Fix: add volume bottom check in resource topology rule (#5835)

Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com>

.github/bot.md

@@ -1,6 +1,6 @@
 ### GitHub & kubevela automation
 
-The bot is configured via [issue-commands.json](https://github.com/kubevela/kubevela/blob/master/.github/workflows/issue-commands.json) 
+The bot is configured via [issue-commands.json](https://github.com/kubevela/kubevela/blob/master/.github/issue-commands.json) 
 and some other GitHub [workflows](https://github.com/kubevela/kubevela/blob/master/.github/workflows).
 By default, users with write access to the repo is allowed to use the comments, 
 the [userlist](https://github.com/kubevela/kubevela/blob/master/.github/comment.userlist) 

.github/workflows/apiserver-test.yml

@@ -18,7 +18,9 @@ on:
 env:
   # Common versions
   GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
+
+permissions:
+  contents: read
 
 jobs:
 
@@ -29,7 +31,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v5
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -43,18 +45,18 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
         id: go
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
       - name: Cache Go Dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
         with:
           path: .work/pkg
           key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
@@ -62,16 +64,18 @@ jobs:
 
       - name: Install ginkgo
         run: |
+          sudo sed -i 's/azure\.//' /etc/apt/sources.list
+          sudo apt-get update
           sudo apt-get install -y golang-ginkgo-dev
 
       - name: Start MongoDB
-        uses: supercharge/mongodb-github-action@1.8.0
+        uses: supercharge/mongodb-github-action@538a4d2a1041920c47630172445cb688592d6e51 # 1.8.0
         with:
           mongodb-version: '5.0'
 
         # TODO need update action version to resolve node 12 deprecated.
       - name: install Kubebuilder
-        uses: RyanSiu1995/kubebuilder-action@v1.2
+        uses: RyanSiu1995/kubebuilder-action@ff52bff1bae252239223476e5ab0d71d6ba02343
         with:
           version: 3.1.0
           kubebuilderOnly: false
@@ -81,7 +85,7 @@ jobs:
         run: make unit-test-apiserver
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           file: ./coverage.txt
@@ -101,13 +105,13 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
         id: go
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
@@ -129,7 +133,7 @@ jobs:
           echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
 
       - name: Setup K3d (Hub)
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: ${{ matrix.k8s-version }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -137,7 +141,7 @@ jobs:
 
 
       - name: Setup K3d (Worker)
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: ${{ matrix.k8s-version }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -179,10 +183,10 @@ jobs:
         run: make end-e2e-core
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          files: /tmp/e2e_apiserver_test.out
+          files: /tmp/e2e-profile.out, /tmp/e2e_apiserver_test.out
           flags: apiserver-e2etests
           name: codecov-umbrella
 
@@ -191,4 +195,4 @@ jobs:
 
       - name: Cleanup image
         if: ${{ always() }}
-        run: make image-cleanup
+        run: make image-cleanup

.github/workflows/back-port.yml

@@ -17,12 +17,12 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           fetch-depth: 0
 
       - name: Open Backport PR
-        uses: zeebe-io/backport-action@v0.0.9
+        uses: zeebe-io/backport-action@2ee900dc92632adf994f8e437b6d16840fd61f58
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           github_workspace: ${{ github.workspace }}

.github/workflows/chart.yml

@@ -31,18 +31,18 @@ jobs:
       VELA_ROLLOUT_HELM_CHART_NAME: vela-rollout
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
       - name: Get git revision
         id: vars
         shell: bash
         run: |
           echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
         with:
           version: v3.4.0
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
         with:
           node-version: '14'
       - name: Generate helm doc

.github/workflows/codeql-analysis.yml

@@ -22,16 +22,16 @@ jobs:
         language: [ 'go' ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
+        with:
+          languages: ${{ matrix.language }}
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37

.github/workflows/core-api-test.yml

@@ -17,16 +17,15 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Set up Go 1.19
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         env:
           GO_VERSION: '1.19'
-          GOLANGCI_VERSION: 'v1.49'
         with:
           go-version: ${{ env.GO_VERSION }}
         id: go
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Get the version
         id: get_version

.github/workflows/definition-lint.yml

@@ -23,17 +23,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
       - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: v1.20
           github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/e2e-multicluster-test.yml

@@ -19,7 +19,6 @@ permissions:
 env:
   # Common versions
   GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
 
 jobs:
 
@@ -32,7 +31,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v5
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -53,10 +52,10 @@ jobs:
 
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
@@ -78,14 +77,14 @@ jobs:
           echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
 
       - name: Setup K3d (Hub)
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: ${{ matrix.k8s-version }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
           k3d-args: ${{ env.EGRESS_ARG }}
 
       - name: Setup K3d (Worker)
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: ${{ matrix.k8s-version }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -118,7 +117,7 @@ jobs:
         run: make end-e2e-core
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out

.github/workflows/e2e-rollout-test.yml

@@ -19,7 +19,6 @@ permissions:
 env:
   # Common versions
   GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
 
 jobs:
 
@@ -32,7 +31,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v5
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -53,10 +52,10 @@ jobs:
 
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
@@ -78,7 +77,7 @@ jobs:
           echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
 
       - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: ${{ matrix.k8s-version }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -102,7 +101,7 @@ jobs:
         run: make end-e2e
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: /tmp/e2e-profile.out

.github/workflows/e2e-test.yml

@@ -19,7 +19,6 @@ permissions:
 env:
   # Common versions
   GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
 
 jobs:
 
@@ -32,7 +31,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v5
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -53,10 +52,10 @@ jobs:
 
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
@@ -78,7 +77,7 @@ jobs:
           echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
 
       - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: ${{ matrix.k8s-version }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -109,7 +108,7 @@ jobs:
         run: make end-e2e
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: /tmp/e2e-profile.out

.github/workflows/go.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v5
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -44,27 +44,17 @@ jobs:
 
     steps:
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
-      - name: Cache Go Dependencies
-        uses: actions/cache@v3
-        with:
-          path: .work/pkg
-          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-
-
-      - name: Install StaticCheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@2022.1
-
       - name: Static Check
-        run: staticcheck ./...
+        run: make staticcheck
 
       - name: License Header Check
         run: make check-license-header
@@ -79,28 +69,21 @@ jobs:
 
     steps:
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
-      - name: Cache Go Dependencies
-        uses: actions/cache@v3
-        with:
-          path: .work/pkg
-          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-
-
       # This action uses its own setup-go, which always seems to use the latest
       # stable version of Go. We could run 'make lint' to ensure our desired Go
       # version, but we prefer this action because it leaves 'annotations' (i.e.
       # it comments on PRs to point out linter violations).
       - name: Lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@07db5389c99593f11ad7b44463c2d4233066a9b1 # v3.3.0
         with:
           version: ${{ env.GOLANGCI_VERSION }}
 
@@ -111,39 +94,32 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
         with:
           node-version: '14'
 
-      - name: Install StaticCheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@2022.1
-
       - name: Cache Go Dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
         with:
           path: .work/pkg
           key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
           restore-keys: ${{ runner.os }}-pkg-
 
-      - name: Check code formatting
-        run: go install golang.org/x/tools/cmd/goimports && make fmt
-
       - name: Run cross-build
         run: make cross-build
 
       - name: Check Diff
         run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.49.0
           export PATH=$(pwd)/bin/:$PATH
           make check-diff
               
@@ -157,17 +133,17 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Cache Go Dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
         with:
           path: .work/pkg
           key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
@@ -188,15 +164,15 @@ jobs:
     if: needs.detect-noop.outputs.noop != 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
       - name: Build Test for vela core
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         with:
           context: .
           file: Dockerfile
@@ -208,15 +184,15 @@ jobs:
     if: needs.detect-noop.outputs.noop != 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
       - name: Build Test for apiserver
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         with:
           context: .
           file: Dockerfile.apiserver
@@ -228,16 +204,15 @@ jobs:
     if: needs.detect-noop.outputs.noop != 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
       - name: Build Test for CLI
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         with:
           context: .
           file: Dockerfile.cli
-          platforms: linux/amd64,linux/arm64

.github/workflows/issue-commands.yml

@@ -13,13 +13,13 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           repository: "oam-dev/kubevela-github-actions"
           path: ./actions
           ref: v0.4.2
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
         with:
           node-version: '14'
           cache: 'npm'
@@ -41,7 +41,7 @@ jobs:
     steps:
       - name: Extract Command
         id: command
-        uses: xt0rted/slash-command-action@v2
+        uses: xt0rted/slash-command-action@bf51f8f5f4ea3d58abc7eca58f77104182b23e88
         with:
           repo-token: ${{ secrets.VELA_BOT_TOKEN }}
           command: backport
@@ -50,7 +50,7 @@ jobs:
           allow-edits: "false"
           permission-level: read
       - name: Handle Command
-        uses: actions/github-script@v6
+        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0
         env:
           VERSION: ${{ steps.command.outputs.command-arguments }}
         with:
@@ -71,11 +71,11 @@ jobs:
             })
             console.log("Added '" + label + "' label.")
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           fetch-depth: 0
       - name: Open Backport PR
-        uses: zeebe-io/backport-action@v0.0.9
+        uses: zeebe-io/backport-action@2ee900dc92632adf994f8e437b6d16840fd61f58
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           github_workspace: ${{ github.workspace }}

.github/workflows/license.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Check for unapproved licenses
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:

.github/workflows/registry.yml

@@ -20,7 +20,7 @@ jobs:
       packages: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
       - name: Get the version
         id: get_version
         run: |
@@ -35,29 +35,29 @@ jobs:
         run: |
           echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
       - name: Login ghcr.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Login docker.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Login Alibaba Cloud ACR
-        uses: docker/login-action@v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: ${{ secrets.ACR_DOMAIN }}
           username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
         with:
           driver-opts: image=moby/buildkit:master
 
-      - uses: docker/build-push-action@v3
+      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         name: Build & Pushing vela-core for Dockerhub, GHCR and ACR
         with:
           context: .
@@ -76,7 +76,7 @@ jobs:
             ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
             ${{ secrets.ACR_DOMAIN }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
 
-      - uses: docker/build-push-action@v3
+      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         name: Build & Pushing CLI for Dockerhub, GHCR and ACR
         with:
           context: .
@@ -100,7 +100,7 @@ jobs:
       packages: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
       - name: Get the version
         id: get_version
         run: |
@@ -115,29 +115,29 @@ jobs:
         run: |
           echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
       - name: Login ghcr.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Login docker.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Login Alibaba Cloud ACR
-        uses: docker/login-action@v2
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
         with:
           registry: ${{ secrets.ACR_DOMAIN }}
           username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
         with:
           driver-opts: image=moby/buildkit:master
 
-      - uses: docker/build-push-action@v3
+      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         name: Build & Pushing vela-apiserver for Dockerhub, GHCR and ACR
         with:
           context: .
@@ -156,7 +156,7 @@ jobs:
             ghcr.io/${{ github.repository_owner }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
             ${{ secrets.ACR_DOMAIN }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
 
-      - uses: docker/build-push-action@v3
+      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         name: Build & Pushing runtime rollout Dockerhub, GHCR and ACR
         with:
           context: .
@@ -182,7 +182,7 @@ jobs:
       CAPABILITY_ENDPOINT: oss-cn-beijing.aliyuncs.com
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
       - name: Install ossutil
         run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
       - name: Configure Alibaba Cloud OSSUTIL
@@ -192,4 +192,4 @@ jobs:
       - name: rsync all capabilites
         run: rsync vela-templates/registry/auto-gen/* $CAPABILITY_DIR
       - name: sync local to cloud
-        run: ./ossutil --config-file .ossutilconfig sync $CAPABILITY_DIR oss://$CAPABILITY_BUCKET -f
+        run: ./ossutil --config-file .ossutilconfig sync $CAPABILITY_DIR oss://$CAPABILITY_BUCKET -f

.github/workflows/release.yml

@@ -7,114 +7,56 @@ on:
   workflow_dispatch: { }
 
 env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   BUCKET: ${{ secrets.CLI_OSS_BUCKET }}
   ENDPOINT: ${{ secrets.CLI_OSS_ENDPOINT }}
   ACCESS_KEY: ${{ secrets.CLI_OSS_ACCESS_KEY }}
   ACCESS_KEY_SECRET: ${{ secrets.CLI_OSS_ACCESS_KEY_SECRET }}
 
+permissions:
+  contents: read
+
 jobs:
   build:
+    permissions:
+      contents: write
+      actions: read
+      checks: write
+      issues: read
+      packages: write
+      pull-requests: read
+      repository-projects: read
+      statuses: read
     runs-on: ubuntu-latest
-    name: build
-    strategy:
-      matrix:
-        TARGETS: [ linux/amd64, darwin/amd64, windows/amd64, linux/arm64, darwin/arm64 ]
-    env:
-      VELA_VERSION_KEY: github.com/oam-dev/kubevela/version.VelaVersion
-      VELA_GITVERSION_KEY: github.com/oam-dev/kubevela/version.GitRevision
-      GO_BUILD_ENV: GO111MODULE=on CGO_ENABLED=0
-      DIST_DIRS: find * -type d -exec
+    name: goreleaser
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        with:
+          fetch-depth: 0
+      - run: git fetch --force --tags
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: 1.19
-      - name: Get release
-        id: get_release
-        uses: bruceadams/get-release@v1.3.2
+          cache: true
+      - uses: goreleaser/goreleaser-action@9754a253a8673b0ea869c2e863b4e975497efd0c # v4.1.1
+        with:
+          distribution: goreleaser
+          version: 1.14.1
+          args: release --rm-dist --timeout 60m
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # Since goreleaser haven't supported aliyun OSS, we need to upload the release manually
       - name: Get version
         run: echo "VELA_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-      - name: Get matrix
-        id: get_matrix
-        run: |
-          TARGETS=${{matrix.TARGETS}}
-          echo "OS=${TARGETS%/*}" >> $GITHUB_OUTPUT
-          echo "ARCH=${TARGETS#*/}" >> $GITHUB_OUTPUT
-      - name: Get ldflags
-        id: get_ldflags
-        run: |
-          LDFLAGS="-s -w -X ${{ env.VELA_VERSION_KEY }}=${{ env.VELA_VERSION }} -X ${{ env.VELA_GITVERSION_KEY }}=git-$(git rev-parse --short HEAD)"
-          echo "LDFLAGS=${LDFLAGS}" >> $GITHUB_ENV
-      - name: Build
-        run: |
-          ${{ env.GO_BUILD_ENV }} GOOS=${{ steps.get_matrix.outputs.OS }} GOARCH=${{ steps.get_matrix.outputs.ARCH }} \
-            go build -ldflags "${{ env.LDFLAGS }}" \
-            -o _bin/vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}/vela -v \
-            ./references/cmd/cli/main.go
-          ${{ env.GO_BUILD_ENV }} GOOS=${{ steps.get_matrix.outputs.OS }} GOARCH=${{ steps.get_matrix.outputs.ARCH }} \
-            go build -ldflags "${{ env.LDFLAGS }}" \
-            -o _bin/kubectl-vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}/kubectl-vela -v \
-            ./cmd/plugin/main.go
-      - name: Compress
-        run: |
-          echo "\n## Release Info\nVERSION: ${{ env.VELA_VERSION }}" >> README.md && \
-          echo "GIT_COMMIT: ${GITHUB_SHA}\n" >> README.md && \
-          cd _bin/vela && \
-          ${{ env.DIST_DIRS }} cp ../../LICENSE {} \; && \
-          ${{ env.DIST_DIRS }} cp ../../README.md {} \; && \
-          ${{ env.DIST_DIRS }} tar -zcf vela-{}.tar.gz {} \; && \
-          ${{ env.DIST_DIRS }} zip -r vela-{}.zip {} \; && \
-          cd ../kubectl-vela && \
-          ${{ env.DIST_DIRS }} cp ../../LICENSE {} \; && \
-          ${{ env.DIST_DIRS }} cp ../../README.md {} \; && \
-          ${{ env.DIST_DIRS }} tar -zcf kubectl-vela-{}.tar.gz {} \; && \
-          ${{ env.DIST_DIRS }} zip -r kubectl-vela-{}.zip {} \; && \
-          cd .. && \
-          sha256sum vela/vela-* kubectl-vela/kubectl-vela-* >> sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt \
-      - name: Upload Vela tar.gz
-        uses: kubevela/vela-upload-release-asset@v1
-        with:
-          release_id: ${{ steps.get_release.outputs.id }}
-          asset_path: ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
-          asset_name: vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
-      - name: Upload Vela zip
-        uses: kubevela/vela-upload-release-asset@v1
-        with:
-          release_id: ${{ steps.get_release.outputs.id }}
-          asset_path: ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
-          asset_name: vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
-      - name: Upload Kubectl-Vela tar.gz
-        uses: kubevela/vela-upload-release-asset@v1
-        with:
-          release_id: ${{ steps.get_release.outputs.id }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
-          asset_name: kubectl-vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
-      - name: Upload Kubectl-Vela zip
-        uses: kubevela/vela-upload-release-asset@v1
-        with:
-          release_id: ${{ steps.get_release.outputs.id }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
-          asset_name: kubectl-vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
-      - name: Post sha256
-        uses: actions/upload-artifact@v3
-        with:
-          name: sha256sums
-          path: ./_bin/sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt
-          retention-days: 1
-      - name: clear the asset
-        run: |
-          rm -rf ./_bin/vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}
-          mv ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz ./_bin/vela/vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
-          mv ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip ./_bin/vela/vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
       - name: Install ossutil
         run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
       - name: Configure Alibaba Cloud OSSUTIL
-        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
+        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT}
+      - name: split files to be upload
+        run: mkdir -p ./dist/files_upload && mv ./dist/*.tar.gz ./dist/files_upload && mv ./dist/*.zip ./dist/files_upload
       - name: sync local to cloud
-        run: ./ossutil --config-file .ossutilconfig sync ./_bin/vela oss://$BUCKET/binary/vela/${{ env.VELA_VERSION }}
+        run: ./ossutil --config-file .ossutilconfig sync ./dist/files_upload oss://$BUCKET/binary/vela/${{ env.VELA_VERSION }}
       - name: sync the latest version file
         if: ${{ !contains(env.VELA_VERSION,'alpha') && !contains(env.VELA_VERSION,'beta') }}
         run: |
@@ -125,46 +67,26 @@ jobs:
           verlte ${{ env.VELA_VERSION }} $LATEST_VERSION && echo "${{ env.VELA_VERSION }} <= $LATEST_VERSION, skip update" && exit 0
           echo ${{ env.VELA_VERSION }} > ./latest_version
           ./ossutil --config-file .ossutilconfig cp -u ./latest_version oss://$BUCKET/binary/vela/latest_version
-
   upload-plugin-homebrew:
+    permissions:
+      contents: write
+      actions: read
+      checks: write
+      issues: read
+      packages: write
+      pull-requests: read
+      repository-projects: read
+      statuses: read
     needs: build
     runs-on: ubuntu-latest
     name: upload-sha256sums
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - name: Get release
-        id: get_release
-        uses: bruceadams/get-release@v1.3.2
-      - name: Download sha256sums
-        uses: actions/download-artifact@v3
-        with:
-          name: sha256sums
-          path: cli-artifacts
-      - name: Display structure of downloaded files
-        run: ls -R
-        working-directory: cli-artifacts
-      - name: Get version
-        run: echo "VELA_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-      - shell: bash
-        working-directory: cli-artifacts
-        run: |
-          for file in *
-          do
-            sed -i "s/\/vela/-${{ env.VELA_VERSION }}/g" ${file}
-            sed -i "s/\/kubectl-vela/-${{ env.VELA_VERSION }}/g" ${file}
-            cat ${file} >> sha256sums.txt
-          done
-      - name: Upload Checksums
-        uses: kubevela/vela-upload-release-asset@v1
-        with:
-          release_id: ${{ steps.get_release.outputs.id }}
-          asset_path: cli-artifacts/sha256sums.txt
-          asset_name: sha256sums.txt
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
       - name: Update kubectl plugin version in krew-index
-        uses: rajatjindal/krew-release-bot@v0.0.38
+        uses: rajatjindal/krew-release-bot@3320c0b546b5d2320613c46762bd3f73e2801bdc # v0.0.38
       - name: Update Homebrew formula
-        uses: dawidd6/action-homebrew-bump-formula@v3
+        uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
         with:
           token: ${{ secrets.HOMEBREW_TOKEN }}
           formula: kubevela

