diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml new file mode 100644 index 000000000..47aa37f24 --- /dev/null +++ b/.github/actions/setup/action.yaml @@ -0,0 +1,30 @@ +# action.yml +name: "Setup Environment" +description: "Setup dependencies for the testing UDS capabilities" + +runs: + using: "composite" + steps: + - name: Install Zarf + uses: defenseunicorns/setup-zarf@main + with: + # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver + version: v0.31.0 + download-init-package: true + + - name: Use Node.js latest + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version: 20 + + - name: Install k3d + shell: bash + run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash + + - name: Set up Homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Install UDS CLI + shell: bash + # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver + run: brew install defenseunicorns/tap/uds@0.0.10-alpha diff --git a/.github/bundle-filters.yaml b/.github/bundle-filters.yaml deleted file mode 100644 index 2336823d1..000000000 --- a/.github/bundle-filters.yaml +++ /dev/null @@ -1,3 +0,0 @@ -uds-core: - # - 'capabilities/**/*' - - 'uds-*.y*ml' \ No newline at end of file diff --git a/.github/filters.yaml b/.github/filters.yaml index 4bb4c9ac7..386f28855 100644 --- a/.github/filters.yaml +++ b/.github/filters.yaml @@ -1,5 +1,40 @@ +all: + - ".github/**" + - "capabilities/**" + - "examples/**" + - "packages/**" + - "tasks/**" + - "pepr.ts" + - "package-lock.json" + - "zarf-config.yaml" +authservice: + - "capabilities/authservice/**" +grafana: + - "capabilities/grafana/**" istio: - - 'capabilities/istio/**/*' -# neuvector: -# - 'capabilities/neuvector/**/*' + - "capabilities/istio/**" +keycloak: + - "capabilities/keycloak/**" +kiali: + - "capabilities/kiali/**" +kyverno: + - "capabilities/kyverno/**" +kyverno-policies: + - "capabilities/kyverno-policies/**" +kyverno-reporter: + - "capabilities/kyverno-reporter/**" +loki: + - "capabilities/loki/**" +metrics-server: + - "capabilities/metrics-server/**" +neuvector: + - "capabilities/neuvector/**" +prometheus-stack: + - "capabilities/prometheus-stack/**" +promtail: + - "capabilities/promtail/**" +tempo: + - "capabilities/tempo/**" +velero: + - "capabilities/velero/**" diff --git a/.github/workflows/build-and-test-bundle.yaml b/.github/workflows/build-and-test-bundle.yaml deleted file mode 100644 index 571eff740..000000000 --- a/.github/workflows/build-and-test-bundle.yaml +++ /dev/null @@ -1,116 +0,0 @@ -name: Build and Test uds core bundles on k3d - - -on: - workflow_dispatch: - inputs: - capability: - type: string - default: "" - bundle: - type: string - default: "" - platform: - type: string - default: 'ubuntu-latest' - workflow_call: - inputs: - capability: - type: string - default: "" - bundle: - type: string - default: "" - platform: - type: string - default: 'ubuntu-latest' - -permissions: - id-token: write - contents: read - -jobs: - setup: - outputs: - bundle-path: ${{ steps.bundle-default.outputs.path }} - capability-path: ${{ steps.capability-default.outputs.path }} - runs-on: ubuntu-latest - steps: - - name: Set Bundle Path - id: bundle-default - run: | - PATH="." - [ ${{ inputs.bundle }} != 'uds-core' ] && PATH="${{ inputs.bundle }}" - echo "path=$PATH" >> $GITHUB_OUTPUT - if: ${{ inputs.bundle }} != '' - - name: Set Capability Path - id: capability-default - run: | - echo "path=capabilities/${{ inputs.capability }}" >> $GITHUB_OUTPUT - if: ${{ inputs.capability }} != '' - - build-and-test: - needs: setup - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - # - name: Login to Registry1 - # uses: docker/login-action@v3 - # with: - # registry: registry1.dso.mil - # username: ${{ secrets.REGISTRY1_USERNAME }} - # password: ${{ secrets.REGISTRY1_PASSWORD }} - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: dummy - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Install Zarf - uses: defenseunicorns/setup-zarf@main - with: - # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - version: v0.31.0 - download-init-package: true - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: dummy - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Use Node.js latest - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 - with: - node-version: latest - - - name: Install k3d - run: | - curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash - - - name: Build Bundle - shell: bash - run: zarf package create --confirm - working-directory: "${{ needs.setup.outputs.bundle-path }}/.github/zarf-runner/bob-the-builder" - if: ${{ inputs.bundle }} != '' - - - name: Deploy Bundle - shell: bash - run: zarf package create --confirm - working-directory: "${{ needs.setup.outputs.bundle-path }}/.github/zarf-runner/deploy" - if: ${{ inputs.bundle }} != '' - env: - TENANT_GATEWAY_TLS_CERT: ${{ secrets.TENANT_GATEWAY_TLS_CERT }} - TENANT_GATEWAY_TLS_KEY: ${{ secrets.TENANT_GATEWAY_TLS_KEY}} - ADMIN_GATEWAY_TLS_CERT: ${{ secrets.ADMIN_GATEWAY_TLS_CERT }} - ADMIN_GATEWAY_TLS_KEY: ${{ secrets.ADMIN_GATEWAY_TLS_KEY}} - - - name: Test Bundle - shell: bash - run: zarf package create --confirm - working-directory: "${{ needs.setup.outputs.bundle-path }}/.github/zarf-runner/test" - if: ${{ inputs.bundle }} != '' diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml deleted file mode 100644 index e11c2fe50..000000000 --- a/.github/workflows/build-and-test.yaml +++ /dev/null @@ -1,112 +0,0 @@ -name: Build and Test uds core Capabilities on k3d - - -on: - workflow_dispatch: - inputs: - capability: - type: string - default: "" - bundle: - type: string - default: "" - platform: - type: string - default: 'ubuntu-latest' - workflow_call: - inputs: - capability: - type: string - default: "" - bundle: - type: string - default: "" - platform: - type: string - default: 'ubuntu-latest' - -permissions: - id-token: write - contents: read - -jobs: - setup: - outputs: - bundle-path: ${{ steps.bundle-default.outputs.path }} - capability-path: ${{ steps.capability-default.outputs.path }} - runs-on: ubuntu-latest - steps: - - name: Set Bundle Path - id: bundle-default - run: | - PATH="." - [ ${{ inputs.bundle }} != 'uds-core' ] && PATH="${{ inputs.bundle }}" - echo "path=$PATH" >> $GITHUB_OUTPUT - if: ${{ inputs.bundle }} != '' - - name: Set Capability Path - id: capability-default - run: | - echo "path=capabilities/${{ inputs.capability }}" >> $GITHUB_OUTPUT - if: ${{ inputs.capability }} != '' - - build-and-test: - needs: setup - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - # - name: Login to Registry1 - # uses: docker/login-action@v3 - # with: - # registry: registry1.dso.mil - # username: ${{ secrets.REGISTRY1_USERNAME }} - # password: ${{ secrets.REGISTRY1_PASSWORD }} - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: dummy - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Install Zarf - uses: defenseunicorns/setup-zarf@main - with: - # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - version: v0.31.0 - download-init-package: true - - - name: Use Node.js latest - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 - with: - node-version: latest - - - name: Install k3d - run: | - curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash - - - name: Build Capability - shell: bash - run: zarf package create --confirm - working-directory: "${{ needs.setup.outputs.capability-path }}/.github/zarf-runner/bob-the-builder" - if: ${{ inputs.capability }} != '' - - - name: Deploy Capability - shell: bash - run: zarf package create --confirm - working-directory: "${{ needs.setup.outputs.capability-path }}/.github/zarf-runner/deploy" - if: ${{ inputs.capability }} != '' - env: - TENANT_GATEWAY_TLS_CERT: ${{ secrets.TENANT_GATEWAY_TLS_CERT }} - TENANT_GATEWAY_TLS_KEY: ${{ secrets.TENANT_GATEWAY_TLS_KEY}} - ADMIN_GATEWAY_TLS_CERT: ${{ secrets.ADMIN_GATEWAY_TLS_CERT }} - ADMIN_GATEWAY_TLS_KEY: ${{ secrets.ADMIN_GATEWAY_TLS_KEY}} - - - - name: Test Capability - shell: bash - run: zarf package create --confirm - working-directory: "${{ needs.setup.outputs.capability-path }}/.github/zarf-runner/test" - if: ${{ inputs.capability }} != '' - diff --git a/.github/workflows/ci-on-pull-request-k3d.yaml b/.github/workflows/ci-on-pull-request-k3d.yaml deleted file mode 100644 index 8ae290c0d..000000000 --- a/.github/workflows/ci-on-pull-request-k3d.yaml +++ /dev/null @@ -1,59 +0,0 @@ -on: - pull_request: - branches: - - main - paths-ignore: - - ".gitignore" - - "LICENSE" - - "**/*.md" - - "**/*.json" - - "**/*.png" - - "**/*.svg" - -permissions: - id-token: write - contents: read - pull-requests: read - -defaults: - run: - # We need -e -o pipefail for consistency with GitHub Actions' default behavior - shell: bash -e -o pipefail {0} - - -jobs: - check-paths: - runs-on: ubuntu-latest - outputs: - capabilities: ${{ steps.path-filter.outputs.changes }} - bundles: ${{ steps.bundle-path-filter.outputs.changes }} - steps: - - name: Checkout the code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Check capability paths - id: path-filter - uses: dorny/paths-filter@v2 - with: - filters: .github/filters.yaml - - name: Debug output - run: echo "${{ steps.path-filter.outputs.changes }}" - - - name: Check bundle paths - id: bundle-path-filter - uses: dorny/paths-filter@v2 - with: - filters: .github/bundle-filters.yaml - - name: Debug output - run: echo "${{ steps.bundle-path-filter.outputs.changes }}" - - build-and-test-capabilities: - needs: check-paths - strategy: - matrix: - capability: ${{ fromJSON(needs.check-paths.outputs.capabilities) }} - uses: ./.github/workflows/build-and-test.yaml - with: - capability: ${{ matrix.capability }} - secrets: inherit - if: ${{ needs.check-paths.outputs.capabilities != '[]' }} diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index a2f99ad04..244950344 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -1,4 +1,4 @@ -name: PR Title Check +name: Metadata on: pull_request: @@ -8,6 +8,7 @@ on: jobs: title_check: runs-on: ubuntu-latest + name: Validate PR Title permissions: pull-requests: read @@ -24,4 +25,4 @@ jobs: run: npm install --save-dev @commitlint/{config-conventional,cli} - name: Lint PR title - run: echo "${{ github.event.pull_request.title }}" | npx commitlint \ No newline at end of file + run: echo "${{ github.event.pull_request.title }}" | npx commitlint diff --git a/.github/workflows/publish-capability.yaml b/.github/workflows/publish-capability.yaml deleted file mode 100644 index 56c89ca15..000000000 --- a/.github/workflows/publish-capability.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Publish Capability Package - -# This is a placeholder for now -on: - workflow_call: - inputs: - platform: - type: string - default: 'ubuntu-latest' - -permissions: - contents: read - packages: write - -jobs: - publish-package: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: dummy - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Publish Zarf Package - run: zarf package create . --confirm - working-directory: ".github/zarf-runner/release" - timeout-minutes: 60 - - diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml deleted file mode 100644 index ac7c8e881..000000000 --- a/.github/workflows/publish.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: build-and-publish - -on: - push: - tags: [ "*" ] - workflow_dispatch: - -permissions: - id-token: write - contents: read - packages: write - -defaults: - run: - # We need -e -o pipefail for consistency with GitHub Actions' default behavior - shell: bash -e -o pipefail {0} - - -jobs: - publish-package: - strategy: - matrix: - os: [ubuntu-latest] #windows-latest macos-latest - uses: ./.github/workflows/publish-capability.yaml - with: - platform: ${{ matrix.os }} - secrets: inherit - diff --git a/.github/workflows/pull-request-conditionals.yaml b/.github/workflows/pull-request-conditionals.yaml new file mode 100644 index 000000000..ddd3733d9 --- /dev/null +++ b/.github/workflows/pull-request-conditionals.yaml @@ -0,0 +1,51 @@ +name: Filter + +# This workflow is triggered on pull requests to the main branch. +on: + pull_request: + paths: + - ".github/**" + - "capabilities/**" + - "tasks/**" + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + id-token: write # Needed for OIDC-related operations. + contents: read # Allows reading the content of the repository. + pull-requests: read # Allows reading pull request metadata. + +# Default settings for all run commands in the workflow jobs. +defaults: + run: + shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set. + +jobs: + # This job checks if there are changes in specific paths related to capabilities. + check-paths: + runs-on: ubuntu-latest + name: Select Jobs + outputs: + capabilities: ${{ steps.path-filter.outputs.changes }} + + steps: + - name: Checkout the code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # Uses a custom action to filter paths for capabilities. + - name: Check capability paths + id: path-filter + uses: dorny/paths-filter@v2 + with: + filters: .github/filters.yaml + + # This job triggers a separate workflow for each changed capability, if any. + run-capability-test: + needs: check-paths + name: Schedule + strategy: + matrix: + capability: ${{ fromJSON(needs.check-paths.outputs.capabilities) }} + uses: ./.github/workflows/test.yaml + with: + capability: ${{ matrix.capability }} + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 000000000..d9a6a3223 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,47 @@ +name: Test individual capabilities + +on: + # Manual trigger + workflow_dispatch: + inputs: + capability: + type: string + description: "The name of the capability to test" + required: true + # Triggered by pull-request-conditionals.yaml + workflow_call: + inputs: + capability: + type: string + description: "The name of the capability to test" + required: true + +# Abort prior jobs in the same workflow / PR +concurrency: + group: test-${{ github.ref }}-${{ inputs.capability }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + test: + runs-on: "${{ inputs.capability == 'all' && 'uds-ubuntu-big-boy-4-core' || 'ubuntu-latest'}}" + name: Test + env: + CAPABILITY: ${{ inputs.capability }} + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Environment setup + uses: ./.github/actions/setup + + - name: Test a single capability + if: ${{ inputs.capability != 'all' }} + run: uds run -f tasks/test.yaml single-capability + + - name: Test UDS Core + if: ${{ inputs.capability == 'all' }} + run: uds run -f tasks/test.yaml uds-core diff --git a/.github/zarf-runner/bob-the-builder/zarf-config.yaml b/.github/zarf-runner/bob-the-builder/zarf-config.yaml deleted file mode 100644 index 803aa1e97..000000000 --- a/.github/zarf-runner/bob-the-builder/zarf-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -package: - create: - set: - uds_cli_version: "v0.0.6-alpha" diff --git a/.github/zarf-runner/bob-the-builder/zarf.yaml b/.github/zarf-runner/bob-the-builder/zarf.yaml deleted file mode 100644 index a25205a80..000000000 --- a/.github/zarf-runner/bob-the-builder/zarf.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: bob-the-builder - url: https://welovebob.com/characters/bob.htm - image: https://welovebob.com/Images/characters/bob.jpg - description: "A zarf package to build/pull things" - -components: - - name: build - required: true - actions: - onCreate: - before: - - description: Placeholder - cmd: echo "bundle build placeholder step" - diff --git a/.github/zarf-runner/deploy/zarf.yaml b/.github/zarf-runner/deploy/zarf.yaml deleted file mode 100644 index a683b761f..000000000 --- a/.github/zarf-runner/deploy/zarf.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: farmer-pickles - url: https://welovebob.com/characters/farmer_pickles.htm - image: https://welovebob.com/Images/characters/farmer_pickles.jpg - description: "A zarf package to deploy things" - -components: - - name: deploy - required: true - actions: - onCreate: - before: - - description: Placeholder - cmd: echo "bundle deploy placeholder step" - - - diff --git a/.github/zarf-runner/release/zarf-config.yaml b/.github/zarf-runner/release/zarf-config.yaml deleted file mode 100644 index 803aa1e97..000000000 --- a/.github/zarf-runner/release/zarf-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -package: - create: - set: - uds_cli_version: "v0.0.6-alpha" diff --git a/.github/zarf-runner/release/zarf.yaml b/.github/zarf-runner/release/zarf.yaml deleted file mode 100644 index a5e782a58..000000000 --- a/.github/zarf-runner/release/zarf.yaml +++ /dev/null @@ -1,30 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: rusty-rogers - url: https://btb.fandom.com/wiki/Rusty_Rogers - image: https://static.wikia.nocookie.net/btb/images/4/4a/RustyRogers.png - description: "A zarf package to publish things" - -components: - - name: build - required: true - import: - path: ../bob-the-builder - - - name: deploy - required: true - import: - path: ../farmer-pickles - - - name: test - required: true - import: - path: ../bernard-bentley - - - name: release - required: true - actions: - onCreate: - before: - - description: Placeholder - cmd: echo "bundle release placeholder step" diff --git a/.github/zarf-runner/test/app/app.yaml b/.github/zarf-runner/test/app/app.yaml deleted file mode 100644 index 8d052573f..000000000 --- a/.github/zarf-runner/test/app/app.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-app - labels: - zarf.dev/agent: ignore ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: httpbin - namespace: test-app ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - namespace: test-app - labels: - app: httpbin - service: httpbin - uds/istio-gateway: tenant - uds/istio-host: demo -spec: - ports: - - name: http - port: 8000 - targetPort: 80 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin - namespace: test-app -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - serviceAccountName: httpbin - containers: - - image: docker.io/kong/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - containerPort: 80 diff --git a/.github/zarf-runner/test/zarf.yaml b/.github/zarf-runner/test/zarf.yaml deleted file mode 100644 index e9c03407e..000000000 --- a/.github/zarf-runner/test/zarf.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: test - url: https://welovebob.com/characters/mr_bentley.htm - image: https://welovebob.com/Images/characters/mr_bentley.jpg - description: "A zarf package to test things" - -components: - - name: test - required: true - actions: - onCreate: - before: - - description: Placeholder - cmd: echo "bundle test placeholder step" - diff --git a/.github/zarf-runner/zarf-config.toml b/.github/zarf-runner/zarf-config.toml deleted file mode 100644 index b52c50c8d..000000000 --- a/.github/zarf-runner/zarf-config.toml +++ /dev/null @@ -1,5 +0,0 @@ -[package.create] -max_package_size = 99999999999 - -[package.create.set] -uds_cli_version = 'v0.0.6-alpha' diff --git a/.github/zarf-runner/zarf.yaml b/.github/zarf-runner/zarf.yaml deleted file mode 100644 index 55db38848..000000000 --- a/.github/zarf-runner/zarf.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: bob-the-builder - -components: - - name: build - required: true - import: - path: bob-the-builder - - - name: deploy - required: true - import: - path: deploy - - - name: test - required: true - import: - path: test diff --git a/.vscode/pepr.code-snippets b/.vscode/pepr.code-snippets deleted file mode 100644 index d4129123d..000000000 --- a/.vscode/pepr.code-snippets +++ /dev/null @@ -1,21 +0,0 @@ -{ - "Create a new Pepr capability": { - "prefix": "create pepr capability", - "body": [ - "import { Capability, a } from 'pepr';", - "", - "export const ${TM_FILENAME_BASE/(.*)/${1:/pascalcase}/} = new Capability({", - "\tname: '${TM_FILENAME_BASE}',", - "\tdescription: '${1:A brief description of this capability.}',", - "\tnamespaces: [${2:}],", - "});", - "", - "// Use the 'When' function to create a new action", - "const { When } = ${TM_FILENAME_BASE/(.