diff --git a/.github/labels.yaml b/.github/labels.yaml index 5821ac39..e5fcef61 100644 --- a/.github/labels.yaml +++ b/.github/labels.yaml @@ -44,12 +44,12 @@ description: Feature request proposals in the RFC format color: '#D621C3' aliases: ['area/RFC'] +- name: backport:release/v2.5.x + description: To be backported to release/v2.5.x + color: '#ffd700' - name: backport:release/v2.6.x description: To be backported to release/v2.6.x color: '#ffd700' - name: backport:release/v2.7.x description: To be backported to release/v2.7.x color: '#ffd700' -- name: backport:release/v2.8.x - description: To be backported to release/v2.8.x - color: '#ffd700' diff --git a/.github/workflows/upgrade-fluxcd-pkg.yaml b/.github/workflows/upgrade-fluxcd-pkg.yaml index c96199d1..659fd30a 100644 --- a/.github/workflows/upgrade-fluxcd-pkg.yaml +++ b/.github/workflows/upgrade-fluxcd-pkg.yaml @@ -3,9 +3,6 @@ name: upgrade-fluxcd-pkg on: workflow_dispatch: -permissions: - contents: read - jobs: upgrade-fluxcd-pkg: uses: fluxcd/gha-workflows/.github/workflows/upgrade-fluxcd-pkg.yaml@v0.9.0 diff --git a/cmd/flux/build_artifact.go b/cmd/flux/build_artifact.go index 7dcc7d42..9da0ca0e 100644 --- a/cmd/flux/build_artifact.go +++ b/cmd/flux/build_artifact.go @@ -22,7 +22,6 @@ import ( "fmt" "io" "os" - "path/filepath" "strings" "github.com/spf13/cobra" @@ -49,10 +48,9 @@ from the given directory or a single manifest file.`, } type buildArtifactFlags struct { - output string - path string - ignorePaths []string - resolveSymlinks bool + output string + path string + ignorePaths []string } var excludeOCI = append(strings.Split(sourceignore.ExcludeVCS, ","), strings.Split(sourceignore.ExcludeExt, ",")...) @@ -63,7 +61,6 @@ func init() { buildArtifactCmd.Flags().StringVarP(&buildArtifactArgs.path, "path", "p", "", "Path to the directory where the Kubernetes manifests are located.") buildArtifactCmd.Flags().StringVarP(&buildArtifactArgs.output, "output", "o", "artifact.tgz", "Path to where the artifact tgz file should be written.") buildArtifactCmd.Flags().StringSliceVar(&buildArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format") - buildArtifactCmd.Flags().BoolVar(&buildArtifactArgs.resolveSymlinks, "resolve-symlinks", false, "resolve symlinks by copying their targets into the artifact") buildCmd.AddCommand(buildArtifactCmd) } @@ -88,15 +85,6 @@ func buildArtifactCmdRun(cmd *cobra.Command, args []string) error { return fmt.Errorf("invalid path '%s', must point to an existing directory or file", path) } - if buildArtifactArgs.resolveSymlinks { - resolved, cleanupDir, err := resolveSymlinks(path) - if err != nil { - return fmt.Errorf("resolving symlinks failed: %w", err) - } - defer os.RemoveAll(cleanupDir) - path = resolved - } - logger.Actionf("building artifact from %s", path) ociClient := oci.NewClient(oci.DefaultOptions()) @@ -108,141 +96,6 @@ func buildArtifactCmdRun(cmd *cobra.Command, args []string) error { return nil } -// resolveSymlinks creates a temporary directory with symlinks resolved to their -// real file contents. This allows building artifacts from symlink trees (e.g., -// those created by Nix) where the actual files live outside the source directory. -// It returns the resolved path and the temporary directory path for cleanup. -func resolveSymlinks(srcPath string) (string, string, error) { - absPath, err := filepath.Abs(srcPath) - if err != nil { - return "", "", err - } - - info, err := os.Stat(absPath) - if err != nil { - return "", "", err - } - - // For a single file, resolve the symlink and return the path to the - // copied file within the temp dir, preserving file semantics for callers. - if !info.IsDir() { - resolved, err := filepath.EvalSymlinks(absPath) - if err != nil { - return "", "", fmt.Errorf("resolving symlink for %s: %w", absPath, err) - } - tmpDir, err := os.MkdirTemp("", "flux-artifact-*") - if err != nil { - return "", "", err - } - dst := filepath.Join(tmpDir, filepath.Base(absPath)) - if err := copyFile(resolved, dst); err != nil { - os.RemoveAll(tmpDir) - return "", "", err - } - return dst, tmpDir, nil - } - - tmpDir, err := os.MkdirTemp("", "flux-artifact-*") - if err != nil { - return "", "", err - } - - visited := make(map[string]bool) - if err := copyDir(absPath, tmpDir, visited); err != nil { - os.RemoveAll(tmpDir) - return "", "", err - } - - return tmpDir, tmpDir, nil -} - -// copyDir recursively copies the contents of srcDir to dstDir, resolving any -// symlinks encountered along the way. The visited map tracks resolved real -// directory paths to detect and break symlink cycles. -func copyDir(srcDir, dstDir string, visited map[string]bool) error { - real, err := filepath.EvalSymlinks(srcDir) - if err != nil { - return fmt.Errorf("resolving symlink %s: %w", srcDir, err) - } - abs, err := filepath.Abs(real) - if err != nil { - return fmt.Errorf("getting absolute path for %s: %w", real, err) - } - if visited[abs] { - return nil // break the cycle - } - visited[abs] = true - - entries, err := os.ReadDir(srcDir) - if err != nil { - return err - } - - for _, entry := range entries { - srcPath := filepath.Join(srcDir, entry.Name()) - dstPath := filepath.Join(dstDir, entry.Name()) - - // Resolve symlinks to get the real path and info. - realPath, err := filepath.EvalSymlinks(srcPath) - if err != nil { - return fmt.Errorf("resolving symlink %s: %w", srcPath, err) - } - realInfo, err := os.Stat(realPath) - if err != nil { - return fmt.Errorf("stat resolved path %s: %w", realPath, err) - } - - if realInfo.IsDir() { - if err := os.MkdirAll(dstPath, realInfo.Mode()); err != nil { - return err - } - // Recursively copy the resolved directory contents. - if err := copyDir(realPath, dstPath, visited); err != nil { - return err - } - continue - } - - if !realInfo.Mode().IsRegular() { - continue - } - - if err := copyFile(realPath, dstPath); err != nil { - return err - } - } - - return nil -} - -func copyFile(src, dst string) error { - srcInfo, err := os.Stat(src) - if err != nil { - return err - } - - in, err := os.Open(src) - if err != nil { - return err - } - defer in.Close() - - if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil { - return err - } - - out, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, srcInfo.Mode()) - if err != nil { - return err - } - defer out.Close() - - if _, err := io.Copy(out, in); err != nil { - return err - } - return out.Close() -} - func saveReaderToFile(reader io.Reader) (string, error) { b, err := io.ReadAll(bufio.NewReader(reader)) if err != nil { diff --git a/cmd/flux/build_artifact_test.go b/cmd/flux/build_artifact_test.go index bfdaaaed..ba84186c 100644 --- a/cmd/flux/build_artifact_test.go +++ b/cmd/flux/build_artifact_test.go @@ -18,7 +18,6 @@ package main import ( "os" - "path/filepath" "strings" "testing" @@ -69,113 +68,3 @@ data: } } - -func Test_resolveSymlinks(t *testing.T) { - g := NewWithT(t) - - // Create source directory with a real file - srcDir := t.TempDir() - realFile := filepath.Join(srcDir, "real.yaml") - g.Expect(os.WriteFile(realFile, []byte("apiVersion: v1\nkind: Namespace\nmetadata:\n name: test\n"), 0o644)).To(Succeed()) - - // Create a directory with symlinks pointing to files outside it - symlinkDir := t.TempDir() - symlinkFile := filepath.Join(symlinkDir, "linked.yaml") - g.Expect(os.Symlink(realFile, symlinkFile)).To(Succeed()) - - // Also add a regular file in the symlink dir - regularFile := filepath.Join(symlinkDir, "regular.yaml") - g.Expect(os.WriteFile(regularFile, []byte("apiVersion: v1\nkind: ConfigMap\n"), 0o644)).To(Succeed()) - - // Create a symlinked subdirectory - subDir := filepath.Join(srcDir, "subdir") - g.Expect(os.MkdirAll(subDir, 