diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 14651384..59ed58b1 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -79,6 +79,6 @@ jobs: if: ${{ steps.checksecret.outputs.result == 'true' }} uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: - file: ./coverage.out + files: ./coverage.out fail_ci_if_error: true verbose: true diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 8cbf2637..41a5eb04 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -21,21 +21,9 @@ concurrency: cancel-in-progress: true jobs: - kind: - name: Kubernetes - strategy: - fail-fast: false - matrix: - k8s-version: - - "v1.24.7" - - "v1.25.3" - - "v1.26.3" - - "v1.27.2" - - "v1.28.0" - - "v1.29.0" - - "v1.30.0" - - "v1.31.0" - runs-on: ubuntu-24.04 + e2e: + name: E2E Testing + runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: @@ -46,5 +34,14 @@ jobs: - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 with: version: v3.14.2 - - name: e2e testing - run: KIND_K8S_VERSION=${{ matrix.k8s-version }} make e2e + - name: unit tracing + run: sudo make trace-unit + - name: e2e tracing + run: sudo make trace-e2e + - name: build seccomp profile + run: make seccomp + - name: upload artifact + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + with: + name: capsule-seccomp + path: capsule-seccomp.json diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index f1591bcc..428c64dc 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -5,6 +5,11 @@ on: pull_request: branches: - "main" + paths: + - '.github/configs/**' + - '.github/workflows/helm-*.yml' + - 'charts/**' + - 'Makefile' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -31,18 +36,9 @@ jobs: - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 - name: Linting Chart run: helm lint ./charts/capsule - - name: Setup Chart Linting - id: lint - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config ./.github/configs/ct.yaml) - if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - fi + - name: Run chart-testing (lint) - run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml + run: make helm-lint - name: Run docs-testing (helm-docs) id: helm-docs @@ -68,4 +64,3 @@ jobs: fi - name: Run chart-testing (install) run: HELM_KIND_CONFIG="./hack/kind-cluster.yml" make helm-test - if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 23f6fe99..954569f7 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -49,8 +49,4 @@ jobs: with: go-version-file: 'go.mod' - name: Run golangci-lint - uses: golangci/golangci-lint-action@e60da84bfae8c7920a47be973d75e15710aa8bd7 # v6.3.0 - with: - version: v1.56.2 - only-new-issues: false - args: --timeout 5m --config .golangci.yml + run: make golint diff --git a/.github/workflows/seccomp.yaml b/.github/workflows/seccomp.yaml deleted file mode 100644 index 45d33399..00000000 --- a/.github/workflows/seccomp.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: seccomp -permissions: {} - -on: - pull_request: - branches: - - "*" - paths: - - '.github/workflows/e2e.yml' - - 'api/**' - - 'controllers/**' - - 'pkg/**' - - 'e2e/*' - - '.ko.yaml' - - 'Dockerfile.tracing' - - 'go.*' - - 'main.go' - - 'Makefile' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - seccomp-generation: - name: Seccomp Generation - strategy: - fail-fast: false - matrix: - k8s-version: - - "v1.30.0" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 - with: - go-version-file: 'go.mod' - - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 - with: - version: v3.14.2 - - name: unit tracing - run: sudo make trace-unit - - name: e2e tracing - run: sudo KIND_K8S_VERSION=${{ matrix.k8s-version }} make trace-e2e - - name: build seccomp profile - run: make seccomp - - name: upload artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: capsule-seccomp - path: capsule-seccomp.json diff --git a/.golangci.yml b/.golangci.yml index 9b5edc24..ceaf20ed 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,4 @@ linters-settings: - govet: - check-shadowing: true dupl: threshold: 100 goconst: @@ -32,37 +30,31 @@ linters-settings: linters: enable-all: true disable: + - err113 - depguard - perfsprint - funlen - gochecknoinits - lll - - exhaustivestruct - - maligned - - interfacer - - scopelint - - golint - gochecknoglobals - - goerr113 - - gomnd + - mnd + - nilnil + - recvcheck + - unparam - paralleltest - ireturn - testpackage - varnamelen - wrapcheck - exhaustruct - - varcheck - - structcheck - - nosnakecase - - deadcode - - ifshort - nonamedreturns -run: - timeout: 3m - allow-parallel-runners: true - tests: false - skip-files: +issues: + exclude-files: - "zz_.*\\.go$" - ".+\\.generated.go" - ".+_test.go" - ".+_test_.+.go" +run: + timeout: 3m + allow-parallel-runners: true + tests: false diff --git a/.goreleaser.yml b/.goreleaser.yml index e062891d..a37a2ed3 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -31,8 +31,6 @@ builds: release: prerelease: auto footer: | - Thanks to all the contributors! - **Full Changelog**: https://github.com/projectcapsule/{{ .ProjectName }}/compare/{{ .PreviousTag }}...