Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: badge, add renovate, update READMEs/workflow permissions #110

Merged
merged 5 commits into from
Oct 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/workflows/ci-docs-shim.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ on:
branches: [main]
types: [milestoned, opened, synchronize]

# Permissions for the GITHUB_TOKEN used by the workflow.
permissions:
contents: read # Allows reading the content of the repository.

jobs:
validate:
strategy:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/commitlint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ on:
branches: [main]
types: [milestoned, opened, edited, synchronize]

# Permissions for the GITHUB_TOKEN used by the workflow.
permissions:
contents: read # Allows reading the content of the repository.
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
pull-requests: read # Allows reading pull requests

jobs:
validate:
uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
4 changes: 4 additions & 0 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
types: [milestoned, opened, reopened, synchronize]

# Permissions for the GITHUB_TOKEN used by the workflow.
permissions:
contents: read # Allows reading the content of the repository.

jobs:
validate:
uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
Expand Down
41 changes: 27 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,35 @@
# 🏭 UDS Software Factory

[<img alt="Made for UDS" src="https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/heads/main/docs/assets/made-for-uds.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core)
[![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-software-factory)](https://github.com/defenseunicorns/uds-software-factory/releases)
[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-software-factory/release.yaml)](https://github.com/defenseunicorns/uds-software-factory/release.yaml)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-software-factory/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-software-factory)

This is the integration / wayfinding repository for the Unicorn Delivery Service (UDS) Software Factory created and offered by Defense Unicorns. In its current state it is made up of the following UDS packages that are bundled together:
This is the integration / wayfinding repository for the UDS Software Factory created and offered by Defense Unicorns. The Software Factory is made up of bundled applications that assist with development of new software in airgap environments. These applications are split into `primary` and `lab` applications to denote applications that are ready for wider use and those that we are still learning from and experimenting with.

The `primary` UDS Software Factory packages are:

- [GitLab](https://github.com/defenseunicorns/uds-package-gitlab) - a DevOps software package that can develop, secure, and operate software
- [GitLab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) - a Continuous Integration runner that integrates with GitLab
- [Renovate](https://github.com/defenseunicorns/uds-package-renovate) - a dependency checking bot that integrates with GitLab
- [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) - an open-source, self-hostable online chat service
- [SonarQube](https://github.com/defenseunicorns/uds-package-sonarqube) - an open-source platform developed by SonarSource for continuous inspection of code quality
- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster
- [Valkey](https://github.com/defenseunicorns/uds-package-valkey) - a Redis-alternative that can be deployed in a cluster (intended for use with GitLab)

The `lab` UDS Software Factory packages are:

- [Sigstore](https://github.com/defenseunicorns/uds-package-sigstore) - a keyless signing infrastructure for software artifact signing and attestations
- [Archivista](https://github.com/defenseunicorns/uds-package-archivista) - a GraphQL datastore for in-toto attestations

This repo serves as an integration repository for testing, creating common [Architectural Decision Records](./adr), and tracking issues that have effects across the individual packages that make up Software Factory.

Also note that the Software Factory team helps to manage the following shared UDS packages and repositories:
Also note that the Software Factory team helps to manage the following UDS packages and repositories:

- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster
- ⚠️ (alpha) [Valkey](https://github.com/defenseunicorns/uds-package-valkey) - a Redis-alternative that can be deployed in a cluster (intended for use with GitLab)
- [UDS Common](https://github.com/defenseunicorns/uds-common) - a common repo to share actions, UDS tasks and more between package repositories
- [UDS Common](https://github.com/defenseunicorns/uds-common) - a common repo to share workflows, UDS tasks and more between UDS Package repositories
- ⚠️ (alpha) [Minio Operator](https://github.com/defenseunicorns/uds-package-minio-operator) - an S3-compatible object storage provider

### tl;dr - [try it now](#quickstart-demo-bundle)
### 📜 tl;dr - [try it now](#quickstart-demo-bundle)

## Bundles

Expand All @@ -30,21 +40,21 @@ This repository publishes multiple bundles for dev, test and demo purposes. They

### swf-dev

This is a bundle primarily for development that is located at `bundles/dev`. It requires an existing k3d cluster to deploy.
This bundle is for development of the `primary` Software Factory packages and is located at `bundles/dev`. It requires an existing Kubernetes cluster with at least [UDS Core Base](https://github.com/defenseunicorns/uds-core/tree/main/packages/base) and [UDS Core Identity and Authorization](https://github.com/defenseunicorns/uds-core/tree/main/packages/identity-authorization) on it to deploy.

This bundle requires ~ `9 CPUs and 28GB of memory` available to run.

### k3d-swf-demo

This bundle is a demo bundle of Software Factory deployed on top of full [UDS Core](https://github.com/defenseunicorns/uds-core). It includes the deployment of an underlying k3d cluster. The bundle definition is located at `bundles/k3d-demo`
This bundle is a demo bundle of the `primary` Software Factory packages deployed on top of full [UDS Core](https://github.com/defenseunicorns/uds-core). It includes the deployment of an underlying K3d cluster and is located at `bundles/k3d-demo`

This is a fairly large bundle and requires `16 CPUs and 64GB of memory` available to run. It is best deployed on an adequately sized linux machine with Docker or equivalent installed. This is not currently tested on Mac due to resource limitations.
This is a fairly large bundle and requires `16 CPUs and 64GB of memory` available to run. It is best deployed on an adequately sized Linux machine with Docker or equivalent installed. This is not currently tested on macOS due to resource limitations.

---

### Quickstart (Demo Bundle)

If you have the resources for it locally (see above), you can deploy the full Software Factory with full `uds-core` and `k3d` using the [uds-k3d-swf-demo bundle](./bundles/k3d-demo/README.md).
If you have the resources for it locally (see above), you can deploy the `primary` Software Factory packages with full `uds-core` and `k3d` using the [uds-k3d-swf-demo bundle](./bundles/k3d-demo/README.md).

#### Prerequisites

Expand All @@ -68,11 +78,11 @@ uds deploy k3d-swf-demo:0.2.7

### Quickstart (Dev Bundle)

Alternatively, you can deploy the [uds-k3d-swf-dev bundle](./bundles/dev/README.md), which is meant to be deployed on top of [k3d-core-slim-dev](https://github.com/defenseunicorns/uds-core/blob/main/bundles/k3d-slim-dev/README.md). This bundle includes all of Software Factory, but only utilizes part of the underlying `uds-core` baseline. This allows it to be run on a wider variety of hardware, particularly with local development in mind.
Alternatively, you can deploy the [uds-swf-dev bundle](./bundles/dev/README.md), which is meant to be deployed on top of [k3d-core-slim-dev](https://github.com/defenseunicorns/uds-core/blob/main/bundles/k3d-slim-dev/README.md) or another Kubernetes cluster with at least [UDS Core Base](https://github.com/defenseunicorns/uds-core/tree/main/packages/base) and [UDS Core Identity and Authorization](https://github.com/defenseunicorns/uds-core/tree/main/packages/identity-authorization). This bundle includes the `primary` Software Factory packages, but only requires part of the underlying `uds-core` baseline allowing it to be run on a wider variety of hardware, particularly with local development in mind.

#### Prerequisites

- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production environments.
- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production-esque environments.
- [UDS CLI](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) v0.10.4 or later

> [!NOTE]
Expand All @@ -94,11 +104,14 @@ uds run

_Alternatively_, you can deploy from OCI by running the following two commands:

Run the below command to deploy the `k3d-core-slim-dev` bundle:
To easily create a K3d cluster with [UDS Core Base](https://github.com/defenseunicorns/uds-core/tree/main/packages/base) and [UDS Core Identity and Authorization](https://github.com/defenseunicorns/uds-core/tree/main/packages/identity-authorization) run the below command to deploy the `k3d-core-slim-dev` bundle:

> [!TIP]
> You can append `--set INSECURE_ADMIN_PASSWORD_GENERATION=true` to the below command to enable a default keycloak admin. This is useful for development and testing of the SWF stack and enables the ability to run `uds run setup:create-doug-user` to create a user to test with using the username `doug` and the password `unicorn123!@#UN`.

> [!TIP]
> You can install this bundle on nearly any Kubernetes cluster as long as you install the Base and Identity and Authorization layers from UDS Core. You may need to make some changes to your node configuration which you can see in the [development documentation](./docs/development.md#linux-users).

```bash
uds deploy k3d-core-slim-dev:0.29.1
```
Expand All @@ -113,4 +126,4 @@ uds deploy swf-dev:0.2.7

## Development

When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the [guide](https://github.com/defenseunicorns/uds-common/blob/main/docs/development-ide-configuration.md) in uds-common.
When developing these bundles it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the [guide](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/development/development-ide-configuration.md) in uds-common.
5 changes: 3 additions & 2 deletions bundles/dev/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@

## Bundle Applications

- [Minio](https://min.io/) - In-cluster S3 Object Storage (See below for more details)
- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - In-cluster Postgresql Database
- [GitLab](https://github.com/defenseunicorns/uds-package-gitlab) - a DevOps software package that can develop, secure, and operate software
- [GitLab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) - a Continuous Integration runner that integrates with GitLab
- [Renovate](https://github.com/defenseunicorns/uds-package-renovate) - a dependency checking bot that integrates with GitLab
- [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) - an open-source, self-hostable online chat service
- [SonarQube](https://github.com/defenseunicorns/uds-package-sonarqube) - an open-source platform developed by SonarSource for continuous inspection of code quality
- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster
- [Minio](https://min.io/) - In-cluster S3 Object Storage (note this is not yet `uds-package-minio-operator`)
46 changes: 46 additions & 0 deletions bundles/dev/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -212,11 +212,57 @@ packages:
description: "Gitlab Shell Min Replicas"
path: "gitlab.gitlab-shell.minReplicas"
default: 1
uds-gitlab-settings:
values:
- path: "botAccounts"
value:
enabled: true
accounts:
- username: renovatebot
scopes:
- api
- read_repository
- write_repository
secret:
name: gitlab-renovatebot
namespace: renovate
keyName: TOKEN

- name: gitlab-runner
repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner
ref: 17.2.1-uds.3-upstream

- name: valkey
repository: ghcr.io/defenseunicorns/packages/uds/valkey
ref: 7.2.6-uds.0-upstream
overrides:
valkey:
valkey:
# use a custom namespace here in the test bundle
# to deconflict with valkey deployed by gitlab dependency
namespace: "valkey-renovate"
uds-valkey-config:
namespace: "valkey-renovate"
values:
- path: custom
value:
- direction: Ingress
selector:
app.kubernetes.io/name: valkey
remoteNamespace: renovate
port: 6379
description: "Ingress from Renovate"
- path: copyPassword
value:
enabled: true
namespace: renovate
secretName: valkey-password
secretKey: password

- name: renovate
repository: ghcr.io/defenseunicorns/packages/uds/renovate
ref: 38.107.0-uds.1-upstream

- name: sonarqube
repository: ghcr.io/defenseunicorns/packages/uds/sonarqube
ref: 10.7.0-uds.0-upstream
Expand Down
6 changes: 4 additions & 2 deletions bundles/k3d-demo/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@
## Bundle Applications

- [UDS-K3d](https://k3d.io/) - Containerized K3s with opinionated deployment for UDS development
- [Minio](https://min.io/) - In-cluster S3 Object Storage (See below for more details)
- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - In-cluster Postgresql Database
- [UDS Core](https://github.com/defenseunicorns/uds-core) - Service Mesh, IdAM, Monitoring, Logging, Metrics, UDS Policy Engine & Operator, Container Security, Backup and Restore
- [GitLab](https://github.com/defenseunicorns/uds-package-gitlab) - a DevOps software package that can develop, secure, and operate software
- [GitLab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) - a Continuous Integration runner that integrates with GitLab
- [Renovate](https://github.com/defenseunicorns/uds-package-renovate) - a dependency checking bot that integrates with GitLab
- [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) - an open-source, self-hostable online chat service
- [SonarQube](https://github.com/defenseunicorns/uds-package-sonarqube) - an open-source platform developed by SonarSource for continuous inspection of code quality
- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster
- [Valkey](https://github.com/defenseunicorns/uds-package-valkey) - a Redis-alternative that can be deployed in a cluster (intended for use with GitLab)
- [Minio](https://min.io/) - In-cluster S3 Object Storage (note this is not yet `uds-package-minio-operator`)
46 changes: 46 additions & 0 deletions bundles/k3d-demo/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -234,11 +234,57 @@ packages:
description: "Gitlab Shell Min Replicas"
path: "gitlab.gitlab-shell.minReplicas"
default: 1
uds-gitlab-settings:
values:
- path: "botAccounts"
value:
enabled: true
accounts:
- username: renovatebot
scopes:
- api
- read_repository
- write_repository
secret:
name: gitlab-renovatebot
namespace: renovate
keyName: TOKEN

- name: gitlab-runner
repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner
ref: 17.2.1-uds.3-upstream

- name: valkey
repository: ghcr.io/defenseunicorns/packages/uds/valkey
ref: 7.2.6-uds.0-upstream
overrides:
valkey:
valkey:
# use a custom namespace here in the test bundle
# to deconflict with valkey deployed by gitlab dependency
namespace: "valkey-renovate"
uds-valkey-config:
namespace: "valkey-renovate"
values:
- path: custom
value:
- direction: Ingress
selector:
app.kubernetes.io/name: valkey
remoteNamespace: renovate
port: 6379
description: "Ingress from Renovate"
- path: copyPassword
value:
enabled: true
namespace: renovate
secretName: valkey-password
secretKey: password

- name: renovate
repository: ghcr.io/defenseunicorns/packages/uds/renovate
ref: 38.107.0-uds.1-upstream

- name: sonarqube
repository: ghcr.io/defenseunicorns/packages/uds/sonarqube
ref: 10.7.0-uds.0-upstream
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
2 changes: 1 addition & 1 deletion tasks/dependencies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ tasks:
default: ${UDS_ARCH}
actions:
- cmd: ./uds zarf package create src/dev-secrets --confirm --no-progress --skip-sbom -a ${{ .inputs.architecture }}
- cmd: ./uds zarf package create src/namespaces --confirm --no-progress --skip-sbom -a ${{ .inputs.architecture }}
- cmd: ./uds zarf package create src/dev-namespaces --confirm --no-progress --skip-sbom -a ${{ .inputs.architecture }}