Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for nested chart deps and repo prefix #69

Closed
wants to merge 118 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
118 commits
Select commit Hold shift + click to select a range
73ece73
Add SECURITY guidelines and replaced .gitignore
mpermar Jul 27, 2023
c7eb3dd
First version of dt tool
juamedgod Aug 7, 2023
913f05d
Update README.md
mpermar Aug 7, 2023
6a13c9a
Add GitHub workflows
mpermar Aug 8, 2023
a51f34e
golangci-lint not allowed on VMware org
mpermar Aug 8, 2023
c143111
Remove golangci-lint action
mpermar Aug 8, 2023
c5ea835
Manually install golangci-lint and default to goreleaser archive name
mpermar Aug 8, 2023
e2b481a
Fix typos and do some rewording in README.md
beni0888 Aug 8, 2023
e502502
Merge pull request #1 from vmware-labs/beni0888-fix-readme-typos
mpermar Aug 8, 2023
dc86422
Added a version check to Release workflow and align download URIs wit…
mpermar Aug 8, 2023
b6770c3
Replace macos with darwin
mpermar Aug 8, 2023
7fb6f8b
Matching the URIs on installation script with goreleaser releases
mpermar Aug 8, 2023
51a6478
Read plugin.yml from plugins folder and do not expect /bin on the rel…
mpermar Aug 8, 2023
13b604c
Restructured README sections
mpermar Aug 9, 2023
466eee9
Fixed RemoteChartExist incorrectly reversed logic
juamedgod Aug 16, 2023
ae4c210
Allow reading single files from tar contents
juamedgod Aug 16, 2023
041e163
Properly return relocate errors
juamedgod Aug 16, 2023
a1ff995
Properly handle incorrectly detected image platforms
juamedgod Aug 16, 2023
71cf0bc
Improved tests
juamedgod Aug 16, 2023
95545a6
Added info command
juamedgod Aug 16, 2023
098b702
Merge pull request #2 from vmware-labs/info-command
mpermar Aug 18, 2023
f41c00a
Updated contribution guide
mpermar Aug 21, 2023
7401059
Fix typo
mpermar Aug 21, 2023
5173922
Reordering contribution guide sections
mpermar Aug 21, 2023
38e8d83
Added tests for info command
juamedgod Aug 22, 2023
77bbdd4
Testing plugin installation with long name
mpermar Aug 22, 2023
a1db439
Fixup error messages
juamedgod Aug 22, 2023
d06ad1c
Merge pull request #3 from vmware-labs/info-tests
mpermar Aug 22, 2023
7e7eaba
Merge branch 'main' of github.com:vmware-labs/distribution-tooling-fo…
mpermar Aug 22, 2023
a16c64c
Merge pull request #4 from vmware-labs/install-plugin
mpermar Aug 22, 2023
6496603
Add demo gif
mpermar Aug 23, 2023
6592c41
Fix typo in product name
mpermar Aug 23, 2023
c53316f
Merge pull request #5 from vmware-labs/add-demo-gif
mpermar Aug 23, 2023
f41bc52
Added a FAQ note about chart-syner and relok8s
mpermar Aug 23, 2023
213b3ae
Added a note about cache corruption
mpermar Aug 23, 2023
2475b32
Merge pull request #6 from vmware-labs/faq
mpermar Aug 23, 2023
26f7e85
Truncate progress text
juamedgod Aug 23, 2023
f614157
Merge pull request #7 from vmware-labs/truncate-progress-messages
mpermar Aug 23, 2023
21dac9d
Added appVersion to lock file
juamedgod Aug 24, 2023
0eb712f
Merge pull request #8 from vmware-labs/appversion
mpermar Aug 24, 2023
3e65b99
Improve README.md
carrodher Aug 24, 2023
7b47455
Lint install-binary.sh
carrodher Aug 24, 2023
5acfde6
