Merge pull request #46 from defenseunicorns/feat-enable-confluence-cl…

…ustering-by-default
defenseunicorns · Oct 18, 2024 · d37add8 · d37add8
2 parents 800e0db + b42a688
commit d37add8
Show file tree

Hide file tree

Showing 36 changed files with 446 additions and 293 deletions.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: CI Docs Shim
 
 on:
@@ -6,15 +9,13 @@ on:
     types: [milestoned, opened, synchronize]
 
 jobs:
-  run-test:
-    name: ${{ matrix.type }} ${{ matrix.flavor }}
-    runs-on: "ubuntu-latest"
-    timeout-minutes: 20
+  validate:
     strategy:
       matrix:
-        flavor: [upstream, registry1]
         type: [install, upgrade]
-    steps:
-      - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
-        run: |
-          echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."
+        flavor: [upstream, registry1]
+    uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
+    with:
+      flavor: ${{ matrix.flavor }}
+      type: ${{ matrix.type }}
+    secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -1,15 +1,13 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: Metadata
 
 on:
-  # This workflow is triggered on pull requests to the main branch.
   pull_request:
     branches: [main]
     types: [milestoned, opened, edited, synchronize]
 
-  # This allows other repositories to call this workflow in a reusable way
-  workflow_call:
-
 jobs:
   validate:
-    name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
+    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -1,35 +1,15 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: Scan
 
 on:
   # This workflow is triggered on pull requests to the main branch.
   pull_request:
-    branches: [main]
-    types: [milestoned, opened, synchronize]
+    # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
+    types: [milestoned, opened, reopened, synchronize]
 
 jobs:
   validate:
-    runs-on: ubuntu-latest
-    name: Lint
-    permissions:
-      contents: read # Allows reading the repo contents
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0
-
-      - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
-        with:
-          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
-          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
-          ghToken: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install lint deps
-        run: |
-          uds run lint:deps --no-progress
-
-      - name: Lint the repository
-        run: |
-          uds run lint:yaml --no-progress
+    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
+    secrets: inherit
diff --git a/.github/workflows/pull-request-conditionals.yaml b/.github/workflows/pull-request-conditionals.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Setup
+
+# This workflow is triggered on pull requests to the main branch.
+on:
+  pull_request:
+    paths:
+      - ".github/**"
+      - "bundle/**"
+      - "values/**"
+      - "tasks/**"
+      - "tests/**"
+      - "tasks.yaml"
+      - "zarf.yaml"
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  id-token: write # Needed for OIDC-related operations.
+  contents: read # Allows reading the content of the repository.
+  pull-requests: read # Allows reading pull request metadata.
+
+# Default settings for all run commands in the workflow jobs.
+defaults:
+  run:
+    shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
+
+jobs:
+  run-test:
+    name: Test
+    uses: ./.github/workflows/test.yaml
+    secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,45 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+  packages: read # Allows reading the content of the repository's packages.
+  id-token: write
+
+jobs:
+  tag-new-version:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create Release Tag
+        id: tag
+        uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT"
+
+  publish:
+    permissions:
+      contents: read # Allows reading the content of the repository.
+      packages: write # Allows reading the content of the repository's packages.
+      id-token: write
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
+        architecture: [amd64]
+    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
+    with:
+      flavor: ${{ matrix.flavor }}
+      runsOn: uds-marketplace-ubuntu-big-boy-4-core
+    secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: Scorecards supply-chain security
 on:
   # Only the default branch is supported.
@@ -11,40 +14,11 @@ on:
 permissions: read-all
 
 jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-latest
+  validate:
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
       # Used to receive a badge.
       id-token: write
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
-        with:
-          sarif_file: results.sarif
+    uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
+    secrets: inherit
diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: Test
 
 # This workflow is triggered on pull requests to the main branch.
@@ -30,60 +33,34 @@ concurrency:
 
 permissions:
   contents: read
+  id-token: write
+  packages: read
 
 jobs:
-  run-test:
-    name: ${{ matrix.type }} ${{ matrix.flavor }}
-    runs-on: uds-marketplace-ubuntu-big-boy-4-core
-    timeout-minutes: 25
-    strategy:
-      matrix:
-        flavor: [upstream, registry1]
-        type: [install, upgrade]
-
+  check-flavor:
+    runs-on: uds-marketplace-ubuntu-big-boy-8-core
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-      - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
-        with:
-          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
-          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
-          ghToken: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Test
-        uses: defenseunicorns/uds-common/.github/actions/test-deploy@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
-        with:
-          flavor: ${{ matrix.flavor }}
-          type: ${{ matrix.type }}
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
-      - name: Save logs
-        if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
-        with:
-          suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
+      - name: test-flavor
+        uses: defenseunicorns/uds-common/.github/actions/test-flavor@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
+        id: test-flavor
+    outputs:
+      upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
 
-      - name: Print cluster info
-        if: always()
-        shell: bash -e -o pipefail {0}
-        run: |
-          kubectl get nodes -o wide
-
-      - name: Print pod info
-        if: always()
-        shell: bash -e -o pipefail {0}
-        run: |
-          kubectl get pods -A -o wide
-
-      - name: Print service info
-        if: always()
-        shell: bash -e -o pipefail {0}
-        run: |
-          kubectl get svc -A -o wide
-
-      - name: Print events
-        if: always()
-        shell: bash -e -o pipefail {0}
-        run: |
-          kubectl get events -A -o wide
+  validate:
+    needs: check-flavor
+    strategy:
+      fail-fast: false
+      matrix:
+        type: [install, upgrade]
+        flavor: [upstream, registry1]
+    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
+    with:
+      runsOn: uds-marketplace-ubuntu-big-boy-8-core
+      upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}
+      flavor: ${{ matrix.flavor }}
+      type: ${{ matrix.type }}
+      reports-path: "tests/.playwright/reports/"
+    secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.6.0

diff --git a/LICENSE → LICENSE.md b/LICENSE → LICENSE.md
diff --git a/LICENSING.md b/LICENSING.md
@@ -0,0 +1,18 @@
+# Dual Licensing
+
+This software is licensed under either of:
+
+- GNU Affero General Public License v3.0 (AGPLv3), see [LICENSE.md](./LICENSE.md)
+- Defense Unicorns Commercial License, see below
+
+## Defense Unicorns Commercial License
+
+The use of this software under a commercial license is subject to the individual
+terms of the license agreement between the licensee and Defense Unicorns. The
+content of this license depends on the specific agreement and may vary. For
+more information about obtaining a commercial license, please contact
+Defense Unicorns at [defenseunicorns.com](https://defenseunicorns.com).
+
+To use this software under the commercial license, you must have a valid license
+agreement with Defense Unicorns. The terms of the Defense Unicorns, Inc. license
+agreement supplant and supersede the terms of the AGPL v3 license.