copy cert-manager code and add makefile & release logic

Signed-off-by: Tim Ramlot <[email protected]>

Author: inteon

.github/dependabot.yaml

@@ -0,0 +1,20 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead.
+
+# Update Go dependencies and GitHub Actions dependencies weekly.
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: /
+  schedule:
+    interval: weekly
+  groups:
+    all:
+      patterns: ["*"]
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly
+  groups:
+    all:
+      patterns: ["*"]

.github/workflows/make-self-upgrade.yaml

@@ -0,0 +1,86 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.
+
+name: make-self-upgrade
+concurrency: make-self-upgrade
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Fail if branch is not main
+        if: github.ref != 'refs/heads/main'
+        run: |
+          echo "This workflow should not be run on a branch other than main."
+          exit 1
+
+      - uses: actions/checkout@v4
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: |
+          git checkout -B "self-upgrade"
+
+      - run: |
+          make -j upgrade-klone
+          make -j generate
+
+      - id: is-up-to-date
+        shell: bash
+        run: |
+          git_status=$(git status -s)
+          is_up_to_date="true"
+          if [ -n "$git_status" ]; then
+              is_up_to_date="false"
+              echo "The following changes will be committed:"
+              echo "$git_status"
+          fi
+          echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        run: |
+          git config --global user.name "jetstack-bot"
+          git config --global user.email "[email protected]"
+          git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff
+          git push -f origin self-upgrade
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { repo, owner } = context.repo;
+            const pulls = await github.rest.pulls.list({
+              owner: owner,
+              repo: repo,
+              head: owner + ':self-upgrade',
+              base: 'main',
+              state: 'open',
+            });
+            
+            if (pulls.data.length < 1) {
+              await github.rest.pulls.create({
+                title: '[CI] Merge self-upgrade into main',
+                owner: owner,
+                repo: repo,
+                head: 'self-upgrade',
+                base: 'main',
+                body: [
+                  'This PR is auto-generated to bump the Makefile modules.',
+                ].join('\n'),
+              });
+            }

.github/workflows/release.yaml

@@ -0,0 +1,38 @@
+name: release
+on:
+  push:
+    tags:
+      - "v*"
+
+env:
+  VERSION: ${{ github.ref_name }}
+
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # needed to write releases
+      packages: write # needed for push images
+      id-token: write # needed for keyless signing
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: make release

.gitignore

@@ -0,0 +1 @@
+/_bin

.goreleaser.yml

@@ -0,0 +1,41 @@
+# Our Makefile will automatically add additional settings
+# to this builds array (environment variables, flags, ...)
+builds:
+  - id: cmctl
+  - id: kubectl_cert-manager
+
+# config the checksum filename
+# https://goreleaser.com/customization/checksum
+checksum:
+  name_template: 'checksums.txt'
+
+# creates SBOMs of all archives and the source tarball using syft
+# https://goreleaser.com/customization/sbom
+sboms:
+  - artifacts: binary
+    documents:
+      - "{{ .ArtifactName }}{{ .ArtifactExt }}.spdx.sbom"
+
+# signs the checksum file
+# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
+# https://goreleaser.com/customization/sign
+signs:
+- cmd: cosign
+  signature: "${artifact}.cosign.bundle"
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  args:
+    - sign-blob
+    - '--bundle=${signature}'
+    - '${artifact}'
+    - "--yes" # needed on cosign 2.0.0+
+  artifacts: checksum
+  output: true
+
+archives:
+  - name_template: "{{ .Binary }}_{{ .Os }}_{{ .Arch }}"
+    format: binary
+
+release:
+  draft: true
+  make_latest: false

Makefile

@@ -0,0 +1,96 @@
+# Copyright 2023 The cert-manager Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/Makefile instead.
+
+# NOTE FOR DEVELOPERS: "How do the Makefiles work and how can I extend them?"
+#
+# Shared Makefile logic lives in the make/_shared/ directory. The source of truth for these files
+# lies outside of this repository, eg. in the cert-manager/makefile-modules repository.
+#
+# Logic specific to this repository must be defined in the make/00_mod.mk and make/02_mod.mk files:
+#   - The make/00_mod.mk file is included first and contains variable definitions needed by
+#     the shared Makefile logic.
+#   - The make/02_mod.mk file is included later, it can make use of most of the shared targets
+#     defined in the make/_shared/ directory (all targets defined in 00_mod.mk and 01_mod.mk).
+#     This file should be used to define targets specific to this repository.
+
+##################################
+
+MAKEFLAGS += --warn-undefined-variables --no-builtin-rules
+SHELL := /usr/bin/env bash
+.SHELLFLAGS := -uo pipefail -c
+.DEFAULT_GOAL := help
+.DELETE_ON_ERROR:
+.SUFFIXES:
+FORCE:
+
+noop: # do nothing
+
+##################################
+# Host OS and architecture setup #
+##################################
+
+# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go"
+# binary may not be available in the PATH yet when the Makefiles are
+# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1
+# and Intel).
+HOST_OS ?= $(shell uname -s | tr A-Z a-z)
+HOST_ARCH ?= $(shell uname -m)
+ifeq (x86_64, $(HOST_ARCH))
+	HOST_ARCH = amd64
+endif
+
+##################################
+# Git and versioning information #
+##################################
+
+VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty)
+IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false)
+GITCOMMIT := $(shell git rev-parse HEAD)
+GITEPOCH := $(shell git show -s --format=%ct HEAD)
+
+##################################
+# Global variables and dirs      #
+##################################
+
+bin_dir := _bin
+
+# The ARTIFACTS environment variable is set by the CI system to a directory
+# where artifacts should be placed. These artifacts are then uploaded to a
+# storage bucket by the CI system (https://docs.prow.k8s.io/docs/components/pod-utilities/).
+# An example of such an artifact is a jUnit XML file containing test results.
+# If the ARTIFACTS environment variable is not set, we default to a local
+# directory in the _bin directory.
+ARTIFACTS ?= $(bin_dir)/artifacts
+
+$(bin_dir) $(ARTIFACTS) $(bin_dir)/scratch:
+	mkdir -p $@
+
+.PHONY: clean
+## Clean all temporary files
+## @category [shared] Tools
+clean:
+	rm -rf $(bin_dir)
+
+##################################
+# Include all the Makefiles      #
+##################################
+
+-include make/00_mod.mk
+-include make/_shared/*/00_mod.mk
+-include make/_shared/*/01_mod.mk
+-include make/02_mod.mk
+-include make/_shared/*/02_mod.mk

