devfile
diff --git a/‎.github/workflows/codecov.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/codecov.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/go.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/go.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎go.mod‎
Lines changed: 11 additions & 10 deletions b/‎go.mod‎
Lines changed: 11 additions & 10 deletions
diff --git a/‎go.sum‎
Lines changed: 302 additions & 52 deletions b/‎go.sum‎
Lines changed: 302 additions & 52 deletions
diff --git a/‎pkg/devfile/generator/generators.go‎
Lines changed: 150 additions & 12 deletions b/‎pkg/devfile/generator/generators.go‎
Lines changed: 150 additions & 12 deletions
@@ -14,7 +14,7 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17
+          go-version: 1.19
       - name: Run tests
         run: make test
       - name: Codecov
 
@@ -16,7 +16,7 @@ jobs:
     - name: Setup Go environment
       uses: actions/[email protected]
       with:
-        go-version: 1.16
+        go-version: 1.19
       id: go
 
     - name: Check out code into the Go module directory
@@ -45,7 +45,7 @@ jobs:
 
     - name: Check license
       run: |
-        go get github.com/google/addlicense@latest
+        go install github.com/google/addlicense@latest
         git reset HEAD --hard
         make check_license          
         if [[ $? != 0 ]]
@@ -60,7 +60,7 @@ jobs:
 
     - name: Run Gosec Security Scanner
       run: |
-        go install github.com/securego/gosec/v2/cmd/gosec@latest
+        go install github.com/securego/gosec/v2/cmd/gosec@v2.14.0
         make gosec
         if [[ $? != 0 ]]
         then
 
@@ -6,26 +6,27 @@ require (
 	github.com/devfile/api/v2 v2.2.0
 	github.com/devfile/registry-support/registry-library v0.0.0-20221018213054-47b3ffaeadba
 	github.com/fatih/color v1.7.0
-	github.com/fsnotify/fsnotify v1.4.9
+	github.com/fsnotify/fsnotify v1.6.0
 	github.com/gobwas/glob v0.2.3
 	github.com/golang/mock v1.6.0
-	github.com/google/go-cmp v0.5.6
+	github.com/google/go-cmp v0.5.9
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-version v1.4.0
 	github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348
 	github.com/openshift/api v0.0.0-20200930075302-db52bc4ef99f
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/afero v1.6.0
-	github.com/stretchr/testify v1.7.0
+	github.com/stretchr/testify v1.8.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.21.3
-	k8s.io/apiextensions-apiserver v0.21.3
-	k8s.io/apimachinery v0.21.3
-	k8s.io/client-go v0.21.3
+	k8s.io/api v0.26.1
+	k8s.io/apiextensions-apiserver v0.26.1
+	k8s.io/apimachinery v0.26.1
+	k8s.io/client-go v0.26.1
 	k8s.io/klog v1.0.0
-	k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471
-	sigs.k8s.io/controller-runtime v0.9.5
-	sigs.k8s.io/yaml v1.2.0
+	k8s.io/pod-security-admission v0.26.1
+	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
+	sigs.k8s.io/controller-runtime v0.14.4
+	sigs.k8s.io/yaml v1.3.0
 )
@@ -16,8 +16,12 @@
 package generator
 
 import (
+	"errors"
 	"fmt"
 
+	"github.com/devfile/api/v2/pkg/attributes"
+	"github.com/devfile/library/v2/pkg/devfile/parser/data"
+
 	v1 "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
 	"github.com/devfile/library/v2/pkg/devfile/parser"
 	"github.com/devfile/library/v2/pkg/devfile/parser/data/v2/common"
@@ -31,6 +35,7 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	psaapi "k8s.io/pod-security-admission/api"
 )
 
 const (
@@ -71,6 +76,8 @@ func GetObjectMeta(name, namespace string, labels, annotations map[string]string
 }
 
