Merge remote-tracking branch 'upstream/HEAD' into git-ctf

# Conflicts: # go.sum
open-component-model · Dec 16, 2024 · bfe7443 · bfe7443
2 parents e5d7e85 + b41f962
commit bfe7443
Show file tree

Hide file tree

Showing 34 changed files with 360 additions and 320 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -22,6 +22,7 @@ bin
 /hack
 /LICENSES
 /local
+/gen
 
 /pkg/test*
 
@@ -35,3 +36,4 @@ bin
 
 !go.*
 !**/*.go
+!.git
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -3,6 +3,10 @@
 # will be requested for review when someone opens a pull request.
 *       @open-component-model/Maintainers
 
+# Changes on repository settings require admin permissions
+/.github/settings.yml   @open-component-model/admins
+/.github/CODEOWNERS     @open-component-model/admins
+
 # Owners for specific directories
 #/docs/  @<org>/<team>
 #/src/   @<org>/<team>

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,7 +1,7 @@
 ---
 name: Bug Report
 about: Report a bug
-labels: kind/bug
+labels: kind/bugfix
 ---
 
 <!-- markdownlint-disable MD041 -->

diff --git a/.github/ISSUE_TEMPLATE/enhancement_request.md b/.github/ISSUE_TEMPLATE/enhancement_request.md
@@ -1,7 +1,7 @@
 ---
 name: Enhancement Request
 about: Suggest an enhancement
-labels: kind/enhancement
+labels: kind/feature
 ---
 
 <!-- markdownlint-disable MD041 -->

diff --git a/.github/ISSUE_TEMPLATE/user_story.md b/.github/ISSUE_TEMPLATE/user_story.md
@@ -1,7 +1,7 @@
 ---
 name: User Story
 about: User Story
-labels:
+labels: kind/feature
 title: <User Story> - Title
 ---
 

diff --git a/.github/config/labeler.yml b/.github/config/labeler.yml
@@ -1,9 +1,27 @@
 # see https://github.com/actions/labeler?tab=readme-ov-file#match-object to configure correctly
-dependencies:
+kind/dependency:
 - any:
   - head-branch: 'dependencies/*'
   - head-branch: 'dependabot/*'
-github-actions:
+  - changed-files:
+    - any-glob-to-any-file: ['go.mod', 'go.sum']
+component/github-actions:
+- any:
+  - changed-files:
+    - any-glob-to-any-file: ['.github/**']
+area/documentation:
+- any:
+  - changed-files:
+    - any-glob-to-any-file: ['docs/**', 'examples/**']
+component/ocm-cli:
+- any:
+  - changed-files:
+    - any-glob-to-any-file: ['components/ocmcli/**', 'cmds/ocm/**']
+component/ocm-spec:
+- any:
+  - changed-files:
+    - any-glob-to-any-file: ['resources/**']
+kind/skip-release-notes:
 - any:
   - changed-files:
-    - any-glob-to-any-file: ['.github/**']
+    - any-glob-to-any-file: ['flake.lock', 'flake.nix']
diff --git a/.github/config/release.yml b/.github/config/release.yml
@@ -1,28 +1,30 @@
 changelog:
+  # ../workflows/pull_request.yaml#verify-labels one_of: kind/chore,kind/bugfix,kind/feature,kind/dependency,kind/refactor
   exclude:
     labels:
     - 'kind/skip-release-notes'
-    - 'wontfix'
-    - 'triage/wont-fix'
-    - 'triage/invalid'
+    - 'dev/wont-fix'
+    - 'dev/cant-reproduce'
+  # if an issue matches more than one category, the first one in the list will be used
+  # Example:
+  # Labels: kind/chore, kind/dependency => Category: Dependencies
   categories:
-    - title: '‼️ Breaking Changes'
-      labels:
-        - 'breaking-change'
-    - title: '🚀 Features'
-      labels:
-        - 'kind/enhancement'
-        - 'feature'
-        - 'enhancement'
-    - title: '🐛 Bug Fixes'
-      labels:
-        - 'kind/bug'
-        - 'fix'
-        - 'bugfix'
-        - 'bug'
-    - title: '🧰 Maintenance'
-      labels:
-        - 'chore'
-    - title: '⬆️ Dependencies'
-      labels:
-        - 'dependencies'
+  - title: '‼️ Breaking Changes'
+    labels:
+    - '!BREAKING-CHANGE!'
+  - title: '🚀 Features'
+    labels:
+    - 'kind/feature'
+  - title: '🐛 Bug Fixes'
+    labels:
+    - 'kind/bugfix'
+  - title: '⬆️ Dependencies'
+    labels:
+      - 'kind/dependency'
+  - title: '🧰 Maintenance'
+    labels:
+    - 'kind/chore'
+    - 'kind/refactor'
+  - title: 'Other Changes'
+    labels:
+      - "*"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -11,6 +11,11 @@ updates:
     schedule:
       interval: "weekly"
       day: "sunday"
+    labels:
+      - kind/dependency
+      - kind/chore
+      - kind/skip-release-notes
+      - component/github-actions
   - package-ecosystem: "gomod"
     directory: "/"
     groups:
@@ -19,3 +24,14 @@ updates:
     schedule:
       interval: "weekly"
       day: "sunday"
+    labels:
+      - kind/dependency
+      - kind/chore
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+    labels:
+      - kind/dependency
+      - kind/chore
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -0,0 +1,8 @@
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+
+# see: https://github.com/open-component-model/.github/blob/main/.github/settings.yml
+_extends: .github
+
+labels:
+- name: repo/ocm
+  color: bfd4f2
diff --git a/.github/workflows/components.yaml b/.github/workflows/components.yaml
@@ -33,6 +33,8 @@ env:
   components: '["ocmcli", "helminstaller", "helmdemo", "subchartsdemo", "ecrplugin"]'
   IMAGE_PLATFORMS: 'linux/amd64 linux/arm64'
   PLATFORMS: 'windows/amd64 darwin/arm64 darwin/amd64 linux/amd64 linux/arm64'
+  BUILDX_CACHE_PUSH: false
+  BUILDX_CACHE_REF_BASE: ghcr.io/${{ github.repository }}/buildx-cache
 
