-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Redesign of C2P for pipeline use case (#3)
* update k8s library version Signed-off-by: Takumi Yanagawa <[email protected]> * decomposer outputs should contain only successfully decomposed policies Signed-off-by: Takumi Yanagawa <[email protected]> * refactor Signed-off-by: Takumi Yanagawa <[email protected]> * decomposed resources include policy-generator manifest Signed-off-by: Takumi Yanagawa <[email protected]> * reuse policy-generator manifest generated at decomposition Signed-off-by: Takumi Yanagawa <[email protected]> * composer takes OSCAL Signed-off-by: Takumi Yanagawa <[email protected]> * composer generates policySet Signed-off-by: Takumi Yanagawa <[email protected]> * composer takes c2pcr Signed-off-by: Takumi Yanagawa <[email protected]> * refactor Signed-off-by: Takumi Yanagawa <[email protected]> * add templatized parameter filling Signed-off-by: Takumi Yanagawa <[email protected]> * add default namespace selector Signed-off-by: Takumi Yanagawa <[email protected]> * refactor Signed-off-by: Takumi Yanagawa <[email protected]> * use kustomize type provided by sigs.k8s.io Signed-off-by: Takumi Yanagawa <[email protected]> * add component-title annotation Signed-off-by: Takumi Yanagawa <[email protected]> * add reporter Signed-off-by: Takumi Yanagawa <[email protected]> * add placement_type and helpers Signed-off-by: Takumi Yanagawa <[email protected]> * convert policy to policy report Signed-off-by: Takumi Yanagawa <[email protected]> * compliance-report from policy reports Signed-off-by: Takumi Yanagawa <[email protected]> * do not ommit the InformGatekeeper/KyvernoPolicies field Signed-off-by: Takumi Yanagawa <[email protected]> * refactor Signed-off-by: Takumi Yanagawa <[email protected]> * create c2pcli Signed-off-by: Takumi Yanagawa <[email protected]> * enable gorelease Signed-off-by: Takumi Yanagawa <[email protected]> * move policyResultDir parameter to c2pcr Signed-off-by: Takumi Yanagawa <[email protected]> * generate reports as default Signed-off-by: Takumi Yanagawa <[email protected]> * add metadata to compliance report Signed-off-by: Takumi Yanagawa <[email protected]> * add scripts Signed-off-by: Takumi Yanagawa <[email protected]> * fix Signed-off-by: Takumi Yanagawa <[email protected]> * separate generated OCM manifests and policy generator sources Signed-off-by: Takumi Yanagawa <[email protected]> * fix NPE when unable to get statuses Signed-off-by: Takumi Yanagawa <[email protected]> * add scripts for setting up argocd Signed-off-by: Takumi Yanagawa <[email protected]> * ocm status collector Signed-off-by: Takumi Yanagawa <[email protected]> * fix Signed-off-by: Takumi Yanagawa <[email protected]> * generate md file Signed-off-by: Takumi Yanagawa <[email protected]> * fix Signed-off-by: Takumi Yanagawa <[email protected]> * add report-utils Signed-off-by: Takumi Yanagawa <[email protected]> * use OCM gitops Signed-off-by: Takumi Yanagawa <[email protected]> * remove the dependency on hub namepsace from Reporter Signed-off-by: Takumi Yanagawa <[email protected]> * allow to use PolicyGenerator with empty namespace in PolicyDefaults Signed-off-by: Takumi Yanagawa <[email protected]> * upsate collector script Signed-off-by: Takumi Yanagawa <[email protected]> --------- Signed-off-by: Takumi Yanagawa <[email protected]>
- Loading branch information
Showing
159 changed files
with
225,152 additions
and
865 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# This workflow uses actions that are not certified by GitHub. | ||
# They are provided by a third-party and are governed by | ||
# separate terms of service, privacy policy, and support | ||
# documentation. | ||
|
||
# GitHub recommends pinning actions to a commit SHA. | ||
# To get a newer version, you will need to update the SHA. | ||
# You can also reference a tag or branch, but the action may change without warning. | ||
|
