rebase, maybe [skip ci]

.codespellrc

@@ -0,0 +1,6 @@
+# Lint Codespell configurations
+[codespell]
+skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md,.playwright,.terraform
+ignore-words-list = NotIn,AKS,LICENS,aks
+enable-colors =
+check-hidden =

.eslintrc.json

@@ -3,21 +3,38 @@
     "browser": false,
     "es2021": true
   },
-  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended"
+  ],
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
-    "project": ["./tsconfig.json"],
+    "project": [
+      "./tsconfig.json"
+    ],
     "ecmaVersion": 2022
   },
-  "plugins": ["@typescript-eslint"],
-  "ignorePatterns": ["node_modules", "dist", "jest.*.js"],
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "ignorePatterns": [
+    "node_modules",
+    "dist",
+    "jest.*.js",
+    "e2e/"
+  ],
   "root": true,
   "rules": {
-    "@typescript-eslint/no-floating-promises": ["error"]
+    "@typescript-eslint/no-floating-promises": [
+      "error"
+    ]
   },
   "overrides": [
     {
-      "files": [ "src/pepr/operator/crd/generated/**/*.ts", "src/pepr/operator/crd/generated/*.ts" ],
+      "files": [
+        "src/pepr/operator/crd/generated/**/*.ts",
+        "src/pepr/operator/crd/generated/*.ts"
+      ],
       "rules": {
         "@typescript-eslint/no-explicit-any": "off"
       }

.github/actions/debug-output/action.yaml

@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: debug-output
 description: "Print out basic debug info for a k8s cluster"
 
@@ -7,18 +10,18 @@ runs:
     - name: Print basic debug info for a k8s cluster
       run: |
         echo "::group::kubectl get all"
-        uds zarf tools kubectl get all -A | tee /tmp/debug-k-get-all.log
+        uds zarf tools kubectl get all -A | tee /tmp/debug-k-get-all.log || true
         echo "::endgroup::"
         echo "::group::kubectl get pv,pvc"
-        uds zarf tools kubectl get pv,pvc -A | tee /tmp/debug-k-get-pv-pvc.log
+        uds zarf tools kubectl get pv,pvc -A | tee /tmp/debug-k-get-pv-pvc.log || true
         echo "::endgroup::"
         echo "::group::kubectl get package"
-        uds zarf tools kubectl get package -A | tee /tmp/debug-k-get-package.log
+        uds zarf tools kubectl get package -A | tee /tmp/debug-k-get-package.log || true
         echo "::endgroup::"
         echo "::group::kubectl get events"
-        uds zarf tools kubectl get events -A --sort-by='.lastTimestamp' | tee /tmp/debug-k-get-events.log
+        uds zarf tools kubectl get events -A --sort-by='.lastTimestamp' | tee /tmp/debug-k-get-events.log || true
         echo "::endgroup::"
         echo "::group::kubectl describe nodes"
-        uds zarf tools kubectl describe nodes k3d-uds-server-0 | tee /tmp/debug-k-describe-node.log
+        uds zarf tools kubectl describe nodes | tee /tmp/debug-k-describe-node.log || true
         echo "::endgroup::"
       shell: bash

.github/actions/lint-check/action.yaml

@@ -0,0 +1,22 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: lint-check
+description: "Check Project for Linting Errors"
+
+runs:
+  using: composite
+  steps:
+    - name: Use Node.js latest
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version: 20
+    - name: Set up Homebrew
+      uses: Homebrew/actions/setup-homebrew@master
+    - name: Install UDS CLI
+      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+      run: brew install defenseunicorns/tap/[email protected]
+      shell: bash
+    - name: Run Formatting Checks
+      run: uds run lint-check --no-progress
+      shell: bash

.github/actions/notify-lula/action.yaml

@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: Notify Lula
 description: "Comment on PR to notify Lula Team"
 

.github/actions/save-logs/action.yaml

@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: save-logs
 description: "Save debug logs"
 
@@ -34,7 +37,13 @@ runs:
         sudo chown $USER /tmp/uds-*.log || echo ""
       shell: bash
 
-    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+    - name: Move Playwright Artifacts
+      run: |
+        sudo mkdir -p /tmp/playwright
+        sudo mv e2e/playwright/.playwright/* /tmp/playwright || true
+      shell: bash
+
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
       with:
         name: debug-log${{ inputs.suffix }}
         path: |
@@ -44,3 +53,5 @@ runs:
           /tmp/debug-*.log
           /tmp/uds-containerd-logs
           /tmp/k3d-uds-*.log
+          /tmp/playwright/output
+          /tmp/playwright/reports