.github/workflows/scorecards.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           persist-credentials: false
 
@@ -47,7 +47,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
         with:
           name: SARIF file
           path: results.sarif
@@ -55,6 +55,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif

.github/workflows/sync-api.yml

@@ -18,12 +18,12 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Get the version
         id: get_version

.github/workflows/timed-task.yml

@@ -3,7 +3,8 @@ on:
   schedule:
     - cron: '* * * * *'
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   clean-image:

.github/workflows/trivy-scan.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Build Vela Core image from Dockerfile
         run: |

.github/workflows/unit-test.yml

@@ -17,7 +17,6 @@ permissions:
 env:
   # Common versions
   GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
 
 jobs:
 
@@ -30,7 +29,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v5
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -44,17 +43,17 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
         with:
           submodules: true
 
       - name: Cache Go Dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
         with:
           path: .work/pkg
           key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
@@ -62,17 +61,19 @@ jobs:
 
       - name: Install ginkgo
         run: |
+          sudo sed -i 's/azure\.//' /etc/apt/sources.list
+          sudo apt-get update
           sudo apt-get install -y golang-ginkgo-dev
 
       - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.9
+        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
         with:
           version: v1.20
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
         # TODO need update action version to resolve node 12 deprecated.
       - name: install Kubebuilder
-        uses: RyanSiu1995/kubebuilder-action@v1.2
+        uses: RyanSiu1995/kubebuilder-action@ff52bff1bae252239223476e5ab0d71d6ba02343
         with:
           version: 3.1.0
           kubebuilderOnly: false
@@ -82,7 +83,7 @@ jobs:
         run: make test
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           file: ./coverage.txt

.gitignore

@@ -53,3 +53,5 @@ git-page/
 # e2e rollout runtime image build
 runtime/rollout/e2e/tmp
 vela.json
+
+dist/

.goreleaser.yaml

@@ -0,0 +1,76 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+builds:
+  - id: vela-cli
+    binary: vela
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    main: ./references/cmd/cli/main.go
+    ldflags:
+      - -s -w -X github.com/oam-dev/kubevela/version.VelaVersion={{ .Version }} -X github.com/oam-dev/kubevela/version.GitRevision=git-{{.ShortCommit}}
+    env:
+      - CGO_ENABLED=0
+
+  - id: kubectl-vela
+    binary: kubectl-vela
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    main: ./cmd/plugin/main.go
+    ldflags:
+      - -s -w -X github.com/oam-dev/kubevela/version.VelaVersion={{ .Version }} -X github.com/oam-dev/kubevela/version.GitRevision=git-{{.ShortCommit}}
+
+archives:
+  - format: tar.gz
+    id: vela-cli-tgz
+    wrap_in_directory: '{{ .Os }}-{{ .Arch }}'
+    builds:
+      - vela-cli
+    name_template: '{{ trimsuffix .ArtifactName ".exe" }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+    files: [ LICENSE, README.md ]
+  - format: zip
+    id: vela-cli-zip
+    builds:
+      - vela-cli
+    wrap_in_directory: '{{ .Os }}-{{ .Arch }}'
+    name_template: '{{ trimsuffix .ArtifactName ".exe" }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+    files: [ LICENSE, README.md ]
+  - format: tar.gz
+    id: plugin-tgz
+    builds:
+      - kubectl-vela
+    wrap_in_directory: '{{ .Os }}-{{ .Arch }}'
+    name_template: '{{ trimsuffix .ArtifactName ".exe" }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+    files: [ LICENSE, README.md ]
+  - format: zip
+    id: plugin-zip
+    builds:
+      - kubectl-vela
+    wrap_in_directory: '{{ .Os }}-{{ .Arch }}'
+    name_template: '{{ trimsuffix .ArtifactName ".exe" }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+    files: [ LICENSE, README.md ]
+
+checksum:
+  name_template: 'sha256sums.txt'
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj

.krew.yaml

@@ -33,8 +33,8 @@ spec:
         arch: amd64
     {{addURIAndSha "https://github.com/oam-dev/kubevela/releases/download/{{ .TagName }}/kubectl-vela-{{ .TagName }}-windows-amd64.zip" .TagName }}
     files:
-    - from: "*/kubectl-vela"
-      to: "kubectl-vela.exe"
+    - from: "*/kubectl-vela.exe"
+      to: "."
     - from: "*/LICENSE"
       to: "."
     bin: "kubectl-vela.exe"

Dockerfile

@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -34,7 +34,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # You can replace distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
-FROM ${BASE_IMAGE:-alpine:3.15}
+FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 

Dockerfile.apiserver

@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
 WORKDIR /workspace
@@ -32,7 +32,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
-FROM ${BASE_IMAGE:-alpine:3.15}
+FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 

Dockerfile.cli

@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the cli binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
 WORKDIR /workspace
@@ -32,7 +32,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH:-amd64} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
-FROM ${BASE_IMAGE:-alpine:3.15}
+FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 

Dockerfile.e2e

@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -38,7 +38,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
-FROM ${BASE_IMAGE:-alpine:3.15}
+FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 

apis/core.oam.dev/common/types.go

@@ -137,6 +137,9 @@ type Terraform struct {
 
 	// Region is cloud provider's region. It will override the region in the region field of ProviderReference
 	Region string `json:"customRegion,omitempty"`
+
+	// GitCredentialsSecretReference specifies the reference to the secret containing the git credentials
+	GitCredentialsSecretReference *corev1.SecretReference `json:"gitCredentialsSecretReference,omitempty"`
 }
 
 // A WorkloadTypeDescriptor refer to a Workload Type
@@ -333,7 +336,8 @@ type WorkflowStatus struct {
 	Steps          []workflowv1alpha1.WorkflowStepStatus `json:"steps,omitempty"`
 
 	StartTime metav1.Time `json:"startTime,omitempty"`
-	EndTime   metav1.Time `json:"endTime,omitempty"`
+	// +nullable
+	EndTime metav1.Time `json:"endTime,omitempty"`
 }
 
 // DefinitionType describes the type of DefinitionRevision.

apis/core.oam.dev/common/zz_generated.deepcopy.go

@@ -587,6 +587,11 @@ func (in *Terraform) DeepCopyInto(out *Terraform) {
 		*out = new(crossplane_runtime.Reference)
 		**out = **in
 	}
+	if in.GitCredentialsSecretReference != nil {
+		in, out := &in.GitCredentialsSecretReference, &out.GitCredentialsSecretReference
+		*out = new(v1.SecretReference)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Terraform.

apis/core.oam.dev/v1alpha1/register.go

@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	k8sscheme "k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 
 	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
@@ -57,4 +58,5 @@ var (
 func init() {
 	SchemeBuilder.Register(&Policy{}, &PolicyList{})
 	SchemeBuilder.Register(&workflowv1alpha1.Workflow{}, &workflowv1alpha1.WorkflowList{})
+	_ = SchemeBuilder.AddToScheme(k8sscheme.Scheme)
 }

apis/core.oam.dev/v1beta1/applicationrevision_types.go

@@ -135,6 +135,8 @@ type ApplicationRevisionStatus struct {
 	Succeeded bool `json:"succeeded"`
 	// Workflow the running status of the workflow
 	Workflow *common.WorkflowStatus `json:"workflow,omitempty"`
+	// Record the context values to the revision.
+	WorkflowContext map[string]string `json:"workflowContext,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/core.oam.dev/v1beta1/register.go

@@ -20,6 +20,7 @@ import (
 	"reflect"
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	k8sscheme "k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
@@ -133,6 +134,7 @@ func init() {
 	SchemeBuilder.Register(&Application{}, &ApplicationList{})
 	SchemeBuilder.Register(&ApplicationRevision{}, &ApplicationRevisionList{})
 	SchemeBuilder.Register(&ResourceTracker{}, &ResourceTrackerList{})
+	_ = SchemeBuilder.AddToScheme(k8sscheme.Scheme)
 }
 
 // Resource takes an unqualified resource and returns a Group qualified GroupResource

apis/core.oam.dev/v1beta1/resourcetracker_types_test.go

@@ -19,7 +19,7 @@ package v1beta1
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strings"
 	"testing"
 	"time"
@@ -211,7 +211,7 @@ func TestResourceTrackerCompression(t *testing.T) {
 		"../../../legacy/charts/vela-core-legacy/crds/standard.oam.dev_podspecworkloads.yaml",
 	}
 	for _, p := range paths {
-		b, err := ioutil.ReadFile(p)
+		b, err := os.ReadFile(p)
 		r.NoError(err)
 		data = append(data, string(b))
 	}

apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go

@@ -293,6 +293,13 @@ func (in *ApplicationRevisionStatus) DeepCopyInto(out *ApplicationRevisionStatus
 		*out = new(common.WorkflowStatus)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.WorkflowContext != nil {
+		in, out := &in.WorkflowContext, &out.WorkflowContext
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionStatus.

apis/types/componentmanifest.go

@@ -28,9 +28,11 @@ type ComponentManifest struct {
 	RevisionName     string
 	RevisionHash     string
 	ExternalRevision string
+	// StandardWorkload contains K8s resource generated from "output" block of ComponentDefinition
 	StandardWorkload *unstructured.Unstructured
-	Traits           []*unstructured.Unstructured
-	Scopes           []*corev1.ObjectReference
+	// Traits contains both resources generated from "outputs" block of ComponentDefinition and resources generated from TraitDefinition
+	Traits []*unstructured.Unstructured
+	Scopes []*corev1.ObjectReference
 
 	// PackagedWorkloadResources contain all the workload related resources. It could be a Helm
 	// Release, Git Repo or anything that can package and run a workload.

charts/vela-core/README.md

@@ -99,6 +99,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `featureGates.multiStageComponentApply`           | if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply.                                                                                     | `false` |
 | `featureGates.gzipApplicationRevision`            | compress apprev using gzip (good) before being stored. This is reduces network throughput when dealing with huge apprevs.                                                                                                        | `false` |
 | `featureGates.zstdApplicationRevision`            | compress apprev using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge apprevs. Note that zstd will be prioritized if you enable other compression options.                   | `true`  |
+| `featureGates.preDispatchDryRun`                  | enable dryrun before dispatching resources. Enable this flag can help prevent unsuccessful dispatch resources entering resourcetracker and improve the user experiences of gc but at the cost of increasing network requests.    | `true`  |
 
 
 ### MultiCluster parameters
@@ -110,7 +111,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `multicluster.clusterGateway.replicaCount`                  | ClusterGateway replica count                    | `1`                              |
 | `multicluster.clusterGateway.port`                          | ClusterGateway port                             | `9443`                           |
 | `multicluster.clusterGateway.image.repository`              | ClusterGateway image repository                 | `oamdev/cluster-gateway`         |
-| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.4.0`                         |
+| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.7.0`                         |
 | `multicluster.clusterGateway.image.pullPolicy`              | ClusterGateway image pull policy                | `IfNotPresent`                   |
 | `multicluster.clusterGateway.resources.limits.cpu`          | ClusterGateway cpu limit                        | `100m`                           |
 | `multicluster.clusterGateway.resources.limits.memory`       | ClusterGateway memory limit                     | `200Mi`                          |
@@ -149,7 +150,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `kubeClient.qps`              | The qps for reconcile clients, default is 100                                                                              | `100`                |
 | `kubeClient.burst`            | The burst for reconcile clients, default is 200                                                                            | `200`                |
 | `authentication.enabled`      | Enable authentication for application                                                                                      | `false`              |
-| `authentication.withUser`     | Application authentication will impersonate as the request User                                                            | `false`              |
+| `authentication.withUser`     | Application authentication will impersonate as the request User                                                            | `true`               |
 | `authentication.defaultUser`  | Application authentication will impersonate as the User if no user provided in Application                                 | `kubevela:vela-core` |
 | `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern                                  | `kubevela:*`         |
 

charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: applicationrevisions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -214,6 +213,7 @@ spec:
                                         https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                       type: string
                                   type: object
+                                  x-kubernetes-map-type: atomic
                               required:
                               - name
                               type: object
@@ -356,6 +356,7 @@ spec:
                                               info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                             type: string
                                         type: object
+                                        x-kubernetes-map-type: atomic
                                     required:
                                     - name
                                     type: object
@@ -494,39 +495,40 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       components:
                         description: Components record the related Components created
                           by Application Controller
                         items:
-                          description: 'ObjectReference contains enough information
+                          description: "ObjectReference contains enough information
                             to let you inspect or modify the referred object. ---
                             New uses of this type are discouraged because of difficulty
-                            describing its usage when embedded in APIs.  1. Ignored
+                            describing its usage when embedded in APIs. 1. Ignored
                             fields.  It includes many fields which are not generally
                             honored.  For instance, ResourceVersion and FieldPath
-                            are both very rarely valid in actual usage.  2. Invalid
+                            are both very rarely valid in actual usage. 2. Invalid
                             usage help.  It is impossible to add specific help for
                             individual usage.  In most embedded usages, there are
-                            particular     restrictions like, "must refer only to
-                            types A and B" or "UID not honored" or "name must be restricted".     Those
-                            cannot be well described when embedded.  3. Inconsistent
+                            particular restrictions like, \"must refer only to types
+                            A and B\" or \"UID not honored\" or \"name must be restricted\".
+                            Those cannot be well described when embedded. 3. Inconsistent
                             validation.  Because the usages are different, the validation
                             rules are different by usage, which makes it hard for
-                            users to predict what will happen.  4. The fields are
-                            both imprecise and overly precise.  Kind is not a precise
-                            mapping to a URL. This can produce ambiguity     during
-                            interpretation and require a REST mapping.  In most cases,
-                            the dependency is on the group,resource tuple     and
-                            the version of the actual struct is irrelevant.  5. We
-                            cannot easily change it.  Because this type is embedded
-                            in many locations, updates to this type     will affect
-                            numerous schemas.  Don''t make new APIs embed an underspecified
-                            API type they do not control. Instead of using this type,
-                            create a locally provided and used type that is well-focused
-                            on your reference. For example, ServiceReferences for
-                            admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                            .'
+                            users to predict what will happen. 4. The fields are both
+                            imprecise and overly precise.  Kind is not a precise mapping
+                            to a URL. This can produce ambiguity during interpretation
+                            and require a REST mapping.  In most cases, the dependency
+                            is on the group,resource tuple and the version of the
+                            actual struct is irrelevant. 5. We cannot easily change
+                            it.  Because this type is embedded in many locations,
+                            updates to this type will affect numerous schemas.  Don't
+                            make new APIs embed an underspecified API type they do
+                            not control. \n Instead of using this type, create a locally
+                            provided and used type that is well-focused on your reference.
+                            For example, ServiceReferences for admission registration:
+                            https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                            ."
                           properties:
                             apiVersion:
                               description: API version of the referent.
@@ -563,6 +565,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       conditions:
                         description: Conditions of the resource.
@@ -659,37 +662,37 @@ spec:
                               type: string
                             scopes:
                               items:
-                                description: 'ObjectReference contains enough information
+                                description: "ObjectReference contains enough information
                                   to let you inspect or modify the referred object.
                                   --- New uses of this type are discouraged because
                                   of difficulty describing its usage when embedded
-                                  in APIs.  1. Ignored fields.  It includes many fields
+                                  in APIs. 1. Ignored fields.  It includes many fields
                                   which are not generally honored.  For instance,
                                   ResourceVersion and FieldPath are both very rarely
-                                  valid in actual usage.  2. Invalid usage help.  It
+                                  valid in actual usage. 2. Invalid usage help.  It
                                   is impossible to add specific help for individual
-                                  usage.  In most embedded usages, there are particular     restrictions
-                                  like, "must refer only to types A and B" or "UID
-                                  not honored" or "name must be restricted".     Those
-                                  cannot be well described when embedded.  3. Inconsistent
-                                  validation.  Because the usages are different, the
-                                  validation rules are different by usage, which makes
-                                  it hard for users to predict what will happen.  4.
-                                  The fields are both imprecise and overly precise.  Kind
-                                  is not a precise mapping to a URL. This can produce
-                                  ambiguity     during interpretation and require
-                                  a REST mapping.  In most cases, the dependency is
-                                  on the group,resource tuple     and the version
-                                  of the actual struct is irrelevant.  5. We cannot
-                                  easily change it.  Because this type is embedded
-                                  in many locations, updates to this type     will
-                                  affect numerous schemas.  Don''t make new APIs embed
-                                  an underspecified API type they do not control.
+                                  usage.  In most embedded usages, there are particular
+                                  restrictions like, \"must refer only to types A
+                                  and B\" or \"UID not honored\" or \"name must be
+                                  restricted\". Those cannot be well described when
+                                  embedded. 3. Inconsistent validation.  Because the
+                                  usages are different, the validation rules are different
+                                  by usage, which makes it hard for users to predict
+                                  what will happen. 4. The fields are both imprecise
+                                  and overly precise.  Kind is not a precise mapping
+                                  to a URL. This can produce ambiguity during interpretation
+                                  and require a REST mapping.  In most cases, the
+                                  dependency is on the group,resource tuple and the
+                                  version of the actual struct is irrelevant. 5. We
+                                  cannot easily change it.  Because this type is embedded
+                                  in many locations, updates to this type will affect
+                                  numerous schemas.  Don't make new APIs embed an
+                                  underspecified API type they do not control. \n
                                   Instead of using this type, create a locally provided
                                   and used type that is well-focused on your reference.
                                   For example, ServiceReferences for admission registration:
                                   https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                  .'
+                                  ."
                                 properties:
                                   apiVersion:
                                     description: API version of the referent.
@@ -732,6 +735,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                               type: array
                             traits:
                               items:
@@ -776,35 +780,34 @@ spec:
                           appRevision:
                             type: string
                           contextBackend:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -842,8 +845,10 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                           endTime:
                             format: date-time
+                            nullable: true
                             type: string
                           finished:
                             type: boolean
@@ -1145,6 +1150,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -1580,6 +1600,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -1913,6 +1948,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -2120,7 +2170,6 @@ spec:
                                     type: string
                                 required:
                                 - from
-                                - parameterKey
                                 type: object
                               type: array
                             name:
@@ -2242,7 +2291,6 @@ spec:
                                         type: string
                                     required:
                                     - from
-                                    - parameterKey
                                     type: object
                                   type: array
                                 meta:
@@ -2299,7 +2347,6 @@ spec:
                                               type: string
                                           required:
                                           - from
-                                          - parameterKey
                                           type: object
                                         type: array
                                       meta:
@@ -2341,7 +2388,6 @@ spec:
                                           step.
                                         type: string
                                     required:
-                                    - name
                                     - type
                                     type: object
                                   type: array
@@ -2352,7 +2398,6 @@ spec:
                                   description: Type is the type of the workflow step.
                                   type: string
                               required:
-                              - name
                               - type
                               type: object
                             type: array
@@ -2409,39 +2454,40 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       components:
                         description: Components record the related Components created
                           by Application Controller
                         items:
-                          description: 'ObjectReference contains enough information
+                          description: "ObjectReference contains enough information
                             to let you inspect or modify the referred object. ---
                             New uses of this type are discouraged because of difficulty
-                            describing its usage when embedded in APIs.  1. Ignored
+                            describing its usage when embedded in APIs. 1. Ignored
                             fields.  It includes many fields which are not generally
                             honored.  For instance, ResourceVersion and FieldPath
-                            are both very rarely valid in actual usage.  2. Invalid
+                            are both very rarely valid in actual usage. 2. Invalid
                             usage help.  It is impossible to add specific help for
                             individual usage.  In most embedded usages, there are
-                            particular     restrictions like, "must refer only to
-                            types A and B" or "UID not honored" or "name must be restricted".     Those
-                            cannot be well described when embedded.  3. Inconsistent
+                            particular restrictions like, \"must refer only to types
+                            A and B\" or \"UID not honored\" or \"name must be restricted\".
+                            Those cannot be well described when embedded. 3. Inconsistent
                             validation.  Because the usages are different, the validation
                             rules are different by usage, which makes it hard for
-                            users to predict what will happen.  4. The fields are
-                            both imprecise and overly precise.  Kind is not a precise
-                            mapping to a URL. This can produce ambiguity     during
-                            interpretation and require a REST mapping.  In most cases,
-                            the dependency is on the group,resource tuple     and
-                            the version of the actual struct is irrelevant.  5. We
-                            cannot easily change it.  Because this type is embedded
-                            in many locations, updates to this type     will affect
-                            numerous schemas.  Don''t make new APIs embed an underspecified
-                            API type they do not control. Instead of using this type,
-                            create a locally provided and used type that is well-focused
-                            on your reference. For example, ServiceReferences for
-                            admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                            .'
+                            users to predict what will happen. 4. The fields are both
+                            imprecise and overly precise.  Kind is not a precise mapping
+                            to a URL. This can produce ambiguity during interpretation
+                            and require a REST mapping.  In most cases, the dependency
+                            is on the group,resource tuple and the version of the
+                            actual struct is irrelevant. 5. We cannot easily change
+                            it.  Because this type is embedded in many locations,
+                            updates to this type will affect numerous schemas.  Don't
+                            make new APIs embed an underspecified API type they do
+                            not control. \n Instead of using this type, create a locally
+                            provided and used type that is well-focused on your reference.
+                            For example, ServiceReferences for admission registration:
+                            https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                            ."
                           properties:
                             apiVersion:
                               description: API version of the referent.
@@ -2478,6 +2524,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       conditions:
                         description: Conditions of the resource.
@@ -2574,37 +2621,37 @@ spec:
                               type: string
                             scopes:
                               items:
-                                description: 'ObjectReference contains enough information
+                                description: "ObjectReference contains enough information
                                   to let you inspect or modify the referred object.
                                   --- New uses of this type are discouraged because
                                   of difficulty describing its usage when embedded
-                                  in APIs.  1. Ignored fields.  It includes many fields
+                                  in APIs. 1. Ignored fields.  It includes many fields
                                   which are not generally honored.  For instance,
                                   ResourceVersion and FieldPath are both very rarely
-                                  valid in actual usage.  2. Invalid usage help.  It
+                                  valid in actual usage. 2. Invalid usage help.  It
                                   is impossible to add specific help for individual
-                                  usage.  In most embedded usages, there are particular     restrictions
-                                  like, "must refer only to types A and B" or "UID
-                                  not honored" or "name must be restricted".     Those
-                                  cannot be well described when embedded.  3. Inconsistent
-                                  validation.  Because the usages are different, the
-                                  validation rules are different by usage, which makes
-                                  it hard for users to predict what will happen.  4.
-                                  The fields are both imprecise and overly precise.  Kind
-                                  is not a precise mapping to a URL. This can produce
-                                  ambiguity     during interpretation and require
-                                  a REST mapping.  In most cases, the dependency is
-                                  on the group,resource tuple     and the version
-                                  of the actual struct is irrelevant.  5. We cannot
-                                  easily change it.  Because this type is embedded
-                                  in many locations, updates to this type     will
-                                  affect numerous schemas.  Don''t make new APIs embed
-                                  an underspecified API type they do not control.
+                                  usage.  In most embedded usages, there are particular
+                                  restrictions like, \"must refer only to types A
+                                  and B\" or \"UID not honored\" or \"name must be
+                                  restricted\". Those cannot be well described when
+                                  embedded. 3. Inconsistent validation.  Because the
+                                  usages are different, the validation rules are different
+                                  by usage, which makes it hard for users to predict
+                                  what will happen. 4. The fields are both imprecise
+                                  and overly precise.  Kind is not a precise mapping
+                                  to a URL. This can produce ambiguity during interpretation
+                                  and require a REST mapping.  In most cases, the
+                                  dependency is on the group,resource tuple and the
+                                  version of the actual struct is irrelevant. 5. We
+                                  cannot easily change it.  Because this type is embedded
+                                  in many locations, updates to this type will affect
+                                  numerous schemas.  Don't make new APIs embed an
+                                  underspecified API type they do not control. \n
                                   Instead of using this type, create a locally provided
                                   and used type that is well-focused on your reference.
                                   For example, ServiceReferences for admission registration:
                                   https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                  .'
+                                  ."
                                 properties:
                                   apiVersion:
                                     description: API version of the referent.
@@ -2647,6 +2694,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                               type: array
                             traits:
                               items:
@@ -2691,35 +2739,34 @@ spec:
                           appRevision:
                             type: string
                           contextBackend:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -2757,8 +2804,10 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                           endTime:
                             format: date-time
+                            nullable: true
                             type: string
                           finished:
                             type: boolean
@@ -3053,6 +3102,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -3423,6 +3487,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -3850,6 +3929,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -4053,7 +4147,6 @@ spec:
                                 type: string
                             required:
                             - from
-                            - parameterKey
                             type: object
                           type: array
                         meta:
@@ -4105,7 +4198,6 @@ spec:
                                       type: string
                                   required:
                                   - from
-                                  - parameterKey
                                   type: object
                                 type: array
                               meta:
@@ -4143,7 +4235,6 @@ spec:
                                 description: Type is the type of the workflow step.
                                 type: string
                             required:
-                            - name
                             - type
                             type: object
                           type: array
@@ -4154,7 +4245,6 @@ spec:
                           description: Type is the type of the workflow step.
                           type: string
                       required:
-                      - name
                       - type
                       type: object
                     type: array
@@ -4323,6 +4413,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -4639,6 +4744,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -4762,31 +4882,31 @@ spec:
                   appRevision:
                     type: string
                   contextBackend:
-                    description: 'ObjectReference contains enough information to let
+                    description: "ObjectReference contains enough information to let
                       you inspect or modify the referred object. --- New uses of this
                       type are discouraged because of difficulty describing its usage
-                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      when embedded in APIs. 1. Ignored fields.  It includes many
                       fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage.  2.
+                      and FieldPath are both very rarely valid in actual usage. 2.
                       Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular     restrictions
-                      like, "must refer only to types A and B" or "UID not honored"
-                      or "name must be restricted".     Those cannot be well described
-                      when embedded.  3. Inconsistent validation.  Because the usages
-                      are different, the validation rules are different by usage,
-                      which makes it hard for users to predict what will happen.  4.
-                      The fields are both imprecise and overly precise.  Kind is not
-                      a precise mapping to a URL. This can produce ambiguity     during
-                      interpretation and require a REST mapping.  In most cases, the
-                      dependency is on the group,resource tuple     and the version
-                      of the actual struct is irrelevant.  5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
                       it.  Because this type is embedded in many locations, updates
-                      to this type     will affect numerous schemas.  Don''t make
-                      new APIs embed an underspecified API type they do not control.
-                      Instead of using this type, create a locally provided and used
-                      type that is well-focused on your reference. For example, ServiceReferences
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
                       for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      .'
+                      ."
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -4821,8 +4941,10 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   endTime:
                     format: date-time
+                    nullable: true
                     type: string
                   finished:
                     type: boolean
@@ -4923,6 +5045,11 @@ spec:
                 - suspend
                 - terminated
                 type: object
+              workflowContext:
+                additionalProperties:
+                  type: string
+                description: Record the context values to the revision.
+                type: object
             required:
             - succeeded
             type: object
@@ -4931,9 +5058,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_applications.yaml