0o755)).To(Succeed()) - g.Expect(os.WriteFile(filepath.Join(subDir, "nested.yaml"), []byte("nested"), 0o644)).To(Succeed()) - g.Expect(os.Symlink(subDir, filepath.Join(symlinkDir, "linkeddir"))).To(Succeed()) - - // Resolve symlinks - resolved, cleanupDir, err := resolveSymlinks(symlinkDir) - g.Expect(err).To(BeNil()) - t.Cleanup(func() { os.RemoveAll(cleanupDir) }) - - // Verify the regular file was copied - content, err := os.ReadFile(filepath.Join(resolved, "regular.yaml")) - g.Expect(err).To(BeNil()) - g.Expect(string(content)).To(Equal("apiVersion: v1\nkind: ConfigMap\n")) - - // Verify the symlinked file was resolved and copied - content, err = os.ReadFile(filepath.Join(resolved, "linked.yaml")) - g.Expect(err).To(BeNil()) - g.Expect(string(content)).To(ContainSubstring("kind: Namespace")) - - // Verify that the resolved file is a regular file, not a symlink - info, err := os.Lstat(filepath.Join(resolved, "linked.yaml")) - g.Expect(err).To(BeNil()) - g.Expect(info.Mode().IsRegular()).To(BeTrue()) - - // Verify that the symlinked directory was resolved and its contents were copied - content, err = os.ReadFile(filepath.Join(resolved, "linkeddir", "nested.yaml")) - g.Expect(err).To(BeNil()) - g.Expect(string(content)).To(Equal("nested")) - - // Verify that the file inside the symlinked directory is a regular file - info, err = os.Lstat(filepath.Join(resolved, "linkeddir", "nested.yaml")) - g.Expect(err).To(BeNil()) - g.Expect(info.Mode().IsRegular()).To(BeTrue()) -} - -func Test_resolveSymlinks_singleFile(t *testing.T) { - g := NewWithT(t) - - // Create a real file - srcDir := t.TempDir() - realFile := filepath.Join(srcDir, "manifest.yaml") - g.Expect(os.WriteFile(realFile, []byte("kind: ConfigMap"), 0o644)).To(Succeed()) - - // Create a symlink to the real file - linkDir := t.TempDir() - linkFile := filepath.Join(linkDir, "link.yaml") - g.Expect(os.Symlink(realFile, linkFile)).To(Succeed()) - - // Resolve the single symlinked file - resolved, cleanupDir, err := resolveSymlinks(linkFile) - g.Expect(err).To(BeNil()) - t.Cleanup(func() { os.RemoveAll(cleanupDir) }) - - // The returned path should be a file, not a directory - info, err := os.Stat(resolved) - g.Expect(err).To(BeNil()) - g.Expect(info.IsDir()).To(BeFalse()) - - // Verify contents - content, err := os.ReadFile(resolved) - g.Expect(err).To(BeNil()) - g.Expect(string(content)).To(Equal("kind: ConfigMap")) -} - -func Test_resolveSymlinks_cycle(t *testing.T) { - g := NewWithT(t) - - // Create a directory with a symlink cycle: dir/link -> dir - dir := t.TempDir() - g.Expect(os.WriteFile(filepath.Join(dir, "file.yaml"), []byte("data"), 0o644)).To(Succeed()) - g.Expect(os.Symlink(dir, filepath.Join(dir, "cycle"))).To(Succeed()) - - // resolveSymlinks should not infinite-loop - resolved, cleanupDir, err := resolveSymlinks(dir) - g.Expect(err).To(BeNil()) - t.Cleanup(func() { os.RemoveAll(cleanupDir) }) - - // The file should be copied - content, err := os.ReadFile(filepath.Join(resolved, "file.yaml")) - g.Expect(err).To(BeNil()) - g.Expect(string(content)).To(Equal("data")) - - // The cycle directory should exist but not cause infinite nesting - _, err = os.Stat(filepath.Join(resolved, "cycle")) - g.Expect(err).To(BeNil()) - - // There should NOT be deeply nested cycle/cycle/cycle/... paths - _, err = os.Stat(filepath.Join(resolved, "cycle", "cycle", "cycle")) - g.Expect(os.IsNotExist(err)).To(BeTrue()) -} diff --git a/cmd/flux/push_artifact.go b/cmd/flux/push_artifact.go index 237c2593..c37f0ef1 100644 --- a/cmd/flux/push_artifact.go +++ b/cmd/flux/push_artifact.go @@ -103,18 +103,17 @@ The command can read the credentials from '~/.docker/config.json' but they can a } type pushArtifactFlags struct { - path string - source string - revision string - creds string - provider flags.SourceOCIProvider - ignorePaths []string - annotations []string - output string - debug bool - reproducible bool - insecure bool - resolveSymlinks bool + path string + source string + revision string + creds string + provider flags.SourceOCIProvider + ignorePaths []string + annotations []string + output string + debug bool + reproducible bool + insecure bool } var pushArtifactArgs = newPushArtifactFlags() @@ -138,7 +137,6 @@ func init() { pushArtifactCmd.Flags().BoolVarP(&pushArtifactArgs.debug, "debug", "", false, "display logs from underlying library") pushArtifactCmd.Flags().BoolVar(&pushArtifactArgs.reproducible, "reproducible", false, "ensure reproducible image digests by setting the created timestamp to '1970-01-01T00:00:00Z'") pushArtifactCmd.Flags().BoolVar(&pushArtifactArgs.insecure, "insecure-registry", false, "allows artifacts to be pushed without TLS") - pushArtifactCmd.Flags().BoolVar(&pushArtifactArgs.resolveSymlinks, "resolve-symlinks", false, "resolve symlinks by copying their targets into the artifact") pushCmd.AddCommand(pushArtifactCmd) } @@ -185,15 +183,6 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error { return fmt.Errorf("invalid path '%s', must point to an existing directory or file: %w", path, err) } - if pushArtifactArgs.resolveSymlinks { - resolved, cleanupDir, err := resolveSymlinks(path) - if err != nil { - return fmt.Errorf("resolving symlinks failed: %w", err) - } - defer os.RemoveAll(cleanupDir) - path = resolved - } - annotations := map[string]string{} for _, annotation := range pushArtifactArgs.annotations { kv := strings.Split(annotation, "=") diff --git a/cmd/flux/reconcile.go b/cmd/flux/reconcile.go index 9f0787bd..ffdcce91 100644 --- a/cmd/flux/reconcile.go +++ b/cmd/flux/reconcile.go @@ -152,14 +152,7 @@ func reconciliationHandled(kubeClient client.Client, namespacedName types.Namesp return false, err } - switch result.Status { - case kstatus.CurrentStatus: - return true, nil - case kstatus.InProgressStatus: - return false, nil - default: - return false, fmt.Errorf("%s", result.Message) - } + return result.Status == kstatus.CurrentStatus, nil } } diff --git a/cmd/flux/resume.go b/cmd/flux/resume.go index e531ecee..fe23a411 100644 --- a/cmd/flux/resume.go +++ b/cmd/flux/resume.go @@ -126,17 +126,6 @@ func (resume resumeCommand) run(cmd *cobra.Command, args []string) error { resume.printMessage(reconcileResps) - // Return an error if any reconciliation failed - var failedCount int - for _, r := range reconcileResps { - if r.resumable != nil && r.err != nil { - failedCount++ - } - } - if failedCount > 0 { - return fmt.Errorf("reconciliation failed for %d %s(s)", failedCount, resume.kind) - } - return nil } diff --git a/docs/release/release-notes-template.md b/docs/release/release-notes-template.md index 5ad01f56..2a05d5c5 100644 --- a/docs/release/release-notes-template.md +++ b/docs/release/release-notes-template.md @@ -26,8 +26,6 @@ The following template can be used for the GitHub release page: -ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. - ### Fixes and improvements @@ -38,7 +36,7 @@ The following template can be used for the GitHub release page: ## Components changelog -- -controller [v](https://github.com/fluxcd/-controller/blob//CHANGELOG.md) +- -controller [v](https://github.com/fluxcd/-controller/blob//CHANGELOG.md ## CLI changelog diff --git a/go.mod b/go.mod index 7554accd..cecd0b06 100644 --- a/go.mod +++ b/go.mod @@ -17,20 +17,20 @@ require ( github.com/fluxcd/image-reflector-controller/api v1.1.1 github.com/fluxcd/kustomize-controller/api v1.8.2 github.com/fluxcd/notification-controller/api v1.8.2 - github.com/fluxcd/pkg/apis/event v0.25.0 - github.com/fluxcd/pkg/apis/meta v1.26.0 - github.com/fluxcd/pkg/auth v0.40.0 - github.com/fluxcd/pkg/chartutil v1.23.0 + github.com/fluxcd/pkg/apis/event v0.24.1 + github.com/fluxcd/pkg/apis/meta v1.25.1 + github.com/fluxcd/pkg/auth v0.38.4 + github.com/fluxcd/pkg/chartutil v1.22.1 github.com/fluxcd/pkg/envsubst v1.5.0 - github.com/fluxcd/pkg/git v0.46.0 - github.com/fluxcd/pkg/kustomize v1.28.0 - github.com/fluxcd/pkg/oci v0.63.0 - github.com/fluxcd/pkg/runtime v0.103.0 + github.com/fluxcd/pkg/git v0.43.1 + github.com/fluxcd/pkg/kustomize v1.27.1 + github.com/fluxcd/pkg/oci v0.60.1 + github.com/fluxcd/pkg/runtime v0.100.4 github.com/fluxcd/pkg/sourceignore v0.17.0 - github.com/fluxcd/pkg/ssa v0.70.0 + github.com/fluxcd/pkg/ssa v0.67.3 github.com/fluxcd/pkg/ssh v0.24.0 github.com/fluxcd/pkg/tar v0.17.0 - github.com/fluxcd/pkg/version v0.14.0 + github.com/fluxcd/pkg/version v0.12.0 github.com/fluxcd/source-controller/api v1.8.1 github.com/fluxcd/source-watcher/api/v2 v2.1.1 github.com/go-git/go-git/v5 v5.16.5 @@ -128,7 +128,7 @@ require ( github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.9.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.16.0 // indirect + github.com/fluxcd/pkg/apis/kustomize v1.15.1 // indirect github.com/fluxcd/pkg/cache v0.13.0 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect diff --git a/go.sum b/go.sum index 3aed1cda..e720c911 100644 --- a/go.sum +++ b/go.sum @@ -186,40 +186,40 @@ github.com/fluxcd/notification-controller/api v1.8.2 h1:TDrXohUC5Gh3BF+v2ux9/zEG github.com/fluxcd/notification-controller/api v1.8.2/go.mod h1:ozgJGQPy0dG5eOsLZlwAr6n0q/y6+TWd1fGOtavlXJA= github.com/fluxcd/pkg/apis/acl v0.9.0 h1:wBpgsKT+jcyZEcM//OmZr9RiF8klL3ebrDp2u2ThsnA= github.com/fluxcd/pkg/apis/acl v0.9.0/go.mod h1:TttNS+gocsGLwnvmgVi3/Yscwqrjc17+vhgYfqkfrV4= -github.com/fluxcd/pkg/apis/event v0.25.0 h1:zdwytvDhG+fk+Ywl5DOtv7TklkrVgM21WHm1f+YhleE= -github.com/fluxcd/pkg/apis/event v0.25.0/go.mod h1:TlK8HWYrTwl0raqBRC+ROoNpYW5fdVnwcwOBOx5Kzw8= -github.com/fluxcd/pkg/apis/kustomize v1.16.0 h1:PhWXEhqQqsisIpwp1/wHvTvo+MO+GGzsBPoN0ZnRE3Y= -github.com/fluxcd/pkg/apis/kustomize v1.16.0/go.mod h1:IZOy4CCtR/hxMGb7erK1RfbGnczVv4/dRBoVD37AywI= -github.com/fluxcd/pkg/apis/meta v1.26.0 h1:dxP1FfBpTCYso6odzRcltVnnRuBb2VyhhgV0VX9YbUE= -github.com/fluxcd/pkg/apis/meta v1.26.0/go.mod h1:c7o6mJGLCMvNrfdinGZehkrdZuFT9vZdZNrn66DtVD0= -github.com/fluxcd/pkg/auth v0.40.0 h1:p6Kw6KH+z8oRqngKhmTt8ILKD/rC+8tP87a//kLZhi8= -github.com/fluxcd/pkg/auth v0.40.0/go.mod h1:Oq/hIEKUMTbL2bv5blf+EhC/jXXJLsOjIMtJj/AtG3Y= +github.com/fluxcd/pkg/apis/event v0.24.1 h1:TClVdn02aiq3sAl9BuzLjjTIxm3JJ83fJ9nchtBa4qg= +github.com/fluxcd/pkg/apis/event v0.24.1/go.mod h1:TlK8HWYrTwl0raqBRC+ROoNpYW5fdVnwcwOBOx5Kzw8= +github.com/fluxcd/pkg/apis/kustomize v1.15.1 h1:t9QZh+3ZS8EKmlxrnnbcKZcGTrg8FDvMF1T8BHMCuqI= +github.com/fluxcd/pkg/apis/kustomize v1.15.1/go.mod h1:IZOy4CCtR/hxMGb7erK1RfbGnczVv4/dRBoVD37AywI= +github.com/fluxcd/pkg/apis/meta v1.25.1 h1:WG1GIC/SOz0GjxT0uVuO6AMicQ3yFsk6bDozCnq+fto= +github.com/fluxcd/pkg/apis/meta v1.25.1/go.mod h1:c7o6mJGLCMvNrfdinGZehkrdZuFT9vZdZNrn66DtVD0= +github.com/fluxcd/pkg/auth v0.38.4 h1:xVsJ1rakUm5zS2tOKguZOQc5g6wLgCNxW2a9exidd4M= +github.com/fluxcd/pkg/auth v0.38.4/go.mod h1:KTXOh770ukcyQfC8NavEFzm110ORSQRan0v/kjzgFXs= github.com/fluxcd/pkg/cache v0.13.0 h1:MqtlgOwIVcGKKgV422e39O+KFSVMWuExKeRaMDBjJlk= github.com/fluxcd/pkg/cache v0.13.0/go.mod h1:0xRZ1hitrIFQ6pl68ke2wZLbIqA2VLzY78HpDo9DVxs= -github.com/fluxcd/pkg/chartutil v1.23.0 h1:ohstQEVnrBIbN85FGu83hnmAohLl0PdOoPlsM6+cjyI= -github.com/fluxcd/pkg/chartutil v1.23.0/go.mod h1:kFhmD6DwBgRsvC1ilINsomargMi2WbqvSndWQLikkLc= +github.com/fluxcd/pkg/chartutil v1.22.1 h1:ufI9LJ4d5T79h9ruBQRoRcSmuI/KkcwEqWdxu/9Xub8= +github.com/fluxcd/pkg/chartutil v1.22.1/go.mod h1:4/2mpNLyfox3uey++hG21AePPsMWekdhSWAtSdDiubQ= github.com/fluxcd/pkg/envsubst v1.5.0 h1:S07mo+MkGhptdHA4pRze5HPKlc8tHxKswNdcMZi1WDY= github.com/fluxcd/pkg/envsubst v1.5.0/go.mod h1:c3a8DYI855sZUubHFYQbjfjop6Wu4/zg1cLyf7SnCes= -github.com/fluxcd/pkg/git v0.46.0 h1:QMh0+ZzQ2jO6rIGj4ffR5trZ8g/cxvt8cVajReJ8Iyw= -github.com/fluxcd/pkg/git v0.46.0/go.mod h1:iHcIjx9c8zye3PQiajTJYxgOMRiy7WCs+hfLKDswpfI= -github.com/fluxcd/pkg/gittestserver v0.26.0 h1:+RZrCzFRsE+d5WaqAoqaPCEgcgv/jZp6+f7DS0+Ynb8= -github.com/fluxcd/pkg/gittestserver v0.26.0/go.mod h1:7fybYb0yej1fFNiF1ohs0Jr0XzyaZQ/cRh3AFEoCtuc= -github.com/fluxcd/pkg/kustomize v1.28.0 h1:0RuFVczJRabbt8frHZ/ql8aqte6BOOKk274O09l6/hE= -github.com/fluxcd/pkg/kustomize v1.28.0/go.mod h1:cW08mnngSP8MJYb6mDmMvxH8YjNATdiML0udb37dk+M= -github.com/fluxcd/pkg/oci v0.63.0 h1:ZPKTT2C+gWYjhP63xC76iTPdYE9w3ABcsDq77uhAgwo= -github.com/fluxcd/pkg/oci v0.63.0/go.mod h1:qMPz4njvm6hJzdyGSb8ydSqrapXxTQwJonxHIsdeXSQ= -github.com/fluxcd/pkg/runtime v0.103.0 h1:J5y5GPhWdkyqIUBlaI1FP2N02TtZmsjbWhhZubuTSFk= -github.com/fluxcd/pkg/runtime v0.103.0/go.mod h1:mbo2f3azo3yVQgm7XZGxQB6/2zvzQ5Wgtd8TjRRwwAw= +github.com/fluxcd/pkg/git v0.43.1 h1:lw29P44wueKzQk79KnYyvisfw//cxg0S4cDeTYx+Slo= +github.com/fluxcd/pkg/git v0.43.1/go.mod h1:3R/AjCe7ee7FqWcAG+2IiuJPOCxrGHF4SCGkuvKS6OQ= +github.com/fluxcd/pkg/gittestserver v0.25.1 h1:40Ridmy1xKxBM9ItDn012R4VKmaoDqzvGaC5g7xv+mw= +github.com/fluxcd/pkg/gittestserver v0.25.1/go.mod h1:7fybYb0yej1fFNiF1ohs0Jr0XzyaZQ/cRh3AFEoCtuc= +github.com/fluxcd/pkg/kustomize v1.27.1 h1:BLOBNLb2N5ObttZA8XJhZ2NqNY1ZjBqQtTpNlIx8/L4= +github.com/fluxcd/pkg/kustomize v1.27.1/go.mod h1:A2RQTe9woDPiwJDWFlkoP4oF9eX9DeXr89FEkKnSObk= +github.com/fluxcd/pkg/oci v0.60.1 h1:mT6WBX+MBIcczzEnw/W4cfXyt5JSRNhRoB/UnJ72K6M= +github.com/fluxcd/pkg/oci v0.60.1/go.mod h1:w2FGseUl3WGjwRMH/3h6MTI4gKahcBQtnGbn/TQVA34= +github.com/fluxcd/pkg/runtime v0.100.4 h1:rwvbeoeWN0BTJORJBISJJEkWn6DVfmWwynFl2GseWns= +github.com/fluxcd/pkg/runtime v0.100.4/go.mod h1:M6LjRJ1hIe2s6E2ykFfae1Xy/rLvOFQf2QquMKmN350= github.com/fluxcd/pkg/sourceignore v0.17.0 h1:Z72nruRMhC15zIEpWoDrAcJcJ1El6QDnP/aRDfE4WOA= github.com/fluxcd/pkg/sourceignore v0.17.0/go.mod h1:3e/VmYLId0pI/H5sK7W9Ibif+j0Ahns9RxNjDMtTTfY= -github.com/fluxcd/pkg/ssa v0.70.0 h1:IBylYPiTK1IEdCC2DvjKXIhwQcbd5VufXA9WS3zO+tE= -github.com/fluxcd/pkg/ssa v0.70.0/go.mod h1:6igtlt7/zF+nNFQpa5ZAkkvtpL6o36NRU39/PqqC+Bg= +github.com/fluxcd/pkg/ssa v0.67.3 h1:mjuhH5fNOYstkF6jB7EeaWmfnt5T272Cup8ZD9O8YBQ= +github.com/fluxcd/pkg/ssa v0.67.3/go.mod h1:6igtlt7/zF+nNFQpa5ZAkkvtpL6o36NRU39/PqqC+Bg= github.com/fluxcd/pkg/ssh v0.24.0 h1:hrPlxs0hhXf32DRqs68VbsXs0XfQMphyRVIk0rYYJa4= github.com/fluxcd/pkg/ssh v0.24.0/go.mod h1:xWammEqalrpurpcMiixJRXtynRQtBEoqheyU5F/vWrg= github.com/fluxcd/pkg/tar v0.17.0 h1:uNxbFXy8ly8C7fJ8D7w3rjTNJFrb4Hp1aY/30XkfvxY= github.com/fluxcd/pkg/tar v0.17.0/go.mod h1:b1xyIRYDD0ket4SV5u0UXYv+ZdN/O/HmIO5jZQdHQls= -github.com/fluxcd/pkg/version v0.14.0 h1:T3llSc8sUnsuFrW5ng2ePSfXwGXUKv0YG9QXf0ErhWw= -github.com/fluxcd/pkg/version v0.14.0/go.mod h1:YHdg/78kzf+kCqS+SqSOiUxum5AjxlixiqwpX6AUZB8= +github.com/fluxcd/pkg/version v0.12.0 h1:MGbdbNf2D5wazMqAkNPn+Lh5j+oY0gxQJFTGyet5Hfc= +github.com/fluxcd/pkg/version v0.12.0/go.mod h1:YHdg/78kzf+kCqS+SqSOiUxum5AjxlixiqwpX6AUZB8= github.com/fluxcd/source-controller/api v1.8.1 h1:49HiJF5mNEdZTwueQMRahTVts35B+xhN5CsuOAL9gQ0= github.com/fluxcd/source-controller/api v1.8.1/go.mod h1:HgZ6NSH1cyOE2jRoNwln1xEwr9ETvrLeiy1o4O04vQM= github.com/fluxcd/source-watcher/api/v2 v2.1.1 h1:1LfT50ty+78MKKbschAZl28QbVqIyjaNq17KmW5wPJI= diff --git a/rfcs/0010-multi-tenant-workload-identity/README.md b/rfcs/0010-multi-tenant-workload-identity/README.md index 920e402e..9ed342d9 100644 --- a/rfcs/0010-multi-tenant-workload-identity/README.md +++ b/rfcs/0010-multi-tenant-workload-identity/README.md @@ -1,10 +1,15 @@ # RFC-0010 Multi-Tenant Workload Identity -**Status:** implemented +**Status:** implementable + + **Creation date:** 2025-02-22 -**Last update:** 2026-03-13 +**Last