*)/${1:/pascalcase}/};", - "", - "// When(a.).Is().Then(change => change.", - "When(${3:})" - ], - "description": "Creates a new Pepr capability with a specified description, optional namespaces, and adds a When statement for the specified value." - } -} \ No newline at end of file diff --git a/README.md b/README.md index e31e41a99..2b9a37d79 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ The core applications are: - [ ] Authservice - [ ] Grafana -- [ ] Istio +- [x] Istio - [ ] KeyCloak - [ ] Kiali - [ ] Kyverno -- [ ] Loki +- [x] Loki - [ ] Metrics Server -- [ ] Neuvector +- [x] Neuvector - [ ] Prometheus - [ ] Promtail - [ ] Tempo @@ -28,46 +28,41 @@ The core applications are: | Dependency | Minimum Version | | -------------------------------------------------------------- | --------------- | | [Zarf](https://github.com/defenseunicorns/zarf/releases) | 0.31.x | -| [UDS CLI](https://github.com/defenseunicorns/uds-cli/releases) | 0.7.x | +| [UDS CLI](https://github.com/defenseunicorns/uds-cli/releases) | 0.10.x | | [NodeJS](https://nodejs.org/en/download/) | LTS or Current | -## Create, Build, Test uds-core Package +## Create, build, and test UDS Core Package -1. Make sure you have uds-cli version v0.0.8-alpha or later and nodejs -2. run ```uds run uds-core``` from the repo's root +For complete testing, we test against a UDS Bundle that uses a locally-built Zarf package. Manually testing against the packages found under `/packages` is also possible using the `zarf` command. -## Working with an individual Capability +```bash +uds run -f tasks/test.yaml uds-core +``` -### To run full build, deploy, test of a Capability +## Working with an individual capability -1. cd into the zarf-runner directory of the capability you would like to test (e.g. ```capabilities/istio/.github/zarf-runner```) -2. run ```zarf p c --confirm``` +### Create, build, and test a single Capability (e.g. Neuvector) -### To Build a Capability +```bash +CAPABILITY=neuvector uds run -f tasks/test.yaml single-capability +``` -1. cd into the zarf-runner/bob-the-builder directory of the capability you would like to test (e.g. ```capabilities/istio/.github/zarf-runner/bob-the-builder```) -2. run ```zarf p c --confirm``` +### To build a single capability (e.g. Neuvector) -### To Deploy a Capability +```bash +CAPABILITY=neuvector uds run -f tasks/create.yaml single-capability +``` -1. cd into the zarf-runner/deploy directory of the capability you would like to test (e.g. ```capabilities/istio/.github/zarf-runner/deploy```) -2. run ```zarf p c --confirm``` +### To deploy a single built capability (e.g. Neuvector) -### To Test a Capability +```bash +CAPABILITY=neuvector uds run -f tasks/deploy.yaml single-capability +``` -1. cd into the zarf-runner/test directory of the capability you would like to test (e.g. ```capabilities/istio/.github/zarf-runner/test```) -2. run ```zarf p c --confirm``` +### To test a single capability (e.g. Neuvector) -## Create - -[Steps used to build the UDS Bundle] - -## Deploy - -[Steps used to deploy the UDS Bundle] - -## Remove - -[Steps used to remove the UDS Bundle] +```bash +uds run -f capabilities/neuvector/tasks/validate.yaml run +``` diff --git a/capabilities/authservice/validate.yaml b/capabilities/authservice/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/authservice/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/grafana/validate.yaml b/capabilities/grafana/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/grafana/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/istio/.github/zarf-runner/bob-the-builder/zarf-config.yaml b/capabilities/istio/.github/zarf-runner/bob-the-builder/zarf-config.yaml deleted file mode 100644 index 3f6ae4900..000000000 --- a/capabilities/istio/.github/zarf-runner/bob-the-builder/zarf-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -package: - create: - set: - uds_cli_version: "v0.0.7-alpha" diff --git a/capabilities/istio/.github/zarf-runner/bob-the-builder/zarf.yaml b/capabilities/istio/.github/zarf-runner/bob-the-builder/zarf.yaml deleted file mode 100644 index 36264216a..000000000 --- a/capabilities/istio/.github/zarf-runner/bob-the-builder/zarf.yaml +++ /dev/null @@ -1,33 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: bob-the-builder - url: https://welovebob.com/characters/bob.htm - image: https://welovebob.com/Images/characters/bob.jpg - description: "A zarf package to build/pull things" - -components: - - name: build - required: true - actions: - onCreate: - before: - - description: Load UDS CLI - cmd: | - [ -f ../build/uds ] && [ "$(../build/uds version)" == "###ZARF_PKG_TMPL_UDS_CLI_VERSION###" ] && exit 0 - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - # Download the uds-cli binary - mkdir -p ../build - curl -fL https://github.com/defenseunicorns/uds-cli/releases/download/###ZARF_PKG_TMPL_UDS_CLI_VERSION###/uds-cli_###ZARF_PKG_TMPL_UDS_CLI_VERSION###_$(uname -s)_${ARCH} -o ../build/uds - chmod +x ../build/uds - # or brew tap defenseunicorns/tap && brew update && brew install uds after insatlling brew - - description: Build the pepr module - cmd: | - npm ci - npx pepr build - dir: ../../../../../ - env: - - "CAPABILITY=istio" - - description: Build the zarf packages - cmd: | - ./zarf p c ../../../ --confirm -o ../build diff --git a/capabilities/istio/.github/zarf-runner/deploy/zarf.yaml b/capabilities/istio/.github/zarf-runner/deploy/zarf.yaml deleted file mode 100644 index 27c9251e5..000000000 --- a/capabilities/istio/.github/zarf-runner/deploy/zarf.yaml +++ /dev/null @@ -1,39 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: farmer-pickles - url: https://welovebob.com/characters/farmer_pickles.htm - image: https://welovebob.com/Images/characters/farmer_pickles.jpg - description: "A zarf package to deploy things" - -components: - - name: deploy - required: true - actions: - onCreate: - before: - - description: Deploy the test cluster package - cmd: ./zarf p d oci://defenseunicorns/uds-k3d:0.1.10-multi --confirm - dir: ../build - - description: deploy the init package to the cluster - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p d oci://ghcr.io/defenseunicorns/packages/init:v0.31.0-$ARCH --confirm - - description: Deploy the istio - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p d ../build/zarf-package-uds-capability-istio-$ARCH.tar.zst --confirm --components "istio-controlplane,istio-admin-gateway,istio-tenant-gateway,istio-passthrough-gateway,module" - - - description: Inject tls certificate - cmd: | - npm ci - npx --yes ts-node examples/tls-certs.ts - dir: ../../../../../ - after: - - description: Wait for the istio gateway to have the label required for vs generation. - wait: - cluster: - kind: Gateway - name: uds/istio-domain=uds.dev - namespace: istio-tenant-gateway diff --git a/capabilities/istio/.github/zarf-runner/release/zarf-config.yaml b/capabilities/istio/.github/zarf-runner/release/zarf-config.yaml deleted file mode 100644 index 3f6ae4900..000000000 --- a/capabilities/istio/.github/zarf-runner/release/zarf-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -package: - create: - set: - uds_cli_version: "v0.0.7-alpha" diff --git a/capabilities/istio/.github/zarf-runner/release/zarf.yaml b/capabilities/istio/.github/zarf-runner/release/zarf.yaml deleted file mode 100644 index 35e6d3030..000000000 --- a/capabilities/istio/.github/zarf-runner/release/zarf.yaml +++ /dev/null @@ -1,40 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: rusty-rogers - url: https://btb.fandom.com/wiki/Rusty_Rogers - image: https://static.wikia.nocookie.net/btb/images/4/4a/RustyRogers.png - description: "A zarf package to publish things" - -components: - - name: build - required: true - import: - path: ../build - - - name: deploy - required: true - import: - path: ../deploy - - - name: test - required: true - import: - path: ../test - - - name: release - required: true - actions: - onCreate: - before: - - description: Release the artifact - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p publish zarf-package-uds-capability-istio-$ARCH-0.1.0.tar.zst oci://ghcr.io/defenseunicorns/packages - dir: ../build - - description: Release the skeleton artifact - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p publish . oci://ghcr.io/defenseunicorns/packages - dir: ../../../ \ No newline at end of file diff --git a/capabilities/istio/.github/zarf-runner/test/app/admin-app.yaml b/capabilities/istio/.github/zarf-runner/test/app/admin-app.yaml deleted file mode 100644 index e499a73a9..000000000 --- a/capabilities/istio/.github/zarf-runner/test/app/admin-app.