Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,15 @@ RUN curl -sSfLO https://github.com/operator-framework/operator-sdk/releases/down
ARG GOLANGCI_VERSION=2.5.0

RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sudo sh -s -- v${GOLANGCI_VERSION}

ARG KIND_VERSION=0.30.0

RUN curl -sSfLO https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-linux-amd64 && \
chmod +x kind-linux-amd64 && \
sudo mv kind-linux-amd64 /usr/local/bin/kind

ARG KUBECTL_VERSION=1.34.1

RUN curl -sSfLO https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \
chmod +x kubectl && \
sudo mv kubectl /usr/local/bin/kubectl
62 changes: 62 additions & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: "Build"

on:
workflow_call:
inputs:
is-development:
description: "Whether the build is for development purposes or not"
required: false
default: true
type: boolean
is-latest:
description: "Whether the build is for the latest tag or not"
required: false
default: false
type: boolean
is-stable:
description: "Whether the build is for a stable release or not"
required: false
default: false
type: boolean
Comment on lines +6 to +20

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure that the is belongs here

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why ?

(Those workflows are the same we use in different repos already)


jobs:
build:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v5
with:
# NOTE: We fetch depth so that we can put the right `GIT` reference
fetch-depth: 0
ref: ${{ github.ref }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to the registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Compute tags
id: tags
# If `is-development` then suffix tag with `-dev`
# If `is-latest` then add `latest` tag
# If not `is-stable` then suffix `-dev` to `latest
run: |
version="$(git describe --tags --always --dirty --match='v[0-9]*')${{ inputs.is-development && '-dev' || '' }}"
tags="ghcr.io/${{ github.repository }}:${version}"
if [ "${{ inputs.is-latest }}" = "true" ]; then
tags="$tags,ghcr.io/${{ github.repository }}:latest${{ ! inputs.is-stable && '-dev' || '' }}"
fi
echo "tags=$tags" >> $GITHUB_OUTPUT
echo "version=$version" >> $GITHUB_OUTPUT
- name: Build image
uses: docker/build-push-action@v6
with:
context: .
build-args:
VERSION=${{ steps.tags.outputs.version }}
push: true
tags: ${{ steps.tags.outputs.tags }}
cache-from: type=gha,scope=crl-operator
cache-to: type=gha,mode=max,scope=crl-operator
23 changes: 0 additions & 23 deletions .github/workflows/lint.yml

This file was deleted.

15 changes: 15 additions & 0 deletions .github/workflows/post-merge.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: "Post Merge"

on:
push:
branches:
- main

jobs:
build:
uses: ./.github/workflows/build.yaml
secrets: inherit
with:
is-development: false
is-latest: true
is-stable: false
55 changes: 55 additions & 0 deletions .github/workflows/pre-merge.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: "Pre Merge"

on:
workflow_dispatch:

pull_request:
branches:
- main

jobs:
build:
uses: ./.github/workflows/build.yaml
secrets: inherit
with:
is-development: true
is-latest: false
is-stable: false

generate:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Run code generation
# We run code generation to ensure that the generated code is up to date
run: |
go generate ./... &&
make generate manifests &&
git diff --quiet
Comment thread
vdaviot marked this conversation as resolved.

lint:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Run linters
uses: golangci/golangci-lint-action@v8
with:
version: v2.5.0

test:
uses: ./.github/workflows/test.yml
secrets: inherit

test-e2e:
uses: ./.github/workflows/test-e2e.yml
secrets: inherit
39 changes: 39 additions & 0 deletions .github/workflows/promote.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Promote
run-name: "Promote ${{ github.ref_name }}"

on:
push:
tags:
- "v*"

jobs:
build:
uses: ./.github/workflows/build.yaml
secrets: inherit
with:
is-development: false
is-latest: true
is-stable: ${{ ! contains(github.ref_name, '-') }}

create-release:
needs: build
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# NOTE: We explicitly set the refs otherwise the tag
# annotations content is not fetched
# See: https://github.com/actions/checkout/issues/882
ref: ${{ github.ref }}
- uses: softprops/action-gh-release@v2
with:
name: CRL Operator ${{ github.ref_name }}
tag_name: ${{ github.ref_name }}
generate_release_notes: true
# We consider pre-releases if the tag contains a hyphen
# e.g. v1.2.3-alpha.0
prerelease: ${{ contains(github.ref_name, '-') }}
draft: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
83 changes: 83 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: "Release"
run-name: Release new ${{ inputs.version-type }} from ${{ github.ref_name }}

on:
workflow_dispatch:
inputs:
version-type:
description: "Version type"
required: true
type: choice
default: "alpha"
options:
- "alpha"
- "beta"
- "GA"
version-scope:
description: "Version scope"
required: true
type: choice
default: "patch"
options:
- "patch"
- "minor"
- "major"

