Merge pull request #25 from viccuad/main

feat: Update `artifacthub-pkg.yml` automatically from now on
kubewarden · Mar 15, 2023 · 8bc46a0 · 8bc46a0
2 parents e5d7329 + a9fa985
commit 8bc46a0
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 72 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,18 +11,18 @@ jobs:
 
   test:
     name: run tests and linters
-    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v2
 
   release:
     needs: test
     permissions:
-      # Required to push to GHCR
+      # Required to create GH releases
       contents: write
+      # Required to push to GHCR
       packages: write
       # Required by cosign keyless signing
       id-token: write
 
-    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v2
     with:
-      input-wasm: psp_allowed_fsgroups
       oci-target: ghcr.io/${{ github.repository_owner }}/policies/allowed-fsgroups-psp
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,4 +3,4 @@ name: Continuous integration
 jobs:
   test:
     name: run tests and linters
-    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v2
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "psp-allowed-fsgroups"
-version = "0.1.7"
+version = "0.1.8"
 authors = ["Rafael Fernández López <[email protected]>"]
 edition = "2018"
 

diff --git a/Makefile b/Makefile
@@ -1,11 +1,17 @@
 SOURCE_FILES := $(shell test -e src/ && find src -type f)
+VERSION := $(shell sed --posix -n 's,^version = \"\(.*\)\",\1,p' Cargo.toml)
 
 policy.wasm: $(SOURCE_FILES) Cargo.*
 	cargo build --target=wasm32-wasi --release
 	cp target/wasm32-wasi/release/*.wasm policy.wasm
 
-annotated-policy.wasm: policy.wasm metadata.yml
-	kwctl annotate -m metadata.yml -o annotated-policy.wasm policy.wasm
+artifacthub-pkg.yml: metadata.yml Cargo.toml
+	kwctl scaffold artifacthub --metadata-path metadata.yml --version $(VERSION) \
+		--questions-path questions-ui.yml > artifacthub-pkg.yml.tmp || 	rm -f artifacthub-pkg.yml.tmp
+	mv artifacthub-pkg.yml.tmp artifacthub-pkg.yml
+
+annotated-policy.wasm: policy.wasm metadata.yml artifacthub-pkg.yml
+	kwctl annotate -m metadata.yml -u README.md -o annotated-policy.wasm policy.wasm
 
 .PHONY: fmt
 fmt:
@@ -16,8 +22,8 @@ lint:
 	cargo clippy -- -D warnings
 
 .PHONY: e2e-tests
-e2e-tests:
-	echo TODO
+e2e-tests: annotated-policy.wasm
+	echo "TODO"
 
