Migrate CRDs from enterprise-contract/enterprise-contract-controller

.github/workflows/checks-codecov.yaml

@@ -69,22 +69,29 @@ jobs:
       - name: Generate
         run: make generate
 
+      - name: Generate CRD manifests
+        run: make crd-generate
+
       # Possibly useful for debugging if the next step produces an error
       - name: Show diff after `make generate`
         run: git diff --stat --patch
 
       - name: Check for uncommitted changes
         run: |
-          if ! git diff --exit-code -s; then
-            for f in $(git diff --exit-code --name-only); do
-              echo "::error file=$f,line=1,col=1,endColumn=1::File was modified in build"
-            done
+          git status --porcelain
+          if ! git diff --exit-code; then
+            echo "::error::Files were modified during build"
+            echo -e "\033[1;33mHint:\033[0m Maybe you need to run \033[1;32mmake all\033[0m"
+            git diff --name-only
             exit 1
           fi
 
       - name: Test
         run: make test
 
+      - name: Test CRDs
+        run: make crd-test
+
       - name: Upload unit test coverage report
         uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
         env:
@@ -109,6 +116,30 @@ jobs:
           files: ./coverage-integration.out
           flags: integration
 
+      - name: Upload CRD test coverage report
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          files: ./crd_cover.out
+          flags: crd
+
+      - name: Upload CRD API test coverage report
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          files: ./api_cover.out
+          flags: crd-api
+
+      - name: Upload CRD schema test coverage report
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          files: ./schema_cover.out
+          flags: crd-schema
+
   Acceptance:
     runs-on: ubuntu-latest
     steps:

.github/workflows/crd-schema.yaml

@@ -0,0 +1,101 @@
+# Copyright The Conforma Contributors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: CRD Validation
+
+"on":
+  pull_request:
+    paths:
+      - "api/v1alpha1/**"
+      - "schema/**"
+      - "config/crd/**"
+      - "tools/crd/**"
+      - ".github/workflows/crd-schema.yaml"
+  push:
+    branches:
+      - main
+    paths:
+      - "api/v1alpha1/**"
+      - "schema/**"
+      - "config/crd/**"
+      - "tools/crd/**"
+      - ".github/workflows/crd-schema.yaml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  crd-validation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+          disable-telemetry: true
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Go environment
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          cache: true
+          go-version-file: go.mod
+
+      - name: Download CRD dependencies
+        run: |
+          go mod download
+          (cd tools/crd && go mod download)
+          (cd api && go mod download)
+          (cd schema && go mod download)
+
+      - name: Generate CRD manifests
+        run: make crd-generate
+
+      - name: Test CRDs
+        run: make crd-test
+
+      - name: Generate CRD documentation
+        run: make crd-docs
+
+      - name: Export CRD Schema
+        run: make crd-export-schema
+
+      - name: Check for uncommitted changes
+        run: |
+          git status --porcelain
+          if ! git diff --exit-code; then
+            echo "::error::CRD files were modified during build"
+            echo -e "\033[1;33mHint:\033[0m Maybe you need to run \033[1;32mmake crd-generate\033[0m or \033[1;32mmake crd-docs\033[0m"
+            git diff --name-only
+            exit 1
+          fi
+
+      - name: Upload generated artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: crd-artifacts
+          path: |
+            config/crd/bases/
+            docs/modules/ROOT/pages/crd-reference.adoc
+            dist/

.github/workflows/release.yaml

@@ -105,11 +105,23 @@ jobs:
         run: |
           go mod download
           (cd tools && go mod download)
+          (cd tools/crd && go mod download)
           (cd acceptance && go mod download)
+          (cd api && go mod download)
+          (cd schema && go mod download)
 
       - name: Build distribution
         run: make dist
 
+      - name: Export CRD schema
+        run: make crd-export-schema
+
+      - name: Upload CRD schema artifact
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: crd-schema
+          path: dist/
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
 
@@ -167,15 +179,22 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         run: hack/stats.sh
 
-      - name: Configure statistics pages
+      - name: Prepare pages content
+        run: |
+          mkdir -p pages
+          cp -r stats/* pages/
+          mkdir -p pages/schema
+          cp dist/* pages/schema/
+
+      - name: Configure pages
         uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
 
-      - name: Upload statistics
+      - name: Upload pages artifact
         uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
-          path: stats
+          path: pages
 
-      - name: Deploy statistics
+      - name: Deploy to GitHub Pages
         uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
 
       - name: Delete snapshot release and tag

Makefile

@@ -375,3 +375,60 @@ bump-minor-version:
 	  git commit $(VERSION_FILE) \
 	    -m "Bump minor version to $$(cat $(VERSION_FILE))" \
 	    -m 'Commit generated with `make bump-minor-version`'
+
+##@ CRD Management
+
+# CRD-related variables
+CRD_ROOT = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+CONTROLLER_GEN = go run -modfile $(CRD_ROOT)tools/crd/go.mod sigs.k8s.io/controller-tools/cmd/controller-gen
+KUSTOMIZE = go run -modfile $(CRD_ROOT)tools/crd/go.mod sigs.k8s.io/kustomize/kustomize/v5
+ENVTEST = go run -modfile $(CRD_ROOT)tools/crd/go.mod sigs.k8s.io/controller-runtime/tools/setup-envtest
+CRD_DEF = ./api/v1alpha1
+
+CRD_GEN_DEPS=\
+ api/v1alpha1/enterprisecontractpolicy_types.go \
+ api/v1alpha1/groupversion_info.go \
+ tools/crd/go.sum
+
+config/crd/bases/%.yaml: $(CRD_GEN_DEPS)
+	$(CONTROLLER_GEN) rbac:roleName=enterprise-contract-role crd webhook paths=./api/... output:crd:artifacts:config=config/crd/bases
+	yq -i 'del(.metadata.annotations["controller-gen.kubebuilder.io/version"])' $@
+
+api/config/%.yaml: config/crd/bases/%.yaml
+	@mkdir -p api/config
+	@cp $< $@
+
+.PHONY: crd-manifests
+crd-manifests: api/config/appstudio.redhat.com_enterprisecontractpolicies.yaml ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+
+.PHONY: crd-generate
+crd-generate: $(CRD_GEN_DEPS) ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths=./api/...
+	cd api && go generate ./...
+
+.PHONY: crd-docs
+crd-docs: $(wildcard $(CRD_DEF)/*.go) ## Generate CRD documentation
+	@go run -modfile tools/crd/go.mod github.com/elastic/crd-ref-docs --max-depth 50 --config=docs/crd/config.yaml --source-path=$(CRD_DEF) --templates-dir=docs/crd/templates --output-path=docs/modules/ROOT/pages/crd-reference.adoc
+
+.PHONY: crd-test
+crd-test: crd-manifests crd-generate ## Run CRD tests.
+	KUBEBUILDER_ASSETS="$$($(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile crd_cover.out
+	cd api && go test ./... -coverprofile ../api_cover.out
+	cd ../schema && go test ./... -coverprofile ../schema_cover.out
+
+.PHONY: crd-export-schema
+crd-export-schema: crd-generate ## Export the CRD schema to the schema directory as a json-store.org schema.
+	@mkdir -p dist
+	cp api/v1alpha1/policy_spec.json dist/
+
+ifndef ignore-not-found
+  ignore-not-found = false
+endif
+
+.PHONY: crd-install
+crd-install: crd-manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: crd-uninstall
+crd-uninstall: crd-manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -