Merge branch 'openyurtio:master' into master

.codecov.yml

@@ -3,4 +3,6 @@ coverage:
     project:
       default:
         target: auto
-        threshold: 2%
+        threshold: 2%
+ignore:
+  - "**/zz_generated.*"

.github/workflows/back-port.yaml

@@ -26,11 +26,11 @@ jobs:
       )
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Create Backport PR
-        uses: zeebe-io/backport-action@v1.2.0
+        uses: zeebe-io/backport-action@v1.4.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           github_workspace: ${{ github.workspace }}

.github/workflows/ci.yaml

@@ -9,7 +9,8 @@ on:
   workflow_dispatch: {}
 
 env:
-  GO_VERSION: 1.18
+  GO_VERSION: '1.21'
+  GOLANGCI_VERSION: 'v1.55.2'
 
   # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
   # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
@@ -18,13 +19,22 @@ env:
   AWS_USR: ${{ secrets.AWS_USR }}
 
 jobs:
+  typos-check:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Actions Repository
+        uses: actions/checkout@v4
+      - name: Check spelling with custom config file
+        uses: crate-ci/[email protected]
+        with:
+          config: ./typos.toml
 
   verify:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Verify Code
@@ -34,32 +44,33 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Lint golang code
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6.0.1
         with:
-          version: v1.47.3
-          args: -v
+          version: ${{ env.GOLANGCI_VERSION }}
+          args: --verbose
           skip-cache: true
+          mode: readonly
 
-  markdownlint-misspell-shellcheck:
-    runs-on: ubuntu-22.04
-    # this image is build from Dockerfile
-    # https://github.com/pouchcontainer/pouchlinter/blob/master/Dockerfile
-    container: pouchcontainer/pouchlinter:v0.1.2
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Run misspell
-        run: find  ./* -name  "*"  | xargs misspell -error
-      - name: Lint markdown files
-        run: find  ./ -name  "*.md" | grep -v enhancements |  grep -v .github |  xargs mdl -r ~MD010,~MD013,~MD022,~MD024,~MD029,~MD031,~MD032,~MD033,~MD034,~MD036
+#  markdownlint-misspell-shellcheck:
+#    runs-on: ubuntu-22.04
+#    # this image is build from Dockerfile
+#    # https://github.com/pouchcontainer/pouchlinter/blob/master/Dockerfile
+#    container: pouchcontainer/pouchlinter:v0.1.2
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v3
+#      - name: Run misspell
+#        run: find  ./* -name  "*"  | xargs misspell -error
+#      - name: Lint markdown files
+#        run: find  ./ -name  "*.md" | grep -v enhancements |  grep -v .github
 #      - name: Check markdown links
 #        run: |
 #          set +e
@@ -76,53 +87,53 @@ jobs:
   unit-tests:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - name: Fetch History
         run: git fetch --prune --unshallow
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
-      - name: Cache Go Dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go-
+#      - name: Cache Go Dependencies
+#        uses: actions/cache@v3
+#        with:
+#          path: ~/go/pkg/mod
+#          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+#          restore-keys: ${{ runner.os }}-go-
       - name: Run Unit Tests
         run: make test
       - name: Publish Unit Test Coverage
         # only publish result in openyurt repo
         if: github.repository == 'openyurtio/openyurt'
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4.5.0
         with:
           name: codecov-umbrella
           token: ${{ secrets.CODECOV_TOKEN }}
           flags: unittests
           files: ./cover.out,./yurttunnel-cover.out
+          version: v0.6.0
           fail_ci_if_error: true
           verbose: true
   e2e-tests:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
-      - uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go-
-
+#      - uses: actions/cache@v3
+#        with:
+#          path: ~/go/pkg/mod
+#          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+#          restore-keys: ${{ runner.os }}-go-
       - name: Install Required Commands
         run: |
-          go get sigs.k8s.io/kind@v0.12.0
-          curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.3/bin/linux/amd64/kubectl && sudo install kubectl /usr/local/bin/kubectl
+          go install sigs.k8s.io/kind@v0.22.0
+          curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.28.7/bin/linux/amd64/kubectl && sudo install kubectl /usr/local/bin/kubectl
       - name: Build Images
         run: make docker-build
       - name: Local Up Openyurt Cluster With Kind

