feat: add policygen kubectl plugin

.github/workflows/release.yaml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - id: meta
         name: Docker meta
@@ -51,7 +51,7 @@ jobs:
           images: |
             quay.io/3scale/soyuz
           tags: |
-              type=raw,value={{tag}}-ci
+            type=raw,value={{tag}}-ci
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3

.github/workflows/test.yaml

@@ -6,8 +6,8 @@ on:
       - main
 
 jobs:
-  docker:
-    runs-on: ubuntu-latest
+  image-build-test:
+    runs-on: ubuntu-24.04
     steps:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -20,9 +20,18 @@ jobs:
         with:
           file: Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: flalse
+          push: false
           tags: quay.io/3scale/soyuz:test
 
+  ci-image-build-test:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Build CI Image
         uses: docker/build-push-action@v6
         with:

Dockerfile

@@ -1,32 +1,49 @@
-FROM hashicorp/terraform:1.3.5 as terraform
+FROM hashicorp/terraform:1.3.5 AS terraform
 
-FROM amazon/aws-cli:2.8.13 as aws
+FROM amazon/aws-cli:2.8.13 AS aws
 
-FROM regclient/regctl:edge-alpine as regctl
+FROM regclient/regctl:edge-alpine AS regctl
 
-FROM golang:1.19.3-bullseye as go
+FROM golang:1.19.3-bullseye AS go
 
 RUN GO111MODULE=on go install -v -x -a github.com/raviqqe/liche@latest
 
-FROM gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.45.0 as git-init
+FROM gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.45.0 AS git-init
 
-FROM alpine:3.20 as gh
+FROM alpine:3.20 AS kubectl
+
+ENV VERSION="v1.32.0"
+ENV BINARY="/bin/kubectl"
+
+RUN if [ $(uname -m) == "aarch64" ]; then ARCH="arm64"; else ARCH="amd64"; fi; \
+  wget -q "https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCH}/kubectl" -O ${BINARY}
+
+FROM alpine:3.20 AS policygenerator
+
+ENV VERSION="v1.16.0"
+ENV REGISTRY="open-cluster-management-io/policy-generator-plugin"
+ENV BINARY="/bin/PolicyGenerator"
+
+RUN if [ $(uname -m) == "aarch64" ]; then ARCH="arm64"; else ARCH="amd64"; fi; \
+  wget -q "https://github.com/${REGISTRY}/releases/download/${VERSION}/linux-${ARCH}-PolicyGenerator" -O ${BINARY}
+
+FROM alpine:3.20 AS gh
 
 ENV GITHUB_CLI_VERSION=2.0.0
 RUN if [ $(uname -m) == "aarch64" ]; then ARCH=arm64; else ARCH=amd64; fi; \
   wget -O /tmp/gh.tgz https://github.com/cli/cli/releases/download/v${GITHUB_CLI_VERSION}/gh_${GITHUB_CLI_VERSION}_linux_${ARCH}.tar.gz && \
   tar --strip-components=2 --extract --file /tmp/gh.tgz \
   gh_${GITHUB_CLI_VERSION}_linux_${ARCH}/bin/gh && mv -v gh /bin/gh
 
-FROM alpine:3.20 as yq
+FROM alpine:3.20 AS yq
 
 ENV VERSION=v4.30.5
 RUN if [ $(uname -m) == "aarch64" ]; then ARCH=arm64; else ARCH=amd64; fi; \
   wget -O /tmp/yq.tgz  https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_${ARCH}.tar.gz  && \
   tar --extract --file /tmp/yq.tgz \
   ./yq_linux_${ARCH} && mv -v yq_linux_${ARCH} /bin/yq
 
-FROM alpine:3.20 as mysql
+FROM alpine:3.20 AS mysql
 
 RUN if [ $(uname -m) == "aarch64" ]; then ARCH=aarch64; else ARCH=x86_64; fi; \
   wget -O /tmp/mysql.tgz  https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-8.0.39-linux-glibc2.28-${ARCH}.tar.xz && \
@@ -37,7 +54,7 @@ RUN if [ $(uname -m) == "aarch64" ]; then ARCH=aarch64; else ARCH=x86_64; fi; \
 
 FROM debian:12.4-slim
 
-ENV DEBIAN_FRONTEND noninteractive
+ENV DEBIAN_FRONTEND="noninteractive"
 
 RUN apt-get update -yq && \
   DEBIAN_FRONTEND=noninteractive \
@@ -54,9 +71,9 @@ RUN \
   echo "LANG=en_US.UTF-8" >/etc/locale.conf && \
   locale-gen en_US.UTF-8
 
-ENV LANG "en_US.UTF-8"
-ENV LANGUAGE "en_US.UTF-8"
-ENV LC_ALL "en_US.UTF-8"
+ENV LANG="en_US.UTF-8"
+ENV LANGUAGE="en_US.UTF-8"
+ENV LC_ALL="en_US.UTF-8"
 
 COPY --from=mysql /bin/mysql /usr/local/bin
 COPY --from=mysql /bin/mysqldump /usr/local/bin
@@ -66,8 +83,8 @@ RUN gem install \
 
