diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..f43c59f --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + "helpers:pinGitHubActionDigests", + ":semanticCommits" + ], + "rebaseWhen": "conflicted", + "prConcurrentLimit": 5, + "baseBranches": ["main"], + "labels": ["automated"], + "customManagers": [ + { + "customType": "regex", + "description": "Bump up version in the Makefile", + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "UP_VERSION = (?.*?)\\n" + ], + "datasourceTemplate": "github-releases", + "depNameTemplate": "upbound/up", + }, { + "customType": "regex", + "description": "Bump uptest version in the Makefile", + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "UPTEST_VERSION = (?.*?)\\n" + ], + "datasourceTemplate": "github-releases", + "depNameTemplate": "upbound/uptest", + }, { + "customType": "regex", + "description": "Bump providers/functions/configurations in crossplane.yaml", + "fileMatch": ["crossplane.yaml"], + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?[^\\s]+)\\s+depName=(?[^\\s]+)\\s*\\n\\s*version:\\s*\"(?[^\"]+)\"" + ], + "datasourceTemplate": "{{{datasource}}}", + "depNameTemplate": "{{{depName}}}", + } + ], +} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..1e6392a --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,77 @@ +name: CI + +on: + push: + branches: + - main + - release-* + workflow_dispatch: {} + +env: + DOCKER_BUILDX_VERSION: 'v0.8.2' + + XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} + +jobs: + detect-noop: + runs-on: ubuntu-22.04 + outputs: + noop: ${{ steps.noop.outputs.should_skip }} + steps: + - name: Detect No-op Changes + id: noop + uses: fkirc/skip-duplicate-actions@v2.0.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + paths_ignore: '["**.md", "**.png", "**.jpg"]' + do_not_skip: '["workflow_dispatch", "schedule", "push"]' + + publish-artifacts: + runs-on: ubuntu-22.04 + needs: detect-noop + if: needs.detect-noop.outputs.noop != 'true' + + steps: + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: ${{ env.DOCKER_BUILDX_VERSION }} + install: true + + - name: Checkout + uses: actions/checkout@v2 + with: + submodules: true + + - name: Fetch History + run: git fetch --prune --unshallow + + - name: Build Artifacts + run: make -j2 build.all + env: + # We're using docker buildx, which doesn't actually load the images it + # builds by default. Specifying --load does so. + BUILD_ARGS: "--load" + + - name: Publish Artifacts to GitHub + uses: actions/upload-artifact@v2 + with: + name: output + path: _output/** + + - name: Login to Upbound + uses: docker/login-action@v1 + if: env.XPKG_ACCESS_ID != '' + with: + registry: xpkg.upbound.io + username: ${{ secrets.XPKG_ACCESS_ID }} + password: ${{ secrets.XPKG_TOKEN }} + + - name: Publish Artifacts + if: env.XPKG_ACCESS_ID != '' + run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml new file mode 100644 index 0000000..c1ccfd4 --- /dev/null +++ b/.github/workflows/e2e.yaml @@ -0,0 +1,14 @@ +name: End to End Testing + +on: + issue_comment: + types: [created] + +jobs: + e2e: + uses: upbound/uptest/.github/workflows/pr-comment-trigger.yml@main + with: + package-type: configuration + secrets: + UPTEST_CLOUD_CREDENTIALS: ${{ secrets.UPTEST_CLOUD_CREDENTIALS }} + UPTEST_DATASOURCE: ${{ secrets.UPTEST_DATASOURCE }} diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 0000000..96a8af7 --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,26 @@ +name: Tag + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version (e.g. v0.1.0)' + required: true + message: + description: 'Tag message' + required: true + +jobs: + create-tag: + runs-on: ubuntu-22.04 + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Create Tag + uses: negz/create-tag@v1 + with: + version: ${{ github.event.inputs.version }} + message: ${{ github.event.inputs.message }} + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml new file mode 100644 index 0000000..54684f4 --- /dev/null +++ b/.github/workflows/yamllint.yaml @@ -0,0 +1,15 @@ +name: yamllint +on: [pull_request] +jobs: + yamllint: + name: runner / yamllint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: yamllint + uses: reviewdog/action-yamllint@e419e43894e391d358ebf996800673d72de6c69b # v1.11.0 + with: + reporter: github-pr-review + filter_mode: nofilter + yamllint_flags: 'apis/' + fail_on_error: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3093c06 --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +init +/.cache +/.work +/_output +/results +/.idea + +*.xpkg +kubeconfig diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..669c864 --- /dev/null +++ b/.yamllint @@ -0,0 +1,5 @@ +extends: default + +rules: + line-length: disable + document-start: disable diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0618f58 --- /dev/null +++ b/Makefile @@ -0,0 +1,87 @@ +# Project Setup +PROJECT_NAME := platform-ref-upbound-spaces +PROJECT_REPO := github.com/upbound/$(PROJECT_NAME) + +# NOTE(hasheddan): the platform is insignificant here as Configuration package +# images are not architecture-specific. We constrain to one platform to avoid +# needlessly pushing a multi-arch image. +PLATFORMS ?= linux_amd64 +-include build/makelib/common.mk + +# ==================================================================================== +# Setup Kubernetes tools + +UP_VERSION = v0.24.1 +UP_CHANNEL = stable +UPTEST_VERSION = v0.11.0 + +-include build/makelib/k8s_tools.mk +# ==================================================================================== +# Setup XPKG + +# NOTE(jastang): Configurations deployed in Upbound do not currently follow +# certain conventions such as the default examples root or package directory. +XPKG_DIR = $(shell pwd) +XPKG_EXAMPLES_DIR = .up/examples +XPKG_IGNORE = .github/workflows/*.yml,.github/workflows/*.yaml,init/*.yaml,examples/flux/*.yaml,examples/*.yaml,examples/argocd/*.yaml,.work/uptest-datasource.yaml + +XPKG_REG_ORGS ?= xpkg.upbound.io/upbound +# NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are +# inferred. +XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/upbound +XPKGS = $(PROJECT_NAME) +-include build/makelib/xpkg.mk + +CROSSPLANE_NAMESPACE = upbound-system +CROSSPLANE_ARGS = "--enable-usages" +-include build/makelib/local.xpkg.mk +-include build/makelib/controlplane.mk + +# ==================================================================================== +# Targets + +# run `make help` to see the targets and options + +# We want submodules to be set up the first time `make` is run. +# We manage the build/ folder and its Makefiles as a submodule. +# The first time `make` is run, the includes of build/*.mk files will +# all fail, and this target will be run. The next time, the default as defined +# by the includes will be run instead. +fallthrough: submodules + @echo Initial setup complete. Running make again . . . + @make + +# Update the submodules, such as the common build scripts. +submodules: + @git submodule sync + @git submodule update --init --recursive + +# We must ensure up is installed in tool cache prior to build as including the k8s_tools machinery prior to the xpkg +# machinery sets UP to point to tool cache. +build.init: $(UP) + +# ==================================================================================== +# End to End Testing + +# This target requires the following environment variables to be set: +# $ export UPTEST_CLOUD_CREDENTIALS=$(echo "AWS='$(cat ~/.aws/credentials)'\nAZURE='$(cat ~/.azure/credentials.json)'\nGCP='$(cat ~/.gcloud/credentials.json)") +uptest: $(UPTEST) $(KUBECTL) $(KUTTL) + @$(INFO) running automated tests + @KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) $(UPTEST) e2e "${UPTEST_EXAMPLE_LIST}" --data-source="${UPTEST_DATASOURCE_PATH}" --setup-script=test/setup.sh --default-timeout=4800 || $(FAIL) + @$(OK) running automated tests + +# This target requires the following environment variables to be set: +# $ export UPTEST_CLOUD_CREDENTIALS=$(echo "AWS='$(cat ~/.aws/credentials)'\nAZURE='$(cat ~/.azure/credentials.json)'\nGCP='$(cat ~/.gcloud/credentials.json)") +e2e: build controlplane.up local.xpkg.deploy.configuration.