Changes to support crd v1 and pipeline processes

.github/workflows/pr.yml

@@ -16,7 +16,7 @@ jobs:
         run: |
           DEFAULT_QUAY_REGISTRY=${{ github.repository_owner }}/$(basename $GITHUB_REPOSITORY)
           echo "REPOSITORY_NAME=$(basename $GITHUB_REPOSITORY)" |tee -a $GITHUB_ENV
-          echo "QUAY_REGISTRY=${QUAY_REGISTRY:-DEFAULT_QUAY_REGISTRY}" |tee -a $GITHUB_ENV
+          echo "QUAY_REGISTRY=${QUAY_REGISTRY:-$DEFAULT_QUAY_REGISTRY}" |tee -a $GITHUB_ENV
 
       - name: Set up Go 1.x
         uses: actions/setup-go@v2
@@ -36,15 +36,6 @@ jobs:
           mv operator-sdk_linux_amd64 ${HOME}/bin/operator-sdk 
           echo "${HOME}/bin" |tee -a $GITHUB_PATH
 
-      - name: Download compatible Helm version
-        shell: bash
-        env:
-          HELM_VERSION: v3.3.0
-        run: |
-          curl -sSL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar vxz \
-              && sudo mv -v linux-amd64/helm /usr/local/bin/helm \
-              && rm -vrf linux-amd64
-
       - name: build code
         shell: bash
         run: make VERSION=latest
@@ -60,3 +51,29 @@ jobs:
       - name: build chart
         shell: bash
         run: make helmchart VERSION=0.0.1 IMG=quay.io/${QUAY_REGISTRY}:0.0.1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: "Build Operator Image"
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/ppc64le
+          push: false
+          tags: "quay.io/${{ github.repository_owner }}/${{ env.REPOSITORY_NAME }}:v0.0.1"
+
+      - name: "Build Bundle Image"
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./bundle.Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/ppc64le
+          push: false
+          tags: "quay.io/${{ github.repository_owner }}/${{ env.REPOSITORY_NAME }}-bundle:0.0.1"

.github/workflows/push.yml

@@ -65,9 +65,7 @@ jobs:
           echo "BUNDLE_IMAGE_TAG=${GITHUB_REF/refs\/tags\//}" |tee -a $GITHUB_ENV
           export TAG=${GITHUB_REF/refs\/tags\//}
           echo "BUNDLE_VERSION=${TAG:1}" |tee -a $GITHUB_ENV
-          # Checking Semantic Versioning using official guide here: https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string .
-          SEMANTICREGEX='^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$'
-          export SEMVER_COMPLIANT=$(echo ${TAG:1} | grep -Po $SEMANTICREGEX)
+          export SEMVER_COMPLIANT=$(echo ${TAG:1} | egrep '^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$')
           if [ -z "$SEMVER_COMPLIANT" ]; then   echo "invalid semver tag ${GITHUB_REF/refs\/tags\//}"; exit 1; fi
       - name: Get most recent tag
         uses: actions-ecosystem/action-get-latest-tag@v1
@@ -102,6 +100,12 @@ jobs:
         run: |
           make bundle IMG=quay.io/${QUAY_REGISTRY}:${OPERATOR_IMAGE_TAG} VERSION=${BUNDLE_VERSION} DEFAULT_CHANNEL=alpha
 
+      - name: process bundle for disconnected support
+        uses: redhat-cop/github-actions/disconnected-csv@master
+        with:
+          CSV_FILE: bundle/manifests/${{ env.REPOSITORY_NAME }}.clusterserviceversion.yaml
+          TAGS_TO_DIGESTS: ${OPERATOR_IMAGE_TAG}
+
       - name: verify bundle
         shell: bash
         run: operator-sdk bundle validate ./bundle --select-optional name=operatorhub
@@ -112,6 +116,8 @@ jobs:
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
@@ -128,6 +134,7 @@ jobs:
         with:
           context: .
           file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/ppc64le
           push: true
           tags: "quay.io/${{ env.QUAY_REGISTRY }}:latest,quay.io/${{ env.QUAY_REGISTRY }}:${{ env.OPERATOR_IMAGE_TAG }}"
 