@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: vela-system/kubevela-vela-core-root-cert
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: applications.core.oam.dev
 spec:
   group: core.oam.dev
@@ -178,6 +178,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                       required:
                       - name
                       type: object
@@ -312,6 +313,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                             required:
                             - name
                             type: object
@@ -445,36 +447,37 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               components:
                 description: Components record the related Components created by Application
                   Controller
                 items:
-                  description: 'ObjectReference contains enough information to let
+                  description: "ObjectReference contains enough information to let
                     you inspect or modify the referred object. --- New uses of this
                     type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
                     which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
                     are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
+                    makes it hard for users to predict what will happen. 4. The fields
                     are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
+                    mapping to a URL. This can produce ambiguity during interpretation
                     and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
                     a locally provided and used type that is well-focused on your
                     reference. For example, ServiceReferences for admission registration:
                     https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                    ."
                   properties:
                     apiVersion:
                       description: API version of the referent.
@@ -509,6 +512,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               conditions:
                 description: Conditions of the resource.
@@ -601,33 +605,33 @@ spec:
                       type: string
                     scopes:
                       items:
-                        description: 'ObjectReference contains enough information
+                        description: "ObjectReference contains enough information
                           to let you inspect or modify the referred object. --- New
                           uses of this type are discouraged because of difficulty
-                          describing its usage when embedded in APIs.  1. Ignored
-                          fields.  It includes many fields which are not generally
-                          honored.  For instance, ResourceVersion and FieldPath are
-                          both very rarely valid in actual usage.  2. Invalid usage
-                          help.  It is impossible to add specific help for individual
-                          usage.  In most embedded usages, there are particular     restrictions
-                          like, "must refer only to types A and B" or "UID not honored"
-                          or "name must be restricted".     Those cannot be well described
-                          when embedded.  3. Inconsistent validation.  Because the
-                          usages are different, the validation rules are different
-                          by usage, which makes it hard for users to predict what
-                          will happen.  4. The fields are both imprecise and overly
-                          precise.  Kind is not a precise mapping to a URL. This can
-                          produce ambiguity     during interpretation and require
-                          a REST mapping.  In most cases, the dependency is on the
-                          group,resource tuple     and the version of the actual struct
-                          is irrelevant.  5. We cannot easily change it.  Because
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
                           this type is embedded in many locations, updates to this
-                          type     will affect numerous schemas.  Don''t make new
-                          APIs embed an underspecified API type they do not control.
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
                           Instead of using this type, create a locally provided and
                           used type that is well-focused on your reference. For example,
                           ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                          .'
+                          ."
                         properties:
                           apiVersion:
                             description: API version of the referent.
@@ -663,6 +667,7 @@ spec:
                             description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                             type: string
                         type: object
+                        x-kubernetes-map-type: atomic
                       type: array
                     traits:
                       items:
@@ -707,31 +712,31 @@ spec:
                   appRevision:
                     type: string
                   contextBackend:
-                    description: 'ObjectReference contains enough information to let
+                    description: "ObjectReference contains enough information to let
                       you inspect or modify the referred object. --- New uses of this
                       type are discouraged because of difficulty describing its usage
-                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      when embedded in APIs. 1. Ignored fields.  It includes many
                       fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage.  2.
+                      and FieldPath are both very rarely valid in actual usage. 2.
                       Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular     restrictions
-                      like, "must refer only to types A and B" or "UID not honored"
-                      or "name must be restricted".     Those cannot be well described
-                      when embedded.  3. Inconsistent validation.  Because the usages
-                      are different, the validation rules are different by usage,
-                      which makes it hard for users to predict what will happen.  4.
-                      The fields are both imprecise and overly precise.  Kind is not
-                      a precise mapping to a URL. This can produce ambiguity     during
-                      interpretation and require a REST mapping.  In most cases, the
-                      dependency is on the group,resource tuple     and the version
-                      of the actual struct is irrelevant.  5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
                       it.  Because this type is embedded in many locations, updates
-                      to this type     will affect numerous schemas.  Don''t make
-                      new APIs embed an underspecified API type they do not control.
-                      Instead of using this type, create a locally provided and used
-                      type that is well-focused on your reference. For example, ServiceReferences
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
                       for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      .'
+                      ."
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -766,8 +771,10 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   endTime:
                     format: date-time
+                    nullable: true
                     type: string
                   finished:
                     type: boolean
@@ -934,7 +941,6 @@ spec:
                             type: string
                         required:
                         - from
-                        - parameterKey
                         type: object
                       type: array
                     name:
@@ -1051,7 +1057,6 @@ spec:
                                 type: string
                             required:
                             - from
-                            - parameterKey
                             type: object
                           type: array
                         meta:
@@ -1103,7 +1108,6 @@ spec:
                                       type: string
                                   required:
                                   - from
-                                  - parameterKey
                                   type: object
                                 type: array
                               meta:
@@ -1141,7 +1145,6 @@ spec:
                                 description: Type is the type of the workflow step.
                                 type: string
                             required:
-                            - name
                             - type
                             type: object
                           type: array
@@ -1152,7 +1155,6 @@ spec:
                           description: Type is the type of the workflow step.
                           type: string
                       required:
-                      - name
                       - type
                       type: object
                     type: array
@@ -1207,36 +1209,37 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               components:
                 description: Components record the related Components created by Application
                   Controller
                 items:
-                  description: 'ObjectReference contains enough information to let
+                  description: "ObjectReference contains enough information to let
                     you inspect or modify the referred object. --- New uses of this
                     type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
                     which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
                     are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
+                    makes it hard for users to predict what will happen. 4. The fields
                     are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
+                    mapping to a URL. This can produce ambiguity during interpretation
                     and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
                     a locally provided and used type that is well-focused on your
                     reference. For example, ServiceReferences for admission registration:
                     https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                    ."
                   properties:
                     apiVersion:
                       description: API version of the referent.
@@ -1271,6 +1274,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               conditions:
                 description: Conditions of the resource.
@@ -1363,33 +1367,33 @@ spec:
                       type: string
                     scopes:
                       items:
-                        description: 'ObjectReference contains enough information
+                        description: "ObjectReference contains enough information
                           to let you inspect or modify the referred object. --- New
                           uses of this type are discouraged because of difficulty
-                          describing its usage when embedded in APIs.  1. Ignored
-                          fields.  It includes many fields which are not generally
-                          honored.  For instance, ResourceVersion and FieldPath are
-                          both very rarely valid in actual usage.  2. Invalid usage
-                          help.  It is impossible to add specific help for individual
-                          usage.  In most embedded usages, there are particular     restrictions
-                          like, "must refer only to types A and B" or "UID not honored"
-                          or "name must be restricted".     Those cannot be well described
-                          when embedded.  3. Inconsistent validation.  Because the
-                          usages are different, the validation rules are different
-                          by usage, which makes it hard for users to predict what
-                          will happen.  4. The fields are both imprecise and overly
-                          precise.  Kind is not a precise mapping to a URL. This can
-                          produce ambiguity     during interpretation and require
-                          a REST mapping.  In most cases, the dependency is on the
-                          group,resource tuple     and the version of the actual struct
-                          is irrelevant.  5. We cannot easily change it.  Because
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
                           this type is embedded in many locations, updates to this
-                          type     will affect numerous schemas.  Don''t make new
-                          APIs embed an underspecified API type they do not control.
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
                           Instead of using this type, create a locally provided and
                           used type that is well-focused on your reference. For example,
                           ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                          .'
+                          ."
                         properties:
                           apiVersion:
                             description: API version of the referent.
@@ -1425,6 +1429,7 @@ spec:
                             description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                             type: string
                         type: object
+                        x-kubernetes-map-type: atomic
                       type: array
                     traits:
                       items:
@@ -1469,31 +1474,31 @@ spec:
                   appRevision:
                     type: string
                   contextBackend:
-                    description: 'ObjectReference contains enough information to let
+                    description: "ObjectReference contains enough information to let
                       you inspect or modify the referred object. --- New uses of this
                       type are discouraged because of difficulty describing its usage
-                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      when embedded in APIs. 1. Ignored fields.  It includes many
                       fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage.  2.
+                      and FieldPath are both very rarely valid in actual usage. 2.
                       Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular     restrictions
-                      like, "must refer only to types A and B" or "UID not honored"
-                      or "name must be restricted".     Those cannot be well described
-                      when embedded.  3. Inconsistent validation.  Because the usages
-                      are different, the validation rules are different by usage,
-                      which makes it hard for users to predict what will happen.  4.
-                      The fields are both imprecise and overly precise.  Kind is not
-                      a precise mapping to a URL. This can produce ambiguity     during
-                      interpretation and require a REST mapping.  In most cases, the
-                      dependency is on the group,resource tuple     and the version
-                      of the actual struct is irrelevant.  5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
                       it.  Because this type is embedded in many locations, updates
-                      to this type     will affect numerous schemas.  Don''t make
-                      new APIs embed an underspecified API type they do not control.
-                      Instead of using this type, create a locally provided and used
-                      type that is well-focused on your reference. For example, ServiceReferences
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
                       for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      .'
+                      ."
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -1528,8 +1533,10 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   endTime:
                     format: date-time
+                    nullable: true
                     type: string
                   finished:
                     type: boolean
@@ -1636,9 +1643,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: componentdefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -188,6 +187,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -501,6 +514,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -645,9 +672,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: definitionrevisions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -233,6 +232,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -550,6 +563,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -868,6 +895,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -1161,6 +1202,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -1279,9 +1334,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_healthscopes.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: healthscopes.core.oam.dev
 spec:
   group: core.oam.dev
@@ -59,36 +58,36 @@ spec:
                             type: string
                           traits:
                             items:
-                              description: 'ObjectReference contains enough information
+                              description: "ObjectReference contains enough information
                                 to let you inspect or modify the referred object.
                                 --- New uses of this type are discouraged because
                                 of difficulty describing its usage when embedded in
-                                APIs.  1. Ignored fields.  It includes many fields
+                                APIs. 1. Ignored fields.  It includes many fields
                                 which are not generally honored.  For instance, ResourceVersion
                                 and FieldPath are both very rarely valid in actual
-                                usage.  2. Invalid usage help.  It is impossible to
+                                usage. 2. Invalid usage help.  It is impossible to
                                 add specific help for individual usage.  In most embedded
-                                usages, there are particular     restrictions like,
-                                "must refer only to types A and B" or "UID not honored"
-                                or "name must be restricted".     Those cannot be
-                                well described when embedded.  3. Inconsistent validation.  Because
-                                the usages are different, the validation rules are
-                                different by usage, which makes it hard for users
-                                to predict what will happen.  4. The fields are both
-                                imprecise and overly precise.  Kind is not a precise
-                                mapping to a URL. This can produce ambiguity     during
-                                interpretation and require a REST mapping.  In most
-                                cases, the dependency is on the group,resource tuple     and
-                                the version of the actual struct is irrelevant.  5.
-                                We cannot easily change it.  Because this type is
-                                embedded in many locations, updates to this type     will
-                                affect numerous schemas.  Don''t make new APIs embed
-                                an underspecified API type they do not control. Instead
-                                of using this type, create a locally provided and
-                                used type that is well-focused on your reference.
+                                usages, there are particular restrictions like, \"must
+                                refer only to types A and B\" or \"UID not honored\"
+                                or \"name must be restricted\". Those cannot be well
+                                described when embedded. 3. Inconsistent validation.
+                                \ Because the usages are different, the validation
+                                rules are different by usage, which makes it hard
+                                for users to predict what will happen. 4. The fields
+                                are both imprecise and overly precise.  Kind is not
+                                a precise mapping to a URL. This can produce ambiguity
+                                during interpretation and require a REST mapping.
+                                \ In most cases, the dependency is on the group,resource
+                                tuple and the version of the actual struct is irrelevant.
+                                5. We cannot easily change it.  Because this type
+                                is embedded in many locations, updates to this type
+                                will affect numerous schemas.  Don't make new APIs
+                                embed an underspecified API type they do not control.
+                                \n Instead of using this type, create a locally provided
+                                and used type that is well-focused on your reference.
                                 For example, ServiceReferences for admission registration:
                                 https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                .'
+                                ."
                               properties:
                                 apiVersion:
                                   description: API version of the referent.
@@ -127,37 +126,37 @@ spec:
                                   description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                   type: string
                               type: object
+                              x-kubernetes-map-type: atomic
                             type: array
                           workload:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -195,6 +194,7 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                         type: object
                       type: array
                   type: object
@@ -213,31 +213,31 @@ spec:
                 description: WorkloadReferences to the workloads that are in this
                   scope.
                 items:
-                  description: 'ObjectReference contains enough information to let
+                  description: "ObjectReference contains enough information to let
                     you inspect or modify the referred object. --- New uses of this
                     type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
                     which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
                     are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
+                    makes it hard for users to predict what will happen. 4. The fields
                     are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
+                    mapping to a URL. This can produce ambiguity during interpretation
                     and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
                     a locally provided and used type that is well-focused on your
                     reference. For example, ServiceReferences for admission registration:
                     https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                    ."
                   properties:
                     apiVersion:
                       description: API version of the referent.
@@ -272,6 +272,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
             required:
             - workloadRefs
@@ -305,35 +306,34 @@ spec:
                             description: HealthStatus represents health status strings.
                             type: string
                           targetWorkload:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -371,6 +371,7 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                           traits:
                             items:
                               description: TraitHealthCondition represents informative
@@ -461,32 +462,32 @@ spec:
                       description: HealthStatus represents health status strings.
                       type: string
                     targetWorkload:
-                      description: 'ObjectReference contains enough information to
+                      description: "ObjectReference contains enough information to
                         let you inspect or modify the referred object. --- New uses
                         of this type are discouraged because of difficulty describing
-                        its usage when embedded in APIs.  1. Ignored fields.  It includes
+                        its usage when embedded in APIs. 1. Ignored fields.  It includes
                         many fields which are not generally honored.  For instance,
                         ResourceVersion and FieldPath are both very rarely valid in
-                        actual usage.  2. Invalid usage help.  It is impossible to
+                        actual usage. 2. Invalid usage help.  It is impossible to
                         add specific help for individual usage.  In most embedded
-                        usages, there are particular     restrictions like, "must
-                        refer only to types A and B" or "UID not honored" or "name
-                        must be restricted".     Those cannot be well described when
-                        embedded.  3. Inconsistent validation.  Because the usages
-                        are different, the validation rules are different by usage,
-                        which makes it hard for users to predict what will happen.  4.
-                        The fields are both imprecise and overly precise.  Kind is
-                        not a precise mapping to a URL. This can produce ambiguity     during
-                        interpretation and require a REST mapping.  In most cases,
-                        the dependency is on the group,resource tuple     and the
-                        version of the actual struct is irrelevant.  5. We cannot
-                        easily change it.  Because this type is embedded in many locations,
-                        updates to this type     will affect numerous schemas.  Don''t
-                        make new APIs embed an underspecified API type they do not
-                        control. Instead of using this type, create a locally provided
-                        and used type that is well-focused on your reference. For
-                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                        .'
+                        usages, there are particular restrictions like, \"must refer
+                        only to types A and B\" or \"UID not honored\" or \"name must
+                        be restricted\". Those cannot be well described when embedded.
+                        3. Inconsistent validation.  Because the usages are different,
+                        the validation rules are different by usage, which makes it
+                        hard for users to predict what will happen. 4. The fields
+                        are both imprecise and overly precise.  Kind is not a precise
+                        mapping to a URL. This can produce ambiguity during interpretation
+                        and require a REST mapping.  In most cases, the dependency
+                        is on the group,resource tuple and the version of the actual
+                        struct is irrelevant. 5. We cannot easily change it.  Because
+                        this type is embedded in many locations, updates to this type
+                        will affect numerous schemas.  Don't make new APIs embed an
+                        underspecified API type they do not control. \n Instead of
+                        using this type, create a locally provided and used type that
+                        is well-focused on your reference. For example, ServiceReferences
+                        for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                        ."
                       properties:
                         apiVersion:
                           description: API version of the referent.
@@ -522,6 +523,7 @@ spec:
                           description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                           type: string
                       type: object
+                      x-kubernetes-map-type: atomic
                     traits:
                       items:
                         description: TraitHealthCondition represents informative health
@@ -582,9 +584,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_policies.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: policies.core.oam.dev
 spec:
   group: core.oam.dev
@@ -49,9 +48,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_policydefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: policydefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -161,6 +160,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -271,9 +284,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: resourcetrackers.core.oam.dev
 spec:
   group: core.oam.dev
@@ -123,6 +122,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               type:
                 description: ResourceTrackerType defines the type of resourceTracker
@@ -177,6 +177,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
             type: object
         type: object
@@ -184,9 +185,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_scopedefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: scopedefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -145,9 +144,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: traitdefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -197,6 +196,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -511,6 +524,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -644,9 +671,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: workflowstepdefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -158,6 +157,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -268,9 +281,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: workloaddefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -202,6 +201,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -492,6 +505,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -596,9 +623,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/standard.oam.dev_rollouts.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: rollouts.standard.oam.dev
 spec:
   group: standard.oam.dev
@@ -140,6 +139,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                       required:
                       - name
                       type: object
@@ -274,6 +274,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                             required:
                             - name
                             type: object
@@ -474,9 +475,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/templates/cluster-gateway/cluster-gateway.yaml

@@ -32,6 +32,7 @@ spec:
             - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
             - "--secret-namespace={{ .Release.Namespace }}"
             - "--feature-gates=APIPriorityAndFairness=false,ClientIdentityPenetration={{ .Values.authentication.enabled }}"
+            - "--cluster-gateway-proxy-config=/etc/proxy-config/config.yaml"
             {{- if .Values.multicluster.clusterGateway.secureTLS.enabled }}
             - "--tls-cert-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.crt"
             - "--tls-private-key-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.key"
@@ -42,14 +43,20 @@ spec:
           {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
           ports:
             - containerPort: {{ .Values.multicluster.clusterGateway.port }}
-          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
           volumeMounts:
+            - mountPath: /etc/proxy-config
+              name: proxy-config
+          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
             - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
               name: tls-cert-vol
               readOnly: true
           {{- end }}
-      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
       volumes:
+        - configMap:
+            defaultMode: 420
+            name: {{ .Release.Name }}-cluster-gateway-proxy-config
+          name: proxy-config
+      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
         - name: tls-cert-vol
           secret:
             defaultMode: 420
@@ -74,6 +81,23 @@ spec:
       maxUnavailable: 1
 ---
 apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-cluster-gateway-proxy-config
+  namespace: {{ .Release.Namespace }}
+data:
+  config.yaml: |
+    apiVersion: cluster.core.oam.dev/v1alpha1
+    kind: ClusterGatewayProxyConfiguration
+    spec:
+      clientIdentityExchanger:
+        rules:
+          - name: super-user
+            source:
+              group: kubevela:ux
+            type: PrivilegedIdentityExchanger
+---
+apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Release.Name }}-cluster-gateway-service

charts/vela-core/templates/defwithtemplate/apply-component.yaml

@@ -7,7 +7,6 @@ metadata:
     definition.oam.dev/description: Apply a specific component and its corresponding traits in application
   labels:
     custom.definition.oam.dev/scope: Application
-    custom.definition.oam.dev/ui-hidden: "true"
   name: apply-component
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml

@@ -116,7 +116,7 @@ spec:
         #ECProvider: {
         	type:   "ec"
         	apiKey: *"" | string
-        	name:   "ec-provider" | string
+        	name:   *"ec-provider" | string
         }
         #GCPProvider: {
         	credentials: string

charts/vela-core/templates/defwithtemplate/build-push-image.yaml

@@ -19,7 +19,15 @@ spec:
         	"strings"
         )
 
-        url:    strings.TrimPrefix(strings.TrimPrefix(parameter.git, "https://"), "http://")
+        url: {
+        	if parameter.context.git != _|_ {
+        		address: strings.TrimPrefix(parameter.context.git, "git://")
+        		value:   "git://\(address)#refs/heads/\(parameter.context.branch)"
+        	}
+        	if parameter.context.git == _|_ {
+        		value: parameter.context
+        	}
+        }
         kaniko: op.#Apply & {
         	value: {
         		apiVersion: "v1"
@@ -33,9 +41,15 @@ spec:
         				{
         					args: [
         						"--dockerfile=\(parameter.dockerfile)",
-        						"--context=git://\(url)#refs/heads/\(parameter.branch)",
+        						"--context=\(url.value)",
         						"--destination=\(parameter.image)",
         						"--verbosity=\(parameter.verbosity)",
+        						if parameter.platform != _|_ {
+        							"--customPlatform=\(parameter.platform)"
+        						},
+        						if parameter.buildArgs != _|_ for arg in parameter.buildArgs {
+        							"--build-arg=\(arg)"
+        						},
         					]
         					image: parameter.kanikoExecutor
         					name:  "kaniko"
@@ -104,22 +118,41 @@ spec:
         	name: string
         	key:  string
         }
+        #git: {
+        	git:    string
+        	branch: *"master" | string
+        }
         parameter: {
-        	kanikoExecutor: *"gcr.io/kaniko-project/executor:latest" | string
-        	git:            string
-        	branch:         *"master" | string
-        	dockerfile:     *"./Dockerfile" | string
-        	image:          string
+        	// +usage=Specify the kaniko executor image, default to oamdev/kaniko-executor:v1.9.1
+        	kanikoExecutor: *"oamdev/kaniko-executor:v1.9.1" | string
+        	// +usage=Specify the context to build image, you can use context with git and branch or directly specify the context, please refer to https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts
+        	context: #git | string
+        	// +usage=Specify the dockerfile
+        	dockerfile: *"./Dockerfile" | string
+        	// +usage=Specify the image
+        	image: string
+        	// +usage=Specify the platform to build
+        	platform?: string
+        	// +usage=Specify the build args
+        	buildArgs?: [...string]
+        	// +usage=Specify the credentials to access git and image registry
         	credentials?: {
+        		// +usage=Specify the credentials to access git
         		git?: {
+        			// +usage=Specify the secret name
         			name: string
-        			key:  string
+        			// +usage=Specify the secret key
+        			key: string
         		}
+        		// +usage=Specify the credentials to access image registry
         		image?: {
+        			// +usage=Specify the secret name
         			name: string
-        			key:  *".dockerconfigjson" | string
+        			// +usage=Specify the secret key
+        			key: *".dockerconfigjson" | string
         		}
         	}
+        	// +usage=Specify the verbosity level
         	verbosity: *"info" | "panic" | "fatal" | "error" | "warn" | "debug" | "trace"
         }
 

charts/vela-core/templates/defwithtemplate/clean-jobs.yaml

@@ -15,18 +15,21 @@ spec:
         	"vela/op"
         )
 
-        parameter: labelselector?: {...}
+        parameter: {
+        	labelselector?: {...}
+        	namespace: *context.namespace | string
+        }
         cleanJobs: op.#Delete & {
         	value: {
         		apiVersion: "batch/v1"
         		kind:       "Job"
         		metadata: {
         			name:      context.name
-        			namespace: context.namespace
+        			namespace: parameter.namespace
         		}
         	}
         	filter: {
-        		namespace: context.namespace
+        		namespace: parameter.namespace
         		if parameter.labelselector != _|_ {
         			matchingLabels: parameter.labelselector
         		}
@@ -41,11 +44,11 @@ spec:
         		kind:       "pod"
         		metadata: {
         			name:      context.name
-        			namespace: context.namespace
+        			namespace: parameter.namespace
         		}
         	}
         	filter: {
-        		namespace: context.namespace
+        		namespace: parameter.namespace
         		if parameter.labelselector != _|_ {
         			matchingLabels: parameter.labelselector
         		}

charts/vela-core/templates/defwithtemplate/container-image.yaml

@@ -72,7 +72,7 @@ spec:
         		}]
         	}
         }
-        parameter: *#PatchParams | close({
+        parameter: #PatchParams | close({
         	// +usage=Specify the container image for multiple containers
         	containers: [...#PatchParams]
         })

charts/vela-core/templates/defwithtemplate/depends-on-app.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Wait for the specified Application to complete.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: depends-on-app
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/export2config.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Export data to specified Kubernetes ConfigMap in your workflow.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: export2config
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/export2secret.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Export data to Kubernetes Secret in your workflow.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: export2secret
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/expose.yaml

@@ -53,7 +53,10 @@ spec:
       }
       if service.spec.type == "LoadBalancer" {
       	status: service.status
-      	isHealth: status != _|_ && status.loadBalancer != _|_ && status.loadBalancer.ingress != _|_ && len(status.loadBalancer.ingress) > 0
+      	isHealth: *false | bool
+      	if status != _|_ if status.loadBalancer != _|_ if status.loadBalancer.ingress != _|_ if len(status.loadBalancer.ingress) > 0 if status.loadBalancer.ingress[0].ip != _|_ {
+      		isHealth: true
+      	}
       	if !isHealth {
       		message: "ExternalIP: Pending"
       	}
@@ -62,10 +65,15 @@ spec:
       	}
       }
     healthPolicy: |-
-      isHealth: *true | bool
       service: context.outputs.service
       if service.spec.type == "LoadBalancer" {
       	status: service.status
-      	isHealth: status != _|_ && status.loadBalancer != _|_ && status.loadBalancer.ingress != _|_ && len(status.loadBalancer.ingress) > 0
+      	isHealth: *false | bool
+      	if status != _|_ if status.loadBalancer != _|_ if status.loadBalancer.ingress != _|_ if len(status.loadBalancer.ingress) > 0 if status.loadBalancer.ingress[0].ip != _|_ {
+      		isHealth: true
+      	}
+      }
+      if service.spec.type != "LoadBalancer" {
+      	isHealth: true
       }
 

charts/vela-core/templates/defwithtemplate/gateway.yaml

@@ -113,19 +113,20 @@ spec:
       }
       if context.outputs.ingress.status.loadBalancer.ingress != _|_ {
       	let igs = context.outputs.ingress.status.loadBalancer.ingress
+      	let host = context.outputs.ingress.spec.rules[0].host
         if igs[0].ip != _|_ {
-        	if igs[0].host != _|_ {
+        	if host != _|_ {
       	    message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host + ", IP: " + igs[0].ip
         	}
-        	if igs[0].host == _|_ {
+        	if host == _|_ {
       	    message: "Host not specified, visit the cluster or load balancer in front of the cluster with IP: " + igs[0].ip
         	}
         }
         if igs[0].ip == _|_ {
-        	if igs[0].host != _|_ {
+        	if host != _|_ {
       		  message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host
       		}
-        	if igs[0].host != _|_ {
+        	if host != _|_ {
       	    message: "Host not specified, visit the cluster or load balancer in front of the cluster"
       		}
         }

charts/vela-core/templates/defwithtemplate/generate-jdbc-connection.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Generate a JDBC connection based on Component of alibaba-rds
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: generate-jdbc-connection
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/hpa.yaml

