diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 525cf82..be7ed1d 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -81,10 +81,3 @@ body: label: Operating system type and version validations: required: true - - - type: input - id: xr-version - attributes: - label: JFrog Xray version - validations: - required: false diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index e5abfbf..d34a24c 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,5 +1,5 @@ - [ ] All [tests](https://github.com/jfrog/jfrog-registry-operator#tests) passed. If this feature is not already covered by the tests, I added new tests. -- [ ] This pull request is on the dev branch. +- [ ] This pull request is on the main branch. - [ ] I used gofmt for formatting the code before submitting the pull request. --- diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml index 734f74f..e05c531 100644 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -12,112 +12,13 @@ jobs: # "jfrog-registry-operator" GitHub environment can approve the pull request to be scanned. environment: jfrog-registry-operator steps: - - uses: jfrog/jfrog-registry-operator@v2 + - uses: jfrog/jfrog-registry-operator env: JFROG_CLI_LOG_LEVEL: "DEBUG" - # [Mandatory] - # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) - JF_URL: ${{ secrets.OPERATOR_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }} # [Mandatory] # The GitHub token is automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Optional] - # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools - # needed from https://releases.jfrog.io - # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the - # executable to be downloaded from an Artifactory instance, which the machine has access to: - # - # 1. Login to the Artifactory UI, with a user who has admin credentials. - # 2. Create a Remote Repository with the following properties set. - # Under the 'Basic' tab: - # Package Type: Generic - # URL: https://releases.jfrog.io - # Under the 'Advanced' tab: - # Uncheck the 'Store Artifacts Locally' option - # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. - # JF_RELEASES_REPO: "" - - # [Optional] - # Configure the SMTP server to enable jfrog-registry-operator to send emails with detected secrets in pull request scans. - # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080) - JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }} - - # [Mandatory if JF_SMTP_SERVER is set] - # The username required for authenticating with the SMTP server. - JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }} - - # [Mandatory if JF_SMTP_SERVER is set] - # The password associated with the username required for authentication with the SMTP server. - JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }} - - # [Optional] - # List of comma separated email addresses to receive email notifications about secrets - # detected during pull request scanning. The notification is also sent to the email set - # in the committer git profile regardless of whether this variable is set or not. - JF_EMAIL_RECEIVERS: "eco-system@jfrog.com" - - ########################################################################## - ## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ## - ## the following variables inside the file, instead of here. ## - ########################################################################## - - # [Mandatory if the two conditions below are met] - # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies - # 2. The `installCommand` variable isn't set in your jfrog-registry-operator-config.yml file. - # - # The command that installs the project dependencies (e.g "nuget restore") - # JF_INSTALL_DEPS_CMD: "" - - # [Optional, default: "."] - # Relative path to the root of the project in the Git repository - # JF_WORKING_DIR: path/to/project/dir - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: - - # [Optional, default: "FALSE"] - # Displays all existing vulnerabilities, including the ones that were added by the pull request. - # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" - - # [Optional, default: "FALSE"] - # When adding new comments on pull requests, keep old comments that were added by previous scans. - # JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE" - - # [Optional, default: "TRUE"] - # Fails the jfrog-registry-operator task if any security issue is found. - # JF_FAIL: "FALSE" - - # [Optional] - # Jfrog-registry-operator will download the project dependencies if they're not cached locally. To download the - # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no - # need to set this value, if it is set in the jfrog-registry-operator-config.yml file. - # JF_DEPS_REPO: "" - - # [Optional, Default: "FALSE"] - # If