Merge branch 'main' into keycloak

# Conflicts:
#	src/main/java/org/trustify/operator/Constants.java
#	src/main/java/org/trustify/operator/cdrs/v2alpha1/TrustifySpec.java
#	src/main/java/org/trustify/operator/controllers/TrustifyReconciler.java

.github/actions/install-trustify/action.yml

@@ -14,6 +14,10 @@ inputs:
     description: "JSON encoded Trustify Custom Resource (CR) string"
     required: false
     default: ""
+  app-name:
+    description: "Name of the Trustify instance (should match CR metadata if passed)"
+    required: false
+    default: "myapp"
 runs:
   using: "composite"
   steps:
@@ -33,12 +37,13 @@ runs:
           echo "operator-sdk is already installed...yay"
           exit 0
         fi
-        curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.35.0/operator-sdk_linux_amd64
+        curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.37.0/operator-sdk_linux_amd64
         sudo install -o root -g root -m 0755 operator-sdk_linux_amd64 /usr/local/bin/operator-sdk
     - name: Install Trustify
       env:
         OPERATOR_BUNDLE_IMAGE: ${{ inputs.operator-bundle-image }}
         NAMESPACE: ${{ inputs.namespace }}
+        APP_NAME: ${{ inputs.app-name }}
         TRUSTIFY_CR: ${{ inputs.trustify-cr }}
       run: |
         make install-trustify

.github/workflows/image-build.yaml

@@ -31,7 +31,7 @@ jobs:
       registry: "ghcr.io"
       image_name: "${{ github.repository_owner }}/trustify-operator"
       containerfile: "./Dockerfile"
-      architectures: '[ "amd64" ]'
+      architectures: '[ "amd64", "arm64" ]'
     secrets:
       registry_username: ${{ github.actor }}
       registry_password: ${{ secrets.GITHUB_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
       registry: "ghcr.io"
       image_name: "${{ github.repository_owner }}/trustify-operator-bundle"
       containerfile: "./bundle.Dockerfile"
-      architectures: '[ "amd64" ]'
+      architectures: '[ "amd64", "arm64" ]'
       extra-args: '--build-arg QUARKUS_OPTS="-Dquarkus.container-image.image=ghcr.io/${{ github.repository_owner }}/trustify-operator:${{ needs.prepare.outputs.tag }}"'
     secrets:
       registry_username: ${{ github.actor }}

.github/workflows/release.yml

@@ -15,6 +15,10 @@ on:
         description: "The Trustify container image"
         default: "ghcr.io/trustification/trustd:latest"
         required: true
+      image-db:
+        description: "The Database container image"
+        default: "quay.io/sclorg/postgresql-15-c9s:latest"
+        required: true
 
 jobs:
   prepare:
@@ -26,17 +30,33 @@ jobs:
           java-version: 21
           distribution: temurin
           cache: maven
+      - name: Install YQ
+        run: |
+          wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
+          chmod +x /usr/bin/yq
+      - name: Prepare application.yaml
+        run: |
+          yq e -P -i '.related.image.server=strenv(IMAGE_SERVER)' src/main/resources/application.yaml
+          yq e -P -i '.related.image.db=strenv(IMAGE_DB)' src/main/resources/application.yaml
+        env:
+          IMAGE_SERVER: ${{ github.event.inputs.image-server }}
+          IMAGE_DB: ${{ github.event.inputs.image-db }}
+      - name: Prepare Chart.yaml
+        run: |
+          NEW_VERSION=$NEW_VERSION yq e -i '.version=strenv(NEW_VERSION)' helm/Chart.yaml
+          NEW_VERSION=$NEW_VERSION yq e -i '.appVersion=strenv(NEW_VERSION)' helm/Chart.yaml
+        env:
+          NEW_VERSION: ${{ github.event.inputs.version }}
       - name: Set release version ${{ github.event.inputs.version }}
         run: |
-          sed -i "/related\.image\.server=/ s/=.*/=ghcr\.io\/trustification\/trustd:${{ github.event.inputs.image-server }}/" src/main/resources/application.properties
           mvn -B versions:set versions:commit -DnewVersion=$NEW_VERSION
         env:
           NEW_VERSION: ${{ github.event.inputs.version }}
       - name: Commit and Push
         uses: trustification/release-tools/.github/actions/commit@main
         with:
           commit_message: "🏁 Releasing version ${{ github.event.inputs.version }}"
-          branch: main
+          branch: ${{github.ref_name}}
 
