From 5e130d49cfb3ca5688cbc706e55b88ae1f46bd4f Mon Sep 17 00:00:00 2001 From: oumkale Date: Thu, 7 Dec 2023 22:00:00 +0530 Subject: [PATCH] Updating readme and templates Signed-off-by: oumkale --- .github/ISSUE_TEMPLATE/bug_report.yml | 83 ++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 19 ++++ .github/ISSUE_TEMPLATE/question.md | 7 ++ .github/PULL_REQUEST_TEMPLATE.md | 5 ++ .github/release.yml | 20 +++++ .../workflows/frogbot-scan-pull-request.yml | 66 ++++++++++++++ .github/workflows/frogbot-scan-repository.yml | 30 +++++++ .github/workflows/test.yml | 87 +++++++++++++++++++ .github/workflows/update-v2-tag.yml | 19 ++++ .../workflows/validate-pr-target-branch.yml | 19 ++++ README.md | 29 ------- api/v1alpha1/secretrotator_types.go | 1 - 12 files changed, 355 insertions(+), 30 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/question.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/release.yml create mode 100644 .github/workflows/frogbot-scan-pull-request.yml create mode 100644 .github/workflows/frogbot-scan-repository.yml create mode 100644 .github/workflows/test.yml create mode 100644 .github/workflows/update-v2-tag.yml create mode 100644 .github/workflows/validate-pr-target-branch.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..be7ed1d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,83 @@ +--- +name: "🐛 Bug Report" +description: Create a report to help us improve +labels: [bug] +body: + - type: textarea + id: description + attributes: + label: Describe the bug + description: What is the problem? A clear and concise description of the bug. + validations: + required: true + + - type: textarea + id: current + attributes: + label: Current behavior + description: | + Please include full errors, uncaught exceptions, screenshots, and relevant logs. + Using environment variable JFROG_CLI_LOG_LEVEL="DEBUG" upon running the command will provide more log information. + validations: + required: true + + - type: textarea + id: reproduction + attributes: + label: Reproduction steps + description: | + Provide steps to reproduce the behavior. + validations: + required: false + + - type: textarea + id: expected + attributes: + label: Expected behavior + description: | + What did you expect to happen? + validations: + required: false + + - type: input + id: jfrog-registry-operator-version + attributes: + label: JFrog registry operator version + validations: + required: true + + - type: input + id: package-manager + attributes: + label: Package manager info + description: | + Which package manager name and version is used to build the project? + What's the name and path of the descriptor file (package.json, pom.xml, etc)? + validations: + required: true + + - type: dropdown + id: git-provider + attributes: + label: Git provider + options: + - GitHub + - Bitbucket Server + - GitLab + - Azure DevOps + validations: + required: true + + - type: textarea + id: jfrog-registry-operator-yaml + attributes: + label: JFrog registry operator configuration yaml file + validations: + required: false + + - type: input + id: os-version + attributes: + label: Operating system type and version + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..9bc2730 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,19 @@ +--- +name: ⭐️ Feature request +about: Suggest an idea for this project +title: "" +labels: feature request +assignees: "" +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like to see** +A clear and concise description of the new feature. + +**Describe alternatives you've considered** +If applicable, a clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 0000000..3750fd7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.md @@ -0,0 +1,7 @@ +--- +name: ❓ Question +about: Ask a question +title: "" +labels: question +assignees: "" +--- diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..d34a24c --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,5 @@ +- [ ] All [tests](https://github.com/jfrog/jfrog-registry-operator#tests) passed. If this feature is not already covered by the tests, I added new tests. +- [ ] This pull request is on the main branch. +- [ ] I used gofmt for formatting the code before submitting the pull request. +--- + diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..5021017 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,20 @@ +changelog: + exclude: + labels: + - ignore for release + categories: + - title: Breaking Changes 🚨 + labels: + - breaking change + - title: Exciting New Features 🎉 + labels: + - new feature + - title: Improvements 🌱 + labels: + - improvement + - title: Bug Fixes 🛠 + labels: + - bug + - title: Other Changes 📚 + labels: + - "*" diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml new file mode 100644 index 0000000..779fbd7 --- /dev/null +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -0,0 +1,66 @@ +name: "Jfrog Registry Operator Scan Pull Request" +on: + pull_request_target: + types: [ opened, synchronize ] +permissions: + pull-requests: write + contents: read +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved before jfrog-registry-operator scans it. Any GitHub user who is associated with the + # "jfrog-registry-operator" GitHub environment can approve the pull request to be scanned. + environment: jfrog-registry-operator + steps: + - uses: jfrog/jfrog-registry-operator@v2 + env: + JFROG_CLI_LOG_LEVEL: "DEBUG" + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0) + JF_URL: ${{ secrets.OPERATOR_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Optional] + # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools + # needed from https://releases.jfrog.io + # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the + # executable to be downloaded from an Artifactory instance, which the machine has access to: + # + # 1. Login to the Artifactory UI, with a user who has admin credentials. + # 2. Create a Remote Repository with the following properties set. + # Under the 'Basic' tab: + # Package Type: Generic + # URL: https://releases.jfrog.io + # Under the 'Advanced' tab: + # Uncheck the 'Store Artifacts Locally' option + # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. + # JF_RELEASES_REPO: "" + + # [Optional] + # Configure the SMTP server to enable jfrog-registry-operator to send emails with detected secrets in pull request scans. + # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080) + JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }} + + # [Mandatory if JF_SMTP_SERVER is set] + # The username required for authenticating with the SMTP server. + JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }} + + # [Mandatory if JF_SMTP_SERVER is set] + # The password associated with the username required for authentication with the SMTP server. + JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }} + + # [Optional] + # List of comma separated email addresses to receive email notifications about secrets + # detected during pull request scanning. The notification is also sent to the email set + # in the committer git profile regardless of whether this variable is set or not. + JF_EMAIL_RECEIVERS: "eco-system@jfrog.com" diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml new file mode 100644 index 0000000..aade287 --- /dev/null +++ b/.github/workflows/frogbot-scan-repository.yml @@ -0,0 +1,30 @@ +name: "Jfrog Registry Operator Scan Repository" +on: + workflow_dispatch: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write +jobs: + scan-repository: + runs-on: ubuntu-latest + name: Scan Repository (${{ matrix.branch }} branch) + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: [ "dev" ] + steps: + - uses: jfrog/jfrog-registry-operator@v2 + env: + JFROG_CLI_LOG_LEVEL: "DEBUG" + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory] + # The name of the branch on which jfrog-registry-operator will perform the scan + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..e03a12e --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,87 @@ +name: "Go Tests" + +on: + push: + # Triggers the workflow on labeled PRs only. + pull_request_target: + types: [labeled] + +# Ensures that only the latest commit is running for each PR at a time. +# Ignores this rule for push events. +concurrency: + group: ${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true +jobs: + Pretest: + if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' + runs-on: ubuntu-latest + steps: + - name: Unlabel 'safe to test' + uses: actions-ecosystem/action-remove-labels@v1 + if: ${{ github.event_name != 'push' }} + with: + labels: "safe to test" + + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.20.x + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go- + + # Generate mocks + - name: Generate mocks + run: go generate ./... + + - name: Lint + run: go vet -v ./... + + tests: + needs: Pretest + name: ${{ matrix.suite.name }} Tests (${{ matrix.os }}) + runs-on: ${{ matrix.os }}-latest + env: + JFROG_CLI_LOG_LEVEL: "DEBUG" + strategy: + fail-fast: false + matrix: + suite: + - name: 'Unit' + + - name: 'Scan Repository' + package: 'scanrepository' + + - name: 'Scan Pull Request' + package: 'scanpullrequest' + + - name: 'Package Handlers' + package: 'packagehandlers' + + os: [ ubuntu, windows, macos ] + steps: + # Configure prerequisites + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: 1.20.x + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- diff --git a/.github/workflows/update-v2-tag.yml b/.github/workflows/update-v2-tag.yml new file mode 100644 index 0000000..8208b48 --- /dev/null +++ b/.github/workflows/update-v2-tag.yml @@ -0,0 +1,19 @@ +name: "Update v2 Tag" +on: + release: + types: [published] + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Update v2 tag + run: git tag -f v2 + - name: Push changes + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + tags: true + force: true diff --git a/.github/workflows/validate-pr-target-branch.yml b/.github/workflows/validate-pr-target-branch.yml new file mode 100644 index 0000000..1ee921b --- /dev/null +++ b/.github/workflows/validate-pr-target-branch.yml @@ -0,0 +1,19 @@ +name: Validate Pull Request Target Branch + +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + +jobs: + validate-target-branch: + runs-on: ubuntu-latest + steps: + - name: Check Target Branch + run: | + if [ "${{ github.base_ref }}" != "dev" ]; then + echo "Pull requests must target the 'dev' branch." + exit 1 + fi diff --git a/README.md b/README.md index 6c3c76a..b918b3d 100755 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # JFrog Registry Operator -## Two ways to install an operator using manual deployment and a Helm chart on Kubernetes ### Install operator using helm chart @@ -68,34 +67,6 @@ kubectl delete -f [secretrotator.yaml](https://github.com/jfrog/jfrog-registry-o kubectl delete crd secretrotators.apps.jfrog.com ``` -### Install JFrog secret rotator operator manually - -```sh -# deploy the crd: -kubectl apply -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/crd/bases/apps.jfrog.com_secretrotators.yaml - -# install operator -kubectl apply -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/deploy/operator.yaml - -# create secretrotator object -Ref: https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml -kubectl apply -f [secretrotator.yaml](https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml) -n ${NAMESPACE} -``` - -#### Uninstall operator - -```sh -# delete secretrotator object -Ref: https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml -kubectl delete -f secretrotator.yaml -n ${NAMESPACE} - -# delete the operator: -kubectl delete -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/deploy/operator.yaml - -### delete CRD -kubectl delete -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/crd/bases/apps.jfrog.com_secretrotators.yaml -``` - ### Check Resources in your cluster ```shell diff --git a/api/v1alpha1/secretrotator_types.go b/api/v1alpha1/secretrotator_types.go index 3310ee8..2934c45 100755 --- a/api/v1alpha1/secretrotator_types.go +++ b/api/v1alpha1/secretrotator_types.go @@ -92,7 +92,6 @@ type SecretRotatorStatus struct { } // ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. - // ExternalSecretTemplate defines a blueprint for the created Secret resource. // we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448