@@ -147,6 +154,7 @@ jobs:
         with:
           context: .
           file: ./bundle.Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/ppc64le
           push: true
           tags: "quay.io/${{ env.QUAY_REGISTRY }}-bundle:latest,quay.io/${{ env.QUAY_REGISTRY }}-bundle:${{ env.BUNDLE_IMAGE_TAG }}"
 
@@ -287,11 +295,12 @@ jobs:
         run: |
           export TAG=${GITHUB_REF/refs\/tags\//}
           echo "VERSION=${TAG:1}" |tee -a $GITHUB_ENV
-      - name: checkout community-operators
+
+      - name: checkout community-operators-prod
         uses: actions/checkout@v2
         with:
-          repository: operator-framework/community-operators
-          path: ./tmp/community-operators
+          repository: redhat-openshift-ecosystem/community-operators-prod
+          path: ./tmp/community-operators-prod
 
       - name: check whether it is first release
         shell: bash
@@ -303,140 +312,117 @@ jobs:
         shell: bash
         env:
           QUAY_REGISTRY: "${{ env.QUAY_REGISTRY }}"
-          REPOSITORY_NAME: "${{ env.REPOSITORY_NAME }}"
-          OPERATOR_IMAGE_TAG: "v${{ env.VERSION }}"
         run: |
           make bundle IMG=quay.io/${QUAY_REGISTRY}:v${VERSION} VERSION=${VERSION} DEFAULT_CHANNEL=alpha
-          ./hack/update_csv.sh
           sed  's/bundle\///g' bundle.Dockerfile > bundle/Dockerfile
           sed -i '/replaces: '"$(basename $GITHUB_REPOSITORY)"'/d' ./bundle/manifests/$(basename $GITHUB_REPOSITORY).clusterserviceversion.yaml
-          mkdir -p ./tmp/community-operators/community-operators/$(basename $GITHUB_REPOSITORY)/${VERSION}
-          /bin/cp -v -R ./bundle/* ./tmp/community-operators/community-operators/$(basename $GITHUB_REPOSITORY)/${VERSION}
+          mkdir -p ./tmp/community-operators-prod/operators/$(basename $GITHUB_REPOSITORY)/${VERSION}
+          /bin/cp -v -R ./bundle/* ./tmp/community-operators-prod/operators/$(basename $GITHUB_REPOSITORY)/${VERSION}
+
+      - name: process bundle for disconnected support
+        uses: redhat-cop/github-actions/disconnected-csv@master
+        with:
+          CSV_FILE: "./tmp/community-operators-prod/operators/${{ env.REPOSITORY_NAME }}/${{ env.VERSION }}/manifests/${{ env.REPOSITORY_NAME }}.clusterserviceversion.yaml"
+          TAGS_TO_DIGESTS: ${OPERATOR_IMAGE_TAG}
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v3
         if: ${{ startsWith( env.first_release, 'true' ) }}
         with:
-          path: ./tmp/community-operators
+          path: ./tmp/community-operators-prod
           commit-message: ${{ env.REPOSITORY_NAME }} release ${{ env.VERSION }}
           committer: ${{ github.actor }} <andy.block@gmail.com>
           author: ${{ github.actor }} <andy.block@gmail.com>
           signoff: true
           branch: ${{ env.REPOSITORY_NAME }}-${{ env.VERSION }}
           delete-branch: true
-          push-to-fork: ${{ github.repository_owner }}/community-operators
+          push-to-fork: ${{ github.repository_owner }}/community-operators-prod
           title: ${{ env.REPOSITORY_NAME }} initial commit
           body: |
             ### New Submissions
-
             * [x] Has you operator [nested directory structure](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#create-a-bundle)?
             * [x] Have you selected the Project *Community Operator Submissions* in your PR on the right-hand menu bar?
             * [x] Are you familiar with our [contribution guidelines](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md)?
             * [x] Have you [packaged and deployed](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md) your Operator for Operator Framework?
             * [x] Have you tested your Operator with all Custom Resource Definitions?
             * [x] Have you tested your Operator in all supported [installation modes](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md#operator-metadata)?
             * [x] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
-
             ### Updates to existing Operators
-
             * [ ] Is your new CSV pointing to the previous version with the `replaces` property?
             * [ ] Is your new CSV referenced in the [appropriate channel](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#bundle-format) defined in the `package.yaml` ?
             * [ ] Have you tested an update to your Operator when deployed via OLM?
             * [ ] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
-
             ### Your submission should not
-
             * [x] Modify more than one operator
             * [x] Modify an Operator you don't own
             * [x] Rename an operator - please remove and add with a different name instead
             * [x] Submit operators to both `upstream-community-operators` and `community-operators` at once
             * [x] Modify any files outside the above mentioned folders
             * [x] Contain more than one commit. **Please squash your commits.**
-
             ### Operator Description must contain (in order)
-
             1. [x] Description about the managed Application and where to find more information
             2. [x] Features and capabilities of your Operator and how to use it
             3. [x] Any manual steps about potential pre-requisites for using your Operator
-
             ### Operator Metadata should contain
-
             * [x] Human readable name and 1-liner description about your Operator
             * [x] Valid [category name](https://github.com/operator-framework/community-operators/blob/master/docs/required-fields.md#categories)<sup>1</sup>
             * [x] One of the pre-defined [capability levels](https://github.com/operator-framework/operator-courier/blob/4d1a25d2c8d52f7de6297ec18d8afd6521236aa2/operatorcourier/validate.py#L556)<sup>2</sup>
             * [x] Links to the maintainer, source code and documentation
             * [x] Example templates for all Custom Resource Definitions intended to be used
             * [x] A quadratic logo
-
             Remember that you can preview your CSV [here](https://operatorhub.io/preview).
-
             --
-
             <sup>1</sup> If you feel your Operator does not fit any of the pre-defined categories, file a PR against this repo and explain your need
-
             <sup>2</sup> For more information see [here](https://github.com/operator-framework/operator-sdk/blob/master/doc/images/operator-capability-level.svg)
           token: ${{ secrets.COMMUNITY_OPERATOR_PAT }}
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v3
         if: ${{ ! startsWith( env.first_release, 'true' ) }}
         with:
-          path: ./tmp/community-operators
+          path: ./tmp/community-operators-prod
           commit-message: ${{ env.REPOSITORY_NAME }} release ${{ env.VERSION }}
           committer: ${{ github.actor }} <andy.block@gmail.com>
           author: ${{ github.actor }} <andy.block@gmail.com>
           signoff: true
           branch: ${{ env.REPOSITORY_NAME }}-${{ env.VERSION }}
           delete-branch: true
-          push-to-fork: ${{ github.repository_owner }}/community-operators
+          push-to-fork: ${{ github.repository_owner }}/community-operators-prod
           title: ${{ env.REPOSITORY_NAME }} new version ${{ env.VERSION }}
           body: |
             ### New Submissions
-
             * [ ] Has you operator [nested directory structure](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#create-a-bundle)?
             * [ ] Have you selected the Project *Community Operator Submissions* in your PR on the right-hand menu bar?
             * [ ] Are you familiar with our [contribution guidelines](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md)?
             * [ ] Have you [packaged and deployed](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md) your Operator for Operator Framework?
             * [ ] Have you tested your Operator with all Custom Resource Definitions?
             * [ ] Have you tested your Operator in all supported [installation modes](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/building-your-csv.md#operator-metadata)?
             * [ ] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
-
             ### Updates to existing Operators
-
             * [x] Is your new CSV pointing to the previous version with the `replaces` property?
             * [x] Is your new CSV referenced in the [appropriate channel](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#bundle-format) defined in the `package.yaml` ?
             * [ ] Have you tested an update to your Operator when deployed via OLM?
             * [x] Is your submission [signed](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#sign-your-work)?
-
             ### Your submission should not
-
             * [x] Modify more than one operator
             * [x] Modify an Operator you don't own
             * [x] Rename an operator - please remove and add with a different name instead
             * [x] Submit operators to both `upstream-community-operators` and `community-operators` at once
             * [x] Modify any files outside the above mentioned folders
             * [x] Contain more than one commit. **Please squash your commits.**
-
             ### Operator Description must contain (in order)
-
             1. [x] Description about the managed Application and where to find more information
             2. [x] Features and capabilities of your Operator and how to use it
             3. [x] Any manual steps about potential pre-requisites for using your Operator
-
             ### Operator Metadata should contain
-
             * [x] Human readable name and 1-liner description about your Operator
             * [x] Valid [category name](https://github.com/operator-framework/community-operators/blob/master/docs/required-fields.md#categories)<sup>1</sup>
             * [x] One of the pre-defined [capability levels](https://github.com/operator-framework/operator-courier/blob/4d1a25d2c8d52f7de6297ec18d8afd6521236aa2/operatorcourier/validate.py#L556)<sup>2</sup>
             * [x] Links to the maintainer, source code and documentation
             * [x] Example templates for all Custom Resource Definitions intended to be used
             * [x] A quadratic logo
-
             Remember that you can preview your CSV [here](https://operatorhub.io/preview).
-
             --
-
             <sup>1</sup> If you feel your Operator does not fit any of the pre-defined categories, file a PR against this repo and explain your need
-
             <sup>2</sup> For more information see [here](https://github.com/operator-framework/operator-sdk/blob/master/doc/images/operator-capability-level.svg)
           token: ${{ secrets.COMMUNITY_OPERATOR_PAT }}