 jobs:
   define-matrix:
@@ -66,6 +68,14 @@ jobs:
         with:
           go-version-file: '${{ github.workspace }}/go.mod'
           cache: false
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Get go environment for use with cache
         run: |
           echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
@@ -95,6 +105,8 @@ jobs:
           VERSION=${{ inputs.version }} \
           PLATFORMS="${{ env.PLATFORMS }}" \
           IMAGE_PLATFORMS="${{ env.IMAGE_PLATFORMS }}" \
+          BUILDX_CACHE_REF=${{ env.BUILDX_CACHE_REF_BASE }}:${{ matrix.component }} \
+          BUILDX_CACHE_PUSH=${{ env.BUILDX_CACHE_PUSH }} \
           make \
             ctf descriptor describe
       - name: Upload CTF

diff --git a/.github/workflows/flake_vendorhash.yaml b/.github/workflows/flake_vendorhash.yaml
@@ -59,6 +59,6 @@ jobs:
           sign-commits: true
           labels: |
             kind/skip-release-notes
-            chore
+            kind/chore
           body: |
             Update OCM CLI vendor hash (see: .github/workflows/flake_vendorhash.yaml)
diff --git a/.github/workflows/publish-to-other-than-github.yaml b/.github/workflows/publish-to-other-than-github.yaml
@@ -55,7 +55,7 @@ jobs:
             --outputDirectory ${{ github.workspace }}/tap/Formula)
         mkdir -p ${{ github.workspace }}/tap/Aliases
         cd ${{ github.workspace }}/tap/Aliases
-        ln -s ../Formula/$(basename $formula) ./ocm
+        ln -sf ../Formula/$(basename $formula) ./ocm
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v7
       with:
@@ -147,6 +147,12 @@ jobs:
     steps:
     - name: Ensure proper version
       run: echo "RELEASE_VERSION=$(echo ${{ github.event.client_payload.version }})" >> $GITHUB_ENV
+    - name: Generate token
+      id: generate_token
+      uses: tibdex/github-app-token@v2
+      with:
+        app_id: ${{ secrets.OCMBOT_APP_ID }}
+        private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
     - name: Publish Release Event
       uses: peter-evans/repository-dispatch@v3
       with:

diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -24,18 +24,18 @@ jobs:
         env:
           TYPE_TO_LABEL: |
             {
-              "feat":"kind/enhancement",
-              "fix":"fix",
-              "chore":"chore",
-              "docs":"kind/documentation",
-              "test":"kind/test",
-              "perf":"kind/performance"
+              "feat":"kind/feature",
+              "fix":"kind/bugfix",
+              "chore":"kind/chore",
+              "docs":"area/documentation",
+              "test":"area/testing",
+              "perf":"area/performance"
             }
           SCOPE_TO_LABEL: |
             {
-              "deps":"dependencies"
+              "deps":"kind/dependency"
             }
-          BREAKING_CHANGE_LABEL: "breaking"
+          BREAKING_CHANGE_LABEL: "!BREAKING-CHANGE!"
         with:
           script: |
             console.log("Verify that the PR title follows the Conventional Commit format");
@@ -158,5 +158,5 @@ jobs:
       - name: PRs should have at least one qualifying label
         uses: docker://agilepathway/pull-request-label-checker:latest
         with:
-          one_of: chore,fix,bugfix,bug,kind/bug,feature,enhancement,kind/enhancement,dependencies
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          any_of: kind/chore,kind/bugfix,kind/feature,kind/dependency,kind/refactor
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -122,7 +122,7 @@ jobs:
         token: ${{ steps.generate_token.outputs.token }}
 
     - name: Setup Syft
-      uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8
+      uses: anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9
 
     - name: Setup Cosign
       uses: sigstore/cosign-installer@v3.7.0

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,4 +2,4 @@
 
 We welcome many different types of contributions.
 
-Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/community/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.
+Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/.github/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.
diff --git a/Dockerfile b/Dockerfile
@@ -1,45 +1,38 @@
-ARG GO_VERSION="1.23"
-ARG ALPINE_VERSION="3.20"
+FROM --platform=$BUILDPLATFORM golang:1.23-alpine3.20 AS build
 
-FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build
+RUN apk add --no-cache make git
 
 WORKDIR /src
-RUN go env -w GOMODCACHE=/root/.cache/go-build
 
 COPY go.mod go.sum *.go VERSION ./
 
 ARG GO_PROXY="https://proxy.golang.org"
 ENV GOPROXY=${GO_PROXY}
-RUN --mount=type=cache,target=/root/.cache/go-build go mod download
+RUN go mod download
 
 COPY . .
-RUN --mount=type=cache,target=/root/.cache/go-build \
-	export VERSION=$(go run api/version/generate/release_generate.go print-rc-version) && \
-    export NOW=$(date -u +%FT%T%z) && \
-    go build -trimpath -ldflags \
-    "-s -w -X ocm.software/ocm/api/version.gitVersion=$VERSION -X ocm.software/ocm/api/version.buildDate=$NOW" \
-    -o /bin/ocm ./cmds/ocm/main.go
 
-FROM alpine:${ALPINE_VERSION}
+ENV BUILD_FLAGS="-trimpath"
 
-# Create group and user
-ARG UID=1000
-ARG GID=1000
-RUN addgroup -g "${GID}" ocmGroup && adduser -u "${UID}" ocmUser -G ocmGroup -D
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN make bin/ocm GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH}
 
-COPY --from=build /bin/ocm /bin/ocm
-COPY --chmod=0755 components/ocmcli/ocm.sh /bin/ocm.sh
+FROM gcr.io/distroless/static-debian12:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
+
+COPY --from=build /src/bin/ocm /usr/local/bin/ocm
 
 # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
-LABEL org.opencontainers.image.description="Open Component Model command line interface based on Alpine ${ALPINE_VERSION}"
+LABEL org.opencontainers.image.description="Open Component Model command line interface based on Distroless"
 LABEL org.opencontainers.image.vendor="SAP SE"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.url="https://ocm.software/"
 LABEL org.opencontainers.image.source="https://github.com/open-component-model/ocm"
 LABEL org.opencontainers.image.title="ocm"
 LABEL org.opencontainers.image.documentation="https://github.com/open-component-model/ocm/blob/main/docs/reference/ocm.md"
-LABEL org.opencontainers.image.base.name="alpine:${ALPINE_VERSION}"
+LABEL org.opencontainers.image.base.name="gcr.io/distroless/static-debian12:nonroot"
 
-USER ocmUser
-ENTRYPOINT ["/bin/ocm.sh"]
-CMD ["/bin/ocm"]
+ENTRYPOINT ["/usr/local/bin/ocm"]
+CMD ["version"]
diff --git a/Makefile b/Makefile
@@ -26,12 +26,14 @@ SOURCES := $(shell go list -f '{{$$I:=.Dir}}{{range .GoFiles }}{{$$I}}/{{.}} {{e
 GOPATH                                         := $(shell go env GOPATH)
 
 NOW         := $(shell date -u +%FT%T%z)
-BUILD_FLAGS := "-s -w \
+LD_FLAGS := "-s -w \
  -X ocm.software/ocm/api/version.gitVersion=$(EFFECTIVE_VERSION) \
  -X ocm.software/ocm/api/version.gitTreeState=$(GIT_TREE_STATE) \
  -X ocm.software/ocm/api/version.gitCommit=$(COMMIT) \
  -X ocm.software/ocm/api/version.buildDate=$(NOW)"
 CGO_ENABLED := 0
+GOOS := $(shell go env GOOS)
+GOARCH := $(shell go env GOARCH)
 
 COMPONENTS ?= ocmcli helminstaller demoplugin ecrplugin helmdemo subchartsdemo
 
@@ -42,19 +44,19 @@ bin:
 	mkdir -p bin
 
 bin/ocm: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/ocm ./cmds/ocm
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/ocm ./cmds/ocm
 
 bin/helminstaller: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/helminstaller ./cmds/helminstaller
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/helminstaller ./cmds/helminstaller
 
 bin/demo: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/demo ./cmds/demoplugin
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/demo ./cmds/demoplugin
 
 bin/cliplugin: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/cliplugin ./cmds/cliplugin
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/cliplugin ./cmds/cliplugin
 
 bin/ecrplugin: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/ecrplugin ./cmds/ecrplugin
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/ecrplugin ./cmds/ecrplugin
 
 api: $(SOURCES)
 	go build ./api/...
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,7 @@ bin @@
     /hack
     /LICENSES
     /local
+    /gen
     /pkg/test*
@@ Expand All / @@ -35,3 +36,4 @@ bin @@
     !go.*
     !**/*.go
+    !.git
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@

		We welcome many different types of contributions.

		Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/community/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.
		Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/.github/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.