Add shellcheck to the CI pipeline
carrodher Aug 25, 2023
8e64198
Merge pull request #11 from carrodher/shellcheck-ci
mpermar Aug 25, 2023
1e990ad
Merge pull request #10 from carrodher/lint-bash
mpermar Aug 25, 2023
2918ee5
README improvements
mpermar Aug 25, 2023
7083eba
Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4
dependabot[bot] Sep 12, 2023
1ae8082
Merge pull request #12 from vmware-labs/dependabot/go_modules/github.…
juamedgod Sep 12, 2023
d8b4d7b
Adds experimental support for generating Carvel bundles
mpermar Sep 21, 2023
95248b4
Code refactoring and cleaning up
mpermar Sep 21, 2023
1ddcdc3
Refactoring and lint fixing
mpermar Sep 23, 2023
8307815
Adds experimental support for generating Carvel bundles
mpermar Sep 25, 2023
b131cdd
Prepare release 0.2.0
mpermar Sep 25, 2023
6bda81b
Merge pull request #14 from vmware-labs/release-0.2.0
mpermar Sep 25, 2023
8fb85da
Fixed command examples in README by updating chart to charts
jmcdice Oct 5, 2023
4411a40
Merge pull request #15 from jmcdice/readme-updates
mpermar Oct 5, 2023
3e6efd9
Bump golang.org/x/net from 0.10.0 to 0.17.0
dependabot[bot] Oct 16, 2023
9da6ae0
Merge pull request #16 from vmware-labs/dependabot/go_modules/golang.…
mpermar Oct 16, 2023
4999985
Bump google.golang.org/grpc from 1.53.0 to 1.56.3
dependabot[bot] Oct 26, 2023
5b4ad7a
Merge pull request #17 from vmware-labs/dependabot/go_modules/google.…
beltran-rubo Oct 26, 2023
12462af
Update dependencies and support using plain http for remote server co…
juamedgod Nov 8, 2023
a1cffc4
Merge pull request #19 from vmware-labs/support-using-plain-http
juamedgod Nov 8, 2023
a0748ea
Allow pulling/pushing Helm and images artifacts (#20)
juamedgod Nov 23, 2023
f1c2a0c
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#22)
dependabot[bot] Nov 28, 2023
354e2a4
Rework bundle structure (#21)
juamedgod Nov 30, 2023
7e91655
Prepare v0.3.0 release
mpermar Dec 11, 2023
edc9444
Prepare v0.3.0 release
mpermar Dec 11, 2023
41e36ab
Fail the release job when a release hasn't been prepared
mpermar Dec 11, 2023
f386e7b
Merge pull request #26 from vmware-labs/fail-job-wrong-tag
mpermar Dec 11, 2023
10470b5
hack: add insecure flag for a malformed cert
spines83 Dec 21, 2023
b3380fb
respecting insecure flag, tests/lint passing, no new tests
spines83 Dec 22, 2023
1b90284
Bump golang.org/x/crypto from 0.14.0 to 0.17.0
dependabot[bot] Dec 23, 2023
757627f
Bump github.com/containerd/containerd from 1.7.7 to 1.7.11
dependabot[bot] Dec 23, 2023
c70aa78
Merge pull request #28 from vmware-labs/dependabot/go_modules/golang.…
mpermar Dec 23, 2023
736f687
Merge pull request #29 from vmware-labs/dependabot/go_modules/github.…
mpermar Dec 23, 2023
23d67b4
Support customizing the images-dir in images pull/push commands (#31)
juamedgod Jan 11, 2024
0545fa1
Preserve manifest digest by saving images as OCI layouts (#30)
juamedgod Jan 11, 2024
6eb2d22
Bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 (#32)
dependabot[bot] Jan 11, 2024
2b96844
Prepare v0.3.1 release
mpermar Jan 12, 2024
542e75f
Merge pull request #34 from vmware-labs/prepare-v0.3.1
mpermar Jan 12, 2024
cc484d2
Enforce forward slashes on tgz to properly support Windows
