build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1

.fmf/version

@@ -0,0 +1 @@
+1

.github/workflows/build.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Check License Header
-        uses: apache/skywalking-eyes@a790ab8dd23a7f861c18bd6aaa9b012e3a234bce
+        uses: apache/skywalking-eyes@ed436a5593c63a25f394ea29da61b0ac3731a9fe
 
   build:
     runs-on: ubuntu-latest
@@ -104,7 +104,7 @@ jobs:
 
       - name: Archive bpfman Release Binaries
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: bpfman-release
           path: |
@@ -116,9 +116,9 @@ jobs:
           RUST_BACKTRACE: full
 
       - name: Archive Rust code coverage results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage
+          name: coverage-rust
           path: lcov.info
           if-no-files-found: error
 
@@ -130,7 +130,7 @@ jobs:
         working-directory: ./bpfman-operator
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: "1.21"
 
@@ -163,9 +163,9 @@ jobs:
         run: make test
 
       - name: Archive Go code coverage results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage
+          name: coverage-go
           path: ./bpfman-operator/cover.out
           if-no-files-found: error
 
@@ -216,7 +216,7 @@ jobs:
         run: sleep 5
 
       - name: Verify the bpfman systemd service is active
-        run: systemctl is-active bpfman
+        run: systemctl is-active bpfman.socket
 
       - name: Verify the CLI can reach bpfman
         run: sudo bpfman list
@@ -234,6 +234,7 @@ jobs:
       BPFMAN_IMG: "quay.io/bpfman/bpfman:int-test"
       BPFMAN_AGENT_IMG: "quay.io/bpfman/bpfman-agent:int-test"
       BPFMAN_OPERATOR_IMG: "quay.io/bpfman/bpfman-operator:int-test"
+      XDP_PASS_PRIVATE_IMAGE_CREDS: ${{ secrets.XDP_PASS_PRIVATE_IMAGE_CREDS }}
     steps:
       - name: Install dependencies
         run: |
@@ -246,12 +247,12 @@ jobs:
             libbpf-dev
 
       - name: setup golang
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "^1.19"
 
       - name: cache go modules
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-build-codegen-${{ hashFiles('**/go.sum') }}
@@ -283,7 +284,7 @@ jobs:
       ## Upload diagnostics if integration test step failed.
       - name: upload diagnostics
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: kubernetes-integration-test-diag
           path: /tmp/ktf-diag*
@@ -295,10 +296,15 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Download coverage artifacts
-        uses: actions/download-artifact@v3
+      - name: Download golang coverage artifacts
+        uses: actions/download-artifact@v4
         with:
-          name: coverage
+          name: coverage-go
+
+      - name: Download rust coverage artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: coverage-rust
 
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v3
@@ -322,7 +328,7 @@ jobs:
         run: |
           echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: bpfman-release
 

.github/workflows/docs-build.yaml

@@ -0,0 +1,46 @@
+name: bpfman-docs
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches: [main]
+    tags:
+      - "v*"
+
+jobs:
+  build-docs:
+    runs-on: ubuntu-latest
+    timeout-minutes: 3
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: gh-pages
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.8
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Build API docs
+        run: |
+          make -C bpfman-operator apidocs.html
+
+      - name: Configure Git user
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+
+      - name: Deploy Docs (Release Version)
+        if: startsWith(github.ref_name, 'v')
+        run: |
+          mike deploy --push --update-aliases ${{ github.ref_name }} latest
+
+      - name: Deploy Docs (Development Version)
+        if: github.ref_name == 'main'
+        run: |
+          mike deploy --push main

.github/workflows/image-build.yaml

@@ -355,12 +355,12 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         if: ${{ matrix.image.bpf_build_wrapper == 'go' }}
         with:
           go-version: "1.21"
 
-      - uses: sigstore/cosign-installer@v3.2.0
+      - uses: sigstore/cosign-installer@v3.3.0
 
       - uses: actions/checkout@v4
         if: ${{ matrix.image.bpf_build_wrapper == 'rust' }}
@@ -426,7 +426,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for image
         id: meta
-        uses: docker/metadata-action@v5.0.0
+        uses: docker/metadata-action@v5.5.1
         with:
           images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }}
           tags: ${{ matrix.image.tags }}

.gitignore

@@ -28,3 +28,11 @@ tests/_tmp
 
 # Ignore compiled C files
 .output
+
+# Ignore docs
+site/
+
+# RPM build artifacts
+*.tar.gz
+*.rpm
+results_*/

.packit.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+GIT_SHA=$(git rev-parse HEAD)
+GIT_SHORT_SHA=$(git rev-parse --short HEAD)
+
+sed -i "s/GITSHA/${GIT_SHA}/g" bpfman.spec
+sed -i "s/GITSHORTSHA/${GIT_SHORT_SHA}/g" bpfman.spec
+
+sed -i -r "s/Release:(\s*)\S+/Release:\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/" bpfman.spec

.packit.yml

@@ -0,0 +1,49 @@
+downstream_package_name: bpfman
+upstream_project_url: https://github.com/bpfman/bpfman
+specfile_path: bpfman.spec
+prerelease_suffix_pattern: ([.\-_~^]?)(dev|alpha|beta|rc|pre(view)?)([.\-_]?\d+)?
+srpm_build_deps:
+  - cargo
+  - rust
+  - git
+  - jq
+  - openssl-devel
+actions:
+  fix-spec-file:
+    - "bash .packit.sh"
+  get-current-version:
+    - bash -c 'cargo metadata --format-version 1 | jq -r ".packages[] | select(.name == \"bpfman\") | .version"'
+  post-upstream-clone:
+    bash -c 'if [[ ! -d /var/tmp/cargo-vendor-filterer ]]; then git clone https://github.com/coreos/cargo-vendor-filterer.git /var/tmp/cargo-vendor-filterer; fi &&
+    cd /var/tmp/cargo-vendor-filterer &&
+    cargo build &&
+    cd - &&
+    cp /var/tmp/cargo-vendor-filterer/target/debug/cargo-vendor-filterer . &&
+    ./cargo-vendor-filterer --format tar.gz --prefix vendor bpfman-bpfman-vendor.tar.gz'
+jobs:
+  - job: copr_build
+    trigger: commit
+    branch: main
+    specfile_path: bpfman.spec
+    owner: "@ebpf-sig"
+    project: "bpfman-next"
+    targets:
+      - fedora-all
+  - job: tests
+    trigger: commit
+    targets:
+      - fedora-all
+    specfile_path: bpfman.spec
+  - job: copr_build
+    trigger: release
+    branch: main
+    specfile_path: bpfman.spec
+    owner: "@ebpf-sig"
+    project: "bpfman"
+    targets:
+      - fedora-all
+  - job: tests
+    trigger: release
+    targets:
+      - fedora-all
+    specfile_path: bpfman.spec