diff --git a/docs/5-zarf-tutorials/8-custom-init-packages.md b/docs/5-zarf-tutorials/8-custom-init-packages.md index 6f2e455b68..a99ebc1b59 100644 --- a/docs/5-zarf-tutorials/8-custom-init-packages.md +++ b/docs/5-zarf-tutorials/8-custom-init-packages.md @@ -91,11 +91,10 @@ $ zarf package create . \ --set REGISTRY_IMAGE_TAG=2.8.3 \ --set REGISTRY_IMAGE="opensource/registry" \ --set REGISTRY_IMAGE_DOMAIN="custom.enterprise.corp" \ ---set GITEA_IMAGE="custom.enterprise.corp/opensource/gitea" \ ---set GITEA_SERVER_VERSION="v1.19.3" +--set GITEA_IMAGE="custom.enterprise.corp/opensource/gitea:v1.21.0-rootless" ``` -⚠️ - The Gitea image and version are different than the Agent and Registry in that Zarf will always prefer the `rootless` version of a given server image. This means that the above reference would template out to be `custom.enterprise.corp/opensource/gitea:v1.19.3-rootless`. If you need to change this, edit the `packages/gitea` package. +⚠️ - The Gitea image is different from the Agent and Registry in that Zarf will always prefer the `rootless` version of a given server image. The image no longer must be tagged with `-rootless`, but it still needs to implement the [Gitea configuration of a rootless image](https://github.com/go-gitea/gitea/blob/main/Dockerfile.rootless). If you need to change this, edit the `packages/gitea` package. You can find all of the `--set` configurations by looking at the `zarf-config.toml` in the root of the repository. diff --git a/packages/gitea/gitea-values.yaml b/packages/gitea/gitea-values.yaml index d8b4aa8c22..4a780198b3 100644 --- a/packages/gitea/gitea-values.yaml +++ b/packages/gitea/gitea-values.yaml @@ -1,11 +1,12 @@ persistence: storageClass: "###ZARF_STORAGE_CLASS###" - existingClaim: "###ZARF_VAR_GIT_SERVER_EXISTING_PVC###" + claimName: "###ZARF_VAR_GIT_SERVER_EXISTING_PVC###" size: "###ZARF_VAR_GIT_SERVER_PVC_SIZE###" accessModes: - "###ZARF_VAR_GIT_SERVER_PVC_ACCESS_MODE###" + create: ###ZARF_VAR_GIT_SERVER_CREATE_PVC### -replicaCount: "###ZARF_VAR_GIT_SERVER_REPLICA_COUNT###" +replicaCount: ###ZARF_VAR_GIT_SERVER_REPLICA_COUNT### gitea: admin: @@ -29,6 +30,12 @@ gitea: repository: ENABLE_PUSH_CREATE_USER: true FORCE_PRIVATE: true + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level resources: requests: cpu: "###ZARF_VAR_GIT_SERVER_CPU_REQ###" @@ -37,13 +44,12 @@ resources: cpu: "###ZARF_VAR_GIT_SERVER_CPU_LIMIT###" memory: "###ZARF_VAR_GIT_SERVER_MEM_LIMIT###" -memcached: - enabled: false +image: + fullOverride: "###ZARF_CONST_GITEA_IMAGE###" + rootless: true -postgresql: +postgresql-ha: enabled: false -image: - repository: "###ZARF_CONST_GITEA_IMAGE###" - tag: "###ZARF_CONST_GITEA_SERVER_VERSION###" - rootless: true +redis-cluster: + enabled: false diff --git a/packages/gitea/zarf.yaml b/packages/gitea/zarf.yaml index 62ab2b0497..8fb37939eb 100644 --- a/packages/gitea/zarf.yaml +++ b/packages/gitea/zarf.yaml @@ -5,7 +5,7 @@ metadata: variables: - name: GIT_SERVER_EXISTING_PVC description: "Optional: Use an existing PVC for the git server instead of creating a new one. If this is set, the GIT_SERVER_PVC_SIZE variable will be ignored." - default: "" + default: "data-zarf-gitea-0" - name: GIT_SERVER_PVC_SIZE description: The size of the persistent volume claim for the git server @@ -42,8 +42,6 @@ variables: constants: - name: GITEA_IMAGE value: "###ZARF_PKG_TMPL_GITEA_IMAGE###" - - name: GITEA_SERVER_VERSION - value: "###ZARF_PKG_TMPL_GITEA_SERVER_VERSION###" components: - name: git-server @@ -51,7 +49,7 @@ components: Deploys Gitea to provide git repositories for Kubernetes configurations. Required for GitOps deployments if no other git server is available. images: - - "###ZARF_PKG_TMPL_GITEA_IMAGE###:###ZARF_PKG_TMPL_GITEA_SERVER_VERSION###-rootless" + - "###ZARF_PKG_TMPL_GITEA_IMAGE###" manifests: - name: git-connect namespace: zarf @@ -61,13 +59,24 @@ components: - name: gitea releaseName: zarf-gitea url: https://dl.gitea.io/charts - version: 8.3.0 + version: 10.0.0 namespace: zarf valuesFiles: - gitea-values.yaml actions: onDeploy: + before: + - cmd: ./zarf internal update-gitea-pvc --no-progress + setVariables: + - name: GIT_SERVER_CREATE_PVC + mute: true after: + - wait: + cluster: + kind: pod + namespace: zarf + name: app=gitea + condition: Ready - cmd: ./zarf internal create-read-only-gitea-user --no-progress maxRetries: 3 maxTotalSeconds: 60 @@ -76,9 +85,6 @@ components: maxRetries: 3 maxTotalSeconds: 60 description: Create an artifact registry token - - wait: - cluster: - kind: pod - namespace: zarf - name: app=gitea - condition: Ready + + onFailure: + - cmd: ./zarf internal update-gitea-pvc --rollback --no-progress diff --git a/src/cmd/internal.go b/src/cmd/internal.go index bb2981d13e..a10067398c 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -23,6 +23,10 @@ import ( "github.com/spf13/pflag" ) +var ( + rollback bool +) + var internalCmd = &cobra.Command{ Use: "internal", Hidden: true, @@ -196,6 +200,22 @@ var createPackageRegistryToken = &cobra.Command{ }, } +var updateGiteaPVC = &cobra.Command{ + Use: "update-gitea-pvc", + Short: lang.CmdInternalUpdateGiteaPVCShort, + Long: lang.CmdInternalUpdateGiteaPVCLong, + Run: func(cmd *cobra.Command, args []string) { + + // There is a possibility that the pvc does not yet exist and Gitea helm chart should create it + helmShouldCreate, err := git.UpdateGiteaPVC(rollback) + if err != nil { + message.WarnErr(err, lang.CmdInternalUpdateGiteaPVCErr) + } + + fmt.Print(helmShouldCreate) + }, +} + var isValidHostname = &cobra.Command{ Use: "is-valid-hostname", Short: lang.CmdInternalIsValidHostnameShort, @@ -229,8 +249,11 @@ func init() { internalCmd.AddCommand(genTypesSchemaCmd) internalCmd.AddCommand(createReadOnlyGiteaUser) internalCmd.AddCommand(createPackageRegistryToken) + internalCmd.AddCommand(updateGiteaPVC) internalCmd.AddCommand(isValidHostname) internalCmd.AddCommand(computeCrc32) + + updateGiteaPVC.Flags().BoolVarP(&rollback, "rollback", "r", false, lang.CmdInternalFlagUpdateGiteaPVCRollback) } func addHiddenDummyFlag(cmd *cobra.Command, flagDummy string) { diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 6cb2d0d2eb..d835674ed6 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -146,7 +146,8 @@ var updateCredsCmd = &cobra.Command{ } } if slices.Contains(args, message.GitKey) && newState.GitServer.InternalServer { - err = h.UpdateZarfGiteaValues() + g := git.New(newState.GitServer) + err = g.UpdateZarfGiteaUsers(oldState) if err != nil { // Warn if we couldn't actually update the git server (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateGit, err.Error()) diff --git a/src/config/lang/english.go b/src/config/lang/english.go index 0f095411d8..3a9346dab7 100644 --- a/src/config/lang/english.go +++ b/src/config/lang/english.go @@ -217,6 +217,12 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA "This is called internally by the supported Gitea package component." CmdInternalArtifactRegistryGiteaTokenErr = "Unable to create an artifact registry token for the Gitea service." + CmdInternalUpdateGiteaPVCShort = "Updates an existing Gitea persistent volume claim" + CmdInternalUpdateGiteaPVCLong = "Updates an existing Gitea persistent volume claim by assessing if claim is a custom user provided claim or default." + + "This is called internally by the supported Gitea package component." + CmdInternalUpdateGiteaPVCErr = "Unable to update the existing Gitea persistent volume claim." + CmdInternalFlagUpdateGiteaPVCRollback = "Roll back previous Gitea persistent volume claim updates." + CmdInternalIsValidHostnameShort = "Checks if the current machine's hostname is RFC1123 compliant" CmdInternalIsValidHostnameErr = "The hostname '%s' is not valid. Ensure the hostname meets RFC1123 requirements https://www.rfc-editor.org/rfc/rfc1123.html." diff --git a/src/internal/packager/git/gitea.go b/src/internal/packager/git/gitea.go index 1eede33a7d..222ce3c5e6 100644 --- a/src/internal/packager/git/gitea.go +++ b/src/internal/packager/git/gitea.go @@ -9,6 +9,7 @@ import ( "encoding/json" "fmt" "io" + "os" "time" netHttp "net/http" @@ -17,6 +18,8 @@ import ( "github.com/defenseunicorns/zarf/src/pkg/cluster" "github.com/defenseunicorns/zarf/src/pkg/k8s" "github.com/defenseunicorns/zarf/src/pkg/message" + "github.com/defenseunicorns/zarf/src/types" + "k8s.io/apimachinery/pkg/runtime/schema" ) // CreateTokenResponse is the response given from creating a token in Gitea @@ -49,50 +52,6 @@ func (g *Git) CreateReadOnlyUser() error { tunnelURL := tunnel.HTTPEndpoint() - var out []byte - - // Determine if the read only user already exists - getUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users", tunnelURL) - getUserRequest, _ := netHttp.NewRequest("GET", getUserEndpoint, nil) - err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(getUserRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("GET %s:\n%s", getUserEndpoint, string(out)) - if err != nil { - return err - } - - hasReadOnlyUser := false - var users []map[string]interface{} - err = json.Unmarshal(out, &users) - if err != nil { - return err - } - - for _, user := range users { - if user["login"] == g.Server.PullUsername { - hasReadOnlyUser = true - } - } - - if hasReadOnlyUser { - // Update the existing user's password - updateUserBody := map[string]interface{}{ - "login_name": g.Server.PullUsername, - "password": g.Server.PullPassword, - } - updateUserData, _ := json.Marshal(updateUserBody) - updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, g.Server.PullUsername) - updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) - err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) - return err - } - // Create json representation of the create-user request body createUserBody := map[string]interface{}{ "username": g.Server.PullUsername, @@ -105,15 +64,23 @@ func (g *Git) CreateReadOnlyUser() error { return err } + var out []byte + var statusCode int + // Send API request to create the user createUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users", tunnelURL) createUserRequest, _ := netHttp.NewRequest("POST", createUserEndpoint, bytes.NewBuffer(createUserData)) err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(createUserRequest, g.Server.PushUsername, g.Server.PushPassword) + out, statusCode, err = g.DoHTTPThings(createUserRequest, g.Server.PushUsername, g.Server.PushPassword) return err }) message.Debugf("POST %s:\n%s", createUserEndpoint, string(out)) if err != nil { + if statusCode == 422 { + message.Debugf("Read-only git user already exists. Skipping...") + return nil + } + return err } @@ -127,7 +94,62 @@ func (g *Git) CreateReadOnlyUser() error { updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, g.Server.PullUsername) updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, g.Server.PushPassword) + out, _, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, g.Server.PushPassword) + return err + }) + message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) + return err +} + +// UpdateZarfGiteaUsers updates Zarf gitea users +func (g *Git) UpdateZarfGiteaUsers(oldState *types.ZarfState) error { + + //Update git read only user password + err := g.UpdateGitUser(oldState.GitServer.PushPassword, g.Server.PullUsername, g.Server.PullPassword) + if err != nil { + return fmt.Errorf("unable to update gitea read only user password: %w", err) + } + + // Update Git admin password + err = g.UpdateGitUser(oldState.GitServer.PushPassword, g.Server.PushUsername, g.Server.PushPassword) + if err != nil { + return fmt.Errorf("unable to update gitea admin user password: %w", err) + } + return nil +} + +// UpdateGitUser updates Zarf git server users +func (g *Git) UpdateGitUser(oldAdminPass string, username string, userpass string) error { + message.Debugf("git.UpdateGitUser()") + + c, err := cluster.NewCluster() + if err != nil { + return err + } + // Establish a git tunnel to send the repo + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, k8s.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect() + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + + var out []byte + + // Update the existing user's password + updateUserBody := map[string]interface{}{ + "login_name": username, + "password": userpass, + } + updateUserData, _ := json.Marshal(updateUserBody) + updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, username) + updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) + err = tunnel.Wrap(func() error { + out, _, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, oldAdminPass) return err }) message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) @@ -162,7 +184,7 @@ func (g *Git) CreatePackageRegistryToken() (CreateTokenResponse, error) { getTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens", tunnelURL, g.Server.PushUsername) getTokensRequest, _ := netHttp.NewRequest("GET", getTokensEndpoint, nil) err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(getTokensRequest, g.Server.PushUsername, g.Server.PushPassword) + out, _, err = g.DoHTTPThings(getTokensRequest, g.Server.PushUsername, g.Server.PushPassword) return err }) message.Debugf("GET %s:\n%s", getTokensEndpoint, string(out)) @@ -188,7 +210,7 @@ func (g *Git) CreatePackageRegistryToken() (CreateTokenResponse, error) { deleteTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens/%s", tunnelURL, g.Server.PushUsername, config.ZarfArtifactTokenName) deleteTokensRequest, _ := netHttp.NewRequest("DELETE", deleteTokensEndpoint, nil) err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(deleteTokensRequest, g.Server.PushUsername, g.Server.PushPassword) + out, _, err = g.DoHTTPThings(deleteTokensRequest, g.Server.PushUsername, g.Server.PushPassword) return err }) message.Debugf("DELETE %s:\n%s", deleteTokensEndpoint, string(out)) @@ -199,12 +221,13 @@ func (g *Git) CreatePackageRegistryToken() (CreateTokenResponse, error) { createTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens", tunnelURL, g.Server.PushUsername) createTokensBody := map[string]interface{}{ - "name": config.ZarfArtifactTokenName, + "name": config.ZarfArtifactTokenName, + "scopes": []string{"read:user", "read:package", "write:package"}, } createTokensData, _ := json.Marshal(createTokensBody) createTokensRequest, _ := netHttp.NewRequest("POST", createTokensEndpoint, bytes.NewBuffer(createTokensData)) err = tunnel.Wrap(func() error { - out, err = g.DoHTTPThings(createTokensRequest, g.Server.PushUsername, g.Server.PushPassword) + out, _, err = g.DoHTTPThings(createTokensRequest, g.Server.PushUsername, g.Server.PushPassword) return err }) message.Debugf("POST %s:\n%s", createTokensEndpoint, string(out)) @@ -221,8 +244,36 @@ func (g *Git) CreatePackageRegistryToken() (CreateTokenResponse, error) { return createTokenResponse, nil } +// UpdateGiteaPVC updates the existing Gitea persistent volume claim and tells Gitea whether to create or not. +func UpdateGiteaPVC(shouldRollBack bool) (string, error) { + c, err := cluster.NewCluster() + if err != nil { + return "false", err + } + + pvcName := os.Getenv("ZARF_VAR_GIT_SERVER_EXISTING_PVC") + groupKind := schema.GroupKind{ + Group: "", + Kind: "PersistentVolumeClaim", + } + labels := map[string]string{"app.kubernetes.io/managed-by": "Helm"} + annotations := map[string]string{"meta.helm.sh/release-name": "zarf-gitea", "meta.helm.sh/release-namespace": "zarf"} + + if shouldRollBack { + err = c.K8s.RemoveLabelsAndAnnotations(cluster.ZarfNamespaceName, pvcName, groupKind, labels, annotations) + return "false", err + } + + if pvcName == "data-zarf-gitea-0" { + err = c.K8s.AddLabelsAndAnnotations(cluster.ZarfNamespaceName, pvcName, groupKind, labels, annotations) + return "true", err + } + + return "false", err +} + // DoHTTPThings adds http request boilerplate and perform the request, checking for a successful response. -func (g *Git) DoHTTPThings(request *netHttp.Request, username, secret string) ([]byte, error) { +func (g *Git) DoHTTPThings(request *netHttp.Request, username, secret string) ([]byte, int, error) { message.Debugf("git.DoHttpThings()") // Prep the request with boilerplate @@ -234,17 +285,17 @@ func (g *Git) DoHTTPThings(request *netHttp.Request, username, secret string) ([ // Perform the request and get the response response, err := client.Do(request) if err != nil { - return []byte{}, err + return []byte{}, 0, err } responseBody, _ := io.ReadAll(response.Body) // If we get a 'bad' status code we will have no error, create a useful one to return if response.StatusCode < 200 || response.StatusCode >= 300 { err = fmt.Errorf("got status code of %d during http request with body of: %s", response.StatusCode, string(responseBody)) - return []byte{}, err + return []byte{}, response.StatusCode, err } - return responseBody, nil + return responseBody, response.StatusCode, nil } func (g *Git) addReadOnlyUserToRepo(tunnelURL, repo string) error { @@ -262,7 +313,7 @@ func (g *Git) addReadOnlyUserToRepo(tunnelURL, repo string) error { // Send API request to add a user as a read-only collaborator to a repo addColabEndpoint := fmt.Sprintf("%s/api/v1/repos/%s/%s/collaborators/%s", tunnelURL, g.Server.PushUsername, repo, g.Server.PullUsername) addColabRequest, _ := netHttp.NewRequest("PUT", addColabEndpoint, bytes.NewBuffer(addColabData)) - out, err := g.DoHTTPThings(addColabRequest, g.Server.PushUsername, g.Server.PushPassword) + out, _, err := g.DoHTTPThings(addColabRequest, g.Server.PushUsername, g.Server.PushPassword) message.Debugf("PUT %s:\n%s", addColabEndpoint, string(out)) return err } diff --git a/src/internal/packager/helm/zarf.go b/src/internal/packager/helm/zarf.go index 889468fdce..b8d42c3f84 100644 --- a/src/internal/packager/helm/zarf.go +++ b/src/internal/packager/helm/zarf.go @@ -7,7 +7,6 @@ package helm import ( "fmt" - "github.com/defenseunicorns/zarf/src/internal/packager/git" "github.com/defenseunicorns/zarf/src/pkg/cluster" "github.com/defenseunicorns/zarf/src/pkg/k8s" "github.com/defenseunicorns/zarf/src/pkg/message" @@ -48,36 +47,6 @@ func (h *Helm) UpdateZarfRegistryValues() error { return nil } -// UpdateZarfGiteaValues updates the Zarf git server deployment with the new state values -func (h *Helm) UpdateZarfGiteaValues() error { - giteaValues := map[string]interface{}{ - "gitea": map[string]interface{}{ - "admin": map[string]interface{}{ - "username": h.cfg.State.GitServer.PushUsername, - "password": h.cfg.State.GitServer.PushPassword, - }, - }, - } - - h.chart = types.ZarfChart{ - Namespace: "zarf", - ReleaseName: "zarf-gitea", - } - - err := h.UpdateReleaseValues(giteaValues) - if err != nil { - return fmt.Errorf("error updating the release values: %w", err) - } - - g := git.New(h.cfg.State.GitServer) - err = g.CreateReadOnlyUser() - if err != nil { - return fmt.Errorf("unable to create the new Gitea read only user: %w", err) - } - - return nil -} - // UpdateZarfAgentValues updates the Zarf agent deployment with the new state values func (h *Helm) UpdateZarfAgentValues() error { spinner := message.NewProgressSpinner("Gathering information to update Zarf Agent TLS") diff --git a/src/pkg/k8s/dynamic.go b/src/pkg/k8s/dynamic.go index 51a1a29e90..daf87c7a1a 100644 --- a/src/pkg/k8s/dynamic.go +++ b/src/pkg/k8s/dynamic.go @@ -16,6 +16,16 @@ import ( // AddLabelsAndAnnotations adds the provided labels and annotations to the specified K8s resource func (k *K8s) AddLabelsAndAnnotations(resourceNamespace string, resourceName string, groupKind schema.GroupKind, labels map[string]string, annotations map[string]string) error { + return k.updateLabelsAndAnnotations(resourceNamespace, resourceName, groupKind, labels, annotations, false) +} + +// RemoveLabelsAndAnnotations removes the provided labels and annotations to the specified K8s resource +func (k *K8s) RemoveLabelsAndAnnotations(resourceNamespace string, resourceName string, groupKind schema.GroupKind, labels map[string]string, annotations map[string]string) error { + return k.updateLabelsAndAnnotations(resourceNamespace, resourceName, groupKind, labels, annotations, true) +} + +// updateLabelsAndAnnotations updates the provided labels and annotations to the specified K8s resource +func (k *K8s) updateLabelsAndAnnotations(resourceNamespace string, resourceName string, groupKind schema.GroupKind, labels map[string]string, annotations map[string]string, isRemove bool) error { dynamicClient := dynamic.NewForConfigOrDie(k.RestConfig) discoveryClient := discovery.NewDiscoveryClientForConfigOrDie(k.RestConfig) @@ -43,7 +53,11 @@ func (k *K8s) AddLabelsAndAnnotations(resourceNamespace string, resourceName str deployedLabels = make(map[string]string) } for key, value := range labels { - deployedLabels[key] = value + if isRemove { + delete(deployedLabels, key) + } else { + deployedLabels[key] = value + } } deployedResource.SetLabels(deployedLabels) @@ -55,7 +69,11 @@ func (k *K8s) AddLabelsAndAnnotations(resourceNamespace string, resourceName str deployedAnnotations = make(map[string]string) } for key, value := range annotations { - deployedAnnotations[key] = value + if isRemove { + delete(deployedAnnotations, key) + } else { + deployedAnnotations[key] = value + } } deployedResource.SetAnnotations(deployedAnnotations) diff --git