Merge pull request #2 from defenseunicorns/add-deps

feat: create dependencies packages

.github/actions/save-logs/action.yaml

@@ -0,0 +1,18 @@
+name: save-logs
+description: "Save debug logs"
+
+runs:
+  using: composite
+  steps:
+    - name: Fix log permissions
+      run: |
+        sudo chown $USER /tmp/zarf-*.log || echo ""
+        sudo chown $USER /tmp/uds-*.log || echo ""
+      shell: bash
+
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      with:
+        name: debug-log
+        path: |
+          /tmp/zarf-*.log
+          /tmp/uds-*.log

.github/actions/setup/action.yaml

@@ -0,0 +1,25 @@
+# action.yml
+name: "Setup Environment"
+description: "UDS Environment Setup"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Zarf
+      uses: defenseunicorns/setup-zarf@main
+      with:
+        # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
+        version: v0.32.1
+        download-init-package: true
+
+    - name: Install k3d
+      shell: bash
+      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash
+
+    - name: Set up Homebrew
+      uses: Homebrew/actions/setup-homebrew@master
+
+    - name: Install UDS CLI
+      shell: bash
+      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+      run: brew install defenseunicorns/tap/uds@0.5.3

.github/workflows/commitlint.yaml

@@ -0,0 +1,28 @@
+name: Metadata
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, edited, synchronize]
+
+jobs:
+  title_check:
+    runs-on: ubuntu-latest
+    name: Validate PR Title
+    permissions:
+      pull-requests: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+
+      - name: Install commitlint
+        run: npm install --save-dev @commitlint/{config-conventional,cli}
+
+      - name: Lint PR title
+        run: echo "${{ github.event.pull_request.title }}" | npx commitlint

.github/workflows/pull-request-conditionals.yaml

@@ -0,0 +1,24 @@
+name: Conditionals
+
+# This workflow is triggered on pull requests to the main branch.
+on:
+  pull_request:
+    paths:
+      - "**"
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  id-token: write # Needed for OIDC-related operations.
+  contents: read # Allows reading the content of the repository.
+  pull-requests: read # Allows reading pull request metadata.
+
+# Default settings for all run commands in the workflow jobs.
+defaults:
+  run:
+    shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
+
+jobs:
+  run-test:
+    name: Test
+    uses: ./.github/workflows/test.yaml
+    secrets: inherit

.github/workflows/tag-and-release.yaml

@@ -0,0 +1,46 @@
+name: Publish UDS Dependency Packages
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  tag-new-version:
+    name: Tag New Version
+    permissions: write-all
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create release tag
+        id: tag
+        uses: google-github-actions/release-please-action@v4.0.1
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
+
+  publish-packages:
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
+    runs-on: ubuntu-latest
+    name: Publish Packages
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: ./.github/actions/setup
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: dummy
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish Packages
+        run: uds run publish-packages

.github/workflows/test.yaml

@@ -0,0 +1,49 @@
+name: Test package
+
+on:
+  # Manual trigger
+  workflow_dispatch:
+
+  # Triggered by pull-request-conditionals.yaml
+  workflow_call:
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: test-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 20
+    name: Test
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: ./.github/actions/setup
+
+      - name: Create test bundle
+        run: uds run create-test-bundle
+
+      - name: Setup cluster
+        run: uds run setup-cluster
+
+      - name: Deploy test bundle
+        run: uds run deploy-test-bundle
+
+      - name: Test package
+        run: uds run test-packages
+
+      - name: Cleanup
+        if: always()
+        run: uds run cleanup
+
+      - name: Save logs
+        if: always()
+        uses: ./.github/actions/save-logs

.gitignore

@@ -0,0 +1,28 @@
+**/*.tfstate
+**/*.tfstate.backup
+*.tar.gz
+*.tar.zst
+~/
+.DS_Store
+defense-unicorns-distro/preflight.sh
+.terraform
+tmp
+zarf-sbom
+
+.cache/
+.idea/
+build/
+.DS_Store
+*.tar.zst
+test/tf/public-ec2-instance/.tool-versions
+zarf-sbom
+tmp/
+values-*.yaml
+overlay-values-*
+
+# Terraform
+test/tf/public-ec2-instance/.test-data
+test/tf/public-ec2-instance/.terraform
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.lock.hcl