juamedgod Jan 12, 2024
95aa900
Show a warning when there are no images to annotate (#33)
alemorcuq Jan 12, 2024
573c2ff
Use zipfile when installing in Windows
alemorcuq Jan 15, 2024
a52c94b
Use unzip for Windows
alemorcuq Jan 15, 2024
c68a562
Add Windows installation note to readme
alemorcuq Jan 15, 2024
98f222c
Merge pull request #36 from vmware-labs/windows-install-zip
alemorcuq Jan 15, 2024
e65805d
Automate release preparation
alemorcuq Jan 16, 2024
25941ac
Merge pull request #35 from vmware-labs/windows-wrap
mpermar Jan 16, 2024
3d538be
Merge pull request #37 from vmware-labs/automate-release-pr
alemorcuq Jan 16, 2024
bb48e08
Prepare release v0.3.2
alemorcuq Jan 16, 2024
3c74b96
Merge pull request #38 from vmware-labs/release/0.3.2
alemorcuq Jan 16, 2024
8809ee5
Run release workflow after CI workflow
alemorcuq Jan 17, 2024
396d503
Merge pull request #40 from vmware-labs/release-after-ci
alemorcuq Jan 17, 2024
ee81cb6
Remove extra newline from version command
alemorcuq Jan 17, 2024
ee39eaf
Merge pull request #41 from vmware-labs/remove-extra-newline
alemorcuq Jan 19, 2024
0c6ab5f
Show warning when there are no images to pull (#42)
alemorcuq Jan 23, 2024
53eec8f
Bump github.com/lestrrat-go/jwx/v2 from 2.0.16 to 2.0.19
dependabot[bot] Jan 29, 2024
ba28a77
Merge pull request #46 from vmware-labs/dependabot/go_modules/github.…
alemorcuq Jan 29, 2024
fea4ee6
Refactor cmd structure to easier external reuse (#44)
juamedgod Jan 31, 2024
4721816
Add an auth command to login and logout to OCI registries (#47)
alemorcuq Feb 2, 2024
7d7d673
Add inline authentication to the wrap and unwrap APIs (#48)
alemorcuq Feb 8, 2024
a4e002f
Refactor loggers (#49)
juamedgod Feb 9, 2024
f03c1a6
Delete temporary credentials file after logout (#50)
alemorcuq Feb 9, 2024
302e038
Refactor wrap/unwrap to improve programmatic usage (#51)
juamedgod Feb 9, 2024
3d28d52
Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#53)
dependabot[bot] Feb 20, 2024
149fca9
Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#54)
dependabot[bot] Feb 26, 2024
5770164
Support multiple values files (#56)
alemorcuq Mar 8, 2024
9c0b042
Prepare release v0.4.0 (#57)
github-actions[bot] Mar 8, 2024
162ad73
Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#60)
dependabot[bot] Mar 14, 2024
d61bb7c
Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 (#59)
dependabot[bot] Mar 14, 2024
674fed5
Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#58)
dependabot[bot] Mar 14, 2024
a8e189b
Bump github.com/docker/docker (#61)
dependabot[bot] Apr 1, 2024
af29077
fix: update golang.org/x/net for CVE-2023-45288 (#62)
alemorcuq Apr 4, 2024
6b8edea
Prepare release v0.4.1 (#63)
github-actions[bot] Apr 4, 2024
deb1972
Use go 1.21.9 for CVE-2023-45288 (#64)
alemorcuq Apr 4, 2024
6743a85
Prepare release v0.4.1 (#65)
github-actions[bot] Apr 4, 2024
2c90971
Bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 (#66)
dependabot[bot] Apr 15, 2024
b657542
Add support for nested chart deps and repo prefix
shortwavedave Jun 16, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
types:
- assigned
- opened
- synchronize
- reopened

