Automator: merge upstream changes to openshift-service-mesh/sail-operator@main

.github/workflows/brokenlinks.yml

@@ -5,6 +5,7 @@ on:
   schedule:
     # Run this job every sunday at midnight
     - cron: "0 0 * * 0"
+  workflow_dispatch:
 
 permissions: {}
 
@@ -20,11 +21,11 @@ jobs:
 
       # Checks the status of hyperlinks in .md files
       - name: Check links
-        uses: gaurav-nelson/github-action-markdown-link-check@v1
+        uses: tcort/github-action-markdown-link-check@v1
         with:
           use-verbose-mode: 'yes'
           config-file: ".mdlinkcheck.json"
-          folder-path: "docs/common, docs/multicluster"
+          folder-path: "docs/addons, docs/common, docs/deployment-models, docs/dual-stack, docs/general, docs/guidelines, docs/update-strategy"
 
       - name: Raise an Issue to report broken links
         if: ${{ failure() }}

.github/workflows/nightly-images.yaml

@@ -3,7 +3,6 @@ name: Nightly image build workflow
 on:
   schedule:
     - cron: "0 3 * * *" # everyday at 3AM UTC - main branch
-    - cron: "0 2 * * *" # everyday at 2AM UTC - release-1.0 branch
 
 run-name: nightly-images
 
@@ -28,11 +27,6 @@ jobs:
       with:
         ref: main
 
-    - uses: actions/checkout@v4
-      if: github.event.schedule == '0 2 * * *'
-      with:
-        ref: release-1.0
-
     - name: Build and push nightly operator image
       run: |
         make docker-buildx \

.github/workflows/release.yaml

@@ -3,13 +3,9 @@ name: Release workflow
 on:
   workflow_dispatch:
     inputs:
-      release_version:
-        description: "Release version"
+      run_name:
+        description: "Run name - short description for the workflow run"
         required: true
-      bundle_channels:
-        description: "Bundle channels"
-        required: true
-        default: "stable,stable-3.0"
       is_draft_release:
         description: "Draft release"
         type: boolean
@@ -21,12 +17,11 @@ on:
         required: false
         default: false
 
-run-name: Release ${{ inputs.release_version }}
+run-name: ${{ inputs.run_name }}
 
 env:
   GIT_USER: ${{ secrets.GIT_USER }}
   GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
-  VERSION: ${{ inputs.release_version }}
 
 jobs:
   release:
@@ -44,22 +39,18 @@ jobs:
 
     - name: Build and push operator image
       run: |
-        make docker-buildx \
-          -e TAG=$VERSION
+        make docker-buildx
 
     - name: Generate bundle metadata
       run: |
-        make bundle \
-         -e CHANNELS=$CHANNELS
-      env:
-        CHANNELS: ${{ inputs.bundle_channels }}
+        make bundle
 
     - name: Publish bundle in operatorhub.io
+      continue-on-error: true
       run: |
         make bundle-publish \
           -e GIT_CONFIG_USER_NAME="$GIT_CONFIG_USER_NAME" \
           -e GIT_CONFIG_USER_EMAIL="$GIT_CONFIG_USER_EMAIL" \
-          -e OPERATOR_VERSION=$VERSION \
           -e OPERATOR_HUB=community-operators \
           -e OWNER=k8s-operatorhub \
           -e FORK=maistra
@@ -72,7 +63,6 @@ jobs:
         make bundle-publish \
           -e GIT_CONFIG_USER_NAME="$GIT_CONFIG_USER_NAME" \
           -e GIT_CONFIG_USER_EMAIL="$GIT_CONFIG_USER_EMAIL" \
-          -e OPERATOR_VERSION=$VERSION \
           -e OWNER=redhat-openshift-ecosystem \
           -e FORK=maistra
       env:

CONTRIBUTING.md

@@ -40,4 +40,4 @@ The Sail Operator project has a weekly contributor call every Thursday at 4PM CE
 If you find a security issue in the Sail Operator project, please refer to the [Security Policy](https://github.com/istio-ecosystem/sail-operator/security/policy) for more information on how to report security issues. Please do not report security issues in the public GitHub repository.
 
 ## Writing Documentation
-If you want to add new documentation or examples to our existing documentation please take a look at the [documentation guidelines](/docs/guidelines/guidelines.md) to help you get started. Take into account that we run automation test over the documentation examples, so please ensure that the examples are correct and follows the guidelines to ensure it will be properly tested.
+If you want to add new documentation or examples to our existing documentation please take a look at the [documentation guidelines](docs/guidelines/guidelines.md) to help you get started. Take into account that we run automation test over the documentation examples, so please ensure that the examples are correct and follows the guidelines to ensure it will be properly tested.

Dockerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:latest 
+FROM registry.access.redhat.com/ubi10/ubi-micro:latest 
 
 ARG TARGETOS TARGETARCH
 

ISSUE-MANAGEMENT.md

@@ -13,4 +13,4 @@ If you want to contribute to the Sail Operator project, please refer to the [CON
 For contributing to Istio, check out the [CONTRIBUTING.md](https://github.com/istio/community/blob/master/CONTRIBUTING.md) file, which contains all the information you need to get started.
 
 ## Did you find an Istio bug?
-If you found a bug in Istio, please refer to the [Istio GitHub repository](https://github.com/istio-ecosystem/sail-operator/blob/main/CONTRIBUTING-SAIL-PROJECT.md) to check the guidelines on how to report a bug to the Sail team.
+If you found a bug in Istio, please refer to the [Istio GitHub repository](CONTRIBUTING.md) to check the guidelines on how to report a bug to the Sail team.

Makefile.core.mk

@@ -22,6 +22,16 @@ OLD_VARS := $(.VARIABLES)
 VERSION ?= 1.27.0
 MINOR_VERSION := $(shell echo "${VERSION}" | cut -f1,2 -d'.')
 
+# This version will be used to generate the OLM upgrade graph in the FBC as a version to be replaced by the new operator version defined in $VERSION.
+# This applies for stable releases, for nightly releases we are getting previous version directly from the FBC.
+# Currently we are pushing the operator to two operator hubs https://github.com/k8s-operatorhub/community-operators and
+# https://github.com/redhat-openshift-ecosystem/community-operators-prod. Nightly builds go only to community-operators-prod which already
+# supports FBC. FBC yaml files and kept in community-operators-prod repo and we only generate a PR with changes using make targets from this Makefile.
+# There are also GH workflows defined to release nightly and stable operators.
+# There is no need to define `replaces` and `skipRange` fields in the CSV as those fields are defined in the FBC and CSV values are ignored.
+# FBC is source of truth for OLM upgrade graph.
+PREVIOUS_VERSION ?= 1.26.0
+
 OPERATOR_NAME ?= sailoperator
 VERSIONS_YAML_DIR ?= pkg/istioversion
 VERSIONS_YAML_FILE ?= versions.yaml
@@ -90,6 +100,12 @@ DOCKER_BUILD_FLAGS ?= "--platform=$(TARGET_OS)/$(TARGET_ARCH)"
 GOTEST_FLAGS := $(if $(VERBOSE),-v) $(if $(COVERAGE),-coverprofile=$(REPO_ROOT)/out/coverage-unit.out)
 GINKGO_FLAGS ?= $(if $(VERBOSE),-v) $(if $(CI),--no-color) $(if $(COVERAGE),-coverprofile=coverage-integration.out -coverpkg=./... --output-dir=out)
 
+# Fail fast when keeping the environment on failure, to make sure we don't contaminate it with other resources. Also make sure to skip cleanup so it won't be deleted.
+ifeq ($(KEEP_ON_FAILURE),true)
+GINKGO_FLAGS += --fail-fast
+SKIP_CLEANUP = true
+endif
+
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
 # To re-generate a bundle for other specific channels without changing the standard setup, you can:
@@ -192,33 +208,17 @@ test.e2e.kind: istioctl ## Deploy a KinD cluster and run the end-to-end tests ag
 .PHONY: test.e2e.describe
 test.e2e.describe: ## Runs ginkgo outline -format indent over the e2e test to show in BDD style the steps and test structure
 	GINKGO_FLAGS="$(GINKGO_FLAGS)" ${SOURCE_DIR}/tests/e2e/common-operator-integ-suite.sh --describe
-##@ Build
-
-.PHONY: runme $(RUNME)
-runme: OS=$(shell go env GOOS)
-runme: ARCH=$(shell go env GOARCH)
-runme: $(RUNME) ## Download runme to bin directory. If wrong version is installed, it will be overwritten.
-	@test -s $(LOCALBIN)/runme || { \
-		GOBIN=$(LOCALBIN) GO111MODULE=on go install github.com/runmedev/runme/v3@v$(RUNME_VERSION) > /dev/stderr; \
-		echo "runme has been downloaded and placed in $(LOCALBIN)"; \
-	}
-
-.PHONY: update-docs-examples
-update-docs-examples: ## Copy the documentation files and generate the resulting md files to be executed by the runme tool.
-	@echo "Executing copy script to generate the documentation examples md files"
-	@echo "The script will copy the files from the source folder to the destination folder and add the runme suffix to the file names"
-	@tests/documentation_tests/scripts/update-docs-examples.sh
-	@echo "Documentation examples updated successfully"
-
 
 .PHONE: test.docs
-test.docs: runme istioctl update-docs-examples
+test.docs: runme istioctl ## Run the documentation examples tests.
 ## test.docs use runme to test the documentation examples. 
 ## Check the specific documentation to understand the use of the tool
-	@echo "Running runme test on the documentation examples, the location of the tests is in the tests/documentation_test folder"
+	@echo "Running runme test on the documentation examples."
 	@PATH=$(LOCALBIN):$$PATH tests/documentation_tests/scripts/run-docs-examples.sh
 	@echo "Documentation examples tested successfully"
 
+##@ Build
+
 .PHONY: build
 build: build-$(TARGET_ARCH) ## Build the sail-operator binary.
 
@@ -448,7 +448,7 @@ gen-charts: ## Pull charts from istio repository.
 gen: gen-all-except-bundle bundle ## Generate everything.
 
 .PHONY: gen-all-except-bundle
-gen-all-except-bundle: operator-name operator-chart controller-gen gen-api gen-charts gen-manifests gen-code gen-api-docs github-workflow update-docs-examples mirror-licenses
+gen-all-except-bundle: operator-name operator-chart controller-gen gen-api gen-charts gen-manifests gen-code gen-api-docs mirror-licenses
 
 .PHONY: gen-check
 gen-check: gen restore-manifest-dates check-clean-repo ## Verify that changes in generated resources have been checked in.
@@ -493,9 +493,6 @@ operator-chart:
 	sed -i -e "s|^\(image: \).*$$|\1${IMAGE}|g" \
 	       -e "s/^\(  version: \).*$$/\1${VERSION}/g" chart/values.yaml
 
-github-workflow:
-	sed -i -e '1,/default:/ s/^\(.*default:\).*$$/\1 ${CHANNELS}/' .github/workflows/release.yaml
-
 .PHONY: update-istio
 update-istio: ## Update the Istio commit hash in the 'latest' entry in versions.yaml to the latest commit in the branch.
 	@hack/update-istio.sh
@@ -523,6 +520,7 @@ GITLEAKS ?= $(LOCALBIN)/gitleaks
 OPM ?= $(LOCALBIN)/opm
 ISTIOCTL ?= $(LOCALBIN)/istioctl
 RUNME ?= $(LOCALBIN)/runme
+MISSPELL ?= $(LOCALBIN)/misspell
 
 ## Tool Versions
 OPERATOR_SDK_VERSION ?= v1.39.2
@@ -534,6 +532,7 @@ OLM_VERSION ?= v0.31.0
 GITLEAKS_VERSION ?= v8.26.0
 ISTIOCTL_VERSION ?= 1.26.0
 RUNME_VERSION ?= 3.13.2
+MISSPELL_VERSION ?= v0.3.4
 
 # GENERATE_RELATED_IMAGES defines whether `spec.relatedImages` is going to be generated or not
 # To disable set flag to false
@@ -586,6 +585,15 @@ $(ISTIOCTL): $(LOCALBIN)
 		echo "istioctl has been downloaded and placed in $(LOCALBIN)"; \
 	}
 
+.PHONY: runme $(RUNME)
+runme: OS=$(shell go env GOOS)
+runme: ARCH=$(shell go env GOARCH)
+runme: $(RUNME) ## Download runme to bin directory. If wrong version is installed, it will be overwritten.
+	@test -s $(LOCALBIN)/runme || { \
+		GOBIN=$(LOCALBIN) GO111MODULE=on go install github.com/runmedev/runme/v3@v$(RUNME_VERSION) > /dev/stderr; \
+		echo "runme has been downloaded and placed in $(LOCALBIN)"; \
+	}
+
 .PHONY: controller-gen
 controller-gen: $(LOCALBIN) ## Download controller-gen to bin directory. If wrong version is installed, it will be overwritten.
 	@test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
@@ -648,19 +656,24 @@ bundle-push: ## Push the bundle image.
 bundle-publish: ## Create a PR for publishing in OperatorHub.
 	@export GIT_USER=$(GITHUB_USER); \
 	export GITHUB_TOKEN=$(GITHUB_TOKEN); \
-	export OPERATOR_VERSION=$(OPERATOR_VERSION); \
+	export OPERATOR_VERSION=$(VERSION); \
 	export OPERATOR_NAME=$(OPERATOR_NAME); \
+	export CHANNELS="$(CHANNELS)"; \
+	export PREVIOUS_VERSION=$(PREVIOUS_VERSION); \
 	./hack/operatorhub/publish-bundle.sh
 
+## Generate nightly bundle.
 .PHONY: bundle-nightly
-bundle-nightly: VERSION:=$(VERSION)-nightly-$(TODAY)  ## Generate nightly bundle.
+bundle-nightly: VERSION:=$(VERSION)-nightly-$(TODAY)
 bundle-nightly: CHANNELS:=$(MINOR_VERSION)-nightly
 bundle-nightly: TAG=$(MINOR_VERSION)-nightly-$(TODAY)
 bundle-nightly: bundle
 