||
name: Create and publish a Docker image | ||
|
||
on: | ||
push: | ||
tags: | ||
- 'v*.*.*' | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }}-ocm-status-collector | ||
|
||
jobs: | ||
build-and-push-image: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v1 | ||
# https://github.com/docker/setup-buildx-action | ||
- name: Set up Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@v1 | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | ||
with: | ||
context: ./scripts/docker | ||
platforms: linux/amd64,linux/arm64 | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
name: goreleaser | ||
|
||
on: | ||
push: | ||
tags: | ||
- 'v*' | ||
paths: | ||
- .github/workflows/goreleaser.yml | ||
- .goreleaser.yaml | ||
|
||
permissions: | ||
contents: write | ||
packages: write | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
ARCHS: linux/amd64,linux/arm64 | ||
|
||
jobs: | ||
goreleaser: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
- uses: actions/setup-go@v4 | ||
with: | ||
go-version: v1.19 | ||
- name: Set env | ||
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | ||
- name: Delete non-semver tags | ||
run: 'git tag -d $(git tag -l | grep -v "^v")' | ||
- name: Set LDFLAGS | ||
run: echo LDFLAGS="$(make ldflags)" >> $GITHUB_ENV | ||
- name: Run GoReleaser on tag | ||
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | ||
uses: goreleaser/goreleaser-action@v4 | ||
with: | ||
distribution: goreleaser | ||
version: latest | ||
args: release --timeout 60m | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Run GoReleaser on push without tag | ||
if: github.event_name == 'push' && !contains(github.ref, 'refs/tags/') | ||
uses: goreleaser/goreleaser-action@v4 | ||
with: | ||
distribution: goreleaser | ||
version: latest | ||
args: release --timeout 60m --snapshot --clean | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,6 +30,9 @@ Dockerfile.cross | |
.vscode | ||
.idea | ||
|
||
# Output of gorelease | ||
dist | ||
|
||
# ignore output by test | ||
/**/_test | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# .goreleaser.yaml | ||
builds: | ||
- id: c2pcli | ||
main: ./cmd/c2pcli | ||
binary: c2pcli | ||
goos: | ||
- linux | ||
- darwin | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
ignore: | ||
- goos: linux | ||
goarch: arm64 | ||
|
||
release: | ||
disable: false | ||
skip_upload: false | ||
github: | ||
owner: yana1205 | ||
name: compliance-to-policy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
/* | ||
Copyright 2023 IBM Corporation | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package cmd | ||
|
||
import ( | ||
"github.com/spf13/cobra" | ||
|
||
"github.com/IBM/compliance-to-policy/cmd/c2pcli/options" | ||
composecmd "github.com/IBM/compliance-to-policy/cmd/compose/cmd" | ||
reportutilscmd "github.com/IBM/compliance-to-policy/cmd/report-utils/cmd" | ||
reportcmd "github.com/IBM/compliance-to-policy/cmd/report/cmd" | ||
) | ||
|
||
func New() *cobra.Command { | ||
opts := options.NewOptions() | ||
|
||
command := &cobra.Command{ | ||
Use: "c2pcli", | ||
Short: "C2P CLI", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if err := opts.Complete(); err != nil { | ||
return err | ||
} | ||
|
||
if err := opts.Validate(); err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
} | ||
|
||
opts.AddFlags(command.Flags()) | ||
|
||
command.AddCommand(composecmd.New()) | ||
command.AddCommand(reportcmd.New()) | ||
command.AddCommand(reportutilscmd.New()) | ||
|
||
return command | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/* | ||
Copyright 2023 IBM Corporation | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package main | ||
|
||
import ( | ||
"os" | ||
|
||
"github.com/IBM/compliance-to-policy/cmd/c2pcli/cmd" | ||
) | ||
|
||
func main() { | ||
err := cmd.New().Execute() | ||
if err != nil { | ||
os.Exit(1) | ||
} | ||
} |
Oops, something went wrong.