Skip to content

Commit

Permalink
Adding status in readme
Browse files Browse the repository at this point in the history
Signed-off-by: oumkale <[email protected]>
  • Loading branch information
oumkale committed Dec 7, 2023
1 parent 4015bb2 commit 9ff8a03
Show file tree
Hide file tree
Showing 11 changed files with 23 additions and 231 deletions.
7 changes: 0 additions & 7 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,3 @@ body:
label: Operating system type and version
validations:
required: true

- type: input
id: xr-version
attributes:
label: JFrog Xray version
validations:
required: false
2 changes: 1 addition & 1 deletion .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
- [ ] All [tests](https://github.com/jfrog/jfrog-registry-operator#tests) passed. If this feature is not already covered by the tests, I added new tests.
- [ ] This pull request is on the dev branch.
- [ ] This pull request is on the main branch.
- [ ] I used gofmt for formatting the code before submitting the pull request.
---

101 changes: 1 addition & 100 deletions .github/workflows/frogbot-scan-pull-request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,112 +12,13 @@ jobs:
# "jfrog-registry-operator" GitHub environment can approve the pull request to be scanned.
environment: jfrog-registry-operator
steps:
- uses: jfrog/jfrog-registry-operator@v2
- uses: jfrog/jfrog-registry-operator
env:
JFROG_CLI_LOG_LEVEL: "DEBUG"
# [Mandatory]
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
JF_URL: ${{ secrets.OPERATOR_URL }}

# [Mandatory if JF_USER and JF_PASSWORD are not provided]
# JFrog access token with 'read' permissions on Xray service
JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }}

# [Mandatory]
# The GitHub token is automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# [Optional, default: https://api.github.com]
# API endpoint to GitHub
# JF_GIT_API_ENDPOINT: https://github.example.com

# [Optional]
# By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools
# needed from https://releases.jfrog.io
# If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the
# executable to be downloaded from an Artifactory instance, which the machine has access to:
#
# 1. Login to the Artifactory UI, with a user who has admin credentials.
# 2. Create a Remote Repository with the following properties set.
# Under the 'Basic' tab:
# Package Type: Generic
# URL: https://releases.jfrog.io
# Under the 'Advanced' tab:
# Uncheck the 'Store Artifacts Locally' option
# 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
# JF_RELEASES_REPO: ""

# [Optional]
# Configure the SMTP server to enable jfrog-registry-operator to send emails with detected secrets in pull request scans.
# SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}

# [Mandatory if JF_SMTP_SERVER is set]
# The username required for authenticating with the SMTP server.
JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }}

# [Mandatory if JF_SMTP_SERVER is set]
# The password associated with the username required for authentication with the SMTP server.
JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }}

# [Optional]
# List of comma separated email addresses to receive email notifications about secrets
# detected during pull request scanning. The notification is also sent to the email set
# in the committer git profile regardless of whether this variable is set or not.
JF_EMAIL_RECEIVERS: "[email protected]"

##########################################################################
## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################

# [Mandatory if the two conditions below are met]
# 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
# 2. The `installCommand` variable isn't set in your jfrog-registry-operator-config.yml file.
#
# The command that installs the project dependencies (e.g "nuget restore")
# JF_INSTALL_DEPS_CMD: ""

# [Optional, default: "."]
# Relative path to the root of the project in the Git repository
# JF_WORKING_DIR: path/to/project/dir

# [Optional]
# Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
# JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

# [Optional]
# JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
# JF_PROJECT: <project-key>

# [Optional, default: "FALSE"]
# Displays all existing vulnerabilities, including the ones that were added by the pull request.
# JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"

# [Optional, default: "FALSE"]
# When adding new comments on pull requests, keep old comments that were added by previous scans.
# JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE"

# [Optional, default: "TRUE"]
# Fails the jfrog-registry-operator task if any security issue is found.
# JF_FAIL: "FALSE"

