Fix: addon function converted (#4411 )

Signed-off-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>
Fix: fix volumes duplicate in list (#4390 )
2026-02-22 22:04:16 +00:00 · 2022-07-19 19:54:44 +08:00 · 2022-07-15 20:11:49 +08:00 · 2022-07-14 18:51:05 +08:00 · 2022-07-14 18:50:23 +08:00 · 2022-07-14 11:22:41 +08:00
1459 changed files with 51123 additions and 92704 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,37 +1,36 @@
 # This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file

-*                                  @barnettZQG @wonderflow @leejanee @Somefive @jefree-cat @FogDong
-design/                            @barnettZQG @leejanee @wonderflow @Somefive @jefree-cat @FogDong
-
-# Owner of Core Controllers
-pkg/controller/core.oam.dev       @Somefive @FogDong @barnettZQG @wonderflow
-
-# Owner of Standard Controllers
-pkg/controller/standard.oam.dev   @wangyikewxgm @barnettZQG @wonderflow
+*                                  @barnettZQG @wonderflow @leejanee
+design/                            @barnettZQG @leejanee @wonderflow

 # Owner of CUE
-pkg/cue                            @leejanee @FogDong @Somefive
-pkg/stdlib                         @leejanee @FogDong @Somefive
+pkg/cue                            @leejanee @FogDong
+pkg/stdlib                         @leejanee @FogDong

 # Owner of Workflow
-pkg/workflow                       @leejanee @FogDong @Somefive
+pkg/workflow                       @leejanee @FogDong

 # Owner of rollout
-pkg/controller/common/rollout/     @wangyikewxgm @wonderflow
-runtime/rollout                    @wangyikewxgm @wonderflow
+pkg/controller/common/rollout/                              @wangyikewxgm @wonderflow
+pkg/controller/core.oam.dev/v1alpha2/applicationrollout     @wangyikewxgm @wonderflow
+pkg/controller/standard.oam.dev/v1alpha1/rollout            @wangyikewxgm @wonderflow
+runtime/rollout                                             @wangyikewxgm @wonderflow
+
+# Owner of definition controller
+pkg/controller/core.oam.dev/v1alpha2/core/workflow/workflowstepdefinition  @yangsoon @Somefive
+pkg/controller/core.oam.dev/v1alpha2/core/policies/policydefinition        @yangsoon @Somefive
+pkg/controller/core.oam.dev/v1alpha2/core/components/componentdefinition   @yangsoon @zzxwill
+pkg/controller/core.oam.dev/v1alpha2/core/traits/traitdefinition           @yangsoon @zzxwill
+
+# Owner of health scope controller
+pkg/controller/core.oam.dev/v1alpha2/core/scopes/healthscope     @captainroy-hy @zzxwill

 # Owner of vela templates
-vela-templates/                     @Somefive @barnettZQG @wonderflow @FogDong
+vela-templates/                     @Somefive @barnettZQG @wonderflow

 # Owner of vela CLI
-references/cli/                     @Somefive @zzxwill @StevenLeiZhang @charlie0129 @chivalryq
+references/cli/                     @Somefive @zzxwill 

 # Owner of vela APIServer
-pkg/apiserver/                     @barnettZQG @yangsoon @FogDong
+pkg/apiserver/                     @barnettZQG @yangsoon

-# Owner of vela addon framework
-pkg/addon/                         @wangyikewxgm @wonderflow @charlie0129
-
-# Owner of resource keeper and tracker
-pkg/resourcekeeper                 @Somefive @FogDong
-pkg/resourcetracker                @Somefive @FogDong
--- a/.github/bot.md
+++ b/.github/bot.md
@@ -1,6 +1,6 @@
 ### GitHub & kubevela automation

-The bot is configured via [issue-commands.json](https://github.com/kubevela/kubevela/blob/master/.github/issue-commands.json) 
+The bot is configured via [issue-commands.json](https://github.com/kubevela/kubevela/blob/master/.github/workflows/issue-commands.json) 
 and some other GitHub [workflows](https://github.com/kubevela/kubevela/blob/master/.github/workflows).
 By default, users with write access to the repo is allowed to use the comments, 
 the [userlist](https://github.com/kubevela/kubevela/blob/master/.github/comment.userlist) 
--- a/.github/workflows/apiserver-test.yaml
+++ b/.github/workflows/apiserver-test.yaml
@@ -0,0 +1,143 @@
+name: APIServer Unit Test & E2E Test
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+      - apiserver
+    tags:
+      - v*
+  workflow_dispatch: { }
+  pull_request:
+    branches:
+      - master
+      - release-*
+      - apiserver
+
+env:
+  # Common versions
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-20.04
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi
+
+
+  apiserver-unit-tests:
+    runs-on: aliyun
+    needs: [ detect-noop,set-k8s-matrix ]
+    if: needs.detect-noop.outputs.noop != 'true'
+    strategy:
+      matrix:
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ env.GO_VERSION }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Get dependencies
+        run: |
+          go get -v -t -d ./...
+
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
+        with:
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true
+
+      - name: Setup Kind Cluster (Worker)
+        run: |
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }} --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig
+
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
+          kubectl version
+          kubectl cluster-info
+      
+      - name: Run api server unit test
+        run: make unit-test-apiserver
+
+      - name: Load Image to kind cluster
+        run: make kind-load
+
+      - name: Cleanup for e2e tests
+        run: |
+          make e2e-cleanup
+          make vela-cli
+          make e2e-setup-core
+          bin/vela addon enable fluxcd
+          timeout 600s bash -c -- 'while true; do kubectl get ns flux-system; if [ $? -eq 0 ] ; then break; else sleep 5; fi;done'
+          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
+          kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
+          kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
+
+      - name: Run api server e2e test
+        run: |
+          export ALIYUN_ACCESS_KEY_ID=${{ secrets.ALIYUN_ACCESS_KEY_ID }}
+          export ALIYUN_ACCESS_KEY_SECRET=${{ secrets.ALIYUN_ACCESS_KEY_SECRET }}
+          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+          make e2e-apiserver-test
+
+      - name: Stop kubevela, get profile
+        run: make end-e2e-core
+
+      - name: Upload coverage report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage.txt,/tmp/e2e_apiserver_test.out
+          flags: apiserver-unittests
+          name: codecov-umbrella
+
+      - name: Clean e2e profile
+        run: rm /tmp/e2e-profile.out
+
+      - name: Cleanup image
+        if: ${{ always() }}
+        run: make image-cleanup
--- a/.github/workflows/apiserver-test.yml
+++ b/.github/workflows/apiserver-test.yml
@@ -1,198 +0,0 @@
-name: VelaUX APIServer Test
-
-on:
-  push:
-    branches:
-      - master
-      - release-*
-      - apiserver
-    tags:
-      - v*
-  workflow_dispatch: { }
-  pull_request:
-    branches:
-      - master
-      - release-*
-      - apiserver
-
-env:
-  # Common versions
-  GO_VERSION: '1.19'
-
-permissions:
-  contents: read
-
-jobs:
-
-  detect-noop:
-    runs-on: ubuntu-20.04
-    outputs:
-      noop: ${{ steps.noop.outputs.should_skip }}
-    steps:
-      - name: Detect No-op Changes
-        id: noop
-        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
-          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
-        continue-on-error: true
-
-  apiserver-unit-tests:
-    runs-on: ubuntu-20.04
-    needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
-
-    steps:
-      - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
-        with:
-          go-version: ${{ env.GO_VERSION }}
-        id: go
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-
-      - name: Cache Go Dependencies
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
-        with:
-          path: .work/pkg
-          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-
-
-      - name: Install ginkgo
-        run: |
-          sudo sed -i 's/azure\.//' /etc/apt/sources.list
-          sudo apt-get update
-          sudo apt-get install -y golang-ginkgo-dev
-
-      - name: Start MongoDB
-        uses: supercharge/mongodb-github-action@538a4d2a1041920c47630172445cb688592d6e51 # 1.8.0
-        with:
-          mongodb-version: '5.0'
-
-        # TODO need update action version to resolve node 12 deprecated.
-      - name: install Kubebuilder
-        uses: RyanSiu1995/kubebuilder-action@ff52bff1bae252239223476e5ab0d71d6ba02343
-        with:
-          version: 3.1.0
-          kubebuilderOnly: false
-          kubernetesVersion: v1.21.2
-
-      - name: Run api server unit test
-        run: make unit-test-apiserver
-
-      - name: Upload coverage report
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          file: ./coverage.txt
-          flags: apiserver-unittests
-          name: codecov-umbrella
-
-  apiserver-e2e-tests:
-    runs-on: aliyun
-    needs: [ detect-noop ]
-    if: needs.detect-noop.outputs.noop != 'true'
-    strategy:
-      matrix:
-        k8s-version: ["v1.20","v1.24"]
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-
-    steps:
-      - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
-        with:
-          go-version: ${{ env.GO_VERSION }}
-        id: go
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-
-      - name: Get dependencies
-        run: |
-          go get -v -t -d ./...
-
-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d (Hub)
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
-        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
-
-
-      - name: Setup K3d (Worker)
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
-        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-name: worker
-          k3d-args: --kubeconfig-update-default=false --network=k3d-k3s-default ${{ env.EGRESS_ARG }}
-
-
-      - name: Kind Cluster (Worker)
-        run: |
-          internal_ip=$(docker network inspect k3d-k3s-default|jq ".[0].Containers"| jq -r '.[]| select(.Name=="k3d-worker-server-0")|.IPv4Address' | cut -d/ -f1)
-          k3d kubeconfig get worker > /tmp/worker.client.kubeconfig
-          cp /tmp/worker.client.kubeconfig /tmp/worker.kubeconfig
-          sed -i "s/0.0.0.0:[0-9]\+/$internal_ip:6443/"  /tmp/worker.kubeconfig
-
-      - name: Load image to k3d cluster
-        run: make image-load
-
-      - name: Cleanup for e2e tests
-        run: |
-          make vela-cli
-          make e2e-cleanup
-          make e2e-setup-core
-          bin/vela addon enable fluxcd
-          bin/vela addon enable vela-workflow --override-definitions
-          timeout 600s bash -c -- 'while true; do kubectl get ns flux-system; if [ $? -eq 0 ] ; then break; else sleep 5; fi;done'
-          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
-          kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
-          kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
-          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-workflow -n vela-system --timeout=600s
-
-      - name: Run api server e2e test
-        run: |
-          export ALIYUN_ACCESS_KEY_ID=${{ secrets.ALIYUN_ACCESS_KEY_ID }}
-          export ALIYUN_ACCESS_KEY_SECRET=${{ secrets.ALIYUN_ACCESS_KEY_SECRET }}
-          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
-          make e2e-apiserver-test
-
-      - name: Stop kubevela, get profile
-        run: make end-e2e-core
-
-      - name: Upload coverage report
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: /tmp/e2e-profile.out, /tmp/e2e_apiserver_test.out
-          flags: apiserver-e2etests
-          name: codecov-umbrella
-
-      - name: Clean e2e profile
-        run: rm /tmp/e2e-profile.out
-
-      - name: Cleanup image
-        if: ${{ always() }}
-        run: make image-cleanup
--- a/.github/workflows/back-port.yaml
+++ b/.github/workflows/back-port.yaml
@@ -4,25 +4,19 @@ on:
    types:
      - closed

-permissions:
-  contents: read
-
 jobs:
  # align with crossplane's choice https://github.com/crossplane/crossplane/blob/master/.github/workflows/backport.yml
  open-pr:
    runs-on: ubuntu-20.04
    if: github.event.pull_request.merged
-    permissions:
-      contents: write
-      pull-requests: write
    steps:
      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - name: Open Backport PR
-        uses: zeebe-io/backport-action@2ee900dc92632adf994f8e437b6d16840fd61f58
+        uses: zeebe-io/backport-action@v0.0.6
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          github_workspace: ${{ github.workspace }}
--- a/.github/workflows/chart.yaml
+++ b/.github/workflows/chart.yaml
@@ -6,9 +6,6 @@ on:
      - "v*"
  workflow_dispatch: { }

-permissions:
-  contents: read
-
 env:
  BUCKET: ${{ secrets.OSS_BUCKET }}
  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
@@ -24,25 +21,21 @@ jobs:
      MINIMAL_HELM_CHART: charts/vela-minimal
      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
-      LOCAL_OSS_DIRECTORY: .oss
-      HELM_CHART_NAME: vela-core
-      MINIMAL_HELM_CHART_NAME: vela-minimal
-      LEGACY_HELM_CHART_NAME: vela-core-legacy
-      VELA_ROLLOUT_HELM_CHART_NAME: vela-rollout
+      LOCAL_OSS_DIRECTORY: .oss/
    runs-on: ubuntu-20.04
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@master
      - name: Get git revision
        id: vars
        shell: bash
        run: |
-          echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
+        uses: azure/setup-helm@v1
        with:
          version: v3.4.0
      - name: Setup node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
+        uses: actions/setup-node@v2
        with:
          node-version: '14'
      - name: Generate helm doc
@@ -59,7 +52,7 @@ jobs:
        id: get_version
        run: |
          VERSION=${GITHUB_REF#refs/tags/}
-          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+          echo ::set-output name=VERSION::${VERSION}
      - name: Tag helm chart image
        run: |
          image_tag=${{ steps.get_version.outputs.VERSION }}
@@ -93,11 +86,4 @@ jobs:
          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
      - name: sync local to cloud
-        run: |
-          image_tag=${{ steps.get_version.outputs.VERSION }}
-          chart_semver=${image_tag#"v"}
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/index.yaml oss://$BUCKET/core/index.yaml
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$HELM_CHART_NAME-${chart_semver}.tgz 
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$MINIMAL_HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$MINIMAL_HELM_CHART_NAME-${chart_semver}.tgz
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$LEGACY_HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$LEGACY_HELM_CHART_NAME-${chart_semver}.tgz
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$VELA_ROLLOUT_HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$VELA_ROLLOUT_HELM_CHART_NAME-${chart_semver}.tgz
+        run: ./ossutil --config-file .ossutilconfig sync $LOCAL_OSS_DIRECTORY oss://$BUCKET/core -f
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -4,34 +4,27 @@ on:
  push:
    branches: [ master, release-* ]

-permissions:
-  contents: read
-
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

-    permissions:
-      actions: read  # for github/codeql-action/init to get workflow details
-      security-events: write  # for github/codeql-action/autobuild to send a status report
-
    strategy:
      fail-fast: false
      matrix:
        language: [ 'go' ]

    steps:
-      - name: Checkout repository
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - name: Checkout repository
+      uses: actions/checkout@v2

-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
-        with:
-          languages: ${{ matrix.language }}
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}

-      - name: Autobuild
-        uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/commit-lint.yml
+++ b/.github/workflows/commit-lint.yml
@@ -8,14 +8,11 @@ on:
      - labeled
      - unlabeled

-permissions:
-  pull-requests: read
-
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
-      - uses: thehanimo/pr-title-checker@v1.3.5
+      - uses: thehanimo/pr-title-checker@v1.3.1
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          pass_on_octokit_error: true
--- a/.github/workflows/core-api-test.yml
+++ b/.github/workflows/core-api-test.yml
@@ -1,40 +0,0 @@
-name: core-api-test
-on:
-  pull_request:
-    paths:
-      - 'apis/**'
-      - 'pkg/oam/**'
-      - "hack/apis/**"
-    branches:
-      - master
-      - release-*
-
-permissions:
-  contents: read
-
-jobs:
-  core-api-test:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Set up Go 1.19
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
-        env:
-          GO_VERSION: '1.19'
-        with:
-          go-version: ${{ env.GO_VERSION }}
-        id: go
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-
-      - name: Get the version
-        id: get_version
-        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
-
-      - name: Test build kubevela-core-api
-        env:
-          VERSION: ${{ steps.get_version.outputs.VERSION }}
-          COMMIT_ID: ${{ github.sha }}
-        run: |
-          bash ./hack/apis/clientgen.sh
-          bash ./hack/apis/sync.sh test
--- a/.github/workflows/definition-lint.yml
+++ b/.github/workflows/definition-lint.yml
@@ -1,47 +0,0 @@
-name: Definition-Lint
-
-on:
-  push:
-    branches:
-      - master
-      - release-*
-  workflow_dispatch: {}
-  pull_request:
-    branches:
-      - master
-      - release-*
-
-permissions:
-  contents: read
-
-env:
-  # Common versions
-  GO_VERSION: '1.19'
-
-jobs:
-  definition-doc:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-
-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
-        with:
-          version: v1.20
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Definition Doc generate check
-        run: |
-          go build -o docgen hack/docgen/def/gen.go
-          ./docgen --type=comp --force-example-doc --path=./comp-def-check.md
-          ./docgen --type=trait --force-example-doc --path=./trait-def-check.md
-          ./docgen --type=wf --force-example-doc --path=./wf-def-check.md
-          ./docgen --type=policy --force-example-doc --path=./policy-def-check.md
--- a/.github/workflows/e2e-multicluster-test.yml
+++ b/.github/workflows/e2e-multicluster-test.yml
@@ -13,49 +13,60 @@ on:
      - master
      - release-*

-permissions:
-  contents: read
-
 env:
  # Common versions
-  GO_VERSION: '1.19'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'

 jobs:

  detect-noop:
-    permissions:
-      actions: write
    runs-on: ubuntu-20.04
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
-        continue-on-error: true
+          concurrent_skipping: false
+
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi
+

  e2e-multi-cluster-tests:
    runs-on: aliyun
-    needs: [ detect-noop ]
+    needs: [ detect-noop,set-k8s-matrix ]
    if: needs.detect-noop.outputs.noop != 'true'
    strategy:
      matrix:
-        k8s-version: ["v1.20","v1.24"]
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}


    steps:
      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2

      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

@@ -63,49 +74,37 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d (Hub)
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-      - name: Setup K3d (Worker)
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
-        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-name: worker
-          k3d-args: --kubeconfig-update-default=false --network=k3d-k3s-default ${{ env.EGRESS_ARG }}
-
-      - name: Generating internal worker kubeconfig
+      - name: Setup Kind Cluster (Worker)
        run: |
-          internal_ip=$(docker network inspect k3d-k3s-default|jq ".[0].Containers"| jq -r '.[]| select(.Name=="k3d-worker-server-0")|.IPv4Address' | cut -d/ -f1)
-          k3d kubeconfig get worker > /tmp/worker.client.kubeconfig
-          cp /tmp/worker.client.kubeconfig /tmp/worker.kubeconfig
-          sed -i "s/0.0.0.0:[0-9]\+/$internal_ip:6443/"  /tmp/worker.kubeconfig
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }} --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig

-      - name: Load image to k3d cluster (hub and worker)
-        run: make image-load image-load-runtime-cluster
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster (Hub)
+        run: make kind-load

      - name: Cleanup for e2e tests
        run: |
-          make vela-cli
          make e2e-cleanup
+          make vela-cli
          make e2e-setup-core-auth
+          make
          make setup-runtime-e2e-cluster

      - name: Run e2e multicluster tests
@@ -117,7 +116,7 @@ jobs:
        run: make end-e2e-core

      - name: Upload coverage report
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@v1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
--- a/.github/workflows/e2e-rollout-test.yml
+++ b/.github/workflows/e2e-rollout-test.yml
@@ -13,49 +13,58 @@ on:
      - master
      - release-*

-permissions:
-  contents: read
-
 env:
  # Common versions
-  GO_VERSION: '1.19'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'

 jobs:

  detect-noop:
-    permissions:
-      actions: write
    runs-on: ubuntu-20.04
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
-        continue-on-error: true
+          concurrent_skipping: false
+
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi

  e2e-rollout-tests:
    runs-on: aliyun
-    needs: [ detect-noop ]
+    needs: [ detect-noop,set-k8s-matrix ]
    if: needs.detect-noop.outputs.noop != 'true'
    strategy:
      matrix:
-        k8s-version: ["v1.20","v1.24"]
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}

    steps:
      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2

      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

@@ -63,35 +72,33 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-      - name: Load image to k3d cluster
-        run: make image-load image-load-runtime-cluster
+      - name: Setup Kind Cluster
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster
+        run: make kind-load
+
+      - name: Run Make
+        run: make
+
+      - name: Run Make Manager
+        run: make manager

      - name: Prepare for e2e tests
        run: |
-          make vela-cli
          make e2e-cleanup
-          make e2e-setup-core
-          make setup-runtime-e2e-cluster
+          make e2e-setup
+          helm lint ./charts/vela-core
          helm test -n vela-system kubevela --timeout 5m

      - name: Run e2e tests
@@ -101,7 +108,7 @@ jobs:
        run: make end-e2e

      - name: Upload coverage report
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@v1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: /tmp/e2e-profile.out
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@@ -13,49 +13,58 @@ on:
      - master
      - release-*

-permissions:
-  contents: read
-
 env:
  # Common versions
-  GO_VERSION: '1.19'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'

 jobs:

  detect-noop:
-    permissions:
-      actions: write
    runs-on: ubuntu-20.04
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
-        continue-on-error: true
+          concurrent_skipping: false
+
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi

  e2e-tests:
    runs-on: aliyun
-    needs: [ detect-noop ]
+    needs: [ detect-noop,set-k8s-matrix ]
    if: needs.detect-noop.outputs.noop != 'true'
    strategy:
      matrix:
-        k8s-version: ["v1.20","v1.24"]
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}

    steps:
      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2

      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

@@ -63,36 +72,33 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-      - name: Load image to k3d cluster
-        run: make image-load
+      - name: Setup Kind Cluster
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster
+        run: make kind-load

      - name: Run Make
        run: make

+      - name: Run Make Manager
+        run: make manager
+
      - name: Prepare for e2e tests
        run: |
          make e2e-cleanup
-          make e2e-setup-core
+          make e2e-setup
+          helm lint ./charts/vela-core
          helm test -n vela-system kubevela --timeout 5m

      - name: Run api e2e tests
@@ -108,7 +114,7 @@ jobs:
        run: make end-e2e

      - name: Upload coverage report
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@v1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: /tmp/e2e-profile.out
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -11,13 +11,11 @@ on:
      - master
      - release-*

-permissions:  # added using https://github.com/step-security/secure-workflows
-  contents: read
-
 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -25,17 +23,15 @@ jobs:
    runs-on: ubuntu-20.04
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
-    permissions:
-      actions: write
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
-        continue-on-error: true
+          concurrent_skipping: false

  staticcheck:
    runs-on: ubuntu-20.04
@@ -44,17 +40,27 @@ jobs:

    steps:
      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          submodules: true

+      - name: Cache Go Dependencies
+        uses: actions/cache@v2
+        with:
+          path: .work/pkg
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
+      - name: Install StaticCheck
+        run: GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@v0.3.0
+
      - name: Static Check
-        run: make staticcheck
+        run: staticcheck ./...

      - name: License Header Check
        run: make check-license-header
@@ -63,27 +69,31 @@ jobs:
    runs-on: ubuntu-20.04
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'
-    permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests

    steps:
      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          submodules: true

+      - name: Cache Go Dependencies
+        uses: actions/cache@v2
+        with:
+          path: .work/pkg
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
      # This action uses its own setup-go, which always seems to use the latest
      # stable version of Go. We could run 'make lint' to ensure our desired Go
      # version, but we prefer this action because it leaves 'annotations' (i.e.
      # it comments on PRs to point out linter violations).
      - name: Lint
-        uses: golangci/golangci-lint-action@07db5389c99593f11ad7b44463c2d4233066a9b1 # v3.3.0
+        uses: golangci/golangci-lint-action@v3
        with:
          version: ${{ env.GOLANGCI_VERSION }}

@@ -94,125 +104,35 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          submodules: true

      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Setup node
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
+        uses: actions/setup-node@v2
        with:
          node-version: '14'

      - name: Cache Go Dependencies
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
+        uses: actions/cache@v2
        with:
          path: .work/pkg
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-pkg-

+      - name: Check code formatting
+        run: go install golang.org/x/tools/cmd/goimports && make fmt
+
      - name: Run cross-build
        run: make cross-build

      - name: Check Diff
-        run: |
-          export PATH=$(pwd)/bin/:$PATH
-          make check-diff
+        run: make check-diff
              
      - name: Cleanup binary
        run: make build-cleanup
-
-  check-windows:
-    runs-on: windows-latest
-    needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-
-      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Cache Go Dependencies
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
-        with:
-          path: .work/pkg
-          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-
-
-      - name: Run Build CLI
-        run: make vela-cli
-
-      - name: Run CLI for version
-        shell: cmd
-        run: |
-          move .\bin\vela .\bin\vela.exe
-          .\bin\vela.exe version
-
-  check-core-image-build:
-    runs-on: ubuntu-latest
-    needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
-      - name: Build Test for vela core
-        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
-        with:
-          context: .
-          file: Dockerfile
-          platforms: linux/amd64,linux/arm64
-
-  check-apiserver-image-build:
-    runs-on: ubuntu-latest
-    needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
-      - name: Build Test for apiserver
-        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
-        with:
-          context: .
-          file: Dockerfile.apiserver
-          platforms: linux/amd64,linux/arm64
-
-  check-cli-image-build:
-    runs-on: ubuntu-latest
-    needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          submodules: true
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
-      - name: Build Test for CLI
-        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
-        with:
-          context: .
-          file: Dockerfile.cli
--- a/.github/workflows/issue-commands.yml
+++ b/.github/workflows/issue-commands.yml
@@ -5,26 +5,17 @@ on:
  issue_comment:
    types: [created]

-permissions:
-  contents: read
-
 jobs:
  bot:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    steps:
      - name: Checkout Actions
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          repository: "oam-dev/kubevela-github-actions"
          path: ./actions
          ref: v0.4.2
-      - name: Setup Node.js
-        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
-        with:
-          node-version: '14'
-          cache: 'npm'
-          cache-dependency-path: ./actions/package-lock.json
-      - name: Install Dependencies
+      - name: Install Actions
        run: npm ci --production --prefix ./actions
      - name: Run Commands
        uses: ./actions/commands
@@ -33,15 +24,12 @@ jobs:
          configPath: issue-commands

  backport:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-18.04
    if: github.event.issue.pull_request && contains(github.event.comment.body, '/backport')
-    permissions:
-      issues: write
-      pull-requests: write
    steps:
      - name: Extract Command
        id: command
-        uses: xt0rted/slash-command-action@bf51f8f5f4ea3d58abc7eca58f77104182b23e88
+        uses: xt0rted/slash-command-action@v1
        with:
          repo-token: ${{ secrets.VELA_BOT_TOKEN }}
          command: backport
@@ -50,7 +38,7 @@ jobs:
          allow-edits: "false"
          permission-level: read
      - name: Handle Command
-        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0
+        uses: actions/github-script@v4
        env:
          VERSION: ${{ steps.command.outputs.command-arguments }}
        with:
@@ -71,11 +59,11 @@ jobs:
            })
            console.log("Added '" + label + "' label.")
      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Open Backport PR
-        uses: zeebe-io/backport-action@2ee900dc92632adf994f8e437b6d16840fd61f58
+        uses: zeebe-io/backport-action@v0.0.6
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          github_workspace: ${{ github.workspace }}
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -9,16 +9,13 @@ on:
    branches:
      - master
      - release-*
-      -
-permissions:
-  contents: read

 jobs:
  license_check:
    runs-on: ubuntu-latest
    name: Check for unapproved licenses
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@v2
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
--- a/.github/workflows/registry.yml
+++ b/.github/workflows/registry.yml
@@ -11,16 +11,11 @@ env:
  ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
  ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}

-permissions:
-  contents: read
-
 jobs:
  publish-core-images:
-    permissions:
-      packages: write
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@master
      - name: Get the version
        id: get_version
        run: |
@@ -28,36 +23,36 @@ jobs:
          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
            VERSION=latest
          fi
-          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+          echo ::set-output name=VERSION::${VERSION}
      - name: Get git revision
        id: vars
        shell: bash
        run: |
-          echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
      - name: Login ghcr.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login docker.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@v1
        with:
          registry: docker.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Login Alibaba Cloud ACR
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@v1
        with:
          registry: ${{ secrets.ACR_DOMAIN }}
          username: ${{ secrets.ACR_USERNAME }}
          password: ${{ secrets.ACR_PASSWORD }}
-      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
        with:
          driver-opts: image=moby/buildkit:master

-      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      - uses: docker/build-push-action@v2
        name: Build & Pushing vela-core for Dockerhub, GHCR and ACR
        with:
          context: .
@@ -76,7 +71,7 @@ jobs:
            ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}

-      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      - uses: docker/build-push-action@v2
        name: Build & Pushing CLI for Dockerhub, GHCR and ACR
        with:
          context: .
@@ -96,11 +91,9 @@ jobs:
            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}

  publish-addon-images:
-    permissions:
-      packages: write
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@master
      - name: Get the version
        id: get_version
        run: |
@@ -108,36 +101,36 @@ jobs:
          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
            VERSION=latest
          fi
-          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+          echo ::set-output name=VERSION::${VERSION}
      - name: Get git revision
        id: vars
        shell: bash
        run: |
-          echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
      - name: Login ghcr.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login docker.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@v1
        with:
          registry: docker.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Login Alibaba Cloud ACR
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@v1
        with:
          registry: ${{ secrets.ACR_DOMAIN }}
          username: ${{ secrets.ACR_USERNAME }}
          password: ${{ secrets.ACR_PASSWORD }}
-      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
        with:
          driver-opts: image=moby/buildkit:master

-      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      - uses: docker/build-push-action@v2
        name: Build & Pushing vela-apiserver for Dockerhub, GHCR and ACR
        with:
          context: .
@@ -156,7 +149,7 @@ jobs:
            ghcr.io/${{ github.repository_owner }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}