   release:
     needs: [ prepare ]
@@ -67,16 +87,30 @@ jobs:
         with:
           name: jreleaser-log
           path: 'jreleaser-log.tgz'
+      - name: Install YQ
+        run: |
+          wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
+          chmod +x /usr/bin/yq
+      - name: Restore application.yaml
+        run: |
+          yq e -P -i '.related.image.server="${RELATED_IMAGE_SERVER:ghcr.io/trustification/trustd:latest}"' src/main/resources/application.yaml
+          yq e -P -i '.related.image.db="${RELATED_IMAGE_DB:quay.io/sclorg/postgresql-15-c9s:latest}"' src/main/resources/application.yaml
+      - name: Restore Chart.yaml
+        run: |
+          NEXT_VERSION=$NEXT_VERSION yq e -i '.version=strenv(NEXT_VERSION)' helm/Chart.yaml
+          yq e -i '.appVersion="latest"' helm/Chart.yaml
+        env:
+          NEXT_VERSION: ${{ github.event.inputs.next }}
       - name: Set version ${{ github.event.inputs.next }}
         run: |
-          mvn -B versions:set versions:commit -DnewVersion=$NEW_VERSION
+          mvn -B versions:set versions:commit -DnewVersion=$NEXT_VERSION
         env:
-          NEW_VERSION: ${{ github.event.inputs.next }}
+          NEXT_VERSION: ${{ github.event.inputs.next }}
       - name: Commit and Push
         uses: trustification/release-tools/.github/actions/commit@main
         with:
           commit_message: "⬆️ Next version ${{ github.event.inputs.next }}"
-          branch: main
+          branch: ${{github.ref_name}}
 
   publish-bundle:
     needs: [ release ]

README.md

@@ -1,3 +1,31 @@
+# Quick Start - Helm Chart
+
+If you want to give a quick try of the operator without the whole glory of OLM you can deploy our Operator using Helm.
+
+- Start minikube:
+
+```shell
+minikube start --addons=ingress,dashboard
+```
+
+- Install the Helm Chart:
+
+```shell
+helm install myhelm helm/
+```
+
+- Create an instance of Trustify:
+
+```shell
+cat << EOF | kubectl apply -f -
+apiVersion: "org.trustify/v1alpha1"
+kind: "Trustify"
+metadata:
+  name: myapp
+spec: { }
+EOF
+```
+
 # Local development
 
 ## Minikube

bundle.Dockerfile

@@ -15,15 +15,23 @@ RUN ./mvnw package -DskipTests ${QUARKUS_OPTS} -Dquarkus.operator-sdk.bundle.cha
 FROM registry.access.redhat.com/ubi9/ubi:latest AS bundle
 COPY scripts /scripts
 COPY --from=build /code/target/bundle/trustify-operator/ /code/target/bundle/trustify-operator/
-RUN dnf install curl zip unzip --allowerasing -y && \
-    curl -s "https://get.sdkman.io?rcupdate=false" | bash && \
-    source "$HOME/.sdkman/bin/sdkman-init.sh" && \
-    sdk install java && \
-    sdk install groovy && \
-    groovy scripts/enrichCSV.groovy /code/target/bundle/trustify-operator/manifests/trustify-operator.clusterserviceversion.yaml
-RUN curl --output /usr/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && \
+RUN dnf install wget --allowerasing -y && \
+    wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && \
     chmod +x /usr/bin/yq && \
-    yq e -P -i '.annotations."com.redhat.openshift.versions"="v4.10"'
+    # annotations.yaml \
+    ANNOTATIONS_FILE=/code/target/bundle/trustify-operator/metadata/annotations.yaml && \
+    yq e -P -i '.annotations."com.redhat.openshift.versions"="v4.10"' ${ANNOTATIONS_FILE} && \
+    # clusterserviceversion.yaml \
+    CSV_FILE=/code/target/bundle/trustify-operator/manifests/trustify-operator.clusterserviceversion.yaml && \
+    yq e -P -i '.metadata.annotations.support = "https://github.com/trustification/trustify-operator/issues"' ${CSV_FILE} && \
+    yq e -P -i '.metadata.annotations.description = "An Operator for installing and managing Trustify"' ${CSV_FILE} && \
+    NOW_DATE=$(date --iso-8601=seconds) yq e -P -i '.metadata.annotations.createdAt = strenv(NOW_DATE)' ${CSV_FILE} && \
+    yq e -P -i '.metadata.annotations.containerImage = .spec.install.spec.deployments[0].spec.template.spec.containers[0].image' ${CSV_FILE} && \
+    yq e -P -i '.spec.customresourcedefinitions.owned[0].description = "Represents a Trustify instance"' ${CSV_FILE} && \
+    yq e -P -i '.spec.customresourcedefinitions.owned[0].displayName = "Trustify"' ${CSV_FILE} && \
+    yq e -P -i '.spec.install.spec.clusterPermissions[0].rules[0].apiGroups = ["apiextensions.k8s.io", "config.openshift.io"]' ${CSV_FILE} && \
+    yq e -P -i '.spec.install.spec.clusterPermissions[0].rules[0].resources = ["customresourcedefinitions", "ingresses"]' ${CSV_FILE} && \
+    yq e -P -i '.spec.install.spec.clusterPermissions[0].rules[0].verbs = ["get", "list"]' ${CSV_FILE}
 
 FROM scratch
 ARG CHANNELS=alpha

hack/install-trustify.sh

@@ -5,6 +5,7 @@ set -x
 set -o pipefail
 
 NAMESPACE="${NAMESPACE:-trustify}"
+APP_NAME="${APP_NAME:-myapp}"
 OPERATOR_BUNDLE_IMAGE="${OPERATOR_BUNDLE_IMAGE:-ghcr.io/trustification/trustify-operator-bundle:latest}"
 TRUSTIFY_CR="${TRUSTIFY_CR:-}"
 TIMEOUT="${TIMEOUT:-15m}"
@@ -21,7 +22,15 @@ fi
 
 run_bundle() {
   kubectl auth can-i create namespace --all-namespaces
-  kubectl create namespace ${NAMESPACE} || true
+
+  # delete the ns if it exists, effectively undeploying the current
+  # Trustify instance. This kinda defeats the purpose of operators,
+  # obviously, but I'm not familiar enough with the operator-sdk
+  # command to convince it to reinstall/upgrade the bundle -- run
+  # bundle-upgrade didn't work :(
+  kubectl delete namespace ${NAMESPACE} || true
+
+  kubectl create namespace ${NAMESPACE}
   operator-sdk run bundle "${OPERATOR_BUNDLE_IMAGE}" --namespace "${NAMESPACE}" --timeout "${TIMEOUT}" || (kubectl get Subscription --namespace "${NAMESPACE}" -o yaml && exit 1)
 
   # If on MacOS, need to install `brew install coreutils` to get `timeout`
@@ -47,40 +56,38 @@ install_trustify() {
 kind: Trustify
 apiVersion: org.trustify/v1alpha1
 metadata:
-  name: myapp
+  name: ${APP_NAME}
 spec: {}
 EOF
     fi
 
   # Want to see in github logs what we just created
-  kubectl get --namespace "${NAMESPACE}" -o yaml trustifies.org.trustify/myapp
+  kubectl get --namespace "${NAMESPACE}" -o yaml trustifies.org.trustify/${APP_NAME}
 
   # Wait for reconcile to finish
     kubectl wait \
       --namespace ${NAMESPACE} \
       --for=condition=Successful \
       --timeout=600s \
-      trustifies.org.trustify/myapp \
+      trustifies.org.trustify/${APP_NAME} \
     || kubectl get \
       --namespace ${NAMESPACE} \
       -o yaml \
-      trustifies.org.trustify/myapp # Print trustify debug when timed out
+      trustifies.org.trustify/${APP_NAME} # Print trustify debug when timed out
 
   # Now wait for all the trustify deployments
   kubectl wait \
     --namespace ${NAMESPACE} \
-    --selector="app.kubernetes.io/part-of=myapp" \
+    --selector="app.kubernetes.io/part-of=${APP_NAME}" \
     --for=condition=Available \
     --timeout=600s \
     deployments.apps \
   || kubectl get \
     --namespace ${NAMESPACE} \
-    --selector="app.kubernetes.io/part-of=myapp" \
+    --selector="app.kubernetes.io/part-of=${APP_NAME}" \
     --field-selector=status.phase!=Running  \
     -o yaml \
     pods # Print not running trustify pods when timed out
-
-  kubectl get deployments.apps -n "${NAMESPACE}" -o yaml
 }
 
 # Available versions of OLM here https://github.com/operator-framework/operator-lifecycle-manager/releases

helm/Chart.yaml

@@ -0,0 +1,5 @@
+---
+name: "trustify-operator"
+version: "1.0.0-SNAPSHOT"
+apiVersion: "v2"
+appVersion: "latest"

helm/README.md

@@ -0,0 +1,10 @@
+## Configuration
+
+The following values are configurable:
+
+- `watchNamespaces` - namespaces to be watched, either:
+  - a list of comma-separated namespace names
+  - `JOSDK_ALL_NAMESPACES` to watch all namespaces
+  - `JOSDK_WATCH_CURRENT` to watch only the namespace in which the operator is deployed
+- `version` - the current version of the application.
+