 // GetContainers iterates through all container components, filters out init containers and returns corresponding containers
+//
+// Deprecated: in favor of GetPodTemplateSpec
 func GetContainers(devfileObj parser.DevfileObj, options common.DevfileOptions) ([]corev1.Container, error) {
 	allContainers, err := getAllContainers(devfileObj, options)
 	if err != nil {
@@ -117,6 +124,8 @@ func GetContainers(devfileObj parser.DevfileObj, options common.DevfileOptions)
 }
 
 // GetInitContainers gets the init container for every preStart devfile event
+//
+// Deprecated: in favor of GetPodTemplateSpec
 func GetInitContainers(devfileObj parser.DevfileObj) ([]corev1.Container, error) {
 	containers, err := getAllContainers(devfileObj, common.DevfileOptions{})
 	if err != nil {
@@ -167,30 +176,49 @@ func GetInitContainers(devfileObj parser.DevfileObj) ([]corev1.Container, error)
 
 // DeploymentParams is a struct that contains the required data to create a deployment object
 type DeploymentParams struct {
-	TypeMeta          metav1.TypeMeta
-	ObjectMeta        metav1.ObjectMeta
-	InitContainers    []corev1.Container
-	Containers        []corev1.Container
+	TypeMeta   metav1.TypeMeta
+	ObjectMeta metav1.ObjectMeta
+	// Deprecated: InitContainers, Containers and Volumes are deprecated and are replaced by PodTemplateSpec.
+	// A PodTemplateSpec value can be obtained calling GetPodTemplateSpec function, instead of calling GetContainers and GetInitContainers
+	InitContainers []corev1.Container
+	// Deprecated: see InitContainers
+	Containers []corev1.Container
+	// Deprecated: see InitContainers
 	Volumes           []corev1.Volume
+	PodTemplateSpec   *corev1.PodTemplateSpec
 	PodSelectorLabels map[string]string
 	Replicas          *int32
 }
 
 // GetDeployment gets a deployment object
 func GetDeployment(devfileObj parser.DevfileObj, deployParams DeploymentParams) (*appsv1.Deployment, error) {
 
-	podTemplateSpecParams := podTemplateSpecParams{
-		ObjectMeta:     deployParams.ObjectMeta,
-		InitContainers: deployParams.InitContainers,
-		Containers:     deployParams.Containers,
-		Volumes:        deployParams.Volumes,
-	}
-
 	deploySpecParams := deploymentSpecParams{
-		PodTemplateSpec:   *getPodTemplateSpec(podTemplateSpecParams),
 		PodSelectorLabels: deployParams.PodSelectorLabels,
 		Replicas:          deployParams.Replicas,
 	}
+	if deployParams.PodTemplateSpec == nil {
+		// Deprecated
+		podTemplateSpecParams := podTemplateSpecParams{
+			ObjectMeta:     deployParams.ObjectMeta,
+			InitContainers: deployParams.InitContainers,
+			Containers:     deployParams.Containers,
+			Volumes:        deployParams.Volumes,
+		}
+		podTemplateSpec, err := getPodTemplateSpec(podTemplateSpecParams)
+		if err != nil {
+			return nil, err
+		}
+		deploySpecParams.PodTemplateSpec = *podTemplateSpec
+	} else {
+		if len(deployParams.InitContainers) > 0 ||
+			len(deployParams.Containers) > 0 ||
+			len(deployParams.Volumes) > 0 {
+			return nil, errors.New("InitContainers, Containers and Volumes cannot be set when PodTemplateSpec is set in parameters")
+		}
+
+		deploySpecParams.PodTemplateSpec = *deployParams.PodTemplateSpec
+	}
 
 	containerAnnotations, err := getContainerAnnotations(devfileObj, common.DevfileOptions{})
 	if err != nil {
@@ -207,6 +235,116 @@ func GetDeployment(devfileObj parser.DevfileObj, deployParams DeploymentParams)
 	return deployment, nil
 }
 