+## Publish nightly bundle.
 .PHONY: bundle-publish-nightly
-bundle-publish-nightly: OPERATOR_VERSION=$(VERSION)-nightly-$(TODAY)  ## Publish nightly bundle.
+bundle-publish-nightly: VERSION:=$(VERSION)-nightly-$(TODAY)
 bundle-publish-nightly: TAG=$(MINOR_VERSION)-nightly-$(TODAY)
+bundle-publish-nightly: CHANNELS:=$(MINOR_VERSION)-nightly
 bundle-publish-nightly: bundle-nightly bundle-publish
 
 .PHONY: helm-artifacts-publish
@@ -720,8 +733,19 @@ lint-watches: ## Checks if the operator watches all resource kinds present in He
 lint-secrets: gitleaks ## Checks whether any secrets are present in the repository.
 	@${GITLEAKS} detect --no-git --redact -v
 
+.PHONY: lint-spell ## Run spell checker on the documentation files. Skipping sailoperator.io.md file.
+lint-spell: misspell
+	@echo "Get misspell from $(LOCALBIN)"
+	@echo "Running misspell on the documentation files"
+	@find $(REPO_ROOT)/docs -type f \( \( -name "*.md" -o -name "*.asciidoc" \) ! -name "*sailoperator.io.md" \) \
+	| xargs $(LOCALBIN)/misspell -error -locale US
+
+.PHONY: misspell
+misspell: $(LOCALBIN) ## Download misspell to bin directory.
+	@test -s $(LOCALBIN)/misspell || GOBIN=$(LOCALBIN) go install github.com/client9/misspell/cmd/misspell@$(MISSPELL_VERSION)
+
 .PHONY: lint
-lint: lint-scripts lint-licenses lint-copyright-banner lint-go lint-yaml lint-helm lint-bundle lint-watches lint-secrets ## Run all linters.
+lint: lint-scripts lint-licenses lint-copyright-banner lint-go lint-yaml lint-helm lint-bundle lint-watches lint-secrets lint-spell ## Run all linters.
 
 .PHONY: format
 format: format-go tidy-go ## Auto-format all code. This should be run before sending a PR.
@@ -733,7 +757,7 @@ git-hook: gitleaks ## Installs gitleaks as a git pre-commit hook.
 		chmod +x .git/hooks/pre-commit; \
 	fi
 
-.SILENT: helm $(HELM) $(LOCALBIN) deploy-yaml gen-api operator-name operator-chart github-workflow
+.SILENT: helm $(HELM) $(LOCALBIN) deploy-yaml gen-api operator-name operator-chart
 
 COMMON_IMPORTS ?= mirror-licenses dump-licenses lint-all lint-licenses lint-scripts lint-copyright-banner lint-go lint-yaml lint-helm format-go tidy-go check-clean-repo update-common
 .PHONY: $(COMMON_IMPORTS)

README.md

@@ -242,7 +242,7 @@ As you might know, the Sail Operator project serves as the community upstream fo
 
 #### versions.yaml
 
-The name of the versions.yaml file can be overwritten using the VERSIONS_YAML_FILE environment variable. This way, downstream vendors can point to a custom list of supported versions.
+The name of the versions.yaml file can be overwritten using the VERSIONS_YAML_FILE environment variable. This way, downstream vendors can point to a custom list of supported versions. Note that this file should be located in the `pkg/istioversion` directory, with the default value being `versions.yaml`.
 
 #### vendor_defaults.yaml
 

bundle/README.md

@@ -85,7 +85,7 @@ Repeat the process to create a project named `istio-cni`.
 The `version` field of the `Istio` and `IstioCNI` resource defines which version 
 of each component should be deployed. This can be set using the `Istio Version` 
 drop down menu when creating a new `Istio` with the OpenShift Container Platform 
-web console. For a list of available versions, see the [versions.yaml](/pkg/istioversion/versions.yaml) file
+web console. For a list of available versions, see the [versions.yaml](../pkg/istioversion/versions.yaml) file
 or use the command:
 
 ```sh

controllers/istiocni/istiocni_controller.go

@@ -153,6 +153,12 @@ func (r *Reconciler) installHelmChart(ctx context.Context, cni *v1.IstioCNI) err
 	// apply image digests from configuration, if not already set by user
 	userValues = applyImageDigests(version, userValues, config.Config)
 
+	// apply vendor-specific default values
+	userValues, err = istiovalues.ApplyIstioCNIVendorDefaults(version, userValues)
+	if err != nil {
+		return fmt.Errorf("failed to apply vendor defaults: %w", err)
+	}
+
 	// apply userValues on top of defaultValues from profiles
 	mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform(
 		r.Config.ResourceDirectory, version, r.Config.Platform, r.Config.DefaultProfile, cni.Spec.Profile, helm.FromValues(userValues))