Merge pull request #14 from viccuad/artifacthub-v2

feat: Update `artifacthub-pkg.yml` automatically from now
kubewarden · Mar 24, 2023 · ce6bbea · ce6bbea
2 parents c5d2232 + 3414904
commit ce6bbea
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 71 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
 
   test:
     name: run tests and linters
-    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.1.0
 
   release:
     needs: test
@@ -23,6 +23,6 @@ jobs:
       # Required by cosign keyless signing
       id-token: write
 
-    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v3.1.0
     with:
       oci-target: ghcr.io/${{ github.repository_owner }}/policies/hostpaths-psp
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,4 +3,4 @@ name: Continuous integration
 jobs:
   test:
     name: run tests and linters
-    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v1
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v3.1.0
diff --git a/Makefile b/Makefile
@@ -1,11 +1,28 @@
 SOURCE_FILES := $(shell find . -type f -name '*.go')
+# It's necessary to call cut because kwctl command does not handle version
+# starting with v.
+VERSION ?= $(shell git describe | cut -c2-)
 
 policy.wasm: $(SOURCE_FILES) go.mod go.sum
-	docker run --rm -v ${PWD}:/src -w /src tinygo/tinygo:0.18.0 tinygo build \
-		-o policy.wasm -target=wasi -no-debug .
+	docker run \
+		--rm \
+		-e GOFLAGS="-buildvcs=false" \
+		-v ${PWD}:/src \
+		-w /src tinygo/tinygo:0.23.0 \
+		tinygo build -o policy.wasm -target=wasi -no-debug .
 
-annotated-policy.wasm: policy.wasm metadata.yml
-	kwctl annotate -m metadata.yml -o annotated-policy.wasm policy.wasm
+
+artifacthub-pkg.yml: metadata.yml go.mod
+	$(warning If you are updating the artifacthub-pkg.yml file for a release, \
+		remember to set the VERSION variable with the proper value. \
+		To use the latest tag, use the following command:  \
+		make VERSION=$$(git describe --tags --abbrev=0 | cut -c2-) annotated-policy.wasm)
+	kwctl scaffold artifacthub \
+	    --metadata-path metadata.yml --version $(VERSION) \
+		--questions-path questions-ui.yml --output artifacthub-pkg.yml
+
+annotated-policy.wasm: policy.wasm metadata.yml artifacthub-pkg.yml
+	kwctl annotate -m metadata.yml -u README.md -o annotated-policy.wasm policy.wasm
 
 .PHONY: test
 test:

diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml
@@ -1,43 +1,42 @@
----
-version: 0.1.7
+# Kubewarden Artifacthub Package config
+#
+# Use this config to submit the policy to https://artifacthub.io.
+#
+# This config can be saved to its default location with:
+#   kwctl scaffold artifacthub > artifacthub-pkg.yml 
+version: 0.1.8
 name: hostpaths-psp
 displayName: Hostpaths PSP
-createdAt: '2023-02-17T16:26:40+00:00'
+createdAt: 2023-03-24T15:15:54.209442298Z
 description: A Pod Security Policy that controls usage of hostPath volumes
 license: Apache-2.0
 homeURL: https://github.com/kubewarden/hostpaths-psp-policy
 containersImages:
 - name: policy
-  image: ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.7
-install: |
-  The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl/):
-
-  ```console
-  kwctl pull ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.7
-  ```
+  image: ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.8
 keywords:
 - psp
 - hostpaths
 - pod
 links:
 - name: policy
-  url: https://github.com/kubewarden/hostpaths-psp-policy/releases/download/v0.1.7/policy.wasm
+  url: https://github.com/kubewarden/hostpaths-psp-policy/releases/download/v0.1.8/policy.wasm
 - name: source
   url: https://github.com/kubewarden/hostpaths-psp-policy
+install: |
+  The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
+  ```console
+  kwctl pull ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.8
+  ```
+maintainers:
+- name: Kubewarden developers
+  email: [email protected]
 provider:
   name: kubewarden
 recommendations:
 - url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
 annotations:
-  kubewarden/resources: Pod
-  kubewarden/mutation: false
-  kubewarden/contextAware: false
-  kubewarden/rules: |
-    rules:
-    - apiGroups: [""]
-      apiVersions: ["v1"]
-      resources: ["pods"]
-      operations: ["CREATE"]
+  kubewarden/mutation: 'false'
   kubewarden/questions-ui: |
     questions:
     - default: []
@@ -72,3 +71,13 @@ annotations:
           label: Read only
           type: boolean
           variable: readOnly
+  kubewarden/resources: Pod
+  kubewarden/rules: |
+    - apiGroups:
+      - ''
+      apiVersions:
+      - v1
+      resources:
+      - pods
+      operations:
+      - CREATE
diff --git a/metadata.yml b/metadata.yml
@@ -6,51 +6,15 @@ rules:
 mutating: false
 contextAware: false
 annotations:
-  io.kubewarden.policy.title: psp-hostpaths
+  # artifacthub specific:
+  io.artifacthub.displayName: Hostpaths PSP
+  io.artifacthub.resources: Pod
+  io.artifacthub.keywords: psp, hostpaths, pod
+  io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/hostpaths-psp
+  # kubewarden specific:
+  io.kubewarden.policy.title: hostpaths-psp
   io.kubewarden.policy.description: A Pod Security Policy that controls usage of hostPath volumes
-  io.kubewarden.policy.author: Kubewarden devs
+  io.kubewarden.policy.author: Kubewarden developers <[email protected]>
   io.kubewarden.policy.url: https://github.com/kubewarden/hostpaths-psp-policy
   io.kubewarden.policy.source: https://github.com/kubewarden/hostpaths-psp-policy
   io.kubewarden.policy.license: Apache-2.0
-  io.kubewarden.policy.usage: |
-    Replacement for the Kubernetes Pod Security Policy that controls the usage of
-    `hostPath` volumes. The policy inspects both the containers and the init
-    containers that are using `hostPath` volumes.
-
-    ## Settings
-
-    ```yaml
-    allowedHostPaths:
-    - pathPrefix: "/foo"
-      readOnly: true
-    - pathPrefix: "/bar"
-      readOnly: false
-    ```
-
-    `allowedHostPaths` is a list of host paths that are allowed to be used by
-    hostPath volumes.
-
-    An empty `allowedHostPaths` list means there is no restriction on host paths
-    used.
-
-    Each entry of `allowedHostPaths` must have:
-    - A `pathPrefix` field, which allows hostPath volumes to mount a path that
-      begins with an allowed prefix.
-    - a `readOnly` field indicating it must be mounted read-only.
-
-    ### Special behaviour
-
-    It's possible to have host paths sharing part of the prefix. In that case, the
-    `readOnly` attribute of the most specific path takes precedence.
-
-    For example, given the following configuration:
-
-    ```yaml
-    allowedHostPaths:
-    - pathPrefix: "/foo"
-      readOnly: false
-    - pathPrefix: "/foo/bar"
-      readOnly: true
-    ```
-
-    Paths such as `/foo/bar/dir1`, `/foo/bar` must be read only.