diff --git a/Makefile b/Makefile index 2d52d79..3cc989f 100755 --- a/Makefile +++ b/Makefile @@ -1,14 +1,14 @@ # The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to # the build folder. # renovate: datasource=github-tags depName=defenseunicorns/zarf -ZARF_VERSION := v0.29.2 +ZARF_VERSION := v0.31.2 # The version of the build harness container to use BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness # renovate: datasource=docker depName=ghcr.io/defenseunicorns/build-harness/build-harness -BUILD_HARNESS_VERSION := 1.10.2 +BUILD_HARNESS_VERSION := 1.14.2 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/packages/dubbd-k3d extractVersion=^(?\d+\.\d+\.\d+) -DUBBD_K3D_VERSION := 0.9.0 +DUBBD_K3D_VERSION := 0.13.0 # Figure out which Zarf binary we should use based on the operating system we are on ZARF_BIN := zarf @@ -89,8 +89,6 @@ test: ## Run all automated tests. Requires access to an AWS account. Costs money -e GIT_BRANCH \ -e REGISTRY1_USERNAME \ -e REGISTRY1_PASSWORD \ - -e GHCR_USERNAME \ - -e GHCR_PASSWORD \ -e AWS_REGION \ -e AWS_DEFAULT_REGION \ -e AWS_ACCESS_KEY_ID \ diff --git a/README.md b/README.md index 9a79787..b64b541 100644 --- a/README.md +++ b/README.md @@ -68,5 +68,5 @@ zarf-packages: # Nexus - name: nexus repository: ghcr.io/defenseunicorns/uds-capability/nexus - ref: 0.0.2 + ref: x.x.x ``` \ No newline at end of file diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md index bb94b0e..89a249a 100644 --- a/docs/DEVELOPMENT_MAINTENANCE.md +++ b/docs/DEVELOPMENT_MAINTENANCE.md @@ -11,7 +11,7 @@ To upgrade 1) Update any base values if necessary. 1) Update the `nexus` component in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart. -## How to test this capability +## How to test this capability on your own cluster 1) With docker running and while connected to an aws account. 2) Set these env variables. @@ -20,11 +20,41 @@ export REPO_URL=https://github.com/defenseunicorns/uds-capability-nexus.git export GIT_BRANCH= export REGISTRY1_USERNAME= export REGISTRY1_PASSWORD= -export GHCR_USERNAME= -export GHCR_PASSWORD= export AWS_AVAILABILITY_ZONE=a ``` 3) At the root of this repository, you can run `make test`. This will provision an ec2 instance, build and deploy all dependencies and packages, and run an e2e test to insure the capability is deploying successfully, available and ready. -You can also follow the bread crumbs of the Makefile to manually create the cluster as well as build and deploy all the necessary packages. \ No newline at end of file +You can also follow the bread crumbs of the Makefile to manually create the cluster as well as build and deploy all the necessary packages. + +## How to manually trigger e2e tests in a github PR + +This project uses [slash command dispatch](https://github.com/peter-evans/slash-command-dispatch). To use this, add a comment in your PR that says `/test all`. This will trigger the e2e tests for this repo. + +## Auto e2e tests + +This project will automatically run e2e tests on pushes to `main` + +## Creating Releases + +This project uses [release-please-action](https://github.com/google-github-actions/release-please-action) for versioning and releasing OCI packages. + +### How should I write my commits? + +Release Please assumes you are using [Conventional Commit messages](https://www.conventionalcommits.org/). + +The most important prefixes you should have in mind are: + +- `fix:` which represents bug fixes, and correlates to a [SemVer](https://semver.org/) + patch. +- `feat:` which represents a new feature, and correlates to a SemVer minor. +- `feat!:`, or `fix!:`, `refactor!:`, etc., which represent a breaking change + (indicated by the `!`) and will result in a SemVer major. + +When changes are merged to the `main` branch, the Release Please will evaluate all commits since the previous release to calculate what changes are included and will create another PR to increase the version and tag a new release (per the Release Please design [documentation](https://github.com/googleapis/release-please/blob/main/docs/design.md#lifecycle-of-a-release)). This will also automatically generate changelog entries based on these commits. + +> TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump. +When the auto generated Release Please PR is merged the following steps will automatically happen. +1) A new release will be created and tagged +1) An e2e test will be triggered +1) If e2e passes, a new capability artifact will be published to the OCI registry diff --git a/test/e2e/utils/utils.go b/test/e2e/utils/utils.go index 40ff9e4..be1e4bc 100644 --- a/test/e2e/utils/utils.go +++ b/test/e2e/utils/utils.go @@ -35,10 +35,6 @@ func SetupTestPlatform(t *testing.T, platform *types.TestPlatform) { //nolint:fu require.NoError(t, err) registry1Password, err := getEnvVar("REGISTRY1_PASSWORD") require.NoError(t, err) - ghcrUsername, err := getEnvVar("GHCR_USERNAME") - require.NoError(t, err) - ghcrPassword, err := getEnvVar("GHCR_PASSWORD") - require.NoError(t, err) awsAvailabilityZone := getAwsAvailabilityZone(awsRegion) namespace := "uds-capability" stage := "terratest" @@ -120,10 +116,6 @@ func SetupTestPlatform(t *testing.T, platform *types.TestPlatform) { //nolint:fu output, err = platform.RunSSHCommandAsSudo(fmt.Sprintf(`~/app/build/zarf tools registry login registry1.dso.mil -u %v -p %v`, registry1Username, registry1Password)) require.NoError(t, err, output) - // Log into ghcr.io - output, err = platform.RunSSHCommandAsSudo(fmt.Sprintf(`~/app/build/zarf tools registry login ghcr.io -u %v -p %v`, ghcrUsername, ghcrPassword)) - require.NoError(t, err, output) - // Create cluster build and deploy output, err = platform.RunSSHCommandAsSudo(`cd ~/app && make all`) require.NoError(t, err, output) diff --git a/utils/pkg-deps/nexus/postgres/peerauth.yaml b/utils/pkg-deps/nexus/postgres/peerauth.yaml new file mode 100644 index 0000000..2a5452a --- /dev/null +++ b/utils/pkg-deps/nexus/postgres/peerauth.yaml @@ -0,0 +1,8 @@ +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: db-istio-exceptions + namespace: nexus-db +spec: + mtls: + mode: PERMISSIVE diff --git a/utils/pkg-deps/nexus/postgres/zarf.yaml b/utils/pkg-deps/nexus/postgres/zarf.yaml index af7c971..6f0f5c4 100644 --- a/utils/pkg-deps/nexus/postgres/zarf.yaml +++ b/utils/pkg-deps/nexus/postgres/zarf.yaml @@ -13,6 +13,12 @@ components: files: - policy-exceptions/externalName.yaml - policy-exceptions/registry.yaml + - name: db-istio-exceptions + required: true + manifests: + - name: istio-exceptions + files: + - "peerauth.yaml" - name: postgres required: true charts: diff --git a/zarf.yaml b/zarf.yaml index c39dee2..6a3cd30 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -3,7 +3,9 @@ kind: ZarfPackageConfig metadata: name: nexus description: "UDS nexus capability deployed via flux" + # x-release-please-start-version version: "0.0.4" + # x-release-please-end architecture: amd64 variables: