Merge pull request #90 from weaveworks/dev

release v1 latest fixes

.github/workflows/build.yml

@@ -0,0 +1,104 @@
+name: build
+
+on:
+  push:
+    branches: [ master, dev ]
+  pull_request:
+    branches: [ master, dev ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.17'
+          cache: true
+
+      - name: Get branch name (merge)
+        if: github.event_name != 'pull_request'
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV
+
+      - name: Get branch name (pull request)
+        if: github.event_name == 'pull_request'
+        run: |
+          git fetch -a
+          echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / -)" >> $GITHUB_ENV
+
+      - name: Build binary
+        run: |
+          make build
+
+      - name: Running ElasticSearch
+        run: |
+          docker run -itd --name elasticsearch -p 9200:9200 -e "discovery.type=single-node" -e "xpack.security.enabled=false" docker.elastic.co/elasticsearch/elasticsearch:8.3.3
+          sleep 20
+          timeout 120 sh -c 'until nc -z $0 $1; do echo "waiting for elasticsearch to start on port 9200"; sleep 5; done' localhost 9200
+
+      - name: run test
+        env:
+          CODECOV_TOKEN: ${{secrets.CODECOV_TOKEN}}
+        run: |
+          go test -v -cover -covermode=atomic -coverprofile=coverage.txt ./...
+          bash <(curl -s https://codecov.io/bash) -F unit
+
+      - name: Build docker image
+        run: |
+          COMMIT_COUNT=$(git rev-list --count HEAD)
+          SHORT_HASH=$(git rev-parse --short HEAD)
+          VERSION=${{ env.BRANCH_NAME }}-${COMMIT_COUNT}-${SHORT_HASH}
+
+          if [[ ${{ env.BRANCH_NAME }} == "master" ]]; then
+            export VERSION=$(<version.txt)
+          fi
+
+          if [[ ${{ env.BRANCH_NAME }} == "dev" ]]; then
+            export VERSION=dev
+          fi
+
+          make image VERSION=$VERSION
+
+
+      - name: Scan The Image
+        run: |
+          REPO=policy-agent
+          COMMIT_COUNT=$(git rev-list --count HEAD)
+          SHORT_HASH=$(git rev-parse --short HEAD)
+          VERSION=${{ env.BRANCH_NAME }}-${COMMIT_COUNT}-${SHORT_HASH}
+          if [[ ${{ env.BRANCH_NAME }} == "master" ]]; then
+            export VERSION=$(<version.txt)
+          fi
+          if [[ ${{ env.BRANCH_NAME }} == "dev" ]]; then
+            export VERSION=dev
+          fi
+
+          echo scanning ${REPO}:${VERSION}
+          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
+          grype "${REPO}:${VERSION}" --scope all-layers > /tmp/report.txt #--fail-on high to fail on sev high
+
+      - name: Login to Docker Hub
+        if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master'
+        uses: docker/login-action@v1
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Release and push to Docker Registry
+        if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master'
+        run: |
+          if [[ ${{ env.BRANCH_NAME }} == "master" ]]; then
+            export VERSION=$(<version.txt)
+            git config user.email "[email protected]"
+            git config user.name "release-ci"
+            git tag -a v$VERSION -m "Policy Agent v$VERSION release"
+            git push -u origin v$VERSION
+          fi
+
+          if [[ ${{ env.BRANCH_NAME }} == "dev" ]]; then
+            export VERSION=dev
+          fi
+
+          make push@weaveworks tag-file=new-tag version-file=new-version VERSION=$VERSION

.github/workflows/release.yml

@@ -1,12 +1,15 @@
 name: Release Charts
 
 on:
-  push:
-    branches:
-      - master
+  workflow_run:
+    workflows: ["build"]
+    branches: [master]
+    types: 
+      - completed
 
 jobs:
   release:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

Dockerfile

@@ -2,4 +2,6 @@ FROM alpine:3.15
 
 COPY bin/agent /
 
+RUN mkdir /logs && chmod -R 777 /logs
+
 ENTRYPOINT ["/agent"]

README.md

@@ -74,7 +74,7 @@ admission:
    enabled: true
    sinks:
       filesystemSink:
-         filePath: ""
+         fileName: ""
       fluxNotificationSink:
          address: ""
       k8sEventsSink:
@@ -86,7 +86,7 @@ audit:
    writeCompliance: true
    sinks:
       filesystemSink:
-         filePath: ""
+         fileName: ""
       fluxNotificationSink:
          address: ""
       k8sEventsSink:

api/v1/policy_types.go

@@ -91,6 +91,7 @@ type PolicySpec struct {
 	Controls []string `json:"controls,omitempty"`
 }
 
+// +kubebuilder:unservedversion
 //+kubebuilder:object:root=true
 // +kubebuilder:resource:scope=Cluster
 

config/crd/bases/pac.weave.works_policies.yaml

@@ -143,7 +143,7 @@ spec:
             - severity
             type: object
         type: object
-    served: true
+    served: false
     storage: false
   - name: v2beta1
     schema:

configuration/config.go

@@ -26,7 +26,7 @@ type K8sEventsSink struct {
 }
 
 type FileSystemSink struct {
-	FilePath string
+	FileName string
 }
 
 type FluxNotificationSink struct {

go.mod

@@ -51,7 +51,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.2.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
-	github.com/gorilla/websocket v1.4.2 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect