diff --git a/.github/workflows/controller_release.yaml b/.github/workflows/controller_release.yaml index 3c52776..7c52350 100644 --- a/.github/workflows/controller_release.yaml +++ b/.github/workflows/controller_release.yaml @@ -9,6 +9,9 @@ on: version: required: true type: string + secrets: + ghcrToken: + required: true outputs: image_url: value: ${{ jobs.release-controller.outputs.image_url }} @@ -22,6 +25,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + id-token: write packages: write steps: - name: Checkout @@ -43,8 +47,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + username: weave-ghcr-bot + password: ${{ secrets.ghcrToken }} - name: Clone and patch repo id: patch run: | @@ -60,8 +64,8 @@ jobs: fi bash -x ./scripts/patch_repo.sh "https://github.com/fluxcd/${{ inputs.controller }}.git" ${{ inputs.controller }} ${BASE_VERSION} unlink patches-flux - echo ::set-output name=version::${VERSION} - echo ::set-output name=base_version::${BASE_VERSION} + echo "version=${VERSION}" >> $GITHUB_OUTPUT + echo "base_version=${BASE_VERSION}" >> $GITHUB_OUTPUT - name: Generate images meta id: meta uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 @@ -94,7 +98,7 @@ jobs: mkdir -p config/release sed -i "s/${{ steps.patch.outputs.base_version }}/${{ steps.patch.outputs.version }}/g" ./${{ inputs.controller }}/config/manager/kustomization.yaml kustomize build ./${{ inputs.controller }}/config/crd > ./config/release/${{ inputs.controller }}.crds.yaml - kustomize build ./${{ inputs.controller }}/config/manager > ./config/release/${{ inputs.controller}}deployment.yaml + kustomize build ./${{ inputs.controller }}/config/manager > ./config/release/${{ inputs.controller}}.deployment.yaml - name: Upload release artifacts uses: actions/upload-artifact@v3 with: diff --git a/.github/workflows/release_v21.yaml b/.github/workflows/release_v21.yaml index 4eb366f..158b730 100644 --- a/.github/workflows/release_v21.yaml +++ b/.github/workflows/release_v21.yaml @@ -10,17 +10,18 @@ on: - .github/workflows/release_v21.yaml - .github/workflows/controller_release.yaml -permissions: - contents: write - id-token: write - packages: write - jobs: release-source-controller: + permissions: + contents: read + id-token: write + packages: write uses: ./.github/workflows/controller_release.yaml with: controller: source-controller version: v21 + secrets: + ghcrToken: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} sc-ghcr-provenance: needs: [release-source-controller] @@ -33,15 +34,22 @@ jobs: with: image: ghcr.io/${{ needs.release-source-controller.outputs.image_url }} digest: ${{ needs.release-source-controller.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} release-kustomize-controller: + permissions: + contents: read + id-token: write + packages: write uses: ./.github/workflows/controller_release.yaml with: controller: kustomize-controller version: v21 + secrets: + ghcrToken: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} kc-ghcr-provenance: needs: [release-kustomize-controller] @@ -54,15 +62,22 @@ jobs: with: image: ghcr.io/${{ needs.release-kustomize-controller.outputs.image_url }} digest: ${{ needs.release-kustomize-controller.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} release-helm-controller: + permissions: + contents: read + id-token: write + packages: write uses: ./.github/workflows/controller_release.yaml with: controller: helm-controller version: v21 + secrets: + ghcrToken: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} hc-ghcr-provenance: needs: [release-helm-controller] @@ -75,15 +90,22 @@ jobs: with: image: ghcr.io/${{ needs.release-helm-controller.outputs.image_url }} digest: ${{ needs.release-helm-controller.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} release-image-reflector-controller: + permissions: + contents: read + id-token: write + packages: write uses: ./.github/workflows/controller_release.yaml with: controller: image-reflector-controller version: v21 + secrets: + ghcrToken: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} irc-ghcr-provenance: needs: [release-image-reflector-controller] @@ -96,15 +118,22 @@ jobs: with: image: ghcr.io/${{ needs.release-image-reflector-controller.outputs.image_url }} digest: ${{ needs.release-image-reflector-controller.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} release-image-automation-controller: + permissions: + contents: read + id-token: write + packages: write uses: ./.github/workflows/controller_release.yaml with: controller: image-automation-controller version: v21 + secrets: + ghcrToken: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} iac-ghcr-provenance: needs: [release-image-automation-controller] @@ -117,15 +146,22 @@ jobs: with: image: ghcr.io/${{ needs.release-image-automation-controller.outputs.image_url }} digest: ${{ needs.release-image-automation-controller.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} release-notification-controller: + permissions: + contents: read + id-token: write + packages: write uses: ./.github/workflows/controller_release.yaml with: controller: notification-controller version: v21 + secrets: + ghcrToken: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} nc-ghcr-provenance: needs: [release-notification-controller] @@ -138,9 +174,10 @@ jobs: with: image: ghcr.io/${{ needs.release-notification-controller.outputs.image_url }} digest: ${{ needs.release-notification-controller.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} release-flux-cli: outputs: @@ -182,8 +219,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + username: weave-ghcr-bot + password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} - name: Clone and patch repo id: patch run: | @@ -197,16 +234,43 @@ jobs: fi bash -x ./scripts/patch_repo.sh "https://github.com/fluxcd/flux2.git" flux2 ${FLUX2_BASE_VERSION} unlink patches-flux - echo ::set-output name=version::${VERSION} + echo "version=${VERSION}" >> $GITHUB_OUTPUT - name: Download all controllers release artifacts uses: actions/download-artifact@v3 with: path: ./flux2 + - name: Place yamls in the right place + run: | + # source-controller yamls + cp -p ./flux2/source-controller/source-controller.crds.yaml ./flux2/manifests/bases/source-controller/ + cp -p ./flux2/source-controller/source-controller.crds.yaml ./flux2/manifests/crds/ + cp -p ./flux2/source-controller/source-controller.deployment.yaml ./flux2/manifests/bases/source-controller/ + # kustomize-controller yamls + cp -p ./flux2/kustomize-controller/kustomize-controller.crds.yaml ./flux2/manifests/bases/kustomize-controller/ + cp -p ./flux2/kustomize-controller/kustomize-controller.crds.yaml ./flux2/manifests/crds/ + cp -p ./flux2/kustomize-controller/kustomize-controller.deployment.yaml ./flux2/manifests/bases/kustomize-controller/ + # helm-controller yamls + cp -p ./flux2/helm-controller/helm-controller.crds.yaml ./flux2/manifests/bases/helm-controller/ + cp -p ./flux2/helm-controller/helm-controller.crds.yaml ./flux2/manifests/crds/ + cp -p ./flux2/helm-controller/helm-controller.deployment.yaml ./flux2/manifests/bases/helm-controller/ + # image-reflector-controller yamls + cp -p ./flux2/image-reflector-controller/image-reflector-controller.crds.yaml ./flux2/manifests/bases/image-reflector-controller/ + cp -p ./flux2/image-reflector-controller/image-reflector-controller.crds.yaml ./flux2/manifests/crds/ + cp -p ./flux2/image-reflector-controller/image-reflector-controller.deployment.yaml ./flux2/manifests/bases/image-reflector-controller/ + # image-automation-controller yamls + cp -p ./flux2/image-automation-controller/image-automation-controller.crds.yaml ./flux2/manifests/bases/image-automation-controller/ + cp -p ./flux2/image-automation-controller/image-automation-controller.crds.yaml ./flux2/manifests/crds/ + cp -p ./flux2/image-automation-controller/image-automation-controller.deployment.yaml ./flux2/manifests/bases/image-automation-controller/ + # notification-controller yamls + cp -p ./flux2/notification-controller/notification-controller.crds.yaml ./flux2/manifests/bases/notification-controller/ + cp -p ./flux2/notification-controller/notification-controller.crds.yaml ./flux2/manifests/crds/ + cp -p ./flux2/notification-controller/notification-controller.deployment.yaml ./flux2/manifests/bases/notification-controller/ - name: Generate manifests run: | - make ./flux2/cmd/flux/.manifests.done - ./flux2/manifests/scripts/bundle.sh "" ./output manifests.tar.gz - kustomize build .flux2/manifests/install > ./output/install.yaml + cd ./flux2 + make cmd/flux/.manifests.done + ./manifests/scripts/bundle.sh "" ../output manifests.tar.gz + kustomize build ./manifests/install > ../output/install.yaml - name: Build CRDs run: | kustomize build ./flux2/manifests/crds > all-crds.yaml @@ -226,7 +290,7 @@ jobs: version: latest args: release --clean --skip-validate env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Generate SLSA metadata id: slsa @@ -251,11 +315,32 @@ jobs: id-token: write packages: write steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Checkout + uses: actions/checkout@v2 - name: Setup Kustomize uses: fluxcd/pkg/actions/kustomize@main + - name: install stgit + shell: bash + run: | + sudo apt-get install -y stgit + git config --global user.name "Soule BA" + git config --global user.email "soule@weave.works" + - name: Clone and patch repo + id: patch + run: | + ln -s patches-flux-v21 patches-flux + rm -rf flux2 || true + source ./patches-flux/VERSION + if [[ "$FLUX2_SUFFIX_VERSION" =~ ^wa[.][0-9]+$ ]]; then + VERSION=${FLUX2_BASE_VERSION}-${FLUX2_SUFFIX_VERSION} + else + VERSION=${FLUX2_BASE_VERSION}-wa + fi + bash -x ./scripts/patch_repo.sh "https://github.com/fluxcd/flux2.git" flux2 ${FLUX2_BASE_VERSION} + unlink patches-flux + echo "version=${VERSION}" >> $GITHUB_OUTPUT - name: Setup Flux CLI - uses: ./action/ + uses: ./flux2/action/ - name: Prepare id: prep run: | @@ -265,8 +350,8 @@ jobs: uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + username: weave-ghcr-bot + password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} - name: Push manifests to GHCR run: | mkdir -p ./ghcr.io/flux-system @@ -301,6 +386,7 @@ jobs: provenance-name: "provenance.intoto.jsonl" base64-subjects: "${{ needs.release-flux-cli.outputs.hashes }}" upload-assets: true + private-repository: true ghcr-provenance: needs: [release-flux-cli] @@ -312,6 +398,7 @@ jobs: with: image: ghcr.io/${{ needs.release-flux-cli.outputs.image_url }} digest: ${{ needs.release-flux-cli.outputs.image_digest }} - registry-username: ${{ github.actor }} + registry-username: weave-ghcr-bot + private-repository: true secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + registry-password: ${{ secrets.WEAVE_ASSURED_GHCR_BOT_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml index f5a899f..d3ebd4c 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,8 +1,9 @@ -project_name: weave-assured-flux +project_name: flux builds: - <<: &build_defaults binary: flux - main: ./flux2/cmd/flux + main: ./cmd/flux + dir: ./flux2 ldflags: - -s -w -X main.VERSION={{ .Version }} env: @@ -53,7 +54,6 @@ release: - glob: output/crd-schemas.tar.gz - glob: output/manifests.tar.gz - glob: output/install.yaml - prerelease: "auto" changelog: skip: true @@ -79,7 +79,7 @@ signs: dockers: - image_templates: - 'ghcr.io/weaveworks/flux-cli:{{ .Tag }}-amd64' - dockerfile: Dockerfile + dockerfile: ./flux2/Dockerfile use: buildx goos: linux goarch: amd64 @@ -94,7 +94,7 @@ dockers: - "--platform=linux/amd64" - image_templates: - 'ghcr.io/weaveworks/flux-cli:{{ .Tag }}-arm64' - dockerfile: Dockerfile + dockerfile: ./flux2/Dockerfile use: buildx goos: linux goarch: arm64 @@ -109,7 +109,7 @@ dockers: - "--platform=linux/arm64" - image_templates: - 'ghcr.io/weaveworks/flux-cli:{{ .Tag }}-arm' - dockerfile: Dockerfile + dockerfile: ./flux2/Dockerfile use: buildx goos: linux goarch: arm diff --git a/patches-flux-v21/flux2/01-change_image_name.patch b/patches-flux-v21/flux2/01-change_image_name.patch index f0bd47f..0221184 100644 --- a/patches-flux-v21/flux2/01-change_image_name.patch +++ b/patches-flux-v21/flux2/01-change_image_name.patch @@ -5,12 +5,8 @@ From: Soule BA --- action/action.yml | 4 ++-- - cmd/flux/bootstrap.go | 16 +++++++++++++++- - cmd/flux/bootstrap_bitbucket_server.go | 4 +++- - cmd/flux/bootstrap_git.go | 4 +++- - cmd/flux/bootstrap_github.go | 4 +++- - cmd/flux/bootstrap_gitlab.go | 4 +++- - cmd/flux/install.go | 20 +++++++++++++++++--- + cmd/flux/bootstrap.go | 2 +- + cmd/flux/install.go | 2 +- manifests/bases/helm-controller/kustomization.yaml | 4 ++-- .../image-automation-controller/kustomization.yaml | 4 ++-- .../image-reflector-controller/kustomization.yaml | 4 ++-- @@ -19,7 +15,9 @@ From: Soule BA .../bases/source-controller/kustomization.yaml | 4 ++-- manifests/crds/kustomization.yaml | 12 ++++++------ manifests/install/kustomization.yaml | 12 ++++++------ - 15 files changed, 70 insertions(+), 34 deletions(-) + pkg/manifestgen/install/install.go | 4 ++-- + pkg/manifestgen/install/options.go | 4 ++-- + 13 files changed, 32 insertions(+), 32 deletions(-) diff --git a/action/action.yml b/action/action.yml index d88786ee..583e77e3 100644 @@ -44,193 +42,33 @@ index d88786ee..583e77e3 100644 curl -fsSL -o "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_TARGET_FILE" curl -fsSL -o "$DL_DIR/$FLUX_CHECKSUMS_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_CHECKSUMS_FILE" diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go -index 2441551d..b08d2363 100644 +index 2441551d..68479ad9 100644 --- a/cmd/flux/bootstrap.go +++ b/cmd/flux/bootstrap.go -@@ -73,6 +73,8 @@ type bootstrapFlags struct { - gpgKeyID string - - commitMessageAppendix string -+ -+ assured bool - } - - const ( -@@ -90,8 +92,10 @@ func init() { +@@ -90,7 +90,7 @@ func init() { bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.extraComponents, "components-extra", nil, "list of components in addition to those supplied or defaulted, accepts values such as 'image-reflector-controller,image-automation-controller'") - bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "ghcr.io/fluxcd", -+ bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "", ++ bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "ghcr.io/weaveworks", "container registry where the Flux controller images are published") -+ bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.assured, "assured", false, -+ "use weave-assured container images from the registry") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.imagePullSecret, "image-pull-secret", "", "Kubernetes secret name used for pulling the controller images from a private registry") - -@@ -148,6 +152,16 @@ func bootstrapComponents() []string { - return append(bootstrapArgs.defaultComponents, bootstrapArgs.extraComponents...) - } - -+func bootstrapRegistry() string { -+ if bootstrapArgs.registry == "" { -+ bootstrapArgs.registry = rootArgs.defaults.Registry -+ if bootstrapArgs.assured { -+ bootstrapArgs.registry = "ghcr.io/weaveworks" -+ } -+ } -+ return bootstrapArgs.registry -+} -+ - func buildEmbeddedManifestBase() (string, error) { - if !isEmbeddedVersion(bootstrapArgs.version) { - return "", nil -diff --git a/cmd/flux/bootstrap_bitbucket_server.go b/cmd/flux/bootstrap_bitbucket_server.go -index 40eccca8..c82eca7f 100644 ---- a/cmd/flux/bootstrap_bitbucket_server.go -+++ b/cmd/flux/bootstrap_bitbucket_server.go -@@ -188,7 +188,7 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error { - Version: bootstrapArgs.version, - Namespace: *kubeconfigArgs.Namespace, - Components: bootstrapComponents(), -- Registry: bootstrapArgs.registry, -+ Registry: bootstrapRegistry(), - ImagePullSecret: bootstrapArgs.imagePullSecret, - WatchAllNamespaces: bootstrapArgs.watchAllNamespaces, - NetworkPolicy: bootstrapArgs.networkPolicy, -@@ -202,6 +202,8 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error { - } - if customBaseURL := bootstrapArgs.manifestsPath; customBaseURL != "" { - installOptions.BaseURL = customBaseURL -+ } else if bootstrapArgs.assured { -+ installOptions.BaseURL = "https://github.com/weaveworks/weave-assured-flux/releases" - } - - // Source generation and secret config -diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go -index bd9dc80a..5c862a33 100644 ---- a/cmd/flux/bootstrap_git.go -+++ b/cmd/flux/bootstrap_git.go -@@ -193,7 +193,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error { - Version: bootstrapArgs.version, - Namespace: *kubeconfigArgs.Namespace, - Components: bootstrapComponents(), -- Registry: bootstrapArgs.registry, -+ Registry: bootstrapRegistry(), - ImagePullSecret: bootstrapArgs.imagePullSecret, - WatchAllNamespaces: bootstrapArgs.watchAllNamespaces, - NetworkPolicy: bootstrapArgs.networkPolicy, -@@ -207,6 +207,8 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error { - } - if customBaseURL := bootstrapArgs.manifestsPath; customBaseURL != "" { - installOptions.BaseURL = customBaseURL -+ } else if bootstrapArgs.assured { -+ installOptions.BaseURL = "https://github.com/weaveworks/weave-assured-flux/releases" - } - - // Source generation and secret config -diff --git a/cmd/flux/bootstrap_github.go b/cmd/flux/bootstrap_github.go -index 8c7c214e..88bb6cbd 100644 ---- a/cmd/flux/bootstrap_github.go -+++ b/cmd/flux/bootstrap_github.go -@@ -183,7 +183,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error { - Version: bootstrapArgs.version, - Namespace: *kubeconfigArgs.Namespace, - Components: bootstrapComponents(), -- Registry: bootstrapArgs.registry, -+ Registry: bootstrapRegistry(), - ImagePullSecret: bootstrapArgs.imagePullSecret, - WatchAllNamespaces: bootstrapArgs.watchAllNamespaces, - NetworkPolicy: bootstrapArgs.networkPolicy, -@@ -197,6 +197,8 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error { - } - if customBaseURL := bootstrapArgs.manifestsPath; customBaseURL != "" { - installOptions.BaseURL = customBaseURL -+ } else if bootstrapArgs.assured { -+ installOptions.BaseURL = "https://github.com/weaveworks/weave-assured-flux/releases" - } - - // Source generation and secret config -diff --git a/cmd/flux/bootstrap_gitlab.go b/cmd/flux/bootstrap_gitlab.go -index 6bb111c3..578f1667 100644 ---- a/cmd/flux/bootstrap_gitlab.go -+++ b/cmd/flux/bootstrap_gitlab.go -@@ -208,7 +208,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error { - Version: bootstrapArgs.version, - Namespace: *kubeconfigArgs.Namespace, - Components: bootstrapComponents(), -- Registry: bootstrapArgs.registry, -+ Registry: bootstrapRegistry(), - ImagePullSecret: bootstrapArgs.imagePullSecret, - WatchAllNamespaces: bootstrapArgs.watchAllNamespaces, - NetworkPolicy: bootstrapArgs.networkPolicy, -@@ -222,6 +222,8 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error { - } - if customBaseURL := bootstrapArgs.manifestsPath; customBaseURL != "" { - installOptions.BaseURL = customBaseURL -+ } else if bootstrapArgs.assured { -+ installOptions.BaseURL = "https://github.com/weaveworks/weave-assured-flux/releases" - } - - // Source generation and secret config diff --git a/cmd/flux/install.go b/cmd/flux/install.go -index 53712021..a0c1162c 100644 +index 53712021..6bb96c4e 100644 --- a/cmd/flux/install.go +++ b/cmd/flux/install.go -@@ -63,6 +63,7 @@ type installFlags struct { - defaultComponents []string - extraComponents []string - registry string -+ assured bool - imagePullSecret string - branch string - watchAllNamespaces bool -@@ -86,8 +87,8 @@ func init() { +@@ -80,7 +80,7 @@ func init() { + installCmd.Flags().BoolVar(&installArgs.export, "export", false, + "write the install manifests to stdout and exit") + installCmd.Flags().StringVarP(&installArgs.version, "version", "v", "", +- "toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases") ++ "toolkit version, when specified the manifests are downloaded from https://github.com/weaveworks/weave-assured-flux/releases") + installCmd.Flags().StringSliceVar(&installArgs.defaultComponents, "components", rootArgs.defaults.Components, + "list of components, accepts comma-separated values") installCmd.Flags().StringSliceVar(&installArgs.extraComponents, "components-extra", nil, - "list of components in addition to those supplied or defaulted, accepts values such as 'image-reflector-controller,image-automation-controller'") - installCmd.Flags().StringVar(&installArgs.manifestsPath, "manifests", "", "path to the manifest directory") -- installCmd.Flags().StringVar(&installArgs.registry, "registry", rootArgs.defaults.Registry, -- "container registry where the toolkit images are published") -+ installCmd.Flags().StringVar(&installArgs.registry, "registry", "", "container registry where the toolkit images are published") -+ installCmd.Flags().BoolVar(&installArgs.assured, "assured", false, "use weave-assured-flux version") - installCmd.Flags().StringVar(&installArgs.imagePullSecret, "image-pull-secret", "", - "Kubernetes secret name used for pulling the toolkit images from a private registry") - installCmd.Flags().BoolVar(&installArgs.watchAllNamespaces, "watch-all-namespaces", rootArgs.defaults.WatchAllNamespaces, -@@ -148,7 +149,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error { - Version: installArgs.version, - Namespace: *kubeconfigArgs.Namespace, - Components: components, -- Registry: installArgs.registry, -+ Registry: installRegistry(), - ImagePullSecret: installArgs.imagePullSecret, - WatchAllNamespaces: installArgs.watchAllNamespaces, - NetworkPolicy: installArgs.networkPolicy, -@@ -162,6 +163,9 @@ func installCmdRun(cmd *cobra.Command, args []string) error { - - if installArgs.manifestsPath == "" { - opts.BaseURL = install.MakeDefaultOptions().BaseURL -+ if installArgs.assured { -+ opts.BaseURL = "https://github.com/weaveworks/weave-assured-flux/releases" -+ } - } - - manifest, err := install.Generate(opts, manifestsBase) -@@ -210,3 +214,13 @@ func installCmdRun(cmd *cobra.Command, args []string) error { - logger.Successf("install finished") - return nil - } -+ -+func installRegistry() string { -+ if installArgs.registry == "" { -+ installArgs.registry = rootArgs.defaults.Registry -+ if installArgs.assured { -+ installArgs.registry = "ghcr.io/weaveworks" -+ } -+ } -+ return installArgs.registry -+} diff --git a/manifests/bases/helm-controller/kustomization.yaml b/manifests/bases/helm-controller/kustomization.yaml -index 2037bdfe..c81018a0 100644 +index 2037bdfe..57136941 100644 --- a/manifests/bases/helm-controller/kustomization.yaml +++ b/manifests/bases/helm-controller/kustomization.yaml @@ -1,8 +1,8 @@ @@ -239,13 +77,13 @@ index 2037bdfe..c81018a0 100644 resources: -- https://github.com/fluxcd/helm-controller/releases/download/v0.36.1/helm-controller.crds.yaml -- https://github.com/fluxcd/helm-controller/releases/download/v0.36.1/helm-controller.deployment.yaml -+- ../../../helm-controller/helm-controller.crds.yaml -+- ../../../helm-controller/helm-controller.deployment.yaml ++- ./helm-controller.crds.yaml ++- ./helm-controller.deployment.yaml - account.yaml transformers: - labels.yaml diff --git a/manifests/bases/image-automation-controller/kustomization.yaml b/manifests/bases/image-automation-controller/kustomization.yaml -index f6beff59..8b148ca9 100644 +index f6beff59..2cf838fc 100644 --- a/manifests/bases/image-automation-controller/kustomization.yaml +++ b/manifests/bases/image-automation-controller/kustomization.yaml @@ -1,8 +1,8 @@ @@ -254,13 +92,13 @@ index f6beff59..8b148ca9 100644 resources: -- https://github.com/fluxcd/image-automation-controller/releases/download/v0.36.1/image-automation-controller.crds.yaml -- https://github.com/fluxcd/image-automation-controller/releases/download/v0.36.1/image-automation-controller.deployment.yaml -+- ../../../image-automation-controller/image-automation-controller.crds.yaml -+- ../../../image-automation-controller/image-automation-controller.deployment.yaml ++- ./image-automation-controller.crds.yaml ++- ./image-automation-controller.deployment.yaml - account.yaml transformers: - labels.yaml diff --git a/manifests/bases/image-reflector-controller/kustomization.yaml b/manifests/bases/image-reflector-controller/kustomization.yaml -index e1a30b53..b6d9d6bb 100644 +index e1a30b53..61907995 100644 --- a/manifests/bases/image-reflector-controller/kustomization.yaml +++ b/manifests/bases/image-reflector-controller/kustomization.yaml @@ -1,8 +1,8 @@ @@ -269,13 +107,13 @@ index e1a30b53..b6d9d6bb 100644 resources: -- https://github.com/fluxcd/image-reflector-controller/releases/download/v0.30.0/image-reflector-controller.crds.yaml -- https://github.com/fluxcd/image-reflector-controller/releases/download/v0.30.0/image-reflector-controller.deployment.yaml -+- ../../../image-reflector-controller/image-reflector-controller.crds.yaml -+- ../../../image-reflector-controller/image-reflector-controller.deployment.yaml ++- ./image-reflector-controller.crds.yaml ++- ./image-reflector-controller.deployment.yaml - account.yaml transformers: - labels.yaml diff --git a/manifests/bases/kustomize-controller/kustomization.yaml b/manifests/bases/kustomize-controller/kustomization.yaml -index d831b6bd..730a44be 100644 +index d831b6bd..3fc1de02 100644 --- a/manifests/bases/kustomize-controller/kustomization.yaml +++ b/manifests/bases/kustomize-controller/kustomization.yaml @@ -1,8 +1,8 @@ @@ -284,13 +122,13 @@ index d831b6bd..730a44be 100644 resources: -- https://github.com/fluxcd/kustomize-controller/releases/download/v1.1.0/kustomize-controller.crds.yaml -- https://github.com/fluxcd/kustomize-controller/releases/download/v1.1.0/kustomize-controller.deployment.yaml -+- ../../../kustomize-controller/kustomize-controller.crds.yaml -+- ../../../kustomize-controller/kustomize-controller.deployment.yaml ++- ./kustomize-controller.crds.yaml ++- ./kustomize-controller.deployment.yaml - account.yaml transformers: - labels.yaml diff --git a/manifests/bases/notification-controller/kustomization.yaml b/manifests/bases/notification-controller/kustomization.yaml -index 262acc6b..27213a1e 100644 +index 262acc6b..a4f49446 100644 --- a/manifests/bases/notification-controller/kustomization.yaml +++ b/manifests/bases/notification-controller/kustomization.yaml @@ -1,8 +1,8 @@ @@ -299,13 +137,13 @@ index 262acc6b..27213a1e 100644 resources: -- https://github.com/fluxcd/notification-controller/releases/download/v1.1.0/notification-controller.crds.yaml -- https://github.com/fluxcd/notification-controller/releases/download/v1.1.0/notification-controller.deployment.yaml -+- ../../../notification-controller/notification-controller.crds.yaml -+- ../../../notification-controller/notification-controller.deployment.yaml ++- ./notification-controller.crds.yaml ++- ./notification-controller.deployment.yaml - account.yaml transformers: - labels.yaml diff --git a/manifests/bases/source-controller/kustomization.yaml b/manifests/bases/source-controller/kustomization.yaml -index 67d4566a..f5b4ff4a 100644 +index 67d4566a..40b85ae8 100644 --- a/manifests/bases/source-controller/kustomization.yaml +++ b/manifests/bases/source-controller/kustomization.yaml @@ -1,8 +1,8 @@ @@ -314,13 +152,13 @@ index 67d4566a..f5b4ff4a 100644 resources: -- https://github.com/fluxcd/source-controller/releases/download/v1.1.1/source-controller.crds.yaml -- https://github.com/fluxcd/source-controller/releases/download/v1.1.1/source-controller.deployment.yaml -+- ../../../source-controller/source-controller.crds.yaml -+- ../../../source-controller/source-controller.deployment.yaml ++- ./source-controller.crds.yaml ++- ./source-controller.deployment.yaml - account.yaml transformers: - labels.yaml diff --git a/manifests/crds/kustomization.yaml b/manifests/crds/kustomization.yaml -index feaa2d60..bf84e427 100644 +index feaa2d60..eea40455 100644 --- a/manifests/crds/kustomization.yaml +++ b/manifests/crds/kustomization.yaml @@ -1,9 +1,9 @@ @@ -333,12 +171,12 @@ index feaa2d60..bf84e427 100644 -- https://github.com/fluxcd/notification-controller/releases/download/v1.1.0/notification-controller.crds.yaml -- https://github.com/fluxcd/image-reflector-controller/releases/download/v0.30.0/image-reflector-controller.crds.yaml -- https://github.com/fluxcd/image-automation-controller/releases/download/v0.36.1/image-automation-controller.crds.yaml -+- ../../../source-controller/source-controller.crds.yaml -+- ../../../kustomize-controller/kustomize-controller.crds.yaml -+- ../../../helm-controller/helm-controller.crds.yaml -+- ../../../notification-controller/notification-controller.crds.yaml -+- ../../../image-reflector-controller/image-reflector-controller.crds.yaml -+- ../../../image-automation-controller/image-automation-controller.crds.yaml ++- ./source-controller.crds.yaml ++- ./kustomize-controller.crds.yaml ++- ./helm-controller.crds.yaml ++- ./notification-controller.crds.yaml ++- ./image-reflector-controller.crds.yaml ++- ./image-automation-controller.crds.yaml diff --git a/manifests/install/kustomization.yaml b/manifests/install/kustomization.yaml index edce8ca8..bfe3a8b6 100644 --- a/manifests/install/kustomization.yaml @@ -364,3 +202,44 @@ index edce8ca8..bfe3a8b6 100644 - name: fluxcd/image-automation-controller - newName: ghcr.io/fluxcd/image-automation-controller + newName: ghcr.io/weaveworks/image-automation-controller +diff --git a/pkg/manifestgen/install/install.go b/pkg/manifestgen/install/install.go +index 594997c2..7ed17ecb 100644 +--- a/pkg/manifestgen/install/install.go ++++ b/pkg/manifestgen/install/install.go +@@ -91,7 +91,7 @@ func Generate(options Options, manifestsBase string) (*manifestgen.Manifest, err + + // GetLatestVersion calls the GitHub API and returns the latest released version. + func GetLatestVersion() (string, error) { +- ghURL := "https://api.github.com/repos/fluxcd/flux2/releases/latest" ++ ghURL := "https://api.github.com/repos/weaveworks/weave-assured-flux/releases/latest" + c := cleanhttp.DefaultClient() + c.Timeout = 15 * time.Second + +@@ -121,7 +121,7 @@ func ExistingVersion(version string) (bool, error) { + version = "v" + version + } + +- ghURL := fmt.Sprintf("https://api.github.com/repos/fluxcd/flux2/releases/tags/%s", version) ++ ghURL := fmt.Sprintf("https://api.github.com/repos/weaveworks/weave-assured-flux/releases/tags/%s", version) + c := cleanhttp.DefaultClient() + c.Timeout = 15 * time.Second + +diff --git a/pkg/manifestgen/install/options.go b/pkg/manifestgen/install/options.go +index a456007b..7b06d6e8 100644 +--- a/pkg/manifestgen/install/options.go ++++ b/pkg/manifestgen/install/options.go +@@ -45,12 +45,12 @@ func MakeDefaultOptions() Options { + Components: []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}, + ComponentsExtra: []string{"image-reflector-controller", "image-automation-controller"}, + EventsAddr: "", +- Registry: "ghcr.io/fluxcd", ++ Registry: "ghcr.io/weaveworks", + ImagePullSecret: "", + WatchAllNamespaces: true, + NetworkPolicy: true, + LogLevel: "info", +- BaseURL: "https://github.com/fluxcd/flux2/releases", ++ BaseURL: "https://github.com/weaveworks/weave-assured-flux/releases", + NotificationController: "notification-controller", + ManifestFile: "gotk-components.yaml", + Timeout: time.Minute, diff --git a/scripts/patch_repo.sh b/scripts/patch_repo.sh index 3c440c3..f7ceeb3 100644 --- a/scripts/patch_repo.sh +++ b/scripts/patch_repo.sh @@ -23,12 +23,12 @@ function patch() { local file=$1 local lines=0 - # check that series file exists and has more than 2 lines + # check that series file exists and has more than one line if [ -f "$file" ]; then lines=$(cat "$file" | wc -l) - if [ "$lines" gt 2 ]; then + if [ "$lines" -gt 1 ]; then stg init - stg import -t --series file + stg import -t --series $file stg_version_output=$(stg --version | grep -i stacked | head -n 1) if [ "$stg_version_output" == "Stacked Git 2.2.2" ]; then # for stg 2.2.2 @@ -49,6 +49,9 @@ clone $1 $2 $3 p "Successfully cloned $1 into $2 with tag $3" cd $2 +# create a new branch for the patch +git switch -c $3 >/dev/null + p "Patching repo with ../patches-flux/$2/series ..." patch ../patches-flux/$2/series p "Successfully patched $2"