Initial version of harbor day2 operator (#3)

* first version of harbor configurator built with nuitka

- fixed some linting issues
- added basic implementation out of prototyping project

* fix image test

* get one image pushed

* set config folder path with env variable

* implement registry syncing

* implement project syncing

* implement robot account syncing

* implement webhook syncing

* improve console output readability

* add robot_name_prefix as env variable

* split long string lines

* define environment on top

* add instruction for when robot account is project defined

* fix console output

* do not delete non empty projects

* check if project is empty before deleting

* add argument parser and use old password env variable

* use robot secrets from env variables

* call help page to test native compilation in build pipeline

* fix linting issues

* define global client in main function

* fix linting warning

* check if native compilation works before pushing

* fix target_robot attribute name

* Update dependencies

* added minimal error handling for bad request on robot sync

* added harbor error print to conflict error

* print harbor error while respecting linter rules

* Fix robot account names which contains namespace name

* Add paranthesis to avoid wrong namespace allocation

* Add missing robot_name; simplify usage

* Refactor naming

* Fix quoting issues and add debug log

* Adding needed awaits; rewert unneeded quoting removal

* Remove unneeded line, add debug log

* changed identity operator to equality operator and changed order of target robot usage

* changed dict attribute access

* fix missing closing bracket

* changed attribute acces in construct name method

* changed single quotes to double quotes to have clear f string

* printing current robot names to test if indices come from harbor

* expand robot level to system and projects using query

* separate queries for project and system

* added robot queries to include all robots from all projects

* fix typo in variable name

* bigger pagination page size

* reduce pagination page size to 100 for harbor

* remove unnecessary robot sync prints

* remove page_size and add explicit limit=None to fetch all resources

---------

Co-authored-by: Alfred Schmid <alfred.schmid@steadforce.com>
Co-authored-by: tobias.piltz <tobias.piltz@steadforce.com>
Co-authored-by: Kai René Koch <kai.rene.koch@steadforce.com>

.github/workflows/build-and-publish-container-image.yaml

@@ -0,0 +1,71 @@
+name: Create and publish k8s workbench container image
+
+on:
+  push:
+    branches:
+    - "**"
+    tags:
+    - "v*.*.*"
+  pull_request:
+    branches:
+    - "main"
+
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: harbor-day2-operator
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - uses: hadolint/hadolint-action@v3.1.0
+      with:
+        dockerfile: Dockerfile
+    - uses: ricardochaves/python-lint@v1.4.0
+      with:
+        use-pylint: false
+        use-flake8: false
+        use-black: false
+        use-mypy: false
+        use-isort: false
+    - name: Log in to the container registry
+      uses: docker/login-action@a9794064588be971151ec5e7144cb535bcb56e36
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Extract metadata (tags, labels) for container
+      id: meta
+      uses: docker/metadata-action@35e9aff4f5d665b5aa8a8f2adffaf8a1b5f49cc0
+      with:
+        images: ${{ env.REGISTRY }}/steadforce/steadops/workbenches/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=sha
+    - name: Build container image for tests
+      uses: docker/build-push-action@4fad532b9fdbfb80f436784834374a1c11834153
+      with:
+        context: .
+        push: false
+        tags: ${{ env.IMAGE_NAME }}:test
+    - name: Test harbor tool
+      run: |
+        docker run --rm ${{ env.IMAGE_NAME }}:test /usr/local/harbor --help
+    - name: Tag and push tested container image
+      uses: docker/build-push-action@4fad532b9fdbfb80f436784834374a1c11834153
+      with:
+        context: .
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -158,3 +158,5 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
+/.project
+/.pydevproject

Dockerfile

@@ -0,0 +1,36 @@
+# Stick to Python 3.11 until Nuitka supports Python 3.12
+FROM python:3.11-alpine@sha256:d1975f2182c9962f5daa1ad935eb092e3e32dce11d8105cb3584a31afc7b451b as base
+ENV PYTHONUNBUFFERED 1
+
+FROM base as builder
+# we want always the latest version of fetched apk packages
+# hadolint ignore=DL3018
+RUN apk add --no-cache build-base libressl-dev musl-dev libffi-dev && \
+    mkdir /install
+WORKDIR /install
+COPY requirements.txt requirements.txt
+# we want always the latest version of fetched pip packages
+# hadolint ignore=DL3013
+RUN pip3 install --no-cache-dir -U pip setuptools wheel && \
+    pip3 install --no-cache-dir --prefix=/install --no-warn-script-location -r ./requirements.txt
+
+FROM builder as native-builder
+# we want always the latest version of fetched apk packages
+# hadolint ignore=DL3018
+RUN apk add --no-cache ccache patchelf
+COPY src/ /src/
+RUN python -m venv /venv && \
+    /venv/bin/pip install --no-cache-dir -U pip nuitka setuptools wheel && \
+    /venv/bin/pip install --no-cache-dir --no-warn-script-location -r ./requirements.txt && \
+    /venv/bin/python -m nuitka --onefile /src/harbor.py && \
+    pwd && \
+    ls -lha
+
+FROM base as test
+COPY --from=builder /install /usr/local
+COPY tests/ /tests/
+WORKDIR /tests
+RUN python3 -m unittest discover -v -s .
+
+FROM alpine:3.19@sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0
+COPY --from=native-builder /install/harbor.bin /usr/local/harbor

Dockerfile.requirements

@@ -0,0 +1,6 @@
+FROM local-python-base
+COPY dev_requirements.txt ./dev_requirements.txt
+RUN apk add --no-cache build-base librdkafka-dev
+RUN python3 -m pip install -U pip setuptools wheel && \
+    python3 -m pip install pip-chill && python3 -m pip install -r ./dev_requirements.txt
+RUN pip-chill --no-chill  > requirements.txt

README.md

@@ -1,2 +1,20 @@
 # harbor-day2-operator
-The harbor day2 operator is for automated managment of existing harbor instances using python harbor-api
+The harbor day2 operator is for automated management of existing harbor instances using python harbor-api
+
+## Linter
+We have activated linter like hadolint for dockerfiles. Please run
+all the linters like documented underneath before checkin of source
+code. Pull requests are only accepted when no linting errors occur.
+
+### hadolint
+
+```
+ docker run --rm -i ghcr.io/hadolint/hadolint < Dockerfile
+```
+
+### python-lint
+
+```
+ docker run --rm -v .:/src ricardobchaves6/python-lint-image:1.4.0 pycodestyle /src
+```
+

create_requirements_in_container.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+docker build . -f Dockerfile --target base -t local-python-base --no-cache
+docker build . -f Dockerfile.requirements -t local-python-requirements --no-cache
+id=$(docker create local-python-requirements)
+docker cp $id:requirements.txt gen_requirements.txt
+docker rm $id
+docker image rm local-python-requirements local-python-base
+cat < gen_requirements.txt > requirements.txt
+rm gen_requirements.txt

dev_requirements.txt

@@ -0,0 +1 @@
+harborapi

requirements.txt

@@ -0,0 +1 @@
+harborapi==0.23.1