Merge branch 'master' into add-gitleaks

litmuschaos · May 17, 2024 · 9d6dfb2 · 9d6dfb2
2 parents a4c3107 + 2b2646e
commit 9d6dfb2
Show file tree

Hide file tree

Showing 74 changed files with 7,878 additions and 4,763 deletions.
diff --git a/.bettercodehub.yml b/.bettercodehub.yml
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -2,4 +2,4 @@
 # Each line is a file pattern followed by one or more owners.
 
 # These owners will be the default owners for everything in the repo.
-*           @rahulchheda @ksatchit @chandankumar4 @rajdas98
+*           @rahulchheda @ksatchit @chandankumar4 @rajdas98 
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,7 +11,7 @@ jobs:
       # Install golang
       - uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.20.0
 
       # Checkout to the latest commit
       # On specific directory/path
@@ -22,10 +22,32 @@ jobs:
         run: make gofmt-check
 
       - name: golangci-lint
-        uses: reviewdog/action-golangci-lint@v1
+        uses: reviewdog/action-golangci-lint@v2
 
       - name: unused-package check
         run: make unused-package-check
+
+  trivy:
+    needs: pre-checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -f build/Dockerfile -t docker.io/litmuschaos/chaos-operator:${{ github.sha }} . --build-arg TARGETPLATFORM=linux/amd64
+      
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/litmuschaos/chaos-operator:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'        
 
   gitleaks-scan:
     runs-on: ubuntu-latest
@@ -72,7 +94,7 @@ jobs:
       # Install golang
       - uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.20.0
 
       # Checkout to the latest commit
       # On specific directory/path
@@ -84,7 +106,7 @@ jobs:
         env: 
           KUBECONFIG: /etc/rancher/k3s/k3s.yaml
         run: |
-          curl -sfL https://get.k3s.io | sh -s - --docker --write-kubeconfig-mode 664
+          curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.20.14-rc1+k3s1 sh -s - --docker --write-kubeconfig-mode 664
           kubectl wait node --all --for condition=ready --timeout=90s
           mkdir -p $HOME/.kube
           cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
@@ -107,4 +129,5 @@ jobs:
 
       - name: Running Go BDD Test
         run: |
+          go mod tidy
           make test
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -19,7 +19,7 @@ jobs:
 
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.13.1'
+          go-version: 1.20.0
 
       - name: Setting up GOPATH 
         run: |
@@ -61,12 +61,14 @@ jobs:
       - name: Installing Prerequisites (KinD Cluster)
         uses: engineerd/[email protected]
         with:
-            version: "v0.7.0"
+            version: "v0.22.0"
 
       - name: Configuring and testing kind Installation
         run: |
-          kubectl cluster-info --context kind-kind
-          kind get kubeconfig --internal >$HOME/.kube/config
+          kubectl cluster-info
+          kubectl get pods -n kube-system
+          echo "current-context:" $(kubectl config current-context)
+          echo "environment-kubeconfig:" ${KUBECONFIG}
           kubectl get nodes
 
       - name: Load image on the nodes of the cluster
@@ -76,7 +78,7 @@ jobs:
       - name: Getting litmus-e2e repository
         run: |
           cd ${GOPATH}/src/github.com/litmuschaos/
-          git clone https://github.com/litmuschaos/litmus-e2e.git -b generic
+          git clone https://github.com/litmuschaos/litmus-e2e.git -b master
 
       - name: Install LitmusChaos
         run: | 
@@ -93,7 +95,7 @@ jobs:
         run: |
           export PATH=$PATH:$(go env GOPATH)/bin
           cd ${GOPATH}/src/github.com/litmuschaos/litmus-e2e
-          go test operator/admin-mode_test.go -v -count=1
+          go test components/operator/admin-mode_test.go -v -count=1
         env:
           KUBECONFIG: /home/runner/.kube/config           
 
@@ -102,7 +104,7 @@ jobs:
         run: |
           export PATH=$PATH:$(go env GOPATH)/bin
           cd ${GOPATH}/src/github.com/litmuschaos/litmus-e2e
-          go test operator/reconcile-resiliency_test.go -v -count=1
+          go test components/operator/reconcile-resiliency_test.go -v -count=1
         env:
           KUBECONFIG: /home/runner/.kube/config           
 
@@ -150,7 +152,7 @@ jobs:
         with:
           comment-id: "${{ github.event.comment.id }}"
           body: |
-            **Test Result:** No test found
+            **Test Result:** No test found try /run-e2e-all
             **Logs:** [${{ env.RUN_ID }}](https://github.com/litmuschaos/chaos-operator/actions/runs/${{ env.RUN_ID }})
           reactions: eyes
         env: 

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -13,7 +13,7 @@ jobs:
       # Install golang
       - uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.20.0
 
       # Checkout to the latest commit
       # On specific directory/path
@@ -24,7 +24,7 @@ jobs:
         run: make gofmt-check
 
       - name: golangci-lint
-        uses: reviewdog/action-golangci-lint@v1
+        uses: reviewdog/action-golangci-lint@v2
 
       - name: unused-package check
         run: make unused-package-check
@@ -73,14 +73,14 @@ jobs:
       # Install golang
       - uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.20.0
 