.github/workflows/release.yaml → .github/workflows/registry.yaml

@@ -1,24 +1,25 @@
-name: Release
+name: Release Images
 
 on:
   push:
     tags:
       - "v*"
   schedule:
     # run at UTC 1:30 every day
-    - cron:  '30 1 * * *'
+    - cron: "30 1 * * *"
   workflow_dispatch: {}
 
 env:
   ALI_REGISTRY: registry.cn-hangzhou.aliyuncs.com/openyurt
+  GITHUB_REGISTRY: ghcr.io/openyurtio/openyurt
 
 jobs:
   docker-push:
     if: github.repository == 'openyurtio/openyurt'
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Get the version
@@ -31,9 +32,9 @@ jobs:
           echo ::set-output name=VERSION::${VERSION}
       - name: Install Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
@@ -44,7 +45,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Get the version
@@ -57,12 +58,39 @@ jobs:
           echo ::set-output name=VERSION::${VERSION}
       - name: Install Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.ALI_REGISTRY }}
           username: ${{ secrets.ALI_REGISTRY_USERNAME }}
           password: ${{ secrets.ALI_REGISTRY_PASSWORD }}
       - name: Release
-        run: make docker-push TARGET_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7 IMAGE_REPO=${{ env.ALI_REGISTRY }} IMAGE_TAG=${{ steps.get_version.outputs.VERSION }}
+        run: make docker-push TARGET_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7 IMAGE_REPO=${{ env.ALI_REGISTRY }} IMAGE_TAG=${{ steps.get_version.outputs.VERSION }}
+  docker-push-github-registry:
+    if: github.repository == 'openyurtio/openyurt'
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Get the version
+        id: get_version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
+            VERSION=latest
+          fi
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Install Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GITHUB_REGISTRY }}
+          username: ${{ secrets.GH_REGISTRY_USERNAME }}
+          password: ${{ secrets.GH_REGISTRY_PASSWORD }}
+      - name: Release
+        run: make docker-push TARGET_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7 IMAGE_REPO=${{ env.GITHUB_REGISTRY }} IMAGE_TAG=${{ steps.get_version.outputs.VERSION }}

.github/workflows/release-assets.yaml

@@ -0,0 +1,43 @@
+name: Release Assets
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  goreleaser:
+    if: github.repository == 'openyurtio/openyurt'
+    permissions:
+      contents: write
+      actions: read
+      checks: write
+      issues: read
+      packages: write
+      pull-requests: read
+      repository-projects: read
+      statuses: read
+    runs-on: ubuntu-22.04
+    name: goreleaser
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.21
+          cache: true
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: v1.25.1
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/rerun-failed-workflows.yaml

@@ -0,0 +1,69 @@
+name: Rerun Failed Workflows
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  rerun_failed_workflows:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check for Command and Access Level
+        id: check
+        uses: actions/[email protected]
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const issue = context.issue;
+            const username = context.payload.comment.user.login;
+            const regex = /\/rerun/g;
+            const comment = await github.rest.issues.getComment({
+              owner: issue.owner,
+              repo: issue.repo,
+              comment_id: context.payload.comment.id,
+            });
+
+            if (regex.test(comment.data.body)) {
+                const permissionLevel = await github.rest.repos.getCollaboratorPermissionLevel({
+                  owner: issue.owner,
+                  repo: issue.repo,
+                  username: username,
+                });
+
+                if (['admin', 'write', 'read'].includes(permissionLevel.data.permission)) {
+                  console.log(`User ${username} with permission ${permissionLevel.data.permission} has access to rerun failed workflows`);
+                  return true;
+                } else {
+                  console.log(`User ${username} with permission ${permissionLevel.data.permission} does not have access to rerun failed workflows`);
+                  return false;
+                }
+            } else {
+              return false;
+            }
+          result-encoding: string
+      - name: Fetch and rerun failed workflows
+        if: steps.check.outputs.result == 'true'
+        uses: actions/[email protected]
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const issue = context.issue;
+            const pull = await github.rest.pulls.get({
+              owner: issue.owner,
+              repo: issue.repo,
+              pull_number: issue.number,
+            });
+            const workflows = await github.rest.actions.listWorkflowRunsForRepo({
+              owner: issue.owner,
+              repo: issue.repo,
+              branch: pull.data.head.ref,
+              status: 'failure',
+            });
+            for (const run of workflows.data.workflow_runs) {
+              const result = await github.rest.actions.reRunWorkflowFailedJobs({
+                owner: issue.owner,
+                repo: issue.repo,
+                run_id: run.id,
+              });
+              console.log(`reRunWorkflowFailedJobs workflow ${JSON.stringify(run)} with response ${JSON.stringify(result)}`);
+            }