Merge remote-tracking branch 'upstream/master' into sopsV3.7.1

.github/workflows/ci.yaml

@@ -7,6 +7,7 @@ on:
   pull_request:
     branches:
       - master
+      - '*/v[0-9]+.[0-9]+'
   schedule:
     - cron:  '0 17 * * *'
 
@@ -49,9 +50,8 @@ jobs:
       GOPATH: /home/runner/work/kpt-functions-catalog/functions/go
       GO111MODULE: on
     steps:
-    - uses: actions/checkout@v2
     - name: Set up Go 1.15
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v2
       with:
         go-version: 1.15
       id: go
@@ -67,8 +67,32 @@ jobs:
         cd functions/go
         make check-licenses
 
+  verify-ci:
+    runs-on: ubuntu-latest
+    env:
+      GOPATH: /home/runner/work/kpt-functions-catalog/functions/go
+      GO111MODULE: on
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up python 3
+      uses: actions/setup-python@v2
+    - name: Install libs
+      run: |
+        pip install pyyaml
+    - name: Set up Go 1.15
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.15
+    - name: Install mdrip
+      run: |
+        go get github.com/russross/blackfriday/[email protected]
+        go get github.com/monopole/[email protected]
+    - name: Verify docs
+      run: |
+        make verify-docs
+
   e2e-ci:
-    needs: [ts-unit-test-ci, go-unit-test-ci]
+    needs: [ts-unit-test-ci, go-unit-test-ci, verify-ci]
     strategy:
       matrix:
         platform: [ubuntu-latest]

.gitignore

@@ -6,6 +6,7 @@ node_modules
 .DS_Store
 .nyc_output
 bin/
+__pycache__
 
 # We use sed -i.bak when doing in-line replace, because it works better cross-platform
 *.bak

Makefile

@@ -40,6 +40,10 @@ check-licenses:
 	cd functions/go && $(MAKE) check-licenses
 	cd functions/contrib/ts && $(MAKE) check-licenses
 
+verify-docs:
+	GO111MODULE=on go get github.com/monopole/mdrip
+	scripts/verify-docs.py
+
 build: ## Build all function images. Variable 'TAG' is used to specify tag. 'dev' will be used if not set.
 	cd functions/go && $(MAKE) TAG=$(TAG) build
 	cd functions/ts && $(MAKE) TAG=$(TAG) build
@@ -49,3 +53,8 @@ push: ## Push images to registry. WARN: This operation should only be done in CI
 	cd functions/go && $(MAKE) push
 	cd functions/ts && $(MAKE) push
 	cd functions/contrib/ts && $(MAKE) push
+
+site-generate: ## Collect function branches and generate a catalog of their examples and documentation using kpt next.
+	rm -rf ./examples/*/
+	# GO111MODULE=on go get -v github.com/GoogleContainerTools/kpt@next
+	(cd scripts/generate_catalog/ && go run . ../.. ../../examples)

examples/apply-setters/simple/README.md

@@ -63,6 +63,7 @@ environments: # kpt-set: ${env}
 
 Get the config example and try it out by running the following commands:
 
+<!-- @getAndRunPkg @test -->
 ```sh
 kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/apply-setters/simple .
 kpt fn run simple

examples/contrib/istioctl-analyze/README.md → examples/contrib/analyze-istio/README.md

@@ -1,17 +1,17 @@
-# Istioctl Analyze
+# analyze-istio
 
-The `istioctl-analyze` KRM config function detects potential issues with your
+The `analyze-istio` KRM config function detects potential issues with your
 Istio configuration and outputs structured results detailing any errors found
-during analysis. This example invokes the istioctl-analyze function using
+during analysis. This example invokes the `analyze-istio` function using
 declarative configuration.
 
 ## Function Invocation
 
 Get this example and try it out by running the following commands:
 
 ```sh
-kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/istioctl-analyze .
-kpt fn run istioctl-analyze
+kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/contrib/analyze-istio .
+kpt fn run analyze-istio
 ```
 
 ## Expected Results

examples/contrib/istioctl-analyze/fn-config.yaml → examples/contrib/analyze-istio/fn-config.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.k8s.io/function: |
       container:
-        image: gcr.io/kpt-fn-contrib/istioctl-analyze:unstable
+        image: gcr.io/kpt-fn-contrib/analyze-istio:unstable
     config.kubernetes.io/local-config: 'true'
 data:
   '--use-kube': 'false'

examples/contrib/helm-inflator/README.md → examples/contrib/inflate-helm-chart/README.md

@@ -1,24 +1,24 @@
-# Helm Template
+# inflate-helm-chart
 
-The `helm-inflator` KRM config function generates a new kpt package from a
-local Helm chart. This example invokes the helm inflator function using
+The `inflate-helm-chart` KRM config function generates a new kpt package from a
+local Helm chart. This example invokes the `inflate-helm-chart` function using
 declarative configuration.
 
 ## Function invocation
 
 Get this example and try it out by running the following commands:
 
