Skip to content

Commit

Permalink
chore(oauth): Refactor Command Issuer to use kubebuilder v4 & impleme…
Browse files Browse the repository at this point in the history
…nt oauth/WI as auth mechanism (#28)

* chore(oauth): Refactor Command Issuer to use kubebuilder v4 & implement oauth/WI as auth mechanism
* chore(crd): Update chart crds
* chore(informer): Configure controller-runtime to not use shared list+watch informer for secrets
* chore(docs): Document Azure Workload Identity

---------

Signed-off-by: Hayden Roszell <hroszell@gmail.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
  • Loading branch information
m8rmclaren and Keyfactor authored Jan 9, 2025
1 parent 31dd7dd commit e6f1cd4
Show file tree
Hide file tree
Showing 85 changed files with 5,225 additions and 4,086 deletions.
1 change: 0 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
# Ignore build and test binaries.
bin/
testbin/
74 changes: 74 additions & 0 deletions .github/workflows/helm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Build and Release
on:
push:
branches:
- '*'
pull_request:
branches:
- 'v*'
types:
# action should run when the pull request is closed
# (regardless of whether it was merged or just closed)
- closed
# Make sure the action runs every time new commits are
# pushed to the pull request's branch
- synchronize

env:
REGISTRY: ghcr.io

jobs:
helm:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
# Checkout code
# https://github.com/actions/checkout
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

# Extract metadata (tags, labels) to use in Helm chart
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

# Set version from DOCKER_METADATA_OUTPUT_VERSION as environment variable
- name: Set Version
run: |
echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:1}" >> $GITHUB_ENV
# Change version and appVersion in Chart.yaml to the tag in the closed PR
- name: Update Helm App/Chart Version
shell: bash
run: |
sed -i "s/^version: .*/version: ${{ env.VERSION }}/g" deploy/charts/command-cert-manager-issuer/Chart.yaml
sed -i "s/^appVersion: .*/appVersion: \"${{ env.DOCKER_METADATA_OUTPUT_VERSION }}\"/g" deploy/charts/command-cert-manager-issuer/Chart.yaml
# Setup Helm
# https://github.com/Azure/setup-helm
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
token: ${{ secrets.GITHUB_TOKEN }}

# Helm requires an ident name to be set for chart-releaser to work
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
# Build and release Helm chart to GitHub Pages
# https://github.com/helm/chart-releaser-action
- name: Run chart-releaser
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
with:
charts_dir: deploy/charts
59 changes: 59 additions & 0 deletions .github/workflows/keyfactor-bootstrap-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Keyfactor Bootstrap Workflow

on:
workflow_dispatch:
pull_request:
types: [opened, closed, synchronize, edited, reopened]
push:
create:
branches:
- 'release-*.*'

jobs:

build:
name: Build and Lint
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
cache: true
- run: go mod download
- run: go build -v ./cmd/main.go
# - name: Run linters
# uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
# with:
# version: latest

test:
name: Go Test
needs: build
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up Go 1.x
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
cache: true
- run: go mod download
- name: Run go test
run: go test -v ./...

call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@v3
needs: test
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
scan_token: ${{ secrets.SAST_TOKEN }}
docker-user: ${{ secrets.DOCKER_USER }}
docker-token: ${{ secrets.DOCKER_PWD }}

213 changes: 0 additions & 213 deletions .github/workflows/release.yml

This file was deleted.

42 changes: 0 additions & 42 deletions .github/workflows/test.yml

This file was deleted.

Loading

0 comments on commit e6f1cd4

Please sign in to comment.