-      - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      - uses: docker/build-push-action@v2
        name: Build & Pushing runtime rollout Dockerhub, GHCR and ACR
        with:
          context: .
@@ -182,7 +175,7 @@ jobs:
      CAPABILITY_ENDPOINT: oss-cn-beijing.aliyuncs.com
    runs-on: ubuntu-20.04
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      - uses: actions/checkout@master
      - name: Install ossutil
        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
      - name: Configure Alibaba Cloud OSSUTIL
@@ -192,4 +185,4 @@ jobs:
      - name: rsync all capabilites
        run: rsync vela-templates/registry/auto-gen/* $CAPABILITY_DIR
      - name: sync local to cloud
-        run: ./ossutil --config-file .ossutilconfig sync $CAPABILITY_DIR oss://$CAPABILITY_BUCKET -f
+        run: ./ossutil --config-file .ossutilconfig sync $CAPABILITY_DIR oss://$CAPABILITY_BUCKET -f
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,20 +13,8 @@ env:
  ACCESS_KEY: ${{ secrets.CLI_OSS_ACCESS_KEY }}
  ACCESS_KEY_SECRET: ${{ secrets.CLI_OSS_ACCESS_KEY_SECRET }}

-permissions:
-  contents: read
-
 jobs:
  build:
-    permissions:
-      contents: write
-      actions: read
-      checks: write
-      issues: read
-      packages: write
-      pull-requests: read
-      repository-projects: read
-      statuses: read
    runs-on: ubuntu-latest
    name: build
    strategy:
@@ -39,22 +27,22 @@ jobs:
      DIST_DIRS: find * -type d -exec
    steps:
      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
      - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v2
        with:
-          go-version: 1.19
+          go-version: 1.17
      - name: Get release
        id: get_release
-        uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f # v1.3.2
+        uses: bruceadams/get-release@v1.2.2
      - name: Get version
        run: echo "VELA_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
      - name: Get matrix
        id: get_matrix
        run: |
          TARGETS=${{matrix.TARGETS}}
-          echo "OS=${TARGETS%/*}" >> $GITHUB_OUTPUT
-          echo "ARCH=${TARGETS#*/}" >> $GITHUB_OUTPUT
+          echo ::set-output name=OS::${TARGETS%/*}
+          echo ::set-output name=ARCH::${TARGETS#*/}
      - name: Get ldflags
        id: get_ldflags
        run: |
@@ -87,31 +75,35 @@ jobs:
          cd .. && \
          sha256sum vela/vela-* kubectl-vela/kubectl-vela-* >> sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt \
      - name: Upload Vela tar.gz
-        uses: kubevela/vela-upload-release-asset@9b3858e67d3205e056d6220e5972abb32fc47289 # v1.0.0
+        uses: actions/upload-release-asset@v1.0.2
        with:
-          release_id: ${{ steps.get_release.outputs.id }}
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
          asset_name: vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
+          asset_content_type: binary/octet-stream
      - name: Upload Vela zip
-        uses: kubevela/vela-upload-release-asset@9b3858e67d3205e056d6220e5972abb32fc47289 # v1.0.0
+        uses: actions/upload-release-asset@v1.0.2
        with:
-          release_id: ${{ steps.get_release.outputs.id }}
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
          asset_name: vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
+          asset_content_type: binary/octet-stream
      - name: Upload Kubectl-Vela tar.gz
-        uses: kubevela/vela-upload-release-asset@9b3858e67d3205e056d6220e5972abb32fc47289 # v1.0.0
+        uses: actions/upload-release-asset@v1.0.2
        with:
-          release_id: ${{ steps.get_release.outputs.id }}
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./_bin/kubectl-vela/kubectl-vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
          asset_name: kubectl-vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
+          asset_content_type: binary/octet-stream
      - name: Upload Kubectl-Vela zip
-        uses: kubevela/vela-upload-release-asset@9b3858e67d3205e056d6220e5972abb32fc47289 # v1.0.0
+        uses: actions/upload-release-asset@v1.0.2
        with:
-          release_id: ${{ steps.get_release.outputs.id }}
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./_bin/kubectl-vela/kubectl-vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
          asset_name: kubectl-vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
+          asset_content_type: binary/octet-stream
      - name: Post sha256
-        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
+        uses: actions/upload-artifact@v2
        with:
          name: sha256sums
          path: ./_bin/sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt
@@ -127,6 +119,7 @@ jobs:
        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
      - name: sync local to cloud
        run: ./ossutil --config-file .ossutilconfig sync ./_bin/vela oss://$BUCKET/binary/vela/${{ env.VELA_VERSION }}
+      
      - name: sync the latest version file
        if: ${{ !contains(env.VELA_VERSION,'alpha') && !contains(env.VELA_VERSION,'beta') }}
        run: |
@@ -138,54 +131,43 @@ jobs:
          echo ${{ env.VELA_VERSION }} > ./latest_version
          ./ossutil --config-file .ossutilconfig cp -u ./latest_version oss://$BUCKET/binary/vela/latest_version

+
  upload-plugin-homebrew:
-    permissions:
-      contents: write
-      actions: read
-      checks: write
-      issues: read
-      packages: write
-      pull-requests: read
-      repository-projects: read
-      statuses: read
    needs: build
    runs-on: ubuntu-latest
    name: upload-sha256sums
    steps:
      - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
      - name: Get release
        id: get_release
-        uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f # v1.3.2
+        uses: bruceadams/get-release@v1.2.2
      - name: Download sha256sums
-        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+        uses: actions/download-artifact@v2
        with:
          name: sha256sums
          path: cli-artifacts
      - name: Display structure of downloaded files
        run: ls -R
        working-directory: cli-artifacts
-      - name: Get version
-        run: echo "VELA_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
      - shell: bash
        working-directory: cli-artifacts
        run: |
          for file in *
          do
-            sed -i "s/\/vela/-${{ env.VELA_VERSION }}/g" ${file}
-            sed -i "s/\/kubectl-vela/-${{ env.VELA_VERSION }}/g" ${file}
            cat ${file} >> sha256sums.txt
          done
      - name: Upload Checksums
-        uses: kubevela/vela-upload-release-asset@9b3858e67d3205e056d6220e5972abb32fc47289 # v1.0.0
+        uses: actions/upload-release-asset@v1.0.2
        with:
-          release_id: ${{ steps.get_release.outputs.id }}
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: cli-artifacts/sha256sums.txt
          asset_name: sha256sums.txt
+          asset_content_type: text/plain
      - name: Update kubectl plugin version in krew-index
-        uses: rajatjindal/krew-release-bot@3320c0b546b5d2320613c46762bd3f73e2801bdc # v0.0.38
+        uses: rajatjindal/krew-release-bot@v0.0.38
      - name: Update Homebrew formula
-        uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
+        uses: dawidd6/action-homebrew-bump-formula@v3
        with:
          token: ${{ secrets.HOMEBREW_TOKEN }}
          formula: kubevela
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -1,60 +0,0 @@
-name: Scorecards supply-chain security
-on:
-  schedule:
-    # Weekly on Saturdays.
-    - cron: '30 1 * * 6'
-  push:
-    branches: [ master ]
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge. (Upcoming feature)
-      id-token: write
-      actions: read
-      contents: read
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # tag=v2.1.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecards on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless
-          # of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
-        with:
-          sarif_file: results.sarif
--- a/.github/workflows/sync-api.yml
+++ b/.github/workflows/sync-api.yml
@@ -7,27 +7,25 @@ on:
    tags:
      - "v*"

-permissions:
-  contents: read
-
-env:
-  GO_VERSION: '1.19'
-
 jobs:
  sync-core-api:
    runs-on: ubuntu-20.04
    steps:
-      - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+      - name: Set up Go 1.17
+        uses: actions/setup-go@v1
+        env:
+          GO_VERSION: '1.17'
+          GOLANGCI_VERSION: 'v1.38'
        with:
          go-version: ${{ env.GO_VERSION }}
+        id: go

      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2

      - name: Get the version
        id: get_version
-        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+        run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}

      - name: Sync to kubevela-core-api Repo
        env:
@@ -36,4 +34,4 @@ jobs:
          COMMIT_ID: ${{ github.sha }}
        run: |
          bash ./hack/apis/clientgen.sh
-          bash ./hack/apis/sync.sh sync
+          bash ./hack/apis/sync.sh
--- a/.github/workflows/timed-task.yml
+++ b/.github/workflows/timed-task.yml
@@ -2,10 +2,6 @@ name: Timed Task
 on:
  schedule:
    - cron: '* * * * *'
-
-permissions:
-  contents: read
-
 jobs:
  clean-image:
    runs-on: aliyun
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -4,16 +4,13 @@ on:
  pull_request:
    branches: [ master ]

-permissions:
-  contents: read
-
 jobs:
  images:
    name: Image Scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2

      - name: Build Vela Core image from Dockerfile
        run: |
@@ -27,7 +24,7 @@ jobs:
          output: 'trivy-results.sarif'

      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v1
        if: always()
        with:
          sarif_file: 'trivy-results.sarif'
--- a/.github/workflows/unit-test.yml
+++ b/.github/workflows/unit-test.yml
@@ -5,36 +5,33 @@ on:
    branches:
      - master
      - release-*
-  workflow_dispatch: { }
+  workflow_dispatch: {}
  pull_request:
    branches:
      - master
      - release-*

-permissions:
-  contents: read
-
 env:
  # Common versions
-  GO_VERSION: '1.19'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

  detect-noop:
-    permissions:
-      actions: write  # for fkirc/skip-duplicate-actions to skip or stop workflow runs
    runs-on: ubuntu-20.04
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
-        continue-on-error: true
+          concurrent_skipping: false

  unit-tests:
    runs-on: ubuntu-20.04
@@ -43,17 +40,18 @@ jobs:

    steps:
      - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        uses: actions/setup-go@v1
        with:
          go-version: ${{ env.GO_VERSION }}
+        id: go

      - name: Check out code into the Go module directory
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+        uses: actions/checkout@v2
        with:
          submodules: true

      - name: Cache Go Dependencies
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
+        uses: actions/cache@v2
        with:
          path: .work/pkg
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
@@ -61,19 +59,15 @@ jobs:

      - name: Install ginkgo
        run: |
-          sudo sed -i 's/azure\.//' /etc/apt/sources.list
-          sudo apt-get update
          sudo apt-get install -y golang-ginkgo-dev

-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96
+      - name: Setup Kind Cluster
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: v1.20
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          version: ${{ env.KIND_VERSION }}

-        # TODO need update action version to resolve node 12 deprecated.
      - name: install Kubebuilder
-        uses: RyanSiu1995/kubebuilder-action@ff52bff1bae252239223476e5ab0d71d6ba02343
+        uses: RyanSiu1995/kubebuilder-action@v1.2
        with:
          version: 3.1.0
          kubebuilderOnly: false
@@ -83,7 +77,7 @@ jobs:
        run: make test

      - name: Upload coverage report
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@v1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          file: ./coverage.txt
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-# Binaries for programs and docgen
+# Binaries for programs and plugins
 *.exe
 *.exe~
 *.dll
@@ -7,7 +7,6 @@
 bin
 _bin
 e2e/vela
-vela

 # Test binary, build with `go test -c`
 *.test
@@ -33,7 +32,6 @@ vendor/

 # Vscode files
 .vscode
-.history

 pkg/test/vela
 config/crd/bases
@@ -51,5 +49,4 @@ tmp/
 git-page/

 # e2e rollout runtime image build
-runtime/rollout/e2e/tmp
-vela.json
+runtime/rollout/e2e/tmp
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -38,7 +38,7 @@ linters-settings:
    # report about shadowed variables
    check-shadowing: false

-  revive:
+  golint:
    # minimal confidence for issues, default is 0.8
    min-confidence: 0.8

@@ -116,20 +116,11 @@ linters:
    - goconst
    - goimports
    - gofmt  # We enable this as well as goimports for its simplify mode.
-    - revive
+    - golint
    - unconvert
    - misspell
    - nakedret
-    - exportloopref
-  disable:
-    - deadcode
-    - scopelint
-    - structcheck
-    - varcheck
-    - rowserrcheck
-    - sqlclosecheck
-    - errchkjson
-    - contextcheck
+
  presets:
    - bugs
    - unused
@@ -146,7 +137,7 @@ issues:
        - errcheck
        - dupl
        - gosec
-        - exportloopref
+        - scopelint
        - unparam

    # Ease some gocritic warnings on test files.
@@ -195,15 +186,7 @@ issues:

    - text: "don't use an underscore"
      linters:
-        - revive
-
-    - text: "package-comments: should have a package comment"
-      linters:
-        - revive
-
-    - text: "error-strings: error strings should not be capitalized or end with punctuation or a newline"
-      linters:
-        - revive
+        - golint

  # Independently from option `exclude` we use default exclude patterns,
  # it can be disabled by this option. To list all
--- a/CHANGELOG/CHANGELOG-1.0.md
+++ b/CHANGELOG/CHANGELOG-1.0.md
@@ -15,7 +15,7 @@ This is a minor fix for release-1.0, please refer to release-1.1.x for the lates
 # v1.0.5

 1. Fix Terraform application status issue (#1611)
-2. application supports specifying different versions of Definition (#1597)
+2. applicaiton supports specifying different versions of Definition (#1597)
 3. Enable Dynamic Admission Control for Application (#1619)
 4. Update inner samples for "vela show xxx --web" (#1616)
 5. fix empty rolloutBatch will panic whole controller bug (#1646)
--- a/CHANGELOG/CHANGELOG-1.2.md
+++ b/CHANGELOG/CHANGELOG-1.2.md
@@ -31,7 +31,7 @@
 ## What's Changed

 * Fix: can't query data from the MongoDB by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3095
-* Fix: use personal token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
+* Fix: use personel token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
 * Fix: acr image no version by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/3100
 * Fix: support generate cloud resource docs in Chinese by @zzxwill in https://github.com/oam-dev/kubevela/pull/3079
 * Fix: clear old data in mongodb unit test case by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3103
--- a/11
+++ b/11
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -15,8 +15,9 @@ ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download

-# Copy the go source for building core
-COPY cmd/core/ cmd/core/
+# Copy the go source
+COPY cmd/core/main.go main.go
+COPY cmd/apiserver/main.go cmd/apiserver/main.go
 COPY apis/ apis/
 COPY pkg/ pkg/
 COPY version/ version/
@@ -28,13 +29,13 @@ ARG VERSION
 ARG GITVERSION
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
-    -o manager-${TARGETARCH} cmd/core/main.go
+    -o manager-${TARGETARCH} main.go

 # Use alpine as base image due to the discussion in issue #1448
 # You can replace distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
-FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
+FROM ${BASE_IMAGE:-alpine:3.15}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat

--- a/Dockerfile.apiserver
+++ b/Dockerfile.apiserver
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
 WORKDIR /workspace
@@ -11,8 +11,9 @@ COPY go.sum go.sum
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download

-# Copy the go source for building apiserver
-COPY cmd/apiserver/ cmd/apiserver/
+# Copy the go source
+COPY cmd/core/main.go main.go
+COPY cmd/apiserver/main.go cmd/apiserver/main.go
 COPY apis/ apis/
 COPY pkg/ pkg/
 COPY version/ version/
@@ -32,7 +33,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`

-FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
+FROM ${BASE_IMAGE:-alpine:3.15}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat

--- a/Dockerfile.cli
+++ b/Dockerfile.cli
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the cli binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
 WORKDIR /workspace
@@ -32,12 +32,12 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH:-amd64} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`

-FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
+FROM ${BASE_IMAGE:-alpine:3.15}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat

 WORKDIR /

 ARG TARGETARCH
-COPY --from=builder /workspace/vela-${TARGETARCH} /bin/vela
-ENTRYPOINT ["/bin/vela"]
+COPY --from=builder /workspace/vela-${TARGETARCH} /vela
+ENTRYPOINT ["/vela"]
--- a/Dockerfile.e2e
+++ b/Dockerfile.e2e
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:a9b24b67dc83b3383d22a14941c2b2b2ca6a103d805cac6820fd1355943beaf1 as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -38,7 +38,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`

-FROM ${BASE_IMAGE:-alpine:3.15@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479}
+FROM ${BASE_IMAGE:-alpine:3.15}
 # This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat

--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -1 +1,16 @@
-Refer to https://github.com/kubevela/community/blob/main/GOVERNANCE.md
+# Governance
+
+[Project maintainers](https://github.com/kubevela/community/blob/main/OWNERS.md#maintainers) are responsible for activities around maintaining and updating KubeVela.
+Final decisions on the project reside with the project maintainers.
+
+Maintainers **MUST** remain active. If they are unresponsive for >6 months,
+they will be automatically removed unless a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) of the other project maintainers agrees to extend the period to be greater than 6 months.
+
+New maintainers can be added to the project by a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) vote of the existing maintainers.
+A potential maintainer may be nominated by an existing maintainer.
+A vote is conducted in private between the current maintainers over the course of a one week voting period.
+At the end of the week, votes are counted and a pull request is made on the repo adding the new maintainer to the [CODEOWNERS](https://github.com/kubevela/kubevela/blob/master/.github/CODEOWNERS) file.
+
+A maintainer may step down by submitting an [issue](https://github.com/kubevela/kubevela/issues/new/choose) stating their intent.
+
+Changes to this governance document require a pull request with approval from a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) of the current maintainers.
--- a/24
+++ b/24
@@ -9,12 +9,12 @@ include makefiles/e2e.mk
 all: build

 # Run tests
-test: unit-test-core test-cli-gen
+test: vet lint staticcheck unit-test-core test-cli-gen
 	@$(OK) unit-tests pass

 test-cli-gen: 
 	mkdir -p ./bin/doc
-	go run ./hack/docgen/cli/gen.go ./bin/doc
+	go run ./hack/docgen/gen.go ./bin/doc
 unit-test-core:
 	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
 	go test $(shell go list ./references/... | grep -v apiserver)
@@ -22,7 +22,7 @@ unit-test-apiserver:
 	go test -gcflags=all=-l -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/...  | grep -E 'apiserver|velaql')

 # Build vela cli binary
-build: vela-cli kubectl-vela
+build: fmt vet lint staticcheck vela-cli kubectl-vela
 	@$(OK) build succeed

 build-cleanup:
@@ -82,28 +82,28 @@ endif



-# load docker image to the k3d cluster
-image-load:
+# load docker image to the kind cluster
+kind-load: kind-load-runtime-cluster
 	docker build -t $(VELA_CORE_TEST_IMAGE) -f Dockerfile.e2e .
-	k3d image import $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }
+	kind load docker-image $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }

-image-load-runtime-cluster:
+kind-load-runtime-cluster:
 	/bin/sh hack/e2e/build_runtime_rollout.sh
 	docker build -t $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) -f runtime/rollout/e2e/Dockerfile.e2e runtime/rollout/e2e/
 	rm -rf runtime/rollout/e2e/tmp
-	k3d image import $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
-	k3d cluster get $(RUNTIME_CLUSTER_NAME) && k3d image import $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --cluster=$(RUNTIME_CLUSTER_NAME) || echo "no worker cluster"
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --name=$(RUNTIME_CLUSTER_NAME)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }

 # Run tests
-core-test:
+core-test: fmt vet manifests
 	go test ./pkg/... -coverprofile cover.out

 # Build vela core manager and apiserver binary
-manager:
+manager: fmt vet lint manifests
 	$(GOBUILD_ENV) go build -o bin/manager -a -ldflags $(LDFLAGS) ./cmd/core/main.go
 	$(GOBUILD_ENV) go build -o bin/apiserver -a -ldflags $(LDFLAGS) ./cmd/apiserver/main.go

-vela-runtime-rollout-manager:
+vela-runtime-rollout-manager: fmt vet lint manifests
 	$(GOBUILD_ENV) go build -o ./runtime/rollout/bin/manager -a -ldflags $(LDFLAGS) ./runtime/rollout/cmd/main.go

 # Generate manifests e.g. CRD, RBAC etc.
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
  </p>
 </div>

-![Build status](https://github.com/kubevela/kubevela/workflows/Go/badge.svg)
+![Build status](https://github.com/kubevela/kubevela/workflows/E2E/badge.svg)
 [![Go Report Card](https://goreportcard.com/badge/github.com/kubevela/kubevela)](https://goreportcard.com/report/github.com/kubevela/kubevela)
 ![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
 [![codecov](https://codecov.io/gh/kubevela/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/kubevela/kubevela)
@@ -16,36 +16,28 @@
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
-![E2E status](https://github.com/kubevela/kubevela/workflows/E2E%20Test/badge.svg)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubevela/kubevela/badge)](https://api.securityscorecards.dev/projects/github.com/kubevela/kubevela)

 ## Introduction

 KubeVela is a modern application delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.

-![kubevela](docs/resources/what-is-kubevela.png)
+![](docs/resources/what-is-kubevela.png)

 ## Highlights

 KubeVela practices the "render, orchestrate, deploy" workflow with below highlighted values added to existing ecosystem:

-* Deployment as Code
+- *Application Centric* - KubeVela introduces [Open Application Model (OAM)](https://oam.dev/) as the consistent yet higher level API to capture and render a full deployment of microservices on top of hybrid environments. Placement strategy, traffic shifting and rolling update are declared at application level. No infrastructure level concern, simply deploy.

-Declare your deployment plan as workflow, run it automatically with any CI/CD or GitOps system, extend or re-program the workflow steps with CUE. No add-hoc scripts, no dirty glue code, just deploy. The deployment workflow in KubeVela is powered by [Open Application Model](https://oam.dev/).
+- *Programmable Workflow* - KubeVela models application delivery as DAG (Directed Acyclic Graph) and expresses it with [CUE](https://cuelang.org/) - a modern data configuration language. This allows you to design application deployment steps per needs and orchestrate them in programmable approach. No restrictions, natively extensible.

-* Built-in security and compliance building blocks
-
-Choose from the wide range of LDAP integrations we provided out-of-box, enjoy multi-cluster authorization that is fully automated, pick and apply fine-grained RBAC modules and customize them per your own supply chain requirements.
-
-* Multi-cloud/hybrid-environments app delivery as first-class citizen
-
-Progressive rollout across test/staging/production environments, automatic canary, blue-green and continuous verification, rich placement strategy across clusters and clouds, fully managed cloud environments provision.
+- *Infrastructure Agnostic* - KubeVela works as an application delivery control plane that is fully decoupled from runtime infrastructure. It can deploy any workload types including containers, cloud services, databases, or even VM instances to any cloud or Kubernetes cluster, following the workflow designed by you.

 ## Getting Started

-* [Introduction](https://kubevela.io/docs)
-* [Installation](https://kubevela.io/docs/install)
-* [Deploy Your Application](https://kubevela.io/docs/quick-start)
+- [Introduction](https://kubevela.io/docs)
+- [Installation](https://kubevela.io/docs/install)
+- [Design Your First Deployment Plan](https://kubevela.io/docs/quick-start)

 ## Documentation

@@ -57,7 +49,7 @@ Official blog is available on [KubeVela blog](https://kubevela.io/blog).

 ## Community

-We want your contributions and suggestions!
+We want your contributions and suggestions! 
 One of the easiest ways to contribute is to participate in discussions on the Github Issues/Discussion, chat on IM or the bi-weekly community calls.
 For more information on the community engagement, developer and contributing guidelines and more, head over to the [KubeVela community repo](https://github.com/kubevela/community).

@@ -77,17 +69,23 @@ Every two weeks we host a community call to showcase new features, review upcomi

 - Bi-weekly Community Call:
  - [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs).
-  - [Video Records](https://www.youtube.com/channel/UCSCTHhGI5XJ0SEhDHVakPAA/videos).
+  - [Video Records](https://kubevela.io/videos/meetings/en/meetings).
 - Bi-weekly Chinese Community Call:
-  - [Video Records](https://space.bilibili.com/180074935/channel/seriesdetail?sid=1842207).
+  - [Video Records](https://kubevela.io/videos/meetings/cn/v1.3).

 ## Talks and Conferences

-Check out [KubeVela videos](https://kubevela.io/videos/talks/en/oam-dapr) for these talks and conferences.
+| Engagement | Link        |
+|:-----------|:------------|
+| 🎤  Talks | - [KubeVela - The Modern App Delivery System in Alibaba](https://docs.google.com/presentation/d/1CWCLcsKpDQB3bBDTfdv2BZ8ilGGJv2E8L-iOA5HMrV0/edit?usp=sharing) |
+| 🌎 KubeCon | - [ [NA 2020] Standardizing Cloud Native Application Delivery Across Different Clouds](https://www.youtube.com/watch?v=0yhVuBIbHcI) <br> - [ [EU 2021] Zero Pain Microservice Development and Deployment with Dapr and KubeVela](https://sched.co/iE4S) |
+| 📺 Conferences | - [Dapr, Rudr, OAM: Mark Russinovich presents next gen app development & deployment](https://www.youtube.com/watch?v=eJCu6a-x9uo) <br> - [Mark Russinovich presents "The Future of Cloud Native Applications with OAM and Dapr"](https://myignite.techcommunity.microsoft.com/sessions/82059)|
+
+For more talks, please checkout [KubeVela Talks](https://kubevela.io/videos/talks/en/standardizing-app).

 ## Contributing

-Check out [CONTRIBUTING](https://kubevela.io/docs/contributor/overview) to see how to develop with KubeVela.
+Check out [CONTRIBUTING](./CONTRIBUTING.md) to see how to develop with KubeVela.

 ## Report Vulnerability

--- a/apis/core.oam.dev/common/types.go
+++ b/apis/core.oam.dev/common/types.go
@@ -26,8 +26,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 	"github.com/oam-dev/kubevela/apis/standard.oam.dev/v1alpha1"
 	"github.com/oam-dev/kubevela/pkg/oam"
@@ -137,9 +135,6 @@ type Terraform struct {

 	// Region is cloud provider's region. It will override the region in the region field of ProviderReference
 	Region string `json:"customRegion,omitempty"`
-
-	// GitCredentialsSecretReference specifies the reference to the secret containing the git credentials
-	GitCredentialsSecretReference *corev1.SecretReference `json:"gitCredentialsSecretReference,omitempty"`
 }

 // A WorkloadTypeDescriptor refer to a Workload Type
@@ -192,6 +187,8 @@ type Status struct {
 type ApplicationPhase string

 const (
+	// ApplicationRollingOut means the app is in the middle of rolling out
+	ApplicationRollingOut ApplicationPhase = "rollingOut"
 	// ApplicationStarting means the app is preparing for reconcile
 	ApplicationStarting ApplicationPhase = "starting"
 	// ApplicationRendering means the app is rendering
@@ -204,8 +201,8 @@ const (
 	ApplicationWorkflowSuspending ApplicationPhase = "workflowSuspending"
 	// ApplicationWorkflowTerminated means the app's workflow is terminated
 	ApplicationWorkflowTerminated ApplicationPhase = "workflowTerminated"
-	// ApplicationWorkflowFailed means the app's workflow is failed
-	ApplicationWorkflowFailed ApplicationPhase = "workflowFailed"
+	// ApplicationWorkflowFinished means the app's workflow is finished
+	ApplicationWorkflowFinished ApplicationPhase = "workflowFinished"
 	// ApplicationRunning means the app finished rendering and applied result to the cluster
 	ApplicationRunning ApplicationPhase = "running"
 	// ApplicationUnhealthy means the app finished rendering and applied result to the cluster, but still unhealthy
@@ -219,19 +216,19 @@ type WorkflowState string

 const (
 	// WorkflowStateInitializing means the workflow is in initial state
-	WorkflowStateInitializing WorkflowState = "Initializing"
+	WorkflowStateInitializing WorkflowState = "initializing"
 	// WorkflowStateTerminated means workflow is terminated manually, and it won't be started unless the spec changed.
-	WorkflowStateTerminated WorkflowState = "Terminated"
+	WorkflowStateTerminated WorkflowState = "terminated"
 	// WorkflowStateSuspended means workflow is suspended manually, and it can be resumed.
-	WorkflowStateSuspended WorkflowState = "Suspended"
+	WorkflowStateSuspended WorkflowState = "suspended"
 	// WorkflowStateSucceeded means workflow is running successfully, all steps finished.
 	WorkflowStateSucceeded WorkflowState = "Succeeded"
 	// WorkflowStateFinished means workflow is end.
-	WorkflowStateFinished WorkflowState = "Finished"
+	WorkflowStateFinished WorkflowState = "finished"
 	// WorkflowStateExecuting means workflow is still running or waiting some steps.
-	WorkflowStateExecuting WorkflowState = "Executing"
+	WorkflowStateExecuting WorkflowState = "executing"
 	// WorkflowStateSkipping means it will skip this reconcile and let next reconcile to handle it.
-	WorkflowStateSkipping WorkflowState = "Skipping"
+	WorkflowStateSkipping WorkflowState = "skipping"
 )

 // ApplicationComponentStatus record the health status of App component
@@ -248,12 +245,6 @@ type ApplicationComponentStatus struct {
 	Scopes             []corev1.ObjectReference `json:"scopes,omitempty"`
 }

-// Equal check if two ApplicationComponentStatus are equal
-func (in ApplicationComponentStatus) Equal(r ApplicationComponentStatus) bool {
-	return in.Name == r.Name && in.Namespace == r.Namespace &&
-		in.Cluster == r.Cluster && in.Env == r.Env
-}
-
 // ApplicationTraitStatus records the trait health status
 type ApplicationTraitStatus struct {
 	Type    string `json:"type"`
@@ -277,6 +268,33 @@ type RawComponent struct {
 	Raw runtime.RawExtension `json:"raw"`
 }

+// StepStatus record the base status of workflow step, which could be workflow step or subStep
+type StepStatus struct {
+	ID    string            `json:"id"`
+	Name  string            `json:"name,omitempty"`
+	Type  string            `json:"type,omitempty"`
+	Phase WorkflowStepPhase `json:"phase,omitempty"`
+	// A human readable message indicating details about why the workflowStep is in this state.
+	Message string `json:"message,omitempty"`
+	// A brief CamelCase message indicating details about why the workflowStep is in this state.
+	Reason string `json:"reason,omitempty"`
+	// FirstExecuteTime is the first time this step execution.
+	FirstExecuteTime metav1.Time `json:"firstExecuteTime,omitempty"`
+	// LastExecuteTime is the last time this step execution.
+	LastExecuteTime metav1.Time `json:"lastExecuteTime,omitempty"`
+}
+
+// WorkflowStepStatus record the status of a workflow step, include step status and subStep status
+type WorkflowStepStatus struct {
+	StepStatus     `json:",inline"`
+	SubStepsStatus []WorkflowSubStepStatus `json:"subSteps,omitempty"`
+}
+
+// WorkflowSubStepStatus record the status of a workflow subStep
+type WorkflowSubStepStatus struct {
+	StepStatus `json:",inline"`
+}
+
 // AppStatus defines the observed state of Application
 type AppStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
@@ -306,12 +324,10 @@ type AppStatus struct {
 	AppliedResources []ClusterObjectReference `json:"appliedResources,omitempty"`

 	// PolicyStatus records the status of policy
-	// Deprecated This field is only used by EnvBinding Policy which is deprecated.
 	PolicyStatus []PolicyStatus `json:"policy,omitempty"`
 }

 // PolicyStatus records the status of policy
-// Deprecated
 type PolicyStatus struct {
 	Name string `json:"name"`
 	Type string `json:"type"`
@@ -319,27 +335,80 @@ type PolicyStatus struct {
 	Status *runtime.RawExtension `json:"status,omitempty"`
 }

+// WorkflowStep defines how to execute a workflow step.
+type WorkflowStep struct {
+	// Name is the unique name of the workflow step.
+	Name string `json:"name"`
+
+	Type string `json:"type"`
+
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	SubSteps []WorkflowSubStep `json:"subSteps,omitempty"`
+
+	If string `json:"if,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
+
+	Inputs StepInputs `json:"inputs,omitempty"`
+
+	Outputs StepOutputs `json:"outputs,omitempty"`
+}
+
+// WorkflowSubStep defines how to execute a workflow subStep.
+type WorkflowSubStep struct {
+	// Name is the unique name of the workflow step.
+	Name string `json:"name"`
+
+	Type string `json:"type"`
+
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	If string `json:"if,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
+
+	Inputs StepInputs `json:"inputs,omitempty"`
+
+	Outputs StepOutputs `json:"outputs,omitempty"`
+}
+
 // WorkflowStatus record the status of workflow
 type WorkflowStatus struct {
-	AppRevision string                            `json:"appRevision,omitempty"`
-	Mode        string                            `json:"mode"`
-	Phase       workflowv1alpha1.WorkflowRunPhase `json:"status,omitempty"`
-	Message     string                            `json:"message,omitempty"`
+	AppRevision string       `json:"appRevision,omitempty"`
+	Mode        WorkflowMode `json:"mode"`
+	Message     string       `json:"message,omitempty"`

-	Suspend      bool   `json:"suspend"`
 	SuspendState string `json:"suspendState,omitempty"`

+	Suspend    bool `json:"suspend"`
 	Terminated bool `json:"terminated"`
 	Finished   bool `json:"finished"`

-	ContextBackend *corev1.ObjectReference               `json:"contextBackend,omitempty"`
-	Steps          []workflowv1alpha1.WorkflowStepStatus `json:"steps,omitempty"`
+	ContextBackend *corev1.ObjectReference `json:"contextBackend,omitempty"`
+	Steps          []WorkflowStepStatus    `json:"steps,omitempty"`

 	StartTime metav1.Time `json:"startTime,omitempty"`
-	// +nullable
-	EndTime metav1.Time `json:"endTime,omitempty"`
 }

+// WorkflowStepPhase describes the phase of a workflow step.
+type WorkflowStepPhase string
+
+const (
+	// WorkflowStepPhaseSucceeded will make the controller run the next step.
+	WorkflowStepPhaseSucceeded WorkflowStepPhase = "succeeded"
+	// WorkflowStepPhaseFailed will report error in `message`.
+	WorkflowStepPhaseFailed WorkflowStepPhase = "failed"
+	// WorkflowStepPhaseSkipped will make the controller skip the step.
+	WorkflowStepPhaseSkipped WorkflowStepPhase = "skipped"
+	// WorkflowStepPhaseStopped will make the controller stop the workflow.
+	WorkflowStepPhaseStopped WorkflowStepPhase = "stopped"
+	// WorkflowStepPhaseRunning will make the controller continue the workflow.
+	WorkflowStepPhaseRunning WorkflowStepPhase = "running"
+)
+
 // DefinitionType describes the type of DefinitionRevision.
 // +kubebuilder:validation:Enum=Component;Trait;Policy;WorkflowStep
 type DefinitionType string
@@ -358,6 +427,16 @@ const (
 	WorkflowStepType DefinitionType = "WorkflowStep"
 )

+// WorkflowMode describes the mode of workflow
+type WorkflowMode string
+
+const (
+	// WorkflowModeDAG describes the DAG mode of workflow
+	WorkflowModeDAG WorkflowMode = "DAG"
+	// WorkflowModeStep describes the step by step mode of workflow
+	WorkflowModeStep WorkflowMode = "StepByStep"
+)
+
 // AppRolloutStatus defines the observed state of AppRollout
 type AppRolloutStatus struct {
 	v1alpha1.RolloutStatus `json:",inline"`
@@ -387,9 +466,9 @@ type ApplicationComponent struct {
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Properties *runtime.RawExtension `json:"properties,omitempty"`

-	DependsOn []string                     `json:"dependsOn,omitempty"`
-	Inputs    workflowv1alpha1.StepInputs  `json:"inputs,omitempty"`
-	Outputs   workflowv1alpha1.StepOutputs `json:"outputs,omitempty"`
+	DependsOn []string    `json:"dependsOn,omitempty"`
+	Inputs    StepInputs  `json:"inputs,omitempty"`
+	Outputs   StepOutputs `json:"outputs,omitempty"`

 	// Traits define the trait of one component, the type must be array to keep the order.
 	Traits []ApplicationTrait `json:"traits,omitempty"`
@@ -398,10 +477,22 @@ type ApplicationComponent struct {
 	// scopes in ApplicationComponent defines the component-level scopes
 	// the format is <scope-type:scope-instance-name> pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.
 	Scopes map[string]string `json:"scopes,omitempty"`
+}

-	// ReplicaKey is not empty means the component is replicated. This field is designed so that it can't be specified in application directly.
-	// So we set the json tag as "-". Instead, this will be filled when using replication policy.
-	ReplicaKey string `json:"-"`
+// StepOutputs defines output variable of WorkflowStep
+type StepOutputs []outputItem
+
+// StepInputs defines variable input of WorkflowStep
+type StepInputs []inputItem
+
+type inputItem struct {
+	ParameterKey string `json:"parameterKey"`
+	From         string `json:"from"`
+}
+
+type outputItem struct {
+	ValueFrom string `json:"valueFrom"`
+	Name      string `json:"name"`
 }

 // ClusterSelector defines the rules to select a Cluster resource.
@@ -430,13 +521,16 @@ type ClusterPlacement struct {
 	Distribution Distribution `json:"distribution,omitempty"`
 }

+// ResourceCreatorRole defines the resource creator.
+type ResourceCreatorRole string
+
 const (
 	// PolicyResourceCreator create the policy resource.
-	PolicyResourceCreator string = "policy"
+	PolicyResourceCreator ResourceCreatorRole = "policy"
 	// WorkflowResourceCreator create the resource in workflow.
-	WorkflowResourceCreator string = "workflow"
+	WorkflowResourceCreator ResourceCreatorRole = "workflow"
 	// DebugResourceCreator create the debug resource.
-	DebugResourceCreator string = "debug"
+	DebugResourceCreator ResourceCreatorRole = "debug"
 )

 // OAMObjectReference defines the object reference for an oam resource
@@ -483,8 +577,8 @@ func NewOAMObjectReferenceFromObject(obj client.Object) OAMObjectReference {

 // ClusterObjectReference defines the object reference with cluster.
 type ClusterObjectReference struct {
-	Cluster                string `json:"cluster,omitempty"`
-	Creator                string `json:"creator,omitempty"`
+	Cluster                string              `json:"cluster,omitempty"`
+	Creator                ResourceCreatorRole `json:"creator,omitempty"`
 	corev1.ObjectReference `json:",inline"`
 }

@@ -577,29 +671,3 @@ type ReferredObjectList struct {
 	// +optional
 	Objects []ReferredObject `json:"objects,omitempty"`
 }
-
-// ContainerState defines the state of a container
-type ContainerState string
-
-const (
-	// ContainerRunning indicates the container is running
-	ContainerRunning ContainerState = "Running"
-	// ContainerWaiting indicates the container is waiting
-	ContainerWaiting ContainerState = "Waiting"
-	// ContainerTerminated indicates the container is terminated
-	ContainerTerminated ContainerState = "Terminated"
-)
-
-// ContainerStateToString convert the container state to string
-func ContainerStateToString(state corev1.ContainerState) string {
-	switch {
-	case state.Running != nil:
-		return "Running"
-	case state.Waiting != nil:
-		return "Waiting"
-	case state.Terminated != nil:
-		return "Terminated"
-	default:
-		return "Unknown"
-	}
-}
--- a/apis/core.oam.dev/common/types_test.go
+++ b/apis/core.oam.dev/common/types_test.go
@@ -58,17 +58,3 @@ func TestClusterObjectReference(t *testing.T) {
 	o2.Cluster = "c"
 	r.False(o2.Equal(o1))
 }
-
-func TestContainerStateToString(t *testing.T) {
-	r := require.New(t)
-	r.Equal("Waiting", ContainerStateToString(v1.ContainerState{
-		Waiting: &v1.ContainerStateWaiting{},
-	}))
-	r.Equal("Running", ContainerStateToString(v1.ContainerState{
-		Running: &v1.ContainerStateRunning{},
-	}))
-	r.Equal("Terminated", ContainerStateToString(v1.ContainerState{
-		Terminated: &v1.ContainerStateTerminated{},
-	}))
-	r.Equal("Unknown", ContainerStateToString(v1.ContainerState{}))
-}
--- a/apis/core.oam.dev/common/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/common/zz_generated.deepcopy.go
@@ -22,7 +22,6 @@ limitations under the License.
 package common

 import (
-	"github.com/kubevela/workflow/api/v1alpha1"
 	crossplane_runtime "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -109,12 +108,12 @@ func (in *ApplicationComponent) DeepCopyInto(out *ApplicationComponent) {
 	}
 	if in.Inputs != nil {
 		in, out := &in.Inputs, &out.Inputs
-		*out = make(v1alpha1.StepInputs, len(*in))
+		*out = make(StepInputs, len(*in))
 		copy(*out, *in)
 	}
 	if in.Outputs != nil {
 		in, out := &in.Outputs, &out.Outputs
-		*out = make(v1alpha1.StepOutputs, len(*in))
+		*out = make(StepOutputs, len(*in))
 		copy(*out, *in)
 	}
 	if in.Traits != nil {
@@ -574,6 +573,61 @@ func (in *Status) DeepCopy() *Status {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in StepInputs) DeepCopyInto(out *StepInputs) {
+	{
+		in := &in
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepInputs.
+func (in StepInputs) DeepCopy() StepInputs {
+	if in == nil {
+		return nil
+	}
+	out := new(StepInputs)
+	in.DeepCopyInto(out)
+	return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in StepOutputs) DeepCopyInto(out *StepOutputs) {
+	{
+		in := &in
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepOutputs.
+func (in StepOutputs) DeepCopy() StepOutputs {
+	if in == nil {
+		return nil
+	}
+	out := new(StepOutputs)
+	in.DeepCopyInto(out)
+	return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StepStatus) DeepCopyInto(out *StepStatus) {
+	*out = *in
+	in.FirstExecuteTime.DeepCopyInto(&out.FirstExecuteTime)
+	in.LastExecuteTime.DeepCopyInto(&out.LastExecuteTime)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepStatus.
+func (in *StepStatus) DeepCopy() *StepStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(StepStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Terraform) DeepCopyInto(out *Terraform) {
 	*out = *in
@@ -587,11 +641,6 @@ func (in *Terraform) DeepCopyInto(out *Terraform) {
 		*out = new(crossplane_runtime.Reference)
 		**out = **in
 	}
-	if in.GitCredentialsSecretReference != nil {
-		in, out := &in.GitCredentialsSecretReference, &out.GitCredentialsSecretReference
-		*out = new(v1.SecretReference)
-		**out = **in
-	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Terraform.
@@ -614,13 +663,12 @@ func (in *WorkflowStatus) DeepCopyInto(out *WorkflowStatus) {
 	}
 	if in.Steps != nil {
 		in, out := &in.Steps, &out.Steps
-		*out = make([]v1alpha1.WorkflowStepStatus, len(*in))
+		*out = make([]WorkflowStepStatus, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	in.StartTime.DeepCopyInto(&out.StartTime)
-	in.EndTime.DeepCopyInto(&out.EndTime)
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStatus.
@@ -633,6 +681,122 @@ func (in *WorkflowStatus) DeepCopy() *WorkflowStatus {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.SubSteps != nil {
+		in, out := &in.SubSteps, &out.SubSteps
+		*out = make([]WorkflowSubStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
+func (in *WorkflowStep) DeepCopy() *WorkflowStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
+	*out = *in
+	in.StepStatus.DeepCopyInto(&out.StepStatus)
+	if in.SubStepsStatus != nil {
+		in, out := &in.SubStepsStatus, &out.SubStepsStatus
+		*out = make([]WorkflowSubStepStatus, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepStatus.
+func (in *WorkflowStepStatus) DeepCopy() *WorkflowStepStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStepStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowSubStep) DeepCopyInto(out *WorkflowSubStep) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSubStep.
+func (in *WorkflowSubStep) DeepCopy() *WorkflowSubStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowSubStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowSubStepStatus) DeepCopyInto(out *WorkflowSubStepStatus) {
+	*out = *in
+	in.StepStatus.DeepCopyInto(&out.StepStatus)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSubStepStatus.
+func (in *WorkflowSubStepStatus) DeepCopy() *WorkflowSubStepStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowSubStepStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkloadGVK) DeepCopyInto(out *WorkloadGVK) {
 	*out = *in
--- a/apis/core.oam.dev/condition/condition.go
+++ b/apis/core.oam.dev/condition/condition.go
@@ -31,7 +31,7 @@ import (
 )

 // A ConditionType represents a condition a resource could be in.
-// nolint
+// nolint:golint
 type ConditionType string

 // Condition types.
@@ -45,7 +45,7 @@ const (
 )

 // A ConditionReason represents the reason a resource is in a condition.
-// nolint
+// nolint:golint
 type ConditionReason string

 // Reasons a resource is or is not ready.
--- a/apis/core.oam.dev/v1alpha1/applyonce_policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/applyonce_policy_types.go
@@ -23,17 +23,8 @@ import (
 const (
 	// ApplyOncePolicyType refers to the type of configuration drift policy
 	ApplyOncePolicyType = "apply-once"
-	// ApplyOnceStrategyOnAppUpdate policy takes effect on application updating
-	ApplyOnceStrategyOnAppUpdate ApplyOnceAffectStrategy = "onUpdate"
-	// ApplyOnceStrategyOnAppStateKeep policy takes effect on application state keep
-	ApplyOnceStrategyOnAppStateKeep ApplyOnceAffectStrategy = "onStateKeep"
-	// ApplyOnceStrategyAlways policy takes effect always
-	ApplyOnceStrategyAlways ApplyOnceAffectStrategy = "always"
 )

-// ApplyOnceAffectStrategy is a string that mark the policy effective stage
-type ApplyOnceAffectStrategy string
-
 // ApplyOncePolicySpec defines the spec of preventing configuration drift
 type ApplyOncePolicySpec struct {
 	Enable bool `json:"enable"`
@@ -54,23 +45,23 @@ type ApplyOnceStrategy struct {
 	// Path the specified path that allow configuration drift
 	// like 'spec.template.spec.containers[0].resources' and '*' means the whole target allow configuration drift
 	Path []string `json:"path"`
-	// ApplyOnceAffectStrategy Decide when the strategy will take effect
-	// like affect:onUpdate/onStateKeep/always
-	ApplyOnceAffectStrategy ApplyOnceAffectStrategy `json:"affect"`
-}
-
-// Type the type name of the policy
-func (in *ApplyOncePolicySpec) Type() string {
-	return ApplyOncePolicyType
 }

 // FindStrategy find apply-once strategy for target resource
-func (in *ApplyOncePolicySpec) FindStrategy(manifest *unstructured.Unstructured) *ApplyOnceStrategy {
+func (in ApplyOncePolicySpec) FindStrategy(manifest *unstructured.Unstructured) *ApplyOnceStrategy {
 	if !in.Enable {
 		return nil
 	}
 	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
+		match := func(src []string, val string) (found bool) {
+			for _, _val := range src {
+				found = found || _val == val
+			}
+			return val != "" && found
+		}
+		if (match(rule.Selector.CompNames, manifest.GetName()) && match(rule.Selector.ResourceTypes, manifest.GetKind())) ||
+			(rule.Selector.CompNames == nil && match(rule.Selector.ResourceTypes, manifest.GetKind()) ||
+				(rule.Selector.ResourceTypes == nil && match(rule.Selector.CompNames, manifest.GetName()))) {
 			return rule.Strategy
 		}
 	}
--- a/apis/core.oam.dev/v1alpha1/component_types.go
+++ b/apis/core.oam.dev/v1alpha1/component_types.go
@@ -25,8 +25,6 @@ const (
 type RefObjectsComponentSpec struct {
 	// Objects the referrers to the Kubernetes objects
 	Objects []ObjectReferrer `json:"objects,omitempty"`
-	// URLs are the links that stores the referred objects
-	URLs []string `json:"urls,omitempty"`
 }

 // ObjectReferrer selects Kubernetes objects
--- a/apis/core.oam.dev/v1alpha1/envbinding_types.go
+++ b/apis/core.oam.dev/v1alpha1/envbinding_types.go
@@ -97,7 +97,6 @@ type EnvSelector struct {
 }

 // EnvConfig is the configuration for different environments.
-// Deprecated
 type EnvConfig struct {
 	Name      string       `json:"name"`
 	Placement EnvPlacement `json:"placement,omitempty"`
@@ -106,7 +105,6 @@ type EnvConfig struct {
 }

 // EnvBindingSpec defines a list of envs
-// Deprecated This spec is deprecated and replaced by Topology/Override Policy
 type EnvBindingSpec struct {
 	Envs []EnvConfig `json:"envs"`
 }
@@ -126,21 +124,18 @@ func (in PlacementDecision) String() string {
 }

 // EnvStatus records the status of one env
-// Deprecated
 type EnvStatus struct {
 	Env        string              `json:"env"`
 	Placements []PlacementDecision `json:"placements"`
 }

 // ClusterConnection records the connection with clusters and the last active app revision when they are active (still be used)
-// Deprecated
 type ClusterConnection struct {
 	ClusterName        string `json:"clusterName"`
 	LastActiveRevision string `json:"lastActiveRevision"`
 }

 // EnvBindingStatus records the status of all env
-// Deprecated
 type EnvBindingStatus struct {
 	Envs               []EnvStatus         `json:"envs"`
 	ClusterConnections []ClusterConnection `json:"clusterConnections"`
--- a/apis/core.oam.dev/v1alpha1/external_types.go
+++ b/apis/core.oam.dev/v1alpha1/external_types.go
@@ -19,6 +19,8 @@ package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

 // +kubebuilder:object:root=true
@@ -47,3 +49,27 @@ type PolicyList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []Policy `json:"items"`
 }
+
+// +kubebuilder:object:root=true
+
+// Workflow is the Schema for the policy API
+// +kubebuilder:storageversion
+// +kubebuilder:resource:categories={oam}
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type Workflow struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Steps []common.WorkflowStep `json:"steps,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// WorkflowList contains a list of Workflow
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type WorkflowList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Workflow `json:"items"`
+}
--- a/apis/core.oam.dev/v1alpha1/garbagecollect_policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/garbagecollect_policy_types.go
@@ -18,6 +18,8 @@ package v1alpha1

 import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
+	"github.com/oam-dev/kubevela/pkg/oam"
 )

 const (
@@ -53,6 +55,19 @@ type GarbageCollectPolicyRule struct {
 	Strategy GarbageCollectStrategy     `json:"strategy"`
 }

+// ResourcePolicyRuleSelector select the targets of the rule
+// 1) for GarbageCollectPolicyRule
+// if both traitTypes, oamTypes and componentTypes are specified, combination logic is OR
+// if one resource is specified with conflict strategies, strategy as component go first.
+// 2) for ApplyOncePolicyRule only CompNames and ResourceTypes are used
+type ResourcePolicyRuleSelector struct {
+	CompNames        []string `json:"componentNames"`
+	CompTypes        []string `json:"componentTypes"`
+	OAMResourceTypes []string `json:"oamTypes"`
+	TraitTypes       []string `json:"traitTypes"`
+	ResourceTypes    []string `json:"resourceTypes"`
+}
+
 // GarbageCollectStrategy the strategy for target resource to recycle
 type GarbageCollectStrategy string

@@ -66,15 +81,26 @@ const (
 	GarbageCollectStrategyOnAppUpdate GarbageCollectStrategy = "onAppUpdate"
 )

-// Type the type name of the policy
-func (in *GarbageCollectPolicySpec) Type() string {
-	return GarbageCollectPolicyType
-}
-
 // FindStrategy find gc strategy for target resource
-func (in *GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstructured) *GarbageCollectStrategy {
+func (in GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstructured) *GarbageCollectStrategy {
 	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
+		var compName, compType, oamType, traitType string
+		if labels := manifest.GetLabels(); labels != nil {
+			compName = labels[oam.LabelAppComponent]
+			compType = labels[oam.WorkloadTypeLabel]
+			oamType = labels[oam.LabelOAMResourceType]
+			traitType = labels[oam.TraitTypeLabel]
+		}
+		match := func(src []string, val string) (found bool) {
+			for _, _val := range src {
+				found = found || _val == val
+			}
+			return val != "" && found
+		}
+		if match(rule.Selector.CompNames, compName) ||
+			match(rule.Selector.CompTypes, compType) ||
+			match(rule.Selector.OAMResourceTypes, oamType) ||
+			match(rule.Selector.TraitTypes, traitType) {
 			return &rule.Strategy
 		}
 	}
--- a/apis/core.oam.dev/v1alpha1/garbagecollect_policy_types_test.go
+++ b/apis/core.oam.dev/v1alpha1/garbagecollect_policy_types_test.go
--- a/apis/core.oam.dev/v1alpha1/policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/policy_types.go
@@ -23,8 +23,6 @@ const (
 	OverridePolicyType = "override"
 	// DebugPolicyType refers to the type of debug policy
 	DebugPolicyType = "debug"
-	// ReplicationPolicyType refers to the type of replication policy
-	ReplicationPolicyType = "replication"
 )

 // TopologyPolicySpec defines the spec of topology policy
@@ -45,10 +43,6 @@ type Placement struct {
 	// Exclusive to "clusters"
 	ClusterLabelSelector map[string]string `json:"clusterLabelSelector,omitempty"`

-	// AllowEmpty ignore empty cluster error when no cluster returned for label
-	// selector
-	AllowEmpty bool `json:"allowEmpty,omitempty"`
-
 	// DeprecatedClusterSelector is a depreciated alias for ClusterLabelSelector.
 	// Deprecated: Use clusterLabelSelector instead.
 	DeprecatedClusterSelector map[string]string `json:"clusterSelector,omitempty"`
@@ -59,11 +53,3 @@ type OverridePolicySpec struct {
 	Components []EnvComponentPatch `json:"components,omitempty"`
 	Selector   []string            `json:"selector,omitempty"`
 }
-
-// ReplicationPolicySpec defines the spec of replication policy
-// Override policy should be used together with replication policy to select the deployment target components
-type ReplicationPolicySpec struct {
-	Keys []string `json:"keys,omitempty"`
-	// Selector is the subset of selected components which will be replicated.
-	Selector []string `json:"selector,omitempty"`
-}
--- a/apis/core.oam.dev/v1alpha1/readonly_policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/readonly_policy_types.go
@@ -1,49 +0,0 @@
-/*
-Copyright 2022 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-const (
-	// ReadOnlyPolicyType refers to the type of read-only policy
-	ReadOnlyPolicyType = "read-only"
-)
-
-// ReadOnlyPolicySpec defines the spec of read-only policy
-type ReadOnlyPolicySpec struct {
-	Rules []ReadOnlyPolicyRule `json:"rules"`
-}
-
-// Type the type name of the policy
-func (in *ReadOnlyPolicySpec) Type() string {
-	return ReadOnlyPolicyType
-}
-
-// ReadOnlyPolicyRule defines the rule for read-only resources
-type ReadOnlyPolicyRule struct {
-	Selector ResourcePolicyRuleSelector `json:"selector"`
-}
-
-// FindStrategy return if the target resource is read-only
-func (in *ReadOnlyPolicySpec) FindStrategy(manifest *unstructured.Unstructured) bool {
-	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
-			return true
-		}
-	}
-	return false
-}
--- a/apis/core.oam.dev/v1alpha1/register.go
+++ b/apis/core.oam.dev/v1alpha1/register.go
@@ -18,11 +18,8 @@ package v1alpha1

 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	k8sscheme "k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"

