From aaf75a397f8504d6150a7d37f161cd34cf6c87e6 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 8 Jun 2023 11:13:59 +0200 Subject: [PATCH] chore: improvements after migration Signed-off-by: Mark Sagi-Kazar --- .envrc | 12 ++ .github/stale.yml | 16 -- .github/workflows/ci.yaml | 170 +++++++++++-------- .golangci.yaml | 32 ++++ .golangci.yml | 52 ------ .licensei.toml | 5 +- Makefile | 197 +++++++++++++---------- README.md | 53 +++++- cmd/manager/main.go | 5 +- deploy/multi-dc/test/metallb-config.yaml | 22 +-- deploy/multi-dc/test/multi-dc-raft.sh | 11 +- flake.nix | 161 ++++++++++++++---- main-targets.mk | 141 ---------------- scripts/misspell-check.sh | 10 -- scripts/release-charts.sh | 8 - 15 files changed, 456 insertions(+), 439 deletions(-) delete mode 100644 .github/stale.yml create mode 100644 .golangci.yaml delete mode 100644 .golangci.yml delete mode 100644 main-targets.mk delete mode 100755 scripts/misspell-check.sh delete mode 100755 scripts/release-charts.sh diff --git a/.envrc b/.envrc index 3ce7171a..b2262d29 100644 --- a/.envrc +++ b/.envrc @@ -2,3 +2,15 @@ if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8=" fi use flake . --impure + +# Vault +export VAULT_ADDR=http://127.0.0.1:8200 + +# Kubernetes +export KUBECONFIG=$DEVENV_STATE/kube/config +export KIND_CLUSTER_NAME=vault-operator + +# Helm +export HELM_CACHE_HOME="$DEVENV_STATE/helm/cache" +export HELM_CONFIG_HOME="$DEVENV_STATE/helm/config" +export HELM_DATA_HOME="$DEVENV_STATE/helm/data" diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index d5be834c..00000000 --- a/.github/stale.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Number of days of inactivity before an issue becomes stale -daysUntilStale: 30 -# Number of days of inactivity before a stale issue is closed -daysUntilClose: 7 -# Issues with these labels will never be considered stale -exemptLabels: - - pinned -# Label to use when marking an issue as stale -staleLabel: wontfix -# Comment to post when marking an issue as stale. Set to `false` to disable -markComment: > - This issue has been automatically marked as stale because it has not had - recent activity. It will be closed if no further activity occurs. Thank you - for your contributions. -# Comment to post when closing a stale issue. Set to `false` to disable -closeComment: false diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 34058580..a57420fb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,49 +8,103 @@ on: permissions: contents: read -env: - GO_VERSION: 1.19.2 - jobs: - checks: - name: Checks + build: + name: Build runs-on: ubuntu-latest - services: - vault: - image: vault:1.6.2 - env: - SKIP_SETCAP: true - VAULT_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf - ports: - - 8200:8200 + steps: + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Set up Nix + uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 # v21 + with: + extra_nix_config: | + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + + - name: Prepare Nix shell + run: nix develop --impure .#ci + + - name: Build + run: nix develop --impure .#ci -c make build + + test: + name: Test + runs-on: ubuntu-latest steps: - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Set up Nix + uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 # v21 with: - go-version: ${{ env.GO_VERSION }} + extra_nix_config: | + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + + - name: Prepare Nix shell + run: nix develop --impure .#ci + + - name: Test + run: nix develop --impure .#ci -c make test + lint: + name: Lint + runs-on: ubuntu-latest + + steps: - name: Checkout repository uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - - name: Check licenses + - name: Set up Nix + uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 # v21 + with: + extra_nix_config: | + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + + - name: Prepare Nix shell + run: nix develop --impure .