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-admin-app - labels: - zarf.dev/agent: ignore ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: httpbin - namespace: test-admin-app ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - namespace: test-admin-app - labels: - app: httpbin - service: httpbin - uds/istio-gateway: admin - uds/istio-host: demo -spec: - ports: - - name: http - port: 8000 - targetPort: 80 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin - namespace: test-admin-app -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - serviceAccountName: httpbin - containers: - - image: docker.io/kong/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - containerPort: 80 diff --git a/capabilities/istio/.github/zarf-runner/zarf-config.toml b/capabilities/istio/.github/zarf-runner/zarf-config.toml deleted file mode 100644 index b52c50c8d..000000000 --- a/capabilities/istio/.github/zarf-runner/zarf-config.toml +++ /dev/null @@ -1,5 +0,0 @@ -[package.create] -max_package_size = 99999999999 - -[package.create.set] -uds_cli_version = 'v0.0.6-alpha' diff --git a/capabilities/istio/.github/zarf-runner/zarf.yaml b/capabilities/istio/.github/zarf-runner/zarf.yaml deleted file mode 100644 index 800c02218..000000000 --- a/capabilities/istio/.github/zarf-runner/zarf.yaml +++ /dev/null @@ -1,25 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: bob-the-builder - -components: - - name: build - required: true - import: - path: bob-the-builder - - - name: deploy - required: true - import: - path: deploy - - - name: test - required: true - import: - path: test - - - # - name: test-admin - # required: true - # import: - # path: bernard-bentley \ No newline at end of file diff --git a/capabilities/istio/chart/values.yaml b/capabilities/istio/chart/values.yaml index ab7400891..8e40b106a 100644 --- a/capabilities/istio/chart/values.yaml +++ b/capabilities/istio/chart/values.yaml @@ -1,8 +1,8 @@ # The gateway name prefix name: change-me -# Hosts to add to this gateway -domain: "uds.dev" +# Domain name for the gateway +domain: "###ZARF_VAR_DOMAIN###" # Hosts to add to this gateway hosts: diff --git a/capabilities/istio/pepr/index.ts b/capabilities/istio/pepr/index.ts new file mode 100644 index 000000000..9633bb68c --- /dev/null +++ b/capabilities/istio/pepr/index.ts @@ -0,0 +1,4 @@ +import { IstioInjection } from "./istio-injection"; +import { IstioVirtualService } from "./istio-virtual-service"; + +export const istio = [IstioInjection, IstioVirtualService]; diff --git a/capabilities/istio/validate.yaml b/capabilities/istio/validate.yaml new file mode 100644 index 000000000..c4b0323e3 --- /dev/null +++ b/capabilities/istio/validate.yaml @@ -0,0 +1,26 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate the Istio Admin Gateway + wait: + cluster: + kind: Gateway + name: admin-gateway + namespace: istio-admin-gateway + + - description: Validate the Istio Passthrough Gateway + wait: + cluster: + kind: Gateway + name: passthrough-gateway + namespace: istio-passthrough-gateway + + - description: Validate the Istio Tenant Gateway + wait: + cluster: + kind: Gateway + name: tenant-gateway + namespace: istio-tenant-gateway diff --git a/capabilities/istio/values/config-admin.yaml b/capabilities/istio/values/config-admin.yaml index 98315e68a..3a9b8c75b 100644 --- a/capabilities/istio/values/config-admin.yaml +++ b/capabilities/istio/values/config-admin.yaml @@ -1,3 +1,3 @@ name: admin -domain: "admin.uds.dev" +domain: "admin.###ZARF_VAR_DOMAIN###" diff --git a/capabilities/istio/values/config-passthrough.yaml b/capabilities/istio/values/config-passthrough.yaml index d3e536f96..30f3f878d 100644 --- a/capabilities/istio/values/config-passthrough.yaml +++ b/capabilities/istio/values/config-passthrough.yaml @@ -1,7 +1,7 @@ name: passthrough hosts: - - "keycloak.uds.dev" + - "keycloak" tls: enablePassthrough: true diff --git a/capabilities/istio/values/config-tenant.yaml b/capabilities/istio/values/config-tenant.yaml index c8bde4aa7..896d53acd 100644 --- a/capabilities/istio/values/config-tenant.yaml +++ b/capabilities/istio/values/config-tenant.yaml @@ -1,3 +1 @@ name: tenant - -domain: "uds.dev" diff --git a/capabilities/istio/zarf.yaml b/capabilities/istio/zarf.yaml index 15994fc7f..83b8e63b2 100644 --- a/capabilities/istio/zarf.yaml +++ b/capabilities/istio/zarf.yaml @@ -6,9 +6,15 @@ metadata: description: "UDS Istio Capability" url: https://istio.io/latest/ +variables: + - name: DOMAIN + description: "Cluster domain" + default: "uds.dev" + components: - name: istio-controlplane description: "Install the Istio control plane based on https://istio.io/latest/docs/setup/install/helm/" + required: true charts: - name: base namespace: istio-system @@ -32,6 +38,7 @@ components: - name: istio-admin-gateway description: "Deploy an admin gateway" + required: true charts: - name: gateway releaseName: admin-ingressgateway @@ -47,6 +54,7 @@ components: - name: istio-tenant-gateway description: "Deploy a tenant gateway" + required: true charts: - name: gateway releaseName: tenant-ingressgateway @@ -62,6 +70,7 @@ components: - name: istio-passthrough-gateway description: "Deploy a TLS passthrough gateway" + required: true charts: - name: gateway releaseName: passthrough-ingressgateway @@ -74,8 +83,3 @@ components: namespace: istio-passthrough-gateway valuesFiles: - "values/config-passthrough.yaml" - - - name: module - description: "Deploy the uds-istio pepr module" - import: - path: ../../dist \ No newline at end of file diff --git a/capabilities/keycloak/validate.yaml b/capabilities/keycloak/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/keycloak/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/kiali/validate.yaml b/capabilities/kiali/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/kiali/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/kyverno-policies/validate.yaml b/capabilities/kyverno-policies/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/kyverno-policies/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/kyverno-reporter/validate.yaml