{{ .Tag }} **Docker Images** @@ -45,6 +43,19 @@ release: - `ghcr.io/projectcapsule/charts/{{ .ProjectName }}:{{ .Version }}` [Review the Major Changes section first before upgrading to a new version](https://artifacthub.io/packages/helm/projectcapsule/capsule/{{ .Version }}#major-changes) + + **Kubernetes compatibility** + + [!IMPORTANT] + Note that the Capsule project offers support only for the latest minor version of Kubernetes. + Backwards compatibility with older versions of Kubernetes and OpenShift is [offered by vendors](https://projectcapsule.dev/support/). + + | Kubernetes version | Minimum required | + |--------------------|------------------| + | `v1.31` | `>= 1.31.0` | + + + Thanks to all the contributors! 🚀 🦄 extra_files: - glob: ./capsule-seccomp.json checksum: diff --git a/Makefile b/Makefile index 6c1bda8d..8f270b19 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,9 @@ IMG ?= $(IMG_BASE):$(VERSION) CAPSULE_IMG ?= $(REGISTRY)/$(IMG_BASE) CLUSTER_NAME ?= capsule +## Kubernetes Version Support +KUBERNETES_SUPPORTED_VERSION ?= "v1.31.0" + ## Tool Binaries KUBECTL ?= kubectl HELM ?= helm @@ -68,6 +71,10 @@ generate: controller-gen # Helm SRC_ROOT = $(shell git rev-parse --show-toplevel) +helm-controller-version: + $(eval VERSION := $(shell grep 'appVersion:' charts/capsule/Chart.yaml | awk '{print "v"$$2}')) + $(eval KO_TAGS := $(shell grep 'appVersion:' charts/capsule/Chart.yaml | awk '{print "v"$$2}')) + helm-docs: helm-doc $(HELM_DOCS) --chart-search-root ./charts @@ -78,27 +85,21 @@ helm-schema: helm-plugin-schema cd charts/capsule && $(HELM) schema -output values.schema.json helm-test: HELM_KIND_CONFIG ?= "" -helm-test: kind ct ko-build-all +helm-test: kind @mkdir -p /tmp/results || true - @$(KIND) create cluster --wait=60s --name capsule-charts --image kindest/node:$${KIND_K8S_VERSION:-v1.27.0} --config $(HELM_KIND_CONFIG) + @$(KIND) create cluster --wait=60s --name capsule-charts --image kindest/node:$(KUBERNETES_SUPPORTED_VERSION) --config $(HELM_KIND_CONFIG) @make helm-test-exec @$(KIND) delete cluster --name capsule-charts -helm-test-exec: kind +helm-test-exec: ct helm-controller-version ko-build-all $(MAKE) docker-build-capsule-trace - $(MAKE) e2e-load-image CLUSTER_NAME=capsule-charts IMAGE=$(CAPSULE_IMG) VERSION=latest + $(MAKE) e2e-load-image CLUSTER_NAME=capsule-charts IMAGE=$(CAPSULE_IMG) VERSION=v0.0.0 $(MAKE) e2e-load-image CLUSTER_NAME=capsule-charts IMAGE=$(CAPSULE_IMG) VERSION=tracing @$(KUBECTL) create ns capsule-system || true - @$(KUBECTL) apply --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml - @$(KUBECTL) apply --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml + @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml + @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml @$(CT) install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug -docker: - @hash docker 2>/dev/null || {\ - echo "You need docker" &&\ - exit 1;\ - } - # Setup development env # Usage: # LAPTOP_HOST_IP= make dev-setup @@ -224,11 +225,11 @@ e2e: ginkgo $(MAKE) e2e-build && $(MAKE) e2e-exec && $(MAKE) e2e-destroy e2e-build: kind - $(KIND) create cluster --wait=60s --name $(CLUSTER_NAME) --image kindest/node:$${KIND_K8S_VERSION:-v1.27.0} + $(KIND) create cluster --wait=60s --name $(CLUSTER_NAME) --image kindest/node:$(KUBERNETES_SUPPORTED_VERSION) $(MAKE) e2e-install .PHONY: e2e-install -e2e-install: +e2e-install: ko-build-all $(MAKE) e2e-load-image CLUSTER_NAME=$(CLUSTER_NAME) IMAGE=$(CAPSULE_IMG) VERSION=$(VERSION) $(HELM) upgrade \ --dependency-update \ @@ -262,7 +263,7 @@ trace-install: .PHONY: trace-e2e trace-e2e: kind $(MAKE) docker-build-capsule-trace - $(KIND) create cluster --wait=60s --image kindest/node:$${KIND_K8S_VERSION:-v1.27.0} --config hack/kind-cluster.yml + $(KIND) create cluster --wait=60s --image kindest/node:$(KUBERNETES_SUPPORTED_VERSION) --config hack/kind-cluster.yml $(MAKE) e2e-load-image CLUSTER_NAME=capsule-tracing IMAGE=$(CAPSULE_IMG) VERSION=tracing $(MAKE) trace-install $(MAKE) e2e-exec @@ -278,7 +279,7 @@ seccomp: $(HARPOON) build --add-syscall-sets=dynamic,docker -D /tmp/results --name capsule-seccomp.json --save .PHONY: e2e-load-image -e2e-load-image: kind ko-build-all +e2e-load-image: kind $(KIND) load docker-image $(IMAGE):$(VERSION) --name $(CLUSTER_NAME) .PHONY: e2e-exec diff --git a/charts/capsule/Chart.yaml b/charts/capsule/Chart.yaml index 86b8d4a2..54c9364a 100644 --- a/charts/capsule/Chart.yaml +++ b/charts/capsule/Chart.yaml @@ -25,9 +25,9 @@ name: capsule sources: - https://github.com/projectcapsule/capsule # Note: The version is overwritten by the release workflow. -version: 0.6.0 +version: 0.0.0 # Note: The version is overwritten by the release workflow. -appVersion: 0.5.0 +appVersion: 0.0.0 annotations: artifacthub.io/operator: "true" artifacthub.io/prerelease: "false"