jobs:
Validate:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
with:
fetch-depth: 0

- name: Set Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.12.1

- name: Set Golang
uses: actions/setup-go@v4
with:
go-version: 1.21.9

- name: Set Golangci-lint
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2

- name: Set Shellcheck
run: sudo apt-get -qq update && sudo apt-get install -y shellcheck && shellcheck install-binary.sh

- name: Build
run: make build

- name: Test
run: make test

- name: Install
run: make install

- name: Check Binary
run: ./bin/dt

- name: Check Helm Plugin
run: helm dt
39 changes: 39 additions & 0 deletions .github/workflows/prepare-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Prepare release
on:
workflow_dispatch:
inputs:
tag:
description: 'Release tag (i.e. v1.2.3)'
required: true
type: string

jobs:
Prepare:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
with:
fetch-depth: 0

- name: Config Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"

- name: Fetch Version
run: echo PLUGIN_VERSION=$(echo "${{ inputs.tag }}" | tr -d 'v') >> "$GITHUB_ENV"

- name: Update Version
run: |
sed -i "s/version: \".*\"/version: \"$PLUGIN_VERSION\"/" plugin.yaml
sed -i "s/var Version = \".*\"/var Version = \"$PLUGIN_VERSION\"/" cmd/dt/version.go
git checkout -B release/$PLUGIN_VERSION
git add plugin.yaml cmd/dt/version.go
git commit -m 'Prepare release ${{ inputs.tag }}'
git push origin release/$PLUGIN_VERSION

- name: Create PR
run: gh pr create --fill --base main --repo $GITHUB_REPOSITORY
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
53 changes: 53 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Release
on:
workflow_run:
workflows:
- CI
types:
- completed
branches:
- main

permissions:
contents: write

jobs:
Release:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_commit.message, 'Prepare release v') }}
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
with:
fetch-depth: 0

- name: Fetch Version
run: |
PLUGIN_VERSION=v$(cat plugin.yaml | grep "version" | cut -d '"' -f 2)
LATEST_VERSION=$(git describe --tags --abbrev=0)
echo PLUGIN_VERSION=$PLUGIN_VERSION >> "$GITHUB_ENV"
echo LATEST_VERSION=$LATEST_VERSION >> "$GITHUB_ENV"

- name: Check Version
if: ${{ env.PLUGIN_VERSION == env.LATEST_VERSION }}
run: echo "Plugin version already released. Please make sure you have prepared the release first." && exit 1

- name: Set Golang
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: 1.21.9

- name: Build
run: make build

- name: Create tag
run: git tag $PLUGIN_VERSION

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
12 changes: 8 additions & 4 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
# Ignore everything in this directory
*
# Except this file
!.gitignore
/bin/
/dist/
/examples/
**~
**.tgz
/out/
**/#*
**/.#*
68 changes: 68 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
linters:
enable:
- bodyclose
- dogsled
- gocyclo
- gofmt
- goimports
- gosec
- gosimple
- govet
- ineffassign
- lll
- megacheck
- misspell
- nakedret
- revive
- staticcheck
- typecheck
- unconvert
- unused

disable:
- errcheck

run:
timeout: 5m

linters-settings:
gocyclo:
min-complexity: 18
govet:
check-shadowing: false
lll:
line-length: 200
nakedret:
command: nakedret
pattern: ^(?P<path>.*?\\.go):(?P<line>\\d+)\\s*(?P<message>.*)$

issues:
# The default exclusion rules are a bit too permissive, so copying the relevant ones below
exclude-use-default: false

exclude:
- parameter .* always receives

exclude-rules:
# EXC0009
- text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
linters:
- gosec
# EXC0010
- text: "Potential file inclusion via variable"
linters:
- gosec
- path: test # Excludes /test, *_test.go etc.
linters:
- gosec
# Looks like the match in "EXC0009" above doesn't catch this one
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
- text: "G306: Expect WriteFile permissions to be 0600 or less"
linters:
- gosec

# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
max-issues-per-linter: 0

# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
max-same-issues: 0
34 changes: 34 additions & 0 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
release:
target_commitish: '{{ .Commit }}'
builds:
- id: dt
binary: dt
main: ./cmd/dt
env:
- CGO_ENABLED=0
targets:
- darwin_amd64
- darwin_arm64
- linux_amd64
- linux_arm64
- linux_arm
- windows_amd64
mod_timestamp: "{{ .CommitTimestamp }}"
ldflags:
- >-
-X main.Version={{ .Tag }}
-X main.GitCommit={{ .Commit }}
-X main.BuildDate={{ .Date }}
archives:
- builds:
- dt
format_overrides:
- goos: windows
format: zip
checksum:
algorithm: sha256
changelog:
sort: asc
filters:
exclude:
- '^docs:'
92 changes: 64 additions & 28 deletions CONTRIBUTING_CLA.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# Contributing to distribution-tooling-for-helm

_NOTE: This is a template document that requires editing before it is ready to use!_

We welcome contributions from the community and first want to thank you for taking the time to contribute!

Please familiarize yourself with the [Code of Conduct](https://github.com/vmware/.github/blob/main/CODE_OF_CONDUCT.md) before contributing.
Expand All @@ -22,54 +20,92 @@ We welcome many different types of contributions and not all of them need a Pull

## Getting started

_TO BE EDITED: This section explains how to build the project from source, including Development Environment Setup, Build, Run and Test._
First of all make sure you have read our [README](README.md) and specifically the [installation, downloading and building from source](https://github.com/vmware-labs/distribution-tooling-for-helm/tree/main#installation) sections.