 .PHONY: test
 test: fmt lint
@@ -26,4 +32,4 @@ test: fmt lint
 .PHONY: clean
 clean:
 	cargo clean
-	rm -f policy.wasm annotated-policy.wasm
+	rm -f policy.wasm annotated-policy.wasm artifacthub-pkg.yml
diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml
@@ -1,37 +1,38 @@
-# Artifact Hub package metadata file
-version: 0.1.7
+# Kubewarden Artifacthub Package config
+#
+# Use this config to submit the policy to https://artifacthub.io.
+#
+# This config can be saved to its default location with:
+#   kwctl scaffold artifacthub > artifacthub-pkg.yml 
+version: 0.1.8
 name: allowed-fsgroups-psp
 displayName: Allowed Fs Groups PSP
-createdAt: '2023-02-13T15:58:02+00:00'
-description: Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context
+createdAt: 2023-03-15T10:48:29.531505214Z
+description: Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroups in the pod security context
 license: Apache-2.0
 homeURL: https://github.com/kubewarden/allowed-fsgroups-psp-policy
 containersImages:
-  - name: policy
-    image: ghcr.io/kubewarden/policies/allowed-fsgroups-psp:v0.1.7
+- name: policy
+  image: ghcr.io/kubewarden/policies/allowed-fsgroups-psp:v0.1.8
 keywords:
 - psp
 - container
 - runtime
 links:
 - name: policy
-  url: https://github.com/kubewarden/allowed-fsgroups-psp-policy/releases/download/v0.1.7/policy.wasm
+  url: https://github.com/kubewarden/allowed-fsgroups-psp-policy/releases/download/v0.1.8/policy.wasm
 - name: source
   url: https://github.com/kubewarden/allowed-fsgroups-psp-policy
+maintainers:
+- name: Rafael Fernández López
+  email: [email protected]
 provider:
   name: kubewarden
 recommendations:
 - url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
 annotations:
-  kubewarden/resources: Pod
-  kubewarden/mutation: true
-  kubewarden/contextAware: false
-  kubewarden/rules: |
-    rules:
-    - apiGroups: [""]
-      apiVersions: ["v1"]
-      resources: ["pods"]
-      operations: ["CREATE", "UPDATE"]
+  kubewarden/contextAware: 'false'
+  kubewarden/mutation: 'true'
   kubewarden/questions-ui: |
     questions:
     - default: RunAsAny
@@ -70,3 +71,15 @@ annotations:
           label: max
           type: int
           variable: max
+  kubewarden/resources: Pod
+  kubewarden/rules: |
+    - apiGroups:
+      - ''
+      apiVersions:
+      - v1
+      resources:
+      - pods
+      operations:
+      - CREATE
+      - UPDATE
+
diff --git a/metadata.yml b/metadata.yml
@@ -7,52 +7,13 @@ mutating: true
 contextAware: false
 executionMode: kubewarden-wapc
 annotations:
-  io.kubewarden.policy.title: psp-allowed-fsgroups
+  io.kubewarden.policy.title: allowed-fsgroups-psp
+  io.artifacthub.displayName: Allowed Fs Groups PSP
+  io.artifacthub.resources: Pod
+  io.artifacthub.keywords: psp, container, runtime
   io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroups in the pod security context
   io.kubewarden.policy.author: Rafael Fernández López <[email protected]>
+  io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/allowed-fsgroups-psp
   io.kubewarden.policy.url: https://github.com/kubewarden/allowed-fsgroups-psp-policy
   io.kubewarden.policy.source: https://github.com/kubewarden/allowed-fsgroups-psp-policy
   io.kubewarden.policy.license: Apache-2.0
-  io.kubewarden.policy.usage: |
-    Replacement for the Kubernetes Pod Security Policy that controls the
-    usage of `fsGroup` in the pod security context.
-    
-    ## Settings
-    
-    This policy works by defining what `fsGroup` is allowed in the pod security context.
-    
-    One of the following setting keys are accepted for this policy:
-    
-    * `MustRunAs`: contains a list of ranges that define valid ranges for the `fsGroup` value. At least
-      one range must contain the provided `.securityContext.fsGroup`. If the pod does not contain a
-      `.securityContext`, or a `.securityContext.fsGroup`, then this policy acts as mutating and
-      defaults the `fsGroup` attribute to the first `min` value of the list of provided ranges.
-    * `MayRunAs`: contains a list of ranges that define valid ranges for the `fsGroup` value. At least
-      one range must contain the provided `.securityContext.fsGroup`. If the pod does not contain a
-      `.securityContext` or a `.securityContext.fsGroup`, then this policy will accept the request.
-    * `RunAsAny`: always accepts the request.
-
-    Configuration examples:
-
-    ```yaml
-    rule: RunAsAny
-    ```
-
-    ```yaml
-    rule: MayRunAs
-    ranges:
-      - min: 1000
-        max: 2000
-      - min: 3000
-        max: 4000
-    ```
-
-    ```yaml
-    rule: MustRunAs
-    ranges:
-      - min: 1000 # If no fsGroup is set for the pod, the
-                  # policy will default it to this value
-        max: 2000
-      - min: 3000
-        max: 4000
-    ```