merge main

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

.github/workflows/ah-lint.yaml

@@ -0,0 +1,27 @@
+name: ArtifactHub Lint
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  required:
+    runs-on: ubuntu-latest
+    container:
+      image: artifacthub/ah
+      options: --user root
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Run ah lint
+        working-directory: ./charts/
+        run: |
+          set -e
+          ah lint

.github/workflows/check-actions.yaml

@@ -23,7 +23,7 @@ jobs:
           docker-images: true
           swap-storage: false
       - name: Checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Ensure SHA pinned actions
         uses: zgosalvez/github-actions-ensure-sha-pinned-actions@f32435541e24cd6a4700a7f52bb2ec59e80603b1 # v2.1.4
         with:

.github/workflows/codegen.yaml

@@ -27,7 +27,7 @@ jobs:
           docker-images: true
           swap-storage: false
       - name: Checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: go.mod

.github/workflows/ct-lint.yaml

@@ -0,0 +1,33 @@
+name: CT Lint
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  required:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+      - name: Set up Helm
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
+      - name: Setup python
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: 3.7
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
+      - name: Run chart-testing (lint)
+        run: |
+          set -e
+          ct lint --target-branch=main --check-version-increment=false

.github/workflows/helm-install.yaml

@@ -0,0 +1,32 @@
+name: Helm install
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  required:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version-file: go.mod
+          cache-dependency-path: go.sum
+      - name: Create cluster
+        run: |
+          set -e
+          make kind-create
+      - name: Install chart
+        run: |
+          set -e
+          make kind-install

.github/workflows/lint.yaml

@@ -27,7 +27,7 @@ jobs:
           docker-images: true
           swap-storage: false
       - name: Checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: go.mod

.github/workflows/release.yaml

@@ -26,7 +26,7 @@ jobs:
           docker-images: true
           swap-storage: false
       - name: Checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
       - name: Fetch all tags

.github/workflows/tests.yaml

@@ -27,7 +27,7 @@ jobs:
           docker-images: true
           swap-storage: false
       - name: Checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: go.mod

.gitignore

@@ -1,6 +1,6 @@
 .DS_Store
 .tools
 .gopath
-kyverno-json
+/kyverno-json
 website/site
 playground/assets/main.wasm

Makefile

@@ -1,5 +1,24 @@
 .DEFAULT_GOAL := build
 
+##########
+# CONFIG #
+##########
+
+ORG                                ?= kyverno
+PACKAGE                            ?= github.com/$(ORG)/kyverno-json
+KIND_IMAGE                         ?= kindest/node:v1.28.0
+KIND_NAME                          ?= kind
+GIT_SHA                            := $(shell git rev-parse HEAD)
+GOOS                               ?= $(shell go env GOOS)
+GOARCH                             ?= $(shell go env GOARCH)
+REGISTRY                           ?= ghcr.io
+REPO                               ?= kyverno-json
+LOCAL_PLATFORM                     := linux/$(GOARCH)
+KO_REGISTRY                        := ko.local
+KO_PLATFORMS                       := all
+KO_TAGS                            := $(GIT_SHA)
+KO_CACHE                           ?= /tmp/ko-cache
+
 #########
 # TOOLS #
 #########
@@ -17,7 +36,11 @@ REFERENCE_DOCS                     := $(TOOLS_DIR)/genref
 REFERENCE_DOCS_VERSION             := latest
 KIND                               := $(TOOLS_DIR)/kind
 KIND_VERSION                       := v0.20.0
-TOOLS                              := $(CLIENT_GEN) $(LISTER_GEN) $(INFORMER_GEN) $(REGISTER_GEN) $(DEEPCOPY_GEN) $(CONTROLLER_GEN) $(REFERENCE_DOCS) $(KIND)
+HELM                               := $(TOOLS_DIR)/helm
+HELM_VERSION                       := v3.10.1
+KO                                 := $(TOOLS_DIR)/ko
+KO_VERSION                         := v0.14.1
+TOOLS                              := $(CLIENT_GEN) $(LISTER_GEN) $(INFORMER_GEN) $(REGISTER_GEN) $(DEEPCOPY_GEN) $(CONTROLLER_GEN) $(REFERENCE_DOCS) $(KIND) $(HELM) $(KO)
 PIP                                ?= "pip"
 ifeq ($(GOOS), darwin)
 SED                                := gsed
@@ -58,6 +81,14 @@ $(KIND):
 	@echo Install kind... >&2
 	@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@$(KIND_VERSION)
 
+$(HELM):
+	@echo Install helm... >&2
+	@GOBIN=$(TOOLS_DIR) go install helm.sh/helm/v3/cmd/helm@$(HELM_VERSION)
+
+$(KO):
+	@echo Install ko... >&2
+	@GOBIN=$(TOOLS_DIR) go install github.com/google/ko@$(KO_VERSION)
+
 .PHONY: install-tools
 install-tools: $(TOOLS) ## Install tools
 
@@ -72,7 +103,6 @@ clean-tools: ## Remove installed tools
 
 CLI_BIN        := kyverno-json
 CGO_ENABLED    ?= 0
-GOOS           ?= $(shell go env GOOS)
 ifdef VERSION
 LD_FLAGS       := "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(VERSION)"
 else
@@ -106,17 +136,20 @@ serve: build-wasm ## Serve static files.
 	@echo Serve playground... >&2
 	@python3 -m http.server -d playground/ 8080
 
+.PHONY: ko-build
+ko-build: $(KO) ## Build image (with ko)
+	@echo Build image with ko... >&2
+	@LDFLAGS=$(LD_FLAGS) KOCACHE=$(KO_CACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build . --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)
+
 ###########
 # CODEGEN #
 ###########
 
-ORG                         ?= kyverno
-PACKAGE                     ?= github.com/$(ORG)/kyverno-json
 GOPATH_SHIM                 := ${PWD}/.gopath
 PACKAGE_SHIM                := $(GOPATH_SHIM)/src/$(PACKAGE)
 INPUT_DIRS                  := $(PACKAGE)/pkg/apis/v1alpha1
 CRDS_PATH                   := ${PWD}/config/crds
-KIND_IMAGE                  ?= kindest/node:v1.28.0
 INPUT_DIRS                  := $(PACKAGE)/pkg/apis/v1alpha1
 OUT_PACKAGE                 := $(PACKAGE)/pkg/client
 CLIENTSET_PACKAGE           := $(OUT_PACKAGE)/clientset
@@ -178,20 +211,11 @@ codegen-crds: $(CONTROLLER_GEN) ## Generate CRDs
 	@rm -rf pkg/data/crds && mkdir -p pkg/data/crds
 	@cp config/crds/* pkg/data/crds
 
-.PHONY: codegen-api-docs-md
-codegen-api-docs-md: $(REFERENCE_DOCS) ## Generate markdown API docs
-	@echo Generate md api docs... >&2
-	@rm -rf ./docs/user/apis/md
-	@cd ./docs/user/apis/_config && $(REFERENCE_DOCS) -c config.yaml -f markdown -o ../md
-
-.PHONY: codegen-api-docs-html
-codegen-api-docs-html: $(REFERENCE_DOCS) ## Generate html API docs
-	@echo Generate html api docs... >&2
-	@rm -rf ./docs/user/apis/html
-	@cd ./docs/user/apis/_config && $(REFERENCE_DOCS) -c config.yaml -f html -o ../html
-
 .PHONY: codegen-api-docs
-codegen-api-docs: codegen-api-docs-md codegen-api-docs-html ## Generate API docs
+codegen-api-docs: $(REFERENCE_DOCS) ## Generate API docs
+	@echo Generate md api docs... >&2
+	@rm -rf ./website/docs/apis
+	@cd ./website/apis && $(REFERENCE_DOCS) -c config.yaml -f markdown -o ../docs/apis
 
 .PHONY: codegen-cli-docs
 codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs
@@ -211,15 +235,14 @@ codegen-catalog: ## Generate policy catalog
 	@go run ./hack/docs/catalog/main.go
 
 .PHONY: codegen-docs
-codegen-docs: codegen-api-docs-md codegen-cli-docs codegen-jp-docs codegen-catalog ## Generate docs
+codegen-docs: codegen-api-docs codegen-cli-docs codegen-jp-docs codegen-catalog ## Generate docs
 
 .PHONY: codegen-mkdocs
 codegen-mkdocs: codegen-docs ## Generate mkdocs website
 	@echo Generate mkdocs website... >&2
 	@pip install mkdocs
 	@pip install --upgrade pip
 	@pip install -U mkdocs-material mkdocs-redirects mkdocs-minify-plugin mkdocs-include-markdown-plugin lunr mkdocs-rss-plugin
-	@rm -rf ./website/docs/apis && mkdir -p ./website/docs/apis && cp docs/user/apis/md/* ./website/docs/apis
 	@rm -rf ./website/docs/commands && mkdir -p ./website/docs/commands && cp docs/user/commands/* ./website/docs/commands
 	@rm -rf ./website/docs/jp && mkdir -p ./website/docs/jp && cp docs/user/jp/* ./website/docs/jp
 	@mkdocs build -f ./website/mkdocs.yaml
@@ -252,8 +275,29 @@ codegen-playground: build-wasm ## Generate playground
 	@echo Generate playground... >&2
 	cp -r ./playground/* ./pkg/server/ui/dist
 