 COPY --from=aws /usr/local/aws-cli /usr/local/aws-cli
 
-ENV AWS_BIN /usr/local/aws-cli/v2/current/bin
-ENV PATH "$AWS_BIN:$PATH"
+ENV AWS_BIN="/usr/local/aws-cli/v2/current/bin"
+ENV PATH="$AWS_BIN:$PATH"
 
 COPY --from=git-init /ko-app/git-init /usr/local/bin
 
@@ -79,13 +96,15 @@ COPY --from=gh /bin/gh /usr/local/bin
 
 COPY --from=yq /bin/yq /usr/local/bin
 
-# ENV GO_BIN /go/bin
-# ENV PATH "$GO_BIN:$PATH"
+COPY --from=kubectl --chmod=775 /bin/kubectl /usr/local/bin
+
+ENV KUSTOMIZE_PLUGIN_HOME="/opt/kustomize/plugin"
 
-# COPY --from=go /go/bin $GO_BIN
+COPY --from=policygenerator --chmod=775 /bin/PolicyGenerator \
+  /opt/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator
 
-ENV BIN_3SCALE /opt/3scale/bin
-ENV PATH "$BIN_3SCALE:$PATH"
+ENV BIN_3SCALE="/opt/3scale/bin"
+ENV PATH="$BIN_3SCALE:$PATH"
 
 ADD bin/ $BIN_3SCALE
 RUN chmod -R 0755 $BIN_3SCALE

Dockerfile-ci

@@ -1,24 +1,41 @@
-FROM hashicorp/terraform:1.3.5 as terraform
+FROM hashicorp/terraform:1.3.5 AS terraform
 
-FROM regclient/regctl:edge-alpine as regctl
+FROM regclient/regctl:edge-alpine AS regctl
 
-FROM golang:1.19.3-alpine as go
+FROM golang:1.19.3-alpine AS go
 
 RUN apk add --update git
 
 RUN GO111MODULE=on go install github.com/raviqqe/liche@latest
 
-FROM gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.45.0 as git-init
+FROM gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.45.0 AS git-init
 
-FROM alpine:3.20 as gh
+FROM alpine:3.20 AS kubectl
+
+ENV VERSION="v1.32.0"
+ENV BINARY="/bin/kubectl"
+
+RUN if [ $(uname -m) == "aarch64" ]; then ARCH="arm64"; else ARCH="amd64"; fi; \
+  wget -q "https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCH}/kubectl" -O ${BINARY}
+
+FROM alpine:3.20 AS policygenerator
+
+ENV VERSION="v1.16.0"
+ENV REGISTRY="open-cluster-management-io/policy-generator-plugin"
+ENV BINARY="/bin/PolicyGenerator"
+
+RUN if [ $(uname -m) == "aarch64" ]; then ARCH="arm64"; else ARCH="amd64"; fi; \
+  wget -q "https://github.com/${REGISTRY}/releases/download/${VERSION}/linux-${ARCH}-PolicyGenerator" -O ${BINARY}
+
+FROM alpine:3.20 AS gh
 
 ENV GITHUB_CLI_VERSION=2.0.0
 RUN if [ $(uname -m) == "aarch64" ]; then ARCH=arm64; else ARCH=amd64; fi; \
   wget -O /tmp/gh.tgz https://github.com/cli/cli/releases/download/v${GITHUB_CLI_VERSION}/gh_${GITHUB_CLI_VERSION}_linux_${ARCH}.tar.gz && \
   tar --strip-components=2 --extract --file /tmp/gh.tgz \
   gh_${GITHUB_CLI_VERSION}_linux_${ARCH}/bin/gh && mv -v gh /bin/gh
 
-FROM alpine:3.20 as yq
+FROM alpine:3.20 AS yq
 
 ENV VERSION=v4.30.5
 RUN if [ $(uname -m) == "aarch64" ]; then ARCH=arm64; else ARCH=amd64; fi; \
@@ -45,13 +62,20 @@ COPY --from=gh  /bin/gh /usr/local/bin
 
 COPY --from=yq  /bin/yq /usr/local/bin
 
-ENV GO_BIN /go/bin
-ENV PATH "$GO_BIN:$PATH"
+COPY --from=kubectl --chmod=775 /bin/kubectl /usr/local/bin
+
+ENV KUSTOMIZE_PLUGIN_HOME="/opt/kustomize/plugin"
+
+COPY --from=policygenerator --chmod=775 /bin/PolicyGenerator \
+  /opt/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator
+
+ENV GO_BIN="/go/bin"
+ENV PATH="$GO_BIN:$PATH"
 
 COPY --from=go /go/bin $GO_BIN
 
-ENV BIN_3SCALE /opt/3scale/bin
-ENV PATH "$BIN_3SCALE:$PATH"
+ENV BIN_3SCALE="/opt/3scale/bin"
+ENV PATH="$BIN_3SCALE:$PATH"
 
 ADD bin/ $BIN_3SCALE
 RUN chmod -R 0755 $BIN_3SCALE

Makefile

@@ -1,7 +1,7 @@
 
 .PHONY: help
 
-TAG	?= 4.5.3
+TAG	?= 4.5.4
 CI_TAG ?= ci
 HUB	?= quay.io/3scale
 IMAGE	?= quay.io/3scale/soyuz