README.md

@@ -1 +1 @@
-# ctl
+# cmctl

cmd/cmd.go

@@ -0,0 +1,103 @@
+/*
+Copyright 2020 The cert-manager Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
+	"k8s.io/component-base/logs"
+
+	logf "github.com/cert-manager/cert-manager/pkg/logs"
+	"github.com/cert-manager/cmctl/pkg/build"
+	"github.com/cert-manager/cmctl/pkg/build/commands"
+)
+
+func NewCertManagerCtlCommand(ctx context.Context, in io.Reader, out, err io.Writer) *cobra.Command {
+	ctx = logf.NewContext(ctx, logf.Log)
+
+	logOptions := logs.NewOptions()
+
+	cmds := &cobra.Command{
+		Use:   build.Name(),
+		Short: "cert-manager CLI tool to manage and configure cert-manager resources",
+		Long: build.WithTemplate(`
+{{.BuildName}} is a CLI tool manage and configure cert-manager resources for Kubernetes`),
+		CompletionOptions: cobra.CompletionOptions{
+			DisableDefaultCmd: true,
+		},
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			return logf.ValidateAndApply(logOptions)
+		},
+		SilenceErrors: true, // Errors are already logged when calling cmd.Execute()
+	}
+	cmds.SetUsageTemplate(usageTemplate())
+
+	{
+		var logFlags pflag.FlagSet
+		logf.AddFlagsNonDeprecated(logOptions, &logFlags)
+
+		logFlags.VisitAll(func(f *pflag.Flag) {
+			switch f.Name {
+			case "v":
+				// "cmctl check api" already had a "v" flag that did not require any value, for
+				// backwards compatibility we allow the "v" logging flag to be set without a value
+				// and default to "2" (which will result in the same behaviour as before).
+				f.NoOptDefVal = "2"
+				cmds.PersistentFlags().AddFlag(f)
+			default:
+				cmds.PersistentFlags().AddFlag(f)
+			}
+		})
+	}
+
+	ioStreams := genericclioptions.IOStreams{In: in, Out: out, ErrOut: err}
+	for _, registerCmd := range commands.Commands() {
+		cmds.AddCommand(registerCmd(ctx, ioStreams))
+	}
+
+	return cmds
+}
+
+func usageTemplate() string {
+	return fmt.Sprintf(`Usage:{{if .Runnable}} %s {{end}}{{if .HasAvailableSubCommands}} %s [command]{{end}}{{if gt (len .Aliases) 0}}
+
+Aliases:
+  {{.NameAndAliases}}{{end}}{{if .HasExample}}
+
+Examples:
+{{.Example}}{{end}}{{if .HasAvailableSubCommands}}
+
+Available Commands:{{range .Commands}}{{if (or .IsAvailableCommand (eq .Name "help"))}}
+  {{rpad .Name .NamePadding }} {{.Short}}{{end}}{{end}}{{end}}{{if .HasAvailableLocalFlags}}
+
+Flags:
+{{.LocalFlags.FlagUsages | trimTrailingWhitespaces}}{{end}}{{if .HasAvailableInheritedFlags}}
+
+Global Flags:
+{{.InheritedFlags.FlagUsages | trimTrailingWhitespaces}}{{end}}{{if .HasHelpSubCommands}}
+
+Additional help topics:{{range .Commands}}{{if .IsAdditionalHelpTopicCommand}}
+  {{rpad .CommandPath .CommandPathPadding}} {{.Short}}{{end}}{{end}}{{end}}{{if .HasAvailableSubCommands}}
+
+Use "%s [command] --help" for more information about a command.{{end}}
+`, build.Name(), build.Name(), build.Name())
+}