+.PHONY: codegen-helm-crds
+codegen-helm-crds: codegen-crds ## Generate helm CRDs
+	@echo Generate helm crds... >&2
+	@cat $(CRDS_PATH)/* \
+		| $(SED) -e '1i{{- if .Values.crds.install }}' \
+		| $(SED) -e '$$a{{- end }}' \
+		| $(SED) -e '/^  annotations:/a \ \ \ \ {{- end }}' \
+ 		| $(SED) -e '/^  annotations:/a \ \ \ \ {{- toYaml . | nindent 4 }}' \
+		| $(SED) -e '/^  annotations:/a \ \ \ \ {{- with .Values.crds.annotations }}' \
+ 		| $(SED) -e '/^  annotations:/i \ \ labels:' \
+		| $(SED) -e '/^  labels:/a \ \ \ \ {{- end }}' \
+ 		| $(SED) -e '/^  labels:/a \ \ \ \ {{- toYaml . | nindent 4 }}' \
+		| $(SED) -e '/^  labels:/a \ \ \ \ {{- with .Values.crds.labels }}' \
+		| $(SED) -e '/^  labels:/a \ \ \ \ {{- include "kyverno-json.labels" . | nindent 4 }}' \
+ 		> ./charts/kyverno-json/templates/crds.yaml
+
+.PHONY: codegen-helm-docs
+codegen-helm-docs: ## Generate helm docs
+	@echo Generate helm docs... >&2
+	@docker run -v ${PWD}/charts:/work -w /work jnorwood/helm-docs:v1.11.0 -s file
+
 .PHONY: codegen
-codegen: codegen-crds codegen-deepcopy codegen-register codegen-client codegen-docs codegen-mkdocs codegen-schema-all codegen-playground ## Rebuild all generated code and docs
+codegen: codegen-crds codegen-deepcopy codegen-register codegen-client codegen-docs codegen-mkdocs codegen-schema-all codegen-playground codegen-helm-crds codegen-helm-docs ## Rebuild all generated code and docs
 
 .PHONY: verify-codegen
 verify-codegen: codegen ## Verify all generated code and docs are up to date
@@ -276,10 +320,28 @@ tests: $(CLI_BIN) ## Run tests
 # KIND #
 ########
 
-.PHONY: kind-cluster
-kind-cluster: $(KIND) ## Create kind cluster
+.PHONY: kind-create
+kind-create: $(KIND) ## Create kind cluster
 	@echo Create kind cluster... >&2
-	@$(KIND) create cluster --image $(KIND_IMAGE)
+	@$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE)
+
+.PHONY: kind-delete
+kind-delete: $(KIND) ## Delete kind cluster
+	@echo Delete kind cluster... >&2
+	@$(KIND) delete cluster --name $(KIND_NAME)
+
+.PHONY: kind-load
+kind-load: $(KIND) ko-build ## Build image and load in kind cluster
+	@echo Load image... >&2
+	@$(KIND) load docker-image --name $(KIND_NAME) $(KO_REGISTRY)/$(PACKAGE):$(GIT_SHA)
+
+.PHONY: kind-install
+kind-install: $(HELM) kind-load ## Build image, load it in kind cluster and deploy helm chart
+	@echo Install chart... >&2
+	@$(HELM) upgrade --install kyverno-json --namespace kyverno-json --create-namespace --wait ./charts/kyverno-json \
+		--set image.registry=$(KO_REGISTRY) \
+		--set image.repository=$(PACKAGE) \
+		--set image.tag=$(GIT_SHA)
 
 ###########
 # INSTALL #

catalog/aws/policy-1.yaml

@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
   labels:
@@ -10,9 +10,8 @@ metadata:
 spec:
   rules:
     - name: foo-bar
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                /(bar)/: 10
+      assert:
+        all:
+        - check:
+            foo:
+              /(bar)/: 10

catalog/ecs/policy-1.yaml

@@ -1,13 +1,12 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
   rules:
     - name: foo-bar
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                /(bar)/: 10
+      assert:
+        all:
+        - check:
+            foo:
+              /(bar)/: 10