Merge pull request #445 from LF-Decentralized-Trust-labs/gitops-operator

Update Paladin configurations and add VS Code launch configurations

.github/README.md

@@ -0,0 +1,66 @@
+# Workflow Overview
+
+This repository is equipped with automated workflows that streamline key processes for PRs, changes to the `main` branch, and releases. These workflows ensure smooth development, testing, and deployment cycles.
+
+## PR Opened 🚦
+When a developer opens a PR, several automated checks are triggered to validate the changes:
+
+- **[Build the Project](workflows/paladin-PR-build.yml):**  
+  Runs essential tasks to ensure code quality and reliability:
+  - **Build and Test:** Compiles the code and runs tests for all subdirectories.
+  - **[Build Docker Images](workflows/build-image.yaml):** Builds Docker images based on PR changes for local validation.  
+    > **Note:** These images are **not published** to a registry.
+  - **[Template the Helm Chart](workflows/build-chart.yaml):** Rebuilds and validates Helm charts for correctness.  
+    > **Note:** Charts are **not published** but tested locally.
+
+
+## Changes Pushed to Main 🌟
+Once changes are merged into the `main` branch, workflows prepare the project for production:
+
+- **[Build the Project](workflows/paladin-PR-build.yml):**  
+  Similar to PR checks, this ensures the integrity of the main branch:
+  - **Build and Test:** Compiles code and runs tests for all subdirectories.
+
+- **[Publish Docker Images](workflows/cross-build-images.yaml):**  
+  Produces production-grade, cross-platform Docker images and publishes them to the container registry:
+  - **Registry:** `ghcr.io/<repository-owner>`
+  - **Tagging:** Images are tagged with `main`.
+
+- **[Update Documentation](workflows/docs.yaml):**  
+  Detects documentation updates and publishes the latest content to the documentation site.
+
+
+## Release Time 🚀
+Releases deliver artifacts and resources to users and deployment targets through these workflows:
+
+- **[Release Orchestrator](workflows/release.yaml):**  
+  Triggered by a version tag (e.g., `v1.2.3`), this workflow coordinates all release activities:
+  - **[Release Docker Images](workflows/release-images.yaml):**  
+    Builds and **publishes Docker images** tagged with the release version (e.g., `v1.2.3`) and `latest`.
+    - **Registries:** 
+      - `ghcr.io/<repository-owner>`.
+      - `docker.io/<repository-owner>`.
+    > `latest` is configurable 
+  - **[Release Helm Chart](workflows/release-charts.yaml):**
+    Packages and **publishes Helm charts** to the chart repository tagged with the release version (e.g., `v1.2.3`) and `latest`.
+    > `latest` is configurable 
+  - **[Release TypeScript SDK](workflows/release-typescript-sdk.yaml):**  
+    Updates and **publishes the TypeScript SDK** to its registry:
+    - **Version:** Defined in [package.json](../sdk/typescript/package.json).
+
+### Releasing Options: 
+1. **Automatic:** Push a Git tag in the format `vX.Y.Z` (e.g., `v1.2.3`), and the workflows handle the release, marking it as the latest.
+2. **Manual:** Trigger the [release workflow](https://github.com/LF-Decentralized-Trust-labs/paladin/actions/workflows/release.yaml) via the GitHub Actions interface, specifying the version and selecting the "latest" option if needed.
+
+
+## Manual Actions 🛠️
+Workflows can also be triggered manually when needed. Available options include:
+
+- **[Release Orchestrator](workflows/release.yaml)**
+- **[Release Docker Images](workflows/release-images.yaml)**
+- **[Release Helm Chart](workflows/release-charts.yaml)**
+- **[Release TypeScript SDK](workflows/release-typescript-sdk.yaml)**
+- **[Build Helm Chart](workflows/build-chart.yaml)**
+- **[Build Docker Images](workflows/build-image.yaml)**  
+- **[Cross-Platform Docker Image Build](workflows/cross-build-images.yaml)**  
+

.github/workflows/release-charts.yaml

@@ -1,5 +1,10 @@
 name: Helm Chart release
 
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+
 on:
   workflow_call:
     inputs:
@@ -135,8 +140,23 @@ jobs:
       - name: Run chart-releaser
         uses: helm/[email protected]
         with:
-          mark_as_latest: ${{ inputs.latest }}
+          mark_as_latest: false # the release is marked as latest in the next step
           charts_dir: "operator/charts"
           skip_existing: true
         env: 
           CR_TOKEN: "${{ env.CR_TOKEN }}"
+
+      - name: Prepare CRs artifacts
+        run: ./gradlew prepareArtifacts -PartifactDir=${{ github.workspace }}/artifacts
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ inputs.chart_tag }}
+          body: "Release ${{ inputs.chart_tag }}"
+          generate_release_notes: true
+          make_latest: ${{ inputs.latest }}
+          files: |
+            ${{ github.workspace }}/artifacts/basenet.yaml
+            ${{ github.workspace }}/artifacts/devnet.yaml
+            ${{ github.workspace }}/artifacts/artifacts.tar.gz
+ 

.github/workflows/release-typescript-sdk.yaml

@@ -30,6 +30,7 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Publish to npm
+        continue-on-error: true # this can fail if the version is already published
         working-directory: sdk/typescript
         shell: bash
         run: |

operator/.gitignore

@@ -21,7 +21,6 @@ go.work
 
 # editor and IDE paraphernalia
 .idea
-.vscode
 *.swp
 *.swo
 *~
@@ -37,4 +36,8 @@ manager
 
 # Generated by gradle
 **/charts/paladin-operator/templates/samples/*.yaml
-**/charts/paladin-operator-crd/templates/*.yaml
+**/charts/paladin-operator-crd/templates/*.yaml
+
+**/artifacts/**
+
+**/__snapshot__/**

operator/.golangci.yml

@@ -15,6 +15,12 @@ issues:
     - path: "internal/*"
       linters:
         - dupl
+    - path: ".*_test.go"
+      linters:
+        - errcheck
+    - path: "contractpkg/*"
+      linters:
+        - errcheck
 linters:
   disable-all: true
   enable:
@@ -32,7 +38,6 @@ linters:
     - misspell
     - nakedret
     - prealloc
-    - staticcheck
     - typecheck
     - unconvert
     - unparam

operator/.vscode/launch.json

@@ -0,0 +1,55 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+      {
+        "name": "Run Controller",
+        "type": "go",
+        "preLaunchTask": "check-running-on-kind",
+        "request": "launch",
+        "mode": "debug",
+        "program": "${workspaceFolder}/cmd/main.go",
+        "env": { 
+            "KUBE_LOCAL": "true",
+            "WATCH_NAMESPACE": "default"
+        },
+        "presentation": {
+            "hidden": false
+        }
+      },
+      {
+        "name": "Run Contract Generator",
+        "type": "go",
+        "request": "launch",
+        "mode": "auto",
+        "program": "${workspaceFolder}/contractpkg",
+        "args": [
+          "generate",
+          "contract_map.json"
+        ]
+      },
+      {
+        "name": "Run Temaplte Generator",
+        "type": "go",
+        "request": "launch",
+        "mode": "auto",
+        "program": "${workspaceFolder}/contractpkg",
+        "args": [
+          "template",
+          "../config/samples",
+          "../charts/paladin-operator/templates/samples"
+        ]
+      },
+      {
+        "name": "Run Artifacts Generator",
+        "type": "go",
+        "request": "launch",
+        "mode": "auto",
+        "program": "${workspaceFolder}/contractpkg",
+        "args": [
+          "combine",
+          "../config/samples",
+          "../artifacts"
+        ]
+      }
+    ]
+  }

operator/Makefile

@@ -125,7 +125,7 @@ kind-delete: ## Delete the Kind cluster.
 
 ##@ Build
 .PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
+build: manifests generate fmt vet test ## Build manager binary.
 	go build -o bin/manager cmd/main.go
 
 .PHONY: run 

operator/api/v1alpha1/paladin_types.go

@@ -33,13 +33,20 @@ type PaladinSpec struct {
 	// Adds signing modules that load their key materials from a k8s secret
 	SecretBackedSigners []SecretBackedSigner `json:"secretBackedSigners,omitempty"`
 
-	// Optionally bind to a local besu node deployed with this operator
-	// (vs. configuring a connection to a production blockchain network)
+	// Deprecated: Use 'baseLedgerEndpoint' instead. Example:
+	// { "baseLedgerEndpoint": {"type": "local", "local": {"nodeName": "node-name"}} }
+	//
+	// Optionally bind to a local Besu node deployed with this operator
+	// (vs. configuring a connection to a production blockchain network).
+	// +optional
 	BesuNode string `json:"besuNode,omitempty"`
 
-	// AuthConfig is used to provide authentication details for blockchain connections
-	// If this is set, it will override the auth details in the config
-	AuthConfig *AuthConfig `json:"authConfig,omitempty"`
+	// Deprecated: Use 'baseLedgerEndpoint' instead. Example:
+	// { "baseLedgerEndpoint": {"type": "network", "network": {"auth": {}}} }
+	AuthConfig *Auth `json:"authConfig,omitempty"`
+
+	// BaseLedgerEndpoint specifies the base endpoint for the ledger
+	BaseLedgerEndpoint *BaseLedgerEndpoint `json:"baseLedgerEndpoint,omitempty"`
 
 	// Optionally tune the service definition.
 	// We merge any configuration you add (such as node ports) for the following services:
@@ -56,6 +63,39 @@ type PaladinSpec struct {
 	// Transports are configured individually on each node, as they reference security details specific to that node
 	Transports []TransportConfig `json:"transports"`
 }
+type BaseLedgerEndpointType string
+
+const (
+	EndpointTypeLocal   BaseLedgerEndpointType = "local"
+	EndpointTypeNetwork BaseLedgerEndpointType = "endpoint"
+)
+
+type BaseLedgerEndpoint struct {
+	// Type specifies the type of the endpoint.
+	// +kubebuilder:validation:Enum=local;network
+	Type BaseLedgerEndpointType `json:"type"`
+
+	// Local specifies the configuration when the type is 'local'.
+	// +optional
+	Local *LocalLedgerEndpoint `json:"local,omitempty"`
+
+	// Network specifies the configuration when the type is 'network'.
+	// +optional
+	Endpoint *NetworkLedgerEndpoint `json:"endpoint,omitempty"`
+}
+
+// LocalLedgerEndpoint defines the configuration for local endpoints.
+type LocalLedgerEndpoint struct {
+	// NodeName specifies the name of the local node.
+	NodeName string `json:"nodeName"`
+}
+
+// NetworkLedgerEndpoint defines the configuration for network endpoints.
+type NetworkLedgerEndpoint struct {
+	JSONRPC string `json:"jsonrpc"`
+	WS      string `json:"ws"`
+	Auth    *Auth  `json:"auth,omitempty"`
+}
 
 type LabelReference struct {
 	// Label selectors provide a flexible many-to-many mapping between nodes and domains in a namespace.
@@ -143,17 +183,21 @@ type SecretBackedSigner struct {
 	KeySelector string `json:"keySelector"`
 }
 
-type AuthMethod string
+type AuthType string
 
-const AuthMethodSecret AuthMethod = "secret"
+const (
+	// AuthTypeSecret is used to authenticate with a secret
+	// The secret must contain keys "username" and "password"
+	AuthTypeSecret AuthType = "secret"
+)
 
-type AuthConfig struct {
+type Auth struct {
 	// auth method to use for the connection
 	// +kubebuilder:validation:Enum=secret
-	AuthMethod AuthMethod `json:"authMethod"`
+	Type AuthType `json:"type"`
 
-	// SecretAuth is used to provide the name of the secret to use for authentication
-	AuthSecret *AuthSecret `json:"authSecret,omitempty"`
+	// Secret is used to provide the name of the secret to use for authentication
+	Secret *AuthSecret `json:"secretRef,omitempty"`
 }
 
 type AuthSecret struct {