@@ -0,0 +1,110 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/hpa.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Configure k8s HPA for Deployment or Statefulsets
+  name: hpa
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  appliesToWorkloads:
+    - deployments.apps
+    - statefulsets.apps
+  podDisruptive: false
+  schematic:
+    cue:
+      template: |
+        outputs: hpa: {
+        	if context.clusterVersion.minor < 23 {
+        		apiVersion: "autoscaling/v2beta2"
+        	}
+        	if context.clusterVersion.minor >= 23 {
+        		apiVersion: "autoscaling/v2"
+        	}
+        	kind: "HorizontalPodAutoscaler"
+        	metadata: name: context.name
+        	spec: {
+        		scaleTargetRef: {
+        			apiVersion: parameter.targetAPIVersion
+        			kind:       parameter.targetKind
+        			name:       context.name
+        		}
+        		minReplicas: parameter.min
+        		maxReplicas: parameter.max
+        		metrics: [
+        			{
+        				type: "Resource"
+        				resource: {
+        					name: "cpu"
+        					target: {
+        						type: parameter.cpu.type
+        						if parameter.cpu.type == "Utilization" {
+        							averageUtilization: parameter.cpu.value
+        						}
+        						if parameter.cpu.type == "AverageValue" {
+        							averageValue: parameter.cpu.value
+        						}
+        					}
+        				}
+        			},
+        			if parameter.mem != _|_ {
+        				{
+        					type: "Resource"
+        					resource: {
+        						name: "memory"
+        						target: {
+        							type: parameter.mem.type
+        							if parameter.cpu.type == "Utilization" {
+        								averageUtilization: parameter.cpu.value
+        							}
+        							if parameter.cpu.type == "AverageValue" {
+        								averageValue: parameter.cpu.value
+        							}
+        						}
+        					}
+        				}
+        			},
+        			if parameter.podCustomMetrics != _|_ for m in parameter.podCustomMetrics {
+        				type: "Pods"
+        				pods: {
+        					metric: name: m.name
+        					target: {
+        						type:         "AverageValue"
+        						averageValue: m.value
+        					}
+        				}
+        			},
+        		]
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the minimal number of replicas to which the autoscaler can scale down
+        	min: *1 | int
+        	// +usage=Specify the maximum number of of replicas to which the autoscaler can scale up
+        	max: *10 | int
+        	// +usage=Specify the apiVersion of scale target
+        	targetAPIVersion: *"apps/v1" | string
+        	// +usage=Specify the kind of scale target
+        	targetKind: *"Deployment" | string
+        	cpu: {
+        		// +usage=Specify resource metrics in terms of percentage("Utilization") or direct value("AverageValue")
+        		type: *"Utilization" | "AverageValue"
+        		// +usage=Specify the value of CPU utilization or averageValue
+        		value: *50 | int
+        	}
+        	mem?: {
+        		// +usage=Specify resource metrics in terms of percentage("Utilization") or direct value("AverageValue")
+        		type: *"Utilization" | "AverageValue"
+        		// +usage=Specify  the value of MEM utilization or averageValue
+        		value: *50 | int
+        	}
+        	// +usage=Specify custom metrics of pod type
+        	podCustomMetrics?: [...{
+        		// +usage=Specify name of custom metrics
+        		name: string
+        		// +usage=Specify target value of custom metrics
+        		value: string
+        	}]
+        }
+

charts/vela-core/templates/defwithtemplate/k8s-update-strategy.yaml

@@ -0,0 +1,77 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/k8s-update-strategy.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/alias: ""
+    definition.oam.dev/description: Set k8s update strategy for Deployment/DaemonSet/StatefulSet
+  name: k8s-update-strategy
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  appliesToWorkloads:
+    - deployments.apps
+    - statefulsets.apps
+    - daemonsets.apps
+  conflictsWith: []
+  podDisruptive: false
+  schematic:
+    cue:
+      template: |
+        patch: spec: {
+        	if parameter.targetKind == "Deployment" && parameter.strategy.type != "OnDelete" {
+        		// +patchStrategy=retainKeys
+        		strategy: {
+        			type: parameter.strategy.type
+        			if parameter.strategy.type == "RollingUpdate" {
+        				rollingUpdate: {
+        					maxSurge:       parameter.strategy.rollingStrategy.maxSurge
+        					maxUnavailable: parameter.strategy.rollingStrategy.maxUnavailable
+        				}
+        			}
+        		}
+        	}
+
+        	if parameter.targetKind == "StatefulSet" && parameter.strategy.type != "Recreate" {
+        		// +patchStrategy=retainKeys
+        		updateStrategy: {
+        			type: parameter.strategy.type
+        			if parameter.strategy.type == "RollingUpdate" {
+        				rollingUpdate: partition: parameter.strategy.rollingStrategy.partition
+        			}
+        		}
+        	}
+
+        	if parameter.targetKind == "DaemonSet" && parameter.strategy.type != "Recreate" {
+        		// +patchStrategy=retainKeys
+        		updateStrategy: {
+        			type: parameter.strategy.type
+        			if parameter.strategy.type == "RollingUpdate" {
+        				rollingUpdate: {
+        					maxSurge:       parameter.strategy.rollingStrategy.maxSurge
+        					maxUnavailable: parameter.strategy.rollingStrategy.maxUnavailable
+        				}
+        			}
+        		}
+        	}
+
+        }
+        parameter: {
+        	// +usage=Specify the apiVersion of target
+        	targetAPIVersion: *"apps/v1" | string
+        	// +usage=Specify the kind of target
+        	targetKind: *"Deployment" | "StatefulSet" | "DaemonSet"
+        	// +usage=Specify the strategy of update
+        	strategy: {
+        		// +usage=Specify the strategy type
+        		type: *"RollingUpdate" | "Recreate" | "OnDelete"
+        		// +usage=Specify the parameters of rollong update strategy
+        		rollingStrategy?: {
+        			maxSurge:       *"25%" | string
+        			maxUnavailable: *"25%" | string
+        			partition:      *0 | int
+        		}
+        	}
+        }
+  workloadRefPath: ""
+

charts/vela-core/templates/defwithtemplate/notification.yaml

@@ -56,44 +56,41 @@ spec:
         		// +usage=Specify the message that you want to sent, refer to [dingtalk messaging](https://developers.dingtalk.com/document/robots/custom-robot-access/title-72m-8ag-pqw)
         		message: {
         			// +usage=Specify the message content of dingtalk notification
-        			text?: *null | close({
+        			text?: close({
         				content: string
         			})
         			// +usage=msgType can be text, link, mardown, actionCard, feedCard
         			msgtype: *"text" | "link" | "markdown" | "actionCard" | "feedCard"
-        			link?:   *null | close({
+        			#link: {
         				text?:       string
         				title?:      string
         				messageUrl?: string
         				picUrl?:     string
-        			})
-        			markdown?: *null | close({
+        			}
+
+        			link?:     #link
+        			markdown?: close({
         				text:  string
         				title: string
         			})
-        			at?: *null | close({
-        				atMobiles?: *null | [...string]
-        				isAtAll?:   bool
+        			at?: close({
+        				atMobiles?: [...string]
+        				isAtAll?: bool
         			})
-        			actionCard?: *null | close({
+        			actionCard?: close({
         				text:           string
         				title:          string
         				hideAvatar:     string
         				btnOrientation: string
         				singleTitle:    string
         				singleURL:      string
-        				btns:           *null | close([...*null | close({
+        				btns?: [...close({
         					title:     string
         					actionURL: string
-        				})])
+        				})]
         			})
-        			feedCard?: *null | close({
-        				links: *null | close([...*null | close({
-        					text?:       string
-        					title?:      string
-        					messageUrl?: string
-        					picUrl?:     string
-        				})])
+        			feedCard?: close({
+        				links: [...#link]
         			})
         		}
         	}
@@ -114,11 +111,11 @@ spec:
         		// +usage=Specify the message that you want to sent, refer to [slack messaging](https://api.slack.com/reference/messaging/payload)
         		message: {
         			// +usage=Specify the message text for slack notification
-        			text:         string
-        			blocks?:      *null | close([...block])
-        			attachments?: *null | close({
-        				blocks?: *null | close([...block])
-        				color?:  string
+        			text: string
+        			blocks?: [...block]
+        			attachments?: close({
+        				blocks?: [...block]
+        				color?: string
         			})
         			thread_ts?: string
         			// +usage=Specify the message text format in markdown for slack notification

charts/vela-core/templates/defwithtemplate/print-message-in-status.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: print message in workflow step status
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: print-message-in-status
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/read-object.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Read Kubernetes objects from cluster for your workflow steps
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: read-object
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/read-only.yaml

@@ -13,7 +13,7 @@ spec:
       template: |
         #PolicyRule: {
         	// +usage=Specify how to select the targets of the rule
-        	selector: [...#RuleSelector]
+        	selector: #RuleSelector
         }
         #RuleSelector: {
         	// +usage=Select resources by component names

charts/vela-core/templates/defwithtemplate/step-group.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: A special step that you can declare 'subSteps' in it, 'subSteps' is an array containing any step type whose valid parameters do not include the `step-group` step type itself. The sub steps were executed in parallel.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: step-group
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/storage.yaml

@@ -54,6 +54,12 @@ spec:
         			emptyDir: medium: v.medium
         		}
         	},
+        	if parameter.hostPath != _|_ for v in parameter.hostPath {
+        		{
+        			name: "hostpath-" + v.name
+        			path: v.path
+        		}
+        	},
         ]
         volumeMountsList: [
         	if parameter.pvc != _|_ for v in parameter.pvc {
@@ -94,6 +100,12 @@ spec:
         			}
         		}
         	},
+        	if parameter.hostPath != _|_ for v in parameter.hostPath {
+        		{
+        			name:      "hostpath-" + v.name
+        			mountPath: v.mountPath
+        		}
+        	},
         ]
         envList: [
         	if parameter.configMap != _|_ for v in parameter.configMap if v.mountToEnv != _|_ {
@@ -311,7 +323,7 @@ spec:
         			envName:   string
         			secretKey: string
         		}]
-        		mountPath?:  string
+        		mountPath:   string
         		subPath?:    string
         		defaultMode: *420 | int
         		readOnly:    *false | bool
@@ -331,5 +343,13 @@ spec:
         		subPath?:  string
         		medium:    *"" | "Memory"
         	}]
+
+        	// +usage=Declare host path type storage
+        	hostPath?: [...{
+        		name:      string
+        		path:      string
+        		mountPath: string
+        		type:      *"Directory" | "DirectoryOrCreate" | "FileOrCreate" | "File" | "Socket" | "CharDevice" | "BlockDevice"
+        	}]
         }
 

charts/vela-core/templates/defwithtemplate/vela-cli.yaml

@@ -19,18 +19,24 @@ spec:
         mountsArray: [
         	if parameter.storage != _|_ && parameter.storage.secret != _|_ for v in parameter.storage.secret {
         		{
+        			name:      "secret-" + v.name
         			mountPath: v.mountPath
         			if v.subPath != _|_ {
         				subPath: v.subPath
         			}
-        			name: v.name
+        		}
+        	},
+        	if parameter.storage != _|_ && parameter.storage.hostPath != _|_ for v in parameter.storage.hostPath {
+        		{
+        			name:      "hostpath-" + v.name
+        			mountPath: v.mountPath
         		}
         	},
         ]
         volumesList: [
         	if parameter.storage != _|_ && parameter.storage.secret != _|_ for v in parameter.storage.secret {
         		{
-        			name: v.name
+        			name: "secret-" + v.name
         			secret: {
         				defaultMode: v.defaultMode
         				secretName:  v.secretName
@@ -39,6 +45,12 @@ spec:
         				}
         			}
         		}
+        		if parameter.storage != _|_ && parameter.storage.hostPath != _|_ for v in parameter.storage.hostPath {
+        			{
+        				name: "hostpath-" + v.name
+        				path: v.path
+        			}
+        		}
         	},
         ]
         deDupVolumesArray: [
@@ -69,7 +81,7 @@ spec:
         		spec: {
         			backoffLimit: 3
         			template: {
-        				labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
+        				metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
         				spec: {
         					containers: [
         						{
@@ -125,6 +137,13 @@ spec:
         				mode: *511 | int
         			}]
         		}]
+        		// +usage=Declare host path type storage
+        		hostPath?: [...{
+        			name:      string
+        			path:      string
+        			mountPath: string
+        			type:      *"Directory" | "DirectoryOrCreate" | "FileOrCreate" | "File" | "Socket" | "CharDevice" | "BlockDevice"
+        		}]
         	}
         }
 

charts/vela-core/templates/defwithtemplate/webservice.yaml

@@ -185,6 +185,10 @@ spec:
         						command: parameter.cmd
         					}
 
+        					if parameter["args"] != _|_ {
+        						args: parameter.args
+        					}
+
         					if parameter["env"] != _|_ {
         						env: parameter.env
         					}
@@ -363,6 +367,9 @@ spec:
         	// +usage=Commands to run in the container
         	cmd?: [...string]
 
+        	// +usage=Arguments to the entrypoint
+        	args?: [...string]
+
         	// +usage=Define arguments by using environment variables
         	env?: [...{
         		// +usage=Environment variable name

charts/vela-core/templates/kubevela-controller.yaml

@@ -11,21 +11,6 @@ metadata:
   {{- end }}
 {{- end }}
 
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "kubevela.fullname" . }}:manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ if .Values.authentication.enabled }} {{ include "kubevela.fullname" . }}:manager {{ else }} "cluster-admin" {{ end }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "kubevela.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-
 {{ if .Values.authentication.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -66,9 +51,41 @@ rules:
   - apiGroups: ["authorization.k8s.io"]
     resources: ["subjectaccessreviews"]
     verbs: ["*"]
-{{ end }}
 
 ---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kubevela.fullname" . }}:manager-authentication-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubevela.fullname" . }}:manager
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubevela.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+
+{{ else }}
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kubevela.fullname" . }}:manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "cluster-admin"
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubevela.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+
+{{ end }}
+---
 # permissions to do leader election.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -255,8 +272,9 @@ spec:
             - "--feature-gates=ZstdResourceTracker={{- .Values.featureGates.zstdResourceTracker | toString -}}"
             - "--feature-gates=ApplyOnce={{- .Values.featureGates.applyOnce | toString -}}"
             - "--feature-gates=MultiStageComponentApply= {{- .Values.featureGates.multiStageComponentApply | toString -}}"
-            - "--feature-gates=GzipApplicationRevision={{- .Values.featureGates.gzipResourceTracker | toString -}}"
-            - "--feature-gates=ZstdApplicationRevision={{- .Values.featureGates.zstdResourceTracker | toString -}}"
+            - "--feature-gates=GzipApplicationRevision={{- .Values.featureGates.gzipApplicationRevision | toString -}}"
+            - "--feature-gates=ZstdApplicationRevision={{- .Values.featureGates.zstdApplicationRevision | toString -}}"
+            - "--feature-gates=PreDispatchDryRun={{- .Values.featureGates.preDispatchDryRun | toString -}}"
             {{ if .Values.authentication.enabled }}
             {{ if .Values.authentication.withUser }}
             - "--authentication-with-user"

charts/vela-core/templates/velaql/component-pod.yaml

@@ -1,9 +1,8 @@
-{{- if not (lookup "v1" "ConfigMap" (include "systemDefinitionNamespace" .) "component-pod-view") }}
 apiVersion: v1
 data:
   template: |
       import (
-      "vela/ql"
+        "vela/ql"
       )
 
       parameter: {
@@ -56,9 +55,15 @@ data:
               phase: pod.object.status.phase
               // refer to https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
               if phase != "Pending" && phase != "Unknown" {
-                podIP:    pod.object.status.podIP
-                hostIP:   pod.object.status.hostIP
-                nodeName: pod.object.spec.nodeName
+                if pod.object.podIP != _|_ {
+                  podIP: pod.object.status.podIP
+                }
+                if pod.object.hostIP != _|_ {
+                  hostIP: pod.object.status.hostIP
+                }
+                if pod.object.nodeName != _|_ {
+                  nodeName: pod.object.spec.nodeName
+                }
               }
             }
           }]
@@ -74,4 +79,3 @@ kind: ConfigMap
 metadata:
   name: component-pod-view
   namespace: {{ include "systemDefinitionNamespace" . }}
-{{- end }}

charts/vela-core/templates/velaql/component-service.yaml

@@ -1,4 +1,3 @@
-{{- if not (lookup "v1" "ConfigMap" (include "systemDefinitionNamespace" .) "component-service-view") }}
 apiVersion: v1
 data:
   template: |
@@ -47,4 +46,3 @@ kind: ConfigMap
 metadata:
   name: component-service-view
   namespace: {{ include "systemDefinitionNamespace" . }}
-{{- end}}

charts/vela-core/values.yaml

@@ -113,6 +113,7 @@ optimize:
 ##@param featureGates.multiStageComponentApply if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply.
 ##@param featureGates.gzipApplicationRevision compress apprev using gzip (good) before being stored. This is reduces network throughput when dealing with huge apprevs.
 ##@param featureGates.zstdApplicationRevision compress apprev using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge apprevs. Note that zstd will be prioritized if you enable other compression options.
+##@param featureGates.preDispatchDryRun enable dryrun before dispatching resources. Enable this flag can help prevent unsuccessful dispatch resources entering resourcetracker and improve the user experiences of gc but at the cost of increasing network requests.
 ##@param
 featureGates:
   enableLegacyComponentRevision: false
@@ -122,6 +123,7 @@ featureGates:
   multiStageComponentApply: false
   gzipApplicationRevision: false
   zstdApplicationRevision: true
+  preDispatchDryRun: true
 