       #Install and configure a kind cluster
       - name: Installing Prerequisites (K3S Cluster)
         env: 
           KUBECONFIG: /etc/rancher/k3s/k3s.yaml
         run: |
-          curl -sfL https://get.k3s.io | sh -s - --docker --write-kubeconfig-mode 664
+          curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.20.14-rc1+k3s1 sh -s - --docker --write-kubeconfig-mode 664
           kubectl wait node --all --for condition=ready --timeout=90s
           mkdir -p $HOME/.kube
           cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
@@ -100,4 +100,4 @@ jobs:
 
       - name: Running Go BDD Test
         run: |
-          make test
+          make test
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
       # Install golang
       - uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.20.0
 
       # Checkout to the latest commit
       # On specific directory/path
@@ -22,7 +22,7 @@ jobs:
         run: make gofmt-check
 
       - name: golangci-lint
-        uses: reviewdog/action-golangci-lint@v1
+        uses: reviewdog/action-golangci-lint@v2
 
       - name: unused-package check
         run: make unused-package-check
@@ -86,14 +86,14 @@ jobs:
       # Install golang
       - uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.20.0
 
       #Install and configure a kind cluster
       - name: Installing Prerequisites (K3S Cluster)
         env: 
           KUBECONFIG: /etc/rancher/k3s/k3s.yaml
         run: |
-          curl -sfL https://get.k3s.io | sh -s - --docker --write-kubeconfig-mode 664
+          curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.20.14-rc1+k3s1 sh -s - --docker --write-kubeconfig-mode 664
           kubectl wait node --all --for condition=ready --timeout=90s
           mkdir -p $HOME/.kube
           cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
@@ -113,4 +113,4 @@ jobs:
 
       - name: Running Go BDD Test
         run: |
-          make test
+          make test
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -0,0 +1,23 @@
+---
+name: Security Scan
+on:
+  workflow_dispatch:
+
+jobs:
+  trivy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -f build/Dockerfile -t docker.io/litmuschaos/chaos-operator:${{ github.sha }} . --build-arg TARGETARCH=amd64
+      
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/litmuschaos/chaos-operator:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ build/_output
 *.orig
 .idea/
 coverage.txt
+bin
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -69,6 +69,5 @@ For setting up a Development environment on your local host, see the detailed in
 
 ## Community
 
-The litmus community will have a weekly contributor sync-up on Tuesdays 16.00-16.30IST / 12.30-13.00CEST
--   The sync up meeting is held online on [Google Hangouts](https://meet.google.com/uvt-ozaw-bvp)
--   The release items are tracked in this [planning sheet](https://docs.google.com/spreadsheets/d/15svGB99bDcSTkwAYttH1QzP5WJSb-dFKbPzl-9WqmXM). 
+The litmus community will have a monthly community sync-up on 3rd Wednesday 22.00-23.00IST / 18.30-19.30CEST
+-  The community meeting details are available [here](https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q). Please feel free to join the community meeting.
diff --git a/LICENSE b/LICENSE
@@ -178,7 +178,7 @@
    APPENDIX: How to apply the Apache License to your work.
 
       To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
+      boilerplate notice, with the fields enclosed by brackets "{}"
       replaced with your own identifying information. (Don't include
       the brackets!)  The text should be enclosed in the appropriate
       comment syntax for the file format. We also recommend that a
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/Makefile b/Makefile
@@ -72,20 +72,41 @@ gofmt-check:
 .PHONY: build-chaos-operator
 build-chaos-operator:
 	@echo "-------------------------"
-	@echo "--> Build go-runner image" 
+	@echo "--> Build go-runner image"
 	@echo "-------------------------"
-	@docker buildx build --file build/Dockerfile --progress plane  --no-cache --platform linux/arm64,linux/amd64 --tag $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) .
+	@docker buildx build --file build/Dockerfile --progress plain  --no-cache --platform linux/arm64,linux/amd64 --tag $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) .
 
 .PHONY: push-chaos-operator
 push-chaos-operator:
 	@echo "------------------------------"
-	@echo "--> Pushing image" 
+	@echo "--> Pushing image"
 	@echo "------------------------------"
-	@docker buildx build --file build/Dockerfile --progress plane --no-cache --push --platform linux/arm64,linux/amd64 --tag $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) .
+	@docker buildx build --file build/Dockerfile --progress plain --no-cache --push --platform linux/arm64,linux/amd64 --tag $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) .
 
 .PHONY: build-amd64
 build-amd64:
 	@echo "-------------------------"
-	@echo "--> Build go-runner image" 
+	@echo "--> Build go-runner image"
 	@echo "-------------------------"
-	@docker build -f build/Dockerfile  --no-cache -t $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) .  --build-arg TARGETPLATFORM="linux/amd64"
+	@docker build -f build/Dockerfile  --no-cache -t $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) .  --build-arg TARGETPLATFORM="linux/amd64"
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+CONTROLLER_TOOLS_VERSION ?= v0.9.0
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,4 @@ build/_output @@
     *.orig
     .idea/
     coverage.txt
+    bin