Merge branch 'fluxcd:main' into disable-http-scheme-flag

.github/workflows/cifuzz.yaml

@@ -13,12 +13,19 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v3
+    - name: Setup Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.19.x
+    - id: go-env
+      run: |
+        echo "::set-output name=go-mod-cache::$(go env GOMODCACHE)"
     - name: Restore Go cache
       uses: actions/cache@v3
       with:
-        path: /home/runner/work/_temp/_github_home/go/pkg/mod
+        path: ${{ steps.go-env.outputs.go-mod-cache }}
         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
         restore-keys: |
-          ${{ runner.os }}-go-
+          ${{ runner.os }}-go
     - name: Smoke test Fuzzers
       run: make fuzz-smoketest

.github/workflows/e2e.yaml

@@ -41,7 +41,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Setup Kubernetes
         uses: engineerd/[email protected]
         with:

.github/workflows/scan.yml

@@ -30,6 +30,10 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19.x
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:

CHANGELOG.md

@@ -2,6 +2,93 @@
 
 All notable changes to this project are documented in this file.
 
+## 0.28.0
+
+**Release date:** 2022-10-20
+
+This prerelease comes with a new Alert Provider type named `generic-hmac`
+for authenticating the webhook requests coming from notification-controller.
+
+In addition, the controller dependencies have been updated to Kubernetes v1.25.3.
+The `golang.org/x/text` package was updated to v0.4.0 (fix for CVE-2022-32149).
+
+Features:
+* Add `generic-hmac` Provider
+  [#426](https://github.com/fluxcd/notification-controller/pull/426)
+
+Improvements:
+* Update dependencies
+  [#430](https://github.com/fluxcd/notification-controller/pull/430)
+
+## 0.27.0
+
+**Release date:** 2022-09-27
+
+This prerelease comes with strict validation rules for API fields which define a
+(time) duration. Effectively, this means values without a time unit (e.g. `ms`,
+`s`, `m`, `h`) will now be rejected by the API server. To stimulate sane
+configurations, the units `ns`, `us` and `µs` can no longer be configured, nor
+can `h` be set for fields defining a timeout value.
+
+In addition, the controller dependencies have been updated
+to Kubernetes controller-runtime v0.13.
+
+:warning: **Breaking changes:**
+- `Provider.spec.timeout` new validation pattern is `"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"`
+
+Improvements:
+* api: add custom validation for v1.Duration types
+  [#420](https://github.com/fluxcd/notification-controller/pull/420)
+* Update dependencies
+  [#423](https://github.com/fluxcd/notification-controller/pull/423)
+* Dockerfile: Build with Go 1.19
+  [#424](https://github.com/fluxcd/notification-controller/pull/424)
+* docs: Fix table with git commit status providers
+  [#421](https://github.com/fluxcd/notification-controller/pull/421)
+
+## 0.26.0
+
+**Release date:** 2022-09-12
+
+This prerelease comes with with finalizers to properly record the reconciliation metrics
+for deleted resources. In addition, the controller dependencies have been updated
+to Kubernetes controller-runtime v0.12.
+
+:warning: **Breaking change:** The controller logs have been aligned
+with the Kubernetes structured logging. For more details on the new logging
+structure please see: [fluxcd/flux2#3051](https://github.com/fluxcd/flux2/issues/3051).
+
+Improvements:
+* Align controller logs to Kubernetes structured logging
+  [#412](https://github.com/fluxcd/notification-controller/pull/412)
+* Add finalizers to the custom resources
+  [#416](https://github.com/fluxcd/notification-controller/pull/416)
+* Add `.spec.timeout` to the Provider API
+  [#410](https://github.com/fluxcd/notification-controller/pull/410)
+* Refactor Fuzzers based on Go native fuzzing
+  [#414](https://github.com/fluxcd/notification-controller/pull/414)
+* Fuzz optimisations
+  [#413](https://github.com/fluxcd/notification-controller/pull/413)
+
+## 0.25.2
+
+**Release date:** 2022-08-29
+
+This prerelease comes with panic recovery, to protect the controller
+from crashing when reconciliations lead to a crash.
+
+In addition, the controller dependencies have been updated to Kubernetes v1.25.0.
+
+Fixes:
+* Fix context cancel defer for commit status updates
+  [#408](https://github.com/fluxcd/notification-controller/pull/408)
+
+Improvements:
+* Enables RecoverPanic option on reconcilers
+  [#403](https://github.com/fluxcd/notification-controller/pull/403)
+* Update Kubernetes packages to v1.25.0
+  [#407](https://github.com/fluxcd/notification-controller/pull/407)
+
 ## 0.25.1
 
 **Release date:** 2022-08-11

DEVELOPMENT.md

@@ -1,6 +1,6 @@
 # Development
 
-> **Note:** Please take a look at <https://fluxcd.io/docs/contributing/flux/>
+> **Note:** Please take a look at <https://fluxcd.io/contributing/flux/>
 > to find out about how to contribute to Flux and how to interact with the
 > Flux Development team.
 