TRUE, Jfrog-registry-operator creates a single pull request with all the fixes. - # If false, Jfrog-registry-operator creates a separate pull request for each fix. - # JF_GIT_AGGREGATE_FIXES: "FALSE" - - # [Optional, Default: "FALSE"] - # Handle vulnerabilities with fix versions only - # JF_FIXABLE_ONLY: "TRUE" - - # [Optional] - # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests - # The following values are accepted: Low, Medium, High or Critical - # JF_MIN_SEVERITY: "" \ No newline at end of file diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index d99316c..049ad9a 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -15,18 +15,11 @@ jobs: strategy: matrix: # The repository scanning will be triggered periodically on the following branches. - branch: [ "dev" ] + branch: [ "main" ] steps: - - uses: jfrog/jfrog-registry-operator@v2 + - uses: jfrog/jfrog-registry-operator env: JFROG_CLI_LOG_LEVEL: "DEBUG" - # [Mandatory] - # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) - JF_URL: ${{ secrets.OPERATOR_URL }} - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }} # [Mandatory] # The GitHub token is automatically generated for the job @@ -35,84 +28,3 @@ jobs: # [Mandatory] # The name of the branch on which jfrog-registry-operator will perform the scan JF_GIT_BASE_BRANCH: ${{ matrix.branch }} - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Optional] - # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools - # needed from https://releases.jfrog.io - # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the - # executable to be downloaded from an Artifactory instance, which the machine has access to: - # - # 1. Login to the Artifactory UI, with a user who has admin credentials. - # 2. Create a Remote Repository with the following properties set. - # Under the 'Basic' tab: - # Package Type: Generic - # URL: https://releases.jfrog.io - # Under the 'Advanced' tab: - # Uncheck the 'Store Artifacts Locally' option - # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. - # JF_RELEASES_REPO: "" - - ########################################################################## - ## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ## - ## the following variables inside the file, instead of here. ## - ########################################################################## - - # [Optional, default: "."] - # Relative path to the root of the project in the Git repository - # JF_WORKING_DIR: path/to/project/dir - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: - - # [Optional, default: "TRUE"] - # Fails the jfrog-registry-operator task if any security issue is found. - # JF_FAIL: "FALSE" - - # [Optional] - # jfrog-registry-operator will download the project dependencies, if they're not cached locally. To download the - # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no - # need to set this value, if it is set in the jfrog-registry-operator-config.yml file. - # JF_DEPS_REPO: "" - - # [Optional] - # Template for the branch name generated by jfrog-registry-operator when creating pull requests with fixes. - # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique. - # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. - # JF_BRANCH_NAME_TEMPLATE: "jfrog-registry-operator-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}" - - # [Optional] - # Template for the commit message generated by jfrog-registry-operator when creating pull requests with fixes - # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. - # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}" - - # [Optional] - # Template for the pull request title generated by jfrog-registry-operator when creating pull requests with fixes. - # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. - # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Jfrog Registry Operator] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}" - - # [Optional, Default: "FALSE"] - # If TRUE, jfrog-registry-operator creates a single pull request with all the fixes. - # If FALSE, jfrog-registry-operator creates a separate pull request for each fix. - # JF_GIT_AGGREGATE_FIXES: "FALSE" - - # [Optional, Default: "FALSE"] - # Handle vulnerabilities with fix versions only - # JF_FIXABLE_ONLY: "TRUE" - - # [Optional] - # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests - # The following values are accepted: Low, Medium, High or Critical - # JF_MIN_SEVERITY: "" - - # [Optional, Default: eco-system+jfrog-registry-operator@jfrog.com] - # Set the email of the commit author - # JF_GIT_EMAIL_AUTHOR: "" \ No newline at end of file diff --git a/.github/workflows/validate-pr-target-branch.yml b/.github/workflows/validate-pr-target-branch.yml index 1ee921b..7c02646 100644 --- a/.github/workflows/validate-pr-target-branch.yml +++ b/.github/workflows/validate-pr-target-branch.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check Target Branch run: | - if [ "${{ github.base_ref }}" != "dev" ]; then - echo "Pull requests must target the 'dev' branch." + if [ "${{ github.base_ref }}" != "main" ]; then + echo "Pull requests must target the 'main' branch." exit 1 fi diff --git a/README.md b/README.md index 6c3c76a..6c8fdcf 100755 --- a/README.md +++ b/README.md @@ -1,7 +1,20 @@ +