# [Optional]
# Jfrog-registry-operator will download the project dependencies if they're not cached locally. To download the
# dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
# need to set this value, if it is set in the jfrog-registry-operator-config.yml file.
# JF_DEPS_REPO: ""

# [Optional, Default: "FALSE"]
# If TRUE, Jfrog-registry-operator creates a single pull request with all the fixes.
# If false, Jfrog-registry-operator creates a separate pull request for each fix.
# JF_GIT_AGGREGATE_FIXES: "FALSE"

# [Optional, Default: "FALSE"]
# Handle vulnerabilities with fix versions only
# JF_FIXABLE_ONLY: "TRUE"

# [Optional]
# Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
# The following values are accepted: Low, Medium, High or Critical
# JF_MIN_SEVERITY: ""
92 changes: 2 additions & 90 deletions .github/workflows/frogbot-scan-repository.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,11 @@ jobs:
strategy:
matrix:
# The repository scanning will be triggered periodically on the following branches.
branch: [ "dev" ]
branch: [ "main" ]
steps:
- uses: jfrog/jfrog-registry-operator@v2
- uses: jfrog/jfrog-registry-operator
env:
JFROG_CLI_LOG_LEVEL: "DEBUG"
# [Mandatory]
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
JF_URL: ${{ secrets.OPERATOR_URL }}

# [Mandatory if JF_USER and JF_PASSWORD are not provided]
# JFrog access token with 'read' permissions on Xray service
JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }}

# [Mandatory]
# The GitHub token is automatically generated for the job
Expand All @@ -35,84 +28,3 @@ jobs:
# [Mandatory]
# The name of the branch on which jfrog-registry-operator will perform the scan
JF_GIT_BASE_BRANCH: ${{ matrix.branch }}

# [Optional, default: https://api.github.com]
# API endpoint to GitHub
# JF_GIT_API_ENDPOINT: https://github.example.com

# [Optional]
# By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools
# needed from https://releases.jfrog.io
# If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the
# executable to be downloaded from an Artifactory instance, which the machine has access to:
#
# 1. Login to the Artifactory UI, with a user who has admin credentials.
# 2. Create a Remote Repository with the following properties set.
# Under the 'Basic' tab:
# Package Type: Generic
# URL: https://releases.jfrog.io
# Under the 'Advanced' tab:
# Uncheck the 'Store Artifacts Locally' option
# 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
# JF_RELEASES_REPO: ""

##########################################################################
## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################

# [Optional, default: "."]
# Relative path to the root of the project in the Git repository
# JF_WORKING_DIR: path/to/project/dir

# [Optional]
# Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
# JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

# [Optional]
# JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
# JF_PROJECT: <project-key>

# [Optional, default: "TRUE"]
# Fails the jfrog-registry-operator task if any security issue is found.
# JF_FAIL: "FALSE"

# [Optional]
# jfrog-registry-operator will download the project dependencies, if they're not cached locally. To download the
# dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
# need to set this value, if it is set in the jfrog-registry-operator-config.yml file.
# JF_DEPS_REPO: ""

# [Optional]
# Template for the branch name generated by jfrog-registry-operator when creating pull requests with fixes.
# The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
# The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
# JF_BRANCH_NAME_TEMPLATE: "jfrog-registry-operator-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}"

# [Optional]
# Template for the commit message generated by jfrog-registry-operator when creating pull requests with fixes
# The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
# JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"

# [Optional]
# Template for the pull request title generated by jfrog-registry-operator when creating pull requests with fixes.
# The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
# JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Jfrog Registry Operator] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"

# [Optional, Default: "FALSE"]
# If TRUE, jfrog-registry-operator creates a single pull request with all the fixes.
# If FALSE, jfrog-registry-operator creates a separate pull request for each fix.
# JF_GIT_AGGREGATE_FIXES: "FALSE"

# [Optional, Default: "FALSE"]
# Handle vulnerabilities with fix versions only
# JF_FIXABLE_ONLY: "TRUE"

# [Optional]
# Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
# The following values are accepted: Low, Medium, High or Critical
# JF_MIN_SEVERITY: ""