Dockerfile

@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.18
+ARG GO_VERSION=1.19
 ARG XX_VERSION=1.1.0
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
@@ -29,7 +29,7 @@ COPY internal/ internal/
 
 # build
 ENV CGO_ENABLED=0
-RUN xx-go build -a -o notification-controller main.go
+RUN xx-go build -trimpath -a -o notification-controller main.go
 
 FROM alpine:3.16
 

Makefile

@@ -19,6 +19,10 @@ BUILD_PLATFORMS ?= linux/amd64
 # Architecture to use envtest with
 ENVTEST_ARCH ?= amd64
 
+# FUZZ_TIME defines the max amount of time, in Go Duration,
+# each fuzzer should run for.
+FUZZ_TIME ?= 1m
+
 all: manager
 
 # Run tests
@@ -76,8 +80,8 @@ api-docs: gen-crd-api-reference-docs
 
 # Run go mod tidy
 tidy:
-	cd api; rm -f go.sum; go mod tidy -compat=1.18
-	rm -f go.sum; go mod tidy -compat=1.18
+	cd api; rm -f go.sum; go mod tidy -compat=1.19
+	rm -f go.sum; go mod tidy -compat=1.19
 
 # Run go fmt against code
 fmt:
@@ -109,31 +113,38 @@ docker-push:
 docker-deploy:
 	kubectl -n flux-system set image deployment/notification-controller manager=${IMG}
 
-# Build fuzzers
+# Build fuzzers used by oss-fuzz.
 fuzz-build:
 	rm -rf $(shell pwd)/build/fuzz/
 	mkdir -p $(shell pwd)/build/fuzz/out/
 
-	docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
+	docker build . --pull --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
 	docker run --rm \
 		-e FUZZING_LANGUAGE=go -e SANITIZER=address \
 		-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
+		-v "$(shell go env GOMODCACHE):/root/go/pkg/mod" \
 		-v "$(shell pwd)/build/fuzz/out":/out \
 		local-fuzzing:latest
 
-# Run each fuzzer once to ensure they are working
+# Run each fuzzer once to ensure they will work when executed by oss-fuzz.
 fuzz-smoketest: fuzz-build
 	docker run --rm \
 		-v "$(shell pwd)/build/fuzz/out":/out \
 		-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
 		local-fuzzing:latest \
 		bash -c "/runner.sh"
 
+# Run fuzz tests for the duration set in FUZZ_TIME.
+fuzz-native: 
+	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) \
+	FUZZ_TIME=$(FUZZ_TIME) \
+		./tests/fuzz/native_go_run.sh
+
 # Find or download controller-gen
 CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
 .PHONY: controller-gen
 controller-gen: ## Download controller-gen locally if necessary.
-	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0)
+	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0)
 
 # Find or download gen-crd-api-reference-docs
 GEN_CRD_API_REFERENCE_DOCS = $(shell pwd)/bin/gen-crd-api-reference-docs

README.md

@@ -6,7 +6,7 @@
 [![license](https://img.shields.io/github/license/fluxcd/notification-controller.svg)](https://github.com/fluxcd/notification-controller/blob/main/LICENSE)
 [![release](https://img.shields.io/github/release/fluxcd/notification-controller/all.svg)](https://github.com/fluxcd/notification-controller/releases)
 
-Event forwarder and notification dispatcher for the [GitOps Toolkit](https://fluxcd.io/docs/components/) controllers.
+Event forwarder and notification dispatcher for the [GitOps Toolkit](https://fluxcd.io/flux/components/) controllers.
 The notification-controller is an implementation of the [notification.toolkit.fluxcd.io](docs/spec/v1beta1/README.md)
 API based on the specifications described in the [RFC](docs/spec/README.md).
 

api/go.mod

@@ -3,27 +3,30 @@ module github.com/fluxcd/notification-controller/api
 go 1.18
 
 require (
-	github.com/fluxcd/pkg/apis/meta v0.14.2
-	k8s.io/apimachinery v0.24.1
-	sigs.k8s.io/controller-runtime v0.11.2
+	github.com/fluxcd/pkg/apis/meta v0.17.0
+	k8s.io/apimachinery v0.25.3
+	sigs.k8s.io/controller-runtime v0.13.0
 )
 
+// Fix CVE-2022-32149
+replace golang.org/x/text => golang.org/x/text v0.4.0
+
 // Fix CVE-2022-28948
 replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
 
 require (
-	github.com/go-logr/logr v1.2.2 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
 	golang.org/x/text v0.3.7 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/klog/v2 v2.60.1 // indirect
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
-	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	k8s.io/klog/v2 v2.70.1 // indirect
+	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )