Merge branch 'dev'

.circleci/config.yml

@@ -7,6 +7,7 @@ orbs:
   retry: kimh/run-with-retry@1.0.0
   queue: eddiewebb/queue@2.2.1
   snyk: snyk/snyk@2.0.2
+  slack: circleci/slack@3.4.2
 
 executors:
   machine-medium:
@@ -36,6 +37,33 @@ filter-for-tags: &filter-for-tags
       ignore: /.*/
 
 commands:
+  notify-slack:
+    description: Notify failures via Slack
+    parameters:
+      fail_only:
+        type: boolean
+        default: true
+      only_for_branches:
+        type: string
+      success_message:
+        type: string
+        default: ':tada: A $CIRCLE_JOB job has succeeded!'
+      failure_message:
+        type: string
+        default: ':red_circle: A $CIRCLE_JOB job has failed!'
+      channel:
+        type: string
+        default: eng-chatter
+    steps:
+      - slack/status:
+          webhook: ${SLACK_ENG_CHATTER}
+          channel: << parameters.channel >>
+          include_job_number_field: false
+          include_project_field: false
+          fail_only: << parameters.fail_only >>
+          success_message: << parameters.success_message >>
+          failure_message: << parameters.failure_message >>
+          only_for_branches: << parameters.only_for_branches >>
   docker_login:
     steps:
       - run:
@@ -136,10 +164,18 @@ jobs:
           paths:
             - .
 
-  go-dependencies-vulnerability-scan:
+  kratix-security-scan:
     executor: machine-medium
+    environment:
+      KRATIX_IMAGE_NAME: syntasso/kratix-platform
+      WORKER_IMAGE_NAME: syntasso/kratix-platform-pipeline-adapter
     steps:
-      - install_software
+      - snyk/scan:
+          severity-threshold: high
+          docker-image-name: $KRATIX_IMAGE_NAME:latest
+      - snyk/scan:
+          severity-threshold: high
+          docker-image-name: $WORKER_IMAGE_NAME:latest
       - run:
           name: install govulncheck
           command: |
@@ -149,21 +185,9 @@ jobs:
           name: run check
           command: govulncheck ./...
       - snyk/scan:
-          severity-threshold: medium
-
-  kratix-containers-vulnerability-scan:
-    executor: machine-medium
-    environment:
-      KRATIX_IMAGE_NAME: syntasso/kratix-platform
-      WORKER_IMAGE_NAME: syntasso/kratix-platform-pipeline-adapter
-    steps:
-      - snyk/scan:
-          severity-threshold: medium
-          docker-image-name: $KRATIX_IMAGE_NAME:latest
-      - snyk/scan:
-          severity-threshold: medium
-          docker-image-name: $WORKER_IMAGE_NAME:latest
-
+          severity-threshold: high
+      - notify-slack:
+          only_for_branches: "main"
   test:
     executor: machine-xlarge
     steps:
@@ -383,16 +407,16 @@ workflows:
       - clone-helm-charts
       - test:
           requires: [clone-kratix, clone-helm-charts]
-      - e2e-demo-test-helm-bucket:
-          requires: [clone-kratix, clone-helm-charts]
-      - e2e-demo-test-helm-git:
-          requires: [clone-kratix, clone-helm-charts]
+      # - e2e-demo-test-helm-bucket:
+      #     requires: [clone-kratix, clone-helm-charts]
+      # - e2e-demo-test-helm-git:
+      #     requires: [clone-kratix, clone-helm-charts]
       ### ONLY DEV
       - git-merge-and-push:
           requires:
             - test
-            - e2e-demo-test-helm-git
-            - e2e-demo-test-helm-bucket
+            # - e2e-demo-test-helm-git
+            # - e2e-demo-test-helm-bucket
           filters:
             branches:
               only: dev
@@ -401,8 +425,8 @@ workflows:
       - tag-new-version:
           requires:
             - test
-            - e2e-demo-test-helm-git
-            - e2e-demo-test-helm-bucket
+            # - e2e-demo-test-helm-git
+            # - e2e-demo-test-helm-bucket
           filters:
             branches:
               only: main
@@ -453,6 +477,6 @@ workflows:
               only: [main]
     jobs:
       - clone-kratix
-      - go-dependencies-vulnerability-scan:
+      - kratix-security-scan:
           requires: [clone-kratix]
-      - kratix-containers-vulnerability-scan
+

Makefile

@@ -216,6 +216,14 @@ build-and-load-bash: # Build and load all test pipeline images
 	kind load docker-image syntassodev/bash-promise:v1alpha1 --name platform
 	kind load docker-image syntassodev/bash-promise:v1alpha2 --name platform
 
+build-and-push-bash:
+	docker buildx build --builder kratix-image-builder --push --platform linux/arm64,linux/amd64 --tag syntassodev/bash-promise-test-c0:dev ./test/system/assets/bash-promise --build-arg CONTAINER_INDEX=0
+	docker buildx build --builder kratix-image-builder --push --platform linux/arm64,linux/amd64 --tag syntassodev/bash-promise-test-c1:dev ./test/system/assets/bash-promise --build-arg CONTAINER_INDEX=1
+	docker buildx build --builder kratix-image-builder --push --platform linux/arm64,linux/amd64 --tag syntassodev/bash-promise-test-c2:dev ./test/system/assets/bash-promise --build-arg CONTAINER_INDEX=2
+	docker buildx build --builder kratix-image-builder --push --platform linux/arm64,linux/amd64 --tag syntassodev/bash-promise:v1alpha1 -f ./test/system/assets/bash-promise/Dockerfile.promise ./test/system/assets/bash-promise --build-arg VERSION="v1alpha1"
+	docker buildx build --builder kratix-image-builder --push --platform linux/arm64,linux/amd64 --tag syntassodev/bash-promise:v1alpha2 -f ./test/system/assets/bash-promise/Dockerfile.promise ./test/system/assets/bash-promise --build-arg VERSION="v1alpha2"
+
+
 ##@ Deprecated: will be deleted soon
 
 # build-and-reload-kratix is deprecated in favor of build-and-load-kratix

hack/kratix-promise-release-test-hoster-image/Dockerfile

@@ -0,0 +1,22 @@
+FROM --platform=${TARGETPLATFORM} golang:1.21 as builder
+ARG TARGETARCH
+ARG TARGETOS
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY * /workspace/
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Build work-creator binary
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -a main.go
+
+FROM --platform=${TARGETPLATFORM} alpine
+# Use rancher/kubectl to get ./kubeconfig
+WORKDIR /
+
+COPY --from=builder /workspace/main ./server
+
+
+ENTRYPOINT ["/server"]

hack/kratix-promise-release-test-hoster-image/build_and_push.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+export IMG="syntassodev/kratix-promise-release-test-hoster:v0.0.2"
+
+if ! docker buildx ls | grep -q "kratix-image-builder"; then \
+	docker buildx create --name kratix-image-builder; \
+fi;
+
+docker buildx build --builder kratix-image-builder --push --platform linux/arm64,linux/amd64 -t ${IMG} .
+

hack/kratix-promise-release-test-hoster-image/deployment.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    kratix-promise-release: pod
+  name: kratix-promise-release-test-hoster
+  namespace: kratix-platform-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      kratix-promise-release: pod
+  template:
+    metadata:
+      labels:
+        kratix-promise-release: pod
+    spec:
+      containers:
+      - image: syntassodev/kratix-promise-release-test-hoster:v0.0.2
+        name: test
+        resources: {}
+        env:
+        - name: PROMISE_ENCODED
+          value: "REPLACEME"
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kratix-promise-release-test-hoster
+  namespace: kratix-platform-system
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    kratix-promise-release: pod
+  sessionAffinity: None
+  type: ClusterIP

hack/kratix-promise-release-test-hoster-image/go.mod

@@ -0,0 +1,8 @@
+module github.com/syntasso/kratix/kratix-promise-release-test-hoster-image
+
+go 1.21.6
+
+require (
+	github.com/gorilla/mux v1.8.1
+	sigs.k8s.io/yaml v1.4.0
+)

hack/kratix-promise-release-test-hoster-image/go.sum

@@ -0,0 +1,8 @@
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

hack/kratix-promise-release-test-hoster-image/main.go

@@ -0,0 +1,36 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+
+	gohttp "net/http"
+
+	"encoding/base64"
+
+	"github.com/gorilla/mux"
+)
+
+func main() {
+	router := mux.NewRouter()
+	router.HandleFunc("/promise/{name}", func(w gohttp.ResponseWriter, r *gohttp.Request) {
+		vars := mux.Vars(r)
+		name := vars["name"]
+		fmt.Println("fetching promise: " + name)
+		promiseContent, err := base64.StdEncoding.DecodeString(os.Getenv(name))
+		if err != nil {
+			panic(err)
+		}
+		w.Write([]byte(promiseContent))
+	}).Methods("GET")
+
+	srv := &gohttp.Server{
+		Addr:    ":8080",
+		Handler: router,
+	}
+
+	if err := srv.ListenAndServe(); err != nil && err != gohttp.ErrServerClosed {
+		log.Fatalf("listen: %s\n", err)
+	}
+}

lib/writers/git.go

@@ -2,7 +2,7 @@ package writers
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"strings"
@@ -222,7 +222,17 @@ func (g *GitWriter) RemoveObject(filePath string) error {
 		}
 		logger.Info("successfully deleted file from worktree")
 	} else {
-		logger.Info("file does not exist on worktree, nothing to delete")
+		// Added for debugging purposes to help with bug #186921254
+		files := []string{}
+		walkFunc := func(s string, d fs.DirEntry, err error) error {
+			if err != nil {
+				return nil
+			}
+			files = append(files, s)
+			return nil
+		}
+		filepath.WalkDir(localTmpDir, walkFunc)
+		logger.Info("file does not exist on worktree, nothing to delete", "lstatErr", err, "allFiles", files)
 		return nil
 	}
 
@@ -295,7 +305,7 @@ func (g *GitWriter) commitAndPush(repo *git.Repository, worktree *git.Worktree,
 
 func createLocalDirectory(logger logr.Logger) (string, error) {
 	logger.Info("creating local directory")
-	dir, err := ioutil.TempDir("", "kratix-repo")
+	dir, err := os.MkdirTemp("", "kratix-repo")
 	if err != nil {
 		return "", err
 	}

test/system/assets/bash-promise/deployment.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    kratix-promise-release: pod
+  name: kratix-promise-release-test-hoster
+  namespace: kratix-platform-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      kratix-promise-release: pod
+  template:
+    metadata:
+      labels:
+        kratix-promise-release: pod
+    spec:
+      containers:
+      - image: syntassodev/kratix-promise-release-test-hoster:v0.0.2
+        name: test
+        resources: {}
+        env:
+        - name: PROMISE_ENCODED
+          value: "REPLACEME"
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kratix-promise-release-test-hoster
+  namespace: kratix-platform-system
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    kratix-promise-release: pod
+  sessionAffinity: None
+  type: ClusterIP

test/system/assets/bash-promise/promise-release.yaml

@@ -6,4 +6,4 @@ spec:
   version: v1.0.0
   sourceRef:
     type: http
-    url: http://LOCALHOST:REPLACEPORT/promise
+    url: REPLACEURL