starred/holos
1
0
Fork 0
mirror of https://github.com/holos-run/holos.git synced 2026-03-10 23:09:23 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Compare commits

base: starred:jeff/readme
Branches Tags
starred:main starred:dependabot/go_modules/go_modules-a258281abc starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-495cad6dbb starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-31e1e7acf6 starred:jeff/v1alpha6-executor starred:jeff/435-examples starred:jeff/gemini-compare starred:jeff/compile-backup starred:jeff/xcue starred:jeff/command starred:kubeslice starred:jeff/406-unify-values starred:gl/embed-timoni-for-tests starred:jeff/378-kargo-topic starred:gl/helm-values-test-fixes starred:test starred:jeff/370-private-helm-repositories starred:jeff/371-helm-sdk starred:jeff/readme starred:jeff/327-brew-install starred:release starred:gl/311-setup-and-hello-holos starred:301-docs-structure-refactor starred:jeff/225-ko-release starred:jeff/try-holos
starred:v0.106.0 starred:v0.105.1 starred:v0.105.0 starred:v0.104.3 starred:v0.104.2 starred:v0.104.1 starred:v0.104.0 starred:v0.103.0 starred:v0.102.5 starred:v0.102.4 starred:v0.102.3 starred:v0.102.2 starred:v0.102.1 starred:v0.102.0 starred:v0.1.1 starred:v0.1.0 starred:v0.101.8 starred:v0.101.7 starred:v0.101.6 starred:v0.101.5 starred:v0.101.4 starred:v0.101.3 starred:v0.101.2 starred:v0.101.1 starred:v0.101.0 starred:v0.100.1 starred:v0.100.0 starred:v0.99.3 starred:v0.99.2 starred:v0.99.1 starred:v0.99.0 starred:v0.98.2 starred:v0.98.1 starred:v0.98.0 starred:v0.97.3 starred:v0.97.2 starred:v0.97.1 starred:v0.97.0 starred:v0.96.0 starred:v0.95.3 starred:v0.95.2 starred:v0.95.1 starred:v0.95.0 starred:v0.94.0 starred:v0.93.4 starred:v0.93.3 starred:v0.93.2 starred:v0.93.1 starred:v0.93.0 starred:v0.92.0 starred:v0.91.1 starred:v0.91.0 starred:v0.90.0 starred:v0.89.1 starred:v0.89.0 starred:v0.87.2 starred:v0.87.1 starred:v0.87.0 starred:v0.86.0 starred:v0.85.1 starred:v0.85.0 starred:v0.84.1 starred:v0.84.0 starred:v0.83.1 starred:v0.83.0 starred:v0.82.2 starred:v0.82.1 starred:v0.81.2 starred:v0.81.0 starred:v0.80.2 starred:v0.80.1 starred:v0.80.0 starred:v0.79.0 starred:v0.78.0 starred:v0.77.0 starred:v0.76.1 starred:v0.76.0 starred:v0.75.1 starred:v0.75.0 starred:v0.74.0 starred:v0.73.3 starred:v0.73.1 starred:v0.73.0 starred:v0.72.1 starred:v0.70.4 starred:v0.70.1 starred:v0.70.0 starred:v0.69.0 starred:v0.68.1 starred:v0.68.0 starred:v0.67.0 starred:v0.66.0 starred:v0.65.2 starred:v0.65.1 starred:v0.65.0 starred:v0.64.5 starred:v0.64.4 starred:v0.64.3 starred:v0.64.2 starred:v0.64.1 starred:v0.64.0 starred:v0.63.5 starred:v0.63.4 starred:v0.63.3 starred:v0.63.2 starred:v0.63.1 starred:v0.63.0 starred:v0.62.1 starred:v0.62.0 starred:v0.61.7 starred:v0.61.6 starred:v0.61.5 starred:v0.61.4 starred:v0.61.3 starred:v0.61.1 starred:v0.61.0 starred:v0.60.4 starred:v0.60.3 starred:v0.60.2 starred:v0.60.1 starred:v0.60.0 starred:v0.59.0 starred:v0.58.3 starred:v0.58.2 starred:v0.58.1 starred:v0.58.0 starred:v0.57.0 starred:v0.56.0 starred:v0.55.4 starred:v0.55.3 starred:v0.55.2 starred:v0.55.1 starred:v0.55.0 starred:v0.54.1 starred:v0.53.4 starred:v0.53.3 starred:v0.53.2 starred:v0.53.1 starred:v0.52.0 starred:v0.51.2 starred:v0.51.1 starred:v0.51.0 starred:v0.50.2 starred:v0.50.1 starred:v0.50.0 starred:v0.49.7 starred:v0.49.6 starred:v0.49.5 starred:v0.49.4 starred:v0.49.3 starred:v0.49.2 starred:v0.49.1 starred:v0.49.0 starred:v0.48.3 starred:v0.48.2 starred:v0.48.1 starred:v0.48.0 starred:v0.47.2 starred:v0.47.1 starred:v0.47.0 starred:v0.46.3 starred:v0.46.2 starred:v0.46.1 starred:v0.46.0 starred:v0.45.3 starred:v0.45.2 starred:v0.45.1 starred:v0.45.0 starred:v0.44.0 starred:v0.43.2 starred:v0.43.1 starred:v0.43.0 starred:v0.42.1 starred:v0.42.0 starred:v0.41.0 starred:v0.40.4 starred:v0.40.3 starred:v0.40.2 starred:v0.40.1 starred:v0.40.0
...
compare: starred:test
Branches Tags
starred:dependabot/go_modules/go_modules-a258281abc starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-495cad6dbb starred:main starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-31e1e7acf6 starred:jeff/v1alpha6-executor starred:jeff/435-examples starred:jeff/gemini-compare starred:jeff/compile-backup starred:jeff/xcue starred:jeff/command starred:kubeslice starred:jeff/406-unify-values starred:gl/embed-timoni-for-tests starred:jeff/378-kargo-topic starred:gl/helm-values-test-fixes starred:test starred:jeff/370-private-helm-repositories starred:jeff/371-helm-sdk starred:jeff/readme starred:jeff/327-brew-install starred:release starred:gl/311-setup-and-hello-holos starred:301-docs-structure-refactor starred:jeff/225-ko-release starred:jeff/try-holos
starred:v0.106.0 starred:v0.105.1 starred:v0.105.0 starred:v0.104.3 starred:v0.104.2 starred:v0.104.1 starred:v0.104.0 starred:v0.103.0 starred:v0.102.5 starred:v0.102.4 starred:v0.102.3 starred:v0.102.2 starred:v0.102.1 starred:v0.102.0 starred:v0.1.1 starred:v0.1.0 starred:v0.101.8 starred:v0.101.7 starred:v0.101.6 starred:v0.101.5 starred:v0.101.4 starred:v0.101.3 starred:v0.101.2 starred:v0.101.1 starred:v0.101.0 starred:v0.100.1 starred:v0.100.0 starred:v0.99.3 starred:v0.99.2 starred:v0.99.1 starred:v0.99.0 starred:v0.98.2 starred:v0.98.1 starred:v0.98.0 starred:v0.97.3 starred:v0.97.2 starred:v0.97.1 starred:v0.97.0 starred:v0.96.0 starred:v0.95.3 starred:v0.95.2 starred:v0.95.1 starred:v0.95.0 starred:v0.94.0 starred:v0.93.4 starred:v0.93.3 starred:v0.93.2 starred:v0.93.1 starred:v0.93.0 starred:v0.92.0 starred:v0.91.1 starred:v0.91.0 starred:v0.90.0 starred:v0.89.1 starred:v0.89.0 starred:v0.87.2 starred:v0.87.1 starred:v0.87.0 starred:v0.86.0 starred:v0.85.1 starred:v0.85.0 starred:v0.84.1 starred:v0.84.0 starred:v0.83.1 starred:v0.83.0 starred:v0.82.2 starred:v0.82.1 starred:v0.81.2 starred:v0.81.0 starred:v0.80.2 starred:v0.80.1 starred:v0.80.0 starred:v0.79.0 starred:v0.78.0 starred:v0.77.0 starred:v0.76.1 starred:v0.76.0 starred:v0.75.1 starred:v0.75.0 starred:v0.74.0 starred:v0.73.3 starred:v0.73.1 starred:v0.73.0 starred:v0.72.1 starred:v0.70.4 starred:v0.70.1 starred:v0.70.0 starred:v0.69.0 starred:v0.68.1 starred:v0.68.0 starred:v0.67.0 starred:v0.66.0 starred:v0.65.2 starred:v0.65.1 starred:v0.65.0 starred:v0.64.5 starred:v0.64.4 starred:v0.64.3 starred:v0.64.2 starred:v0.64.1 starred:v0.64.0 starred:v0.63.5 starred:v0.63.4 starred:v0.63.3 starred:v0.63.2 starred:v0.63.1 starred:v0.63.0 starred:v0.62.1 starred:v0.62.0 starred:v0.61.7 starred:v0.61.6 starred:v0.61.5 starred:v0.61.4 starred:v0.61.3 starred:v0.61.1 starred:v0.61.0 starred:v0.60.4 starred:v0.60.3 starred:v0.60.2 starred:v0.60.1 starred:v0.60.0 starred:v0.59.0 starred:v0.58.3 starred:v0.58.2 starred:v0.58.1 starred:v0.58.0 starred:v0.57.0 starred:v0.56.0 starred:v0.55.4 starred:v0.55.3 starred:v0.55.2 starred:v0.55.1 starred:v0.55.0 starred:v0.54.1 starred:v0.53.4 starred:v0.53.3 starred:v0.53.2 starred:v0.53.1 starred:v0.52.0 starred:v0.51.2 starred:v0.51.1 starred:v0.51.0 starred:v0.50.2 starred:v0.50.1 starred:v0.50.0 starred:v0.49.7 starred:v0.49.6 starred:v0.49.5 starred:v0.49.4 starred:v0.49.3 starred:v0.49.2 starred:v0.49.1 starred:v0.49.0 starred:v0.48.3 starred:v0.48.2 starred:v0.48.1 starred:v0.48.0 starred:v0.47.2 starred:v0.47.1 starred:v0.47.0 starred:v0.46.3 starred:v0.46.2 starred:v0.46.1 starred:v0.46.0 starred:v0.45.3 starred:v0.45.2 starred:v0.45.1 starred:v0.45.0 starred:v0.44.0 starred:v0.43.2 starred:v0.43.1 starred:v0.43.0 starred:v0.42.1 starred:v0.42.0 starred:v0.41.0 starred:v0.40.4 starred:v0.40.3 starred:v0.40.2 starred:v0.40.1 starred:v0.40.0

43 Commits
jeff/readm ... test

Author SHA1 Message Date
Jeff McCune
386fb89cc6 ci: replace lint workflow with cspell 
The lint workflow was slow and we don't often change buf or angular
these days so they're not necessary.

The remaining valuable task is cspell, which we can speed up with a
dedicated step.
 2024-12-20 13:52:54 -08:00
Jeff McCune
c5401d6b02 ci: speed up tests by killing steps 2024-12-20 11:57:05 -08:00
Jeff McCune
f215405643 docs: fix links in readme 2024-12-20 07:28:04 -08:00
Jeff McCune
2c79982bd3 cue: enable @embed for loading yaml (#385) 
mpvl suggests @embed is a more ideal solution than our implementation of
core.Component.Instances for the use case of unifying YAML data updated
by Kargo Stage resources.

See the issue for a link to the discussion.
 2024-12-20 07:14:01 -08:00
Jeff McCune
e5e4de3073 cue: update to 0.11.1 
go get cuelang.org/go/cmd/cue@latest

    go: downloading cuelang.org/go v0.11.1
    go: upgraded cuelang.org/go v0.11.0 => v0.11.1
 2024-12-20 07:09:39 -08:00
Jeff McCune
ec462f5f0b docs: redirect /docs/support 2024-12-19 22:13:04 -08:00
Jeff McCune
0e95a2812e cmd: expose MakeMain() for testing 
I'd like to add the kargo-demo repository to Unity to test evalv3, but
can't get a handle on the main function to wire up to testscript.

This patch fixes the problem by moving the MakeMain function to a public
package so the kargo-demo go module can import and call it using the go
mod tools technique.
 2024-12-19 15:19:46 -08:00
Jeff McCune
54efe3e24a core: pass --extract-yaml flag from platform to component (#376) 
Previously holos render platform was not setting the --extract-yaml file
when calling holos render component, causing data file instances defined
in the Platform spec to be discarded.

This patch passes the value along using the flag.
 2024-12-19 08:39:55 -08:00
Jeff McCune
f693f049f4 core: refactor --instance to --extract-yaml (#376) 
Extract YAML is more clear and aligns with the schema docs for the
Component Instance field which has an extractYAML kind.  This also
leaves the door open for additional kinds of data extractors which are
almost certainly going to be needed.
 2024-12-19 08:34:05 -08:00
Jeff McCune
85238710ac core: unify data files into config (#376) 
Previously there isn't a good way to unify json and yaml files with the
cue configuration.  This is a problem for use cases where data can be
generated idempotentialy prior to rendering the platform configuration.

The first use case is to explore unifying configuration with decrypted
sops values, which isn't typical since Holos is designed to handle
secrets with ExternalSecret resources, but does fit into the use case of
executing a command to produce data idempotently, then make the data
available to the platform configuration.

Other use cases this feature is intended to support are the prior
experiment where we fetch top level platform configuration from an rpc
service, and the future goal of integrating with data provided by
Terraform.
 2024-12-19 08:34:05 -08:00
Jeff McCune
3ec62d272e v1alpha5: update kargo crds to 1.1.1 2024-12-19 08:34:04 -08:00
Jeff McCune
49afb44fd4 docs: redirect /docs/comparison/ 2024-12-18 14:37:36 -08:00
Gary Larizza
a023f135ab Add a Comparisons page 
PROBLEM:

We've noticed that Holos almost immediately gets compared to Timoni, and
we frequently get asked for specifics in how they're similar/different.

SOLUTION:

* Add a `Comparison` page.
* Include a section that compares Holos to Timoni

OUTCOME:

Fewer questions about how Holos compares to Timoni because people are
able to find that answer themselves on our docs page.
 2024-12-18 14:33:52 -08:00
Jeff McCune
c6a3a5d689 docs: redirect /docs/kargo/ 2024-12-17 06:30:20 -08:00
Jeff McCune
3f1eed3f06 platform: add kargo.akuity.io custom resource definitions 
Needed for Kargo integration.  Imported with timoni from v1.0.3 Kargo
CRD's.
 2024-12-16 13:19:39 -08:00
Jeff McCune
7fb7df1441 docs: make the linter happy 2024-12-16 11:04:35 -05:00
Jeff McCune
a798111d4d docs: add oci helm charts example 
Question came up in chat, there isn't a good example and it's a pain to
piece together from the reference docs.
 2024-12-16 10:56:50 -05:00
Jeff McCune
3ddb823341 docs: add note about compinit 
Andy ran into issues enabling completion without first figuring out how
to initialize the completion system.
 2024-12-16 08:15:45 -05:00
Jeff McCune
70d48592c4 docs: fix environments topic 
It didn't work, failed with:

  ❯ holos show buildplans --selector app.holos.run/city=ams
  could not run: Component.Name: 2 errors in empty disjunction: (and 2 more errors) at internal/builder/instance.go:66
  Component.Name: 2 errors in empty disjunction:
  Component.Name: conflicting values "no-name" and "podinfo-ams":
      /Users/jeff/Holos/foo/holos-environments-tutorial/components/podinfo/podinfo.cue:6:12
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:6:13
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:35:2
      /Users/jeff/Holos/foo/holos-environments-tutorial/tags.cue:13:19
  Component.Name: conflicting values "podinfo" and "podinfo-ams":
      /Users/jeff/Holos/foo/holos-environments-tutorial/components/podinfo/podinfo.cue:6:12
      /Users/jeff/Holos/foo/holos-environments-tutorial/components/podinfo/podinfo.cue:7:8
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:6:13
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:35:2

This was likely because the podinfo component was used in different ways
in different topics.  Don't use the shared component to fix the problem.
 2024-12-13 09:20:52 -05:00
Jeff McCune
006f08df93 docs: add kargo place holder (#378) 2024-12-11 09:58:54 -08:00
Jeff McCune
39e2db5d37 docs: remove related content from youtube embed 
Except stuff in our own channel.
 2024-12-08 19:43:12 -08:00
Jeff McCune
ceb293fd8a docs: fix typescript className not class check error 2024-12-08 19:36:36 -08:00
Jeff McCune
188ff95015 docs: enable youtube fullscreen 
Without this patch the fullscreen button is disabled.
 2024-12-08 19:33:06 -08:00
Jeff McCune
5f658e0ba0 docs: add flux kustomization example (#374) 
Almost identical to the ArgoCD Application example.
 2024-12-08 19:20:12 -08:00
Jeff McCune
18b2850d3c platform: import flux custom resources 
kustomize build https://github.com/fluxcd/flux2/manifests/crds\?ref=v2.4.0 \
      timoni mod vendor crds -f-
 2024-12-08 19:03:18 -08:00
Jeff McCune
366a7fe93d docs: private helm repos need updated schemas (#370) 
Document the need to run holos init platform v1alpha5 --force to use the
private helm repository feature.
 2024-12-08 17:13:56 -08:00
Jeff McCune
f71d6d5bd9 helm: support private helm repositories (#370) 
Previously holos unconditionally executed helm repo add which failed for
private repositories requiring basic authentication.

This patch addresses the problem by using the Helm SDK to pull and cache
charts without adding them as repositories.  New fields for the
core.Helm type allow basic auth credentials to be read from environment
variables.

Multiple repositories are supported by using different env vars for
different repositories.
 2024-12-06 15:38:46 -08:00
Gary Larizza
4529673e93 Embed YouTube Video (#369) 
PROBLEM:

We've created a YouTube video walking people through Holos and the Helm
Values tutorial, but now we need to embed it on the site for visitors to
watch.

SOLUTION:

* Create a `YouTube` MDX plugin
* Use that plugin on Overview and Helm Values
* Tune the video size/attributes using CSS

OUTCOME:

The Helm Values YouTube video is embedded on our site for visitors to
watch.
 2024-12-06 15:33:03 -08:00
Jeff McCune
16a6447926 helm: support oci images in chart name 
Without this patch we do not support installing Kargo from an OCI helm
chart.  We want to support:

```
Component: #Helm & {
	Name:      "kargo"
	Namespace: Kargo.Namespace

	Chart: {
		name:    "oci://ghcr.io/akuity/kargo-charts/kargo"
		version: "1.0.3"
		release: Name
	}
	EnableHooks: true

	Values: Kargo.Values
}
```

This patch fixes the problem by using the base name for filesystem cache
operations.
 2024-12-03 12:15:06 -08:00
Jeff McCune
111a5944ff cue: bump to 0.11.0 
go get cuelang.org/go/cmd/cue@latest
 2024-12-02 12:37:19 -08:00
Jeff McCune
ff1446dc93 docs: redirect /docs/guides/helm/ 
This shows up in the Unity tests I'm working on with mvdan and goes to a
blank page without the redirect in place.

	--- FAIL: TestGuides_v1alpha5 (0.00s)
	   --- FAIL: TestGuides_v1alpha5/helm (0.60s)
	       testscript.go:584: # Helm Guide https://holos.run/docs/guides/helm/
 2024-12-02 09:05:13 -08:00
Jeff McCune
67ef990c37 v0.101.2 build tags 2024-12-02 08:09:23 -08:00
Jeff McCune
6bd54ab856 render: pass build tags from platform to component (#366) 
Previously, build tags were not propagated from `holos render platform
-t validate` through to the underlying `holos render component` command.
This is a problem because validators need to be selectively enabled as a
work around until we have an audit mode field.

This patch fixes the problem by propagating command line tags from the
render platform command to the underlying commands.  This patch also
propagates tags for the show command.
 2024-11-30 20:56:11 -08:00
Jeff McCune
89a23a10fd docs: remove DIRECTORY from holos render platform --help 
The directory argument is deprecated now, use the --platform flag
instead.
 2024-11-30 13:08:01 -08:00
Jeff McCune
5a939bb6fe render: support cue build tags e.g. -t foo for @if(foo) (#366) 
Previously Holos only supported tags in the form of key=value.  CUE
supports boolean style tags in the form of `key [ "=" value ]` which we
want to use to conditionally use to register components with the
platform.

This patch modifies the flag parsing to support -t foo like cue does,
for use with the @if(foo) build tag.
 2024-11-30 12:50:31 -08:00
Jeff McCune
ee16f14e03 refactor build plan pipeline 
Previously the BuildPlan pipeline didn't execute generators and
transformers concurrently.  All steps were sequentially executed.  Holos
was primarily concurrent by executing multiple BuildPlans at once.

This patch changes the Build implementation for each BuildPlan to
execute a GoRoutine pipeline.  One producer fans out to a group of
routines each executing the pipeline for one artifact in the build plan.
The pipeline has 3 stages:

1: Fan-out to build each Generator concurrently.
2: Fan-in to build each Transformer sequentially.
3: Fan-out again to run each validator concurrently.

When the artifact pipelines return, the producer closes the tasks
channel causing the worker tasks to return.

Note the overall runtime for 8 BuildPlans is roughly equivalent to
previously at 160ms with --concurrency=8 on my M3 Max.  I expect this to
perform better than previously when multiple artifacts are rendered for
each BuildPlan.
 2024-11-29 14:52:06 -08:00
Jeff McCune
7530345620 main: add tracing and profiling 
Writes files based on parent pid and process pid to avoid collisions.

Analyze with:

export HOLOS_TRACE=trace.%d.%d.out
go tool trace trace.999.1000.out

export HOLOS_CPU_PROFILE=cpu.%d.%d.prof
go tool pprof cpu.999.1000.prof

export HOLOS_MEM_PROFILE=mem.%d.%d.prof
go tool pprof mem.999.1000.prof
 2024-11-29 14:52:06 -08:00
Jeff McCune
47d60ef86d docs: fix cue vet path in validators post (#357) 
Without this patch the validator fails if a component manages two of the
same kind of resource, which is common.