-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

@@ -57,6 +54,5 @@ var (

 func init() {
 	SchemeBuilder.Register(&Policy{}, &PolicyList{})
-	SchemeBuilder.Register(&workflowv1alpha1.Workflow{}, &workflowv1alpha1.WorkflowList{})
-	_ = SchemeBuilder.AddToScheme(k8sscheme.Scheme)
+	SchemeBuilder.Register(&Workflow{}, &WorkflowList{})
 }
--- a/apis/core.oam.dev/v1alpha1/resource_policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/resource_policy_types.go
@@ -1,78 +0,0 @@
-/*
-Copyright 2022 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/utils/pointer"
-	stringslices "k8s.io/utils/strings/slices"
-
-	"github.com/oam-dev/kubevela/pkg/oam"
-)
-
-// ResourcePolicyRuleSelector select the targets of the rule
-// if multiple conditions are specified, combination logic is AND
-type ResourcePolicyRuleSelector struct {
-	CompNames        []string `json:"componentNames,omitempty"`
-	CompTypes        []string `json:"componentTypes,omitempty"`
-	OAMResourceTypes []string `json:"oamTypes,omitempty"`
-	TraitTypes       []string `json:"traitTypes,omitempty"`
-	ResourceTypes    []string `json:"resourceTypes,omitempty"`
-	ResourceNames    []string `json:"resourceNames,omitempty"`
-}
-
-// Match check if current rule selector match the target resource
-// If at least one condition is matched and no other condition failed (could be empty), return true
-// Otherwise, return false
-func (in *ResourcePolicyRuleSelector) Match(manifest *unstructured.Unstructured) bool {
-	var compName, compType, oamType, traitType, resourceType, resourceName string
-	if labels := manifest.GetLabels(); labels != nil {
-		compName = labels[oam.LabelAppComponent]
-		compType = labels[oam.WorkloadTypeLabel]
-		oamType = labels[oam.LabelOAMResourceType]
-		traitType = labels[oam.TraitTypeLabel]
-	}
-	resourceType = manifest.GetKind()
-	resourceName = manifest.GetName()
-	match := func(src []string, val string) (found *bool) {
-		if len(src) == 0 {
-			return nil
-		}
-		return pointer.Bool(val != "" && stringslices.Contains(src, val))
-	}
-	conditions := []*bool{
-		match(in.CompNames, compName),
-		match(in.CompTypes, compType),
-		match(in.OAMResourceTypes, oamType),
-		match(in.TraitTypes, traitType),
-		match(in.ResourceTypes, resourceType),
-		match(in.ResourceNames, resourceName),
-	}
-	hasMatched := false
-	for _, cond := range conditions {
-		// if any non-empty condition failed, return false
-		if cond != nil && !*cond {
-			return false
-		}
-		// if condition succeed, record it
-		if cond != nil && *cond {
-			hasMatched = true
-		}
-	}
-	// if at least one condition is met, return true
-	return hasMatched
-}
--- a/apis/core.oam.dev/v1alpha1/sharedresource_policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/sharedresource_policy_types.go
@@ -1,49 +0,0 @@
-/*
-Copyright 2022 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-const (
-	// SharedResourcePolicyType refers to the type of shared resource policy
-	SharedResourcePolicyType = "shared-resource"
-)
-
-// SharedResourcePolicySpec defines the spec of shared-resource policy
-type SharedResourcePolicySpec struct {
-	Rules []SharedResourcePolicyRule `json:"rules"`
-}
-
-// Type the type name of the policy
-func (in *SharedResourcePolicySpec) Type() string {
-	return SharedResourcePolicyType
-}
-
-// SharedResourcePolicyRule defines the rule for sharing resources
-type SharedResourcePolicyRule struct {
-	Selector ResourcePolicyRuleSelector `json:"selector"`
-}
-
-// FindStrategy return if the target resource should be shared
-func (in *SharedResourcePolicySpec) FindStrategy(manifest *unstructured.Unstructured) bool {
-	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
-			return true
-		}
-	}
-	return false
-}
--- a/apis/core.oam.dev/v1alpha1/sharedresource_policy_types_test.go
+++ b/apis/core.oam.dev/v1alpha1/sharedresource_policy_types_test.go
@@ -1,69 +0,0 @@
-/*
-Copyright 2022 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-)
-
-func TestSharedResourcePolicySpec_FindStrategy(t *testing.T) {
-	testCases := map[string]struct {
-		rules   []SharedResourcePolicyRule
-		input   *unstructured.Unstructured
-		matched bool
-	}{
-		"shared resource rule resourceName match": {
-			rules: []SharedResourcePolicyRule{{
-				Selector: ResourcePolicyRuleSelector{ResourceNames: []string{"example"}},
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"metadata": map[string]interface{}{
-					"name": "example",
-				},
-			}},
-			matched: true,
-		},
-		"shared resource rule resourceType match": {
-			rules: []SharedResourcePolicyRule{{
-				Selector: ResourcePolicyRuleSelector{ResourceTypes: []string{"ConfigMap", "Namespace"}},
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"kind": "Namespace",
-			}},
-			matched: true,
-		},
-		"shared resource rule mismatch": {
-			rules: []SharedResourcePolicyRule{{
-				Selector: ResourcePolicyRuleSelector{ResourceNames: []string{"mismatch"}},
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"kind": "Namespace",
-			}},
-			matched: false,
-		},
-	}
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			r := require.New(t)
-			spec := SharedResourcePolicySpec{Rules: tc.rules}
-			r.Equal(tc.matched, spec.FindStrategy(tc.input))
-		})
-	}
-}
--- a/apis/core.oam.dev/v1alpha1/takeover_policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/takeover_policy_types.go
@@ -1,49 +0,0 @@
-/*
-Copyright 2022 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-const (
-	// TakeOverPolicyType refers to the type of take-over policy
-	TakeOverPolicyType = "take-over"
-)
-
-// TakeOverPolicySpec defines the spec of take-over policy
-type TakeOverPolicySpec struct {
-	Rules []TakeOverPolicyRule `json:"rules"`
-}
-
-// Type the type name of the policy
-func (in *TakeOverPolicySpec) Type() string {
-	return TakeOverPolicyType
-}
-
-// TakeOverPolicyRule defines the rule for taking over resources
-type TakeOverPolicyRule struct {
-	Selector ResourcePolicyRuleSelector `json:"selector"`
-}
-
-// FindStrategy return if the target resource should be taken over
-func (in *TakeOverPolicySpec) FindStrategy(manifest *unstructured.Unstructured) bool {
-	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
-			return true
-		}
-	}
-	return false
-}
--- a/apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
@@ -585,44 +585,6 @@ func (in *PolicyList) DeepCopyObject() runtime.Object {
 	return nil
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ReadOnlyPolicyRule) DeepCopyInto(out *ReadOnlyPolicyRule) {
-	*out = *in
-	in.Selector.DeepCopyInto(&out.Selector)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadOnlyPolicyRule.
-func (in *ReadOnlyPolicyRule) DeepCopy() *ReadOnlyPolicyRule {
-	if in == nil {
-		return nil
-	}
-	out := new(ReadOnlyPolicyRule)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ReadOnlyPolicySpec) DeepCopyInto(out *ReadOnlyPolicySpec) {
-	*out = *in
-	if in.Rules != nil {
-		in, out := &in.Rules, &out.Rules
-		*out = make([]ReadOnlyPolicyRule, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadOnlyPolicySpec.
-func (in *ReadOnlyPolicySpec) DeepCopy() *ReadOnlyPolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ReadOnlyPolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RefObjectsComponentSpec) DeepCopyInto(out *RefObjectsComponentSpec) {
 	*out = *in
@@ -633,11 +595,6 @@ func (in *RefObjectsComponentSpec) DeepCopyInto(out *RefObjectsComponentSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.URLs != nil {
-		in, out := &in.URLs, &out.URLs
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RefObjectsComponentSpec.
@@ -650,31 +607,6 @@ func (in *RefObjectsComponentSpec) DeepCopy() *RefObjectsComponentSpec {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ReplicationPolicySpec) DeepCopyInto(out *ReplicationPolicySpec) {
-	*out = *in
-	if in.Keys != nil {
-		in, out := &in.Keys, &out.Keys
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.Selector != nil {
-		in, out := &in.Selector, &out.Selector
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationPolicySpec.
-func (in *ReplicationPolicySpec) DeepCopy() *ReplicationPolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ReplicationPolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ResourcePolicyRuleSelector) DeepCopyInto(out *ResourcePolicyRuleSelector) {
 	*out = *in
@@ -703,11 +635,6 @@ func (in *ResourcePolicyRuleSelector) DeepCopyInto(out *ResourcePolicyRuleSelect
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.ResourceNames != nil {
-		in, out := &in.ResourceNames, &out.ResourceNames
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyRuleSelector.
@@ -720,82 +647,6 @@ func (in *ResourcePolicyRuleSelector) DeepCopy() *ResourcePolicyRuleSelector {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SharedResourcePolicyRule) DeepCopyInto(out *SharedResourcePolicyRule) {
-	*out = *in
-	in.Selector.DeepCopyInto(&out.Selector)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedResourcePolicyRule.
-func (in *SharedResourcePolicyRule) DeepCopy() *SharedResourcePolicyRule {
-	if in == nil {
-		return nil
-	}
-	out := new(SharedResourcePolicyRule)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SharedResourcePolicySpec) DeepCopyInto(out *SharedResourcePolicySpec) {
-	*out = *in
-	if in.Rules != nil {
-		in, out := &in.Rules, &out.Rules
-		*out = make([]SharedResourcePolicyRule, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedResourcePolicySpec.
-func (in *SharedResourcePolicySpec) DeepCopy() *SharedResourcePolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(SharedResourcePolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *TakeOverPolicyRule) DeepCopyInto(out *TakeOverPolicyRule) {
-	*out = *in
-	in.Selector.DeepCopyInto(&out.Selector)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TakeOverPolicyRule.
-func (in *TakeOverPolicyRule) DeepCopy() *TakeOverPolicyRule {
-	if in == nil {
-		return nil
-	}
-	out := new(TakeOverPolicyRule)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *TakeOverPolicySpec) DeepCopyInto(out *TakeOverPolicySpec) {
-	*out = *in
-	if in.Rules != nil {
-		in, out := &in.Rules, &out.Rules
-		*out = make([]TakeOverPolicyRule, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TakeOverPolicySpec.
-func (in *TakeOverPolicySpec) DeepCopy() *TakeOverPolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(TakeOverPolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TopologyPolicySpec) DeepCopyInto(out *TopologyPolicySpec) {
 	*out = *in
@@ -811,3 +662,67 @@ func (in *TopologyPolicySpec) DeepCopy() *TopologyPolicySpec {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Workflow) DeepCopyInto(out *Workflow) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Steps != nil {
+		in, out := &in.Steps, &out.Steps
+		*out = make([]common.WorkflowStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workflow.
+func (in *Workflow) DeepCopy() *Workflow {
+	if in == nil {
+		return nil
+	}
+	out := new(Workflow)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Workflow) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowList) DeepCopyInto(out *WorkflowList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Workflow, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowList.
+func (in *WorkflowList) DeepCopy() *WorkflowList {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *WorkflowList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
--- a/apis/core.oam.dev/v1alpha2/core_trait_types.go
+++ b/apis/core.oam.dev/v1alpha2/core_trait_types.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
+
+	"github.com/oam-dev/kubevela/pkg/oam"
+)
+
+var _ oam.Trait = &ManualScalerTrait{}
+
+// A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait.
+type ManualScalerTraitSpec struct {
+	// ReplicaCount of the workload this trait applies to.
+	ReplicaCount int32 `json:"replicaCount"`
+
+	// WorkloadReference to the workload this trait applies to.
+	WorkloadReference corev1.ObjectReference `json:"workloadRef"`
+}
+
+// A ManualScalerTraitStatus represents the observed state of a
+// ManualScalerTrait.
+type ManualScalerTraitStatus struct {
+	condition.ConditionedStatus `json:",inline"`
+}
+
+// +kubebuilder:object:root=true
+
+// A ManualScalerTrait determines how many replicas a workload should have.
+// +kubebuilder:resource:categories={oam}
+// +kubebuilder:subresource:status
+type ManualScalerTrait struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ManualScalerTraitSpec   `json:"spec,omitempty"`
+	Status ManualScalerTraitStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ManualScalerTraitList contains a list of ManualScalerTrait.
+type ManualScalerTraitList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ManualScalerTrait `json:"items"`
+}
--- a/apis/core.oam.dev/v1alpha2/methods.go
+++ b/apis/core.oam.dev/v1alpha2/methods.go
@@ -24,6 +24,26 @@ import (
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 )

+// GetCondition of this ManualScalerTrait.
+func (tr *ManualScalerTrait) GetCondition(ct condition.ConditionType) condition.Condition {
+	return tr.Status.GetCondition(ct)
+}
+
+// SetConditions of this ManualScalerTrait.
+func (tr *ManualScalerTrait) SetConditions(c ...condition.Condition) {
+	tr.Status.SetConditions(c...)
+}
+
+// GetWorkloadReference of this ManualScalerTrait.
+func (tr *ManualScalerTrait) GetWorkloadReference() corev1.ObjectReference {
+	return tr.Spec.WorkloadReference
+}
+
+// SetWorkloadReference of this ManualScalerTrait.
+func (tr *ManualScalerTrait) SetWorkloadReference(r corev1.ObjectReference) {
+	tr.Spec.WorkloadReference = r
+}
+
 // GetCondition of this ApplicationConfiguration.
 func (ac *ApplicationConfiguration) GetCondition(ct condition.ConditionType) condition.Condition {
 	return ac.Status.GetCondition(ct)
--- a/apis/core.oam.dev/v1alpha2/register.go
+++ b/apis/core.oam.dev/v1alpha2/register.go
@@ -87,6 +87,14 @@ var (
 	ApplicationConfigurationGroupVersionKind = SchemeGroupVersion.WithKind(ApplicationConfigurationKind)
 )

+// ManualScalerTrait type metadata.
+var (
+	ManualScalerTraitKind             = reflect.TypeOf(ManualScalerTrait{}).Name()
+	ManualScalerTraitGroupKind        = schema.GroupKind{Group: Group, Kind: ManualScalerTraitKind}.String()
+	ManualScalerTraitKindAPIVersion   = ManualScalerTraitKind + "." + SchemeGroupVersion.String()
+	ManualScalerTraitGroupVersionKind = SchemeGroupVersion.WithKind(ManualScalerTraitKind)
+)
+
 // HealthScope type metadata.
 var (
 	HealthScopeKind             = reflect.TypeOf(HealthScope{}).Name()
@@ -118,6 +126,7 @@ func init() {
 	SchemeBuilder.Register(&ScopeDefinition{}, &ScopeDefinitionList{})
 	SchemeBuilder.Register(&Component{}, &ComponentList{})
 	SchemeBuilder.Register(&ApplicationConfiguration{}, &ApplicationConfigurationList{})
+	SchemeBuilder.Register(&ManualScalerTrait{}, &ManualScalerTraitList{})
 	SchemeBuilder.Register(&HealthScope{}, &HealthScopeList{})
 	SchemeBuilder.Register(&Application{}, &ApplicationList{})
 	SchemeBuilder.Register(&ApplicationRevision{}, &ApplicationRevisionList{})
--- a/apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go
@@ -1520,6 +1520,97 @@ func (in *HistoryWorkload) DeepCopy() *HistoryWorkload {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTrait) DeepCopyInto(out *ManualScalerTrait) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTrait.
+func (in *ManualScalerTrait) DeepCopy() *ManualScalerTrait {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTrait)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManualScalerTrait) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTraitList) DeepCopyInto(out *ManualScalerTraitList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ManualScalerTrait, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTraitList.
+func (in *ManualScalerTraitList) DeepCopy() *ManualScalerTraitList {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTraitList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManualScalerTraitList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTraitSpec) DeepCopyInto(out *ManualScalerTraitSpec) {
+	*out = *in
+	out.WorkloadReference = in.WorkloadReference
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTraitSpec.
+func (in *ManualScalerTraitSpec) DeepCopy() *ManualScalerTraitSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTraitSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTraitStatus) DeepCopyInto(out *ManualScalerTraitStatus) {
+	*out = *in
+	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTraitStatus.
+func (in *ManualScalerTraitStatus) DeepCopy() *ManualScalerTraitStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTraitStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MemoryResources) DeepCopyInto(out *MemoryResources) {
 	*out = *in
--- a/apis/core.oam.dev/v1beta1/application_types.go
+++ b/apis/core.oam.dev/v1beta1/application_types.go
@@ -23,8 +23,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"

-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 )
@@ -51,11 +49,13 @@ type AppPolicy struct {
 	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }

+// WorkflowStep defines how to execute a workflow step.
+type WorkflowStep common.WorkflowStep
+
 // Workflow defines workflow steps and other attributes
 type Workflow struct {
-	Ref   string                                `json:"ref,omitempty"`
-	Mode  *workflowv1alpha1.WorkflowExecuteMode `json:"mode,omitempty"`
-	Steps []workflowv1alpha1.WorkflowStep       `json:"steps,omitempty"`
+	Ref   string         `json:"ref,omitempty"`
+	Steps []WorkflowStep `json:"steps,omitempty"`
 }

 // ApplicationSpec is the spec of Application
--- a/apis/core.oam.dev/v1beta1/applicationrevision_types.go
+++ b/apis/core.oam.dev/v1beta1/applicationrevision_types.go
@@ -17,10 +17,6 @@
 package v1beta1

 import (
-	"encoding/json"
-
-	"github.com/kubevela/pkg/util/compression"
-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
@@ -31,16 +27,6 @@ import (

 // ApplicationRevisionSpec is the spec of ApplicationRevision
 type ApplicationRevisionSpec struct {
-	// ApplicationRevisionCompressibleFields represents all the fields that can be compressed.
-	ApplicationRevisionCompressibleFields `json:",inline"`
-
-	// Compression represents the compressed components in apprev in base64 (if compression is enabled).
-	Compression ApplicationRevisionCompression `json:"compression,omitempty"`
-}
-
-// ApplicationRevisionCompressibleFields represents all the fields that can be compressed.
-// So we can better organize them and compress only the compressible fields.
-type ApplicationRevisionCompressibleFields struct {
 	// Application records the snapshot of the created/modified Application
 	Application Application `json:"application"`

@@ -69,74 +55,19 @@ type ApplicationRevisionCompressibleFields struct {
 	Policies map[string]v1alpha1.Policy `json:"policies,omitempty"`

 	// Workflow records the external workflow
-	Workflow *workflowv1alpha1.Workflow `json:"workflow,omitempty"`
+	Workflow *v1alpha1.Workflow `json:"workflow,omitempty"`

 	// ReferredObjects records the referred objects used in the ref-object typed components
 	// +kubebuilder:pruning:PreserveUnknownFields
 	ReferredObjects []common.ReferredObject `json:"referredObjects,omitempty"`
 }

-// ApplicationRevisionCompression represents the compressed components in apprev in base64.
-type ApplicationRevisionCompression struct {
-	compression.CompressedText `json:",inline"`
-}
-
-// MarshalJSON serves the same purpose as the one in ResourceTrackerSpec.
-func (apprev *ApplicationRevisionSpec) MarshalJSON() ([]byte, error) {
-	type Alias ApplicationRevisionSpec
-	tmp := &struct {
-		*Alias
-	}{}
-
-	if apprev.Compression.Type == compression.Uncompressed {
-		tmp.Alias = (*Alias)(apprev)
-	} else {
-		cpy := apprev.DeepCopy()
-		err := cpy.Compression.EncodeFrom(cpy.ApplicationRevisionCompressibleFields)
-		cpy.ApplicationRevisionCompressibleFields = ApplicationRevisionCompressibleFields{
-			// Application needs to have components.
-			Application: Application{Spec: ApplicationSpec{Components: []common.ApplicationComponent{}}},
-		}
-		if err != nil {
-			return nil, err
-		}
-		tmp.Alias = (*Alias)(cpy)
-	}
-
-	return json.Marshal(tmp.Alias)
-}
-
-// UnmarshalJSON serves the same purpose as the one in ResourceTrackerSpec.
-func (apprev *ApplicationRevisionSpec) UnmarshalJSON(data []byte) error {
-	type Alias ApplicationRevisionSpec
-	tmp := &struct {
-		*Alias
-	}{}
-
-	if err := json.Unmarshal(data, tmp); err != nil {
-		return err
-	}
-
-	if tmp.Compression.Type != compression.Uncompressed {
-		err := tmp.Compression.DecodeTo(&tmp.ApplicationRevisionCompressibleFields)
-		if err != nil {
-			return err
-		}
-		tmp.Compression.Clean()
-	}
-
-	(*ApplicationRevisionSpec)(tmp.Alias).DeepCopyInto(apprev)
-	return nil
-}
-
 // ApplicationRevisionStatus is the status of ApplicationRevision
 type ApplicationRevisionStatus struct {
 	// Succeeded records if the workflow finished running with success
 	Succeeded bool `json:"succeeded"`
 	// Workflow the running status of the workflow
 	Workflow *common.WorkflowStatus `json:"workflow,omitempty"`
-	// Record the context values to the revision.
-	WorkflowContext map[string]string `json:"workflowContext,omitempty"`
 }

 // +kubebuilder:object:root=true
--- a/apis/core.oam.dev/v1beta1/applicationrevision_types_test.go
+++ b/apis/core.oam.dev/v1beta1/applicationrevision_types_test.go
@@ -1,86 +0,0 @@
-/*
-Copyright 2021 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1beta1
-
-import (
-	"encoding/json"
-	"fmt"
-	"testing"
-
-	"github.com/kubevela/pkg/util/compression"
-	"github.com/stretchr/testify/assert"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-)
-
-func TestApplicationRevisionCompression(t *testing.T) {
-	// Fill data
-	spec := &ApplicationRevisionSpec{}
-	spec.Application = Application{Spec: ApplicationSpec{Components: []common.ApplicationComponent{{Name: "test-name"}}}}
-	spec.ComponentDefinitions = make(map[string]ComponentDefinition)
-	spec.ComponentDefinitions["def"] = ComponentDefinition{Spec: ComponentDefinitionSpec{PodSpecPath: "path"}}
-	spec.WorkloadDefinitions = make(map[string]WorkloadDefinition)
-	spec.WorkloadDefinitions["def"] = WorkloadDefinition{Spec: WorkloadDefinitionSpec{Reference: common.DefinitionReference{Name: "testdef"}}}
-	spec.TraitDefinitions = make(map[string]TraitDefinition)
-	spec.TraitDefinitions["def"] = TraitDefinition{Spec: TraitDefinitionSpec{ControlPlaneOnly: true}}
-	spec.ScopeDefinitions = make(map[string]ScopeDefinition)
-	spec.ScopeDefinitions["def"] = ScopeDefinition{Spec: ScopeDefinitionSpec{AllowComponentOverlap: true}}
-	spec.PolicyDefinitions = make(map[string]PolicyDefinition)
-	spec.PolicyDefinitions["def"] = PolicyDefinition{Spec: PolicyDefinitionSpec{ManageHealthCheck: true}}
-	spec.WorkflowStepDefinitions = make(map[string]WorkflowStepDefinition)
-	spec.WorkflowStepDefinitions["def"] = WorkflowStepDefinition{Spec: WorkflowStepDefinitionSpec{Reference: common.DefinitionReference{Name: "testname"}}}
-	spec.ReferredObjects = []common.ReferredObject{{RawExtension: runtime.RawExtension{Raw: []byte("123")}}}
-
-	testAppRev := &ApplicationRevision{Spec: *spec}
-
-	marshalAndUnmarshal := func(in *ApplicationRevision) (*ApplicationRevision, int) {
-		out := &ApplicationRevision{}
-		b, err := json.Marshal(in)
-		assert.NoError(t, err)
-		if in.Spec.Compression.Type != compression.Uncompressed {
-			assert.Contains(t, string(b), fmt.Sprintf("\"type\":\"%s\",\"data\":\"", in.Spec.Compression.Type))
-		}
-		err = json.Unmarshal(b, out)
-		assert.NoError(t, err)
-		assert.Equal(t, out.Spec.Compression.Type, in.Spec.Compression.Type)
-		assert.Equal(t, out.Spec.Compression.Data, "")
-		return out, len(b)
-	}
-
-	// uncompressed
-	testAppRev.Spec.Compression.SetType(compression.Uncompressed)
-	uncomp, uncompsize := marshalAndUnmarshal(testAppRev)
-
-	// zstd compressed
-	testAppRev.Spec.Compression.SetType(compression.Zstd)
-	zstdcomp, zstdsize := marshalAndUnmarshal(testAppRev)
-	// We will compare content later. Clear compression methods since it will interfere
-	// comparison and is verified earlier.
-	zstdcomp.Spec.Compression.SetType(compression.Uncompressed)
-
-	// gzip compressed
-	testAppRev.Spec.Compression.SetType(compression.Gzip)
-	gzipcomp, gzipsize := marshalAndUnmarshal(testAppRev)
-	gzipcomp.Spec.Compression.SetType(compression.Uncompressed)
-
-	assert.Equal(t, uncomp, zstdcomp)
-	assert.Equal(t, zstdcomp, gzipcomp)
-
-	assert.Less(t, zstdsize, uncompsize)
-	assert.Less(t, gzipsize, uncompsize)
-}
--- a/apis/core.oam.dev/v1beta1/core_types.go
+++ b/apis/core.oam.dev/v1beta1/core_types.go
@@ -120,7 +120,7 @@ type TraitDefinitionSpec struct {
 	PodDisruptive bool `json:"podDisruptive,omitempty"`

 	// AppliesToWorkloads specifies the list of workload kinds this trait
-	// applies to. Workload kinds are specified in resource.group/version format,
+	// applies to. Workload kinds are specified in kind.group/version format,
 	// e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to
 	// all workload kinds.
 	// +optional
@@ -138,8 +138,7 @@ type TraitDefinitionSpec struct {
 	// +optional
 	ConflictsWith []string `json:"conflictsWith,omitempty"`

-	// Schematic defines the data format and template of the encapsulation of the trait.
-	// Only CUE and Kube schematic are supported for now.
+	// Schematic defines the data format and template of the encapsulation of the trait
 	// +optional
 	Schematic *common.Schematic `json:"schematic,omitempty"`

@@ -155,32 +154,14 @@ type TraitDefinitionSpec struct {
 	// ManageWorkload defines the trait would be responsible for creating the workload
 	// +optional
 	ManageWorkload bool `json:"manageWorkload,omitempty"`
+	// SkipRevisionAffect defines the update this trait will not generate a new application Revision
+	// +optional
+	SkipRevisionAffect bool `json:"skipRevisionAffect,omitempty"`
 	// ControlPlaneOnly defines which cluster is dispatched to
 	// +optional
 	ControlPlaneOnly bool `json:"controlPlaneOnly,omitempty"`
-
-	// Stage defines the stage information to which this trait resource processing belongs.
-	// Currently, PreDispatch and PostDispatch are provided, which are used to control resource
-	// pre-process and post-process respectively.
-	// +optional
-	Stage StageType `json:"stage,omitempty"`
 }

-// StageType describes how the manifests should be dispatched.
-// Only one of the following stage types may be specified.
-// If none of the following types is specified, the default one
-// is DefaultDispatch.
-type StageType string
-
-const (
-	// PreDispatch means that pre dispatch for manifests
-	PreDispatch StageType = "PreDispatch"
-	// DefaultDispatch means that default dispatch for manifests
-	DefaultDispatch StageType = "DefaultDispatch"
-	// PostDispatch means that post dispatch for manifests
-	PostDispatch StageType = "PostDispatch"
-)
-
 // TraitDefinitionStatus is the status of TraitDefinition
 type TraitDefinitionStatus struct {
 	// ConditionedStatus reflects the observed status of a resource
--- a/apis/core.oam.dev/v1beta1/policy_definition.go
+++ b/apis/core.oam.dev/v1beta1/policy_definition.go
@@ -29,8 +29,7 @@ type PolicyDefinitionSpec struct {
 	// Reference to the CustomResourceDefinition that defines this trait kind.
 	Reference common.DefinitionReference `json:"definitionRef,omitempty"`

-	// Schematic defines the data format and template of the encapsulation of the policy definition.
-	// Only CUE schematic is supported for now.
+	// Schematic defines the data format and template of the encapsulation of the policy definition
 	// +optional
 	Schematic *common.Schematic `json:"schematic,omitempty"`

--- a/apis/core.oam.dev/v1beta1/register.go
+++ b/apis/core.oam.dev/v1beta1/register.go
@@ -20,7 +20,6 @@ import (
 	"reflect"

 	"k8s.io/apimachinery/pkg/runtime/schema"
-	k8sscheme "k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"

 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
@@ -134,7 +133,6 @@ func init() {
 	SchemeBuilder.Register(&Application{}, &ApplicationList{})
 	SchemeBuilder.Register(&ApplicationRevision{}, &ApplicationRevisionList{})
 	SchemeBuilder.Register(&ResourceTracker{}, &ResourceTrackerList{})
-	_ = SchemeBuilder.AddToScheme(k8sscheme.Scheme)
 }

 // Resource takes an unqualified resource and returns a Group qualified GroupResource
--- a/apis/core.oam.dev/v1beta1/resourcetracker_types.go
+++ b/apis/core.oam.dev/v1beta1/resourcetracker_types.go
@@ -21,21 +21,19 @@ import (
 	"reflect"
 	"strings"

-	"github.com/pkg/errors"
-	corev1 "k8s.io/api/core/v1"
+	errors2 "github.com/pkg/errors"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/kubevela/pkg/util/compression"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/apis/interfaces"
 	velatypes "github.com/oam-dev/kubevela/apis/types"
 	"github.com/oam-dev/kubevela/pkg/oam"
-	velaerr "github.com/oam-dev/kubevela/pkg/utils/errors"
+	"github.com/oam-dev/kubevela/pkg/utils/errors"
 )

 // +kubebuilder:object:root=true
@@ -71,60 +69,9 @@ const (

 // ResourceTrackerSpec define the spec of resourceTracker
 type ResourceTrackerSpec struct {
-	Type                  ResourceTrackerType        `json:"type,omitempty"`
-	ApplicationGeneration int64                      `json:"applicationGeneration"`
-	ManagedResources      []ManagedResource          `json:"managedResources,omitempty"`
-	Compression           ResourceTrackerCompression `json:"compression,omitempty"`
-}
-
-// ResourceTrackerCompression represents the compressed components in ResourceTracker.
-type ResourceTrackerCompression struct {
-	compression.CompressedText `json:",inline"`
-}
-
-// MarshalJSON will encode ResourceTrackerSpec according to the compression type. If type specified,
-// it will encode data to compression data.
-// Note: this is not the standard json Marshal process but re-use the framework function.
-func (in *ResourceTrackerSpec) MarshalJSON() ([]byte, error) {
-	type Alias ResourceTrackerSpec
-	tmp := &struct{ *Alias }{}
-
-	if in.Compression.Type == compression.Uncompressed {
-		tmp.Alias = (*Alias)(in)
-	} else {
-		cpy := in.DeepCopy()
-		cpy.ManagedResources = nil
-		err := cpy.Compression.EncodeFrom(in.ManagedResources)
-		if err != nil {
-			return nil, err
-		}
-		tmp.Alias = (*Alias)(cpy)
-	}
-
-	return json.Marshal(tmp.Alias)
-}
-
-// UnmarshalJSON will decode ResourceTrackerSpec according to the compression type. If type specified,
-// it will decode data from compression data.
-// Note: this is not the standard json Unmarshal process but re-use the framework function.
-func (in *ResourceTrackerSpec) UnmarshalJSON(src []byte) error {
-	type Alias ResourceTrackerSpec
-	tmp := &struct{ *Alias }{}
-	if err := json.Unmarshal(src, tmp); err != nil {
-		return err
-	}
-
-	if tmp.Compression.Type != compression.Uncompressed {
-		tmp.ManagedResources = []ManagedResource{}
-		err := tmp.Compression.DecodeTo(&tmp.ManagedResources)
-		if err != nil {
-			return err
-		}
-		tmp.Compression.Clean()
-	}
-
-	(*ResourceTrackerSpec)(tmp.Alias).DeepCopyInto(in)
-	return nil
+	Type                  ResourceTrackerType `json:"type,omitempty"`
+	ApplicationGeneration int64               `json:"applicationGeneration"`
+	ManagedResources      []ManagedResource   `json:"managedResources,omitempty"`
 }

 // ManagedResource define the resource to be managed by ResourceTracker
@@ -135,8 +82,6 @@ type ManagedResource struct {
 	Data *runtime.RawExtension `json:"raw,omitempty"`
 	// Deleted marks the resource to be deleted
 	Deleted bool `json:"deleted,omitempty"`
-	// SkipGC marks the resource to skip gc
-	SkipGC bool `json:"skipGC,omitempty"`
 }

 // Equal check if two managed resource equals
@@ -176,13 +121,12 @@ func (in ManagedResource) NamespacedName() types.NamespacedName {

 // ResourceKey computes the key for managed resource, resources with the same key points to the same resource
 func (in ManagedResource) ResourceKey() string {
-	group := in.GroupVersionKind().Group
-	kind := in.GroupVersionKind().Kind
+	gv, kind := in.GroupVersionKind().ToAPIVersionAndKind()
 	cluster := in.Cluster
 	if cluster == "" {
 		cluster = velatypes.ClusterLocalName
 	}
-	return strings.Join([]string{group, kind, cluster, in.Namespace, in.Name}, "/")
+	return strings.Join([]string{gv, kind, cluster, in.Namespace, in.Name}, "/")
 }

 // ComponentKey computes the key for the component which managed resource belongs to
@@ -193,7 +137,7 @@ func (in ManagedResource) ComponentKey() string {
 // UnmarshalTo unmarshal ManagedResource into target object
 func (in ManagedResource) UnmarshalTo(obj interface{}) error {
 	if in.Data == nil || in.Data.Raw == nil {
-		return velaerr.ManagedResourceHasNoDataError{}
+		return errors.ManagedResourceHasNoDataError{}
 	}
 	return json.Unmarshal(in.Data.Raw, obj)
 }
@@ -214,7 +158,7 @@ func (in ManagedResource) ToUnstructured() *unstructured.Unstructured {
 func (in ManagedResource) ToUnstructuredWithData() (*unstructured.Unstructured, error) {
 	obj := in.ToUnstructured()
 	if err := in.UnmarshalTo(obj); err != nil {
-		if errors.Is(err, velaerr.ManagedResourceHasNoDataError{}) {
+		if errors2.Is(err, errors.ManagedResourceHasNoDataError{}) {
 			return nil, err
 		}
 	}
@@ -251,7 +195,7 @@ func newManagedResourceFromResource(rsc client.Object) ManagedResource {
 	gvk := rsc.GetObjectKind().GroupVersionKind()
 	return ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
-			ObjectReference: corev1.ObjectReference{
+			ObjectReference: v1.ObjectReference{
 				APIVersion: gvk.GroupVersion().String(),
 				Kind:       gvk.Kind,
 				Name:       rsc.GetName(),
@@ -271,9 +215,8 @@ func (in *ResourceTracker) ContainsManagedResource(rsc client.Object) bool {
 }