#ci + + - name: Lint + run: nix develop --impure .#ci -c make lint + + license-check: + name: License check + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Set up Nix + uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 # v21 + with: + extra_nix_config: | + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + + - name: Cache license information + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + with: + path: .licensei.cache + key: licensei-v1-${{ github.ref_name }}-${{ hashFiles('go.sum') }} + restore-keys: | + licensei-v1-${{ github.ref_name }} + licensei-v1-main + licensei-v1 + + - name: Prepare Nix shell + run: nix develop --impure .#ci + + - name: Populate license cache + run: nix develop --impure .#ci -c licensei cache env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: make license-check - - name: Setup test dependencies - run: | - sudo apt install opensc softhsm - sudo mkdir -p /var/lib/softhsm/tokens/ - sudo softhsm2-util --init-token --free --label bank-vaults --so-pin banzai --pin banzai - sudo pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --keypairgen --key-type rsa:2048 --pin banzai --token-label bank-vaults --label bank-vaults - sudo chown -R runner:docker /etc/softhsm /var/lib/softhsm - - - name: Run verification - run: make check + - name: Check licenses + run: nix develop --impure .#ci -c make license-check env: - VAULT_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} dev: name: Developer environment @@ -103,22 +157,22 @@ jobs: matrix: k8s_version: ["v1.24.13", "v1.25.9", "v1.26.4", "v1.27.1" ] vault_version: ["1.10.11", "1.11.10", "1.12.6", "1.13.2"] - env: - KURUN_VERSION: "0.6.4" steps: - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version: ${{ env.GO_VERSION }} - - name: Checkout repository uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Set up Nix + uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 # v21 + with: + extra_nix_config: | + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + + - name: Prepare Nix shell + run: nix develop --impure .#ci + - name: Start kind cluster - run: | - kind version - kind create cluster --config test/kind.yaml --image kindest/node:${{ matrix.k8s_version }} --wait 1m + run: kind create cluster --config test/kind.yaml --image kindest/node:${{ matrix.k8s_version }} --wait 1m - name: Download operator docker image uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -129,12 +183,8 @@ jobs: run: | kind load image-archive docker.tar - - name: Install kurun - run: | - curl -Lo kurun https://github.com/banzaicloud/kurun/releases/download/${KURUN_VERSION}/kurun-linux-amd64 && chmod +x kurun && sudo mv kurun /usr/local/bin/ - - name: Acceptance test - run: go test -v -timeout 900s -tags kubeall ./test + run: nix develop --impure .#ci -c make test-acceptance env: VAULT_VERSION: ${{ matrix.vault_version }} OPERATOR_VERSION: ${{ needs.artifacts.outputs.container-image-tag }} @@ -143,45 +193,29 @@ jobs: name: Operator multi-cluster acceptance test runs-on: ubuntu-latest needs: artifacts - env: - K8S_VERSION: "v1.23.4" - HELM_VERSION: "v3.8.0" - KIND_VERSION: "v0.12.0" steps: - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version: ${{ env.GO_VERSION }} - - name: Checkout repository uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + - name: Set up Nix + uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 # v21 with: - version: ${{ env.HELM_VERSION }} - token: ${{ secrets.GITHUB_TOKEN }} + extra_nix_config: | + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 - with: - version: ${{ env.KIND_VERSION }} + - name: Prepare Nix shell + run: nix develop --impure .#ci - name: Download operator docker image uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: "[container-image] Docker tarball" - - name: Install envtpl - run: go install github.com/subfuzion/envtpl/...@428c2d7 - - - name: Install cidr - run: go install github.com/hankjacobs/cidr@master - - name: Build the Helm charts - run: | - helm dep build ./charts/vault-operator + run: nix develop --impure .