kube/kind-config-kind
-      --log-format string   Log format: text|json (default "text")
+      --log-format string   Log format: text|json (default "json")
       --log-level string    Log level: panic|fatal|error|warn|info|debug|trace (default "info")
 ```
 
 ## Recent changes
+* added support for CRDs
 * Updated go version to v1.19
 * Added support for `--admission-registration-version` flag which allows users to select which version of admissionregistration.k8s.io they want to use (v1 or v1beta1)

cmd/patch.go

@@ -18,7 +18,7 @@ import (
 var patch = &cobra.Command{
 	Use:    "patch",
 	Short:  "Patch a ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CustomResourceDefinition",
-	Long:   "Patch a ValidatingWebhookConfiguration and MutatingWebhookConfiguration 'webhook-name' by using the ca from 'secret-name' in 'namespace'",
+	Long:   "Patch a ValidatingWebhookConfiguration and MutatingWebhookConfiguration 'webhook-name' and CustomResourceDefinitions by using the ca from 'secret-name' in 'namespace'",
 	PreRun: prePatchCommand,
 	RunE:   patchCommand,
 }

cmd/version.go

@@ -17,7 +17,6 @@ var version = &cobra.Command{
 
 func versionCmdRun(cmd *cobra.Command, args []string) {
 	fmt.Printf("%s\n", core.Version)
-	fmt.Printf("build %s\n", core.BuildTime)
 	fmt.Printf("%s\n", runtime.Version())
 }
 

core/.version

@@ -0,0 +1 @@
+1.0.0

core/version.go

@@ -1,8 +1,8 @@
 package core
 
+import _ "embed"
+
 var (
-	// Version is the current Semantic Version.
-	Version = "0.0.1-dev"
-	// BuildTime is the timestamp (ISO-8601) of the build.
-	BuildTime = "0001-01-01T00:00:00Z"
+	//go:embed .version
+	Version string
 )

scripts/tag.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+## Tags the git repo using the first argument or the incremented minor version
+
+set -euo pipefail
+dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+cd "$dir"/..
+
+TGT=${1-none}
+if [[ $TGT == "none" ]]; then
+  TGT=$(git describe --tags | sed -e 's/v//g')
+  TGT=$(echo "${TGT}" | awk -F. -v OFS=. '{$NF++;print}')
+fi
+if [[ ${TGT:0:1} == "v" ]]; then
+  TGT="${TGT:1}"
+fi
+
+echo "$TGT"
+
+find . -type f -name ".version" -print0 | xargs -0 sed -i '' -e "s/[v]*[0-9]*[0-9]\.[0-9]*[0-9]\.[0-9]*[0-9]/${TGT}/g"
+
+make build
+
+git add .
+git commit -m "v${TGT}" || true
+
+git tag "v${TGT}"
+
+git push
+git push --tags