 ## @section MultiCluster parameters
 
@@ -146,7 +148,7 @@ multicluster:
     port: 9443
     image:
       repository: oamdev/cluster-gateway
-      tag: v1.4.0
+      tag: v1.7.0
       pullPolicy: IfNotPresent
     resources:
       limits:
@@ -263,6 +265,6 @@ kubeClient:
 ## @param authentication.groupPattern Application authentication will impersonate as the request Group that matches the pattern
 authentication:
   enabled: false
-  withUser: false
+  withUser: true
   defaultUser: kubevela:vela-core
   groupPattern: kubevela:*

charts/vela-minimal/README.md

@@ -65,7 +65,6 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-minimal --
 | `controllerArgs.reSyncPeriod` | The period for resync the applications                                                        | `5m`                 |
 | `OAMSpecVer`                  | OAMSpecVer is the oam spec version controller want to setup                                   | `minimal`            |
 | `disableCaps`                 | Disable capability                                                                            | `envbinding,rollout` |
-| `applyOnceOnly`               | Valid applyOnceOnly values: true/false/on/off/force                                           | `off`                |
 | `dependCheckWait`             | dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready   | `30s`                |
 
 
@@ -97,20 +96,29 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-minimal --
 | `healthCheck.port`          | KubeVela health check port           | `9440`             |
 
 
+### KubeVela controller optimization parameters
+
+| Name                     | Description                                                                                                                           | Value   |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `featureGates.applyOnce` | if enabled, the apply-once feature will be applied to all applications, no state-keep and no resource data storage in ResourceTracker | `false` |
+
+
 ### MultiCluster parameters
 
-| Name                                                  | Description                      | Value                            |
-| ----------------------------------------------------- | -------------------------------- | -------------------------------- |
-| `multicluster.enabled`                                | Whether to enable multi-cluster  | `true`                           |
-| `multicluster.clusterGateway.replicaCount`            | ClusterGateway replica count     | `1`                              |
-| `multicluster.clusterGateway.port`                    | ClusterGateway port              | `9443`                           |
-| `multicluster.clusterGateway.image.repository`        | ClusterGateway image repository  | `oamdev/cluster-gateway`         |
-| `multicluster.clusterGateway.image.tag`               | ClusterGateway image tag         | `v1.4.0`                         |
-| `multicluster.clusterGateway.image.pullPolicy`        | ClusterGateway image pull policy | `IfNotPresent`                   |
-| `multicluster.clusterGateway.resources.limits.cpu`    | ClusterGateway cpu limit         | `100m`                           |
-| `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit      | `200Mi`                          |
-| `multicluster.clusterGateway.secureTLS.enabled`       | Whether to enable secure TLS     | `true`                           |
-| `multicluster.clusterGateway.secureTLS.certPath`      | Path to the certificate file     | `/etc/k8s-cluster-gateway-certs` |
+| Name                                                    | Description                      | Value                            |
+| ------------------------------------------------------- | -------------------------------- | -------------------------------- |
+| `multicluster.enabled`                                  | Whether to enable multi-cluster  | `true`                           |
+| `multicluster.clusterGateway.replicaCount`              | ClusterGateway replica count     | `1`                              |
+| `multicluster.clusterGateway.port`                      | ClusterGateway port              | `9443`                           |
+| `multicluster.clusterGateway.image.repository`          | ClusterGateway image repository  | `oamdev/cluster-gateway`         |
+| `multicluster.clusterGateway.image.tag`                 | ClusterGateway image tag         | `v1.8.0-alpha.3`                 |
+| `multicluster.clusterGateway.image.pullPolicy`          | ClusterGateway image pull policy | `IfNotPresent`                   |
+| `multicluster.clusterGateway.resources.requests.cpu`    | ClusterGateway cpu request       | `50m`                            |
+| `multicluster.clusterGateway.resources.requests.memory` | ClusterGateway memory request    | `20Mi`                           |
+| `multicluster.clusterGateway.resources.limits.cpu`      | ClusterGateway cpu limit         | `500m`                           |
+| `multicluster.clusterGateway.resources.limits.memory`   | ClusterGateway memory limit      | `200Mi`                          |
+| `multicluster.clusterGateway.secureTLS.enabled`         | Whether to enable secure TLS     | `true`                           |
+| `multicluster.clusterGateway.secureTLS.certPath`        | Path to the certificate file     | `/etc/k8s-cluster-gateway-certs` |
 
 
 ### Test parameters

charts/vela-minimal/crds/core.oam.dev_applicationrevisions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: applicationrevisions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -214,6 +213,7 @@ spec:
                                         https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                       type: string
                                   type: object
+                                  x-kubernetes-map-type: atomic
                               required:
                               - name
                               type: object
@@ -356,6 +356,7 @@ spec:
                                               info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                             type: string
                                         type: object
+                                        x-kubernetes-map-type: atomic
                                     required:
                                     - name
                                     type: object
@@ -494,39 +495,40 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       components:
                         description: Components record the related Components created
                           by Application Controller
                         items:
-                          description: 'ObjectReference contains enough information
+                          description: "ObjectReference contains enough information
                             to let you inspect or modify the referred object. ---
                             New uses of this type are discouraged because of difficulty
-                            describing its usage when embedded in APIs.  1. Ignored
+                            describing its usage when embedded in APIs. 1. Ignored
                             fields.  It includes many fields which are not generally
                             honored.  For instance, ResourceVersion and FieldPath
-                            are both very rarely valid in actual usage.  2. Invalid
+                            are both very rarely valid in actual usage. 2. Invalid
                             usage help.  It is impossible to add specific help for
                             individual usage.  In most embedded usages, there are
-                            particular     restrictions like, "must refer only to
-                            types A and B" or "UID not honored" or "name must be restricted".     Those
-                            cannot be well described when embedded.  3. Inconsistent
+                            particular restrictions like, \"must refer only to types
+                            A and B\" or \"UID not honored\" or \"name must be restricted\".
+                            Those cannot be well described when embedded. 3. Inconsistent
                             validation.  Because the usages are different, the validation
                             rules are different by usage, which makes it hard for
-                            users to predict what will happen.  4. The fields are
-                            both imprecise and overly precise.  Kind is not a precise
-                            mapping to a URL. This can produce ambiguity     during
-                            interpretation and require a REST mapping.  In most cases,
-                            the dependency is on the group,resource tuple     and
-                            the version of the actual struct is irrelevant.  5. We
-                            cannot easily change it.  Because this type is embedded
-                            in many locations, updates to this type     will affect
-                            numerous schemas.  Don''t make new APIs embed an underspecified
-                            API type they do not control. Instead of using this type,
-                            create a locally provided and used type that is well-focused
-                            on your reference. For example, ServiceReferences for
-                            admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                            .'
+                            users to predict what will happen. 4. The fields are both
+                            imprecise and overly precise.  Kind is not a precise mapping
+                            to a URL. This can produce ambiguity during interpretation
+                            and require a REST mapping.  In most cases, the dependency
+                            is on the group,resource tuple and the version of the
+                            actual struct is irrelevant. 5. We cannot easily change
+                            it.  Because this type is embedded in many locations,
+                            updates to this type will affect numerous schemas.  Don't
+                            make new APIs embed an underspecified API type they do
+                            not control. \n Instead of using this type, create a locally
+                            provided and used type that is well-focused on your reference.
+                            For example, ServiceReferences for admission registration:
+                            https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                            ."
                           properties:
                             apiVersion:
                               description: API version of the referent.
@@ -563,6 +565,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       conditions:
                         description: Conditions of the resource.
@@ -659,37 +662,37 @@ spec:
                               type: string
                             scopes:
                               items:
-                                description: 'ObjectReference contains enough information
+                                description: "ObjectReference contains enough information
                                   to let you inspect or modify the referred object.
                                   --- New uses of this type are discouraged because
                                   of difficulty describing its usage when embedded
-                                  in APIs.  1. Ignored fields.  It includes many fields
+                                  in APIs. 1. Ignored fields.  It includes many fields
                                   which are not generally honored.  For instance,
                                   ResourceVersion and FieldPath are both very rarely
-                                  valid in actual usage.  2. Invalid usage help.  It
+                                  valid in actual usage. 2. Invalid usage help.  It
                                   is impossible to add specific help for individual
-                                  usage.  In most embedded usages, there are particular     restrictions
-                                  like, "must refer only to types A and B" or "UID
-                                  not honored" or "name must be restricted".     Those
-                                  cannot be well described when embedded.  3. Inconsistent
-                                  validation.  Because the usages are different, the
-                                  validation rules are different by usage, which makes
-                                  it hard for users to predict what will happen.  4.
-                                  The fields are both imprecise and overly precise.  Kind
-                                  is not a precise mapping to a URL. This can produce
-                                  ambiguity     during interpretation and require
-                                  a REST mapping.  In most cases, the dependency is
-                                  on the group,resource tuple     and the version
-                                  of the actual struct is irrelevant.  5. We cannot
-                                  easily change it.  Because this type is embedded
-                                  in many locations, updates to this type     will
-                                  affect numerous schemas.  Don''t make new APIs embed
-                                  an underspecified API type they do not control.
+                                  usage.  In most embedded usages, there are particular
+                                  restrictions like, \"must refer only to types A
+                                  and B\" or \"UID not honored\" or \"name must be
+                                  restricted\". Those cannot be well described when
+                                  embedded. 3. Inconsistent validation.  Because the
+                                  usages are different, the validation rules are different
+                                  by usage, which makes it hard for users to predict
+                                  what will happen. 4. The fields are both imprecise
+                                  and overly precise.  Kind is not a precise mapping
+                                  to a URL. This can produce ambiguity during interpretation
+                                  and require a REST mapping.  In most cases, the
+                                  dependency is on the group,resource tuple and the
+                                  version of the actual struct is irrelevant. 5. We
+                                  cannot easily change it.  Because this type is embedded
+                                  in many locations, updates to this type will affect
+                                  numerous schemas.  Don't make new APIs embed an
+                                  underspecified API type they do not control. \n
                                   Instead of using this type, create a locally provided
                                   and used type that is well-focused on your reference.
                                   For example, ServiceReferences for admission registration:
                                   https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                  .'
+                                  ."
                                 properties:
                                   apiVersion:
                                     description: API version of the referent.
@@ -732,6 +735,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                               type: array
                             traits:
                               items:
@@ -776,35 +780,34 @@ spec:
                           appRevision:
                             type: string
                           contextBackend:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -842,8 +845,10 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                           endTime:
                             format: date-time
+                            nullable: true
                             type: string
                           finished:
                             type: boolean
@@ -1145,6 +1150,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -1580,6 +1600,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -1913,6 +1948,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -2120,7 +2170,6 @@ spec:
                                     type: string
                                 required:
                                 - from
-                                - parameterKey
                                 type: object
                               type: array
                             name:
@@ -2242,7 +2291,6 @@ spec:
                                         type: string
                                     required:
                                     - from
-                                    - parameterKey
                                     type: object
                                   type: array
                                 meta:
@@ -2299,7 +2347,6 @@ spec:
                                               type: string
                                           required:
                                           - from
-                                          - parameterKey
                                           type: object
                                         type: array
                                       meta:
@@ -2341,7 +2388,6 @@ spec:
                                           step.
                                         type: string
                                     required:
-                                    - name
                                     - type
                                     type: object
                                   type: array
@@ -2352,7 +2398,6 @@ spec:
                                   description: Type is the type of the workflow step.
                                   type: string
                               required:
-                              - name
                               - type
                               type: object
                             type: array
@@ -2409,39 +2454,40 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       components:
                         description: Components record the related Components created
                           by Application Controller
                         items:
-                          description: 'ObjectReference contains enough information
+                          description: "ObjectReference contains enough information
                             to let you inspect or modify the referred object. ---
                             New uses of this type are discouraged because of difficulty
-                            describing its usage when embedded in APIs.  1. Ignored
+                            describing its usage when embedded in APIs. 1. Ignored
                             fields.  It includes many fields which are not generally
                             honored.  For instance, ResourceVersion and FieldPath
-                            are both very rarely valid in actual usage.  2. Invalid
+                            are both very rarely valid in actual usage. 2. Invalid
                             usage help.  It is impossible to add specific help for
                             individual usage.  In most embedded usages, there are
-                            particular     restrictions like, "must refer only to
-                            types A and B" or "UID not honored" or "name must be restricted".     Those
-                            cannot be well described when embedded.  3. Inconsistent
+                            particular restrictions like, \"must refer only to types
+                            A and B\" or \"UID not honored\" or \"name must be restricted\".
+                            Those cannot be well described when embedded. 3. Inconsistent
                             validation.  Because the usages are different, the validation
                             rules are different by usage, which makes it hard for
-                            users to predict what will happen.  4. The fields are
-                            both imprecise and overly precise.  Kind is not a precise
-                            mapping to a URL. This can produce ambiguity     during
-                            interpretation and require a REST mapping.  In most cases,
-                            the dependency is on the group,resource tuple     and
-                            the version of the actual struct is irrelevant.  5. We
-                            cannot easily change it.  Because this type is embedded
-                            in many locations, updates to this type     will affect
-                            numerous schemas.  Don''t make new APIs embed an underspecified
-                            API type they do not control. Instead of using this type,
-                            create a locally provided and used type that is well-focused
-                            on your reference. For example, ServiceReferences for
-                            admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                            .'
+                            users to predict what will happen. 4. The fields are both
+                            imprecise and overly precise.  Kind is not a precise mapping
+                            to a URL. This can produce ambiguity during interpretation
+                            and require a REST mapping.  In most cases, the dependency
+                            is on the group,resource tuple and the version of the
+                            actual struct is irrelevant. 5. We cannot easily change
+                            it.  Because this type is embedded in many locations,
+                            updates to this type will affect numerous schemas.  Don't
+                            make new APIs embed an underspecified API type they do
+                            not control. \n Instead of using this type, create a locally
+                            provided and used type that is well-focused on your reference.
+                            For example, ServiceReferences for admission registration:
+                            https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                            ."
                           properties:
                             apiVersion:
                               description: API version of the referent.
@@ -2478,6 +2524,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                         type: array
                       conditions:
                         description: Conditions of the resource.
@@ -2574,37 +2621,37 @@ spec:
                               type: string
                             scopes:
                               items:
-                                description: 'ObjectReference contains enough information
+                                description: "ObjectReference contains enough information
                                   to let you inspect or modify the referred object.
                                   --- New uses of this type are discouraged because
                                   of difficulty describing its usage when embedded
-                                  in APIs.  1. Ignored fields.  It includes many fields
+                                  in APIs. 1. Ignored fields.  It includes many fields
                                   which are not generally honored.  For instance,
                                   ResourceVersion and FieldPath are both very rarely
-                                  valid in actual usage.  2. Invalid usage help.  It
+                                  valid in actual usage. 2. Invalid usage help.  It
                                   is impossible to add specific help for individual
-                                  usage.  In most embedded usages, there are particular     restrictions
-                                  like, "must refer only to types A and B" or "UID
-                                  not honored" or "name must be restricted".     Those
-                                  cannot be well described when embedded.  3. Inconsistent
-                                  validation.  Because the usages are different, the
-                                  validation rules are different by usage, which makes
-                                  it hard for users to predict what will happen.  4.
-                                  The fields are both imprecise and overly precise.  Kind
-                                  is not a precise mapping to a URL. This can produce
-                                  ambiguity     during interpretation and require
-                                  a REST mapping.  In most cases, the dependency is
-                                  on the group,resource tuple     and the version
-                                  of the actual struct is irrelevant.  5. We cannot
-                                  easily change it.  Because this type is embedded
-                                  in many locations, updates to this type     will
-                                  affect numerous schemas.  Don''t make new APIs embed
-                                  an underspecified API type they do not control.
+                                  usage.  In most embedded usages, there are particular
+                                  restrictions like, \"must refer only to types A
+                                  and B\" or \"UID not honored\" or \"name must be
+                                  restricted\". Those cannot be well described when
+                                  embedded. 3. Inconsistent validation.  Because the
+                                  usages are different, the validation rules are different
+                                  by usage, which makes it hard for users to predict
+                                  what will happen. 4. The fields are both imprecise
+                                  and overly precise.  Kind is not a precise mapping
+                                  to a URL. This can produce ambiguity during interpretation
+                                  and require a REST mapping.  In most cases, the
+                                  dependency is on the group,resource tuple and the
+                                  version of the actual struct is irrelevant. 5. We
+                                  cannot easily change it.  Because this type is embedded
+                                  in many locations, updates to this type will affect
+                                  numerous schemas.  Don't make new APIs embed an
+                                  underspecified API type they do not control. \n
                                   Instead of using this type, create a locally provided
                                   and used type that is well-focused on your reference.
                                   For example, ServiceReferences for admission registration:
                                   https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                  .'
+                                  ."
                                 properties:
                                   apiVersion:
                                     description: API version of the referent.
@@ -2647,6 +2694,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                               type: array
                             traits:
                               items:
@@ -2691,35 +2739,34 @@ spec:
                           appRevision:
                             type: string
                           contextBackend:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -2757,8 +2804,10 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                           endTime:
                             format: date-time
+                            nullable: true
                             type: string
                           finished:
                             type: boolean
@@ -3053,6 +3102,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -3423,6 +3487,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -3850,6 +3929,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -4053,7 +4147,6 @@ spec:
                                 type: string
                             required:
                             - from
-                            - parameterKey
                             type: object
                           type: array
                         meta:
@@ -4105,7 +4198,6 @@ spec:
                                       type: string
                                   required:
                                   - from
-                                  - parameterKey
                                   type: object
                                 type: array
                               meta:
@@ -4143,7 +4235,6 @@ spec:
                                 description: Type is the type of the workflow step.
                                 type: string
                             required:
-                            - name
                             - type
                             type: object
                           type: array
@@ -4154,7 +4245,6 @@ spec:
                           description: Type is the type of the workflow step.
                           type: string
                       required:
-                      - name
                       - type
                       type: object
                     type: array
@@ -4323,6 +4413,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -4639,6 +4744,21 @@ spec:
                                     provisioned cloud resources will be deleted when
                                     CR is deleted
                                   type: boolean
+                                gitCredentialsSecretReference:
+                                  description: GitCredentialsSecretReference specifies
+                                    the reference to the secret containing the git
+                                    credentials
+                                  properties:
+                                    name:
+                                      description: name is unique within a namespace
+                                        to reference a secret resource.
+                                      type: string
+                                    namespace:
+                                      description: namespace defines the space within
+                                        which the secret name must be unique.
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
                                 path:
                                   description: Path is the sub-directory of remote
                                     git repository. It's valid when remote is set
@@ -4762,31 +4882,31 @@ spec:
                   appRevision:
                     type: string
                   contextBackend:
-                    description: 'ObjectReference contains enough information to let
+                    description: "ObjectReference contains enough information to let
                       you inspect or modify the referred object. --- New uses of this
                       type are discouraged because of difficulty describing its usage
-                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      when embedded in APIs. 1. Ignored fields.  It includes many
                       fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage.  2.
+                      and FieldPath are both very rarely valid in actual usage. 2.
                       Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular     restrictions
-                      like, "must refer only to types A and B" or "UID not honored"
-                      or "name must be restricted".     Those cannot be well described
-                      when embedded.  3. Inconsistent validation.  Because the usages
-                      are different, the validation rules are different by usage,
-                      which makes it hard for users to predict what will happen.  4.
-                      The fields are both imprecise and overly precise.  Kind is not
-                      a precise mapping to a URL. This can produce ambiguity     during
-                      interpretation and require a REST mapping.  In most cases, the
-                      dependency is on the group,resource tuple     and the version
-                      of the actual struct is irrelevant.  5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
                       it.  Because this type is embedded in many locations, updates
-                      to this type     will affect numerous schemas.  Don''t make
-                      new APIs embed an underspecified API type they do not control.
-                      Instead of using this type, create a locally provided and used
-                      type that is well-focused on your reference. For example, ServiceReferences
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
                       for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      .'
+                      ."
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -4821,8 +4941,10 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   endTime:
                     format: date-time
+                    nullable: true
                     type: string
                   finished:
                     type: boolean
@@ -4923,6 +5045,11 @@ spec:
                 - suspend
                 - terminated
                 type: object
+              workflowContext:
+                additionalProperties:
+                  type: string
+                description: Record the context values to the revision.
+                type: object
             required:
             - succeeded
             type: object
@@ -4931,9 +5058,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_applications.yaml