#ci -c helm dep build ./charts/vault-operator - name: Operator Multi-DC Raft test - run: ./deploy/multi-dc/test/multi-dc-raft.sh install + run: nix develop --impure .#ci -c ./deploy/multi-dc/test/multi-dc-raft.sh install env: OPERATOR_VERSION: ${{ needs.artifacts.outputs.container-image-tag }} diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 00000000..68cb9aa2 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,32 @@ +run: + timeout: 10m + skip-dirs: + - pkg/apis + + # TODO: fixme + - pkg/controller + +linters-settings: + gci: + sections: + - standard + - default + - prefix(github.com/bank-vaults/vault-operator) + goimports: + local-prefixes: github.com/bank-vaults/vault-operator + misspell: + locale: US + nolintlint: + allow-leading-space: false # require machine-readable nolint directives (with no leading space) + allow-unused: false # report any unused nolint directives + require-specific: false # don't require nolint directives to be specific about which linter is being skipped + revive: + confidence: 0 + +linters: + enable: + - gci + - goimports + - misspell + - nolintlint + - revive diff --git a/.golangci.yml b/.golangci.yml deleted file mode 100644 index 99a137c8..00000000 --- a/.golangci.yml +++ /dev/null @@ -1,52 +0,0 @@ -run: - skip-dirs: - - pkg/apis - - # TODO: fixme - - pkg/controller - timeout: 5m - -linters-settings: - golint: - min-confidence: 0.1 - goimports: - local-prefixes: github.com/banzaicloud/bank-vaults - -linters: - enable-all: true - disable: - - maligned - - funlen - - dupl - - nestif - - wsl - - lll - - interfacer - - exhaustivestruct - - nlreturn - - #deprecated - - ifshort - - varcheck - - structcheck - - deadcode - - # TODO: fixme - - paralleltest - - forcetypeassert - - wrapcheck - - exportloopref - - cyclop - - godox - - godot - - gomnd - - gochecknoglobals - - gochecknoinits - - goconst - - gocognit - - golint - - scopelint - - gocritic - - stylecheck - - gocyclo - - testpackage diff --git a/.licensei.toml b/.licensei.toml index 2619f9b7..5895b9b6 100644 --- a/.licensei.toml +++ b/.licensei.toml @@ -33,9 +33,10 @@ ignored = [ ] [header] -ignorePaths = ["vendor"] +authors = ["Banzai Cloud", "Bank-Vaults Maintainers"] +ignorePaths = [".direnv", ".devenv", "vendor"] ignoreFiles = ["zz_generated.*.go"] -template = """// Copyright © :YEAR: Banzai Cloud +template = """// Copyright © :YEAR: :AUTHOR: // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/Makefile b/Makefile index 381ccfd5..9750df28 100644 --- a/Makefile +++ b/Makefile @@ -1,115 +1,134 @@ # A Self-Documenting Makefile: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html -OS = $(shell uname) - -DOCKER_BUILD_EXTRA_ARGS ?= -# Export HOST_NETWORK=1 if you want to build the docker images with host network (useful when using some VPNs) -ifeq (${HOST_NETWORK}, 1) - DOCKER_BUILD_EXTRA_ARGS += --network host -endif - -# Project variables -PACKAGE = github.com/banzaicloud/bank-vaults -BINARY_NAME ?= bank-vaults -DOCKER_REGISTRY ?= ghcr.io/banzaicloud -DOCKER_IMAGE = ${DOCKER_REGISTRY}/bank-vaults -WEBHOOK_DOCKER_IMAGE = ${DOCKER_REGISTRY}/vault-secrets-webhook -OPERATOR_DOCKER_IMAGE = ${DOCKER_REGISTRY}/vault-operator -VAULT_ENV_DOCKER_IMAGE = ${DOCKER_REGISTRY}/vault-env - -# Build variables -BUILD_DIR ?= build -BUILD_PACKAGE = ${PACKAGE}/cmd/... -VERSION ?= $(shell echo `git symbolic-ref -q --short HEAD || git describe --tags --exact-match` | tr '[/]' '-') -COMMIT_HASH ?= $(shell git rev-parse --short HEAD 2>/dev/null) -BUILD_DATE ?= $(shell date +%FT%T%z) -LDFLAGS += -X main.version=${VERSION} -X main.commitHash=${COMMIT_HASH} -X main.buildDate=${BUILD_DATE} -export CGO_ENABLED ?= 1 -export GOOS = $(shell go env GOOS) -ifeq (${VERBOSE}, 1) - GOARGS += -v -endif - -# Docker variables -DOCKER_TAG ?= ${VERSION} +export PATH := $(abspath bin/):${PATH} # Dependency versions -GOTESTSUM_VERSION = 0.4.0 -GOLANGCI_VERSION = 1.52.2 +GOLANGCI_VERSION = 1.53.1 LICENSEI_VERSION = 0.8.0 +KIND_VERSION = 0.18.0 +KURUN_VERSION = 0.7.0 CODE_GENERATOR_VERSION = 0.27.1 -CONTROLLER_GEN_VERSION = v0.11.4 - -GOLANG_VERSION = 1.19.2 - -## include "generic" targets -include main-targets.mk +CONTROLLER_GEN_VERSION = 0.11.4 +HELM_DOCS_VERSION = 1.11.0 .PHONY: up -up: ## Set up the development environment +up: ## Start development environment + kind create cluster + +.PHONY: stop +stop: ## Stop development environment + # TODO: consider using k3d instead + kind delete cluster .PHONY: down -down: clean ## Destroy the development environment +down: ## Destroy development environment + kind delete cluster +.PHONY: build +build: ## Build binary + @mkdir -p build + go build -race -o build/manager ./cmd/manager -.PHONY: reset -reset: down up ## Reset the development environment +.PHONY: run +run: ## Run the operator locally talking to a Kubernetes cluster + kubectl replace -f deploy/crd.yaml || kubectl create -f deploy/crd.yaml + kubectl apply -f deploy/rbac.yaml + OPERATOR_NAME=vault-dev go run cmd/manager/main.go -verbose +.PHONY: clean +clean: ## Clean operator resources from a Kubernetes cluster + kubectl delete -f deploy/crd.yaml + kubectl delete -f deploy/rbac.yaml -.PHONY: build-release -build-release: LDFLAGS += -w -build-release: build ## Build a binary without debug information +.PHONY: artifacts +artifacts: container-image +artifacts: ## Build artifacts -.PHONY: build-debug -build-debug: GOARGS += -gcflags "all=-N -l" -build-debug: BINARY_NAME_SUFFIX += debug -build-debug: build ## Build a binary with remote debugging capabilities +.PHONY: container-image +container-image: ## Build container image + docker build . -.PHONY: image-vault-env -image-vault-env: ## Build an OCI vault-env image - buildah bud -t ${VAULT_ENV_DOCKER_IMAGE}:${DOCKER_TAG} -f Dockerfile.vault-env . -ifeq (${IMAGE_LATEST}, 1) - buildah tag ${VAULT_ENV_DOCKER_IMAGE}:${DOCKER_TAG} ${VAULT_ENV_DOCKER_IMAGE}:latest -endif +.PHONY: check +check: test lint ## Run checks (tests and linters) -.PHONY: docker-push -docker-push: ## Push a Docker image - docker push ${DOCKER_IMAGE}:${DOCKER_TAG} -ifeq (${DOCKER_LATEST}, 1) - docker push ${DOCKER_IMAGE}:latest -endif +.PHONY: test +test: ## Run tests + go test -race -v ./... -.PHONY: docker-operator -docker-operator: ## Build a Docker image for the Operator - docker build ${DOCKER_BUILD_EXTRA_ARGS} -t ${OPERATOR_DOCKER_IMAGE}:${DOCKER_TAG} -f Dockerfile.operator . -ifeq (${DOCKER_LATEST}, 1) - docker tag ${OPERATOR_DOCKER_IMAGE}:${DOCKER_TAG} ${OPERATOR_DOCKER_IMAGE}:latest -endif +.PHONY: test-acceptance +test-acceptance: ## Run acceptance tests + go test -race -v -timeout 900s -tags kubeall ./test -.PHONY: docker-operator-push -docker-operator-push: ## Push a Docker image for the Operator - docker push ${OPERATOR_DOCKER_IMAGE}:${DOCKER_TAG} -ifeq (${DOCKER_LATEST}, 1) - docker push ${OPERATOR_DOCKER_IMAGE}:latest -endif +.PHONY: lint +lint: ## Run linter + golangci-lint run ${LINT_ARGS} +.PHONY: fmt +fmt: ## Format code + golangci-lint run --fix -.PHONY: test-% -test-%: ## Run a specific test suite - @${MAKE} VERBOSE=0 GOTAGS=$* test +.PHONY: license-check +license-check: ## Run license check + licensei check + licensei header +.PHONY: generate +generate: generate-code generate-crds generate-helm-docs +generate: ## Run generation jobs -.PHONY: operator-up -operator-up: - kubectl replace -f deploy/crd.yaml || kubectl create -f deploy/crd.yaml - kubectl apply -f deploy/rbac.yaml - OPERATOR_NAME=vault-dev go run cmd/manager/main.go -verbose +.PHONY: generate-code +generate-code: ## Regenerate clientset, deepcopy funcs, listers and informers + ./scripts/update-codegen.sh v${CODE_GENERATOR_VERSION} -.PHONY: operator-down -operator-down: - kubectl delete -f deploy/crd.yaml - kubectl delete -f deploy/rbac.yaml +.PHONY: generate-crds +generate-crds: ## Regenerate CRDs in the Helm chart and