feat: init garm-operator

garm-operator is an operator to manage garm objects by
creating/updating/deleting objects within kubernetes.

This is a squashed commit from our internal git repo into a
single commit to be able to open source the garm-operator.

Co-authored-by: Rafael Thalhofer <[email protected]>
Co-authored-by: Michael Kuhnt <[email protected]>
Co-authored-by: Heiko Kast <[email protected]>

.dockerignore

@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: MIT
+
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/

.github/workflows/build.yml

@@ -0,0 +1,37 @@
+# SPDX-License-Identifier: MIT
+
+name: build
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: lint and test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+
+      - name: make verify
+        run: make verify
+
+      - name: make lint
+        run: make golangci-lint && GOLANGCI_LINT_EXTRA_ARGS=--timeout=1h make lint
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 14
+
+      - name: make test
+        run: make test

.github/workflows/foss.yaml

@@ -0,0 +1,50 @@
+# SPDX-License-Identifier: MIT
+# Jobs to run Blackduck based FOSS scan
+name: FOSS Scan
+on:
+  push:
+    branches:
+    - main
+
+jobs:
+  foss-scan:
+    strategy:
+      max-parallel: 2
+    name: foss-scan
+    runs-on: ubuntu-latest
+    steps:
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.20'
+      id: go
+
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Synopsys Detect
+      run: |
+        GITHUB_REF="$(echo $GITHUB_REF_NAME | tr ':/' '_')"
+        BLACKDUCK_SCAN_VERSION_NAME="${GITHUB_REF}_${GITHUB_SHA}"
+        export BLACKDUCK_SCAN_VERSION_NAME
+
+        # create the tmp directory as we also do during the release process
+        mkdir -p tmp
+
+        ./hack/foss-scan.sh
+      env:
+        BLACKDUCK_URL: ${{ secrets.BLACKDUCK_URL }}
+        BLACKDUCK_PROJECT_NAME: ${{ secrets.BLACKDUCK_PROJECT_NAME }}
+        BLACKDUCK_TOKEN: ${{ secrets.BLACKDUCK_TOKEN }}
+
+    - name: Archive foss scan notices report
+      uses: actions/upload-artifact@v2
+      with:
+        name: 3RD_PARTY_LICENSES.txt
+        path: tmp/Black_Duck_Notices_Report.txt
+
+    - name: Archive foss scan risk report
+      uses: actions/upload-artifact@v2
+      with:
+        name: foss-scan-risk-report
+        path: tmp/BlackDuck_RiskReport.pdf

.github/workflows/release.yml

@@ -0,0 +1,54 @@
+# SPDX-License-Identifier: MIT
+
+name: release
+
+on:
+  push:
+    # run only against tags
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to ghcr.io
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - run: git fetch --force --tags
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+
+      - name: Synopsys Detect
+        run: |
+          GITHUB_REF="$(echo $GITHUB_REF_NAME | tr ':/' '_')"
+          BLACKDUCK_SCAN_VERSION_NAME="${GITHUB_REF}_${GITHUB_SHA}"
+          export BLACKDUCK_SCAN_VERSION_NAME
+
+          # create the tmp directory as we also do during the release process
+          mkdir -p tmp
+
+          ./hack/foss-scan.sh
+
+          mv tmp/Black_Duck_Notices_Report.txt tmp/3RD_PARTY_LICENSES.txt
+        env:
+          BLACKDUCK_URL: ${{ secrets.BLACKDUCK_URL }}
+          BLACKDUCK_PROJECT_NAME: ${{ secrets.BLACKDUCK_PROJECT_NAME }}
+          BLACKDUCK_TOKEN: ${{ secrets.BLACKDUCK_TOKEN }}
+
+      - name: release
+        run: make release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: MIT
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~
+tmp/*
+
+dist/

.golangci.yaml

@@ -0,0 +1,62 @@
+# SPDX-License-Identifier: MIT
+linters:
+  disable-all: true
+  fast: false
+  enable:
+    - gci
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - gofumpt
+    - goimports
+    - godox
+    - govet
+    - gosec
+    - importas
+    - ineffassign
+    - loggercheck
+    - misspell
+    - nakedret
+    - nilerr
+    - predeclared
+    - promlinter
+    - revive
+    - staticcheck
+    - tagliatelle
+    - unconvert
+    - unused
+    - wastedassign
+    - whitespace
+
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/mercedes-benz/garm-operator)
+
+  goimports:
+    local-prefixes: github.com/mercedes-benz/garm-operator
+
+  importas:
+    no-unaliased: false
+    alias:
+      - pkg: github.com/mercedes-benz/garm-operator/api/v1alpha1
+        alias: garmoperatorv1alpha1
+      - pkg: k8s.io/api/core/v1
+        alias: corev1
+      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+        alias: metav1
+      - pkg: k8s.io/apimachinery/pkg/api/errors
+        alias: apierrors
+      - pkg: sigs.k8s.io/controller-runtime
+        alias: ctrl
+      - pkg: k8s.io/api/admission/v1
+        alias: admissionv1
+
+  loggercheck:
+    klog: true
+    zap: false
+    require-string-key: true
+    no-printf-like: true

.goreleaser.yaml

@@ -0,0 +1,73 @@
+# SPDX-License-Identifier: MIT
+project_name: garm-operator
+before:
+  hooks:
+    - go mod tidy
+    - sh -c "IMG=ghcr.io/mercedes-benz/garm-operator/{{ .ProjectName }}:v{{ .Version }} make release-manifests"
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+    main: ./cmd/
+
+dockers:
+  - image_templates:
+      - "ghcr.io/mercedes-benz/garm-operator/{{ .ProjectName }}:v{{ .Version }}"
+      - "ghcr.io/mercedes-benz/garm-operator/{{ .ProjectName }}:latest"
+    dockerfile: release.Dockerfile
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+
+checksum:
+  name_template: "checksums.txt"
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  use: github
+  groups:
+    - title: "✨ Features"
+      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+      order: 0
+    - title: "🐛 Bug fixes"
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: "📚 Documentation"
+      regexp: '^.*?docs(\([[:word:]]+\))??!?:.+$'
+      order: 2
+    - title: "🌱 Others"
+      order: 999
+  filters:
+    exclude:
+      - "^test:"
+release:
+  github:
+    owner: mercedes-benz
+    name: garm-operator
+  prerelease: auto
+  extra_files:
+    - glob: tmp/garm_operator_all.yaml
+    - glob: tmp/garm_operator_crds.yaml
+    - glob: tmp/garm_operator.yaml
+    - glob: tmp/3RD_PARTY_LICENSES.txt
+    - glob: tmp/BlackDuck_RiskReport.pdf
+  header: |
+    Container image is available at `ghcr.io/mercedes-benz/garm-operator/{{ .ProjectName }}:v{{ .Version }}` 
+
+    * `garm_operator.yaml` contains the operator deployment manifest with all the required RBAC rules and certificate configurations.
+    * `garm_operator_crds.yaml` contains the CRDs for the operator.
+    * `garm_operator_all.yaml` is the combination of the above two files.
+
+    ---