Dockerfile

@@ -16,7 +16,7 @@ COPY controllers/ controllers/
 COPY pkg/ pkg/ 
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

README.md

@@ -492,6 +492,15 @@ It is recommended to deploy this operator via [`OperatorHub`](https://operatorhu
 
 If you want to utilize the Operator Lifecycle Manager (OLM) to install this operator, you can do so in two ways: from the UI or the CLI.
 
+### Multiarch Support
+
+| Arch  | Support  |
+|:-:|:-:|
+| amd64  | ✅ |
+| arm64  | ✅  |
+| ppc64le  | ✅  |
+| s390x  | ❌  |
+
 #### Deploying from OperatorHub UI
 
 * If you would like to launch this operator from the UI, you'll need to navigate to the OperatorHub tab in the console.

config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml

@@ -538,6 +538,9 @@ spec:
                           extractLoginUsername:
                             description: ExtractLoginUsername is true if Okta username's are defaulted to emails and you would like the username only
                             type: boolean
+                          groupLimit:
+                            description: GroupLimit is the maximum number of groups that can be synced. Default is "1000"
+                            type: integer
                           groups:
                             description: Groups represents a filtered list of groups to synchronize
                             items:
@@ -549,9 +552,6 @@ spec:
                           url:
                             description: URL is the location of the Okta domain server
                             type: string
-                          groupLimit:
-                            description: The maximum number of groups that can be synced
-                            type: integer
                         required:
                           - appId
                           - credentialsSecret

config/crd/patches/cainjection_in_groupsyncs.yaml

@@ -1,6 +1,5 @@
 # The following patch adds a directive for certmanager to inject CA into the CRD
-# CRD conversion requires k8s 1.13 or later.
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:

config/crd/patches/webhook_in_groupsyncs.yaml

@@ -1,17 +1,14 @@
 # The following patch enables conversion webhook for CRD
-# CRD conversion requires k8s 1.13 or later.
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: groupsyncs.redhatcop.redhat.io
 spec:
   conversion:
     strategy: Webhook
-    webhookClientConfig:
-      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
-      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
-      caBundle: Cg==
-      service:
-        namespace: system
-        name: webhook-service
-        path: /convert
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert

config/default/manager_auth_proxy_patch.yaml

@@ -10,7 +10,7 @@ spec:
     spec:
       containers:
         - name: kube-rbac-proxy
-          image: quay.io/coreos/kube-rbac-proxy:v0.5.0
+          image: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:6d57bfd91fac9b68eb72d27226bc297472ceb136c996628b845ecc54a48b31cb
           args:
             - "--secure-listen-address=0.0.0.0:8443"
             - "--upstream=http://127.0.0.1:8080/"

config/helmchart/templates/_helpers.tpl

@@ -57,4 +57,15 @@ Service Acount Name
 */}}
 {{- define "group-sync-operator.serviceAccountName" -}}
 {{- printf "%s-%s" (include "group-sync-operator.name" .) "controller-manager" }}
-{{- end }}
+{{- end }}
+
+{{/*
+Create the image path for the passed in image field
+*/}}
+{{- define "group-sync-operator.image" -}}
+{{- if eq (substr 0 7 .version) "sha256:" -}}
+{{- printf "%s@%s" .repository .version -}}
+{{- else -}}
+{{- printf "%s:%s" .repository .version -}}
+{{- end -}}
+{{- end -}}