.pre-commit-config.yaml

@@ -0,0 +1,53 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-added-large-files
+        args: ["--maxkb=1024"]
+      - id: check-merge-conflict
+      - id: detect-aws-credentials
+        args:
+          - "--allow-missing-credentials"
+      - id: detect-private-key
+        exclude: |
+          (?x)^(
+            kustomizations/bigbang/environment-bb/values-bigbang.enc.yaml
+          )$
+      - id: end-of-file-fixer
+        exclude: "^kustomizations/bigbang/vendor/.*$"
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+        exclude: "^kustomizations/bigbang/vendor/.*$"
+        args: [--markdown-linebreak-ext=md]
+      - id: check-yaml
+        exclude: |
+          (?x)^(
+            charts/raw/templates/resources.yaml
+          )$
+        args:
+          - "--allow-multiple-documents"
+  - repo: https://github.com/sirosen/fix-smartquotes
+    rev: 0.2.0
+    hooks:
+      - id: fix-smartquotes
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.24.0
+    hooks:
+      - id: check-jsonschema
+        name: "Validate Zarf Configs Against Schema"
+        files: "zarf.yaml"
+        types: [yaml]
+        args:
+          [
+            "--schemafile",
+            "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.29.1/zarf.schema.json",
+            "--no-cache"
+          ]
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v1.52.3
+    hooks:
+      - id: golangci-lint
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 36.40.0
+    hooks:
+      - id: renovate-config-validator

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+    ".": "0.0.0"
+}

CODEOWNERS

@@ -0,0 +1 @@
+/* @defenseunicorns/uds

bundle/uds-bundle.yaml

@@ -0,0 +1,26 @@
+kind: UDSBundle
+metadata:
+  name: dependency-test
+  description: A UDS bundle for deploying UDS dependencies on a development cluster
+  # x-release-please-start-version
+  version: 0.0.0
+  # x-release-please-end
+
+packages:
+  - name: dev-minio
+    path: ../
+    # x-release-please-start-version
+    ref: 0.0.0
+    # x-release-please-end
+
+  - name: dev-postgres
+    path: ../
+    # x-release-please-start-version
+    ref: 0.0.0
+    # x-release-please-end
+
+  - name: dev-redis
+    path: ../
+    # x-release-please-start-version
+    ref: 0.0.0
+    # x-release-please-end

commitlint.config.js

@@ -0,0 +1 @@
+module.exports = { extends: ["@commitlint/config-conventional"] };

release-please-config.json

@@ -0,0 +1,23 @@
+{
+  "packages": {
+    ".": {
+      "changelog-path": "CHANGELOG.md",
+      "changelog-sections": [
+        { "type": "feat", "section": "Features", "hidden": false },
+        { "type": "fix", "section": "Bug Fixes", "hidden": false },
+        { "type": "chore", "section": "Miscellaneous", "hidden": false }
+      ],
+      "release-type": "simple",
+      "bump-minor-pre-major": true,
+      "bump-patch-for-minor-pre-major": true,
+      "draft": false,
+      "extra-files": [
+        "src/minio/zarf.yaml",
+        "src/postgres/zarf.yaml",
+        "src/redis/zarf.yaml",
+        "bundle/uds-bundle.yaml"
+      ]
+    }
+  },
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}

src/minio/peerauth.yaml

@@ -0,0 +1,8 @@
+apiVersion: security.istio.io/v1beta1
+kind: PeerAuthentication
+metadata:
+  name: minio-istio-exceptions
+  namespace: dev-minio
+spec:
+  mtls:
+    mode: PERMISSIVE

src/minio/validate.yaml

@@ -0,0 +1,9 @@
+tasks:
+  - name: validate
+    actions:
+      - description:
+        wait:
+          cluster:
+            kind: Deployment
+            name: minio
+            namespace: dev-minio

src/minio/values.yaml

@@ -0,0 +1,15 @@
+replicas: 1
+mode: standalone
+
+# Some reasonable requests instead of the bonkers defaults
+resources:
+  requests:
+    memory: 128Mi
+    cpu: 100m
+
+buckets:
+  ###ZARF_VAR_BUCKETS###
+
+postJob:
+  podAnnotations:
+    sidecar.istio.io/inject: "false"