For every contribution, you will have to make sure that all the tests pass. Moreover, consider adding new tests for any new functionality. You can run all the test by executing:

_Provide information about how someone can find your project, get set up, build the code, test it, and submit a pull request successfully without having to ask any questions. Also include common errors people run into, or useful scripts they should run._
```
make test
```

_List any tests that the contributor should run / or testing processes to follow before submitting. Describe any automated and manual checks performed by reviewers._
Before sending any contribution is also a good practice to make sure that all code is formatted consistently:

```
make format
```

## Contribution Flow

This is a rough outline of what a contributor's workflow looks like:

* Make a fork of the repository within your GitHub account
* Create a topic branch in your fork from where you want to base your work
* Make commits of logical units
* Make sure your commit messages are with the proper format, quality and descriptiveness (see below)
* Push your changes to the topic branch in your fork
* Create a pull request containing that commit
- Create a topic branch from where you want to base your work
- Make commits of logical units
- Make sure your commit messages are in the proper format (see below)
- Push your changes to a topic branch in your fork of the repository
- Submit a pull request

We follow the GitHub workflow and you can find more details on the [GitHub flow documentation](https://docs.github.com/en/get-started/quickstart/github-flow).
Example:

``` shell
git remote add upstream https://github.com/vmware-labs/distribution-tooling-for-helm.git
git checkout -b my-new-feature main
git commit -a
git push origin my-new-feature
```

### Pull Request Checklist
### Staying In Sync With Upstream

Before submitting your pull request, we advise you to use the following:
When your branch gets out of sync with the vmware-labs/main branch, use the following to update:

1. Check if your code changes will pass both code linting checks and unit tests.
2. Ensure your commit messages are descriptive. We follow the conventions on [How to Write a Git Commit Message](http://chris.beams.io/posts/git-commit/). Be sure to include any related GitHub issue references in the commit message. See [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) for referencing issues and commits.
3. Check the commits and commits messages and ensure they are free from typos.
``` shell
git checkout my-new-feature
git fetch -a
git pull --rebase upstream main
git push --force-with-lease origin my-new-feature
```

## Reporting Bugs and Creating Issues
### Updating pull requests

For specifics on what to include in your report, please follow the guidelines in the issue and pull request templates when available.
If your PR fails to pass CI or needs changes based on code review, you'll most likely want to squash these changes into
existing commits.

_TO BE EDITED: Add additional information if needed._
If your pull request contains a single commit or your changes are related to the most recent commit, you can simply
amend the commit.

``` shell
git add .
git commit --amend
git push --force-with-lease origin my-new-feature
```

## Ask for Help
If you need to squash changes into an earlier commit, you can use:

``` shell
git add .
git commit --fixup <commit>
git rebase -i --autosquash main
git push --force-with-lease origin my-new-feature
```

_TO BE EDITED: Provide information about the channels you use to communicate (i.e. Slack, IRC, Discord, etc)_
Be sure to add a comment to the PR indicating your new changes are ready to review, as GitHub does not generate a
notification when you git push.

The best way to reach us with a question when contributing is to ask on:
### Pull Request Checklist

Before submitting your pull request, we advise you to use the following:

1. Check if your code changes will pass both code linting checks and unit tests.
2. Ensure your commit messages are descriptive. We follow the conventions on [How to Write a Git Commit Message](http://chris.beams.io/posts/git-commit/). Be sure to include any related GitHub issue references in the commit message. See [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) for referencing issues and commits.
3. Check the commits and commits messages and ensure they are free from typos.

* The original GitHub issue
* The developer mailing list
* Our Slack channel
## Release Process

All stable code is hosted at the main branch. Releases are done on demand through the Release GitHub workflow. In order to release the current HEAD, you will need to trigger this workflow passing the version being released (i.e. v0.3.0).

## Additional Resources
## Reporting Bugs and Creating Issues

_Optional_
For specifics on what to include in your report, please follow the guidelines in the issue and pull request templates when available. Try to roughly follow the commit message format conventions above.

## Ask for Help

The best way to reach us with a question when contributing is by creating a new issue on the [GitHub issues](https://github.com/vmware-labs/distribution-tooling-for-helm/issues) section.
Loading