diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..d35438a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'possible-bug 🐛' +assignees: '' +--- + +### Environment +Device and OS: +App/package versions: +Kubernetes distro being used: +Other: + +### Steps to reproduce +1. + +### Expected result + +### Actual Result + +### Visual Proof (screenshots, videos, text, etc) + +### Severity/Priority + +### Additional Context +Add any other context or screenshots about the technical debt here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..b25e1c3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,22 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: 'enhancement ✨' +assignees: '' +--- + +### Is your feature request related to a problem? Please describe. +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +### Describe the solution you'd like + +- **Given** a state +- **When** an action is taken +- **Then** something happens + +### Describe alternatives you've considered +(optional) A clear and concise description of any alternative solutions or features you've considered. + +### Additional context +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/tech_debt.md b/.github/ISSUE_TEMPLATE/tech_debt.md new file mode 100644 index 0000000..545d0b9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/tech_debt.md @@ -0,0 +1,16 @@ +--- +name: Tech debt +about: Record something that should be investigated or refactored in the future. +title: '' +labels: 'tech-debt 💳' +assignees: '' +--- + +### Describe what should be investigated or refactored +A clear and concise description of what should be changed/researched. Ex. This piece of the code is not DRY enough [...] + +### Links to any relevant code +(optional) i.e. - https://github.com/defenseunicorns/uds-package-valkey/blob/main/README.md?plain=1#L1 + +### Additional context +Add any other context or screenshots about the technical debt here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..045be6a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,20 @@ +## Description + +... + +## Related Issue + +Fixes # + +Relates to # + +## Type of change + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Other (security config, docs update, etc) + +## Checklist before merging + +- [ ] Test, docs, adr added or updated as needed +- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-valkey/blob/main/CONTRIBUTING.md#developer-workflow) followed diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml new file mode 100644 index 0000000..3963052 --- /dev/null +++ b/.github/workflows/ci-docs-shim.yaml @@ -0,0 +1,20 @@ +name: CI Docs Shim + +on: + pull_request: + branches: [main] + types: [milestoned, opened, synchronize] + +jobs: + run-test: + name: ${{ matrix.type }} ${{ matrix.flavor }} + runs-on: ubuntu-latest + timeout-minutes: 20 + strategy: + matrix: + flavor: [upstream] + type: [install, upgrade] + steps: + - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }} + run: | + echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful." diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml new file mode 100644 index 0000000..f4bb92a --- /dev/null +++ b/.github/workflows/commitlint.yaml @@ -0,0 +1,11 @@ +name: Metadata + +on: + pull_request: + branches: [main] + types: [milestoned, opened, edited, synchronize] + +jobs: + validate: + name: Validate + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..4e0d85a --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,35 @@ +name: Scan + +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + branches: [main] + types: [milestoned, opened, synchronize] + +jobs: + validate: + runs-on: ubuntu-latest + name: Lint + permissions: + contents: read # Allows reading the repo contents + + steps: + - name: Checkout + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + + - name: Environment setup + uses: defenseunicorns/uds-common/.github/actions/setup@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + with: + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} + + - name: Install lint deps + run: | + uds run lint:deps + + - name: Lint the repository + run: | + uds run lint:yaml diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml new file mode 100644 index 0000000..b4a568d --- /dev/null +++ b/.github/workflows/scorecard.yaml @@ -0,0 +1,50 @@ +name: Scorecards supply-chain security +on: + # Only the default branch is supported. + branch_protection_rule: + schedule: + - cron: '30 1 * * 6' + push: + branches: ["main"] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecards analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Used to receive a badge. + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + with: + sarif_file: results.sarif diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml new file mode 100644 index 0000000..67c7e6b --- /dev/null +++ b/.github/workflows/tag-and-release.yaml @@ -0,0 +1,56 @@ +name: Publish UDS Package Valkey + +on: + push: + branches: + - main + +permissions: + contents: read + packages: write + +jobs: + tag-new-version: + name: Tag New Version + permissions: write-all + runs-on: ubuntu-latest + outputs: + release_created: ${{ steps.release-flag.outputs.release_created }} + steps: + - name: Create release tag + id: tag + uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4.1.0 + - id: release-flag + run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT + + publish-package: + needs: tag-new-version + if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} + runs-on: ubuntu-latest + name: Publish ${{ matrix.flavor }} + strategy: + matrix: + flavor: [upstream] + + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + + - name: Environment setup + uses: defenseunicorns/uds-common/.github/actions/setup@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + with: + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish Package + run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }} + + - name: Save logs + if: always() + uses: defenseunicorns/uds-common/.github/actions/save-logs@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + with: + suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..4c674e9 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,68 @@ +name: Test + +on: + pull_request: + branches: [main] + types: [milestoned, opened, synchronize] + paths-ignore: + - "**.md" + - "**.jpg" + - "**.png" + - "**.gif" + - "**.svg" + - "adr/**" + - "docs/**" + - ".gitignore" + - "renovate.json" + - ".release-please-config.json" + - "release-please-config.json" + - "oscal-component.yaml" + - "CODEOWNERS" + - "LICENSE" + - "CONTRIBUTING.md" + - "SECURITY.md" + + +# Abort prior jobs in the same workflow / PR +concurrency: + group: test-${{ github.ref }}-${{ inputs.package }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + test: + name: ${{ matrix.type }} ${{ matrix.flavor }} + runs-on: ubuntu-latest + strategy: + matrix: + flavor: [upstream] + type: [install] + + steps: + - name: Checkout repository + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + + - name: Environment setup + uses: defenseunicorns/uds-common/.github/actions/setup@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + with: + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} + + - name: Test + uses: defenseunicorns/uds-common/.github/actions/test@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + with: + flavor: ${{ matrix.flavor }} + type: ${{ matrix.type }} + + - name: Debug Output + if: ${{ always() }} + uses: defenseunicorns/uds-common/.github/actions/debug-output@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + + - name: Save logs + if: always() + uses: defenseunicorns/uds-common/.github/actions/save-logs@7cb81b1d4d9853c838200906e17a1c798a2d835e # v0.4.6 + with: + suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..4434e6b --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "1.11.0-uds.1" +} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..d0ca929 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,16 @@ +{ + "yaml.schemas": { + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [ + "uds-bundle.yaml" + ], + + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [ + "tasks.yaml", + "tasks/**/*.yaml", + "src/**/validate.yaml" + ], + "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.33.1/zarf.schema.json": [ + "zarf.yaml" + ] + }, +} diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..0b01b80 --- /dev/null +++ b/.yamllint @@ -0,0 +1,37 @@ +yaml-files: + - '**/*.y*ml' + - '.yamllint' + +# Ignore files from upstream +ignore: + - '**/chart/templates**' + + +rules: + anchors: enable + braces: enable + brackets: enable + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: disable + float-values: disable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: enable + new-lines: enable + octal-values: disable + quoted-strings: disable + trailing-spaces: enable + truthy: + level: warning diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..d8a4bcf --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,6 @@ +# This repository is owned by the Software Factory Team +/* @defenseunicorns/swf + +# Additional privileged files +/CODEOWNERS @jeff-mccoy @austenbryan +/LICENSE @jeff-mccoy @austenbryan diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..50974f8 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,5 @@ +# Welcome to the Valkey UDS Package + +Thank you for your interest in this Defense Unicorns UDS Package! + +This package is part of Defense Unicorns' UDS Software Factory and follows the contributing guidelines outlined in that repositories' [CONTRIBUTING.md](https://github.com/defenseunicorns/uds-software-factory/blob/main/CONTRIBUTING.md) file. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8dd2f88 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Defense Unicorns + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..cab5287 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# uds-package-valkey + +> [!WARNING] +> `uds-package-valkey` is in early alpha and is not ready for general consumption. + +## Prerequisites + +- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production environments. + +- [UDS CLI](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) v0.9.2 or later + +## Flavors + +| Flavor | Description | Example Creation | +| ------ | ----------- | ---------------- | +| upstream | Uses upstream images within the package. | `uds zarf package create . -f upstream` | + +Note: there is _not_ currently a registry1 flavor as Iron Bank does not have any `valkey` images yet. + +## Releases + +The released packages can be found in [ghcr](https://github.com/defenseunicorns/uds-package-valkey/pkgs/container/packages%2Fuds%valkey). + +## UDS Tasks (for local dev and CI) + +*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) + +After installing uds-cli, for a list of available tasks that can be run in this repository execute the following command: + +`uds run --list` + +## Contributing + +Please see the [CONTRIBUTING.md](./CONTRIBUTING.md) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..558eb01 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +As [UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory) has not yet reached v1.0.0, only the current latest minor release is supported. + +## Reporting a Vulnerability + +Please email `security-notice [at] defenseunicorns.com` to report a vulnerability. If you are unable to disclose details via email, please let us know and we can coordinate alternate communications. diff --git a/adr/0001-record-architecture-decisions.md b/adr/0001-record-architecture-decisions.md new file mode 100644 index 0000000..018c179 --- /dev/null +++ b/adr/0001-record-architecture-decisions.md @@ -0,0 +1,23 @@ +# 1. Record architecture decisions + +Date: 2024-06-10 + +## Status + +Accepted + +## Context + +> NOTE: +> +> This file was automatically created when we used [adr-tools](https://github.com/npryce/adr-tools) to initialize the document log in the repo. ADRs on ADRs are a little silly, but it does give a lightweight way to direct the reader over to our contributor guide that has a lot more information. + +We need to record the architectural decisions made on this project. + +## Decision + +We will use Architecture Decision Records, as [described by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions), with a couple of small tweaks. See the [Documentation section in the Contributor guide](../CONTRIBUTING.md#documentation) for full details. + +## Consequences + +See Michael Nygard's article, linked above. For a lightweight ADR toolset, see Nat Pryce's [adr-tools](https://github.com/npryce/adr-tools). diff --git a/adr/template.md b/adr/template.md new file mode 100644 index 0000000..596fb25 --- /dev/null +++ b/adr/template.md @@ -0,0 +1,19 @@ +# NUMBER. TITLE + +Date: DATE + +## Status + +STATUS + +## Context + +The issue motivating this decision, and any context that influences or constrains the decision. + +## Decision + +The change that we're proposing or have agreed to implement. + +## Consequences + +What becomes easier or more difficult to do and any risks introduced by the change that will need to be mitigated. diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml new file mode 100644 index 0000000..9d5d6ba --- /dev/null +++ b/bundle/uds-bundle.yaml @@ -0,0 +1,39 @@ +kind: UDSBundle +metadata: + name: valkey-test + description: A UDS bundle for deploying Valkey and on a development cluster + # x-release-please-start-version + version: 7.2.5-uds.0 + # x-release-please-end + +packages: + - name: valkey + path: ../ + # x-release-please-start-version + ref: 7.2.5-uds.0 + # x-release-please-end + overrides: + valkey: + uds-valkey-config: + values: + - path: custom + value: + - direction: Ingress + selector: + app.kubernetes.io/name: valkey + remoteNamespace: valkey-cli + remoteSelector: + app: valkey-cli + port: 6379 + description: "Ingress from Valkey CLI (for tests)" + valkey: + variables: + - name: VALKEY_RESOURCES + path: "master.resources" + default: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml new file mode 100644 index 0000000..e69de29 diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..20ce7ce --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: chart +description: uds-valkey-config + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml new file mode 100644 index 0000000..7d36246 --- /dev/null +++ b/chart/templates/uds-package.yaml @@ -0,0 +1,28 @@ +apiVersion: uds.dev/v1alpha1 +kind: Package +metadata: + name: valkey + namespace: {{ .Release.Namespace }} +spec: + network: + allow: + - direction: Ingress + remoteGenerated: IntraNamespace + - direction: Egress + remoteGenerated: IntraNamespace + + # Custom rules to allow clients to connect + {{- range .Values.custom }} + - direction: {{ .direction }} + selector: + {{ .selector | toYaml | nindent 10 }} + {{- if not .remoteGenerated }} + remoteNamespace: {{ .remoteNamespace }} + remoteSelector: + {{ .remoteSelector | toYaml | nindent 10 }} + port: {{ .port }} + {{- else }} + remoteGenerated: {{ .remoteGenerated }} + {{- end }} + description: {{ .description }} + {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..58cd9a7 --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1 @@ +custom: [] diff --git a/common/zarf.yaml b/common/zarf.yaml new file mode 100644 index 0000000..c53eff3 --- /dev/null +++ b/common/zarf.yaml @@ -0,0 +1,39 @@ +kind: ZarfPackageConfig +metadata: + name: uds-valkey-common + description: "UDS Valkey Common" + url: https://github.com/valkey-io/valkey + +components: + - name: valkey + required: true + charts: + - name: uds-valkey-config + namespace: valkey + version: 0.1.0 + localPath: ../chart + - name: valkey + version: 0.3.5 + namespace: valkey + url: oci://registry-1.docker.io/bitnamicharts/valkey + valuesFiles: + - ../values/values.yaml + actions: + onDeploy: + after: + - description: Validate Valkey Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: valkey + namespace: valkey + condition: "'{.status.phase}'=Ready" + - description: Valkey to be Healthy + maxTotalSeconds: 90 + wait: + cluster: + kind: pod + name: app.kubernetes.io/name=valkey + namespace: valkey + condition: Ready diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..1064e8f --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,24 @@ +{ + "packages": { + ".": { + "changelog-path": "CHANGELOG.md", + "changelog-sections": [ + { "type": "feat", "section": "Features", "hidden": false }, + { "type": "fix", "section": "Bug Fixes", "hidden": false }, + { "type": "chore", "section": "Miscellaneous", "hidden": false } + ], + "release-type": "simple", + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "draft": false, + "versioning": "prerelease", + "prerelease-type": "uds", + "extra-files": [ + "bundle/uds-bundle.yaml", + "tasks/publish.yaml", + "zarf.yaml" + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..e0f1868 --- /dev/null +++ b/renovate.json @@ -0,0 +1,24 @@ +{ + "enabled": true, + "forkProcessing": "enabled", + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "github>defenseunicorns/uds-common//config/renovate.json5", + ":semanticCommits", + ":semanticCommitTypeAll(chore)" + ], + "packageRules": [ + { + "groupName": "Valkey Support Dependencies", + "labels": ["support-deps"], + "commitMessageTopic": "support-deps", + "packagePatterns": ["*"] + }, + { + "groupName": "Valkey Package Dependencies", + "labels": ["package-deps"], + "commitMessageTopic": "package-deps", + "matchDatasources": ["docker", "helm", "git-tags"] + } + ] +} diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 0000000..f0e43c3 --- /dev/null +++ b/tasks.yaml @@ -0,0 +1,65 @@ +includes: + - test: ./tasks/test.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/setup.yaml + +tasks: + - name: default + description: Create K3D Cluster with UDS-Core-Istio + Valkey + actions: + - task: create-vk-test-bundle + - task: setup:k3d-test-cluster + - task: deploy:test-bundle + + - name: create-vk-package + description: Create UDS Valkey Package + actions: + - task: create:package + with: + options: "--skip-sbom" + + - name: create-vk-test-bundle + description: Create UDS Valkey bundle + actions: + - task: create-vk-package + - task: create:test-bundle + + - name: create-vk-latest-release-bundle + description: Create UDS Valkey bundle based on the latest release + actions: + - task: pull:latest-package-release + with: + spoof_release: "true" + - task: create:test-bundle + + - name: dev + description: Deploy Valkey on existing cluster + actions: + - task: create-vk-package + - task: create-vk-test-bundle + - task: deploy:test-bundle + +# CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names + + - name: test-package + description: Test the health of a Valkey deployment + actions: + - task: create-vk-test-bundle + - task: setup:k3d-test-cluster + - task: deploy:test-bundle + - task: test:health-check + - task: test:setup-data-stores + + - name: test-upgrade + description: Test an upgrade from the latest released package to the current branch + actions: + - task: create-vk-latest-release-bundle + - task: setup:k3d-test-cluster + - task: deploy:test-bundle + - task: create-vk-test-bundle + - task: deploy:test-bundle + - task: test:health-check + - task: test:setup-data-stores diff --git a/tasks/publish.yaml b/tasks/publish.yaml new file mode 100644 index 0000000..1742c17 --- /dev/null +++ b/tasks/publish.yaml @@ -0,0 +1,24 @@ +includes: + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.6/tasks/publish.yaml + +tasks: + - name: package + description: Build and publish the packages + actions: + - description: Create the AMD64 package + task: create:package + with: + architecture: amd64 + + - description: Create the ARM64 package + task: create:package + with: + architecture: arm64 + + - description: Publish the packages + task: publish:package + with: + # x-release-please-start-version + version: "7.2.5-uds.0" + # x-release-please-end diff --git a/tasks/test.yaml b/tasks/test.yaml new file mode 100644 index 0000000..06afa93 --- /dev/null +++ b/tasks/test.yaml @@ -0,0 +1,17 @@ +tasks: + - name: setup-data-stores + actions: + - description: Create the data store test package for the Valkey instance + cmd: uds zarf package create tests --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom --no-progress + - description: Deploy the test package into the cluster + cmd: uds zarf package deploy zarf-package-valkey-test-${UDS_ARCH}-0.1.0.tar.zst --confirm --no-progress + + - name: health-check + actions: + - description: Valkey Status + wait: + cluster: + kind: pod + name: app.kubernetes.io/name=valkey + namespace: valkey + condition: Ready diff --git a/tests/valkey/namespace.yaml b/tests/valkey/namespace.yaml new file mode 100644 index 0000000..039041c --- /dev/null +++ b/tests/valkey/namespace.yaml @@ -0,0 +1,5 @@ +kind: Namespace +metadata: + name: valkey-cli + labels: + istio-injection: enabled diff --git a/tests/valkey/valkey-cli.yaml b/tests/valkey/valkey-cli.yaml new file mode 100644 index 0000000..ed0aa14 --- /dev/null +++ b/tests/valkey/valkey-cli.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Pod +metadata: + name: valkey-cli + namespace: valkey-cli + labels: + app: valkey-cli +spec: + containers: + - name: valkey-cli + image: docker.io/bitnami/valkey:7.2.5-debian-12-r5 + command: ["/bin/sh"] + args: ["-c", "while true; do echo hello; sleep 10;done"] + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi diff --git a/tests/zarf.yaml b/tests/zarf.yaml new file mode 100644 index 0000000..d3f7f59 --- /dev/null +++ b/tests/zarf.yaml @@ -0,0 +1,34 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: valkey-test + description: "A test that Valkey can be connected to and is functional" + version: 0.1.0 + +components: + - name: test-valkey-connectivity + required: true + manifests: + - name: valkey-cli + namespace: valkey-cli + files: + - valkey/namespace.yaml + - valkey/valkey-cli.yaml + images: + - docker.io/bitnami/valkey:7.2.5-debian-12-r5 + actions: + onDeploy: + after: + - cmd: ./zarf tools kubectl get secret -n valkey valkey --template='{{ index .data "valkey-password" }}' | base64 -d + mute: true + setVariables: + - name: VALKEY_PASSWORD + sensitive: true + - cmd: | + ./zarf tools kubectl exec -n valkey-cli valkey-cli -c valkey-cli -- \ + sh -c "echo \"ping\\nset foo bar\\nget foo\" | valkey-cli -h valkey-master.valkey.svc.cluster.local -a ${ZARF_VAR_VALKEY_PASSWORD}" + setVariables: + - name: VALKEY_OUTPUT + - cmd: echo ${ZARF_VAR_VALKEY_OUTPUT} | grep PONG + - cmd: echo ${ZARF_VAR_VALKEY_OUTPUT} | grep OK + - cmd: echo ${ZARF_VAR_VALKEY_OUTPUT} | grep bar diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml new file mode 100644 index 0000000..c7128b4 --- /dev/null +++ b/values/upstream-values.yaml @@ -0,0 +1,4 @@ +image: + registry: docker.io + repository: bitnami/valkey + tag: 7.2.5-debian-12-r5 diff --git a/values/values.yaml b/values/values.yaml new file mode 100644 index 0000000..dfef688 --- /dev/null +++ b/values/values.yaml @@ -0,0 +1 @@ +architecture: standalone diff --git a/version.txt b/version.txt new file mode 100644 index 0000000..c04c0da --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +7.2.5-uds.0 diff --git a/zarf.yaml b/zarf.yaml new file mode 100644 index 0000000..c22dfc3 --- /dev/null +++ b/zarf.yaml @@ -0,0 +1,22 @@ +kind: ZarfPackageConfig +metadata: + name: valkey + description: "A deployment of Valkey (a Redis alternative by the Linux Foundation)" + url: https://github.com/valkey-io/valkey + # x-release-please-start-version + version: "7.2.5-uds.0" + # x-release-please-end + +components: + - name: valkey + required: true + only: + flavor: upstream + import: + path: common + charts: + - name: valkey + valuesFiles: + - ./values/upstream-values.yaml + images: + - docker.io/bitnami/valkey:7.2.5-debian-12-r5