@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: vela-system/kubevela-vela-core-root-cert
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: applications.core.oam.dev
 spec:
   group: core.oam.dev
@@ -178,6 +178,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                       required:
                       - name
                       type: object
@@ -312,6 +313,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                             required:
                             - name
                             type: object
@@ -445,36 +447,37 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               components:
                 description: Components record the related Components created by Application
                   Controller
                 items:
-                  description: 'ObjectReference contains enough information to let
+                  description: "ObjectReference contains enough information to let
                     you inspect or modify the referred object. --- New uses of this
                     type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
                     which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
                     are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
+                    makes it hard for users to predict what will happen. 4. The fields
                     are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
+                    mapping to a URL. This can produce ambiguity during interpretation
                     and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
                     a locally provided and used type that is well-focused on your
                     reference. For example, ServiceReferences for admission registration:
                     https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                    ."
                   properties:
                     apiVersion:
                       description: API version of the referent.
@@ -509,6 +512,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               conditions:
                 description: Conditions of the resource.
@@ -601,33 +605,33 @@ spec:
                       type: string
                     scopes:
                       items:
-                        description: 'ObjectReference contains enough information
+                        description: "ObjectReference contains enough information
                           to let you inspect or modify the referred object. --- New
                           uses of this type are discouraged because of difficulty
-                          describing its usage when embedded in APIs.  1. Ignored
-                          fields.  It includes many fields which are not generally
-                          honored.  For instance, ResourceVersion and FieldPath are
-                          both very rarely valid in actual usage.  2. Invalid usage
-                          help.  It is impossible to add specific help for individual
-                          usage.  In most embedded usages, there are particular     restrictions
-                          like, "must refer only to types A and B" or "UID not honored"
-                          or "name must be restricted".     Those cannot be well described
-                          when embedded.  3. Inconsistent validation.  Because the
-                          usages are different, the validation rules are different
-                          by usage, which makes it hard for users to predict what
-                          will happen.  4. The fields are both imprecise and overly
-                          precise.  Kind is not a precise mapping to a URL. This can
-                          produce ambiguity     during interpretation and require
-                          a REST mapping.  In most cases, the dependency is on the
-                          group,resource tuple     and the version of the actual struct
-                          is irrelevant.  5. We cannot easily change it.  Because
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
                           this type is embedded in many locations, updates to this
-                          type     will affect numerous schemas.  Don''t make new
-                          APIs embed an underspecified API type they do not control.
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
                           Instead of using this type, create a locally provided and
                           used type that is well-focused on your reference. For example,
                           ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                          .'
+                          ."
                         properties:
                           apiVersion:
                             description: API version of the referent.
@@ -663,6 +667,7 @@ spec:
                             description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                             type: string
                         type: object
+                        x-kubernetes-map-type: atomic
                       type: array
                     traits:
                       items:
@@ -707,31 +712,31 @@ spec:
                   appRevision:
                     type: string
                   contextBackend:
-                    description: 'ObjectReference contains enough information to let
+                    description: "ObjectReference contains enough information to let
                       you inspect or modify the referred object. --- New uses of this
                       type are discouraged because of difficulty describing its usage
-                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      when embedded in APIs. 1. Ignored fields.  It includes many
                       fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage.  2.
+                      and FieldPath are both very rarely valid in actual usage. 2.
                       Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular     restrictions
-                      like, "must refer only to types A and B" or "UID not honored"
-                      or "name must be restricted".     Those cannot be well described
-                      when embedded.  3. Inconsistent validation.  Because the usages
-                      are different, the validation rules are different by usage,
-                      which makes it hard for users to predict what will happen.  4.
-                      The fields are both imprecise and overly precise.  Kind is not
-                      a precise mapping to a URL. This can produce ambiguity     during
-                      interpretation and require a REST mapping.  In most cases, the
-                      dependency is on the group,resource tuple     and the version
-                      of the actual struct is irrelevant.  5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
                       it.  Because this type is embedded in many locations, updates
-                      to this type     will affect numerous schemas.  Don''t make
-                      new APIs embed an underspecified API type they do not control.
-                      Instead of using this type, create a locally provided and used
-                      type that is well-focused on your reference. For example, ServiceReferences
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
                       for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      .'
+                      ."
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -766,8 +771,10 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   endTime:
                     format: date-time
+                    nullable: true
                     type: string
                   finished:
                     type: boolean
@@ -934,7 +941,6 @@ spec:
                             type: string
                         required:
                         - from
-                        - parameterKey
                         type: object
                       type: array
                     name:
@@ -1051,7 +1057,6 @@ spec:
                                 type: string
                             required:
                             - from
-                            - parameterKey
                             type: object
                           type: array
                         meta:
@@ -1103,7 +1108,6 @@ spec:
                                       type: string
                                   required:
                                   - from
-                                  - parameterKey
                                   type: object
                                 type: array
                               meta:
@@ -1141,7 +1145,6 @@ spec:
                                 description: Type is the type of the workflow step.
                                 type: string
                             required:
-                            - name
                             - type
                             type: object
                           type: array
@@ -1152,7 +1155,6 @@ spec:
                           description: Type is the type of the workflow step.
                           type: string
                       required:
-                      - name
                       - type
                       type: object
                     type: array
@@ -1207,36 +1209,37 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               components:
                 description: Components record the related Components created by Application
                   Controller
                 items:
-                  description: 'ObjectReference contains enough information to let
+                  description: "ObjectReference contains enough information to let
                     you inspect or modify the referred object. --- New uses of this
                     type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
                     which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
                     are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
+                    makes it hard for users to predict what will happen. 4. The fields
                     are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
+                    mapping to a URL. This can produce ambiguity during interpretation
                     and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
                     a locally provided and used type that is well-focused on your
                     reference. For example, ServiceReferences for admission registration:
                     https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                    ."
                   properties:
                     apiVersion:
                       description: API version of the referent.
@@ -1271,6 +1274,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               conditions:
                 description: Conditions of the resource.
@@ -1363,33 +1367,33 @@ spec:
                       type: string
                     scopes:
                       items:
-                        description: 'ObjectReference contains enough information
+                        description: "ObjectReference contains enough information
                           to let you inspect or modify the referred object. --- New
                           uses of this type are discouraged because of difficulty
-                          describing its usage when embedded in APIs.  1. Ignored
-                          fields.  It includes many fields which are not generally
-                          honored.  For instance, ResourceVersion and FieldPath are
-                          both very rarely valid in actual usage.  2. Invalid usage
-                          help.  It is impossible to add specific help for individual
-                          usage.  In most embedded usages, there are particular     restrictions
-                          like, "must refer only to types A and B" or "UID not honored"
-                          or "name must be restricted".     Those cannot be well described
-                          when embedded.  3. Inconsistent validation.  Because the
-                          usages are different, the validation rules are different
-                          by usage, which makes it hard for users to predict what
-                          will happen.  4. The fields are both imprecise and overly
-                          precise.  Kind is not a precise mapping to a URL. This can
-                          produce ambiguity     during interpretation and require
-                          a REST mapping.  In most cases, the dependency is on the
-                          group,resource tuple     and the version of the actual struct
-                          is irrelevant.  5. We cannot easily change it.  Because
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
                           this type is embedded in many locations, updates to this
-                          type     will affect numerous schemas.  Don''t make new
-                          APIs embed an underspecified API type they do not control.
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
                           Instead of using this type, create a locally provided and
                           used type that is well-focused on your reference. For example,
                           ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                          .'
+                          ."
                         properties:
                           apiVersion:
                             description: API version of the referent.
@@ -1425,6 +1429,7 @@ spec:
                             description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                             type: string
                         type: object
+                        x-kubernetes-map-type: atomic
                       type: array
                     traits:
                       items:
@@ -1469,31 +1474,31 @@ spec:
                   appRevision:
                     type: string
                   contextBackend:
-                    description: 'ObjectReference contains enough information to let
+                    description: "ObjectReference contains enough information to let
                       you inspect or modify the referred object. --- New uses of this
                       type are discouraged because of difficulty describing its usage
-                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      when embedded in APIs. 1. Ignored fields.  It includes many
                       fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage.  2.
+                      and FieldPath are both very rarely valid in actual usage. 2.
                       Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular     restrictions
-                      like, "must refer only to types A and B" or "UID not honored"
-                      or "name must be restricted".     Those cannot be well described
-                      when embedded.  3. Inconsistent validation.  Because the usages
-                      are different, the validation rules are different by usage,
-                      which makes it hard for users to predict what will happen.  4.
-                      The fields are both imprecise and overly precise.  Kind is not
-                      a precise mapping to a URL. This can produce ambiguity     during
-                      interpretation and require a REST mapping.  In most cases, the
-                      dependency is on the group,resource tuple     and the version
-                      of the actual struct is irrelevant.  5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
                       it.  Because this type is embedded in many locations, updates
-                      to this type     will affect numerous schemas.  Don''t make
-                      new APIs embed an underspecified API type they do not control.
-                      Instead of using this type, create a locally provided and used
-                      type that is well-focused on your reference. For example, ServiceReferences
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
                       for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      .'
+                      ."
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -1528,8 +1533,10 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   endTime:
                     format: date-time
+                    nullable: true
                     type: string
                   finished:
                     type: boolean
@@ -1636,9 +1643,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_definitionrevisions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: definitionrevisions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -233,6 +232,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -550,6 +563,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -868,6 +895,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -1161,6 +1202,20 @@ spec:
                                   provisioned cloud resources will be deleted when
                                   CR is deleted
                                 type: boolean
+                              gitCredentialsSecretReference:
+                                description: GitCredentialsSecretReference specifies
+                                  the reference to the secret containing the git credentials
+                                properties:
+                                  name:
+                                    description: name is unique within a namespace
+                                      to reference a secret resource.
+                                    type: string
+                                  namespace:
+                                    description: namespace defines the space within
+                                      which the secret name must be unique.
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               path:
                                 description: Path is the sub-directory of remote git
                                   repository. It's valid when remote is set
@@ -1279,9 +1334,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_healthscopes.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: healthscopes.core.oam.dev
 spec:
   group: core.oam.dev
@@ -59,36 +58,36 @@ spec:
                             type: string
                           traits:
                             items:
-                              description: 'ObjectReference contains enough information
+                              description: "ObjectReference contains enough information
                                 to let you inspect or modify the referred object.
                                 --- New uses of this type are discouraged because
                                 of difficulty describing its usage when embedded in
-                                APIs.  1. Ignored fields.  It includes many fields
+                                APIs. 1. Ignored fields.  It includes many fields
                                 which are not generally honored.  For instance, ResourceVersion
                                 and FieldPath are both very rarely valid in actual
-                                usage.  2. Invalid usage help.  It is impossible to
+                                usage. 2. Invalid usage help.  It is impossible to
                                 add specific help for individual usage.  In most embedded
-                                usages, there are particular     restrictions like,
-                                "must refer only to types A and B" or "UID not honored"
-                                or "name must be restricted".     Those cannot be
-                                well described when embedded.  3. Inconsistent validation.  Because
-                                the usages are different, the validation rules are
-                                different by usage, which makes it hard for users
-                                to predict what will happen.  4. The fields are both
-                                imprecise and overly precise.  Kind is not a precise
-                                mapping to a URL. This can produce ambiguity     during
-                                interpretation and require a REST mapping.  In most
-                                cases, the dependency is on the group,resource tuple     and
-                                the version of the actual struct is irrelevant.  5.
-                                We cannot easily change it.  Because this type is
-                                embedded in many locations, updates to this type     will
-                                affect numerous schemas.  Don''t make new APIs embed
-                                an underspecified API type they do not control. Instead
-                                of using this type, create a locally provided and
-                                used type that is well-focused on your reference.
+                                usages, there are particular restrictions like, \"must
+                                refer only to types A and B\" or \"UID not honored\"
+                                or \"name must be restricted\". Those cannot be well
+                                described when embedded. 3. Inconsistent validation.
+                                \ Because the usages are different, the validation
+                                rules are different by usage, which makes it hard
+                                for users to predict what will happen. 4. The fields
+                                are both imprecise and overly precise.  Kind is not
+                                a precise mapping to a URL. This can produce ambiguity
+                                during interpretation and require a REST mapping.
+                                \ In most cases, the dependency is on the group,resource
+                                tuple and the version of the actual struct is irrelevant.
+                                5. We cannot easily change it.  Because this type
+                                is embedded in many locations, updates to this type
+                                will affect numerous schemas.  Don't make new APIs
+                                embed an underspecified API type they do not control.
+                                \n Instead of using this type, create a locally provided
+                                and used type that is well-focused on your reference.
                                 For example, ServiceReferences for admission registration:
                                 https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                .'
+                                ."
                               properties:
                                 apiVersion:
                                   description: API version of the referent.
@@ -127,37 +126,37 @@ spec:
                                   description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                   type: string
                               type: object
+                              x-kubernetes-map-type: atomic
                             type: array
                           workload:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -195,6 +194,7 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                         type: object
                       type: array
                   type: object
@@ -213,31 +213,31 @@ spec:
                 description: WorkloadReferences to the workloads that are in this
                   scope.
                 items:
-                  description: 'ObjectReference contains enough information to let
+                  description: "ObjectReference contains enough information to let
                     you inspect or modify the referred object. --- New uses of this
                     type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
                     which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
                     are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
+                    makes it hard for users to predict what will happen. 4. The fields
                     are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
+                    mapping to a URL. This can produce ambiguity during interpretation
                     and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
                     a locally provided and used type that is well-focused on your
                     reference. For example, ServiceReferences for admission registration:
                     https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                    ."
                   properties:
                     apiVersion:
                       description: API version of the referent.
@@ -272,6 +272,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
             required:
             - workloadRefs
@@ -305,35 +306,34 @@ spec:
                             description: HealthStatus represents health status strings.
                             type: string
                           targetWorkload:
-                            description: 'ObjectReference contains enough information
+                            description: "ObjectReference contains enough information
                               to let you inspect or modify the referred object. ---
                               New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
+                              describing its usage when embedded in APIs. 1. Ignored
                               fields.  It includes many fields which are not generally
                               honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
+                              are both very rarely valid in actual usage. 2. Invalid
                               usage help.  It is impossible to add specific help for
                               individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
+                              particular restrictions like, \"must refer only to types
+                              A and B\" or \"UID not honored\" or \"name must be restricted\".
+                              Those cannot be well described when embedded. 3. Inconsistent
+                              validation.  Because the usages are different, the validation
+                              rules are different by usage, which makes it hard for
+                              users to predict what will happen. 4. The fields are
+                              both imprecise and overly precise.  Kind is not a precise
+                              mapping to a URL. This can produce ambiguity during
+                              interpretation and require a REST mapping.  In most
+                              cases, the dependency is on the group,resource tuple
+                              and the version of the actual struct is irrelevant.
+                              5. We cannot easily change it.  Because this type is
+                              embedded in many locations, updates to this type will
+                              affect numerous schemas.  Don't make new APIs embed
+                              an underspecified API type they do not control. \n Instead
+                              of using this type, create a locally provided and used
+                              type that is well-focused on your reference. For example,
+                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              ."
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -371,6 +371,7 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                           traits:
                             items:
                               description: TraitHealthCondition represents informative
@@ -461,32 +462,32 @@ spec:
                       description: HealthStatus represents health status strings.
                       type: string
                     targetWorkload:
-                      description: 'ObjectReference contains enough information to
+                      description: "ObjectReference contains enough information to
                         let you inspect or modify the referred object. --- New uses
                         of this type are discouraged because of difficulty describing
-                        its usage when embedded in APIs.  1. Ignored fields.  It includes
+                        its usage when embedded in APIs. 1. Ignored fields.  It includes
                         many fields which are not generally honored.  For instance,
                         ResourceVersion and FieldPath are both very rarely valid in
-                        actual usage.  2. Invalid usage help.  It is impossible to
+                        actual usage. 2. Invalid usage help.  It is impossible to
                         add specific help for individual usage.  In most embedded
-                        usages, there are particular     restrictions like, "must
-                        refer only to types A and B" or "UID not honored" or "name
-                        must be restricted".     Those cannot be well described when
-                        embedded.  3. Inconsistent validation.  Because the usages
-                        are different, the validation rules are different by usage,
-                        which makes it hard for users to predict what will happen.  4.
-                        The fields are both imprecise and overly precise.  Kind is
-                        not a precise mapping to a URL. This can produce ambiguity     during
-                        interpretation and require a REST mapping.  In most cases,
-                        the dependency is on the group,resource tuple     and the
-                        version of the actual struct is irrelevant.  5. We cannot
-                        easily change it.  Because this type is embedded in many locations,
-                        updates to this type     will affect numerous schemas.  Don''t
-                        make new APIs embed an underspecified API type they do not
-                        control. Instead of using this type, create a locally provided
-                        and used type that is well-focused on your reference. For
-                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                        .'
+                        usages, there are particular restrictions like, \"must refer
+                        only to types A and B\" or \"UID not honored\" or \"name must
+                        be restricted\". Those cannot be well described when embedded.
+                        3. Inconsistent validation.  Because the usages are different,
+                        the validation rules are different by usage, which makes it
+                        hard for users to predict what will happen. 4. The fields
+                        are both imprecise and overly precise.  Kind is not a precise
+                        mapping to a URL. This can produce ambiguity during interpretation
+                        and require a REST mapping.  In most cases, the dependency
+                        is on the group,resource tuple and the version of the actual
+                        struct is irrelevant. 5. We cannot easily change it.  Because
+                        this type is embedded in many locations, updates to this type
+                        will affect numerous schemas.  Don't make new APIs embed an
+                        underspecified API type they do not control. \n Instead of
+                        using this type, create a locally provided and used type that
+                        is well-focused on your reference. For example, ServiceReferences
+                        for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                        ."
                       properties:
                         apiVersion:
                           description: API version of the referent.
@@ -522,6 +523,7 @@ spec:
                           description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                           type: string
                       type: object
+                      x-kubernetes-map-type: atomic
                     traits:
                       items:
                         description: TraitHealthCondition represents informative health
@@ -582,9 +584,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_policydefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: policydefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -161,6 +160,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -271,9 +284,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_resourcetrackers.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: resourcetrackers.core.oam.dev
 spec:
   group: core.oam.dev
@@ -123,6 +122,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
               type:
                 description: ResourceTrackerType defines the type of resourceTracker
@@ -177,6 +177,7 @@ spec:
                       description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                       type: string
                   type: object
+                  x-kubernetes-map-type: atomic
                 type: array
             type: object
         type: object
@@ -184,9 +185,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_scopedefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: scopedefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -145,9 +144,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_traitdefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: traitdefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -197,6 +196,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -511,6 +524,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -644,9 +671,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_workflowstepdefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: workflowstepdefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -158,6 +157,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -268,9 +281,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_workloaddefinitions.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: workloaddefinitions.core.oam.dev
 spec:
   group: core.oam.dev
@@ -202,6 +201,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -492,6 +505,20 @@ spec:
                         description: DeleteResource will determine whether provisioned
                           cloud resources will be deleted when CR is deleted
                         type: boolean
+                      gitCredentialsSecretReference:
+                        description: GitCredentialsSecretReference specifies the reference
+                          to the secret containing the git credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       path:
                         description: Path is the sub-directory of remote git repository.
                           It's valid when remote is set
@@ -596,9 +623,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/crds/standard.oam.dev_rollouts.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.2
   name: rollouts.standard.oam.dev
 spec:
   group: standard.oam.dev
@@ -140,6 +139,7 @@ spec:
                               description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                               type: string
                           type: object
+                          x-kubernetes-map-type: atomic
                       required:
                       - name
                       type: object
@@ -274,6 +274,7 @@ spec:
                                       https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                             required:
                             - name
                             type: object
@@ -474,9 +475,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-minimal/templates/defwithtemplate/apply-component.yaml