b/capabilities/kyverno-reporter/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/kyverno-reporter/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/kyverno/validate.yaml b/capabilities/kyverno/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/kyverno/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/loki/validate.yaml b/capabilities/loki/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/loki/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/metrics-server/validate.yaml b/capabilities/metrics-server/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/metrics-server/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/neuvector/.github/zarf-runner/bob-the-builder/zarf-config.yaml b/capabilities/neuvector/.github/zarf-runner/bob-the-builder/zarf-config.yaml deleted file mode 100644 index 3f6ae4900..000000000 --- a/capabilities/neuvector/.github/zarf-runner/bob-the-builder/zarf-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -package: - create: - set: - uds_cli_version: "v0.0.7-alpha" diff --git a/capabilities/neuvector/.github/zarf-runner/bob-the-builder/zarf.yaml b/capabilities/neuvector/.github/zarf-runner/bob-the-builder/zarf.yaml deleted file mode 100644 index 6ceee685f..000000000 --- a/capabilities/neuvector/.github/zarf-runner/bob-the-builder/zarf.yaml +++ /dev/null @@ -1,26 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: bob-the-builder - url: https://welovebob.com/characters/bob.htm - image: https://welovebob.com/Images/characters/bob.jpg - description: "A zarf package to build/pull things" - -components: - - name: build - required: true - actions: - onCreate: - before: - - description: Load UDS CLI - cmd: | - [ -f ../build/uds ] && [ "$(../build/uds version)" == "###ZARF_PKG_TMPL_UDS_CLI_VERSION###" ] && exit 0 - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - # Download the uds-cli binary - mkdir -p ../build - curl -fL https://github.com/defenseunicorns/uds-cli/releases/download/###ZARF_PKG_TMPL_UDS_CLI_VERSION###/uds-cli_###ZARF_PKG_TMPL_UDS_CLI_VERSION###_$(uname -s)_${ARCH} -o ../build/uds - chmod +x ../build/uds - # or brew tap defenseunicorns/tap && brew update && brew install uds after installing brew - - description: Build the zarf packages - cmd: | - ./zarf p c ../../../ --confirm --no-progress -o ../build diff --git a/capabilities/neuvector/.github/zarf-runner/deploy/zarf.yaml b/capabilities/neuvector/.github/zarf-runner/deploy/zarf.yaml deleted file mode 100644 index 8bdc0f628..000000000 --- a/capabilities/neuvector/.github/zarf-runner/deploy/zarf.yaml +++ /dev/null @@ -1,32 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: farmer-pickles - url: https://welovebob.com/characters/farmer_pickles.htm - image: https://welovebob.com/Images/characters/farmer_pickles.jpg - description: "A zarf package to deploy things" - -components: - - name: deploy - required: true - actions: - onCreate: - before: - - description: Deploy the cluster bundle - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - # Below package will be have the codebase moved into the org and published under - # oci://ghcr.io/defenseunicorns/dev-dependencies/k3d-common-istio - ./uds deploy oci://ghcr.io/zachariahmiller/k3d-common-istio:0.2.0-$ARCH --no-progress --confirm - dir: ../build - - description: Deploy the neuvector - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p d ../build/zarf-package-uds-capability-neuvector-$ARCH-2.6.4.tar.zst --no-progress --confirm - - description: Wait for the istio gateway to have the label required for vs generation. - wait: - cluster: - kind: Gateway - name: uds/istio-domain=admin.uds.dev - namespace: istio-admin-gateway \ No newline at end of file diff --git a/capabilities/neuvector/.github/zarf-runner/release/zarf-config.yaml b/capabilities/neuvector/.github/zarf-runner/release/zarf-config.yaml deleted file mode 100644 index 3f6ae4900..000000000 --- a/capabilities/neuvector/.github/zarf-runner/release/zarf-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -package: - create: - set: - uds_cli_version: "v0.0.7-alpha" diff --git a/capabilities/neuvector/.github/zarf-runner/release/zarf.yaml b/capabilities/neuvector/.github/zarf-runner/release/zarf.yaml deleted file mode 100644 index 35e6d3030..000000000 --- a/capabilities/neuvector/.github/zarf-runner/release/zarf.yaml +++ /dev/null @@ -1,40 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: rusty-rogers - url: https://btb.fandom.com/wiki/Rusty_Rogers - image: https://static.wikia.nocookie.net/btb/images/4/4a/RustyRogers.png - description: "A zarf package to publish things" - -components: - - name: build - required: true - import: - path: ../build - - - name: deploy - required: true - import: - path: ../deploy - - - name: test - required: true - import: - path: ../test - - - name: release - required: true - actions: - onCreate: - before: - - description: Release the artifact - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p publish zarf-package-uds-capability-istio-$ARCH-0.1.0.tar.zst oci://ghcr.io/defenseunicorns/packages - dir: ../build - - description: Release the skeleton artifact - cmd: | - ARCH=$(uname -m) - [ "$ARCH" = "x86_64" ] && ARCH="amd64" - ./zarf p publish . oci://ghcr.io/defenseunicorns/packages - dir: ../../../ \ No newline at end of file diff --git a/capabilities/neuvector/.github/zarf-runner/zarf-config.toml b/capabilities/neuvector/.github/zarf-runner/zarf-config.toml deleted file mode 100644 index a0313a62f..000000000 --- a/capabilities/neuvector/.github/zarf-runner/zarf-config.toml +++ /dev/null @@ -1,5 +0,0 @@ -[package.create] -max_package_size = 99999999999 - -[package.create.set] -uds_cli_version = 'v0.0.7-alpha' diff --git a/capabilities/neuvector/.github/zarf-runner/zarf.yaml b/capabilities/neuvector/.github/zarf-runner/zarf.yaml deleted file mode 100644 index 800c02218..000000000 --- a/capabilities/neuvector/.github/zarf-runner/zarf.yaml +++ /dev/null @@ -1,25 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: bob-the-builder - -components: - - name: build - required: true - import: - path: bob-the-builder - - - name: deploy - required: true - import: - path: deploy - - - name: test - required: true - import: - path: test - - - # - name: test-admin - # required: true - # import: - # path: bernard-bentley \ No newline at end of file diff --git a/capabilities/neuvector/validate.yaml b/capabilities/neuvector/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/neuvector/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/neuvector/zarf.yaml b/capabilities/neuvector/zarf.yaml index 2133d5b05..050633298 100644 --- a/capabilities/neuvector/zarf.yaml +++ b/capabilities/neuvector/zarf.yaml @@ -5,10 +5,10 @@ metadata: description: "UDS Neuvector Capability" url: https://open-docs.neuvector.com/ - components: - name: neuvector description: "Deploy Neuvector" + required: true charts: - name: crd url: https://neuvector.github.io/neuvector-helm/ diff --git a/capabilities/prometheus-stack/validate.yaml b/capabilities/prometheus-stack/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/prometheus-stack/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/promtail/validate.yaml b/capabilities/promtail/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/promtail/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/tempo/validate.yaml b/capabilities/tempo/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/tempo/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/capabilities/velero/validate.yaml b/capabilities/velero/validate.yaml new file mode 100644 index 000000000..ec4041bd3 --- /dev/null +++ b/capabilities/velero/validate.yaml @@ -0,0 +1,10 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: run + actions: + - description: Validate... + cmd: "echo Replace Me" + # wait: + # cluster: diff --git a/examples/k3d-istio-only/uds-bundle.yaml b/examples/k3d-istio-only/uds-bundle.yaml new file mode 100644 index 000000000..f175cd17b --- /dev/null +++ b/examples/k3d-istio-only/uds-bundle.yaml @@ -0,0 +1,23 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/uds.schema.json +kind: UDSBundle +metadata: + name: k3d-uds-core-istio-only + description: An example UDS bundle for deploying Istio from UDS Core on a development cluster + # x-release-please-start-version + version: "0.1.0" + # x-release-please-end + +zarf-packages: + - name: uds-k3d-dev + repository: ghcr.io/defenseunicorns/packages/uds-k3d + ref: 0.1.11 + + - name: init + repository: ghcr.io/defenseunicorns/packages/init + ref: v0.31.0 + + - name: uds-core-istio-only + path: ../../build/ + # x-release-please-start-version + ref: 0.1.0 + # x-release-please-end diff --git a/examples/k3d-standard/uds-bundle.yaml b/examples/k3d-standard/uds-bundle.yaml new file mode 100644 index 000000000..1ed0f04f0 --- /dev/null +++ b/examples/k3d-standard/uds-bundle.yaml @@ -0,0 +1,23 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/uds.schema.json +kind: UDSBundle +metadata: + name: k3d-uds-core-standard + description: An example UDS bundle for deploying the standard UDS Core capability on a development cluster + # x-release-please-start-version + version: "0.1.0" + # x-release-please-end + +zarf-packages: + - name: uds-k3d-dev + repository: ghcr.io/defenseunicorns/packages/uds-k3d + ref: 0.1.11 + + - name: init + repository: ghcr.io/defenseunicorns/packages/init + ref: v0.31.0 + + - name: uds-core-standard + path: ../../build/ + # x-release-please-start-version + ref: 0.1.0 + # x-release-please-end diff --git a/packages/istio-only/zarf.yaml b/packages/istio-only/zarf.yaml new file mode 100644 index 000000000..f97886841 --- /dev/null +++ b/packages/istio-only/zarf.yaml @@ -0,0 +1,36 @@ +kind: ZarfPackageConfig +metadata: + name: uds-core-istio-only + description: "UDS Core (Istio Only)" + authors: "Defense Unicorns - Product" + # x-release-please-start-version + version: "0.1.0" + # x-release-please-end + +components: + # Istio + - name: istio-controlplane + required: true + import: + path: ../standard + + - name: istio-admin-gateway + required: true + import: + path: ../standard + + - name: istio-tenant-gateway + required: true + import: + path: ../standard + + - name: istio-passthrough-gateway + required: true + import: + path: ../standard + + # Pepr the world + - name: pepr-uds-core + required: true + import: + path: ../standard diff --git a/packages/standard/values/istio-admin-gateway.yaml b/packages/standard/values/istio-admin-gateway.yaml deleted file mode 100644 index dc485ef65..000000000 --- a/packages/standard/values/istio-admin-gateway.yaml +++ /dev/null @@ -1,2 +0,0 @@ -domain: "admin.###ZARF_VAR_DOMAIN###" - diff --git a/packages/standard/values/istio-passthrough-gateway.yaml b/packages/standard/values/istio-passthrough-gateway.yaml deleted file mode 100644 index 364a31438..000000000 --- a/packages/standard/values/istio-passthrough-gateway.yaml +++ /dev/null @@ -1 +0,0 @@ -domain: "###ZARF_VAR_DOMAIN###" diff --git a/packages/standard/values/istio-tenant-gateway.yaml b/packages/standard/values/istio-tenant-gateway.yaml deleted file mode 100644 index 364a31438..000000000 --- a/packages/standard/values/istio-tenant-gateway.yaml +++ /dev/null @@ -1 +0,0 @@ -domain: "###ZARF_VAR_DOMAIN###" diff --git a/packages/standard/zarf.yaml b/packages/standard/zarf.yaml index 87f8709af..75fc21e70 100644 --- a/packages/standard/zarf.yaml +++ b/packages/standard/zarf.yaml @@ -1,17 +1,12 @@ kind: ZarfPackageConfig metadata: - name: uds-core + name: uds-core-standard description: "UDS Core" authors: "Defense Unicorns - Product" # x-release-please-start-version version: "0.1.0" # x-release-please-end -variables: - - name: DOMAIN - description: "Cluster domain" - default: "uds.dev" - components: # Istio - name: istio-controlplane @@ -23,28 +18,16 @@ components: required: true import: path: ../../capabilities/istio - charts: - - name: uds-istio-config - valuesFiles: - - "values/istio-admin-gateway.yaml" - name: istio-tenant-gateway required: true import: path: ../../capabilities/istio - charts: - - name: uds-istio-config - valuesFiles: - - "values/istio-tenant-gateway.yaml" - name: istio-passthrough-gateway required: true import: path: ../../capabilities/istio - charts: - - name: uds-istio-config - valuesFiles: - - "values/istio-passthrough-gateway.yaml" # Pepr the world - name: pepr-uds-core diff --git a/pepr.ts b/pepr.ts index 6ad13ca7a..69ee2a2e8 100644 --- a/pepr.ts +++ b/pepr.ts @@ -1,35 +1,46 @@ -import { Capability, Log, PeprModule } from "pepr"; +import { Capability, PeprModule } from "pepr"; import cfg from "./package.json"; -import { IstioVirtualService } from "./capabilities/istio/pepr/istio-virtual-service"; -import { IstioInjection } from "./capabilities/istio/pepr/istio-injection"; +import { istio } from "./capabilities/istio/pepr"; /** * This the root of the UDS Core Pepr Module. To operate on a specific capability, you can * set the `CAPABILITY` environment variable to the name of the capability. * * Example: - * CAPABILITY=istio-virtual-service npx pepr build + * CAPABILITY=istio npx pepr build */ -const allCapabilities: Record = { - istio: [IstioVirtualService, IstioInjection], -}; +const sortedCapabilities: Record[] = [ + // Istio service mesh + { istio }, +]; -// Check if the CAPABILITY environment variable is set -const activeCapabilities = allCapabilities[process.env.CAPABILITY || ""] || []; +// Otherwise, use all capabilities +const allCapabilities = sortedCapabilities.flatMap(data => { + return Object.values(data).flat(); +}); -// If there are active capabilities via the CAPABILITY environment variable, then log a message -if (activeCapabilities.length > 0) { - Log.info( - `\n\n******************* Pepr capabilities limited to only ${process.env.CAPABILITY} capabilities *******************\n\n`, - ); +const capability = process.env.CAPABILITY; + +if (!capability || capability === "all") { + // Start the Pepr module + new PeprModule(cfg, allCapabilities); } else { - // Otherwise, use all capabilities - for (const caps of Object.values(allCapabilities)) { - activeCapabilities.push(...caps); + console.log( + `\n\n************** Pepr capabilities limited to only ${capability} **************n\n`, + ); + + // If the CAPABILITY environment variable is set, then only use that capability + const activeCapabilities = sortedCapabilities.find( + data => data[capability], + )?.