.github/actions/setup/action.yaml

@@ -1,15 +1,18 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 # action.yml
 name: "Setup Environment"
 description: "UDS Environment Setup"
 inputs:
   ghToken:
-    description: 'GITHUB_TOKEN'
+    description: "GITHUB_TOKEN"
     required: true
   registry1Username:
-    description: 'IRON_BANK_ROBOT_USERNAME'
+    description: "IRON_BANK_ROBOT_USERNAME"
     required: true
   registry1Password:
-    description: 'IRON_BANK_ROBOT_PASSWORD'
+    description: "IRON_BANK_ROBOT_PASSWORD"
     required: true
   chainguardIdentity:
     description: "ID for Chainguard Identity"
@@ -19,27 +22,26 @@ runs:
   using: "composite"
   steps:
     - name: Use Node.js latest
-      uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version: 20
 
     - name: Install k3d
       shell: bash
-      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.7.3 bash
-
-    - name: Set up Homebrew
-      uses: Homebrew/actions/setup-homebrew@master
+      # renovate: datasource=github-tags depName=k3d-io/k3d versioning=semver
+      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.7.4 bash
 
     - name: Install UDS CLI
-      shell: bash
-      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/[email protected]
+      uses: defenseunicorns/setup-uds@b987a32bac3baeb67bfb08f5e1544e2f9076ee8a # v1.0.0
+      with:
+        # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+        version: v0.18.0
 
     - name: Install Lula
       uses: defenseunicorns/lula-action/setup@badad8c4b1570095f57e66ffd62664847698a3b9 # v0.0.1
       with:
         # renovate: datasource=github-tags depName=defenseunicorns/lula versioning=semver-coerced
-        version: v0.5.1
+        version: v0.10.0
 
     - name: Iron Bank Login
       if: ${{ inputs.registry1Username != '' }}
@@ -51,7 +53,7 @@ runs:
 
     - name: Chainguard Login
       if: ${{ inputs.chainguardIdentity != '' }}
-      uses: chainguard-dev/setup-chainctl@f52718d822dc73d21a04ef2082822c4a203163b3 # v0.2.2
+      uses: chainguard-dev/setup-chainctl@598499528905f95b94e62e4831cf42035e768933 # v0.2.3
       with:
         identity: ${{ inputs.chainguardIdentity }}
 