# [Optional, Default: [email protected]]
# Set the email of the commit author
# JF_GIT_EMAIL_AUTHOR: ""
4 changes: 2 additions & 2 deletions .github/workflows/validate-pr-target-branch.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
steps:
- name: Check Target Branch
run: |
if [ "${{ github.base_ref }}" != "dev" ]; then
echo "Pull requests must target the 'dev' branch."
if [ "${{ github.base_ref }}" != "main" ]; then
echo "Pull requests must target the 'main' branch."
exit 1
fi
43 changes: 14 additions & 29 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,20 @@

<div align="center">

# JFrog Registry Operator

## Two ways to install an operator using manual deployment and a Helm chart on Kubernetes
[![JFrog Registry Operator](config/images/frogbot-intro.png)](#readme)

[![Scanned by JFrog Registry Operator](config/images/frogbot-badge.png)](https://github.com/jfrog/jfrog-registry-operator#readme)
[![Go Report Card](https://goreportcard.com/badge/github.com/jfrog/jfrog-registry-operator)](https://goreportcard.com/report/github.com/jfrog/jfrog-registry-operator)

[![Build status](https://github.com/jfrog/jfrog-registry-operator/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-registry-operator/actions/workflows/test.yml?branch=main)
[![GitHub issues](https://img.shields.io/github/issues/jfrog/jfrog-registry-operator)](https://github.com/jfrog/jfrog-registry-operator/issues)
![GitHub Workflow](https://github.com/jfrog/jfrog-registry-operator/actions/workflows/frogbot-scan-repository.yml/badge.svg?branch=main)


</div>


### Install operator using helm chart

Expand Down Expand Up @@ -68,34 +81,6 @@ kubectl delete -f [secretrotator.yaml](https://github.com/jfrog/jfrog-registry-o
kubectl delete crd secretrotators.apps.jfrog.com
```

### Install JFrog secret rotator operator manually

```sh
# deploy the crd:
kubectl apply -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/crd/bases/apps.jfrog.com_secretrotators.yaml

# install operator
kubectl apply -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/deploy/operator.yaml

# create secretrotator object
Ref: https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml
kubectl apply -f [secretrotator.yaml](https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml) -n ${NAMESPACE}
```

#### Uninstall operator

```sh
# delete secretrotator object
Ref: https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml
kubectl delete -f secretrotator.yaml -n ${NAMESPACE}

# delete the operator:
kubectl delete -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/deploy/operator.yaml

### delete CRD
kubectl delete -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/crd/bases/apps.jfrog.com_secretrotators.yaml
```

### Check Resources in your cluster

```shell
Expand Down
2 changes: 1 addition & 1 deletion charts/jfrog-registry-operator/full-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -357,7 +357,7 @@ persistence:
##
mountPath: /var/opt/jfrog/jfrog-registry-operator
## @param persistence.subPath The subdirectory of the volume to mount to
## Useful in dev environments and one PV for multiple services
## Useful in main environments and one PV for multiple services
##
subPath: ""
## @param persistence.size PVC Storage Request for metadata data volume
Expand Down
2 changes: 1 addition & 1 deletion charts/jfrog-registry-operator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ persistence:
##
mountPath: /var/opt/jfrog/jfrog-registry-operator
## @param persistence.subPath The subdirectory of the volume to mount to
## Useful in dev environments and one PV for multiple services
## Useful in main environments and one PV for multiple services
##
subPath: ""
## @param persistence.size PVC Storage Request for metadata data volume
Expand Down
Binary file added config/images/frogbot-badge.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added config/images/frogbot-intro.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions controllers/secretrotator_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
jfrogv1alpha1 "artifactory-secrets-rotator/api/v1alpha1"
"artifactory-secrets-rotator/internal/operations"
"errors"

corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/log"
Expand Down

0 comments on commit 9ff8a03

Please sign in to comment.