This patch updates the example to use the metadata namespace and name as
lookup keys.  This works for most components, but may not for
ClusterResources.  Use the kind top level field in that case and pass
the field name of the validator as a tag value to vary by component.
 2024-11-25 19:35:02 -08:00
Jeff McCune
9e9f6efd04 docs: fix typos in validators blog post (#357) 2024-11-25 15:46:54 -08:00
Jeff McCune
fb4a043823 docs: add card for validators blog post (#357) 2024-11-25 15:11:11 -08:00
Jeff McCune
d718ab1910 docs: redirect /docs/local-cluster to the v1alpha5 topic 2024-11-25 10:53:31 -08:00
Jeff McCune
c649db18a9 docs: redirect /docs/quickstart to the overview 2024-11-25 10:43:16 -08:00
Jeff McCune
b3bddf3ee3 docs: add validators blog post (#357) 2024-11-25 08:49:27 -08:00
88 changed files with 10152 additions and 702 deletions
Expand all files Collapse all files

7
.cspell.json
View File

@@ -29,6 +29,7 @@
"authpolicy",
"authproxy",
"authroutes",
"autoload",
"automount",
"automounting",
"autoscaler",
@@ -44,6 +45,7 @@
"certificaterequest",
"certificaterequests",
"certificatesigningrequests",
"chartmuseum",
"clientset",
"clsx",
"clusterexternalsecret",
@@ -58,6 +60,7 @@
"Cmds",
"CNCF",
"CODEOWNERS",
"compinit",
"componentconfig",
"configdir",
"configmap",
@@ -71,6 +74,7 @@
"creds",
"crossplane",
"crunchydata",
"ctxt",
"cuecontext",
"cuelang",
"customresourcedefinition",
@@ -98,6 +102,7 @@
"fieldmaskpb",
"fieldspec",
"flushcache",
"fluxcd",
"fullname",
"gatewayclass",
"gatewayclasses",
@@ -151,6 +156,7 @@
"jetstack",
"jiralert",
"Jsonnet",
"Kargo",
"kfbh",
"killall",
"kubeadm",
@@ -188,6 +194,7 @@
"mutatingwebhookconfigurations",
"mvdan",
"mxcl",
"mychart",
"myhostname",
"myRegistrKeySecretName",
"mysecret",

33
.github/workflows/lint.yaml vendored
View File

@@ -1,6 +1,5 @@
---
# https://github.com/golangci/golangci-lint-action?tab=readme-ov-file#how-to-use
name: Lint
name: Spelling
"on":
push:
branches:
@@ -8,35 +7,11 @@ name: Lint
- test
pull_request:
types: [opened, synchronize]
permissions:
contents: read
jobs:
lint:
name: lint
cspell:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: 20
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: stable
## Not needed on ubuntu-latest
# - name: Install Packages
# run: sudo apt update && sudo apt -qq -y install git curl zip unzip tar bzip2 make
- name: Install Tools
run: make tools
- name: Lint
# golangci-lint runs in a separate workflow.
run: make lint -o golangci-lint
- uses: actions/checkout@v4
- run: ./hack/cspell

8
.github/workflows/test.yaml vendored
View File

@@ -28,19 +28,11 @@ jobs:
with:
go-version: stable
- name: Install Packages
run: sudo apt update && sudo apt -qq -y install git curl zip unzip tar bzip2 make
- name: Set up Helm
uses: azure/setup-helm@v4
- name: Set up Kubectl
uses: azure/setup-kubectl@v4
- name: Install Tools
run: |
set -x
make tools
- name: Test
run: ./scripts/test

6
README.md
View File

@@ -119,12 +119,12 @@ here to help.
Holos is licensed under Apache 2.0 as found in the [LICENSE file](LICENSE).
[Holos]: https://holos.run
[Holos]: https://holos.run/docs/overview/
[rendered manifests pattern]: https://akuity.io/blog/the-rendered-manifests-pattern
[CUE]: https://cuelang.org/
[Discord]: https://discord.gg/JgDVbNpye7
[GitHub discussions]: https://github.com/holos-run/holos/discussions
[Why CUE for Configuration]: https://holos.run/blog/why-cue-for-configuration/
[topics]: https://holos.run/docs/topics/
[tutorial]: https://holos.run/docs/overview/
[setup]: https://holos.run/docs/setup/
[tutorial]: https://holos.run/docs/tutorial/
[topics]: https://holos.run/docs/topics/

45
api/core/v1alpha5/types.go
View File

@@ -146,9 +146,26 @@ type Chart struct {
}
// Repository represents a [Helm] [Chart] repository.
//
// The Auth field is useful to configure http basic authentication to the Helm
// repository. Holos gets the username and password from the environment
// variables represented by the Auth field.
type Repository struct {
Name string `json:"name" yaml:"name"`
URL string `json:"url" yaml:"url"`
Auth Auth `json:"auth,omitempty" yaml:"auth,omitempty"`
}
// Auth represents environment variable names containing auth credentials.
type Auth struct {
Username AuthSource `json:"username" yaml:"username"`
Password AuthSource `json:"password" yaml:"password"`
}
// AuthSource represents a source for the value of an [Auth] field.
type AuthSource struct {
Value string `json:"value,omitempty" yaml:"value,omitempty"`
FromEnv string `json:"fromEnv,omitempty" yaml:"fromEnv,omitempty"`
}
// Transformer combines multiple inputs from prior [Generator] or [Transformer]
@@ -286,6 +303,10 @@ type Component struct {
// Path represents the path of the component relative to the platform root.
// Injected as the tag variable "holos_component_path".
Path string `json:"path" yaml:"path"`
// Instances represents additional cue instance paths to unify with Path.
// Useful to unify data files into a component BuildPlan. Added in holos
// 0.101.7.
Instances []Instance `json:"instances,omitempty" yaml:"instances,omitempty"`
// WriteTo represents the holos render component --write-to flag. If empty,
// the default value for the --write-to flag is used.
WriteTo string `json:"writeTo,omitempty" yaml:"writeTo,omitempty"`
@@ -302,3 +323,27 @@ type Component struct {
// `cli.holos.run/description` to customize the log message of each BuildPlan.
Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`
}
// Instance represents a data instance to unify with the configuration.
//
// Useful to unify json and yaml files with cue configuration files for
// integration with other tools. For example, executing holos render platform
// from a pull request workflow after [Kargo] executes the [yaml update] and
// [git wait for pr] promotion steps.
//
// [Kargo]: https://docs.kargo.io/
// [yaml update]: https://docs.kargo.io/references/promotion-steps#yaml-update
// [git wait for pr]: https://docs.kargo.io/references/promotion-steps#git-wait-for-pr
type Instance struct {
// Kind is a discriminator.
Kind string `json:"kind" yaml:"kind" cue:"\"ExtractYAML\""`
// Ignored unless kind is ExtractYAML.
ExtractYAML ExtractYAML `json:"extractYAML,omitempty" yaml:"extractYAML,omitempty"`
}
// ExtractYAML represents a cue data instance encoded as yaml or json. If Path
// refers to a directory all files in the directory are extracted
// non-recursively. Otherwise, path must refer to a file.
type ExtractYAML struct {
Path string `json:"path" yaml:"path"`
}

63
cmd/cmd.go Normal file
View File

@@ -0,0 +1,63 @@
package cmd
import (
"context"
"fmt"
"log/slog"
"os"
"runtime/pprof"
"runtime/trace"
"github.com/holos-run/holos/internal/cli"
"github.com/holos-run/holos/internal/holos"
)
// MakeMain makes a main function for the cli or tests.
func MakeMain(options ...holos.Option) func() int {
return func() (exitCode int) {
cfg := holos.New(options...)
slog.SetDefault(cfg.Logger())
ctx := context.Background()
if format := os.Getenv("HOLOS_CPU_PROFILE"); format != "" {
f, _ := os.Create(fmt.Sprintf(format, os.Getppid(), os.Getpid()))
err := pprof.StartCPUProfile(f)
defer func() {
pprof.StopCPUProfile()
f.Close()
}()
if err != nil {
return cli.HandleError(ctx, err, cfg)
}
}
defer memProfile(ctx, cfg)
if format := os.Getenv("HOLOS_TRACE"); format != "" {
f, _ := os.Create(fmt.Sprintf(format, os.Getppid(), os.Getpid()))
err := trace.Start(f)
defer func() {
trace.Stop()
f.Close()
}()
if err != nil {
return cli.HandleError(ctx, err, cfg)
}
}
feature := &holos.EnvFlagger{}
if err := cli.New(cfg, feature).ExecuteContext(ctx); err != nil {
return cli.HandleError(ctx, err, cfg)
}
return 0
}
}
func memProfile(ctx context.Context, cfg *holos.Config) {
if format := os.Getenv("HOLOS_MEM_PROFILE"); format != "" {
f, _ := os.Create(fmt.Sprintf(format, os.Getppid(), os.Getpid()))
defer f.Close()
if err := pprof.WriteHeapProfile(f); err != nil {
_ = cli.HandleError(ctx, err, cfg)
}
}
}

