feat: Update artifacthub-pkg.yml automatically from now on

Refreshes artifacthub-pkg.yml and consumes the CI v3.1.0
kubewarden · Mar 29, 2023 · eb98a23 · eb98a23
1 parent 8857345
commit eb98a23
Show file tree

Hide file tree

Showing 7 changed files with 83 additions and 114 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,18 +11,18 @@ jobs:
 
   test:
     name: run tests and linters
-    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v3.1.0
 
   release:
     needs: test
     permissions:
-      # Required to push to GHCR
+      # Required to create GH releases
       contents: write
       packages: write
       # Required by cosign keyless signing
       id-token: write
 
-    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v3.1.0
     with:
       input-wasm: allow_privilege_escalation_psp
       oci-target: ghcr.io/${{ github.repository_owner }}/policies/allow-privilege-escalation-psp

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -3,79 +3,6 @@ on: [push, pull_request]
 name: Continuous integration
 
 jobs:
-  check:
-    name: Check
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-      - uses: actions-rs/cargo@v1
-        with:
-          command: check
-
   test:
-    name: Test Suite
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-      - uses: actions-rs/cargo@v1
-        with:
-          command: test
-
-  e2e_tests:
-    name: end to end tests
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          target: wasm32-wasi
-          override: true
-      - name: Install dependencies
-        uses: kubewarden/github-actions/policy-gh-action-dependencies@v1
-      - name: Run e2e tests
-        run: |
-          make e2e-tests
-
-  fmt:
-    name: Rustfmt
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-      - run: rustup component add rustfmt
-      - uses: actions-rs/cargo@v1
-        with:
-          command: fmt
-          args: --all -- --check
-
-  clippy:
-    name: Clippy
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-      - run: rustup component add clippy
-      - uses: actions-rs/cargo@v1
-        with:
-          command: clippy
-          args: -- -D warnings
+    name: run tests and linters
+    uses: kubewarden/github-actions/.github/workflows/[email protected]
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "allow-privilege-escalation-psp"
-version = "0.2.2"
+version = "0.2.3"
 authors = ["Flavio Castelli <[email protected]>"]
 edition = "2018"
 

diff --git a/Makefile b/Makefile
@@ -1,9 +1,20 @@
 SOURCE_FILES := $(shell test -e src/ && find src -type f)
+VERSION := $(shell sed --posix -n 's,^version = \"\(.*\)\",\1,p' Cargo.toml)
+
 
 policy.wasm: $(SOURCE_FILES) Cargo.*
 	cargo build --target=wasm32-wasi --release
 	cp target/wasm32-wasi/release/*.wasm policy.wasm
 
+artifacthub-pkg.yml: metadata.yml Cargo.toml
+	$(warning If you are updating the artifacthub-pkg.yml file for a release, \
+	  remember to set the VERSION variable with the proper value. \
+	  To use the latest tag, use the following command:  \
+	  make VERSION=$$(git describe --tags --abbrev=0 | cut -c2-) annotated-policy.wasm)
+	kwctl scaffold artifacthub \
+	  --metadata-path metadata.yml --version $(VERSION) \
+	  --questions-path questions-ui.yml --output  artifacthub-pkg.yml
+
 annotated-policy.wasm: policy.wasm metadata.yml
 	kwctl annotate -m metadata.yml -o annotated-policy.wasm policy.wasm
 
@@ -26,4 +37,4 @@ test: fmt lint
 .PHONY: clean
 clean:
 	cargo clean
-	rm -f policy.wasm annotated-policy.wasm
+	rm -f policy.wasm annotated-policy.wasm artifacthub-pkg.yml
diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml
@@ -1,49 +1,38 @@
----
-version: 0.2.2
+# Kubewarden Artifacthub Package config
+#
+# Use this config to submit the policy to https://artifacthub.io.
+#
+# This config can be saved to its default location with:
+#   kwctl scaffold artifacthub > artifacthub-pkg.yml 
+version: 0.2.3
 name: allow-privilege-escalation-psp
 displayName: Allow Privilege Escalation PSP
-createdAt: '2023-02-06T14:46:21+02:00'
-description: A Pod Security Policy that controls usage of `allowPrivilegeEscalation`
+createdAt: 2023-03-20T18:50:30.095911Z
+description: Replacement for the Kubernetes Pod Security Policy that controls the allowance of privilege escalation in containers and init containers of a pod
 license: Apache-2.0
 homeURL: https://github.com/kubewarden/allow-privilege-escalation-psp-policy
 containersImages:
 - name: policy
-  image: ghcr.io/kubewarden/policies/allow-privilege-escalation-psp:v0.2.2
-keywords:
-- psp
-- container
-- privilege escalation
+  image: ghcr.io/kubewarden/policies/psp-allow-privilege-escalation:v0.2.3
 links:
 - name: policy
-  url: https://github.com/kubewarden/allow-privilege-escalation-psp-policy/releases/download/v0.2.2/policy.wasm
+  url: https://github.com/kubewarden/allow-privilege-escalation-psp-policy/releases/download/v0.2.3/policy.wasm
 - name: source
   url: https://github.com/kubewarden/allow-privilege-escalation-psp-policy
+install: |
+  The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
+  ```console
+  kwctl pull ghcr.io/kubewarden/policies/psp-allow-privilege-escalation:v0.2.3
+  ```
+maintainers:
+- name: Kubewarden developers
+  email: [email protected]
 provider:
   name: kubewarden
 recommendations:
 - url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
 annotations:
-  kubewarden/resources: Pod
-  kubewarden/mutation: true
-  kubewarden/contextAware: false
-  kubewarden/rules: |
-    rules:
-      - apiGroups: [""]
-        apiVersions: ["v1"]
-        resources: ["pods"]
-        operations: ["CREATE"] # kubernetes doesn't allow to add/remove privileged containers to an already running pod
-      - apiGroups: [""]
-        apiVersions: ["v1"]
-        resources: ["replicationcontrollers"]
-        operations: ["CREATE", "UPDATE"]
-      - apiGroups: ["apps"]
-        apiVersions: ["v1"]
-        resources: ["deployments","replicasets","statefulsets","daemonsets"]
-        operations: ["CREATE", "UPDATE"]
-      - apiGroups: ["batch"]
-        apiVersions: ["v1"]
-        resources: ["jobs","cronjobs"]
-        operations: ["CREATE", "UPDATE"]
+  kubewarden/mutation: 'true'
   kubewarden/questions-ui: |
     questions:
     - default: true
@@ -59,3 +48,43 @@ annotations:
       required: false
       type: boolean
       variable: default_allow_privilege_escalation
+  kubewarden/rules: |
+    - apiGroups:
+      - ''
+      apiVersions:
+      - v1
+      resources:
+      - pods
+      operations:
+      - CREATE
+    - apiGroups:
+      - ''
+      apiVersions:
+      - v1
+      resources:
+      - replicationcontrollers
+      operations:
+      - CREATE
+      - UPDATE
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      resources:
+      - deployments
+      - replicasets
+      - statefulsets
+      - daemonsets
+      operations:
+      - CREATE
+      - UPDATE
+    - apiGroups:
+      - batch
+      apiVersions:
+      - v1
+      resources:
+      - jobs
+      - cronjobs
+      operations:
+      - CREATE
+      - UPDATE
diff --git a/metadata.yml b/metadata.yml
@@ -19,10 +19,12 @@ mutating: true
 contextAware: false
 executionMode: kubewarden-wapc
 annotations:
-  io.kubewarden.policy.title: psp-allow-privilege-escalation
+  io.artifacthub.displayName: Allow Privilege Escalation PSP
+  io.kubewarden.policy.title: allow-privilege-escalation-psp
   io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy that controls the allowance of privilege escalation in containers and init containers of a pod
-  io.kubewarden.policy.author: Flavio Castelli
+  io.kubewarden.policy.author: Kubewarden developers <[email protected]>
   io.kubewarden.policy.url: https://github.com/kubewarden/allow-privilege-escalation-psp-policy
+  io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/psp-allow-privilege-escalation
   io.kubewarden.policy.source: https://github.com/kubewarden/allow-privilege-escalation-psp-policy
   io.kubewarden.policy.license: Apache-2.0
   io.kubewarden.policy.usage: |