+// PodTemplateParams is a struct that contains the required data to create a podtemplatespec object
+type PodTemplateParams struct {
+	ObjectMeta metav1.ObjectMeta
+	// PodSecurityAdmissionPolicy is the policy to be respected by the created pod
+	// The pod will be patched, if necessary, to respect the policies
+	PodSecurityAdmissionPolicy psaapi.Policy
+}
+
+// GetPodTemplateSpec returns a pod template
+// The function:
+// - iterates through all container components, filters out init containers and gets corresponding containers
+// - gets the init container for every preStart devfile event
+// - patches the pod template and containers to satisfy PodSecurityAdmissionPolicy
+// - patches the pod template and containers to apply pod and container overrides
+func GetPodTemplateSpec(devfileObj parser.DevfileObj, podTemplateParams PodTemplateParams) (*corev1.PodTemplateSpec, error) {
+	containers, err := GetContainers(devfileObj, common.DevfileOptions{})
+	if err != nil {
+		return nil, err
+	}
+	initContainers, err := GetInitContainers(devfileObj)
+	if err != nil {
+		return nil, err
+	}
+
+	podTemplateSpecParams := podTemplateSpecParams{
+		ObjectMeta:     podTemplateParams.ObjectMeta,
+		InitContainers: initContainers,
+		Containers:     containers,
+	}
+	var globalAttributes attributes.Attributes
+	// attributes is not supported in versions less than 2.1.0, so we skip it
+	if devfileObj.Data.GetSchemaVersion() > string(data.APISchemaVersion200) {
+		// the only time GetAttributes will return an error is if DevfileSchemaVersion is 2.0.0, a case we've already covered;
+		// so we'll skip checking for error here
+		globalAttributes, _ = devfileObj.Data.GetAttributes()
+	}
+	components, err := devfileObj.Data.GetDevfileContainerComponents(common.DevfileOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	podTemplateSpec, err := getPodTemplateSpec(podTemplateSpecParams)
+	if err != nil {
+		return nil, err
+	}
+
+	podTemplateSpec, err = patchForPolicy(podTemplateSpec, podTemplateParams.PodSecurityAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+
+	if needsPodOverrides(globalAttributes, components) {
+		patchedPodTemplateSpec, err := applyPodOverrides(globalAttributes, components, podTemplateSpec)
+		if err != nil {
+			return nil, err
+		}
+		patchedPodTemplateSpec.ObjectMeta = podTemplateSpecParams.ObjectMeta
+		podTemplateSpec = patchedPodTemplateSpec
+	}
+
+	podTemplateSpec.Spec.Containers, err = applyContainerOverrides(devfileObj, podTemplateSpec.Spec.Containers)
+	if err != nil {
+		return nil, err
+	}
+	podTemplateSpec.Spec.InitContainers, err = applyContainerOverrides(devfileObj, podTemplateSpec.Spec.InitContainers)
+	if err != nil {
+		return nil, err
+	}
+
+	return podTemplateSpec, nil
+}
+
+func applyContainerOverrides(devfileObj parser.DevfileObj, containers []corev1.Container) ([]corev1.Container, error) {
+	containerComponents, err := devfileObj.Data.GetComponents(common.DevfileOptions{
+		ComponentOptions: common.ComponentOptions{
+			ComponentType: v1.ContainerComponentType,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	getContainerByName := func(name string) (*corev1.Container, bool) {
+		for _, container := range containers {
+			if container.Name == name {
+				return &container, true
+			}
+		}
+		return nil, false
+	}
+
+	result := make([]corev1.Container, 0, len(containers))
+	for _, comp := range containerComponents {
+		container, found := getContainerByName(comp.Name)
+		if !found {
+			continue
+		}
+		if comp.Attributes.Exists(ContainerOverridesAttribute) {
+			patched, err := containerOverridesHandler(comp, container)
+			if err != nil {
+				return nil, err
+			}
+			result = append(result, *patched)
+		} else {
+			result = append(result, *container)
+		}
+	}
+	return result, nil
+}
+
 // PVCParams is a struct to create PVC
 type PVCParams struct {
 	TypeMeta   metav1.TypeMeta