4
cmd/holos/main.go
View File

@@ -3,9 +3,9 @@ package main
import (
"os"
"github.com/holos-run/holos/internal/cli"
"github.com/holos-run/holos/cmd"
)
func main() {
os.Exit(cli.MakeMain()())
os.Exit(cmd.MakeMain()())
}

4
cmd/holos/main_test.go
View File

@@ -6,13 +6,13 @@ import (
"testing"
cue "cuelang.org/go/cmd/cue/cmd"
"github.com/holos-run/holos/internal/cli"
"github.com/holos-run/holos/cmd"
"github.com/rogpeppe/go-internal/testscript"
)
func TestMain(m *testing.M) {
os.Exit(testscript.RunMain(m, map[string]func() int{
"holos": cli.MakeMain(),
"holos": cmd.MakeMain(),
"cue": cue.Main,
}))
}

8
cmd/holos/tests/v1alpha5/guides/helm.txt
View File

@@ -7,11 +7,11 @@ cd $WORK
exec holos generate platform v1alpha5 --force
# Platforms are empty by default.
exec holos render platform ./platform
exec holos render platform
stderr -count=1 '^rendered platform'
# Holos uses CUE to build a platform specification.
exec cue export --expression holos --out=yaml ./platform
exec holos show platform
cmp stdout want/1.platform_spec.yaml
# Define the host and port in projects/blackbox.schema.cue
@@ -22,7 +22,7 @@ mv projects/platform/components/prometheus/prometheus.cue.disabled projects/plat
mv platform/prometheus.cue.disabled platform/prometheus.cue
# Render the platform to render the prometheus chart.
exec holos render platform ./platform
exec holos render platform
stderr -count=1 '^rendered prometheus'
stderr -count=1 '^rendered platform'
cmp deploy/components/prometheus/prometheus.gen.yaml want/1.prometheus.gen.yaml
@@ -73,8 +73,8 @@ core.#BuildPlan & {
metadata: name: _Tags.component.name
}
-- want/1.platform_spec.yaml --
kind: Platform
apiVersion: v1alpha5
kind: Platform
metadata:
name: default
spec:

38
cmd/holos/tests/v1alpha5/issues/helm-pull-errors.txt
View File

@@ -1,38 +0,0 @@
# https://github.com/holos-run/holos/issues/332
env HOME=$WORK
# Mock with a stub helm command
env PATH=$WORK/bin:$PATH
chmod 755 bin/helm
# Initialize the platform
exec holos init platform v1alpha5 --force
# when helm update returns an error
! exec holos render platform
# holos should log the helm error to stderr
stderr 'Error: chart "podinfo" matching 0.0.0 not found in podinfo index'
-- bin/helm --
#! /bin/bash
echo 'Error: chart "podinfo" matching 0.0.0 not found in podinfo index' >&2
exit 2
-- platform/podinfo.cue --
package holos
Platform: Components: podinfo: {
name: "podinfo"
path: "components/podinfo"
}
-- components/podinfo/podinfo.cue --
package holos
// Produce a helm chart build plan.
holos: HelmChart.BuildPlan
HelmChart: #Helm & {
Name: "podinfo"
Chart: {
version: "0.0.0"
repository: {
name: "podinfo"
url: "https://stefanprodan.github.io/podinfo"
}
}
}

50
cmd/holos/tests/v1alpha5/issues/issue366-cue-build-tags.txt Normal file
View File

@@ -0,0 +1,50 @@
# https://github.com/holos-run/holos/issues/366
# Build tags conditionally include CUE files.
env HOME=$WORK
exec holos init platform v1alpha5 --force
exec holos show platform
cmp stdout want/empty.yaml
exec holos show platform -t foo
cmp stdout want/foo.yaml
-- platform/empty.cue --
@if(foo)
package holos
Platform: Components: foo: _
-- platform/metadata.cue --
package holos
Platform: Components: [NAME=string]: {
name: NAME
path: "components/empty"
labels: "app.holos.run/name": NAME
annotations: "app.holos.run/description": "\(NAME) empty test case"
}
-- components/empty/empty.cue --
package holos
Component: #Kubernetes & {}
holos: Component.BuildPlan
-- want/empty.yaml --
apiVersion: v1alpha5
kind: Platform
metadata:
name: default
spec:
components: []
-- want/foo.yaml --
apiVersion: v1alpha5
kind: Platform
metadata:
name: default
spec:
components:
- annotations:
app.holos.run/description: foo empty test case
labels:
app.holos.run/name: foo
name: foo
path: components/empty