 // AddManagedResource add object to managed resources, if exists, update
-func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool, skipGC bool, creator string) (updated bool) {
+func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool, creator common.ResourceCreatorRole) (updated bool) {
 	mr := newManagedResourceFromResource(rsc)
-	mr.SkipGC = skipGC
 	if !metaOnly {
 		mr.Data = &runtime.RawExtension{Object: rsc}
 	}
@@ -299,7 +242,7 @@ func (in *ResourceTracker) DeleteManagedResource(rsc client.Object, remove bool)
 	gvk := rsc.GetObjectKind().GroupVersionKind()
 	mr := ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
-			ObjectReference: corev1.ObjectReference{
+			ObjectReference: v1.ObjectReference{
 				APIVersion: gvk.GroupVersion().String(),
 				Kind:       gvk.Kind,
 				Name:       rsc.GetName(),
@@ -342,7 +285,7 @@ func (in *ResourceTracker) addClusterObjectReference(ref common.ClusterObjectRef
 // Deprecated
 func (in *ResourceTracker) AddTrackedResource(rsc interfaces.TrackableResource) bool {
 	return in.addClusterObjectReference(common.ClusterObjectReference{
-		ObjectReference: corev1.ObjectReference{
+		ObjectReference: v1.ObjectReference{
 			APIVersion: rsc.GetAPIVersion(),
 			Kind:       rsc.GetKind(),
 			Name:       rsc.GetName(),
--- a/apis/core.oam.dev/v1beta1/resourcetracker_types_test.go
+++ b/apis/core.oam.dev/v1beta1/resourcetracker_types_test.go
@@ -18,17 +18,12 @@ package v1beta1

 import (
 	"encoding/json"
-	"fmt"
-	"os"
-	"strings"
 	"testing"
-	"time"

-	"github.com/kubevela/pkg/util/compression"
 	"github.com/stretchr/testify/require"
-	appsv1 "k8s.io/api/apps/v1"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v12 "k8s.io/api/apps/v1"
+	v1 "k8s.io/api/core/v1"
+	v13 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/utils/pointer"
@@ -116,10 +111,10 @@ func TestManagedResourceKeys(t *testing.T) {
 	input := ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
 			Cluster: "cluster",
-			ObjectReference: corev1.ObjectReference{
+			ObjectReference: v1.ObjectReference{
 				Namespace:  "namespace",
 				Name:       "name",
-				APIVersion: appsv1.SchemeGroupVersion.String(),
+				APIVersion: v12.SchemeGroupVersion.String(),
 				Kind:       "Deployment",
 			},
 		},
@@ -130,10 +125,10 @@ func TestManagedResourceKeys(t *testing.T) {
 		},
 	}
 	r.Equal("namespace/name", input.NamespacedName().String())
-	r.Equal("apps/Deployment/cluster/namespace/name", input.ResourceKey())
+	r.Equal("apps/v1/Deployment/cluster/namespace/name", input.ResourceKey())
 	r.Equal("env/component", input.ComponentKey())
 	r.Equal("Deployment name (Cluster: cluster, Namespace: namespace)", input.DisplayName())
-	var deploy1, deploy2 appsv1.Deployment
+	var deploy1, deploy2 v12.Deployment
 	deploy1.Spec.Replicas = pointer.Int32(5)
 	bs, err := json.Marshal(deploy1)
 	r.NoError(err)
@@ -160,17 +155,17 @@ func TestManagedResourceKeys(t *testing.T) {
 func TestResourceTracker_ManagedResource(t *testing.T) {
 	r := require.New(t)
 	input := &ResourceTracker{}
-	deploy1 := appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "deploy1"}}
-	input.AddManagedResource(&deploy1, true, false, "")
+	deploy1 := v12.Deployment{ObjectMeta: v13.ObjectMeta{Name: "deploy1"}}
+	input.AddManagedResource(&deploy1, true, "")
 	r.Equal(1, len(input.Spec.ManagedResources))
-	cm2 := corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "cm2"}}
-	input.AddManagedResource(&cm2, false, false, "")
+	cm2 := v1.ConfigMap{ObjectMeta: v13.ObjectMeta{Name: "cm2"}}
+	input.AddManagedResource(&cm2, false, "")
 	r.Equal(2, len(input.Spec.ManagedResources))
-	pod3 := corev1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "pod3"}}
-	input.AddManagedResource(&pod3, false, false, "")
+	pod3 := v1.Pod{ObjectMeta: v13.ObjectMeta{Name: "pod3"}}
+	input.AddManagedResource(&pod3, false, "")
 	r.Equal(3, len(input.Spec.ManagedResources))
 	deploy1.Spec.Replicas = pointer.Int32(5)
-	input.AddManagedResource(&deploy1, false, false, "")
+	input.AddManagedResource(&deploy1, false, "")
 	r.Equal(3, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&cm2, false)
 	r.Equal(3, len(input.Spec.ManagedResources))
@@ -181,170 +176,9 @@ func TestResourceTracker_ManagedResource(t *testing.T) {
 	r.Equal(1, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&pod3, true)
 	r.Equal(0, len(input.Spec.ManagedResources))
-	secret4 := corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "secret4"}}
+	secret4 := v1.Secret{ObjectMeta: v13.ObjectMeta{Name: "secret4"}}
 	input.DeleteManagedResource(&secret4, true)
 	r.Equal(0, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&secret4, false)
 	r.Equal(1, len(input.Spec.ManagedResources))
 }
-
-func TestResourceTrackerCompression(t *testing.T) {
-	count := 20
-	r := require.New(t)
-
-	// Load some real CRDs, and other test data to simulate real use-cases.
-	// The user must have some large resourcetrackers if they use compression,
-	// so we load some large CRDs.
-	var data []string
-	paths := []string{
-		"../../../charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_applications.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_healthscopes.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml",
-		"../../../charts/vela-core/crds/standard.oam.dev_rollouts.yaml",
-		"../../../charts/vela-core/templates/kubevela-controller.yaml",
-		"../../../charts/vela-core/README.md",
-		"../../../pkg/velaql/providers/query/testdata/machinelearning.seldon.io_seldondeployments.yaml",
-		"../../../legacy/charts/vela-core-legacy/crds/standard.oam.dev_podspecworkloads.yaml",
-	}
-	for _, p := range paths {
-		b, err := os.ReadFile(p)
-		r.NoError(err)
-		data = append(data, string(b))
-	}
-	size := len(data)
-
-	// Gzip
-	var (
-		gzipCompressTime int64
-		gzipSize         int
-		gzipBs           []byte
-	)
-	for c := 0; c < count; c++ {
-		var err error
-		rtGzip := &ResourceTracker{}
-		for i := 0; i < size; i++ {
-			rtGzip.AddManagedResource(&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("cm%d", i)}, Data: map[string]string{"1": data[i]}}, false, false, "")
-			rtGzip.AddManagedResource(&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("secret%d", i)}}, true, false, "")
-		}
-		rtGzip.Spec.Compression.Type = compression.Gzip
-		// Compress
-		t0 := time.Now()
-		gzipBs, err = json.Marshal(rtGzip)
-		elapsed := time.Since(t0).Nanoseconds()
-		if gzipCompressTime == 0 {
-			gzipCompressTime = elapsed
-		} else {
-			gzipCompressTime = (elapsed + gzipCompressTime) / 2
-		}
-		if gzipSize == 0 {
-			gzipSize = len(gzipBs)
-		} else {
-			gzipSize = (len(gzipBs) + gzipSize) / 2
-		}
-		r.NoError(err)
-		r.Contains(string(gzipBs), `"type":"gzip","data":`)
-	}
-
-	// Zstd
-	var (
-		zstdCompressTime int64
-		zstdSize         int
-		zstdBs           []byte
-	)
-	for c := 0; c < count; c++ {
-		var err error
-		rtZstd := &ResourceTracker{}
-		for i := 0; i < size; i++ {
-			rtZstd.AddManagedResource(&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("cm%d", i)}, Data: map[string]string{"1": data[i]}}, false, false, "")
-			rtZstd.AddManagedResource(&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("secret%d", i)}}, true, false, "")
-		}
-		rtZstd.Spec.Compression.Type = compression.Zstd
-		t0 := time.Now()
-		zstdBs, err = json.Marshal(rtZstd)
-		elapsed := time.Since(t0).Nanoseconds()
-		if zstdCompressTime == 0 {
-			zstdCompressTime = elapsed
-		} else {
-			zstdCompressTime = (elapsed + zstdCompressTime) / 2
-		}
-		if zstdSize == 0 {
-			zstdSize = len(zstdBs)
-		} else {
-			zstdSize = (len(zstdBs) + zstdSize) / 2
-		}
-		r.NoError(err)
-		r.Contains(string(zstdBs), `"type":"zstd","data":`)
-	}
-
-	rtUncmp := &ResourceTracker{}
-	r.NoError(json.Unmarshal(gzipBs, rtUncmp))
-	r.Equal(size*2, len(rtUncmp.Spec.ManagedResources))
-	for i, rsc := range rtUncmp.Spec.ManagedResources {
-		r.Equal(i%2 == 1, rsc.Data == nil)
-	}
-	r.NoError(json.Unmarshal(zstdBs, rtUncmp))
-	r.Equal(size*2, len(rtUncmp.Spec.ManagedResources))
-	for i, rsc := range rtUncmp.Spec.ManagedResources {
-		r.Equal(i%2 == 1, rsc.Data == nil)
-	}
-	// No compression
-	var (
-		uncmpTime int64
-		uncmpSize int
-	)
-	rtUncmp.Spec.Compression.Type = compression.Uncompressed
-	for c := 0; c < count; c++ {
-		t0 := time.Now()
-		_bs, err := json.Marshal(rtUncmp)
-		if uncmpTime == 0 {
-			uncmpTime = time.Since(t0).Nanoseconds()
-		} else {
-			uncmpTime = (time.Since(t0).Nanoseconds() + uncmpTime) / 2
-		}
-		if uncmpSize == 0 {
-			uncmpSize = len(_bs)
-		} else {
-			uncmpSize = (len(_bs) + uncmpSize) / 2
-		}
-		r.NoError(err)
-		before, after := len(_bs), len(zstdBs)
-		r.Less(after, before)
-		before, after = len(_bs), len(gzipBs)
-		r.Less(after, before)
-	}
-
-	fmt.Printf(`Compressed Size:
-  uncompressed: %d bytes	100.00%%
-  gzip:         %d bytes	%.2f%%
-  zstd:         %d bytes	%.2f%%
-`,
-		uncmpSize,
-		gzipSize, float64(gzipSize)*100.0/float64(uncmpSize),
-		zstdSize, float64(zstdSize)*100.0/float64(uncmpSize))
-
-	fmt.Printf(`Marshal Time:
-  no compression: %d ns	1.00x
-  gzip:           %d ns	%.2fx
-  zstd:           %d ns	%.2fx
-`,
-		uncmpTime,
-		gzipCompressTime, float64(gzipCompressTime)/float64(uncmpTime),
-		zstdCompressTime, float64(zstdCompressTime)/float64(uncmpTime),
-	)
-}
-
-func TestResourceTrackerInvalidMarshal(t *testing.T) {
-	r := require.New(t)
-	rt := &ResourceTracker{}
-	rt.Spec.Compression.Type = "invalid"
-	_, err := json.Marshal(rt)
-	r.ErrorIs(err, compression.NewUnsupportedCompressionTypeError("invalid"))
-	r.True(strings.Contains(err.Error(), "invalid"))
-	r.ErrorIs(json.Unmarshal([]byte(`{"spec":{"compression":{"type":"invalid"}}}`), rt), compression.NewUnsupportedCompressionTypeError("invalid"))
-	r.NotNil(json.Unmarshal([]byte(`{"spec":{"compression":{"type":"gzip","data":"xxx"}}}`), rt))
-	r.NotNil(json.Unmarshal([]byte(`{"spec":["invalid"]}`), rt))
-}
--- a/apis/core.oam.dev/v1beta1/workflow_step_definition.go
+++ b/apis/core.oam.dev/v1beta1/workflow_step_definition.go
@@ -29,8 +29,7 @@ type WorkflowStepDefinitionSpec struct {
 	// Reference to the CustomResourceDefinition that defines this trait kind.
 	Reference common.DefinitionReference `json:"definitionRef,omitempty"`

-	// Schematic defines the data format and template of the encapsulation of the workflow step definition.
-	// Only CUE schematic is supported for now.
+	// Schematic defines the data format and template of the encapsulation of the workflow step definition
 	// +optional
 	Schematic *common.Schematic `json:"schematic,omitempty"`
 }
--- a/apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
@@ -22,12 +22,11 @@ limitations under the License.
 package v1beta1

 import (
-	"github.com/kubevela/workflow/api/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-	core_oam_devv1alpha1 "github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -137,7 +136,39 @@ func (in *ApplicationRevision) DeepCopyObject() runtime.Object {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRevisionCompressibleFields) {
+func (in *ApplicationRevisionList) DeepCopyInto(out *ApplicationRevisionList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ApplicationRevision, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionList.
+func (in *ApplicationRevisionList) DeepCopy() *ApplicationRevisionList {
+	if in == nil {
+		return nil
+	}
+	out := new(ApplicationRevisionList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ApplicationRevisionList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ApplicationRevisionSpec) DeepCopyInto(out *ApplicationRevisionSpec) {
 	*out = *in
 	in.Application.DeepCopyInto(&out.Application)
 	if in.ComponentDefinitions != nil {
@@ -191,7 +222,7 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
 	}
 	if in.Policies != nil {
 		in, out := &in.Policies, &out.Policies
-		*out = make(map[string]core_oam_devv1alpha1.Policy, len(*in))
+		*out = make(map[string]v1alpha1.Policy, len(*in))
 		for key, val := range *in {
 			(*out)[key] = *val.DeepCopy()
 		}
@@ -210,71 +241,6 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
 	}
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionCompressibleFields.
-func (in *ApplicationRevisionCompressibleFields) DeepCopy() *ApplicationRevisionCompressibleFields {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationRevisionCompressibleFields)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationRevisionCompression) DeepCopyInto(out *ApplicationRevisionCompression) {
-	*out = *in
-	out.CompressedText = in.CompressedText
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionCompression.
-func (in *ApplicationRevisionCompression) DeepCopy() *ApplicationRevisionCompression {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationRevisionCompression)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationRevisionList) DeepCopyInto(out *ApplicationRevisionList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]ApplicationRevision, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionList.
-func (in *ApplicationRevisionList) DeepCopy() *ApplicationRevisionList {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationRevisionList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ApplicationRevisionList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationRevisionSpec) DeepCopyInto(out *ApplicationRevisionSpec) {
-	*out = *in
-	in.ApplicationRevisionCompressibleFields.DeepCopyInto(&out.ApplicationRevisionCompressibleFields)
-	out.Compression = in.Compression
-}
-
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionSpec.
 func (in *ApplicationRevisionSpec) DeepCopy() *ApplicationRevisionSpec {
 	if in == nil {
@@ -293,13 +259,6 @@ func (in *ApplicationRevisionStatus) DeepCopyInto(out *ApplicationRevisionStatus
 		*out = new(common.WorkflowStatus)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.WorkflowContext != nil {
-		in, out := &in.WorkflowContext, &out.WorkflowContext
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionStatus.
@@ -691,22 +650,6 @@ func (in *ResourceTracker) DeepCopyObject() runtime.Object {
 	return nil
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ResourceTrackerCompression) DeepCopyInto(out *ResourceTrackerCompression) {
-	*out = *in
-	out.CompressedText = in.CompressedText
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceTrackerCompression.
-func (in *ResourceTrackerCompression) DeepCopy() *ResourceTrackerCompression {
-	if in == nil {
-		return nil
-	}
-	out := new(ResourceTrackerCompression)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ResourceTrackerList) DeepCopyInto(out *ResourceTrackerList) {
 	*out = *in
@@ -749,7 +692,6 @@ func (in *ResourceTrackerSpec) DeepCopyInto(out *ResourceTrackerSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	out.Compression = in.Compression
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceTrackerSpec.
@@ -985,14 +927,9 @@ func (in *TraitDefinitionStatus) DeepCopy() *TraitDefinitionStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Workflow) DeepCopyInto(out *Workflow) {
 	*out = *in
-	if in.Mode != nil {
-		in, out := &in.Mode, &out.Mode
-		*out = new(v1alpha1.WorkflowExecuteMode)
-		**out = **in
-	}
 	if in.Steps != nil {
 		in, out := &in.Steps, &out.Steps
-		*out = make([]v1alpha1.WorkflowStep, len(*in))
+		*out = make([]WorkflowStep, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -1009,6 +946,48 @@ func (in *Workflow) DeepCopy() *Workflow {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.SubSteps != nil {
+		in, out := &in.SubSteps, &out.SubSteps
+		*out = make([]common.WorkflowSubStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(common.StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(common.StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
+func (in *WorkflowStep) DeepCopy() *WorkflowStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStepDefinition) DeepCopyInto(out *WorkflowStepDefinition) {
 	*out = *in
--- a/apis/types/capability.go
+++ b/apis/types/capability.go
@@ -80,8 +80,6 @@ const (
 	OpenapiV3JSONSchema string = "openapi-v3-json-schema"
 	// UISchema is the key to store ui custom schema
 	UISchema string = "ui-schema"
-	// VelaQLConfigmapKey is the key to store velaql view
-	VelaQLConfigmapKey string = "template"
 )

 // CapabilityCategory defines the category of a capability
@@ -165,7 +163,6 @@ type Capability struct {
 	Center         string             `json:"center,omitempty"`
 	Status         string             `json:"status,omitempty"`
 	Description    string             `json:"description,omitempty"`
-	Example        string             `json:"example,omitempty"`
 	Labels         map[string]string  `json:"labels,omitempty"`
 	Category       CapabilityCategory `json:"category,omitempty"`

--- a/apis/types/componentmanifest.go
+++ b/apis/types/componentmanifest.go
@@ -28,11 +28,9 @@ type ComponentManifest struct {
 	RevisionName     string
 	RevisionHash     string
 	ExternalRevision string
-	// StandardWorkload contains K8s resource generated from "output" block of ComponentDefinition
 	StandardWorkload *unstructured.Unstructured
-	// Traits contains both resources generated from "outputs" block of ComponentDefinition and resources generated from TraitDefinition
-	Traits []*unstructured.Unstructured
-	Scopes []*corev1.ObjectReference
+	Traits           []*unstructured.Unstructured
+	Scopes           []*corev1.ObjectReference

 	// PackagedWorkloadResources contain all the workload related resources. It could be a Helm
 	// Release, Git Repo or anything that can package and run a workload.
--- a/apis/types/multicluster.go
+++ b/apis/types/multicluster.go
@@ -39,18 +39,4 @@ const (
 var (
 	// AnnotationClusterAlias the annotation key for cluster alias
 	AnnotationClusterAlias = config.MetaApiGroupName + "/cluster-alias"
-
-	// AnnotationClusterVersion the annotation key for cluster version
-	AnnotationClusterVersion = config.MetaApiGroupName + "/cluster-version"
 )
-
-// ClusterVersion defines the Version info of managed clusters.
-type ClusterVersion struct {
-	Major      string `json:"major"`
-	Minor      string `json:"minor"`
-	GitVersion string `json:"gitVersion,omitempty"`
-	Platform   string `json:"platform,omitempty"`
-}
-
-// ControlPlaneClusterVersion will be the default value of cluster info if managed cluster version get error, it will have value when vela-core started.
-var ControlPlaneClusterVersion ClusterVersion
--- a/apis/types/types.go
+++ b/apis/types/types.go
@@ -48,8 +48,6 @@ var DefaultKubeVelaNS = "vela-system"
 const (
 	// AnnoDefinitionDescription is the annotation which describe what is the capability used for in a WorkloadDefinition/TraitDefinition Object
 	AnnoDefinitionDescription = "definition.oam.dev/description"
-	// AnnoDefinitionExampleURL is the annotation which describe url of usage examples of the capability, it will be loaded in documentation generate.
-	AnnoDefinitionExampleURL = "definition.oam.dev/example-url"
 	// AnnoDefinitionAlias is the annotation for definition alias
 	AnnoDefinitionAlias = "definition.oam.dev/alias"
 	// AnnoDefinitionIcon is the annotation which describe the icon url
@@ -64,8 +62,6 @@ const (
 	LabelDefinitionDeprecated = "custom.definition.oam.dev/deprecated"
 	// LabelDefinitionHidden is the label which describe whether the capability is hidden by UI
 	LabelDefinitionHidden = "custom.definition.oam.dev/ui-hidden"
-	// LabelDefinitionScope is the label which describe whether the capability's scope
-	LabelDefinitionScope = "custom.definition.oam.dev/scope"
 	// LabelNodeRoleGateway gateway role of node
 	LabelNodeRoleGateway = "node-role.kubernetes.io/gateway"
 	// LabelNodeRoleWorker worker role of node
@@ -74,11 +70,9 @@ const (
 	AnnoIngressControllerHTTPSPort = "ingress.controller/https-port"
 	// AnnoIngressControllerHTTPPort define ingress controller listen port for http
 	AnnoIngressControllerHTTPPort = "ingress.controller/http-port"
-	// AnnoIngressControllerHost define ingress controller externally host
-	AnnoIngressControllerHost = "ingress.controller/host"
-	// LabelConfigType is the label marked as the template that generated the config.
+	// LabelConfigType is the label for config type
 	LabelConfigType = "config.oam.dev/type"
-	// LabelConfigCatalog is the label marked as the secret generated from the config.
+	// LabelConfigCatalog is the label for config catalog
 	LabelConfigCatalog = "config.oam.dev/catalog"
 	// LabelConfigSubType is the sub-type for a config type
 	LabelConfigSubType = "config.oam.dev/sub-type"
@@ -88,18 +82,10 @@ const (
 	LabelConfigSyncToMultiCluster = "config.oam.dev/multi-cluster"
 	// LabelConfigIdentifier is the label for config identifier
 	LabelConfigIdentifier = "config.oam.dev/identifier"
-	// LabelConfigScope is the label for config scope
-	LabelConfigScope = "config.oam.dev/scope"
-	// AnnotationConfigSensitive is the annotation for the sensitization
-	AnnotationConfigSensitive = "config.oam.dev/sensitive"
-	// AnnotationConfigTemplateNamespace is the annotation for the template namespace
-	AnnotationConfigTemplateNamespace = "config.oam.dev/template-namespace"
 	// AnnotationConfigDescription is the annotation for config description
 	AnnotationConfigDescription = "config.oam.dev/description"
 	// AnnotationConfigAlias is the annotation for config alias
 	AnnotationConfigAlias = "config.oam.dev/alias"
-	// AnnotationConfigDistributionSpec is the annotation key of the application that distributes the configs
-	AnnotationConfigDistributionSpec = "config.oam.dev/distribution-spec"
 )

 const (
@@ -116,7 +102,6 @@ type Config map[string]string
 type EnvMeta struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
-	Labels    string `json:"labels"`
 	Current   string `json:"current"`
 }

@@ -166,13 +151,11 @@ const (
 	// TerraformProvider is the config type for terraform provider
 	TerraformProvider = "terraform-provider"
 	// DexConnector is the config type for dex connector
-	DexConnector = "dex-connector"
+	DexConnector = "config-dex-connector"
 	// ImageRegistry is the config type for image registry
-	ImageRegistry = "image-registry"
+	ImageRegistry = "config-image-registry"
 	// HelmRepository is the config type for Helm chart repository
-	HelmRepository = "helm-repository"
-	// CatalogConfigDistribution is the catalog type
-	CatalogConfigDistribution = "config-distribution"
+	HelmRepository = "config-helm-repository"
 )

 const (
--- a/charts/vela-core/README.md
+++ b/charts/vela-core/README.md
@@ -41,12 +41,13 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | Name                          | Description                                                                                   | Value     |
 | ----------------------------- | --------------------------------------------------------------------------------------------- | --------- |
 | `systemDefinitionNamespace`   | System definition namespace, if unspecified, will use built-in variable `.Release.Namespace`. | `nil`     |
-| `applicationRevisionLimit`    | Application revision limit                                                                    | `2`       |
-| `definitionRevisionLimit`     | Definition revision limit                                                                     | `2`       |
+| `applicationRevisionLimit`    | Application revision limit                                                                    | `10`      |
+| `definitionRevisionLimit`     | Definition revision limit                                                                     | `20`      |
 | `concurrentReconciles`        | concurrentReconciles is the concurrent reconcile number of the controller                     | `4`       |
 | `controllerArgs.reSyncPeriod` | The period for resync the applications                                                        | `5m`      |
 | `OAMSpecVer`                  | OAMSpecVer is the oam spec version controller want to setup                                   | `v0.3`    |
 | `disableCaps`                 | Disable capability                                                                            | `rollout` |
+| `enableFluxcdAddon`           | Whether to enable fluxcd addon                                                                | `false`   |
 | `dependCheckWait`             | dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready   | `30s`     |


@@ -80,26 +81,18 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai

 ### KubeVela controller optimization parameters

-| Name                                              | Description                                                                                                                                                                                                                      | Value   |
-| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `optimize.cachedGvks`                             | Optimize types of resources to be cached.                                                                                                                                                                                        | `""`    |
-| `optimize.resourceTrackerListOp`                  | Optimize ResourceTracker List Op by adding index.                                                                                                                                                                                | `true`  |
-| `optimize.controllerReconcileLoopReduction`       | Optimize ApplicationController reconcile by reducing the number of loops to reconcile application.                                                                                                                               | `false` |
-| `optimize.markWithProb`                           | Optimize ResourceTracker GC by only run mark with probability. Side effect: outdated ResourceTracker might not be able to be removed immediately.                                                                                | `0.1`   |
-| `optimize.disableComponentRevision`               | Optimize componentRevision by disabling the creation and gc                                                                                                                                                                      | `true`  |
-| `optimize.disableApplicationRevision`             | Optimize ApplicationRevision by disabling the creation and gc.                                                                                                                                                                   | `false` |
-| `optimize.disableWorkflowRecorder`                | Optimize workflow recorder by disabling the creation and gc.                                                                                                                                                                     | `false` |
-| `optimize.enableInMemoryWorkflowContext`          | Optimize workflow by use in-memory context.                                                                                                                                                                                      | `false` |
-| `optimize.disableResourceApplyDoubleCheck`        | Optimize workflow by ignoring resource double check after apply.                                                                                                                                                                 | `false` |
-| `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted.                                                                                                                                              | `true`  |
-| `featureGates.enableLegacyComponentRevision`      | if disabled, only component with rollout trait will create component revisions                                                                                                                                                   | `false` |
-| `featureGates.gzipResourceTracker`                | compress ResourceTracker using gzip (good) before being stored. This is reduces network throughput when dealing with huge ResourceTrackers.                                                                                      | `false` |
-| `featureGates.zstdResourceTracker`                | compress ResourceTracker using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge ResourceTrackers. Note that zstd will be prioritized if you enable other compression options. | `true`  |
-| `featureGates.applyOnce`                          | if enabled, the apply-once feature will be applied to all applications, no state-keep and no resource data storage in ResourceTracker                                                                                            | `false` |
-| `featureGates.multiStageComponentApply`           | if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply.                                                                                     | `false` |
-| `featureGates.gzipApplicationRevision`            | compress apprev using gzip (good) before being stored. This is reduces network throughput when dealing with huge apprevs.                                                                                                        | `false` |
-| `featureGates.zstdApplicationRevision`            | compress apprev using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge apprevs. Note that zstd will be prioritized if you enable other compression options.                   | `true`  |
-| `featureGates.preDispatchDryRun`                  | enable dryrun before dispatching resources. Enable this flag can help prevent unsuccessful dispatch resources entering resourcetracker and improve the user experiences of gc but at the cost of increasing network requests.    | `true`  |
+| Name                                              | Description                                                                                                                                       | Value   |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `optimize.cachedGvks`                             | Optimize types of resources to be cached.                                                                                                         | `""`    |
+| `optimize.resourceTrackerListOp`                  | Optimize ResourceTracker List Op by adding index.                                                                                                 | `true`  |
+| `optimize.controllerReconcileLoopReduction`       | Optimize ApplicationController reconcile by reducing the number of loops to reconcile application.                                                | `false` |
+| `optimize.markWithProb`                           | Optimize ResourceTracker GC by only run mark with probability. Side effect: outdated ResourceTracker might not be able to be removed immediately. | `0.1`   |
+| `optimize.disableComponentRevision`               | Optimize componentRevision by disabling the creation and gc                                                                                       | `false` |
+| `optimize.disableApplicationRevision`             | Optimize ApplicationRevision by disabling the creation and gc.                                                                                    | `false` |
+| `optimize.disableWorkflowRecorder`                | Optimize workflow recorder by disabling the creation and gc.                                                                                      | `false` |
+| `optimize.enableInMemoryWorkflowContext`          | Optimize workflow by use in-memory context.                                                                                                       | `false` |
+| `optimize.disableResourceApplyDoubleCheck`        | Optimize workflow by ignoring resource double check after apply.                                                                                  | `false` |
+| `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted.                                                               | `true`  |


 ### MultiCluster parameters
@@ -111,7 +104,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `multicluster.clusterGateway.replicaCount`                  | ClusterGateway replica count                    | `1`                              |
 | `multicluster.clusterGateway.port`                          | ClusterGateway port                             | `9443`                           |
 | `multicluster.clusterGateway.image.repository`              | ClusterGateway image repository                 | `oamdev/cluster-gateway`         |
-| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.7.0`                         |
+| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.4.0`                         |
 | `multicluster.clusterGateway.image.pullPolicy`              | ClusterGateway image pull policy                | `IfNotPresent`                   |
 | `multicluster.clusterGateway.resources.limits.cpu`          | ClusterGateway cpu limit                        | `100m`                           |
 | `multicluster.clusterGateway.resources.limits.memory`       | ClusterGateway memory limit                     | `200Mi`                          |
@@ -147,10 +140,10 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `logDebug`                    | Enable debug logs for development purpose                                                                                  | `false`              |
 | `logFilePath`                 | If non-empty, write log files in this path                                                                                 | `""`                 |
 | `logFileMaxSize`              | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024`               |
-| `kubeClient.qps`              | The qps for reconcile clients, default is 100                                                                              | `100`                |
-| `kubeClient.burst`            | The burst for reconcile clients, default is 200                                                                            | `200`                |
+| `kubeClient.qps`              | The qps for reconcile clients, default is 50                                                                               | `50`                 |
+| `kubeClient.burst`            | The burst for reconcile clients, default is 100                                                                            | `100`                |
 | `authentication.enabled`      | Enable authentication for application                                                                                      | `false`              |
-| `authentication.withUser`     | Application authentication will impersonate as the request User                                                            | `true`               |
+| `authentication.withUser`     | Application authentication will impersonate as the request User                                                            | `false`              |
 | `authentication.defaultUser`  | Application authentication will impersonate as the User if no user provided in Application                                 | `kubevela:vela-core` |
 | `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern                                  | `kubevela:*`         |

--- a/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml
--- a/charts/vela-core/crds/core.oam.dev_applications.yaml
+++ b/charts/vela-core/crds/core.oam.dev_applications.yaml
@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
 metadata:
  annotations:
    cert-manager.io/inject-ca-from: vela-system/kubevela-vela-core-root-cert
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: applications.core.oam.dev
 spec:
  group: core.oam.dev
@@ -178,7 +178,6 @@ spec:
                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                              type: string
                          type: object
-                          x-kubernetes-map-type: atomic
                      required:
                      - name
                      type: object
@@ -313,7 +312,6 @@ spec:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                    type: string
                                type: object
-                                x-kubernetes-map-type: atomic
                            required:
                            - name
                            type: object
@@ -416,6 +414,7 @@ spec:
                    cluster:
                      type: string
                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
                      type: string
                    fieldPath:
                      description: 'If referring to a piece of an object instead of
@@ -447,37 +446,36 @@ spec:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
              components:
                description: Components record the related Components created by Application
                  Controller
                items:
-                  description: "ObjectReference contains enough information to let
+                  description: 'ObjectReference contains enough information to let
                    you inspect or modify the referred object. --- New uses of this
                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs. 1. Ignored fields.  It includes many fields
+                    when embedded in APIs.  1. Ignored fields.  It includes many fields
                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
-                    usage help.  It is impossible to add specific help for individual
-                    usage.  In most embedded usages, there are particular restrictions
-                    like, \"must refer only to types A and B\" or \"UID not honored\"
-                    or \"name must be restricted\". Those cannot be well described
-                    when embedded. 3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage.  2.
+                    Invalid usage help.  It is impossible to add specific help for
+                    individual usage.  In most embedded usages, there are particular     restrictions
+                    like, "must refer only to types A and B" or "UID not honored"
+                    or "name must be restricted".     Those cannot be well described
+                    when embedded.  3. Inconsistent validation.  Because the usages
                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen. 4. The fields
+                    makes it hard for users to predict what will happen.  4. The fields
                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity during interpretation
+                    mapping to a URL. This can produce ambiguity     during interpretation
                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple and the version of the actual struct
-                    is irrelevant. 5. We cannot easily change it.  Because this type
-                    is embedded in many locations, updates to this type will affect
-                    numerous schemas.  Don't make new APIs embed an underspecified
-                    API type they do not control. \n Instead of using this type, create
+                    on the group,resource tuple     and the version of the actual
+                    struct is irrelevant.  5. We cannot easily change it.  Because
+                    this type is embedded in many locations, updates to this type     will
+                    affect numerous schemas.  Don''t make new APIs embed an underspecified
+                    API type they do not control. Instead of using this type, create
                    a locally provided and used type that is well-focused on your
                    reference. For example, ServiceReferences for admission registration:
                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    ."
+                    .'
                  properties:
                    apiVersion:
                      description: API version of the referent.
@@ -512,7 +510,6 @@ spec:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
              conditions:
                description: Conditions of the resource.
@@ -568,10 +565,9 @@ spec:
                format: int64
                type: integer
              policy:
-                description: PolicyStatus records the status of policy Deprecated
-                  This field is only used by EnvBinding Policy which is deprecated.
+                description: PolicyStatus records the status of policy
                items:
-                  description: PolicyStatus records the status of policy Deprecated
+                  description: PolicyStatus records the status of policy
                  properties:
                    name:
                      type: string
@@ -605,33 +601,33 @@ spec:
                      type: string
                    scopes:
                      items:
-                        description: "ObjectReference contains enough information
+                        description: 'ObjectReference contains enough information
                          to let you inspect or modify the referred object. --- New
                          uses of this type are discouraged because of difficulty
-                          describing its usage when embedded in APIs. 1. Ignored fields.
-                          \ It includes many fields which are not generally honored.
-                          \ For instance, ResourceVersion and FieldPath are both very
-                          rarely valid in actual usage. 2. Invalid usage help.  It
-                          is impossible to add specific help for individual usage.
-                          \ In most embedded usages, there are particular restrictions
-                          like, \"must refer only to types A and B\" or \"UID not
-                          honored\" or \"name must be restricted\". Those cannot be
-                          well described when embedded. 3. Inconsistent validation.
-                          \ Because the usages are different, the validation rules
-                          are different by usage, which makes it hard for users to
-                          predict what will happen. 4. The fields are both imprecise
-                          and overly precise.  Kind is not a precise mapping to a
-                          URL. This can produce ambiguity during interpretation and
-                          require a REST mapping.  In most cases, the dependency is
-                          on the group,resource tuple and the version of the actual
-                          struct is irrelevant. 5. We cannot easily change it.  Because
+                          describing its usage when embedded in APIs.  1. Ignored
+                          fields.  It includes many fields which are not generally
+                          honored.  For instance, ResourceVersion and FieldPath are
+                          both very rarely valid in actual usage.  2. Invalid usage
+                          help.  It is impossible to add specific help for individual
+                          usage.  In most embedded usages, there are particular     restrictions
+                          like, "must refer only to types A and B" or "UID not honored"
+                          or "name must be restricted".     Those cannot be well described
+                          when embedded.  3. Inconsistent validation.  Because the
+                          usages are different, the validation rules are different
+                          by usage, which makes it hard for users to predict what
+                          will happen.  4. The fields are both imprecise and overly
+                          precise.  Kind is not a precise mapping to a URL. This can
+                          produce ambiguity     during interpretation and require
+                          a REST mapping.  In most cases, the dependency is on the
+                          group,resource tuple     and the version of the actual struct
+                          is irrelevant.  5. We cannot easily change it.  Because
                          this type is embedded in many locations, updates to this
-                          type will affect numerous schemas.  Don't make new APIs
-                          embed an underspecified API type they do not control. \n
+                          type     will affect numerous schemas.  Don''t make new
+                          APIs embed an underspecified API type they do not control.
                          Instead of using this type, create a locally provided and
                          used type that is well-focused on your reference. For example,
                          ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                          ."
+                          .'
                        properties:
                          apiVersion:
                            description: API version of the referent.
@@ -667,7 +663,6 @@ spec:
                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                            type: string
                        type: object
-                        x-kubernetes-map-type: atomic
                      type: array
                    traits:
                      items:
@@ -712,31 +707,31 @@ spec:
                  appRevision:
                    type: string
                  contextBackend:
-                    description: "ObjectReference contains enough information to let
+                    description: 'ObjectReference contains enough information to let
                      you inspect or modify the referred object. --- New uses of this
                      type are discouraged because of difficulty describing its usage
-                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      when embedded in APIs.  1. Ignored fields.  It includes many
                      fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage. 2.
+                      and FieldPath are both very rarely valid in actual usage.  2.
                      Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular
-                      restrictions like, \"must refer only to types A and B\" or \"UID
-                      not honored\" or \"name must be restricted\". Those cannot be
-                      well described when embedded. 3. Inconsistent validation.  Because
-                      the usages are different, the validation rules are different
-                      by usage, which makes it hard for users to predict what will
-                      happen. 4. The fields are both imprecise and overly precise.
-                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
-                      during interpretation and require a REST mapping.  In most cases,
-                      the dependency is on the group,resource tuple and the version
-                      of the actual struct is irrelevant. 5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular     restrictions
+                      like, "must refer only to types A and B" or "UID not honored"
+                      or "name must be restricted".     Those cannot be well described
+                      when embedded.  3. Inconsistent validation.  Because the usages
+                      are different, the validation rules are different by usage,
+                      which makes it hard for users to predict what will happen.  4.
+                      The fields are both imprecise and overly precise.  Kind is not
+                      a precise mapping to a URL. This can produce ambiguity     during
+                      interpretation and require a REST mapping.  In most cases, the
+                      dependency is on the group,resource tuple     and the version
+                      of the actual struct is irrelevant.  5. We cannot easily change
                      it.  Because this type is embedded in many locations, updates
-                      to this type will affect numerous schemas.  Don't make new APIs
-                      embed an underspecified API type they do not control. \n Instead
-                      of using this type, create a locally provided and used type
-                      that is well-focused on your reference. For example, ServiceReferences
+                      to this type     will affect numerous schemas.  Don''t make
+                      new APIs embed an underspecified API type they do not control.
+                      Instead of using this type, create a locally provided and used
+                      type that is well-focused on your reference. For example, ServiceReferences
                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      ."
+                      .'
                    properties:
                      apiVersion:
                        description: API version of the referent.
@@ -771,24 +766,16 @@ spec:
                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                        type: string
                    type: object
-                    x-kubernetes-map-type: atomic
-                  endTime:
-                    format: date-time
-                    nullable: true
-                    type: string
                  finished:
                    type: boolean
                  message:
                    type: string
                  mode:
+                    description: WorkflowMode describes the mode of workflow
                    type: string
                  startTime:
                    format: date-time
                    type: string
-                  status:
-                    description: WorkflowRunPhase is a label for the condition of
-                      a WorkflowRun at the current time
-                    type: string
                  steps:
                    items:
                      description: WorkflowStepStatus record the status of a workflow
@@ -822,8 +809,8 @@ spec:
                          type: string
                        subSteps:
                          items:
-                            description: StepStatus record the base status of workflow
-                              step, which could be workflow step or subStep
+                            description: WorkflowSubStepStatus record the status of
+                              a workflow subStep
                            properties:
                              firstExecuteTime:
                                description: FirstExecuteTime is the first time this
@@ -941,6 +928,7 @@ spec:
                            type: string
                        required:
                        - from
+                        - parameterKey
                        type: object
                      type: array
                    name:
@@ -1021,17 +1009,6 @@ spec:
                  order, and each step: - will have a context in annotation. - should
                  mark "finish" phase in status.conditions.'
                properties:
-                  mode:
-                    description: WorkflowExecuteMode defines the mode of workflow
-                      execution
-                    properties:
-                      steps:
-                        description: Steps is the mode of workflow steps execution
-                        type: string
-                      subSteps:
-                        description: SubSteps is the mode of workflow sub steps execution
-                        type: string
-                    type: object
                  ref:
                    type: string
                  steps:
@@ -1040,15 +1017,13 @@ spec:
                        step.
                      properties:
                        dependsOn:
-                          description: DependsOn is the dependency of the step
                          items:
                            type: string
                          type: array
                        if:
-                          description: If is the if condition of the step
                          type: string
                        inputs:
-                          description: Inputs is the inputs of the step
+                          description: StepInputs defines variable input of WorkflowStep
                          items:
                            properties:
                              from:
@@ -1057,19 +1032,14 @@ spec:
                                type: string
                            required:
                            - from
+                            - parameterKey
                            type: object
                          type: array
-                        meta:
-                          description: Meta is the meta data of the workflow step.
-                          properties:
-                            alias:
-                              type: string
-                          type: object
                        name:
                          description: Name is the unique name of the workflow step.
                          type: string
                        outputs:
-                          description: Outputs is the outputs of the step
+                          description: StepOutputs defines output variable of WorkflowStep
                          items:
                            properties:
                              name:
@@ -1082,24 +1052,22 @@ spec:
                            type: object
                          type: array
                        properties:
-                          description: Properties is the properties of the step
                          type: object
                          x-kubernetes-preserve-unknown-fields: true
                        subSteps:
                          items:
-                            description: WorkflowStepBase defines the workflow step
-                              base
+                            description: WorkflowSubStep defines how to execute a
+                              workflow subStep.
                            properties:
                              dependsOn:
-                                description: DependsOn is the dependency of the step
                                items:
                                  type: string
                                type: array
                              if:
-                                description: If is the if condition of the step
                                type: string
                              inputs:
-                                description: Inputs is the inputs of the step
+                                description: StepInputs defines variable input of
+                                  WorkflowStep
                                items:
                                  properties:
                                    from:
@@ -1108,21 +1076,16 @@ spec:
                                      type: string
                                  required:
                                  - from
+                                  - parameterKey
                                  type: object
                                type: array
-                              meta:
-                                description: Meta is the meta data of the workflow
-                                  step.
-                                properties:
-                                  alias:
-                                    type: string
-                                type: object
                              name:
                                description: Name is the unique name of the workflow
                                  step.
                                type: string
                              outputs:
-                                description: Outputs is the outputs of the step
+                                description: StepOutputs defines output variable of
+                                  WorkflowStep
                                items:
                                  properties:
                                    name:
@@ -1135,26 +1098,19 @@ spec:
                                  type: object
                                type: array
                              properties:
-                                description: Properties is the properties of the step
                                type: object
                                x-kubernetes-preserve-unknown-fields: true
-                              timeout:
-                                description: Timeout is the timeout of the step
-                                type: string
                              type:
-                                description: Type is the type of the workflow step.
                                type: string
                            required:
+                            - name
                            - type
                            type: object
                          type: array
-                        timeout:
-                          description: Timeout is the timeout of the step
-                          type: string
                        type:
-                          description: Type is the type of the workflow step.
                          type: string
                      required:
+                      - name
                      - type
                      type: object
                    type: array
@@ -1178,6 +1134,7 @@ spec:
                    cluster:
                      type: string
                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
                      type: string
                    fieldPath:
                      description: 'If referring to a piece of an object instead of
@@ -1209,37 +1166,36 @@ spec:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
              components:
                description: Components record the related Components created by Application
                  Controller
                items:
-                  description: "ObjectReference contains enough information to let
+                  description: 'ObjectReference contains enough information to let
                    you inspect or modify the referred object. --- New uses of this
                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs. 1. Ignored fields.  It includes many fields
+                    when embedded in APIs.  1. Ignored fields.  It includes many fields
                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
-                    usage help.  It is impossible to add specific help for individual
-                    usage.  In most embedded usages, there are particular restrictions
-                    like, \"must refer only to types A and B\" or \"UID not honored\"
-                    or \"name must be restricted\". Those cannot be well described
-                    when embedded. 3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage.  2.
+                    Invalid usage help.  It is impossible to add specific help for
+                    individual usage.  In most embedded usages, there are particular     restrictions
+                    like, "must refer only to types A and B" or "UID not honored"
+                    or "name must be restricted".     Those cannot be well described
+                    when embedded.  3. Inconsistent validation.  Because the usages
                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen. 4. The fields
+                    makes it hard for users to predict what will happen.  4. The fields
                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity during interpretation
+                    mapping to a URL. This can produce ambiguity     during interpretation
                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple and the version of the actual struct
-                    is irrelevant. 5. We cannot easily change it.  Because this type
-                    is embedded in many locations, updates to this type will affect
-                    numerous schemas.  Don't make new APIs embed an underspecified
-                    API type they do not control. \n Instead of using this type, create
+                    on the group,resource tuple     and the version of the actual
+                    struct is irrelevant.  5. We cannot easily change it.  Because
+                    this type is embedded in many locations, updates to this type     will
+                    affect numerous schemas.  Don''t make new APIs embed an underspecified
+                    API type they do not control. Instead of using this type, create
                    a locally provided and used type that is well-focused on your
                    reference. For example, ServiceReferences for admission registration:
                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    ."
+                    .'
                  properties:
                    apiVersion:
                      description: API version of the referent.
@@ -1274,7 +1230,6 @@ spec:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
              conditions:
                description: Conditions of the resource.
@@ -1330,10 +1285,9 @@ spec:
                format: int64
                type: integer
              policy:
-                description: PolicyStatus records the status of policy Deprecated
-                  This field is only used by EnvBinding Policy which is deprecated.
+                description: PolicyStatus records the status of policy
                items:
-                  description: PolicyStatus records the status of policy Deprecated
+                  description: PolicyStatus records the status of policy
                  properties:
                    name:
                      type: string
@@ -1367,33 +1321,33 @@ spec:
                      type: string
                    scopes:
                      items:
-                        description: "ObjectReference contains enough information
+                        description: 'ObjectReference contains enough information
                          to let you inspect or modify the referred object. --- New
                          uses of this type are discouraged because of difficulty
-                          describing its usage when embedded in APIs. 1. Ignored fields.
-                          \ It includes many fields which are not generally honored.
-                          \ For instance, ResourceVersion and FieldPath are both very
-                          rarely valid in actual usage. 2. Invalid usage help.  It
-                          is impossible to add specific help for individual usage.
-                          \ In most embedded usages, there are particular restrictions
-                          like, \"must refer only to types A and B\" or \"UID not
-                          honored\" or \"name must be restricted\". Those cannot be
-                          well described when embedded. 3. Inconsistent validation.
-                          \ Because the usages are different, the validation rules
-                          are different by usage, which makes it hard for users to
-                          predict what will happen. 4. The fields are both imprecise
-                          and overly precise.  Kind is not a precise mapping to a
-                          URL. This can produce ambiguity during interpretation and
-                          require a REST mapping.  In most cases, the dependency is
-                          on the group,resource tuple and the version of the actual
-                          struct is irrelevant. 5. We cannot easily change it.  Because
+                          describing its usage when embedded in APIs.  1. Ignored
+                          fields.  It includes many fields which are not generally
+                          honored.  For instance, ResourceVersion and FieldPath are
+                          both very rarely valid in actual usage.  2. Invalid usage
+                          help.  It is impossible to add specific help for individual
+                          usage.  In most embedded usages, there are particular     restrictions
+                          like, "must refer only to types A and B" or "UID not honored"
+                          or "name must be restricted".     Those cannot be well described
+                          when embedded.  3. Inconsistent validation.  Because the
+                          usages are different, the validation rules are different
+                          by usage, which makes it hard for users to predict what
+                          will happen.  4. The fields are both imprecise and overly
+                          precise.  Kind is not a precise mapping to a URL. This can
+                          produce ambiguity     during interpretation and require
+                          a REST mapping.  In most cases, the dependency is on the
+                          group,resource tuple     and the version of the actual struct
+                          is irrelevant.  5. We cannot easily change it.  Because
                          this type is embedded in many locations, updates to this
-                          type will affect numerous schemas.  Don't make new APIs
-                          embed an underspecified API type they do not control. \n
+                          type     will affect numerous schemas.  Don''t make new
+                          APIs embed an underspecified API type they do not control.
                          Instead of using this type, create a locally provided and
                          used type that is well-focused on your reference. For example,
                          ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                          ."
+                          .'
                        properties:
                          apiVersion:
                            description: API version of the referent.
@@ -1429,7 +1383,6 @@ spec:
                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                            type: string
                        type: object
-                        x-kubernetes-map-type: atomic
                      type: array
                    traits:
                      items:
@@ -1474,31 +1427,31 @@ spec:
                  appRevision:
                    type: string
                  contextBackend:
-                    description: "ObjectReference contains enough information to let
+                    description: 'ObjectReference contains enough information to let
                      you inspect or modify the referred object. --- New uses of this
                      type are discouraged because of difficulty describing its usage
-                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      when embedded in APIs.  1. Ignored fields.  It includes many
                      fields which are not generally honored.  For instance, ResourceVersion
-                      and FieldPath are both very rarely valid in actual usage. 2.
+                      and FieldPath are both very rarely valid in actual usage.  2.
                      Invalid usage help.  It is impossible to add specific help for
-                      individual usage.  In most embedded usages, there are particular
-                      restrictions like, \"must refer only to types A and B\" or \"UID
-                      not honored\" or \"name must be restricted\". Those cannot be
-                      well described when embedded. 3. Inconsistent validation.  Because
-                      the usages are different, the validation rules are different
-                      by usage, which makes it hard for users to predict what will
-                      happen. 4. The fields are both imprecise and overly precise.
-                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
-                      during interpretation and require a REST mapping.  In most cases,
-                      the dependency is on the group,resource tuple and the version
-                      of the actual struct is irrelevant. 5. We cannot easily change
+                      individual usage.  In most embedded usages, there are particular     restrictions
+                      like, "must refer only to types A and B" or "UID not honored"
+                      or "name must be restricted".     Those cannot be well described
+                      when embedded.  3. Inconsistent validation.  Because the usages
+                      are different, the validation rules are different by usage,
+                      which makes it hard for users to predict what will happen.  4.
+                      The fields are both imprecise and overly precise.  Kind is not
+                      a precise mapping to a URL. This can produce ambiguity     during
+                      interpretation and require a REST mapping.  In most cases, the
+                      dependency is on the group,resource tuple     and the version
+                      of the actual struct is irrelevant.  5. We cannot easily change
                      it.  Because this type is embedded in many locations, updates
-                      to this type will affect numerous schemas.  Don't make new APIs
-                      embed an underspecified API type they do not control. \n Instead
-                      of using this type, create a locally provided and used type
-                      that is well-focused on your reference. For example, ServiceReferences
+                      to this type     will affect numerous schemas.  Don''t make
+                      new APIs embed an underspecified API type they do not control.
+                      Instead of using this type, create a locally provided and used
+                      type that is well-focused on your reference. For example, ServiceReferences
                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                      ."
+                      .'
                    properties:
                      apiVersion:
                        description: API version of the referent.
@@ -1533,24 +1486,16 @@ spec:
                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                        type: string
                    type: object
-                    x-kubernetes-map-type: atomic
-                  endTime:
-                    format: date-time
-                    nullable: true
-                    type: string
                  finished:
                    type: boolean
                  message:
                    type: string
                  mode:
+                    description: WorkflowMode describes the mode of workflow
                    type: string
                  startTime:
                    format: date-time
                    type: string
-                  status:
-                    description: WorkflowRunPhase is a label for the condition of
-                      a WorkflowRun at the current time
-                    type: string
                  steps:
                    items:
                      description: WorkflowStepStatus record the status of a workflow
@@ -1584,8 +1529,8 @@ spec:
                          type: string
                        subSteps:
                          items:
-                            description: StepStatus record the base status of workflow
-                              step, which could be workflow step or subStep
+                            description: WorkflowSubStepStatus record the status of
+                              a workflow subStep
                            properties:
                              firstExecuteTime:
                                description: FirstExecuteTime is the first time this
@@ -1643,3 +1588,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: componentdefinitions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -187,20 +188,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -514,20 +501,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -672,3 +645,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: definitionrevisions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -232,20 +233,6 @@ spec:
                                  provisioned cloud resources will be deleted when
                                  CR is deleted
                                type: boolean
-                              gitCredentialsSecretReference:
-                                description: GitCredentialsSecretReference specifies
-                                  the reference to the secret containing the git credentials
-                                properties:
-                                  name:
-                                    description: name is unique within a namespace
-                                      to reference a secret resource.
-                                    type: string
-                                  namespace:
-                                    description: namespace defines the space within
-                                      which the secret name must be unique.
-                                    type: string
-                                type: object
-                                x-kubernetes-map-type: atomic
                              path:
                                description: Path is the sub-directory of remote git
                                  repository. It's valid when remote is set
@@ -458,8 +445,7 @@ spec:
                        type: boolean
                      schematic:
                        description: Schematic defines the data format and template
-                          of the encapsulation of the policy definition. Only CUE
-                          schematic is supported for now.
+                          of the encapsulation of the policy definition
                        properties:
                          cue:
                            description: CUE defines the encapsulation in CUE format
@@ -563,20 +549,6 @@ spec:
                                  provisioned cloud resources will be deleted when
                                  CR is deleted
                                type: boolean
-                              gitCredentialsSecretReference:
-                                description: GitCredentialsSecretReference specifies
-                                  the reference to the secret containing the git credentials
-                                properties:
-                                  name:
-                                    description: name is unique within a namespace
-                                      to reference a secret resource.
-                                    type: string
-                                  namespace:
-                                    description: namespace defines the space within
-                                      which the secret name must be unique.
-                                    type: string
-                                type: object
-                                x-kubernetes-map-type: atomic
                              path:
                                description: Path is the sub-directory of remote git
                                  repository. It's valid when remote is set
@@ -736,7 +708,7 @@ spec:
                      appliesToWorkloads:
                        description: AppliesToWorkloads specifies the list of workload
                          kinds this trait applies to. Workload kinds are specified
-                          in resource.group/version format, e.g. server.core.oam.dev/v1alpha2.
+                          in kind.group/version format, e.g. server.core.oam.dev/v1alpha2.
                          Traits that omit this field apply to all workload kinds.
                        items:
                          type: string
@@ -790,8 +762,7 @@ spec:
                        type: boolean
                      schematic:
                        description: Schematic defines the data format and template
-                          of the encapsulation of the trait. Only CUE and Kube schematic
-                          are supported for now.
+                          of the encapsulation of the trait
                        properties:
                          cue:
                            description: CUE defines the encapsulation in CUE format
@@ -895,20 +866,6 @@ spec:
                                  provisioned cloud resources will be deleted when
                                  CR is deleted
                                type: boolean
-                              gitCredentialsSecretReference:
-                                description: GitCredentialsSecretReference specifies
-                                  the reference to the secret containing the git credentials
-                                properties:
-                                  name:
-                                    description: name is unique within a namespace
-                                      to reference a secret resource.
-                                    type: string
-                                  namespace:
-                                    description: namespace defines the space within
-                                      which the secret name must be unique.
-                                    type: string
-                                type: object
-                                x-kubernetes-map-type: atomic
                              path:
                                description: Path is the sub-directory of remote git
                                  repository. It's valid when remote is set
@@ -957,12 +914,10 @@ spec:
                            - configuration
                            type: object
                        type: object
-                      stage:
-                        description: Stage defines the stage information to which
-                          this trait resource processing belongs. Currently, PreDispatch
-                          and PostDispatch are provided, which are used to control
-                          resource pre-process and post-process respectively.
-                        type: string
+                      skipRevisionAffect:
+                        description: SkipRevisionAffect defines the update this trait
+                          will not generate a new application Revision
+                        type: boolean
                      status:
                        description: Status defines the custom health policy and status
                          message for trait
@@ -1097,8 +1052,7 @@ spec:
                        type: object
                      schematic:
                        description: Schematic defines the data format and template
-                          of the encapsulation of the workflow step definition. Only
-                          CUE schematic is supported for now.
+                          of the encapsulation of the workflow step definition
                        properties:
                          cue:
                            description: CUE defines the encapsulation in CUE format
@@ -1202,20 +1156,6 @@ spec:
                                  provisioned cloud resources will be deleted when
                                  CR is deleted
                                type: boolean
-                              gitCredentialsSecretReference:
-                                description: GitCredentialsSecretReference specifies
-                                  the reference to the secret containing the git credentials
-                                properties:
-                                  name:
-                                    description: name is unique within a namespace
-                                      to reference a secret resource.
-                                    type: string
-                                  namespace:
-                                    description: namespace defines the space within
-                                      which the secret name must be unique.
-                                    type: string
-                                type: object
-                                x-kubernetes-map-type: atomic
                              path:
                                description: Path is the sub-directory of remote git
                                  repository. It's valid when remote is set
@@ -1334,3 +1274,9 @@ spec:
    served: true
    storage: true
    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_healthscopes.yaml
+++ b/charts/vela-core/crds/core.oam.dev_healthscopes.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: healthscopes.core.oam.dev
 spec:
  group: core.oam.dev
@@ -58,36 +59,36 @@ spec:
                            type: string
                          traits:
                            items:
-                              description: "ObjectReference contains enough information
+                              description: 'ObjectReference contains enough information
                                to let you inspect or modify the referred object.
                                --- New uses of this type are discouraged because
                                of difficulty describing its usage when embedded in
-                                APIs. 1. Ignored fields.  It includes many fields
+                                APIs.  1. Ignored fields.  It includes many fields
                                which are not generally honored.  For instance, ResourceVersion
                                and FieldPath are both very rarely valid in actual
-                                usage. 2. Invalid usage help.  It is impossible to
+                                usage.  2. Invalid usage help.  It is impossible to
                                add specific help for individual usage.  In most embedded
-                                usages, there are particular restrictions like, \"must
-                                refer only to types A and B\" or \"UID not honored\"
-                                or \"name must be restricted\". Those cannot be well
-                                described when embedded. 3. Inconsistent validation.
-                                \ Because the usages are different, the validation
-                                rules are different by usage, which makes it hard
-                                for users to predict what will happen. 4. The fields
-                                are both imprecise and overly precise.  Kind is not
-                                a precise mapping to a URL. This can produce ambiguity
-                                during interpretation and require a REST mapping.
-                                \ In most cases, the dependency is on the group,resource
-                                tuple and the version of the actual struct is irrelevant.
-                                5. We cannot easily change it.  Because this type
-                                is embedded in many locations, updates to this type
-                                will affect numerous schemas.  Don't make new APIs
-                                embed an underspecified API type they do not control.
-                                \n Instead of using this type, create a locally provided
-                                and used type that is well-focused on your reference.
+                                usages, there are particular     restrictions like,
+                                "must refer only to types A and B" or "UID not honored"
+                                or "name must be restricted".     Those cannot be
+                                well described when embedded.  3. Inconsistent validation.  Because
+                                the usages are different, the validation rules are
+                                different by usage, which makes it hard for users
+                                to predict what will happen.  4. The fields are both
+                                imprecise and overly precise.  Kind is not a precise
+                                mapping to a URL. This can produce ambiguity     during
+                                interpretation and require a REST mapping.  In most
+                                cases, the dependency is on the group,resource tuple     and
+                                the version of the actual struct is irrelevant.  5.
+                                We cannot easily change it.  Because this type is
+                                embedded in many locations, updates to this type     will
+                                affect numerous schemas.  Don''t make new APIs embed
+                                an underspecified API type they do not control. Instead
+                                of using this type, create a locally provided and
+                                used type that is well-focused on your reference.
                                For example, ServiceReferences for admission registration:
                                https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                ."
+                                .'
                              properties:
                                apiVersion:
                                  description: API version of the referent.
@@ -126,37 +127,37 @@ spec:
                                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                  type: string
                              type: object
-                              x-kubernetes-map-type: atomic
                            type: array
                          workload:
-                            description: "ObjectReference contains enough information
+                            description: 'ObjectReference contains enough information
                              to let you inspect or modify the referred object. ---
                              New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs. 1. Ignored
+                              describing its usage when embedded in APIs.  1. Ignored
                              fields.  It includes many fields which are not generally
                              honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage. 2. Invalid
+                              are both very rarely valid in actual usage.  2. Invalid
                              usage help.  It is impossible to add specific help for
                              individual usage.  In most embedded usages, there are
-                              particular restrictions like, \"must refer only to types
-                              A and B\" or \"UID not honored\" or \"name must be restricted\".
-                              Those cannot be well described when embedded. 3. Inconsistent
-                              validation.  Because the usages are different, the validation
-                              rules are different by usage, which makes it hard for
-                              users to predict what will happen. 4. The fields are
-                              both imprecise and overly precise.  Kind is not a precise
-                              mapping to a URL. This can produce ambiguity during
-                              interpretation and require a REST mapping.  In most
-                              cases, the dependency is on the group,resource tuple
-                              and the version of the actual struct is irrelevant.
-                              5. We cannot easily change it.  Because this type is
-                              embedded in many locations, updates to this type will
-                              affect numerous schemas.  Don't make new APIs embed
-                              an underspecified API type they do not control. \n Instead
-                              of using this type, create a locally provided and used
-                              type that is well-focused on your reference. For example,
-                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              ."
+                              particular     restrictions like, "must refer only to
+                              types A and B" or "UID not honored" or "name must be
+                              restricted".     Those cannot be well described when
+                              embedded.  3. Inconsistent validation.  Because the
+                              usages are different, the validation rules are different
+                              by usage, which makes it hard for users to predict what
+                              will happen.  4. The fields are both imprecise and overly
+                              precise.  Kind is not a precise mapping to a URL. This
+                              can produce ambiguity     during interpretation and
+                              require a REST mapping.  In most cases, the dependency
+                              is on the group,resource tuple     and the version of
+                              the actual struct is irrelevant.  5. We cannot easily
+                              change it.  Because this type is embedded in many locations,
+                              updates to this type     will affect numerous schemas.  Don''t
+                              make new APIs embed an underspecified API type they
+                              do not control. Instead of using this type, create a
+                              locally provided and used type that is well-focused
+                              on your reference. For example, ServiceReferences for
+                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              .'
                            properties:
                              apiVersion:
                                description: API version of the referent.
@@ -194,7 +195,6 @@ spec:
                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                type: string
                            type: object
-                            x-kubernetes-map-type: atomic
                        type: object
                      type: array
                  type: object
@@ -213,31 +213,31 @@ spec:
                description: WorkloadReferences to the workloads that are in this
                  scope.
                items:
-                  description: "ObjectReference contains enough information to let
+                  description: 'ObjectReference contains enough information to let
                    you inspect or modify the referred object. --- New uses of this
                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs. 1. Ignored fields.  It includes many fields
+                    when embedded in APIs.  1. Ignored fields.  It includes many fields
                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
-                    usage help.  It is impossible to add specific help for individual
-                    usage.  In most embedded usages, there are particular restrictions
-                    like, \"must refer only to types A and B\" or \"UID not honored\"
-                    or \"name must be restricted\". Those cannot be well described
-                    when embedded. 3. Inconsistent validation.  Because the usages
+                    and FieldPath are both very rarely valid in actual usage.  2.
+                    Invalid usage help.  It is impossible to add specific help for
+                    individual usage.  In most embedded usages, there are particular     restrictions
+                    like, "must refer only to types A and B" or "UID not honored"
+                    or "name must be restricted".     Those cannot be well described
+                    when embedded.  3. Inconsistent validation.  Because the usages
                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen. 4. The fields
+                    makes it hard for users to predict what will happen.  4. The fields
                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity during interpretation
+                    mapping to a URL. This can produce ambiguity     during interpretation
                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple and the version of the actual struct
-                    is irrelevant. 5. We cannot easily change it.  Because this type
-                    is embedded in many locations, updates to this type will affect
-                    numerous schemas.  Don't make new APIs embed an underspecified
-                    API type they do not control. \n Instead of using this type, create
+                    on the group,resource tuple     and the version of the actual
+                    struct is irrelevant.  5. We cannot easily change it.  Because
+                    this type is embedded in many locations, updates to this type     will
+                    affect numerous schemas.  Don''t make new APIs embed an underspecified
+                    API type they do not control. Instead of using this type, create
                    a locally provided and used type that is well-focused on your
                    reference. For example, ServiceReferences for admission registration:
                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    ."
+                    .'
                  properties:
                    apiVersion:
                      description: API version of the referent.
@@ -272,7 +272,6 @@ spec:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
            required:
            - workloadRefs
@@ -306,34 +305,35 @@ spec:
                            description: HealthStatus represents health status strings.
                            type: string
                          targetWorkload:
-                            description: "ObjectReference contains enough information
+                            description: 'ObjectReference contains enough information
                              to let you inspect or modify the referred object. ---
                              New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs. 1. Ignored
+                              describing its usage when embedded in APIs.  1. Ignored
                              fields.  It includes many fields which are not generally
                              honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage. 2. Invalid
+                              are both very rarely valid in actual usage.  2. Invalid
                              usage help.  It is impossible to add specific help for
                              individual usage.  In most embedded usages, there are
-                              particular restrictions like, \"must refer only to types
-                              A and B\" or \"UID not honored\" or \"name must be restricted\".
-                              Those cannot be well described when embedded. 3. Inconsistent
-                              validation.  Because the usages are different, the validation
-                              rules are different by usage, which makes it hard for
-                              users to predict what will happen. 4. The fields are
-                              both imprecise and overly precise.  Kind is not a precise
-                              mapping to a URL. This can produce ambiguity during
-                              interpretation and require a REST mapping.  In most
-                              cases, the dependency is on the group,resource tuple
-                              and the version of the actual struct is irrelevant.
-                              5. We cannot easily change it.  Because this type is
-                              embedded in many locations, updates to this type will
-                              affect numerous schemas.  Don't make new APIs embed
-                              an underspecified API type they do not control. \n Instead
-                              of using this type, create a locally provided and used
-                              type that is well-focused on your reference. For example,
-                              ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              ."
+                              particular     restrictions like, "must refer only to
+                              types A and B" or "UID not honored" or "name must be
+                              restricted".     Those cannot be well described when
+                              embedded.  3. Inconsistent validation.  Because the
+                              usages are different, the validation rules are different
+                              by usage, which makes it hard for users to predict what
+                              will happen.  4. The fields are both imprecise and overly
+                              precise.  Kind is not a precise mapping to a URL. This
+                              can produce ambiguity     during interpretation and
+                              require a REST mapping.  In most cases, the dependency
+                              is on the group,resource tuple     and the version of
+                              the actual struct is irrelevant.  5. We cannot easily
+                              change it.  Because this type is embedded in many locations,
+                              updates to this type     will affect numerous schemas.  Don''t
+                              make new APIs embed an underspecified API type they
+                              do not control. Instead of using this type, create a
+                              locally provided and used type that is well-focused
+                              on your reference. For example, ServiceReferences for
+                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              .'
                            properties:
                              apiVersion:
                                description: API version of the referent.
@@ -371,7 +371,6 @@ spec:
                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                type: string
                            type: object
-                            x-kubernetes-map-type: atomic
                          traits:
                            items:
                              description: TraitHealthCondition represents informative
@@ -462,32 +461,32 @@ spec:
                      description: HealthStatus represents health status strings.
                      type: string
                    targetWorkload:
-                      description: "ObjectReference contains enough information to
+                      description: 'ObjectReference contains enough information to
                        let you inspect or modify the referred object. --- New uses
                        of this type are discouraged because of difficulty describing
-                        its usage when embedded in APIs. 1. Ignored fields.  It includes
+                        its usage when embedded in APIs.  1. Ignored fields.  It includes
                        many fields which are not generally honored.  For instance,
                        ResourceVersion and FieldPath are both very rarely valid in
-                        actual usage. 2. Invalid usage help.  It is impossible to
+                        actual usage.  2. Invalid usage help.  It is impossible to
                        add specific help for individual usage.  In most embedded
-                        usages, there are particular restrictions like, \"must refer
-                        only to types A and B\" or \"UID not honored\" or \"name must
-                        be restricted\". Those cannot be well described when embedded.
-                        3. Inconsistent validation.  Because the usages are different,
-                        the validation rules are different by usage, which makes it
-                        hard for users to predict what will happen. 4. The fields
-                        are both imprecise and overly precise.  Kind is not a precise
-                        mapping to a URL. This can produce ambiguity during interpretation
-                        and require a REST mapping.  In most cases, the dependency
-                        is on the group,resource tuple and the version of the actual
-                        struct is irrelevant. 5. We cannot easily change it.  Because
-                        this type is embedded in many locations, updates to this type
-                        will affect numerous schemas.  Don't make new APIs embed an
-                        underspecified API type they do not control. \n Instead of
-                        using this type, create a locally provided and used type that
-                        is well-focused on your reference. For example, ServiceReferences
-                        for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                        ."
+                        usages, there are particular     restrictions like, "must
+                        refer only to types A and B" or "UID not honored" or "name
+                        must be restricted".     Those cannot be well described when
+                        embedded.  3. Inconsistent validation.  Because the usages
+                        are different, the validation rules are different by usage,
+                        which makes it hard for users to predict what will happen.  4.
+                        The fields are both imprecise and overly precise.  Kind is
+                        not a precise mapping to a URL. This can produce ambiguity     during
+                        interpretation and require a REST mapping.  In most cases,
+                        the dependency is on the group,resource tuple     and the
+                        version of the actual struct is irrelevant.  5. We cannot
+                        easily change it.  Because this type is embedded in many locations,
+                        updates to this type     will affect numerous schemas.  Don''t
+                        make new APIs embed an underspecified API type they do not
+                        control. Instead of using this type, create a locally provided
+                        and used type that is well-focused on your reference. For
+                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                        .'
                      properties:
                        apiVersion:
                          description: API version of the referent.
@@ -523,7 +522,6 @@ spec:
                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                          type: string
                      type: object
-                      x-kubernetes-map-type: atomic
                    traits:
                      items:
                        description: TraitHealthCondition represents informative health
@@ -584,3 +582,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_manualscalertraits.yaml
+++ b/charts/vela-core/crds/core.oam.dev_manualscalertraits.yaml
@@ -0,0 +1,134 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: manualscalertraits.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ManualScalerTrait
+    listKind: ManualScalerTraitList
+    plural: manualscalertraits
+    singular: manualscalertrait
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A ManualScalerTrait determines how many replicas a workload should
+          have.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait.
+            properties:
+              replicaCount:
+                description: ReplicaCount of the workload this trait applies to.
+                format: int32
+                type: integer
+              workloadRef:
+                description: WorkloadReference to the workload this trait applies
+                  to.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+            required:
+            - replicaCount
+            - workloadRef
+            type: object
+          status:
+            description: A ManualScalerTraitStatus represents the observed state of
+              a ManualScalerTrait.
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_policies.yaml
+++ b/charts/vela-core/crds/core.oam.dev_policies.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: policies.core.oam.dev
 spec:
  group: core.oam.dev
@@ -48,3 +49,9 @@ spec:
    served: true
    storage: true
    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_policydefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_policydefinitions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: policydefinitions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -59,8 +60,7 @@ spec:
                type: boolean
              schematic:
                description: Schematic defines the data format and template of the
-                  encapsulation of the policy definition. Only CUE schematic is supported
-                  for now.
+                  encapsulation of the policy definition
                properties:
                  cue:
                    description: CUE defines the encapsulation in CUE format
@@ -160,20 +160,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -284,3 +270,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml
+++ b/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: resourcetrackers.core.oam.dev
 spec:
  group: core.oam.dev
@@ -55,16 +56,6 @@ spec:
              applicationGeneration:
                format: int64
                type: integer
-              compression:
-                description: ResourceTrackerCompression represents the compressed
-                  components in ResourceTracker.
-                properties:
-                  data:
-                    type: string
-                  type:
-                    description: Type the compression type
-                    type: string
-                type: object
              managedResources:
                items:
                  description: ManagedResource define the resource to be managed by
@@ -78,6 +69,7 @@ spec:
                    component:
                      type: string
                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
                      type: string
                    deleted:
                      description: Deleted marks the resource to be deleted
@@ -113,16 +105,12 @@ spec:
                      description: 'Specific resourceVersion to which this reference
                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                      type: string
-                    skipGC:
-                      description: SkipGC marks the resource to skip gc
-                      type: boolean
                    trait:
                      type: string
                    uid:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
              type:
                description: ResourceTrackerType defines the type of resourceTracker
@@ -146,6 +134,7 @@ spec:
                    cluster:
                      type: string
                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
                      type: string
                    fieldPath:
                      description: 'If referring to a piece of an object instead of
@@ -177,7 +166,6 @@ spec:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
-                  x-kubernetes-map-type: atomic
                type: array
            type: object
        type: object
@@ -185,3 +173,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_scopedefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_scopedefinitions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: scopedefinitions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -144,3 +145,9 @@ spec:
    served: true
    storage: true
    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: traitdefinitions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -196,20 +197,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -369,7 +356,7 @@ spec:
            properties:
              appliesToWorkloads:
                description: AppliesToWorkloads specifies the list of workload kinds
-                  this trait applies to. Workload kinds are specified in resource.group/version
+                  this trait applies to. Workload kinds are specified in kind.group/version
                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
                  field apply to all workload kinds.
                items:
@@ -423,8 +410,7 @@ spec:
                type: boolean
              schematic:
                description: Schematic defines the data format and template of the
-                  encapsulation of the trait. Only CUE and Kube schematic are supported
-                  for now.
+                  encapsulation of the trait
                properties:
                  cue:
                    description: CUE defines the encapsulation in CUE format
@@ -524,20 +510,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -585,12 +557,10 @@ spec:
                    - configuration
                    type: object
                type: object
-              stage:
-                description: Stage defines the stage information to which this trait
-                  resource processing belongs. Currently, PreDispatch and PostDispatch
-                  are provided, which are used to control resource pre-process and
-                  post-process respectively.
-                type: string
+              skipRevisionAffect:
+                description: SkipRevisionAffect defines the update this trait will
+                  not generate a new application Revision
+                type: boolean
              status:
                description: Status defines the custom health policy and status message
                  for trait
@@ -671,3 +641,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_workflows.yaml
+++ b/charts/vela-core/crds/core.oam.dev_workflows.yaml
@@ -1,10 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: workflows.core.oam.dev
 spec:
  group: core.oam.dev
@@ -20,7 +20,7 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: Workflow is the Schema for the workflow API
+        description: Workflow is the Schema for the policy API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -34,30 +34,18 @@ spec:
            type: string
          metadata:
            type: object
-          mode:
-            description: WorkflowExecuteMode defines the mode of workflow execution
-            properties:
-              steps:
-                description: Steps is the mode of workflow steps execution
-                type: string
-              subSteps:
-                description: SubSteps is the mode of workflow sub steps execution
-                type: string
-            type: object
          steps:
            items:
              description: WorkflowStep defines how to execute a workflow step.
              properties:
                dependsOn:
-                  description: DependsOn is the dependency of the step
                  items:
                    type: string
                  type: array
                if:
-                  description: If is the if condition of the step
                  type: string
                inputs:
-                  description: Inputs is the inputs of the step
+                  description: StepInputs defines variable input of WorkflowStep
                  items:
                    properties:
                      from:
@@ -69,17 +57,11 @@ spec:
                    - parameterKey
                    type: object
                  type: array
-                meta:
-                  description: Meta is the meta data of the workflow step.
-                  properties:
-                    alias:
-                      type: string
-                  type: object
                name:
                  description: Name is the unique name of the workflow step.
                  type: string
                outputs:
-                  description: Outputs is the outputs of the step
+                  description: StepOutputs defines output variable of WorkflowStep
                  items:
                    properties:
                      name:
@@ -92,23 +74,21 @@ spec:
                    type: object
                  type: array
                properties:
-                  description: Properties is the properties of the step
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
                subSteps:
                  items:
-                    description: WorkflowStepBase defines the workflow step base
+                    description: WorkflowSubStep defines how to execute a workflow
+                      subStep.
                    properties:
                      dependsOn:
-                        description: DependsOn is the dependency of the step
                        items:
                          type: string
                        type: array
                      if:
-                        description: If is the if condition of the step
                        type: string
                      inputs:
-                        description: Inputs is the inputs of the step
+                        description: StepInputs defines variable input of WorkflowStep
                        items:
                          properties:
                            from:
@@ -120,17 +100,11 @@ spec:
                          - parameterKey
                          type: object
                        type: array
-                      meta:
-                        description: Meta is the meta data of the workflow step.
-                        properties:
-                          alias:
-                            type: string
-                        type: object
                      name:
                        description: Name is the unique name of the workflow step.
                        type: string
                      outputs:
-                        description: Outputs is the outputs of the step
+                        description: StepOutputs defines output variable of WorkflowStep
                        items:
                          properties:
                            name:
@@ -143,25 +117,16 @@ spec:
                          type: object
                        type: array
                      properties:
-                        description: Properties is the properties of the step
                        type: object
                        x-kubernetes-preserve-unknown-fields: true
-                      timeout:
-                        description: Timeout is the timeout of the step
-                        type: string
                      type:
-                        description: Type is the type of the workflow step.
                        type: string
                    required:
                    - name
                    - type
                    type: object
                  type: array
-                timeout:
-                  description: Timeout is the timeout of the step
-                  type: string
                type:
-                  description: Type is the type of the workflow step.
                  type: string
              required:
              - name
@@ -171,3 +136,118 @@ spec:
        type: object
    served: true
    storage: true
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Workflow defines workflow steps and other attributes
+        properties:
+          ref:
+            type: string
+          steps:
+            items:
+              description: WorkflowStep defines how to execute a workflow step.
+              properties:
+                dependsOn:
+                  items:
+                    type: string
+                  type: array
+                if:
+                  type: string
+                inputs:
+                  description: StepInputs defines variable input of WorkflowStep
+                  items:
+                    properties:
+                      from:
+                        type: string
+                      parameterKey:
+                        type: string
+                    required:
+                    - from
+                    - parameterKey
+                    type: object
+                  type: array
+                name:
+                  description: Name is the unique name of the workflow step.
+                  type: string
+                outputs:
+                  description: StepOutputs defines output variable of WorkflowStep
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      valueFrom:
+                        type: string
+                    required:
+                    - name
+                    - valueFrom
+                    type: object
+                  type: array
+                properties:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                subSteps:
+                  items:
+                    description: WorkflowSubStep defines how to execute a workflow
+                      subStep.
+                    properties:
+                      dependsOn:
+                        items:
+                          type: string
+                        type: array
+                      if:
+                        type: string
+                      inputs:
+                        description: StepInputs defines variable input of WorkflowStep
+                        items:
+                          properties:
+                            from:
+                              type: string
+                            parameterKey:
+                              type: string
+                          required:
+                          - from
+                          - parameterKey
+                          type: object
+                        type: array
+                      name:
+                        description: Name is the unique name of the workflow step.
+                        type: string
+                      outputs:
+                        description: StepOutputs defines output variable of WorkflowStep
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            valueFrom:
+                              type: string
+                          required:
+                          - name
+                          - valueFrom
+                          type: object
+                        type: array
+                      properties:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      type:
+                        type: string
+                    required:
+                    - name
+                    - type
+                    type: object
+                  type: array
+                type:
+                  type: string
+              required:
+              - name
+              - type
+              type: object
+            type: array
+        type: object
+    served: true
+    storage: false
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: workflowstepdefinitions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -56,8 +57,7 @@ spec:
                type: object
              schematic:
                description: Schematic defines the data format and template of the
-                  encapsulation of the workflow step definition. Only CUE schematic
-                  is supported for now.
+                  encapsulation of the workflow step definition
                properties:
                  cue:
                    description: CUE defines the encapsulation in CUE format
@@ -157,20 +157,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -281,3 +267,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: workloaddefinitions.core.oam.dev
 spec:
  group: core.oam.dev
@@ -201,20 +202,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -505,20 +492,6 @@ spec:
                        description: DeleteResource will determine whether provisioned
                          cloud resources will be deleted when CR is deleted
                        type: boolean
-                      gitCredentialsSecretReference:
-                        description: GitCredentialsSecretReference specifies the reference
-                          to the secret containing the git credentials
-                        properties:
-                          name:
-                            description: name is unique within a namespace to reference
-                              a secret resource.
-                            type: string
-                          namespace:
-                            description: namespace defines the space within which
-                              the secret name must be unique.
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
                      path:
                        description: Path is the sub-directory of remote git repository.
                          It's valid when remote is set
@@ -623,3 +596,9 @@ spec:
    served: true
    storage: true
    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/standard.oam.dev_rollouts.yaml
+++ b/charts/vela-core/crds/standard.oam.dev_rollouts.yaml
@@ -1,9 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: rollouts.standard.oam.dev
 spec:
  group: standard.oam.dev
@@ -139,7 +140,6 @@ spec:
                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                              type: string
                          type: object
-                          x-kubernetes-map-type: atomic
                      required:
                      - name
                      type: object
@@ -274,7 +274,6 @@ spec:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                    type: string
                                type: object
-                                x-kubernetes-map-type: atomic
                            required:
                            - name
                            type: object
@@ -475,3 +474,9 @@ spec:
    storage: true
    subresources:
      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/templates/addon/fluxcd-def.yaml
+++ b/charts/vela-core/templates/addon/fluxcd-def.yaml
@@ -0,0 +1,270 @@
+{{- if .Values.enableFluxcdAddon -}}
+apiVersion: core.oam.dev/v1beta1
+kind: Application
+metadata:
+  labels:
+    addons.oam.dev/name: fluxcd-def
+  name: addon-fluxcd-def
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  components:
+    - name: fluxc-def-resources
+      properties:
+        objects:
+          - apiVersion: core.oam.dev/v1beta1
+            kind: ComponentDefinition
+            metadata:
+              annotations:
+                definition.oam.dev/description: helm release is a group of K8s resources
+                  from either git repository or helm repo
+              name: helm
+              namespace: {{.Values.systemDefinitionNamespace}}
+            spec:
+              schematic:
+                cue:
+                  template: "output: {\n\tapiVersion: \"source.toolkit.fluxcd.io/v1beta1\"\n\tmetadata:
+                {\n\t\tname: context.name\n\t}\n\tif parameter.repoType == \"git\"
+                {\n\t\tkind: \"GitRepository\"\n\t\tspec: {\n\t\t\turl: parameter.url\n\t\t\tif
+                parameter.git.branch != _|_ {\n\t\t\t\tref: branch: parameter.git.branch\n\t\t\t}\n\t\t\t_secret\n\t\t\t_sourceCommonArgs\n\t\t}\n\t}\n\tif
+                parameter.repoType == \"oss\" {\n\t\tkind: \"Bucket\"\n\t\tspec: {\n\t\t\tendpoint:
+                \  parameter.url\n\t\t\tbucketName: parameter.oss.bucketName\n\t\t\tprovider:
+                \  parameter.oss.provider\n\t\t\tif parameter.oss.region != _|_ {\n\t\t\t\tregion:
+                parameter.oss.region\n\t\t\t}\n\t\t\t_secret\n\t\t\t_sourceCommonArgs\n\t\t}\n\t}\n\tif
+                parameter.repoType == \"helm\" {\n\t\tkind: \"HelmRepository\"\n\t\tspec:
+                {\n\t\t\turl: parameter.url\n\t\t\t_secret\n\t\t\t_sourceCommonArgs\n\t\t}\n\t}\n}\n\noutputs:
+                release: {\n\tapiVersion: \"helm.toolkit.fluxcd.io/v2beta1\"\n\tkind:
+                \      \"HelmRelease\"\n\tmetadata: {\n\t\tname: context.name\n\t}\n\tspec:
+                {\n\t\ttimeout: parameter.installTimeout\n\t\tinterval: parameter.interval\n\t\tchart:
+                {\n\t\t\tspec: {\n\t\t\t\tchart:   parameter.chart\n\t\t\t\tversion:
+                parameter.version\n\t\t\t\tsourceRef: {\n\t\t\t\t\tif parameter.repoType
+                == \"git\" {\n\t\t\t\t\t\tkind: \"GitRepository\"\n\t\t\t\t\t}\n\t\t\t\t\tif
+                parameter.repoType == \"helm\" {\n\t\t\t\t\t\tkind: \"HelmRepository\"\n\t\t\t\t\t}\n\t\t\t\t\tif
+                parameter.repoType == \"oss\" {\n\t\t\t\t\t\tkind: \"Bucket\"\n\t\t\t\t\t}\n\t\t\t\t\tname:
+                \     context.name\n\t\t\t\t}\n\t\t\t\tinterval: parameter.interval\n\t\t\t}\n\t\t}\n\t\tif
+                parameter.targetNamespace != _|_ {\n\t\t\ttargetNamespace: parameter.targetNamespace\n\t\t}\n\t\tif
+                parameter.releaseName != _|_ {\n\t\t\treleaseName: parameter.releaseName\n\t\t}\n\t\tif
+                parameter.values != _|_ {\n\t\t\tvalues: parameter.values\n\t\t}\n\t}\n}\n\n_secret:
+                {\n\tif parameter.secretRef != _|_ {\n\t\tsecretRef: {\n\t\t\tname:
+                parameter.secretRef\n\t\t}\n\t}\n}\n\n_sourceCommonArgs: {\n\tinterval:
+                parameter.pullInterval\n\tif parameter.timeout != _|_ {\n\t\ttimeout:
+                parameter.timeout\n\t}\n}\n\nparameter: {\n\trepoType: *\"helm\" |
+                \"git\" | \"oss\"\n\t// +usage=The interval at which to check for
+                repository/bucket and relese updates, default to 5m\n\tpullInterval:
+                *\"5m\" | string\n        // +usage=The  Interval at which to reconcile
+                the Helm release, default to 30s\n        interval: *\"30s\" | string\n\t//
+                +usage=The Git or Helm repository URL, OSS endpoint, accept HTTP/S
+                or SSH address as git url,\n\turl: string\n\t// +usage=The name of
+                the secret containing authentication credentials\n\tsecretRef?: string\n\t//
+                +usage=The timeout for operations like download index/clone repository,
+                optional\n\ttimeout?: string\n\t// +usage=The timeout for operation
+                `helm install`, optional\n\tinstallTimeout: *\"10m\" | string\n\n\tgit?:
+                {\n\t\t// +usage=The Git reference to checkout and monitor for changes,
+                defaults to master branch\n\t\tbranch: string\n\t}\n\toss?: {\n\t\t//
+                +usage=The bucket's name, required if repoType is oss\n\t\tbucketName:
+                string\n\t\t// +usage=\"generic\" for Minio, Amazon S3, Google Cloud
+                Storage, Alibaba Cloud OSS, \"aws\" for retrieve credentials from
+                the EC2 service when credentials not specified, default \"generic\"\n\t\tprovider:
+                *\"generic\" | \"aws\"\n\t\t// +usage=The bucket region, optional\n\t\tregion?:
+                string\n\t}\n\n\t// +usage=1.The relative path to helm chart for git/oss
+                source. 2. chart name for helm resource 3. relative path for chart
+                package(e.g. ./charts/podinfo-1.2.3.tgz)\n\tchart: string\n\t// +usage=Chart
+                version\n\tversion: *\"*\" | string\n\t// +usage=The namespace for
+                helm chart, optional\n\ttargetNamespace?: string\n\t// +usage=The
+                release name\n\treleaseName?: string\n\t// +usage=Chart values\n\tvalues?:
+                #nestedmap\n}\n\n#nestedmap: {\n\t...\n}\n"
+              status:
+                customStatus: "repoMessage:    string\nreleaseMessage: string\nif context.output.status
+              == _|_ {\n\trepoMessage:    \"Fetching repository\"\n\treleaseMessage:
+              \"Wating repository ready\"\n}\nif context.output.status != _|_ {\n\trepoStatus:
+              context.output.status\n\tif repoStatus.conditions[0][\"type\"] != \"Ready\"
+              {\n\t\trepoMessage: \"Fetch repository fail\"\n\t}\n\tif repoStatus.conditions[0][\"type\"]
+              == \"Ready\" {\n\t\trepoMessage: \"Fetch repository successfully\"\n\t}\n\n\tif
+              context.outputs.release.status == _|_ {\n\t\treleaseMessage: \"Creating
+              helm release\"\n\t}\n\tif context.outputs.release.status != _|_ {\n\t\tif
+              context.outputs.release.status.conditions[0][\"message\"] == \"Release
+              reconciliation succeeded\" {\n\t\t\treleaseMessage: \"Create helm release
+              successfully\"\n\t\t}\n\t\tif context.outputs.release.status.conditions[0][\"message\"]
+              != \"Release reconciliation succeeded\" {\n\t\t\treleaseBasicMessage:
+              \"Delivery helm release in progress, message: \" + context.outputs.release.status.conditions[0][\"message\"]\n\t\t\tif
+              len(context.outputs.release.status.conditions) == 1 {\n\t\t\t\treleaseMessage:
+              releaseBasicMessage\n\t\t\t}\n\t\t\tif len(context.outputs.release.status.conditions)
+              > 1 {\n\t\t\t\treleaseMessage: releaseBasicMessage + \", \" + context.outputs.release.status.conditions[1][\"message\"]\n\t\t\t}\n\t\t}\n\t}\n\n}\nmessage:
+              repoMessage + \", \" + releaseMessage"
+                healthPolicy: 'isHealth: len(context.outputs.release.status.conditions)
+              != 0 && context.outputs.release.status.conditions[0]["status"]=="True"'
+              workload:
+                type: autodetects.core.oam.dev
+          - apiVersion: core.oam.dev/v1beta1
+            kind: TraitDefinition
+            metadata:
+              annotations:
+                definition.oam.dev/description: A list of JSON6902 patch to selected target
+              name: kustomize-json-patch
+              namespace: {{.Values.systemDefinitionNamespace}}
+            spec:
+              schematic:
+                cue:
+                  template: "patch: {\n\tspec: {\n\t\tpatchesJson6902: parameter.patchesJson\n\t}\n}\n\nparameter:
+                {\n\t// +usage=A list of JSON6902 patch.\n\tpatchesJson: [...#jsonPatchItem]\n}\n\n//
+                +usage=Contains a JSON6902 patch\n#jsonPatchItem: {\n\ttarget: #selector\n\tpatch:
+                [...{\n\t\t// +usage=operation to perform\n\t\top: string | \"add\"
+                | \"remove\" | \"replace\" | \"move\" | \"copy\" | \"test\"\n\t\t//
+                +usage=operate path e.g. /foo/bar\n\t\tpath: string\n\t\t// +usage=specify
+                source path when op is copy/move\n\t\tfrom?:  string\n\t\t// +usage=specify
+                opraation value when op is test/add/replace\n\t\tvalue?: string\n\t}]\n}\n\n//
+                +usage=Selector specifies a set of resources\n#selector: {\n\tgroup?:
+                \             string\n\tversion?:            string\n\tkind?:               string\n\tnamespace?:
+                \         string\n\tname?:               string\n\tannotationSelector?:
+                string\n\tlabelSelector?:      string\n}\n"
+          - apiVersion: core.oam.dev/v1beta1
+            kind: TraitDefinition
+            metadata:
+              annotations:
+                definition.oam.dev/description: A list of StrategicMerge or JSON6902 patch
+                  to selected target
+              name: kustomize-patch
+              namespace: {{.Values.systemDefinitionNamespace}}
+            spec:
+              schematic:
+                cue:
+                  template: "patch: {\n\tspec: {\n\t\tpatches: parameter.patches\n\t}\n}\nparameter:
+                {\n\t// +usage=a list of StrategicMerge or JSON6902 patch to selected
+                target\n\tpatches: [...#patchItem]\n}\n\n// +usage=Contains a strategicMerge
+                or JSON6902 patch\n#patchItem: {\n\t// +usage=Inline patch string,
+                in yaml style\n\tpatch: string\n\t// +usage=Specify the target the
+                patch should be applied to\n\ttarget: #selector\n}\n\n// +usage=Selector
+                specifies a set of resources\n#selector: {\n\tgroup?:              string\n\tversion?:
+                \           string\n\tkind?:               string\n\tnamespace?:          string\n\tname?:
+                \              string\n\tannotationSelector?: string\n\tlabelSelector?:
+                \     string\n}\n"
+          - apiVersion: core.oam.dev/v1beta1
+            kind: ComponentDefinition
+            metadata:
+              annotations:
+                definition.oam.dev/description: kustomize can fetching, building, updating
+                  and applying Kustomize manifests from git repo.
+              name: kustomize
+              namespace: {{.Values.systemDefinitionNamespace}}
+            spec:
+              schematic:
+                cue:
+                  template: "output: {\n\tapiVersion: \"kustomize.toolkit.fluxcd.io/v1beta1\"\n\tkind:
+                \      \"Kustomization\"\n\tmetadata: {\n\t\tname: context.name\n
+                \   namespace: context.namespace\n\t}\n\tspec: {\n\t\tinterval: parameter.pullInterval\n\t\tsourceRef:
+                {\n\t\t\tif parameter.repoType == \"git\" {\n\t\t\t\tkind: \"GitRepository\"\n\t\t\t}\n\t\t\tif
+                parameter.repoType == \"oss\" {\n\t\t\t\tkind: \"Bucket\"\n\t\t\t}\n\t\t\tname:
+                \     context.name\n\t\t\tnamespace: context.namespace\n\t\t}\n\t\tpath:
+                \      parameter.path\n\t\tprune:      true\n\t\tvalidation: \"client\"\n\t}\n}\n\noutputs:
+                {\n  repo: {\n\t  apiVersion: \"source.toolkit.fluxcd.io/v1beta1\"\n\t
+                \ metadata: {\n\t\t  name: context.name\n      namespace: context.namespace\n\t
+                \ }\n\t  if parameter.repoType == \"git\" {\n\t\t  kind: \"GitRepository\"\n\t\t
+                \ spec: {\n\t\t\t  url: parameter.url\n\t\t\t  if parameter.git.branch
+                != _|_ {\n\t\t\t\t  ref: branch: parameter.git.branch\n\t\t\t  }\n
+                \       if parameter.git.provider != _|_ {\n          if parameter.git.provider
+                == \"GitHub\" {\n            gitImplementation: \"go-git\"\n          }\n
+                \         if parameter.git.provider == \"AzureDevOps\" {\n            gitImplementation:
+                \"libgit2\"\n          }\n        }\n\t\t\t  _secret\n\t\t\t  _sourceCommonArgs\n\t\t
+                \ }\n\t  }\n\t  if parameter.repoType == \"oss\" {\n\t\t  kind: \"Bucket\"\n\t\t
+                \ spec: {\n\t\t\t  endpoint:   parameter.url\n\t\t\t  bucketName:
+                parameter.oss.bucketName\n\t\t\t  provider:   parameter.oss.provider\n\t\t\t
+                \ if parameter.oss.region != _|_ {\n\t\t\t\t  region: parameter.oss.region\n\t\t\t
+                \ }\n\t\t\t  _secret\n\t\t\t  _sourceCommonArgs\n\t\t  }\n\t  }\n
+                \ }\n\n  if parameter.imageRepository != _|_ {\n    imageRepo: {\n
+                \     apiVersion: \"image.toolkit.fluxcd.io/v1beta1\"\n      kind:
+                \"ImageRepository\"\n\t    metadata: {\n\t\t    name: context.name\n
+                \       namespace: context.namespace\n\t    }\n      spec: {\n        image:
+                parameter.imageRepository.image\n        interval: parameter.pullInterval\n
+                \       if parameter.imageRepository.secretRef != _|_ {\n          secretRef:
+                name: parameter.imageRepository.secretRef\n        }\n      }\n    }\n\n
+                \   imagePolicy: {\n      apiVersion: \"image.toolkit.fluxcd.io/v1beta1\"\n
+                \     kind: \"ImagePolicy\"\n\t    metadata: {\n\t\t    name: context.name\n
+                \       namespace: context.namespace\n\t    }\n      spec: {\n        imageRepositoryRef:
+                name: context.name\n        policy: parameter.imageRepository.policy\n
+                \       if parameter.imageRepository.filterTags != _|_ {\n          filterTags:
+                parameter.imageRepository.filterTags\n        }\n      }\n    }\n\n
+                \   imageUpdate: {\n      apiVersion: \"image.toolkit.fluxcd.io/v1beta1\"\n
+                \     kind: \"ImageUpdateAutomation\"\n\t    metadata: {\n\t\t    name:
+                context.name\n        namespace: context.namespace\n\t    }\n      spec:
+                {\n        interval: parameter.pullInterval\n        sourceRef: {\n
+                \         kind: \"GitRepository\"\n          name: context.name\n
+                \       }\n        git: {\n          checkout: ref: branch: parameter.git.branch\n
+                \         commit: {\n            author: {\n              email: \"kubevelabot@users.noreply.github.com\"\n
+                \             name: \"kubevelabot\"\n            }\n            if
+                parameter.imageRepository.commitMessage != _|_ {\n              messageTemplate:
+                \"Update image automatically.\\n\" + parameter.imageRepository.commitMessage\n
+                \           }\n            if parameter.imageRepository.commitMessage
+                == _|_ {\n              messageTemplate: \"Update image automatically.\"\n
+                \           }\n          }\n          push: branch: parameter.git.branch\n
+                \       }\n        update: {\n          path:\tparameter.path\n          strategy:
+                \"Setters\"\n        }\n      }\n    }\n  }\n}\n\n_secret: {\n\tif
+                parameter.secretRef != _|_ {\n\t\tsecretRef: {\n\t\t\tname: parameter.secretRef\n\t\t}\n\t}\n}\n\n_sourceCommonArgs:
+                {\n\tinterval: parameter.pullInterval\n\tif parameter.timeout != _|_
+                {\n\t\ttimeout: parameter.timeout\n\t}\n}\n\nparameter: {\n\trepoType:
+                *\"git\" | \"oss\"\n  // +usage=The image repository for automatically
+                update image to git\n  imageRepository?: {\n    // +usage=The image
+                url\n    image: string\n    // +usage=The name of the secret containing
+                authentication credentials\n    secretRef?: string\n    // +usage=Policy
+                gives the particulars of the policy to be followed in selecting the
+                most recent image.\n    policy: {\n      // +usage=Alphabetical set
+                of rules to use for alphabetical ordering of the tags.\n      alphabetical?:
+                {\n        // +usage=Order specifies the sorting order of the tags.\n
+                \       // +usage=Given the letters of the alphabet as tags, ascending
+                order would select Z, and descending order would select A.\n        order?:
+                \"asc\" | \"desc\"\n      }\n      // +usage=Numerical set of rules
+                to use for numerical ordering of the tags.\n      numerical?: {\n
+                \       // +usage=Order specifies the sorting order of the tags.\n
+                \       // +usage=Given the integer values from 0 to 9 as tags, ascending
+                order would select 9, and descending order would select 0.\n        order:
+                \"asc\" | \"desc\"\n      }\n      // +usage=SemVer gives a semantic
+                version range to check against the tags available.\n      semver?:
+                {\n        // +usage=Range gives a semver range for the image tag;
+                the highest version within the range that's a tag yields the latest
+                image.\n        range: string\n      }\n    }\n    // +usage=FilterTags
+                enables filtering for only a subset of tags based on a set of rules.
+                If no rules are provided, all the tags from the repository will be
+                ordered and compared.\n    filterTags?: {\n      // +usage=Extract
+                allows a capture group to be extracted from the specified regular
+                expression pattern, useful before tag evaluation.\n      extract?:
+                string\n      // +usage=Pattern specifies a regular expression pattern
+                used to filter for image tags.\n      pattern?: string\n    }\n    //
+                +usage=The image url\n    commitMessage?: string\n  }\n\t// +usage=The
+                interval at which to check for repository/bucket and release updates,
+                default to 5m\n\tpullInterval: *\"5m\" | string\n\t// +usage=The Git
+                or Helm repository URL, OSS endpoint, accept HTTP/S or SSH address
+                as git url,\n\turl: string\n\t// +usage=The name of the secret containing
+                authentication credentials\n\tsecretRef?: string\n\t// +usage=The
+                timeout for operations like download index/clone repository, optional\n\ttimeout?:
+                string\n\tgit?: {\n\t\t// +usage=The Git reference to checkout and
+                monitor for changes, defaults to master branch\n\t\tbranch: string\n
+                \   // +usage=Determines which git client library to use. Defaults
+                to GitHub, it will pick go-git. AzureDevOps will pick libgit2.\n    provider?:
+                *\"GitHub\" | \"AzureDevOps\"\n\t}\n\toss?: {\n\t\t// +usage=The bucket's
+                name, required if repoType is oss\n\t\tbucketName: string\n\t\t//
+                +usage=\"generic\" for Minio, Amazon S3, Google Cloud Storage, Alibaba
+                Cloud OSS, \"aws\" for retrieve credentials from the EC2 service when
+                credentials not specified, default \"generic\"\n\t\tprovider: *\"generic\"
+                | \"aws\"\n\t\t// +usage=The bucket region, optional\n\t\tregion?:
+                string\n\t}\n\t//+usage=Path to the directory containing the kustomization.yaml
+                file, or the set of plain YAMLs a kustomization.yaml should be generated
+                for.\n\tpath: string\n}"
+              workload:
+                type: autodetects.core.oam.dev
+          - apiVersion: core.oam.dev/v1beta1
+            kind: TraitDefinition
+            metadata:
+              annotations:
+                definition.oam.dev/description: A list of strategic merge to kustomize
+                  config
+              name: kustomize-strategy-merge
+              namespace: {{.Values.systemDefinitionNamespace}}
+            spec:
+              schematic:
+                cue:
+                  template: "patch: {\n\tspec: {\n\t\tpatchesStrategicMerge: parameter.patchesStrategicMerge\n\t}\n}\n\nparameter:
+                {\n\t// +usage=a list of strategicmerge, defined as inline yaml objects.\n\tpatchesStrategicMerge:
+                [...#nestedmap]\n}\n\n#nestedmap: {\n\t...\n}\n"
+      type: k8s-objects
+
+  {{- end }}
--- a/charts/vela-core/templates/addon/fluxcd.yaml
+++ b/charts/vela-core/templates/addon/fluxcd.yaml
--- a/charts/vela-core/templates/cluster-gateway/cluster-gateway.yaml
+++ b/charts/vela-core/templates/cluster-gateway/cluster-gateway.yaml
@@ -32,7 +32,6 @@ spec:
            - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
            - "--secret-namespace={{ .Release.Namespace }}"
            - "--feature-gates=APIPriorityAndFairness=false,ClientIdentityPenetration={{ .Values.authentication.enabled }}"
-            - "--cluster-gateway-proxy-config=/etc/proxy-config/config.yaml"
            {{- if .Values.multicluster.clusterGateway.secureTLS.enabled }}
            - "--tls-cert-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.crt"
            - "--tls-private-key-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.key"
@@ -43,20 +42,14 @@ spec:
          {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
          ports:
            - containerPort: {{ .Values.multicluster.clusterGateway.port }}
-          volumeMounts:
-            - mountPath: /etc/proxy-config
-              name: proxy-config
          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+          volumeMounts:
            - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
              name: tls-cert-vol
              readOnly: true
          {{- end }}
-      volumes:
-        - configMap:
-            defaultMode: 420
-            name: {{ .Release.Name }}-cluster-gateway-proxy-config
-          name: proxy-config
      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+      volumes:
        - name: tls-cert-vol
          secret:
            defaultMode: 420
@@ -81,23 +74,6 @@ spec:
      maxUnavailable: 1
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-cluster-gateway-proxy-config
-  namespace: {{ .Release.Namespace }}
-data:
-  config.yaml: |
-    apiVersion: cluster.core.oam.dev/v1alpha1
-    kind: ClusterGatewayProxyConfiguration
-    spec:
-      clientIdentityExchanger:
-        rules:
-          - name: super-user
-            source:
-              group: kubevela:ux
-            type: PrivilegedIdentityExchanger
---
-apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Release.Name }}-cluster-gateway-service
--- a/charts/vela-core/templates/defwithtemplate/affinity.yaml
+++ b/charts/vela-core/templates/defwithtemplate/affinity.yaml
@@ -11,10 +11,7 @@ metadata:
  namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
  appliesToWorkloads:
-    - deployments.apps
-    - statefulsets.apps
-    - daemonsets.apps
-    - jobs.batch
+    - '*'
  podDisruptive: true
  schematic:
    cue:
--- a/charts/vela-core/templates/defwithtemplate/annotations.yaml
+++ b/charts/vela-core/templates/defwithtemplate/annotations.yaml
@@ -4,7 +4,9 @@ apiVersion: core.oam.dev/v1beta1
 kind: TraitDefinition
 metadata:
  annotations:
-    definition.oam.dev/description: Add annotations on your workload. if it generates pod, add same annotations for generated pods.
+    definition.oam.dev/description: Add annotations on K8s pod for your workload which follows the pod spec in path 'spec.template'.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
  name: annotations
  namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -18,13 +20,13 @@ spec:
        patch: {
        	metadata: annotations: {
        		for k, v in parameter {
-        			(k): v
+        			"\(k)": v
        		}
        	}
        	if context.output.spec != _|_ && context.output.spec.template != _|_ {
        		spec: template: metadata: annotations: {
        			for k, v in parameter {
-        				(k): v
+        				"\(k)": v
        			}
        		}
        	}
--- a/charts/vela-core/templates/defwithtemplate/apply-application-in-parallel.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-application-in-parallel.yaml
@@ -6,8 +6,6 @@ metadata:
  annotations:
    definition.oam.dev/description: Apply components of an application in parallel for your workflow steps
  labels:
-    custom.definition.oam.dev/deprecated: "true"
-    custom.definition.oam.dev/scope: Application
    custom.definition.oam.dev/ui-hidden: "true"
  name: apply-application-in-parallel
  namespace: {{ include "systemDefinitionNamespace" . }}
--- a/charts/vela-core/templates/defwithtemplate/apply-application.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-application.yaml
@@ -4,10 +4,8 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
  annotations:
-    definition.oam.dev/description: Apply application for your workflow steps, it has no arguments, should be used for custom steps before or after application applied.
+    definition.oam.dev/description: Apply application for your workflow steps
  labels:
-    custom.definition.oam.dev/deprecated: "true"
-    custom.definition.oam.dev/scope: Application
    custom.definition.oam.dev/ui-hidden: "true"
  name: apply-application
  namespace: {{ include "systemDefinitionNamespace" . }}
--- a/charts/vela-core/templates/defwithtemplate/apply-component.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-component.yaml
@@ -1,22 +0,0 @@
-# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
-# Definition source cue file: vela-templates/definitions/internal/apply-component.cue
-apiVersion: core.oam.dev/v1beta1
-kind: WorkflowStepDefinition
-metadata:
-  annotations:
-    definition.oam.dev/description: Apply a specific component and its corresponding traits in application
-  labels:
-    custom.definition.oam.dev/scope: Application
-  name: apply-component
-  namespace: {{ include "systemDefinitionNamespace" . }}
-spec:
-  schematic:
-    cue:
-      template: |
-        parameter: {
-        	// +usage=Specify the component name to apply
-        	component: string
-        	// +usage=Specify the cluster
-        	cluster: *"" | string
-        }
-
--- a/charts/vela-core/templates/defwithtemplate/apply-deployment.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-deployment.yaml
@@ -1,51 +0,0 @@
-# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
-# Definition source cue file: vela-templates/definitions/internal/apply-deployment.cue
-apiVersion: core.oam.dev/v1beta1
-kind: WorkflowStepDefinition
-metadata:
-  annotations:
-    definition.oam.dev/alias: ""
-    definition.oam.dev/description: Apply deployment with specified image and cmd.
-  name: apply-deployment
-  namespace: {{ include "systemDefinitionNamespace" . }}
-spec:
-  schematic:
-    cue:
-      template: |
-        import (
-        	"strconv"
-        	"strings"
-        	"vela/op"
-        )
-
-        output: op.#Apply & {
-        	value: {
-        		apiVersion: "apps/v1"
-        		kind:       "Deployment"
-        		metadata: {
-        			name:      context.stepName
-        			namespace: context.namespace
-        		}
-        		spec: {
-        			selector: matchLabels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
-        			template: {
-        				metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
-        				spec: containers: [{
-        					name:  context.stepName
-        					image: parameter.image
-        					if parameter["cmd"] != _|_ {
-        						command: parameter.cmd
-        					}
-        				}]
-        			}
-        		}
-        	}
-        }
-        wait: op.#ConditionalWait & {
-        	continue: output.value.status.readyReplicas == 1
-        }
-        parameter: {
-        	image: string
-        	cmd?: [...string]
-        }
-
--- a/charts/vela-core/templates/defwithtemplate/apply-object.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-object.yaml
@@ -22,9 +22,9 @@ spec:
        	cluster: parameter.cluster
        }
        parameter: {
-        	// +usage=Specify Kubernetes native resource object to be applied
+        	// +usage=Specify the value of the object
        	value: {...}
-        	// +usage=The cluster you want to apply the resource to, default is the current control plane cluster
+        	// +usage=Specify the cluster of the object
        	cluster: *"" | string
        }