 ```sh
-kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/helm-inflator .
-kpt fn run --as-current-user helm-inflator/local-configs --mount type=bind,src=$(pwd)/helm-inflator/helloworld-chart,dst=/source
+kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/contrib/inflate-helm-chart .
+kpt fn run --as-current-user inflate-helm-chart/local-configs --mount type=bind,src=$(pwd)/inflate-helm-chart/helloworld-chart,dst=/source
 ```
 
 ## Expected result
 
-Checking the contents of the `local-configs` directory with `kpt cfg tree helm-inflator/local-configs/` should reveal the following new yaml files:
+Checking the contents of the `local-configs` directory with `kpt cfg tree inflate-helm-chart/local-configs/` should reveal the following new yaml files:
 
 ```sh
-helm-inflator/local-configs
+inflate-helm-chart/local-configs
 ├── [deployment_chart-helloworld-chart.yaml]  Deployment chart-helloworld-chart
 ├── [fn-config.yaml]  ConfigMap my-func-config
 ├── [pod_chart-helloworld-chart-test-connection.yaml]  Pod chart-helloworld-chart-test-connection
@@ -29,7 +29,7 @@ helm-inflator/local-configs
 To view changes without writing them into a file, a dry run can be performed as follows:
 
 ```sh
-kpt fn run --as-current-user helm-inflator/local-configs --mount type=bind,src=$(pwd)/helm-inflator/helloworld-chart,dst=/source --dry-run
+kpt fn run --as-current-user inflate-helm-chart/local-configs --mount type=bind,src=$(pwd)/inflate-helm-chart/helloworld-chart,dst=/source --dry-run
 ```
 
 The expected output should match the following:
@@ -88,7 +88,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: gcr.io/kpt-fn-contrib/helm-inflator
+        image: gcr.io/kpt-fn-contrib/inflate-helm-chart
     config.kubernetes.io/path: fn-config.yaml
 data:
   name: chart

examples/contrib/helm-inflator/local-configs/fn-config.yaml → examples/contrib/inflate-helm-chart/local-configs/fn-config.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: gcr.io/kpt-fn-contrib/helm-inflator:unstable
+        image: gcr.io/kpt-fn-contrib/inflate-helm-chart:unstable
 data:
   name: chart
   local-chart-path: /source

examples/contrib/sops/age/README.md

@@ -8,13 +8,13 @@ This file is needed for decryption. For encryption it's possible to use
 E.g. for decryption it's possible to run:
 
 ```sh
-kpt fn run --env SOPS_IMPORT_AGE="$(cat <file with age keys>.txt)" <folder>
+SOPS_IMPORT_AGE="$(cat <file with age keys>.txt)" kpt fn run <folder>
 ```
 
 or if AGE keys are already stored in the host system so SOPS binary works locally, it's possible to run:
 
 ```sh
-kpt fn run --env SOPS_IMPORT_AGE="$(cat ~/.config/sops/age/keys.txt)" <folder>
+SOPS_IMPORT_AGE="$(cat ~/.config/sops/age/keys.txt)" kpt fn run <folder>
 ```
 
 ## Function invocation
@@ -29,7 +29,7 @@ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/ex
 curl -fsSL -o age_keys.txt https://raw.githubusercontent.com/mozilla/sops/master/age/keys.txt
 
 # run the function to work with AGE
-kpt fn run --env SOPS_IMPORT_AGE="$(cat age_keys.txt)" age
+SOPS_IMPORT_AGE="$(cat age_keys.txt)" kpt fn run age
 ```
 
 ## Expected result

examples/contrib/sops/gpg/README.md

@@ -5,13 +5,13 @@ that must contain the private key(s) needed to decrypt yamls and public key(s) t
 encrypt yamls. If you have a file with keys it's possible to run:
 
 ```sh
-kpt fn run --env SOPS_IMPORT_PGP="$(cat <file with exported key>.asc)" <folder>
+SOPS_IMPORT_PGP="$(cat <file with exported key>.asc)" kpt fn run <folder>
 ```
 
 or if your keys are already in stored in `gpg`-storage, it's possible to run:
 