62
doc/md/api/core.md
View File

@@ -15,17 +15,21 @@ Package core contains schemas for a [Platform](<#Platform>) and [BuildPlan](<#Bu
## Index
- [type Artifact](<#Artifact>)
- [type Auth](<#Auth>)
- [type AuthSource](<#AuthSource>)
- [type BuildPlan](<#BuildPlan>)
- [type BuildPlanSpec](<#BuildPlanSpec>)
- [type Chart](<#Chart>)
- [type Command](<#Command>)
- [type Component](<#Component>)
- [type ExtractYAML](<#ExtractYAML>)
- [type File](<#File>)
- [type FileContent](<#FileContent>)
- [type FileContentMap](<#FileContentMap>)
- [type FilePath](<#FilePath>)
- [type Generator](<#Generator>)
- [type Helm](<#Helm>)
- [type Instance](<#Instance>)
- [type InternalLabel](<#InternalLabel>)
- [type Join](<#Join>)
- [type Kind](<#Kind>)
@@ -65,6 +69,30 @@ type Artifact struct {
}
```
<a name="Auth"></a>
## type Auth {#Auth}
Auth represents environment variable names containing auth credentials.
```go
type Auth struct {
Username AuthSource `json:"username" yaml:"username"`
Password AuthSource `json:"password" yaml:"password"`
}
```
<a name="AuthSource"></a>
## type AuthSource {#AuthSource}
AuthSource represents a source for the value of an [Auth](<#Auth>) field.
```go
type AuthSource struct {
Value string `json:"value,omitempty" yaml:"value,omitempty"`
FromEnv string `json:"fromEnv,omitempty" yaml:"fromEnv,omitempty"`
}
```
<a name="BuildPlan"></a>
## type BuildPlan {#BuildPlan}
@@ -143,6 +171,10 @@ type Component struct {
// Path represents the path of the component relative to the platform root.
// Injected as the tag variable "holos_component_path".
Path string `json:"path" yaml:"path"`
// Instances represents additional cue instance paths to unify with Path.
// Useful to unify data files into a component BuildPlan. Added in holos
// 0.101.7.
Instances []Instance `json:"instances,omitempty" yaml:"instances,omitempty"`
// WriteTo represents the holos render component --write-to flag. If empty,
// the default value for the --write-to flag is used.
WriteTo string `json:"writeTo,omitempty" yaml:"writeTo,omitempty"`
@@ -161,6 +193,17 @@ type Component struct {
}
```
<a name="ExtractYAML"></a>
## type ExtractYAML {#ExtractYAML}
ExtractYAML represents a cue data instance encoded as yaml or json. If Path refers to a directory all files in the directory are extracted non\-recursively. Otherwise, path must refer to a file.
```go
type ExtractYAML struct {
Path string `json:"path" yaml:"path"`
}
```
<a name="File"></a>
## type File {#File}
@@ -253,6 +296,22 @@ type Helm struct {
}
```
<a name="Instance"></a>
## type Instance {#Instance}
Instance represents a data instance to unify with the configuration.
Useful to unify json and yaml files with cue configuration files for integration with other tools. For example, executing holos render platform from a pull request workflow after [Kargo](<https://docs.kargo.io/>) executes the [yaml update](<https://docs.kargo.io/references/promotion-steps#yaml-update>) and [git wait for pr](<https://docs.kargo.io/references/promotion-steps#git-wait-for-pr>) promotion steps.
```go
type Instance struct {
// Kind is a discriminator.
Kind string `json:"kind" yaml:"kind" cue:"\"ExtractYAML\""`
// Ignored unless kind is ExtractYAML.
ExtractYAML ExtractYAML `json:"extractYAML,omitempty" yaml:"extractYAML,omitempty"`
}
```
<a name="InternalLabel"></a>
## type InternalLabel {#InternalLabel}
@@ -365,10 +424,13 @@ type PlatformSpec struct {
Repository represents a [Helm](<#Helm>) [Chart](<#Chart>) repository.
The Auth field is useful to configure http basic authentication to the Helm repository. Holos gets the username and password from the environment variables represented by the Auth field.
```go
type Repository struct {
Name string `json:"name" yaml:"name"`
URL string `json:"url" yaml:"url"`
Auth Auth `json:"auth,omitempty" yaml:"auth,omitempty"`
}
```

57
doc/md/topics/comparison.mdx Normal file
View File

@@ -0,0 +1,57 @@
---
description: Holos compared to other tools
sidebar_label: Comparison
slug: comparison
sidebar_position: 40
---
{/* cspell:ignore Prodan, rollouts */}
# Holos compared to other tools
## Timoni
Holos and Timoni both aim to solve similar problems but approach them at
different levels of the stack.
Timoni focuses on managing applications by evaluating [CUE] stored in OCI
containers. Its creator, Stephan Prodan, envisions a controller that applies the
resulting manifests. In this process, Timoni defers to [Flux] for managing Helm
charts within the cluster.
In contrast, Holos implements the [Rendered Manifests Pattern] and takes a
different approach, particularly in how it handles [Helm] charts. Like
[ArgoCD], Holos renders Helm charts into manifests using the `helm template`
command in its rendering pipeline. Holos differs from Timoni in several important
ways:
1. **Separation of Responsibilities:** Holos stops short of applying
rendered manifests to a cluster, leaving that task to existing tools like
[ArgoCD], [Flux], or even basic `kubectl apply` commands.
2. **Ecosystem Integration:** By focusing solely on rendering Kubernetes
manifests, Holos creates space for other tools to handle deployment and
management. For instance, Holos integrates seamlessly with [Kargo] for
progressive rollouts, as [Kargo] operates between Holos and the Kubernetes API.
This approach ensures that you're not locked into any specific tool and can
choose the best solution for each task.
3. **Platform Integration:** Holos focuses on integrating multiple Components
into a larger Platform. In Holos terminology, a Component refers to a wrapper
for [Helm] charts, [Kustomize] bases, or raw YAML files, integrated into the
rendering pipeline through [CUE]. A Platform represents the full combination of
these components.
4. **Explicit Rendering Pipeline:** Holos emphasizes flexibility in its
rendering pipeline. The system allows any tool that generates Kubernetes
manifests to be wrapped in a Generator, which can then feed into existing
transformers like [Kustomize]. This explicit separation makes Holos highly
adaptable for different workflows.
[Kargo]: https://kargo.io/
[Flux]: https://fluxcd.io
[Helm]: https://helm.sh
[ArgoCD]: https://argoproj.github.io/cd/
[Kustomize]: https://kustomize.io/
[CUE]: https://cuelang.org/
[Rendered Manifests Pattern]: https://akuity.io/blog/the-rendered-manifests-pattern

218
doc/md/topics/gitops/flux-kustomization.mdx Normal file
View File

@@ -0,0 +1,218 @@
---
slug: flux-kustomization
title: Flux Kustomization
description: Configuring a Kustomization for each Component.
sidebar_position: 120
---
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import CommonComponent from '../../common/example-component.mdx';
import CommonComponentIntegrate from '../../common/example-component-integrate.mdx';
# Flux Kustomization
## Overview
This topic covers how to mix in a Flux Kustomization to all components. We'll
use the `Artifacts` field of [ComponentConfig] defined by the author schema.
## The Code
### Generating the structure
Use `holos` to generate a minimal platform directory structure. Start by
creating a blank directory to hold the platform configuration.
```shell
mkdir holos-flux-kustomization && cd holos-flux-kustomization
```
```shell
holos init platform v1alpha5
```
### Creating an example Component
<CommonComponent />
<CommonComponentIntegrate />
## Adding Flux Kustomizations
Configure Holos to render a [Kustomization] by defining an [Artifact] for it in
every BuildPlan holos produces. We're unifying our custom configuration with
the existing `#ComponentConfig` defined in `schema.cue`.
```bash
cat <<EOF >flux-kustomization.cue
```
```cue showLineNumbers
package holos
import (
"path"
flux "kustomize.toolkit.fluxcd.io/kustomization/v1"
)
#ComponentConfig: {
Name: _
OutputBaseDir: _
let ArtifactPath = path.Join([OutputBaseDir, "gitops", "\(Name).kustomization.gen.yaml"], path.Unix)
let ResourcesPath = path.Join(["deploy", OutputBaseDir, "components", Name], path.Unix)
Artifacts: "\(Name)-kustomization": {
artifact: ArtifactPath
generators: [{
kind: "Resources"
output: artifact
resources: Kustomization: (Name): flux.#Kustomization & {
metadata: name: Name
metadata: namespace: "default"
spec: {
interval: "5m"
timeout: "1m"
prune: true
path: ResourcesPath
sourceRef: {
kind: "GitRepository"
name: "webapp"
}
}
}
}]
}
}
```
```bash
EOF
```
## Inspecting the BuildPlan
Our customized `#ComponentConfig` results in the following `BuildPlan`.
:::note
The second artifact around line 40 contains the configured `Kustomization`
resource.
:::
<Tabs groupId="55075C71-02E8-4222-88C0-2D52C82D18FC">
<TabItem value="command" label="Command">
```bash
holos cue export --expression holos --out=yaml ./components/podinfo
```
</TabItem>
<TabItem value="output" label="Output">
```yaml showLineNumbers