a/src/test/e2e/06_create_sbom_test.go b/src/test/e2e/06_create_sbom_test.go index 1af4adf739..88e153860b 100644 --- a/src/test/e2e/06_create_sbom_test.go +++ b/src/test/e2e/06_create_sbom_test.go @@ -54,9 +54,9 @@ func TestCreateSBOM(t *testing.T) { _, err = os.ReadFile(filepath.Join(sbomPath, "dos-games", "sbom-viewer-docker.io_defenseunicorns_zarf-game_multi-tile-dark.html")) require.NoError(t, err) // Test that the init package generates the SBOMs we expect (images + component files) - _, err = os.ReadFile(filepath.Join(sbomPath, "init", "sbom-viewer-docker.io_gitea_gitea_1.19.3-rootless.html")) + _, err = os.ReadFile(filepath.Join(sbomPath, "init", "sbom-viewer-docker.io_gitea_gitea_1.21.2-rootless.html")) require.NoError(t, err) - _, err = os.ReadFile(filepath.Join(sbomPath, "init", "docker.io_gitea_gitea_1.19.3-rootless.json")) + _, err = os.ReadFile(filepath.Join(sbomPath, "init", "docker.io_gitea_gitea_1.21.2-rootless.json")) require.NoError(t, err) _, err = os.ReadFile(filepath.Join(sbomPath, "init", "sbom-viewer-zarf-component-k3s.html")) require.NoError(t, err) diff --git a/src/test/e2e/22_git_and_gitops_test.go b/src/test/e2e/22_git_and_gitops_test.go index 6f0e7efc55..d9c4b572d4 100644 --- a/src/test/e2e/22_git_and_gitops_test.go +++ b/src/test/e2e/22_git_and_gitops_test.go @@ -77,7 +77,7 @@ func testGitServerReadOnly(t *testing.T, gitURL string) { // Get the repo as the readonly user repoName := "zarf-public-test-2469062884" getRepoRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s", gitURL, state.GitServer.PushUsername, repoName), nil) - getRepoResponseBody, err := gitCfg.DoHTTPThings(getRepoRequest, config.ZarfGitReadUser, state.GitServer.PullPassword) + getRepoResponseBody, _, err := gitCfg.DoHTTPThings(getRepoRequest, config.ZarfGitReadUser, state.GitServer.PullPassword) require.NoError(t, err) // Make sure the only permissions are pull (read) @@ -100,7 +100,7 @@ func testGitServerTagAndHash(t *testing.T, gitURL string) { // Get the Zarf repo tag repoTag := "v0.0.1" getRepoTagsRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s/tags/%s", gitURL, config.ZarfGitPushUser, repoName, repoTag), nil) - getRepoTagsResponseBody, err := gitCfg.DoHTTPThings(getRepoTagsRequest, config.ZarfGitReadUser, state.GitServer.PullPassword) + getRepoTagsResponseBody, _, err := gitCfg.DoHTTPThings(getRepoTagsRequest, config.ZarfGitReadUser, state.GitServer.PullPassword) require.NoError(t, err) // Make sure the pushed tag exists @@ -111,7 +111,7 @@ func testGitServerTagAndHash(t *testing.T, gitURL string) { // Get the Zarf repo commit repoHash := "01a23218923f24194133b5eb11268cf8d73ff1bb" getRepoCommitsRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s/git/commits/%s", gitURL, config.ZarfGitPushUser, repoName, repoHash), nil) - getRepoCommitsResponseBody, err := gitCfg.DoHTTPThings(getRepoCommitsRequest, config.ZarfGitReadUser, state.GitServer.PullPassword) + getRepoCommitsResponseBody, _, err := gitCfg.DoHTTPThings(getRepoCommitsRequest, config.ZarfGitReadUser, state.GitServer.PullPassword) require.NoError(t, err) require.Contains(t, string(getRepoCommitsResponseBody), repoHash) } diff --git a/zarf-config.toml b/zarf-config.toml index 5f0f1b5357..2010031c92 100644 --- a/zarf-config.toml +++ b/zarf-config.toml @@ -15,5 +15,4 @@ registry_image = 'library/registry' registry_image_tag = '2.8.3' # The image reference to use for the optional git-server Zarf deploys -gitea_image = 'gitea/gitea' -gitea_server_version = '1.19.3' +gitea_image = 'gitea/gitea:1.21.2-rootless'