 ```sh
-kpt fn run --env SOPS_IMPORT_PGP="$(gpg --armor --export-secret-keys)" <folder>
+SOPS_IMPORT_PGP="$(gpg --armor --export-secret-keys)" kpt fn run <folder>
 ```
 
 ## Function invocation
@@ -26,7 +26,7 @@ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/ex
 curl -fsSL -o gpg_keys.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
 
 # run the function to work with GPG
-kpt fn run --env SOPS_IMPORT_PGP="$(cat gpg_keys.asc)" gpg
+SOPS_IMPORT_PGP="$(cat gpg_keys.asc)" kpt fn run gpg
 ```
 
 ## Expected result

examples/validators/gatekeeper-validate/invalid-configmap/README.md → examples/enforce-gatekeeper/invalid-configmap/README.md

@@ -1,4 +1,4 @@
-# gatekeeper-validate: invalid configmap
+# enforce-gatekeeper: invalid configmap
 
 ## Overview
 
@@ -12,8 +12,9 @@ The constraint disallows using `private_key` as a key in the ConfigMap.
 
 Get the package:
 
+<!-- @getPkg @test -->
 ```shell
-$ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/gatekeeper-validate/invalid-configmap .
+$ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/enforce-gatekeeper/invalid-configmap .
 ```
 
 Create a directory for storing the structured output.
@@ -71,4 +72,4 @@ Rerun the command. It will succeed (no output).
 ## Function Reference Doc
 
 TODO: replace the following with the link to the reference doc when our site is live.
-https://github.com/GoogleContainerTools/kpt-functions-catalog/blob/master/functions/go/gatekeeper-validate/README.md
+https://github.com/GoogleContainerTools/kpt-functions-catalog/blob/master/functions/go/enforce-gatekeeper/README.md

tests/gatekeeper-validate/dryrun/fn-config.yaml → examples/enforce-gatekeeper/invalid-configmap/fn-config.yaml

@@ -5,5 +5,5 @@ metadata:
   annotations:
     config.k8s.io/function: |
       container:
-        image: gcr.io/kpt-fn/gatekeeper-validate:unstable
+        image: gcr.io/kpt-fn/enforce-gatekeeper:unstable
     config.kubernetes.io/local-config: 'true'

examples/validators/gatekeeper-validate/warning-only/README.md → examples/enforce-gatekeeper/warning-only/README.md

@@ -1,4 +1,4 @@
-# gatekeeper-validate: warning only
+# enforce-gatekeeper: warning only
 
 ## Overview
 
@@ -12,8 +12,9 @@ In the constraint, we use `enforcementAction: warn` instead of
 
 Get the package:
 
+<!-- @getPkg @test -->
 ```shell
-$ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/gatekeeper-validate/warnning-only .
+$ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/enforce-gatekeeper/warning-only .
 ```
 
 Create a directory for storing the structured output.
@@ -65,4 +66,4 @@ Rerun the command. It will no longer have the warning.
 ## Function Reference Doc
 
 TODO: replace the following with the link to the reference doc when our site is live.
-https://github.com/GoogleContainerTools/kpt-functions-catalog/blob/master/functions/go/gatekeeper-validate/README.md
+https://github.com/GoogleContainerTools/kpt-functions-catalog/blob/master/functions/go/enforce-gatekeeper/README.md

tests/gatekeeper-validate/valid/fn-config.yaml → examples/enforce-gatekeeper/warning-only/fn-config.yaml

@@ -5,5 +5,5 @@ metadata:
   annotations:
     config.k8s.io/function: |
       container:
-        image: gcr.io/kpt-fn/gatekeeper-validate:unstable
+        image: gcr.io/kpt-fn/enforce-gatekeeper:unstable
     config.kubernetes.io/local-config: 'true'

examples/ensure-name-segment/advanced/README.md → examples/ensure-name-substring/advanced/README.md

@@ -31,6 +31,7 @@ The function will not only update field `.metadata.name` but also field
 
 Get the config example and try it out by running the following commands:
 
+<!-- @getAndRunPkg @test -->
 ```sh
 kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/ensure-name-substring/advanced .
 kpt fn run advanced

examples/ensure-name-segment/prefix/README.md → examples/ensure-name-substring/prefix/README.md

@@ -23,6 +23,7 @@ data:
 
 Get the config example and try it out by running the following commands:
 
+<!-- @getAndRunPkg @test -->
 ```sh
 kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/ensure-name-substring/prefix .
 kpt fn run prefix

examples/ensure-name-segment/suffix/README.md → examples/ensure-name-substring/suffix/README.md

@@ -23,6 +23,7 @@ data:
 
 Get the config example and try it out by running the following commands:
 
+<!-- @getAndRunPkg @test -->
 ```sh
 kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/ensure-name-substring/suffix .
 kpt fn run suffix