kind: BuildPlan
apiVersion: v1alpha5
metadata:
name: podinfo
spec:
artifacts:
- artifact: components/podinfo/podinfo.gen.yaml
generators:
- kind: Helm
output: helm.gen.yaml
helm:
chart:
name: podinfo
version: 6.6.2
release: podinfo
repository:
name: podinfo
url: https://stefanprodan.github.io/podinfo
values:
ui:
message: Hello World
enableHooks: false
- kind: Resources
output: resources.gen.yaml
resources: {}
validators: []
transformers:
- kind: Kustomize
inputs:
- helm.gen.yaml
- resources.gen.yaml
output: components/podinfo/podinfo.gen.yaml
kustomize:
kustomization:
resources:
- helm.gen.yaml
- resources.gen.yaml
kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
- artifact: gitops/podinfo.kustomization.gen.yaml
generators:
- kind: Resources
output: gitops/podinfo.kustomization.gen.yaml
resources:
Kustomization:
podinfo:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: podinfo
namespace: default
spec:
interval: 5m
path: deploy/components/podinfo
prune: true
sourceRef:
kind: GitRepository
name: webapp
timeout: 1m
```
</TabItem>
</Tabs>
## Rendering manifests
<Tabs groupId="E150C802-7162-4FBF-82A7-77D9ADAEE847">
<TabItem value="command" label="Command">
```bash
holos render platform
```
</TabItem>
<TabItem value="output" label="Output">
```
rendered podinfo in 140.341417ms
rendered platform in 140.441333ms
```
</TabItem>
</Tabs>
## Reviewing the Kustomization
The Artifact we added to `#ComponentConfig` will produce a Flux Kustomization
resource for every component in the platform. The output in this example is
located at:
```txt
deploy/gitops/podinfo.kustomization.gen.yaml
```
```yaml showLineNumbers
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: podinfo
namespace: default
spec:
interval: 5m
path: deploy/components/podinfo
prune: true
sourceRef:
kind: GitRepository
name: webapp
timeout: 1m
```
[podinfo]: https://github.com/stefanprodan/podinfo
[CUE Module]: https://cuelang.org/docs/reference/modules/
[CUE Tags]: https://cuelang.org/docs/howto/inject-value-into-evaluation-using-tag-attribute/
[Kustomization]: https://fluxcd.io/flux/components/kustomize/kustomizations/
[Platform]: ../../api/author.md#Platform
[ComponentConfig]: ../../api/author.md#ComponentConfig
[Artifact]: ../../api/core.md#Artifact

20
doc/md/topics/kargo.mdx Normal file
View File

@@ -0,0 +1,20 @@
---
description: Kargo
slug: kargo
sidebar_position: 110
---
# Kargo
Holos pairs nicely with [Kargo], offering a holistic solution for code
promotion across stages.
Watch this space for a more detailed write up of the integration being
developed.
If you're interested in this topic, please thumbs up the [Kargo
Topic](https://github.com/holos-run/holos/issues/378) issue, or drop into
[Discord] and let us know about your use case.
[Kargo]: https://kargo.io/
[Discord]: https://discord.gg/JgDVbNpye7

65
doc/md/topics/oci-helm-charts.mdx Normal file
View File

@@ -0,0 +1,65 @@
---
description: OCI Helm Charts
slug: oci-helm-charts
sidebar_position: 710
---
# OCI Helm Charts
Holos supports OCI Helm charts. Use the following example to get started.
```bash
mkdir -p oci-helm && cd oci-helm
holos init platform v1alpha5
```
```bash
mkdir -p components/podinfo-oci
cat <<EOF > components/podinfo-oci/podinfo-oci.cue
```
```cue showLineNumbers
package holos
holos: Component.BuildPlan
Component: #Helm & {
Chart: {
name: "oci://ghcr.io/stefanprodan/charts/podinfo"
release: "podinfo"
version: "6.6.2"
}
}
```
```bash
EOF
```
Register the component with the platform.
```bash
cat <<EOF >platform/podinfo-oci.cue
```
```cue showLineNumbers
package holos
Platform: Components: podinfo: {
name: "podinfo-oci"
path: "components/podinfo-oci"
}
```
```bash
EOF
```
The OCI chart is cached in the vendor directory and rendered.
```bash
holos render platform
```
```txt
Pulled: ghcr.io/stefanprodan/charts/podinfo:6.6.2
Digest: sha256:83295d47de6d6ca634ed4b952a7572fc176bcc38854d0c11ca0fa197bc5f1154
rendered podinfo-oci in 7.21581325s
rendered platform in 7.216199167s
```

183
doc/md/topics/private-helm.mdx Normal file
View File

@@ -0,0 +1,183 @@
---
description: Private Helm Repositories
slug: private-helm
sidebar_position: 700
---
# Private Helm
Holos supports private Helm repositories accessed with http basic authentication
since `v0.101.4`. Use the following command to update your author and core
schemas to support this configuration.
```bash
holos init platform v1alpha5 --force
```
## Configuration
Holos uses the Helm SDK and defers to it for authentication to private
repositories. Each Helm Generator supports providing http basic authentication
credentials from environment variables.
For example, the following BuildPlan causes `holos` to get the admin username
password from the `HOLOS_TEST_PASS` environment variable.
```bash
mkdir -p projects/holos/components/private-chart
cat <<EOF > projects/holos/components/private-chart/private-chart.cue
```
```cue showLineNumbers
package holos
holos: Component.BuildPlan
// Test holos can access a private repository with basic auth.
// https://github.com/holos-run/holos/issues/370
Component: #Helm & {
Chart: {
name: "mychart"
version: "0.1.0"
repository: {
name: "holos-test"
url: "https://charts.holos.localhost"
// auth: username: fromEnv: "HOLOS_TEST_USER"
auth: username: value: "admin"
auth: password: fromEnv: "HOLOS_TEST_PASS"
}
}
}
```
```bash
EOF
```
## Verification
Verify `holos` can access a private Helm repository by setting [ChartMuseum] up
on a [Local Cluster]. We'll use https with basic auth to authenticate to the
chart repository.
Using the [bank of holos] repository, deploy chart museum:
```bash
holos render platform -t ChartMuseum
```
Apply the manifests:
```bash
kubectl apply --server-side=true -f deploy/clusters/workload/projects/holos/components/chart-museum
kubectl apply --server-side=true -f deploy/clusters/workload/projects/network/components/httproutes
```
Get the admin password:
```bash
kubectl get secret -n holos chartmuseum-auth -o json \
| jq --exit-status -r '.data.password | @base64d'
```
Add a local repo:
```bash
helm repo add holos-test https://charts.holos.localhost --username admin
```
```txt
Password:
"holos-test" has been added to your repositories
```
:::note
Helm by default stores this password in `~/Library/Preferences/helm/repositories.yaml`
:::
Create a chart:
```bash
helm create mychart
```
```txt
Creating mychart
```
Package it up.
```bash
helm package mychart
```
```txt
Successfully packaged chart and saved it to: mychart-0.1.0.tgz
```
Publish it.
```bash
curl --user "admin:$(pbpaste)" --data-binary "@mychart-0.1.0.tgz" https://charts.holos.localhost/api/charts
```
```json
{"saved":true}
```
Remove all cached charts:
```bash
find . -name vendor | xargs rm -rf
```
Render the chart:
```bash
cat <<EOF > test-private-repo.cue
```
```cue showLineNumbers
@if(TestPrivateRepo)
package holos
// Test holos can access a private repository with basic auth.
// https://github.com/holos-run/holos/issues/370
Projects: holos: #ProjectBuilder & {
team: "holos-authors"
namespaces: holos: _
_components: "private-chart": _
}
```
```bash
EOF
```
```
time holos render platform -t TestPrivateRepo
```
Check the chart was pulled and cached:
```shell
tree ./projects/holos/components/private-chart/vendor
```
```txt
./projects/holos/components/private-chart/vendor
└── 0.1.0
├── mychart
│   ├── Chart.yaml
│   ├── mychart-0.1.0.tgz
│   ├── templates
│   │   ├── NOTES.txt
│   │   ├── _helpers.tpl
│   │   ├── deployment.yaml
│   │   ├── hpa.yaml
│   │   ├── ingress.yaml
│   │   ├── service.yaml
│   │   ├── serviceaccount.yaml
│   │   └── tests
│   │   └── test-connection.yaml
│   └── values.yaml
└── mychart-0.1.0.tgz
6 directories, 11 files
```
[Local Cluster]: ./local-cluster.mdx
[ChartMuseum]: https://chartmuseum.com/docs/
[bank of holos]: https://github.com/holos-run/bank-of-holos

38
doc/md/topics/structures/environments.mdx
View File

@@ -45,7 +45,40 @@ holos init platform v1alpha5
### Using an example Component
<CommonComponent />
Create a directory for the example `podinfo` component we'll use to render
platform manifests.
```bash
mkdir -p components/podinfo
```
Create the CUE configuration for the example `podinfo` component.
```bash
cat <<EOF >components/podinfo/podinfo.cue
```
```cue showLineNumbers
package holos
holos: Component.BuildPlan
Component: #Helm & {
Chart: {
name: "podinfo"
version: "6.6.2"
repository: {
name: "podinfo"
url: "https://stefanprodan.github.io/podinfo"
}
}
Values: ui: {
message: string | *"Hello World" @tag(message, type=string)
}
}
```
```bash
EOF
```
We'll integrate the component with the platform after we define the
configuration structures.
@@ -277,6 +310,9 @@ let ProdPodinfo = {
parameters: EnvironmentName: "prod-\(_city)"
}
```
```
EOF
```
### Using the environment