+ # JFrog Registry Operator -## Two ways to install an operator using manual deployment and a Helm chart on Kubernetes +[![JFrog Registry Operator](config/images/frogbot-intro.png)](#readme) + +[![Scanned by JFrog Registry Operator](config/images/frogbot-badge.png)](https://github.com/jfrog/jfrog-registry-operator#readme) +[![Go Report Card](https://goreportcard.com/badge/github.com/jfrog/jfrog-registry-operator)](https://goreportcard.com/report/github.com/jfrog/jfrog-registry-operator) + +[![Build status](https://github.com/jfrog/jfrog-registry-operator/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-registry-operator/actions/workflows/test.yml?branch=main) +[![GitHub issues](https://img.shields.io/github/issues/jfrog/jfrog-registry-operator)](https://github.com/jfrog/jfrog-registry-operator/issues) +![GitHub Workflow](https://github.com/jfrog/jfrog-registry-operator/actions/workflows/frogbot-scan-repository.yml/badge.svg?branch=main) + + +
+ ### Install operator using helm chart @@ -68,34 +81,6 @@ kubectl delete -f [secretrotator.yaml](https://github.com/jfrog/jfrog-registry-o kubectl delete crd secretrotators.apps.jfrog.com ``` -### Install JFrog secret rotator operator manually - -```sh -# deploy the crd: -kubectl apply -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/crd/bases/apps.jfrog.com_secretrotators.yaml - -# install operator -kubectl apply -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/deploy/operator.yaml - -# create secretrotator object -Ref: https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml -kubectl apply -f [secretrotator.yaml](https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml) -n ${NAMESPACE} -``` - -#### Uninstall operator - -```sh -# delete secretrotator object -Ref: https://github.com/jfrog/jfrog-registry-operator/blob/main/charts/jfrog-registry-operator/examples/secretrotator.yaml -kubectl delete -f secretrotator.yaml -n ${NAMESPACE} - -# delete the operator: -kubectl delete -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/deploy/operator.yaml - -### delete CRD -kubectl delete -f https://raw.githubusercontent.com/jfrog/jfrog-registry-operator/main/config/crd/bases/apps.jfrog.com_secretrotators.yaml -``` - ### Check Resources in your cluster ```shell diff --git a/charts/jfrog-registry-operator/full-values.yaml b/charts/jfrog-registry-operator/full-values.yaml index a897f82..f7f20c4 100755 --- a/charts/jfrog-registry-operator/full-values.yaml +++ b/charts/jfrog-registry-operator/full-values.yaml @@ -357,7 +357,7 @@ persistence: ## mountPath: /var/opt/jfrog/jfrog-registry-operator ## @param persistence.subPath The subdirectory of the volume to mount to - ## Useful in dev environments and one PV for multiple services + ## Useful in main environments and one PV for multiple services ## subPath: "" ## @param persistence.size PVC Storage Request for metadata data volume diff --git a/charts/jfrog-registry-operator/values.yaml b/charts/jfrog-registry-operator/values.yaml index efbf2f3..bfe5abc 100755 --- a/charts/jfrog-registry-operator/values.yaml +++ b/charts/jfrog-registry-operator/values.yaml @@ -189,7 +189,7 @@ persistence: ## mountPath: /var/opt/jfrog/jfrog-registry-operator ## @param persistence.subPath The subdirectory of the volume to mount to - ## Useful in dev environments and one PV for multiple services + ## Useful in main environments and one PV for multiple services ## subPath: "" ## @param persistence.size PVC Storage Request for metadata data volume diff --git a/config/images/frogbot-badge.png b/config/images/frogbot-badge.png new file mode 100644 index 0000000..3d9c2d7 Binary files /dev/null and b/config/images/frogbot-badge.png differ diff --git a/config/images/frogbot-intro.png b/config/images/frogbot-intro.png new file mode 100644 index 0000000..6afcbbb Binary files /dev/null and b/config/images/frogbot-intro.png differ diff --git a/controllers/secretrotator_controller.go b/controllers/secretrotator_controller.go index dd72227..13fb3b2 100755 --- a/controllers/secretrotator_controller.go +++ b/controllers/secretrotator_controller.go @@ -20,6 +20,7 @@ import ( jfrogv1alpha1 "artifactory-secrets-rotator/api/v1alpha1" "artifactory-secrets-rotator/internal/operations" "errors" + corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/log"