examples + controller-gen crd:maxDescLen=0 paths=./pkg/... output:crd:artifacts:config=./deploy/ + cp deploy/vault.banzaicloud.com_vaults.yaml charts/vault-operator/crds/crd.yaml + cp deploy/vault.banzaicloud.com_vaults.yaml deploy/crd.yaml + rm deploy/vault.banzaicloud.com_vaults.yaml -.PHONY: helm-docs -helm-docs: +.PHONY: generate-helm-docs +generate-helm-docs: helm-docs -s file -c charts/ -t README.md.gotmpl + +deps: bin/golangci-lint bin/licensei bin/kind bin/kurun bin/controller-gen bin/helm-docs +deps: ## Install dependencies + +bin/golangci-lint: + @mkdir -p bin + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_VERSION} + +bin/licensei: + @mkdir -p bin + curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s -- v${LICENSEI_VERSION} + +bin/kind: + @mkdir -p bin + curl -Lo bin/kind https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-$(shell uname -s | tr '[:upper:]' '[:lower:]')-$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/") + @chmod +x bin/kind + +bin/kurun: + @mkdir -p bin + curl -Lo bin/kurun https://github.com/banzaicloud/kurun/releases/download/${KURUN_VERSION}/kurun-$(shell uname -s | tr '[:upper:]' '[:lower:]')-$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/") + @chmod +x bin/kurun + +bin/controller-gen: + @mkdir -p bin + set -ex ;\ + CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ + cd $$CONTROLLER_GEN_TMP_DIR ;\ + go mod init tmp ;\ + GOBIN=$(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION}-bin/ go install sigs.k8s.io/controller-tools/cmd/controller-gen@v${CONTROLLER_GEN_VERSION} ;\ + mv $(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION}-bin/controller-gen $(PWD)/bin/controller-gen ;\ + rm -rf $(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION}-bin ;\ + rm -rf $$CONTROLLER_GEN_TMP_DIR + +bin/helm-docs: + @mkdir -p bin + curl -L https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_$(shell uname)_x86_64.tar.gz | tar -zOxf - helm-docs > ./bin/helm-docs + @chmod +x bin/helm-docs + +.PHONY: help +.DEFAULT_GOAL := help +help: + @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}' diff --git a/README.md b/README.md index 866e43e5..735b1e5a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,58 @@ The official documentation for the operator is available at [https://bank-vaults ## Development -For the best developer experience, install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html). +**For an optimal developer experience, it is recommended to install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html).** + +_Alternatively, install [Go](https://go.dev/dl/) on your computer then run `make deps` to install the rest of the dependencies._ + +Make sure Docker is installed with Compose and Buildx. + +Run project dependencies: + +```shell +make up +``` + +Run the operator: + +```shell +make run +``` + +Run the test suite: + +```shell +make test +make test-acceptance +``` + +Run the linter: + +```shell +make lint +``` + +Some linter violations can automatically be fixed: + +```shell +make fmt +``` + +Build artifacts locally: + +```shell +make artifacts +``` + +Once you are done either stop or tear down dependencies: + +```shell +make stop + +# OR + +make down +``` ## License diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 03934250..b98fabf7 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -20,8 +20,6 @@ import ( "os" "time" - "github.com/bank-vaults/vault-operator/pkg/apis" - "github.com/bank-vaults/vault-operator/pkg/controller" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" @@ -29,6 +27,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/bank-vaults/vault-operator/pkg/apis" + "github.com/bank-vaults/vault-operator/pkg/controller" ) var log = ctrl.Log.WithName("cmd") diff --git a/deploy/multi-dc/test/metallb-config.yaml b/deploy/multi-dc/test/metallb-config.yaml index 7c31e5f5..6872f6f3 100644 --- a/deploy/multi-dc/test/metallb-config.yaml +++ b/deploy/multi-dc/test/metallb-config.yaml @@ -1,12 +1,14 @@ -apiVersion: v1 -kind: ConfigMap +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool metadata: + name: example + namespace: metallb-system +spec: + addresses: + - {{.METALLB_ADDRESS_RANGE}} +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: empty namespace: metallb-system - name: config -data: - config: | - address-pools: - - name: default - protocol: layer2 - addresses: - - {{.METALLB_ADDRESS_RANGE}} diff --git a/deploy/multi-dc/test/multi-dc-raft.sh b/deploy/multi-dc/test/multi-dc-raft.sh index c7c95d80..54cc587a 100755 --- a/deploy/multi-dc/test/multi-dc-raft.sh +++ b/deploy/multi-dc/test/multi-dc-raft.sh @@ -12,8 +12,8 @@ set -xeo pipefail # - vault # -METALLB_VERSION=v0.12.1 -VAULT_VERSION=1.6.2 +METALLB_VERSION=v0.13.10 +VAULT_VERSION=1.13.2 BANK_VAULTS_VERSION=1.19.0 VAULT_TOKEN=$(uuidgen) export VAULT_TOKEN @@ -41,9 +41,10 @@ function waitfor { function metallb_setup { export METALLB_ADDRESS_RANGE=$1 - kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/${METALLB_VERSION}/manifests/namespace.yaml - kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/${METALLB_VERSION}/manifests/metallb.yaml - kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" + # kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/${METALLB_VERSION}/manifests/namespace.yaml + kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/${METALLB_VERSION}/config/manifests/metallb-native.yaml + kubectl wait --namespace metallb-system --for condition=Available=true deploy --selector=app=metallb --timeout=90s + kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s envtpl deploy/multi-dc/test/metallb-config.yaml | kubectl apply -f - } diff --git a/flake.nix b/flake.nix index 895f7c70..c5b988d6 100644 --- a/flake.nix +++ b/flake.nix @@ -15,48 +15,139 @@ systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ]; - perSystem = { config, self', inputs', pkgs, system, ... }: { - devenv.shells.default = { - languages = { - go.enable = true; + perSystem = { config, self', inputs', pkgs, system, ... }: rec { + devenv.shells = { + default = { + languages = { + go.enable = true; + }; + + services = { + vault.enable = true; + }; + + packages = with pkgs; [ + gnumake + + golangci-lint + + kubernetes-controller-tools + kubernetes-code-generator + + kind + kubectl + kubectl-images + kustomize + kubernetes-helm + helm-docs + ] ++ [ + self'.packages.licensei + self'.packages.kurun + self'.packages.envtpl + self'.packages.cidr + ]; + + scripts = { + versions.exec = '' + go version + golangci-lint version + echo controller-gen $(controller-gen --version) + kind version + kubectl version --client + echo kustomize $(kustomize version --short) + echo helm $(helm version --short) + ''; + }; + + enterShell = '' + versions + ''; + + # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767 + containers = pkgs.lib.mkForce { }; + }; + + ci = devenv.shells.default; + }; + + packages = { + # TODO: create flake in source repo + licensei = pkgs.buildGoModule rec { + pname = "licensei"; + version = "0.8.0"; + + src = pkgs.fetchFromGitHub { + owner = "goph"; + repo = "licensei"; + rev = "v${version}"; + sha256 = "sha256-Pvjmvfk0zkY2uSyLwAtzWNn5hqKImztkf8S6OhX8XoM="; + }; + + vendorSha256 = "sha256-ZIpZ2tPLHwfWiBywN00lPI1R7u7lseENIiybL3+9xG8="; + + subPackages = [ "cmd/licensei" ]; + + ldflags = [ + "-w" + "-s" + "-X main.version=v${version}" + ]; }; - services = { - vault.enable = true; + # TODO: create flake in source repo + kurun = pkgs.buildGoModule rec { + pname = "kurun"; + version = "0.7.0"; + + src = pkgs.fetchFromGitHub { + owner = "banzaicloud"; + repo = "kurun"; + rev = "${version}"; + sha256 = "sha256-b7ucOpTv+JON1yYxb1OhxBTZhyppKssOP7GNkmaCI5s="; + }; + + vendorSha256 = "sha256-kbdYDzPSNU3s4E4OwEGG9nbg66EwX18t+SVB4GejsNA="; + + subPackages = [ "." ]; + + ldflags = [ + "-w" + "-s" + "-X main.version=v${version}" + ]; }; - packages = with pkgs; [ - gnumake - - golangci-lint - - kind - kubectl - kubectl-images - kustomize - kubernetes-helm - helm-docs - - buildah - ]; - - scripts = { - versions.exec = '' - go version - golangci-lint version - kind version - kubectl version --client - echo kustomize $(kustomize version --short) - echo helm $(helm version --short) - ''; + envtpl = pkgs.buildGoModule rec { + pname = "envtpl"; + version = "428c2d7"; + + src = pkgs.fetchFromGitHub { + owner = "subfuzion"; + repo = "envtpl"; + rev = "428c2d7"; + sha256 = "sha256-w1HaBB7M+yQyslFk+hHHxkz9kcniKFkS7CbD6ABrgU8="; + }; + + vendorSha256 = null; + + subPackages = [ "cmd/envtpl" ]; }; - enterShell = '' - versions - ''; + cidr = pkgs.buildGoPackage rec { + pname = "cidr"; + version = "9c69a7cbc86a584f29cb8492b245e17b0267237d"; - # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767 - containers = pkgs.lib.mkForce { }; + goPackagePath = "github.com/hankjacobs/cidr"; + + src = pkgs.fetchFromGitHub { + owner = "hankjacobs"; + repo = "cidr"; + rev = "9c69a7cbc86a584f29cb8492b245e17b0267237d"; + sha256 = "sha256-kdPTGjXcna/Khdcvn+IWjoqCeWoQnYvXdEAy0bqKb24="; + }; + + subPackages = [ "." ]; + }; }; }; }; diff --git a/main-targets.mk b/main-targets.mk deleted file mode 100644 index ebbd4ba5..00000000 --- a/main-targets.mk +++ /dev/null @@ -1,141 +0,0 @@ -# A Self-Documenting Makefile: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html - -.PHONY: clean -clean: ## Clean builds - rm -rf ${BUILD_DIR}/ - -.PHONY: clear -clear: ## Clear the working area and the project - rm -rf bin/ vendor/ - -.PHONY: build -build: ## Build a binary -ifneq (${IGNORE_GOLANG_VERSION_REQ}, 1) - @printf "${GOLANG_VERSION}\n$$(go version | awk '{sub(/^go/, "", $$3);print $$3}')" | sort -t '.' -k 1,1 -k 2,2 -k 3,3 -g | head -1 | grep -q -E "^${GOLANG_VERSION}$$" || (printf "Required Go version is ${GOLANG_VERSION}\nInstalled: `go version`" && exit 1) -endif - go build ${GOARGS} -tags "${GOTAGS}" -ldflags "${LDFLAGS}" ${BUILD_PACKAGE} - -.PHONY: docker-build -docker-build: ## Builds go binary in docker image - docker run -it -v $(PWD):/go/src/${PACKAGE} -w /go/src/${PACKAGE} golang:${GOLANG_VERSION}-alpine go build -o ${BINARY_NAME}_linux ${BUILD_PACKAGE} - -.PHONY: debug -debug: GOARGS += -gcflags "-N -l" -debug: BINARY_NAME := ${BINARY_NAME}-debug -debug: build ## Builds binary package - -.PHONY: debug-docker -debug-docker: debug ## Builds binary package - docker build -t ghcr.io/banzaicloud/${BINARY_NAME}:debug -f Dockerfile.dev . - -bin/golangci-lint: bin/golangci-lint-${GOLANGCI_VERSION} - @ln -sf golangci-lint-${GOLANGCI_VERSION} bin/golangci-lint -bin/golangci-lint-${GOLANGCI_VERSION}: - @mkdir -p bin - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b ./bin/ v${GOLANGCI_VERSION} - @mv bin/golangci-lint $@ - -.PHONY: lint -lint: bin/golangci-lint ## Run linter - bin/golangci-lint run --disable varnamelen,ireturn,nosnakecase,exhaustruct,nonamedreturns,nilnil,contextcheck,maintidx,dupword,gosec,gomoddirectives,gci,gofumpt,gofmt,goimports,revive,staticcheck - -.PHONY: fix -fix: bin/golangci-lint ## Fix lint violations - bin/golangci-lint run --fix --disable varnamelen,ireturn,nosnakecase,exhaustruct,nonamedreturns,nilnil,contextcheck,maintidx,dupword,gosec,gomoddirectives,gci,gofumpt,gofmt,goimports,revive,staticcheck - -bin/licensei: bin/licensei-${LICENSEI_VERSION} - @ln -sf licensei-${LICENSEI_VERSION} bin/licensei -bin/licensei-${LICENSEI_VERSION}: - @mkdir -p bin - curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s v${LICENSEI_VERSION} - @mv bin/licensei $@ - -.PHONY: license-check -license-check: bin/licensei ## Run license check - bin/licensei check - bin/licensei header - -.PHONY: license-cache -license-cache: bin/licensei ## Generate license cache - bin/licensei cache - -.PHONY: check -check: lint test-integration ## Run tests and linters - -bin/gotestsum: bin/gotestsum-${GOTESTSUM_VERSION} - @ln -sf gotestsum-${GOTESTSUM_VERSION} bin/gotestsum -bin/gotestsum-${GOTESTSUM_VERSION}: - @mkdir -p bin - curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum-${GOTESTSUM_VERSION} && chmod +x ./bin/gotestsum-${GOTESTSUM_VERSION} - -TEST_PKGS ?