.github/bundles/aks/uds-bundle.yaml

@@ -0,0 +1,139 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+kind: UDSBundle
+metadata:
+  name: uds-core-aks-nightly
+  description: A UDS bundle for deploying UDS Core on AKS
+  # x-release-please-start-version
+  version: "0.30.0"
+  # x-release-please-end
+
+packages:
+  - name: init
+    repository: ghcr.io/zarf-dev/packages/init
+    ref: v0.42.1
+
+  - name: core
+    path: ../../../build
+    # x-release-please-start-version
+    ref: 0.30.0
+    # x-release-please-end
+    overrides:
+      istio-admin-gateway:
+        gateway:
+          values:
+            - path: service.annotations
+              value:
+                service.beta.kubernetes.io/azure-load-balancer-internal: "false"
+                service.beta.kubernetes.io/azure-load-balancer-sku: "Standard"
+                service.beta.kubernetes.io/azure-load-balancer-resource-group: "${NODE_RESOURCE_GROUP_NAME}"
+
+      istio-tenant-gateway:
+        gateway:
+          values:
+            - path: service.annotations
+              value:
+                service.beta.kubernetes.io/azure-load-balancer-internal: "false"
+                service.beta.kubernetes.io/azure-load-balancer-sku: "Standard"
+                service.beta.kubernetes.io/azure-load-balancer-resource-group: "${NODE_RESOURCE_GROUP_NAME}"
+      loki:
+        loki:
+          variables:
+            - name: AZURE_LOKI_STORAGE_ACCOUNT
+              description: "Name of the Storage Account to use for storing logs"
+              path: "loki.storage_config.azure.account_name"
+            - name: AZURE_LOKI_STORAGE_ACCOUNT_ACCESS_KEY
+              description: "Primary access Key for the Storage Account"
+              path: "loki.storage_config.azure.account_key"
+            - name: AZURE_LOKI_STORAGE_ACCOUNT_CONTAINER
+              description: "The destination container in the Storage Account where logs will be saved"
+              path: "loki.storage_config.azure.container_name"
+          values:
+            - path: loki.storage.type
+              value: "azure"
+
+      kube-prometheus-stack:
+        kube-prometheus-stack:
+          values:
+            - path: kube-state-metrics
+              value:
+                resources:
+                  limits:
+                    memory: 512Mi
+      grafana:
+        grafana:
+          variables:
+            - name: GRAFANA_HA
+              description: Enable HA Grafana
+              path: autoscaling.enabled
+        uds-grafana-config:
+          variables:
+            - name: GRAFANA_PG_HOST
+              description: Grafana postgresql host
+              path: postgresql.host
+            - name: GRAFANA_PG_PORT
+              description: Grafana postgresql port
+              path: postgresql.port
+            - name: GRAFANA_PG_DATABASE
+              description: Grafana postgresql database
+              path: postgresql.database
+            - name: GRAFANA_PG_PASSWORD
+              description: Grafana postgresql password
+              path: postgresql.password
+            - name: GRAFANA_PG_USER
+              description: Grafana postgresql username
+              path: postgresql.user
+
+      neuvector:
+        core:
+          values:
+            - path: runtimePath
+              value: /run/containerd/containerd.sock
+            - path: enforcer.tolerations
+              value:
+                - effect: NoSchedule
+                  key: node-role.kubernetes.io/master
+                - effect: NoSchedule
+                  key: node-role.kubernetes.io/control-plane
+                - effect: NoSchedule
+                  key: dedicated
+                  operator: Exists
+      velero:
+        velero:
+          variables:
+            - name: AZURE_VELERO_STORAGE_ACCOUNT
+              description: "Name of the Storage Account to use for storing backups"
+              path: "configuration.backupStorageLocation[0].config.storageAccount"
+            - name: AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY
+              description: "Primary access Key for the Storage Account"
+              path: "configuration.backupStorageLocation[0].config.storageAccountKeyEnvVar"
+            - name: AZURE_VELERO_STORAGE_ACCOUNT_CONTAINER
+              description: "The destination container in the Storage Account where backups will be saved"
+              path: "configuration.backupStorageLocation[0].bucket"
+            - name: AZURE_RESOURCE_GROUP
+              description: "The name of the resource group that the Storage Account is in"
+              path: "configuration.backupStorageLocation[0].config.resourceGroup"
+            - name: AZURE_SUBSCRIPTION_ID
+              description: "The resource ID of the Azure Subscription that is being used"
+              path: "configuration.backupStorageLocation[0].config.subscriptionId"
+            - name: VELERO_CLIENT_SECRET_ENV_VAR
+              description: "Name of the env variable that velero will use to read Azure config"
+              path: "configuration.backupStorageLocation[0].config.storageAccountKeyEnvVar"
+              default: "AZURE_STORAGE_ACCOUNT_ACCESS_KEY"
+            - name: VELERO_BACKUP_STORAGE_CONFIG_NAME
+              description: "Name of the Backup Storage Location"
+              path: "configuration.backupStorageLocation[0].name"
+              default: "default"
+            - name: VELERO_STORAGE_PROVIDER
+              description: "Type of storage provider that will be used"
+              path: "configuration.backupStorageLocation[0].provider"
+              default: "azure"
+          values:
+            - path: credentials
+              value:
+                useSecret: true
+                secretContents:
+                  cloud: |
+                    AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY}
+                    AZURE_CLOUD_NAME=AzurePublicCloud

.github/bundles/aks/uds-config.yaml

@@ -0,0 +1,14 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+# Overwritten in ci by uds-config.tf in test-infra/azure/aks
+variables:
+  core:
+    azure_loki_storage_account: ${ZARF_VAR_AZURE_LOKI_STORAGE_ACCOUNT}
+    azure_loki_storage_account_access_key: ${ZARF_VAR_AZURE_LOKI_STORAGE_ACCOUNT_ACCESS_KEY}
+    azure_loki_storage_account_container: ${ZARF_VAR_AZURE_LOKI_STORAGE_ACCOUNT_CONTAINER}
+    azure_velero_storage_account: ${ZARF_VAR_AZURE_VELERO_STORAGE_ACCOUNT}
+    azure_velero_storage_account_acces_key: ${ZARF_VAR_AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY}
+    azure_velero_storage_account_container: ${ZARF_VAR_AZURE_VELERO_STORAGE_ACCOUNT_CONTAINER}
+    azure_subscription_id: ${ZARF_VAR_AZURE_SUBSCRIPTION_ID}
+    azure_resource_group: ${ZARF_VAR_AZURE_RESOURCE_GROUP}