Initial implementation

Signed-off-by: Tamal Saha <[email protected]>

.github/.kodiak.toml

@@ -0,0 +1,18 @@
+version = 1
+
+[merge]
+method = "squash" # default: "merge"
+delete_branch_on_merge = true # default: false
+optimistic_updates = true # default: true
+prioritize_ready_to_merge = true # default: false
+
+[merge.message]
+title = "pull_request_title" # default: "github_default"
+body = "github_default" # default: "github_default"
+strip_html_comments = true # default: false
+
+[update]
+always = true # default: false
+
+[approve]
+auto_approve_usernames = ["1gtm", "tamalsaha"]

.github/workflows/ci.yml

@@ -0,0 +1,101 @@
+name: CI
+
+on:
+  pull_request:
+    branches:
+      - "*"
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Set up Go 1.23
+        uses: actions/setup-go@v1
+        with:
+          go-version: '1.23'
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+
+      - name: Prepare Host
+        run: |
+          sudo apt-get -qq update || true
+          sudo apt-get install -y bzr
+          # install yq
+          curl -fsSL -o yqq https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64
+          chmod +x yqq
+          sudo mv yqq /usr/local/bin/yqq
+          pipx install yq
+          # install kubectl
+          curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.1/bin/linux/amd64/kubectl
+          chmod +x ./kubectl
+          sudo mv ./kubectl /usr/local/bin/kubectl
+
+      - name: Run checks
+        run: |
+          ./hack/scripts/update-chart-dependencies.sh
+          make ci
+
+  kubernetes:
+    name: Kubernetes
+    runs-on: ubuntu-24.04
+    needs: build
+    strategy:
+      matrix:
+        k8s: [v1.26.15, v1.27.16, v1.28.9, v1.29.7, v1.30.3, v1.31.0]
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Install yq
+        run: |
+          curl -fsSL -o yqq https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64
+          chmod +x yqq
+          sudo mv yqq /usr/local/bin/yqq
+
+      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+        id: kind
+        uses: engineerd/[email protected]
+        with:
+          version: v0.25.0
+          image: kindest/node:${{ matrix.k8s }}
+
+      - name: Prepare cluster for testing
+        id: local-path
+        env:
+          USERNAME: 1gtm
+          REGISTRY_SECRET: regcred
+        run: |
+          echo "waiting for nodes to be ready ..."
+          kubectl wait --for=condition=Ready nodes --all --timeout=5m
+          kubectl get nodes
+          echo
+          echo "install helm 3"
+          pushd /usr/local/bin && sudo curl -fsSLO https://github.com/x-helm/helm/releases/latest/download/helm && sudo chmod +x helm && popd
+
+      - name: Issue License
+        env:
+          BYTEBUILDERS_LICENSE_TOKEN: ${{ secrets.BYTEBUILDERS_LICENSE_TOKEN }}
+        run: |
+          export KUBECONFIG="${HOME}/.kube/config"
+          CLUSTER_UID=$(kubectl get ns kube-system -o=jsonpath='{.metadata.uid}')
+          LICENSE_KEY=$(curl -X POST -d "name=1gtm&[email protected]&product=kubevault-enterprise&cluster=${CLUSTER_UID}&tos=true&token=${BYTEBUILDERS_LICENSE_TOKEN}" https://license-issuer.appscode.com/issue-license)
+          echo "${LICENSE_KEY}" > /tmp/license.txt
+          # ref: https://github.com/mikefarah/yq/issues/230#issuecomment-487458629
+          # yqq w -i ./charts/kubevault-operator/ci/ci-values.yaml license --tag '!!str' -- "${LICENSE_KEY}"
+          # yqq w -i ./charts/kubevault-webhook-server/ci/ci-values.yaml license --tag '!!str' -- "${LICENSE_KEY}"
+
+      - name: Test charts
+        run: |
+          export KUBECONFIG="${HOME}/.kube/config"
+          ./hack/scripts/update-chart-dependencies.sh
+          ./hack/scripts/ct.sh

.github/workflows/cve-report.yml

@@ -0,0 +1,73 @@
+name: cve-report
+
+on:
+  schedule:
+    - cron: '0 17 * * *'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  report:
+    name: Report
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.23'
+
+    - name: Prepare git
+      env:
+        GITHUB_USER: 1gtm
+        GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+      run: |
+        set -x
+        git config --global user.name "1gtm"
+        git config --global user.email "[email protected]"
+        git config --global \
+          url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf \
+          "https://github.com"
+        # git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
+
+    - name: Install trivy
+      run: |
+        # wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
+        # sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
+        sudo apt-get install -y --no-install-recommends wget apt-transport-https gnupg lsb-release
+        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+        echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+        sudo apt-get update
+        sudo apt-get install -y --no-install-recommends trivy
+
+    - name: Install image packer
+      run: |
+        cd /tmp
+        curl -fsSL -O https://github.com/kmodules/image-packer/releases/latest/download/image-packer-linux-amd64.tar.gz
+        tar -xvf image-packer-linux-amd64.tar.gz
+        chmod +x image-packer-linux-amd64
+        sudo mv image-packer-linux-amd64 /usr/local/bin/image-packer
+
+    - name: Generate report
+      run: |
+        image-packer generate-cve-report \
+            --output-dir=catalog \
+            --src=catalog/imagelist.yaml
+        git add catalog/README.md || true
+        git commit -s -a -m "Update cve report $(date --rfc-3339=date)"
+
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v6
+      with:
+        token: ${{ secrets.LGTM_GITHUB_TOKEN }}
+        title: Update cve report
+        branch: update-cve-report
+        delete-branch: true
+        add-paths: |
+          catalog/README.md
+        labels: |
+          automerge

.github/workflows/publish-oci.yml

@@ -0,0 +1,60 @@
+name: OCI
+
+on:
+  push:
+    tags:
+      - "*.*"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-oci
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Log in to the GitHub Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: 1gtm
+          password: ${{ secrets.LGTM_GITHUB_TOKEN }}
+
+      - name: Install Helm 3
+        run: |
+          pushd /usr/local/bin && sudo curl -fsSLO https://github.com/x-helm/helm/releases/latest/download/helm && sudo chmod +x helm && popd
+
+      - name: Clone charts repository
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+          CHART_REPOSITORY: github.com/appscode/charts
+        run: |
+          url="https://${GITHUB_USER}:${GITHUB_TOKEN}@${CHART_REPOSITORY}.git"
+          cd $RUNNER_WORKSPACE
+          git clone $url
+          cd $(basename $CHART_REPOSITORY)
+          git config user.name "${GITHUB_USER}"
+          git config user.email "${GITHUB_USER}@appscode.com"
+
+      - name: Publish OCI charts
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+          CHART_REPOSITORY: github.com/appscode/charts
+        run: |
+          export REGISTRY_0=oci://ghcr.io/appscode-charts
+          ./hack/scripts/update-chart-dependencies.sh
+          $RUNNER_WORKSPACE/$(basename $CHART_REPOSITORY)/hack/scripts/publish-oci-charts.sh $(pwd)

.github/workflows/release-tracker.yml

@@ -0,0 +1,41 @@
+name: release-tracker
+
+on:
+  pull_request:
+    types: [closed]
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Prepare git
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+        run: |
+          git config --global user.name "${GITHUB_USER}"
+          git config --global user.email "${GITHUB_USER}@appscode.com"
+          git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
+
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
+          sudo mv bin/hub /usr/local/bin
+
+      - name: Update release tracker
+        if: |
+          github.event.action == 'closed' &&
+          github.event.pull_request.merged == true
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+        run: |
+          ./hack/scripts/update-release-tracker.sh

.github/workflows/release.yml

@@ -0,0 +1,55 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "*.*"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-release
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
+          sudo mv bin/hub /usr/local/bin
+
+      - name: Install Helm 3
+        run: |
+          pushd /usr/local/bin && sudo curl -fsSLO https://github.com/x-helm/helm/releases/latest/download/helm && sudo chmod +x helm && popd
+
+      - name: Clone charts repository
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+          CHART_REPOSITORY: ${{ secrets.CHART_REPOSITORY }}
+        run: |
+          url="https://${GITHUB_USER}:${GITHUB_TOKEN}@${CHART_REPOSITORY}.git"
+          cd $RUNNER_WORKSPACE
+          git clone $url
+          cd $(basename $CHART_REPOSITORY)
+          git config user.name "${GITHUB_USER}"
+          git config user.email "${GITHUB_USER}@appscode.com"
+
+      - name: Package
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+          CHART_REPOSITORY: ${{ secrets.CHART_REPOSITORY }}
+        run: |
+          ./hack/scripts/update-chart-dependencies.sh
+          cd $RUNNER_WORKSPACE/$(basename $CHART_REPOSITORY)
+          GIT_TAG=${GITHUB_REF#"refs/tags/"}
+          if [[ $GIT_TAG =~ "-alpha." ]] || [[ $GIT_TAG =~ "-beta." ]]; then
+            export REPO_DIR=testing
+          fi
+          ./hack/scripts/open-pr.sh $GITHUB_WORKSPACE

.gitignore

@@ -0,0 +1,41 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+/bin
+/.go
+
+/.crds
+/.idea
+/.markdownlint.json
+/.vscode
+/apiserver.local.config
+/coverage.txt
+/dist
+/hack/config/.env
+/test/e2e/junit.xml
+/test/e2e/report.xml
+
+.terraform
+*.tfstate*
+
+/charts/kubevault/charts
+/charts/kubevault-opscenter/charts