= ./... -TEST_REPORT_NAME ?= results.xml -.PHONY: test -test: TEST_REPORT ?= main -test: TEST_FORMAT ?= short -test: SHELL = /bin/bash -test: bin/gotestsum ## Run tests - @mkdir -p ${BUILD_DIR}/test_results/${TEST_REPORT} - bin/gotestsum --no-summary=skipped --junitfile ${BUILD_DIR}/test_results/${TEST_REPORT}/${TEST_REPORT_NAME} --format ${TEST_FORMAT} -- $(filter-out -v,${GOARGS}) $(if ${TEST_PKGS},${TEST_PKGS},./...) - -.PHONY: test-all -test-all: ## Run all tests - @${MAKE} GOARGS="${GOARGS} -run .\*" TEST_REPORT=all test - -.PHONY: test-integration -test-integration: ## Run integration tests - @${MAKE} GOARGS="${GOARGS} -tags=integration" TEST_REPORT=integration test - -.PHONY: test-sdk-integration -test-sdk-integration: ## Run integration tests in sdk package - @${MAKE} GOARGS="${GOARGS} -tags=integration" TEST_REPORT=integration test-sdk - -bin/jq: bin/jq-${JQ_VERSION} - @ln -sf jq-${JQ_VERSION} bin/jq -bin/jq-${JQ_VERSION}: - @mkdir -p bin -ifeq (${OS}, Darwin) - curl -L https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-osx-amd64 > ./bin/jq-${JQ_VERSION} && chmod +x ./bin/jq-${JQ_VERSION} -endif -ifeq (${OS}, Linux) - curl -L https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 > ./bin/jq-${JQ_VERSION} && chmod +x ./bin/jq-${JQ_VERSION} -endif - -.PHONY: list -list: ## List all make targets - @$(MAKE) -pRrn : -f $(MAKEFILE_LIST) 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | sort - -.PHONY: help -.DEFAULT_GOAL := help -help: - @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' - -# Variable outputting/exporting rules -var-%: ; @echo $($*) -varexport-%: ; @echo $*=$($*) - - -.PHONY: generate-code -generate-code: ## Regenerate clientset, deepcopy funcs, listers and informers - ./scripts/update-codegen.sh v${CODE_GENERATOR_VERSION} - -bin/controller-gen-${CONTROLLER_GEN_VERSION}: - @mkdir -p bin - set -ex ;\ - CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ - cd $$CONTROLLER_GEN_TMP_DIR ;\ - go mod init tmp ;\ - GOBIN=$(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION}-bin/ go install sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_GEN_VERSION} ;\ - mv $(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION}-bin/controller-gen $(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION} ;\ - rm -rf $(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION}-bin ;\ - rm -rf $$CONTROLLER_GEN_TMP_DIR - -bin/controller-gen: bin/controller-gen-${CONTROLLER_GEN_VERSION} - ln -sf $(PWD)/bin/controller-gen-${CONTROLLER_GEN_VERSION} bin/controller-gen - -.PHONY: generate-crds -generate-crds: bin/controller-gen ## Regenerate CRDs in the Helm chart and examples - bin/controller-gen crd:maxDescLen=0 paths=./... output:crd:artifacts:config=./deploy/ - cp deploy/vault.banzaicloud.com_vaults.yaml charts/vault-operator/crds/crd.yaml - cp deploy/vault.banzaicloud.com_vaults.yaml deploy/crd.yaml - rm deploy/vault.banzaicloud.com_vaults.yaml diff --git a/scripts/misspell-check.sh b/scripts/misspell-check.sh deleted file mode 100755 index a3becdf7..00000000 --- a/scripts/misspell-check.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -# misspell -bad_files=$(echo $PKGS | xargs $MISSPELL) -echo $bad_files -if [[ -n "${bad_files}" ]]; then - echo "✖ misspell needs to be run on the following files: " - echo "${bad_files}" - exit 1 -fi diff --git a/scripts/release-charts.sh b/scripts/release-charts.sh deleted file mode 100755 index e53f53e5..00000000 --- a/scripts/release-charts.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -for chart in vault vault-operator vault-secrets-webhook -do - version=$(grep version: ./charts/${chart}/Chart.yaml | cut -f2 -d' ') - git tag chart/${chart}/${version} - git push origin chart/${chart}/${version} -done