diff --git a/.cargo/audit.toml b/.cargo/audit.toml index fb639ad..4aff541 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -1,2 +1,2 @@ [advisories] -ignore = ["RUSTSEC-2024-0344"] +ignore = ["RUSTSEC-2024-0344", "RUSTSEC-2025-0023"] diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 0000000..7520df8 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,2 @@ +[env] +RUSTC_BOOTSTRAP = "1" diff --git a/.dockerignore b/.dockerignore index c579be0..adaa142 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,3 +2,4 @@ !queries !src !Cargo.* +!.cargo/config.toml diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index abd233e..cb6f4e1 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -18,8 +18,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Get Git commit timestamps - run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV + - name: Set timestamp and release version + run: | + echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV + git fetch --prune --unshallow --tags --force + echo "RELEASE_VERSION=$(git describe --always --dirty='--modified')" >> $GITHUB_ENV + cat $GITHUB_ENV - name: Login to registry uses: docker/login-action@v3 @@ -52,25 +56,9 @@ jobs: type=semver,pattern=v{{major}}.{{minor}} type=semver,pattern=v{{major}} - - name: Build and export to docker + - name: Build container id: build uses: docker/build-push-action@v6 - with: - context: . - load: true - annotations: ${{ steps.meta.outputs.annotations }} - cache-from: type=gha - cache-to: type=gha,mode=max - env: - SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }} - - - name: Generate CRDs - run: | - docker run --rm ${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml - - - name: Push container - uses: docker/build-push-action@v6 - id: push with: context: . push: true @@ -78,20 +66,28 @@ jobs: provenance: mode=max tags: ${{ steps.meta.outputs.tags }} annotations: ${{ steps.meta.outputs.annotations }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" env: SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }} + - name: Generate CRDs + run: | + docker run --rm ${{ env.OCI_REPO }}@${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml + - name: Kustomize manifests run: | - ./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.push.outputs.digest }}/" > ./manifests.yaml + ./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.build.outputs.digest }}/" > ./manifests.yaml - name: Push manifests run: | - flux push artifact oci://$OCI_REPO/manifests:latest \ + flux push artifact oci://${{ env.OCI_REPO }}/manifests:${{ gitea.head_ref || gitea.ref_name }} \ --path="./manifests.yaml" \ --source="$(git config --get remote.origin.url)" \ --revision="$(git rev-parse HEAD)" \ $(echo "${{ steps.meta.outputs.labels }}" | sed -e 's/^/-a /') - flux tag artifact oci://$OCI_REPO/manifests:latest \ + flux tag artifact oci://${{ env.OCI_REPO }}/manifests:${{ gitea.head_ref || gitea.ref_name }} \ $(echo "${{ steps.meta.outputs.tags }}" | sed -e 's/^.*:/--tag /') diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9b4ee7a..3132d55 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,17 +2,19 @@ fail_fast: true repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: check-yaml + args: + - --allow-multiple-documents - id: check-toml - id: check-added-large-files - id: check-merge-conflict - repo: https://github.com/crate-ci/typos - rev: v1.21.0 + rev: v1.31.1 hooks: - id: typos args: ["--force-exclude"] @@ -43,6 +45,17 @@ repos: name: audit description: Audit packages entry: cargo audit + args: ["--deny", "warnings"] + language: system + pass_filenames: false + verbose: true + always_run: true + + - id: udeps + name: unused + description: Check for unused crates + entry: cargo +nightly udeps + args: ["--workspace"] language: system types: [file] files: (\.rs|Cargo.lock)$ diff --git a/Cargo.lock b/Cargo.lock index 6f87991..809cb96 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -785,6 +785,26 @@ version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +[[package]] +name = "git-version" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ad568aa3db0fcbc81f2f116137f263d7304f512a1209b35b85150d3ef88ad19" +dependencies = [ + "git-version-macro", +] + +[[package]] +name = "git-version-macro" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53010ccb100b96a67bc32c0175f0ed1426b31b655d562898e57325f81c023ac0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.100", +] + [[package]] name = "gloo-timers" version = "0.3.0" @@ -1428,6 +1448,7 @@ dependencies = [ "chrono", "cynic", "futures", + "git-version", "insta", "k8s-openapi", "kube", diff --git a/Cargo.toml b/Cargo.toml index c4640dd..0f2d00e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,6 +34,7 @@ reqwest = { version = "0.12.14", default-features = false, features = [ "json", "rustls-tls", ] } +git-version = "0.3.9" [dev-dependencies] insta = { workspace = true } diff --git a/Dockerfile b/Dockerfile index 383cc5e..c243c9c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,8 @@ COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json COPY . . +ARG RELEASE_VERSION +ENV RELEASE_VERSION=${RELEASE_VERSION} RUN cargo auditable build --release FROM gcr.io/distroless/cc-debian12:nonroot AS runtime diff --git a/src/lib.rs b/src/lib.rs index c358c67..7589f13 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,3 +1,7 @@ +#![feature(let_chains)] pub mod context; pub mod lldap; pub mod resources; +mod version; + +pub use version::VERSION; diff --git a/src/main.rs b/src/main.rs index 4816d94..080031a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,6 +7,7 @@ use kube::runtime::controller::{self, Action}; use kube::runtime::reflector::ObjectRef; use kube::runtime::{Controller, watcher}; use kube::{Api, Client as KubeClient, Resource}; +use lldap_controller::VERSION; use lldap_controller::context::Context; use lldap_controller::lldap::LldapConfig; use lldap_controller::resources::{ @@ -47,7 +48,7 @@ async fn main() -> anyhow::Result<()> { Registry::default().with(logger).with(env_filter).init(); } - info!("Starting controller"); + info!(version = VERSION, "Starting"); let client = KubeClient::try_default().await?; diff --git a/src/resources/user_attribute.rs b/src/resources/user_attribute.rs index 49cd429..e8aff5d 100644 --- a/src/resources/user_attribute.rs +++ b/src/resources/user_attribute.rs @@ -1,19 +1,18 @@ use std::time::Duration; -use kube::{ - Api, CELSchema, CustomResource, - api::{Patch, PatchParams}, - runtime::controller::Action, -}; +use kube::api::{Patch, PatchParams}; +use kube::runtime::controller::Action; +use kube::{Api, CELSchema, CustomResource}; use queries::AttributeType; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; use serde_json::json; use tracing::{debug, trace, warn}; -use crate::{context::ControllerEvents, lldap, resources::Error}; - use super::Reconcile; +use crate::context::ControllerEvents; +use crate::lldap; +use crate::resources::Error; #[derive(Deserialize, Serialize, Clone, Copy, Debug, JsonSchema)] pub enum Type { diff --git a/src/version.rs b/src/version.rs new file mode 100644 index 0000000..8eb59de --- /dev/null +++ b/src/version.rs @@ -0,0 +1,11 @@ +pub const VERSION: &str = get_version(); + +const fn get_version() -> &'static str { + if let Some(version) = std::option_env!("RELEASE_VERSION") + && !version.is_empty() + { + version + } else { + git_version::git_version!(fallback = "unknown") + } +}