@@ -7,7 +7,6 @@ metadata:
     definition.oam.dev/description: Apply a specific component and its corresponding traits in application
   labels:
     custom.definition.oam.dev/scope: Application
-    custom.definition.oam.dev/ui-hidden: "true"
   name: apply-component
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/apply-terraform-provider.yaml

@@ -116,7 +116,7 @@ spec:
         #ECProvider: {
         	type:   "ec"
         	apiKey: *"" | string
-        	name:   "ec-provider" | string
+        	name:   *"ec-provider" | string
         }
         #GCPProvider: {
         	credentials: string

charts/vela-minimal/templates/defwithtemplate/build-push-image.yaml

@@ -19,7 +19,15 @@ spec:
         	"strings"
         )
 
-        url:    strings.TrimPrefix(strings.TrimPrefix(parameter.git, "https://"), "http://")
+        url: {
+        	if parameter.context.git != _|_ {
+        		address: strings.TrimPrefix(parameter.context.git, "git://")
+        		value:   "git://\(address)#refs/heads/\(parameter.context.branch)"
+        	}
+        	if parameter.context.git == _|_ {
+        		value: parameter.context
+        	}
+        }
         kaniko: op.#Apply & {
         	value: {
         		apiVersion: "v1"
@@ -33,9 +41,15 @@ spec:
         				{
         					args: [
         						"--dockerfile=\(parameter.dockerfile)",
-        						"--context=git://\(url)#refs/heads/\(parameter.branch)",
+        						"--context=\(url.value)",
         						"--destination=\(parameter.image)",
         						"--verbosity=\(parameter.verbosity)",
+        						if parameter.platform != _|_ {
+        							"--customPlatform=\(parameter.platform)"
+        						},
+        						if parameter.buildArgs != _|_ for arg in parameter.buildArgs {
+        							"--build-arg=\(arg)"
+        						},
         					]
         					image: parameter.kanikoExecutor
         					name:  "kaniko"
@@ -104,22 +118,41 @@ spec:
         	name: string
         	key:  string
         }
+        #git: {
+        	git:    string
+        	branch: *"master" | string
+        }
         parameter: {
-        	kanikoExecutor: *"gcr.io/kaniko-project/executor:latest" | string
-        	git:            string
-        	branch:         *"master" | string
-        	dockerfile:     *"./Dockerfile" | string
-        	image:          string
+        	// +usage=Specify the kaniko executor image, default to oamdev/kaniko-executor:v1.9.1
+        	kanikoExecutor: *"oamdev/kaniko-executor:v1.9.1" | string
+        	// +usage=Specify the context to build image, you can use context with git and branch or directly specify the context, please refer to https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts
+        	context: #git | string
+        	// +usage=Specify the dockerfile
+        	dockerfile: *"./Dockerfile" | string
+        	// +usage=Specify the image
+        	image: string
+        	// +usage=Specify the platform to build
+        	platform?: string
+        	// +usage=Specify the build args
+        	buildArgs?: [...string]
+        	// +usage=Specify the credentials to access git and image registry
         	credentials?: {
+        		// +usage=Specify the credentials to access git
         		git?: {
+        			// +usage=Specify the secret name
         			name: string
-        			key:  string
+        			// +usage=Specify the secret key
+        			key: string
         		}
+        		// +usage=Specify the credentials to access image registry
         		image?: {
+        			// +usage=Specify the secret name
         			name: string
-        			key:  *".dockerconfigjson" | string
+        			// +usage=Specify the secret key
+        			key: *".dockerconfigjson" | string
         		}
         	}
+        	// +usage=Specify the verbosity level
         	verbosity: *"info" | "panic" | "fatal" | "error" | "warn" | "debug" | "trace"
         }
 

charts/vela-minimal/templates/defwithtemplate/clean-jobs.yaml

@@ -15,18 +15,21 @@ spec:
         	"vela/op"
         )
 
-        parameter: labelselector?: {...}
+        parameter: {
+        	labelselector?: {...}
+        	namespace: *context.namespace | string
+        }
         cleanJobs: op.#Delete & {
         	value: {
         		apiVersion: "batch/v1"
         		kind:       "Job"
         		metadata: {
         			name:      context.name
-        			namespace: context.namespace
+        			namespace: parameter.namespace
         		}
         	}
         	filter: {
-        		namespace: context.namespace
+        		namespace: parameter.namespace
         		if parameter.labelselector != _|_ {
         			matchingLabels: parameter.labelselector
         		}
@@ -41,11 +44,11 @@ spec:
         		kind:       "pod"
         		metadata: {
         			name:      context.name
-        			namespace: context.namespace
+        			namespace: parameter.namespace
         		}
         	}
         	filter: {
-        		namespace: context.namespace
+        		namespace: parameter.namespace
         		if parameter.labelselector != _|_ {
         			matchingLabels: parameter.labelselector
         		}

charts/vela-minimal/templates/defwithtemplate/container-image.yaml

@@ -72,7 +72,7 @@ spec:
         		}]
         	}
         }
-        parameter: *#PatchParams | close({
+        parameter: #PatchParams | close({
         	// +usage=Specify the container image for multiple containers
         	containers: [...#PatchParams]
         })

charts/vela-minimal/templates/defwithtemplate/depends-on-app.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Wait for the specified Application to complete.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: depends-on-app
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/export2config.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Export data to specified Kubernetes ConfigMap in your workflow.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: export2config
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/export2secret.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Export data to Kubernetes Secret in your workflow.
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: export2secret
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/expose.yaml

@@ -53,7 +53,10 @@ spec:
       }
       if service.spec.type == "LoadBalancer" {
       	status: service.status
-      	isHealth: status != _|_ && status.loadBalancer != _|_ && status.loadBalancer.ingress != _|_ && len(status.loadBalancer.ingress) > 0
+      	isHealth: *false | bool
+      	if status != _|_ if status.loadBalancer != _|_ if status.loadBalancer.ingress != _|_ if len(status.loadBalancer.ingress) > 0 if status.loadBalancer.ingress[0].ip != _|_ {
+      		isHealth: true
+      	}
       	if !isHealth {
       		message: "ExternalIP: Pending"
       	}
@@ -62,10 +65,15 @@ spec:
       	}
       }
     healthPolicy: |-
-      isHealth: *true | bool
       service: context.outputs.service
       if service.spec.type == "LoadBalancer" {
       	status: service.status
-      	isHealth: status != _|_ && status.loadBalancer != _|_ && status.loadBalancer.ingress != _|_ && len(status.loadBalancer.ingress) > 0
+      	isHealth: *false | bool
+      	if status != _|_ if status.loadBalancer != _|_ if status.loadBalancer.ingress != _|_ if len(status.loadBalancer.ingress) > 0 if status.loadBalancer.ingress[0].ip != _|_ {
+      		isHealth: true
+      	}
+      }
+      if service.spec.type != "LoadBalancer" {
+      	isHealth: true
       }
 

charts/vela-minimal/templates/defwithtemplate/gateway.yaml

@@ -113,19 +113,20 @@ spec:
       }
       if context.outputs.ingress.status.loadBalancer.ingress != _|_ {
       	let igs = context.outputs.ingress.status.loadBalancer.ingress
+      	let host = context.outputs.ingress.spec.rules[0].host
         if igs[0].ip != _|_ {
-        	if igs[0].host != _|_ {
+        	if host != _|_ {
       	    message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host + ", IP: " + igs[0].ip
         	}
-        	if igs[0].host == _|_ {
+        	if host == _|_ {
       	    message: "Host not specified, visit the cluster or load balancer in front of the cluster with IP: " + igs[0].ip
         	}
         }
         if igs[0].ip == _|_ {
-        	if igs[0].host != _|_ {
+        	if host != _|_ {
       		  message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host
       		}
-        	if igs[0].host != _|_ {
+        	if host != _|_ {
       	    message: "Host not specified, visit the cluster or load balancer in front of the cluster"
       		}
         }

charts/vela-minimal/templates/defwithtemplate/generate-jdbc-connection.yaml

@@ -5,8 +5,6 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Generate a JDBC connection based on Component of alibaba-rds
-  labels:
-    custom.definition.oam.dev/ui-hidden: "true"
   name: generate-jdbc-connection
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/hpa.yaml

@@ -0,0 +1,110 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/hpa.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Configure k8s HPA for Deployment or Statefulsets
+  name: hpa
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  appliesToWorkloads:
+    - deployments.apps
+    - statefulsets.apps
+  podDisruptive: false
+  schematic:
+    cue:
+      template: |
+        outputs: hpa: {
+        	if context.clusterVersion.minor < 23 {
+        		apiVersion: "autoscaling/v2beta2"
+        	}
+        	if context.clusterVersion.minor >= 23 {
+        		apiVersion: "autoscaling/v2"
+        	}
+        	kind: "HorizontalPodAutoscaler"
+        	metadata: name: context.name
+        	spec: {
+        		scaleTargetRef: {
+        			apiVersion: parameter.targetAPIVersion
+        			kind:       parameter.targetKind
+        			name:       context.name
+        		}
+        		minReplicas: parameter.min
+        		maxReplicas: parameter.max
+        		metrics: [
+        			{
+        				type: "Resource"
+        				resource: {
+        					name: "cpu"
+        					target: {
+        						type: parameter.cpu.type
+        						if parameter.cpu.type == "Utilization" {
+        							averageUtilization: parameter.cpu.value
+        						}
+        						if parameter.cpu.type == "AverageValue" {
+        							averageValue: parameter.cpu.value
+        						}
+        					}
+        				}
+        			},
+        			if parameter.mem != _|_ {
+        				{
+        					type: "Resource"
+        					resource: {
+        						name: "memory"
+        						target: {
+        							type: parameter.mem.type
+        							if parameter.cpu.type == "Utilization" {
+        								averageUtilization: parameter.cpu.value
+        							}
+        							if parameter.cpu.type == "AverageValue" {
+        								averageValue: parameter.cpu.value
+        							}
+        						}
+        					}
+        				}
+        			},
+        			if parameter.podCustomMetrics != _|_ for m in parameter.podCustomMetrics {
+        				type: "Pods"
+        				pods: {
+        					metric: name: m.name
+        					target: {
+        						type:         "AverageValue"
+        						averageValue: m.value
+        					}
+        				}
+        			},
+        		]
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the minimal number of replicas to which the autoscaler can scale down
+        	min: *1 | int
+        	// +usage=Specify the maximum number of of replicas to which the autoscaler can scale up
+        	max: *10 | int
+        	// +usage=Specify the apiVersion of scale target
+        	targetAPIVersion: *"apps/v1" | string
+        	// +usage=Specify the kind of scale target
+        	targetKind: *"Deployment" | string
+        	cpu: {
+        		// +usage=Specify resource metrics in terms of percentage("Utilization") or direct value("AverageValue")
+        		type: *"Utilization" | "AverageValue"
+        		// +usage=Specify the value of CPU utilization or averageValue
+        		value: *50 | int
+        	}
+        	mem?: {
+        		// +usage=Specify resource metrics in terms of percentage("Utilization") or direct value("AverageValue")
+        		type: *"Utilization" | "AverageValue"
+        		// +usage=Specify  the value of MEM utilization or averageValue
+        		value: *50 | int
+        	}
+        	// +usage=Specify custom metrics of pod type
+        	podCustomMetrics?: [...{
+        		// +usage=Specify name of custom metrics
+        		name: string
+        		// +usage=Specify target value of custom metrics
+        		value: string
+        	}]
+        }
+

charts/vela-minimal/templates/defwithtemplate/k8s-update-strategy.yaml

@@ -0,0 +1,77 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/k8s-update-strategy.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/alias: ""
+    definition.oam.dev/description: Set k8s update strategy for Deployment/DaemonSet/StatefulSet
+  name: k8s-update-strategy
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  appliesToWorkloads:
+    - deployments.apps
+    - statefulsets.apps
+    - daemonsets.apps
+  conflictsWith: []
+  podDisruptive: false
+  schematic:
+    cue:
+      template: |
+        patch: spec: {
+        	if parameter.targetKind == "Deployment" && parameter.strategy.type != "OnDelete" {
+        		// +patchStrategy=retainKeys
+        		strategy: {
+        			type: parameter.strategy.type
+        			if parameter.strategy.type == "RollingUpdate" {
+        				rollingUpdate: {
+        					maxSurge:       parameter.strategy.rollingStrategy.maxSurge
+        					maxUnavailable: parameter.strategy.rollingStrategy.maxUnavailable
+        				}
+        			}
+        		}
+        	}
+
+        	if parameter.targetKind == "StatefulSet" && parameter.strategy.type != "Recreate" {
+        		// +patchStrategy=retainKeys
+        		updateStrategy: {
+        			type: parameter.strategy.type
+        			if parameter.strategy.type == "RollingUpdate" {
+        				rollingUpdate: partition: parameter.strategy.rollingStrategy.partition
+        			}
+        		}
+        	}
+
+        	if parameter.targetKind == "DaemonSet" && parameter.strategy.type != "Recreate" {
+        		// +patchStrategy=retainKeys
+        		updateStrategy: {
+        			type: parameter.strategy.type
+        			if parameter.strategy.type == "RollingUpdate" {
+        				rollingUpdate: {
+        					maxSurge:       parameter.strategy.rollingStrategy.maxSurge
+        					maxUnavailable: parameter.strategy.rollingStrategy.maxUnavailable
+        				}
+        			}
+        		}
+        	}
+
+        }
+        parameter: {
+        	// +usage=Specify the apiVersion of target
+        	targetAPIVersion: *"apps/v1" | string
+        	// +usage=Specify the kind of target
+        	targetKind: *"Deployment" | "StatefulSet" | "DaemonSet"
+        	// +usage=Specify the strategy of update
+        	strategy: {
+        		// +usage=Specify the strategy type
+        		type: *"RollingUpdate" | "Recreate" | "OnDelete"
+        		// +usage=Specify the parameters of rollong update strategy
+        		rollingStrategy?: {
+        			maxSurge:       *"25%" | string
+        			maxUnavailable: *"25%" | string
+        			partition:      *0 | int
+        		}
+        	}
+        }
+  workloadRefPath: ""
+