update:** 2025-04-29 ## Summary @@ -1415,11 +1420,10 @@ options to call `gcp.NewTokenSource()` and feed this token source to the `HelmRepository` and `HelmChart`, as well as for SOPS decryption in the `Kustomization` API and Azure Event Hubs in the `Provider` API. -* In Flux 2.7 object-level workload identity was introduced for all - the remaining APIs that support cloud providers, i.e. `Bucket`, - `GitRepository` and `ImageUpdateAutomation`, and also all the - remaining types for the `Provider` API, i.e. `azuredevops` and - `googlepubsub`. In addition, support for controller and - object-level workload identity was introduced for the - `Kustomization` and `HelmRelease` APIs for remote cluster - access. + + diff --git a/rfcs/0011-opentelemetry-tracing/README.md b/rfcs/0011-opentelemetry-tracing/README.md index 3dd5e851..768e05a4 100644 --- a/rfcs/0011-opentelemetry-tracing/README.md +++ b/rfcs/0011-opentelemetry-tracing/README.md @@ -1,10 +1,15 @@ # RFC-0011: OpenTelemetry Tracing -**Status:** implemented +**Status:** provisional + + **Creation date:** 2025-04-24 -**Last update:** 2026-03-13 +**Last update:** 2025-08-13 ## Summary The aim is to be able to collect traces via OpenTelemetry (OTel) across all Flux related objects, such as HelmReleases, Kustomizations and among others. These may be sent towards a tracing provider where may be potentially stored and visualized. Flux does not have any responsibility on storing and visualizing those, it keeps being completely stateless. Thereby, being seamless for the user, the implementation is going to be part of the already existing `Alert` API Type. Therefore, `EventSources` is going to discriminate the events belonging to the specific sources, which are going to be looked up to and send them out towards the `Provider` set. In this way, it could facilitate the observability and monitoring of Flux related objects. @@ -205,4 +210,9 @@ This design ensures trace continuity even in challenging distributed environment ## Implementation History -* RFC implemented and generally available in Flux [v2.7.0](https://github.com/fluxcd/flux2/releases/tag/v2.7.0) + diff --git a/rfcs/0012-external-artifact/README.md b/rfcs/0012-external-artifact/README.md index c8d21bbf..602c4918 100644 --- a/rfcs/0012-external-artifact/README.md +++ b/rfcs/0012-external-artifact/README.md @@ -1,10 +1,10 @@ # RFC-0012 External Artifact -**Status:** implemented +**Status:** provisional **Creation date:** 2025-04-08 -**Last update:** 2026-03-13 +**Last update:** 2025-09-03 ## Summary @@ -319,4 +319,9 @@ control the adoption of the `ExternalArtifact` feature in their clusters. ## Implementation History -* RFC implemented and generally available in Flux [v2.7.0](https://github.com/fluxcd/flux2/releases/tag/v2.7.0) + diff --git a/tests/integration/go.mod b/tests/integration/go.mod index 9dd15723..1c4561af 100644 --- a/tests/integration/go.mod +++ b/tests/integration/go.mod @@ -11,10 +11,10 @@ require ( github.com/fluxcd/image-reflector-controller/api v1.0.4 github.com/fluxcd/kustomize-controller/api v1.7.3 github.com/fluxcd/notification-controller/api v1.7.5 - github.com/fluxcd/pkg/apis/event v0.25.0 - github.com/fluxcd/pkg/apis/meta v1.26.0 - github.com/fluxcd/pkg/git v0.46.0 - github.com/fluxcd/pkg/runtime v0.103.0 + github.com/fluxcd/pkg/apis/event v0.24.1 + github.com/fluxcd/pkg/apis/meta v1.25.1 + github.com/fluxcd/pkg/git v0.43.1 + github.com/fluxcd/pkg/runtime v0.100.4 github.com/fluxcd/source-controller/api v1.7.4 github.com/fluxcd/test-infra/tftestenv v0.0.0-20250626232827-e0ca9c3f8d7b github.com/go-git/go-git/v5 v5.16.5 @@ -66,9 +66,9 @@ require ( github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.9.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.16.0 // indirect + github.com/fluxcd/pkg/apis/kustomize v1.15.1 // indirect github.com/fluxcd/pkg/ssh v0.24.0 // indirect - github.com/fluxcd/pkg/version v0.14.0 // indirect + github.com/fluxcd/pkg/version v0.12.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.7.0 // indirect diff --git a/tests/integration/go.sum b/tests/integration/go.sum index c4f3ba6d..6b0e62eb 100644 --- a/tests/integration/go.sum +++ b/tests/integration/go.sum @@ -136,22 +136,22 @@ github.com/fluxcd/notification-controller/api v1.7.5 h1:6CO5bKyjodiK9exQFOdBcz0X github.com/fluxcd/notification-controller/api v1.7.5/go.mod h1:IciwSg8Q0pVtdbsyDyEXx/MxBKWeagxAazpm64C8oCE= github.com/fluxcd/pkg/apis/acl v0.9.0 h1:wBpgsKT+jcyZEcM//OmZr9RiF8klL3ebrDp2u2ThsnA= github.com/fluxcd/pkg/apis/acl v0.9.0/go.mod h1:TttNS+gocsGLwnvmgVi3/Yscwqrjc17+vhgYfqkfrV4= -github.com/fluxcd/pkg/apis/event v0.25.0 h1:zdwytvDhG+fk+Ywl5DOtv7TklkrVgM21WHm1f+YhleE= -github.com/fluxcd/pkg/apis/event v0.25.0/go.mod h1:TlK8HWYrTwl0raqBRC+ROoNpYW5fdVnwcwOBOx5Kzw8= -github.com/fluxcd/pkg/apis/kustomize v1.16.0 h1:PhWXEhqQqsisIpwp1/wHvTvo+MO+GGzsBPoN0ZnRE3Y= -github.com/fluxcd/pkg/apis/kustomize v1.16.0/go.mod h1:IZOy4CCtR/hxMGb7erK1RfbGnczVv4/dRBoVD37AywI= -github.com/fluxcd/pkg/apis/meta v1.26.0 h1:dxP1FfBpTCYso6odzRcltVnnRuBb2VyhhgV0VX9YbUE= -github.com/fluxcd/pkg/apis/meta v1.26.0/go.mod h1:c7o6mJGLCMvNrfdinGZehkrdZuFT9vZdZNrn66DtVD0= -github.com/fluxcd/pkg/git v0.46.0 h1:QMh0+ZzQ2jO6rIGj4ffR5trZ8g/cxvt8cVajReJ8Iyw= -github.com/fluxcd/pkg/git v0.46.0/go.mod h1:iHcIjx9c8zye3PQiajTJYxgOMRiy7WCs+hfLKDswpfI= -github.com/fluxcd/pkg/gittestserver v0.26.0 h1:+RZrCzFRsE+d5WaqAoqaPCEgcgv/jZp6+f7DS0+Ynb8= -github.com/fluxcd/pkg/gittestserver v0.26.0/go.mod h1:7fybYb0yej1fFNiF1ohs0Jr0XzyaZQ/cRh3AFEoCtuc= -github.com/fluxcd/pkg/runtime v0.103.0 h1:J5y5GPhWdkyqIUBlaI1FP2N02TtZmsjbWhhZubuTSFk= -github.com/fluxcd/pkg/runtime v0.103.0/go.mod h1:mbo2f3azo3yVQgm7XZGxQB6/2zvzQ5Wgtd8TjRRwwAw= +github.com/fluxcd/pkg/apis/event v0.24.1 h1:TClVdn02aiq3sAl9BuzLjjTIxm3JJ83fJ9nchtBa4qg= +github.com/fluxcd/pkg/apis/event v0.24.1/go.mod h1:TlK8HWYrTwl0raqBRC+ROoNpYW5fdVnwcwOBOx5Kzw8= +github.com/fluxcd/pkg/apis/kustomize v1.15.1 h1:t9QZh+3ZS8EKmlxrnnbcKZcGTrg8FDvMF1T8BHMCuqI= +github.com/fluxcd/pkg/apis/kustomize v1.15.1/go.mod h1:IZOy4CCtR/hxMGb7erK1RfbGnczVv4/dRBoVD37AywI= +github.com/fluxcd/pkg/apis/meta v1.25.1 h1:WG1GIC/SOz0GjxT0uVuO6AMicQ3yFsk6bDozCnq+fto= +github.com/fluxcd/pkg/apis/meta v1.25.1/go.mod h1:c7o6mJGLCMvNrfdinGZehkrdZuFT9vZdZNrn66DtVD0= +github.com/fluxcd/pkg/git v0.43.1 h1:lw29P44wueKzQk79KnYyvisfw//cxg0S4cDeTYx+Slo= +github.com/fluxcd/pkg/git v0.43.1/go.mod h1:3R/AjCe7ee7FqWcAG+2IiuJPOCxrGHF4SCGkuvKS6OQ= +github.com/fluxcd/pkg/gittestserver v0.25.1 h1:40Ridmy1xKxBM9ItDn012R4VKmaoDqzvGaC5g7xv+mw= +github.com/fluxcd/pkg/gittestserver v0.25.1/go.mod h1:7fybYb0yej1fFNiF1ohs0Jr0XzyaZQ/cRh3AFEoCtuc= +github.com/fluxcd/pkg/runtime v0.100.4 h1:rwvbeoeWN0BTJORJBISJJEkWn6DVfmWwynFl2GseWns= +github.com/fluxcd/pkg/runtime v0.100.4/go.mod h1:M6LjRJ1hIe2s6E2ykFfae1Xy/rLvOFQf2QquMKmN350= github.com/fluxcd/pkg/ssh v0.24.0 h1:hrPlxs0hhXf32DRqs68VbsXs0XfQMphyRVIk0rYYJa4= github.com/fluxcd/pkg/ssh v0.24.0/go.mod h1:xWammEqalrpurpcMiixJRXtynRQtBEoqheyU5F/vWrg= -github.com/fluxcd/pkg/version v0.14.0 h1:T3llSc8sUnsuFrW5ng2ePSfXwGXUKv0YG9QXf0ErhWw= -github.com/fluxcd/pkg/version v0.14.0/go.mod h1:YHdg/78kzf+kCqS+SqSOiUxum5AjxlixiqwpX6AUZB8= +github.com/fluxcd/pkg/version v0.12.0 h1:MGbdbNf2D5wazMqAkNPn+Lh5j+oY0gxQJFTGyet5Hfc= +github.com/fluxcd/pkg/version v0.12.0/go.mod h1:YHdg/78kzf+kCqS+SqSOiUxum5AjxlixiqwpX6AUZB8= github.com/fluxcd/source-controller/api v1.7.4 h1:+EOVnRA9LmLxOx7J273l7IOEU39m+Slt/nQGBy69ygs= github.com/fluxcd/source-controller/api v1.7.4/go.mod h1:ruf49LEgZRBfcP+eshl2n9SX1MfHayCcViAIGnZcaDY= github.com/fluxcd/test-infra/tftestenv v0.0.0-20250626232827-e0ca9c3f8d7b h1:FSPtvaVgL8azcyweqLmD71elAw4vozuXH/QvsJQ7tg0=