jobs:
prepare-version:
runs-on: ubuntu-24.04
if: github.ref_name == 'main'
steps:
- uses: actions/create-github-app-token@v2
id: app-token
# NOTE: This is needed otherwise it's the same user that create the tag
# than the one triggering the workflow on push tag which does not work
with:
app-id: ${{ vars.ACTIONS_APP_ID }}
private-key: ${{ secrets.ACTIONS_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Install semver tool
run: |
curl --fail -LO https://raw.githubusercontent.com/fsaintjacques/semver-tool/3.4.0/src/semver
chmod +x ./semver
- name: Compose release tag
run: |
last_ga_tag="$(git tag --sort=taggerdate --list "v*" | grep -v '\-' | tail -n 1)"
if [[ -z "$last_ga_tag" ]]; then
last_ga_tag="0.0.0"
fi

new_version="$(./semver bump "${{ inputs.version-scope }}" "$last_ga_tag")"

if [[ "${{ inputs.version-type }}" == "alpha" ]] || [[ "${{ inputs.version-type }}" == "beta" ]]; then
last_pre_tag="$(git tag --sort=taggerdate --list "v$new_version-${{ inputs.version-type }}.*" | tail -n 1)"
if [[ -z "$last_pre_tag" ]]; then
new_version="$new_version-${{ inputs.version-type }}.1"
else
new_version="$(./semver bump prerel "$last_pre_tag")"
fi
fi

if [[ "${new_version:0:1}" != "v" ]]; then
new_version="v$new_version"
fi

echo "New version: $new_version"
echo "RELEASE_TAG=$new_version" >> "$GITHUB_ENV"
- name: Validate ${{ env.RELEASE_TAG }} tag
run: ./semver validate ${{ env.RELEASE_TAG }}

- name: Create and push `${{ env.RELEASE_TAG }}` tag
run: |
git fsck
git gc

git config --global user.email ${{ github.actor }}@scality.com
git config --global user.name ${{ github.actor }}

git tag -a "${{ env.RELEASE_TAG }}" -m "CRL Operator ${{ env.RELEASE_TAG }}"
git push origin "${{ env.RELEASE_TAG }}"
17 changes: 9 additions & 8 deletions .github/workflows/test-e2e.yml
Original file line number Diff line number Diff line change
@@ -1,25 +1,26 @@
name: E2E Tests

on:
push:
pull_request:
workflow_call:

jobs:
test-e2e:
name: Run on Ubuntu
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
# Disable e2e tests since there is none for now
if: false
steps:
- name: Clone the code
- name: Checkout
uses: actions/checkout@v4

- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod

- name: Install the latest version of kind
- name: Install kind
env:
KIND_VERSION: v0.30.0
run: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64
curl -Lo ./kind https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind

Expand Down
9 changes: 3 additions & 6 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -1,17 +1,14 @@
name: Tests

on:
push:
pull_request:
workflow_call:

jobs:
test:
name: Run on Ubuntu
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Clone the code
- name: Checkout
uses: actions/checkout@v4

- name: Setup Go
uses: actions/setup-go@v5
with:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Dockerfile.cross
coverage.*
*.coverprofile
profile.cov
testdata

# Dependency directories (remove the comment below to include it)
# vendor/
Expand Down
12 changes: 11 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -109,9 +109,19 @@ vet: ## Run go vet against code.
go vet ./...

.PHONY: test
test: manifests generate fmt vet setup-envtest ## Run tests.
test: manifests generate fmt vet setup-envtest download-extra-crds ## Run tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out

CERT_MANAGER_VERSION := v1.19.1
testdata/crds/cert-manager-crds.yaml:
@mkdir -p $(@D)
curl -sSLo $@ \
https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.crds.yaml


.PHONY: download-extra-crds
download-extra-crds: testdata/crds/cert-manager-crds.yaml

# TODO(user): To use a different vendor for e2e tests, modify the setup under 'tests/e2e'.
# The default setup assumes Kind is pre-installed and builds/loads the Manager Docker image locally.
# CertManager is installed by default; skip with:
Expand Down
3 changes: 3 additions & 0 deletions internal/controller/managedcrl_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -717,6 +717,9 @@ func (r *ManagedCRLReconciler) crlNeedRenewal(currentCRL *x509.RevocationList, r
}

// Check if the CRL contains all revoked certificates
if len(revokedList) != len(currentCRL.RevokedCertificateEntries) {
return true
}
// NOTE: We manage the full list so we expect a match in the same order
for i, revoked := range revokedList {
if i >= len(currentCRL.RevokedCertificateEntries) {
Expand Down
Loading