$(PROJECT_NAME) uptest + +render: + crossplane beta render examples/aws-cluster.yaml apis/composition.yaml examples/functions.yaml -r + crossplane beta render examples/azure-cluster.yaml apis/composition.yaml examples/functions.yaml -r + crossplane beta render examples/space.yaml apis/composition.yaml examples/functions.yaml -r + +yamllint: + @$(INFO) running yamllint + @yamllint ./apis || $(FAIL) + @$(OK) running yamllint + +.PHONY: uptest e2e render yamllint \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..f72f714 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# platform-ref-upbound-spaces diff --git a/crossplane.yaml b/crossplane.yaml new file mode 100644 index 0000000..127dafe --- /dev/null +++ b/crossplane.yaml @@ -0,0 +1,34 @@ +apiVersion: meta.pkg.crossplane.io/v1 +kind: Configuration +metadata: + name: platform-ref-upbound-spaces + annotations: + meta.crossplane.io/maintainer: The platform-ref-upbound-spaces Configuration + meta.crossplane.io/source: github.com/upbound/platform-ref-upbound-spaces + meta.crossplane.io/license: Apache-2.0 + meta.crossplane.io/description: | + This platform-ref-upbound-spaces configuration offers upbound space installation. +spec: + crossplane: + version: ">=v1.14.1-0" + dependsOn: + - configuration: xpkg.upbound.io/upbound/configuration-aws-network + # renovate: datasource=github-releases depName=upbound/configuration-aws-network + version: "v0.11.0" + - configuration: xpkg.upbound.io/upbound/configuration-aws-eks + # renovate: datasource=github-releases depName=upbound/configuration-aws-eks + version: "v0.9.0" + - configuration: xpkg.upbound.io/upbound/configuration-azure-network + # renovate: datasource=github-releases depName=upbound/configuration-azure-network + version: "v0.6.0" + - configuration: xpkg.upbound.io/upbound/configuration-azure-aks + # renovate: datasource=github-releases depName=upbound/configuration-azure-aks + version: "v0.5.0" + - configuration: xpkg.upbound.io/upbound/configuration-gcp-network + # renovate: datasource=github-releases depName=upbound/configuration-gcp-network + version: "v0.3.0" + - configuration: xpkg.upbound.io/upbound/configuration-gcp-gke + # renovate: datasource=github-releases depName=upbound/configuration-gcp-gke + version: "v0.3.0" + - function: xpkg.upbound.io/upboundcare/function-conditional-patch-and-transform + version: "v0.4.0" diff --git a/test/setup.sh b/test/setup.sh new file mode 100755 index 0000000..5e2f384 --- /dev/null +++ b/test/setup.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +set -aeuo pipefail + +UPTEST_GCP_PROJECT=${UPTEST_GCP_PROJECT:-official-provider-testing} + +echo "Running setup.sh" +echo "Waiting until all configuration packages are healthy/installed..." +"${KUBECTL}" wait configuration.pkg --all --for=condition=Healthy --timeout 10m +"${KUBECTL}" wait configuration.pkg --all --for=condition=Installed --timeout 10m +"${KUBECTL}" wait configurationrevisions.pkg --all --for=condition=Healthy --timeout 10m + +echo "Waiting until all installed provider packages are healthy..." +"${KUBECTL}" wait provider.pkg --all --for condition=Healthy --timeout 10m + +echo "Waiting for all pods to come online..." +"${KUBECTL}" -n upbound-system wait --for=condition=Available deployment --all --timeout=5m + +echo "Waiting for all XRDs to be established..." +"${KUBECTL}" wait xrd --all --for condition=Established + +if [[ -n "${UPTEST_CLOUD_CREDENTIALS:-}" ]]; then + eval "${UPTEST_CLOUD_CREDENTIALS}" + + if [[ -n "${AWS:-}" ]]; then + echo "Creating the AWS default cloud credentials secret..." + ${KUBECTL} -n upbound-system create secret generic aws-creds --from-literal=credentials="${AWS}" --dry-run=client -o yaml | ${KUBECTL} apply -f - + + echo "Creating the AWS default provider config..." + cat <