[capability]; + + if (!activeCapabilities || activeCapabilities.length < 1) { + console.error(`Capability ${capability} not found. Exiting...`); + process.exit(1); } -} -// Start the Pepr module -new PeprModule(cfg, activeCapabilities); + // Start the Pepr module + new PeprModule(cfg, activeCapabilities); +} diff --git a/tasks/create.yaml b/tasks/create.yaml new file mode 100644 index 000000000..2b0196bd8 --- /dev/null +++ b/tasks/create.yaml @@ -0,0 +1,45 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: standard-package + actions: + - task: pepr-build + + - description: "Create the UDS Core Standard Zarf Package" + cmd: "zarf package create packages/standard --confirm" + + - name: example-bundle-k3d-standard + actions: + - description: "Create the UDS Core Standard Example Bundle" + cmd: "uds create examples/k3d-standard --confirm --no-progress" + + - name: istio-only-package + actions: + - task: pepr-build + + - description: "Create the UDS Core Istio Zarf Package" + cmd: "zarf package create packages/istio-only --confirm" + + - name: example-bundle-k3d-istio-only + actions: + - description: "Create the UDS Core Istio Only Example Bundle" + cmd: "uds create examples/k3d-istio-only --confirm --no-progress" + + - name: single-capability + actions: + - task: pepr-build + + - description: "Create the Pepr Zarf Package, if it exists" + cmd: "zarf package create dist --confirm || echo 'Pepr build not required'" + + - description: "Create the requested capability Zarf Package (must set CAPABILITY environment variable)" + cmd: "zarf package create capabilities/${CAPABILITY} --confirm" + + - name: pepr-build + actions: + - description: "Build the UDS Core Pepr Module" + cmd: | + rm -fr dist + npm ci + npx pepr build || echo "Pepr build not required" diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml new file mode 100644 index 000000000..e83af2977 --- /dev/null +++ b/tasks/deploy.yaml @@ -0,0 +1,36 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: example-bundle-k3d-standard + actions: + - description: "Deploy the UDS Core Standard Example Bundle" + cmd: | + export ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') + uds deploy examples/k3d-standard/uds-bundle-k3d-uds-core-standard-${ARCH}-*.tar.zst --confirm --no-progress + + - task: out-of-band-tls-certs + + - name: example-bundle-k3d-istio-only + actions: + - description: "Deploy the UDS Core Istio Only Example Bundle" + cmd: | + export ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') + uds deploy examples/k3d-istio-only/ k3d-uds-core-istio-only- --confirm --no-progress" + + - task: out-of-band-tls-certs + + - name: out-of-band-tls-certs + actions: + - description: "Deploy the TLS certs for Istio" + cmd: | + npm ci + npx --yes ts-node examples/tls-certs.ts + + - name: single-capability + actions: + - description: "Deploy the requested capability Zarf Package (must set CAPABILITY environment variable)" + cmd: | + export ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') + zarf package deploy build/zarf-package-uds-capability-${CAPABILITY}-${ARCH}.tar.zst --confirm + zarf package deploy build/zarf-package-pepr-uds-core-${ARCH}-*.tar.zst --confirm || true diff --git a/tasks/setup.yaml b/tasks/setup.yaml new file mode 100644 index 000000000..be7351f48 --- /dev/null +++ b/tasks/setup.yaml @@ -0,0 +1,13 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: k3d-test-cluster + actions: + - description: "Create the K3d cluster" + # renovate: datasource=github-tags depName=defenseunicorns/uds-k3d versioning=semver + cmd: "zarf package deploy oci://defenseunicorns/uds-k3d:0.1.11-multi --confirm" + + - description: "Initialize the cluster with Zarf" + # renovate: datasource=github-tags depName=defenseunicorns/init versioning=semver + cmd: "zarf package deploy oci://defenseunicorns/init:v0.31.0-$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') --confirm" diff --git a/tasks/test.yaml b/tasks/test.yaml new file mode 100644 index 000000000..2a68d4cb0 --- /dev/null +++ b/tasks/test.yaml @@ -0,0 +1,30 @@ +# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.0.10-alpha/tasks.schema.json + +tasks: + - name: single-capability + description: "Build and test a single capability, must set CAPABILITY environment variable" + actions: + - description: "Create the capability package" + cmd: uds run -f tasks/create.yaml single-capability --no-progress + + - description: "Create the K3d cluster" + cmd: uds run -f tasks/setup.yaml k3d-test-cluster --no-progress + + - description: "Deploy the capability" + cmd: uds run -f tasks/deploy.yaml single-capability --no-progress + + - description: "Validate the capability" + cmd: uds run -f capabilities/${CAPABILITY}/validate.yaml run --no-progress + + - name: uds-core + description: "Build and test UDS Core" + actions: + - description: "Create the UDS Core Standard Zarf Package" + cmd: uds run -f tasks/create.yaml standard-package --no-progress + + - description: "Create the UDS Core Standard Example Bundle" + cmd: uds run -f tasks/create.yaml example-bundle-k3d-standard --no-progress + + - description: "Deploy the UDS Core Standard Example Bundle" + cmd: uds run -f tasks/deploy.yaml example-bundle-k3d-standard --no-progress diff --git a/.github/zarf-runner/test/app/admin-app.yaml b/test/app/admin-app.yaml similarity index 100% rename from .github/zarf-runner/test/app/admin-app.yaml rename to test/app/admin-app.yaml diff --git a/capabilities/istio/.github/zarf-runner/test/app/app.yaml b/test/app/app.yaml similarity index 100% rename from capabilities/istio/.github/zarf-runner/test/app/app.yaml rename to test/app/app.yaml diff --git a/capabilities/neuvector/.github/zarf-runner/test/zarf.yaml b/test/test/zarf.yaml similarity index 100% rename from capabilities/neuvector/.github/zarf-runner/test/zarf.yaml rename to test/test/zarf.yaml diff --git a/capabilities/istio/.github/zarf-runner/test/zarf.yaml b/test/zarf.yaml similarity index 100% rename from capabilities/istio/.github/zarf-runner/test/zarf.yaml rename to test/zarf.yaml diff --git a/zarf-config.yaml b/zarf-config.yaml new file mode 100644 index 000000000..8ee66a63c --- /dev/null +++ b/zarf-config.yaml @@ -0,0 +1,6 @@ +# Disable until UDS CLI isn't super noisy +no_progress: true + +package: + create: + output: build