--- a/charts/vela-core/templates/defwithtemplate/apply-once.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-once.yaml
@@ -1,46 +0,0 @@
-# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
-# Definition source cue file: vela-templates/definitions/internal/apply-once.cue
-apiVersion: core.oam.dev/v1beta1
-kind: PolicyDefinition
-metadata:
-  annotations:
-    definition.oam.dev/description: Allow configuration drift for applied resources, delivery the resource without continuously reconciliation.
-  name: apply-once
-  namespace: {{ include "systemDefinitionNamespace" . }}
-spec:
-  schematic:
-    cue:
-      template: |
-        #ApplyOnceStrategy: {
-        	// +usage=When the strategy takes effect,e.g. onUpdate、onStateKeep
-        	affect?: string
-        	// +usage=Specify the path of the resource that allow configuration drift
-        	path: [...string]
-        }
-        #ApplyOncePolicyRule: {
-        	// +usage=Specify how to select the targets of the rule
-        	selector?: #ResourcePolicyRuleSelector
-        	// +usage=Specify the strategy for configuring the resource level configuration drift behaviour
-        	strategy: #ApplyOnceStrategy
-        }
-        #ResourcePolicyRuleSelector: {
-        	// +usage=Select resources by component names
-        	componentNames?: [...string]
-        	// +usage=Select resources by component types
-        	componentTypes?: [...string]
-        	// +usage=Select resources by oamTypes (COMPONENT or TRAIT)
-        	oamTypes?: [...string]
-        	// +usage=Select resources by trait types
-        	traitTypes?: [...string]
-        	// +usage=Select resources by resource types (like Deployment)
-        	resourceTypes?: [...string]
-        	// +usage=Select resources by their names
-        	resourceNames?: [...string]
-        }
-        parameter: {
-        	// +usage=Whether to enable apply-once for the whole application
-        	enable: *false | bool
-        	// +usage=Specify the rules for configuring apply-once policy in resource level
-        	rules?: [...#ApplyOncePolicyRule]
-        }
-
--- a/charts/vela-core/templates/defwithtemplate/apply-remaining.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-remaining.yaml
@@ -6,8 +6,6 @@ metadata:
  annotations:
    definition.oam.dev/description: Apply remaining components and traits
  labels:
-    custom.definition.oam.dev/deprecated: "true"
-    custom.definition.oam.dev/scope: Application
    custom.definition.oam.dev/ui-hidden: "true"
  name: apply-remaining
  namespace: {{ include "systemDefinitionNamespace" . }}
--- a/charts/vela-core/templates/defwithtemplate/apply-terraform-config.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-terraform-config.yaml
@@ -1,91 +0,0 @@
-# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
-# Definition source cue file: vela-templates/definitions/internal/apply-terraform-config.cue
-apiVersion: core.oam.dev/v1beta1
-kind: WorkflowStepDefinition
-metadata:
-  annotations:
-    definition.oam.dev/alias: ""
-    definition.oam.dev/description: Apply terraform configuration in the step
-    definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/apply-terraform-resource.yaml
-  name: apply-terraform-config
-  namespace: {{ include "systemDefinitionNamespace" . }}
-spec:
-  schematic:
-    cue:
-      template: |
-        import (
-        	"vela/op"
-        )
-
-        apply: op.#Apply & {
-        	value: {
-        		apiVersion: "terraform.core.oam.dev/v1beta2"
-        		kind:       "Configuration"
-        		metadata: {
-        			name:      "\(context.name)-\(context.stepName)"
-        			namespace: context.namespace
-        		}
-        		spec: {
-        			deleteResource: parameter.deleteResource
-        			variable:       parameter.variable
-        			forceDelete:    parameter.forceDelete
-        			if parameter.source.path != _|_ {
-        				path: parameter.source.path
-        			}
-        			if parameter.source.remote != _|_ {
-        				remote: parameter.source.remote
-        			}
-        			if parameter.source.hcl != _|_ {
-        				hcl: parameter.source.hcl
-        			}
-        			if parameter.providerRef != _|_ {
-        				providerRef: parameter.providerRef
-        			}
-        			if parameter.jobEnv != _|_ {
-        				jobEnv: parameter.jobEnv
-        			}
-        			if parameter.writeConnectionSecretToRef != _|_ {
-        				writeConnectionSecretToRef: parameter.writeConnectionSecretToRef
-        			}
-        			if parameter.region != _|_ {
-        				region: parameter.region
-        			}
-        		}
-        	}
-        }
-        check: op.#ConditionalWait & {
-        	continue: apply.value.status != _|_ && apply.value.status.apply != _|_ && apply.value.status.apply.state == "Available"
-        }
-        parameter: {
-        	// +usage=specify the source of the terraform configuration
-        	source: close({
-        		// +usage=directly specify the hcl of the terraform configuration
-        		hcl: string
-        	}) | close({
-        		// +usage=specify the remote url of the terraform configuration
-        		remote: *"https://github.com/kubevela-contrib/terraform-modules.git" | string
-        		// +usage=specify the path of the terraform configuration
-        		path?: string
-        	})
-        	// +usage=whether to delete resource
-        	deleteResource: *true | bool
-        	// +usage=the variable in the configuration
-        	variable: {...}
-        	// +usage=this specifies the namespace and name of a secret to which any connection details for this managed resource should be written.
-        	writeConnectionSecretToRef?: {
-        		name:      string
-        		namespace: *context.namespace | string
-        	}
-        	// +usage=providerRef specifies the reference to Provider
-        	providerRef?: {
-        		name:      string
-        		namespace: *context.namespace | string
-        	}
-        	// +usage=region is cloud provider's region. It will override the region in the region field of providerRef
-        	region?: string
-        	// +usage=the envs for job
-        	jobEnv?: {...}
-        	// +usae=forceDelete will force delete Configuration no matter which state it is or whether it has provisioned some resources
-        	forceDelete: *false | bool
-        }
-
--- a/charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml
+++ b/charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml
@@ -1,144 +0,0 @@
-# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
-# Definition source cue file: vela-templates/definitions/internal/apply-terraform-provider.cue
-apiVersion: core.oam.dev/v1beta1
-kind: WorkflowStepDefinition
-metadata:
-  annotations:
-    definition.oam.dev/alias: ""
-    definition.oam.dev/description: Apply terraform provider config
-    definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/apply-terraform-resource.yaml
-  name: apply-terraform-provider
-  namespace: {{ include "systemDefinitionNamespace" . }}
-spec:
-  schematic:
-    cue:
-      template: |
-        import (
-        	"vela/op"
-        	"strings"
-        )
-
-        config: op.#CreateConfig & {
-        	name:      "\(context.name)-\(context.stepName)"
-        	namespace: context.namespace
-        	template:  "terraform-\(parameter.type)"
-        	config: {
-        		name: parameter.name
-        		if parameter.type == "alibaba" {
-        			ALICLOUD_ACCESS_KEY: parameter.accessKey
-        			ALICLOUD_SECRET_KEY: parameter.secretKey
-        			ALICLOUD_REGION:     parameter.region
-        		}
-        		if parameter.type == "aws" {
-        			AWS_ACCESS_KEY_ID:     parameter.accessKey
-        			AWS_SECRET_ACCESS_KEY: parameter.secretKey
-        			AWS_DEFAULT_REGION:    parameter.region
-        			AWS_SESSION_TOKEN:     parameter.token
-        		}
-        		if parameter.type == "azure" {
-        			ARM_CLIENT_ID:       parameter.clientID
-        			ARM_CLIENT_SECRET:   parameter.clientSecret
-        			ARM_SUBSCRIPTION_ID: parameter.subscriptionID
-        			ARM_TENANT_ID:       parameter.tenantID
-        		}
-        		if parameter.type == "baidu" {
-        			BAIDUCLOUD_ACCESS_KEY: parameter.accessKey
-        			BAIDUCLOUD_SECRET_KEY: parameter.secretKey
-        			BAIDUCLOUD_REGION:     parameter.region
-        		}
-        		if parameter.type == "ec" {
-        			EC_API_KEY: parameter.apiKey
-        		}
-        		if parameter.type == "gcp" {
-        			GOOGLE_CREDENTIALS: parameter.credentials
-        			GOOGLE_REGION:      parameter.region
-        			GOOGLE_PROJECT:     parameter.project
-        		}
-        		if parameter.type == "tencent" {
-        			TENCENTCLOUD_SECRET_ID:  parameter.secretID
-        			TENCENTCLOUD_SECRET_KEY: parameter.secretKey
-        			TENCENTCLOUD_REGION:     parameter.region
-        		}
-        		if parameter.type == "ucloud" {
-        			UCLOUD_PRIVATE_KEY: parameter.privateKey
-        			UCLOUD_PUBLIC_KEY:  parameter.publicKey
-        			UCLOUD_PROJECT_ID:  parameter.projectID
-        			UCLOUD_REGION:      parameter.region
-        		}
-        	}
-        }
-        read: op.#Read & {
-        	value: {
-        		apiVersion: "terraform.core.oam.dev/v1beta1"
-        		kind:       "Provider"
-        		metadata: {
-        			name:      parameter.name
-        			namespace: context.namespace
-        		}
-        	}
-        }
-        check: op.#ConditionalWait & {
-        	if read.value.status != _|_ {
-        		continue: read.value.status.state == "ready"
-        	}
-        	if read.value.status == _|_ {
-        		continue: false
-        	}
-        }
-        providerBasic: {
-        	accessKey: string
-        	secretKey: string
-        	region:    string
-        }
-        #AlibabaProvider: {
-        	providerBasic
-        	type: "alibaba"
-        	name: *"alibaba-provider" | string
-        }
-        #AWSProvider: {
-        	providerBasic
-        	token: *"" | string
-        	type:  "aws"
-        	name:  *"aws-provider" | string
-        }
-        #AzureProvider: {
-        	subscriptionID: string
-        	tenantID:       string
-        	clientID:       string
-        	clientSecret:   string
-        	name:           *"azure-provider" | string
-        }
-        #BaiduProvider: {
-        	providerBasic
-        	type: "baidu"
-        	name: *"baidu-provider" | string
-        }
-        #ECProvider: {
-        	type:   "ec"
-        	apiKey: *"" | string
-        	name:   "ec-provider" | string
-        }
-        #GCPProvider: {
-        	credentials: string
-        	region:      string
-        	project:     string
-        	type:        "gcp"
-        	name:        *"gcp-provider" | string
-        }
-        #TencentProvider: {
-        	secretID:  string
-        	secretKey: string
-        	region:    string
-        	type:      "tencent"
-        	name:      *"tencent-provider" | string
-        }
-        #UCloudProvider: {
-        	publicKey:  string
-        	privateKey: string
-        	projectID:  string
-        	region:     string
-        	type:       "ucloud"
-        	name:       *"ucloud-provider" | string
-        }
-        parameter: *#AlibabaProvider | #AWSProvider | #AzureProvider | #BaiduProvider | #ECProvider | #GCPProvider | #TencentProvider | #UCloudProvider
-
--- a/Show More
+++ b/Show More