11
doc/md/tutorial/helm-values.mdx
View File

@@ -7,6 +7,7 @@ sidebar_position: 40
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import YouTube from '@site/src/components/YouTube';
<head>
<meta property="og:title" content="Helm Values | Holos" />
@@ -28,6 +29,16 @@ In this tutorial, we'll manage the [prometheus] and [blackbox] Helm charts. By
default, the upstream `values.yaml` files are misconfigured, causing Prometheus
to connect to Blackbox at the wrong host and port.
## The Video
The video below enhances this tutorial by offering greater detail on the issue
of poorly integrated Helm charts and the solution we've provided. If you're
looking for a deeper explanation of the code being presented, this video is a great
resource.
{/* cspell:disable-next-line */}
<YouTube id="PSdceGlhHGo"/>
## The Code
### Generating the structure

10
doc/md/tutorial/overview.mdx
View File

@@ -6,6 +6,7 @@ sidebar_position: 10
---
import RenderingOverview from '@site/src/diagrams/rendering-overview.mdx';
import YouTube from '@site/src/components/YouTube';
# Tutorial
@@ -26,6 +27,15 @@ Key components:
{/* TODO: Replace this with the Advantages diagram we talked about. */}
## Video
The video below offers a basic overview of Holos by walking you through the
tooling gap at the Kubernetes integration layer and demonstrating how to
integrate multiple Helm charts using data from CUE.
{/* cspell:disable-next-line */}
<YouTube id="PSdceGlhHGo"/>
## Holos' role in your organization
Platform engineers use Holos to generate Kubernetes manifests, both locally and

15
doc/md/tutorial/setup.mdx
View File

@@ -38,8 +38,23 @@ go install github.com/holos-run/holos/cmd/holos@latest
### Completion
:::tip
Completion is automatically enabled if [brew shell
completion](https://docs.brew.sh/Shell-Completion) is also enabled.
:::
<Tabs groupId="65F79D28-2E57-4A90-8EBA-3D8758C80233">
<TabItem value="zsh" label="zsh">
Add the following to `~/.zshrc` if not already present to initialize zsh completion.
```bash
autoload -Uz compinit
compinit
```
Then load holos completion after zsh completion has been initialized.
```bash
source <(holos completion zsh)
```

23
doc/md/tutorial/validators.mdx
View File

@@ -135,11 +135,19 @@ package policy
import apps "k8s.io/api/apps/v1"
// Organize by kind then name to avoid conflicts.
kind: [KIND=string]: [NAME=string]: {...}
// Useful when one component manages the same resource kind and name across
// multiple namespaces.
let KIND = kind
namespace: [NS=string]: KIND
// Block Secret resources. kind will not unify with "Secret"
secret: kind: "Use an ExternalSecret instead. Forbidden by security policy."
kind: secret: [NAME=string]: kind: "Use an ExternalSecret instead. Forbidden by security policy. secret/\(NAME)"
// Validate Deployment against Kubernetes type definitions.
deployment: apps.#Deployment
kind: deployment: [_]: apps.#Deployment
```
```shell
EOF
@@ -160,7 +168,16 @@ package holos
#ComponentConfig: Validators: cue: {
kind: "Command"
// Note --path maps each resource to a top level field named by the kind.
command: args: ["holos", "cue", "vet", "./policy", "--path", "strings.ToLower(kind)"]
command: args: [
"holos",
"cue",
"vet",
"./policy",
"--path=\"namespace\"",
"--path=metadata.namespace",
"--path=strings.ToLower(kind)",
"--path=metadata.name",
]
}
```
```shell

35
doc/website/blog/2024-11-25-validators.mdx Normal file
View File

@@ -0,0 +1,35 @@
---
slug: validators-feature
title: Validators added in Holos v0.101.0
authors: [jeff]
tags: [holos, feature]
image: /img/cards/validators.png
description: Validators are useful to enforce policy and catch Helm errors.
---
import RenderingOverview from '@site/src/diagrams/rendering-overview.mdx';
import RenderPlatformDiagram from '@site/src/diagrams/render-platform-sequence.mdx';
We've added support for [Validators] in [v0.101.0]. Validators are useful to
enforce policies and ensure consistency early in the process. This feature
addresses two primary use cases:
1. Prevent insecure configuration early in the process. For example, prevent
Helm from rendering a `Secret` which would otherwise be committed to version control.
2. Prevent unsafe configuration by validating manifests against Kubernetes core
and custom resource type definitions.
Check out the [Validators] tutorial for examples of both use cases.
[Validators]: https://holos.run/docs/v1alpha5/tutorial/validators/
[v0.101.0]: https://github.com/holos-run/holos/releases/tag/v0.101.0
{/* truncate */}
<RenderingOverview />
Validators complete the core functionality of the Holos manifest rendering
pipeline. We are seeking design partners to help enhance Generators and
Transformers. Validators are implemented using a generic `Command` kind, and
we're considering a similar kind for Generators and Transformers. Please
connect with us if you'd like to help design these enhancements.

16
doc/website/src/components/YouTube/index.tsx Normal file
View File

@@ -0,0 +1,16 @@
import styles from './styles.module.css';
//Pulled from: https://gaudion.dev/blog/mdx-youtube-embed
//components/mdx/YouTube.tsx
export default function YouTube({ id }: { id: string }) {
return (
<div className={styles.videoWrapper}>
<iframe
className="aspect-video w-full"
src={"https://www.youtube.com/embed/" + id + "?rel=0"}
title="YouTube Video Player"
allow="picture-in-picture; fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope;"
></iframe>
</div>
);
};

14
doc/website/src/components/YouTube/styles.module.css Normal file
View File

@@ -0,0 +1,14 @@
.videoWrapper {
position: relative;
padding-bottom: 56.25%; /* 16:9 */
height: 0;
overflow: hidden;
}
.videoWrapper iframe {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
}

32
doc/website/static/_redirects
View File

@@ -1,10 +1,22 @@
/docs /docs/v1alpha5/ 301
/docs/ /docs/v1alpha5/ 301
/docs/tutorial /docs/v1alpha5/tutorial/ 301
/docs/tutorial/ /docs/v1alpha5/tutorial/ 301
/docs/overview /docs/v1alpha5/tutorial/overview/ 301
/docs/overview/ /docs/v1alpha5/tutorial/overview/ 301
/docs/topics /docs/v1alpha5/topics/structures/ 301
/docs/topics/ /docs/v1alpha5/topics/structures/ 301
/docs/setup /docs/v1alpha5/tutorial/setup/ 301
/docs/setup/ /docs/v1alpha5/tutorial/setup/ 301
/docs /docs/v1alpha5/ 301
/docs/ /docs/v1alpha5/ 301
/docs/tutorial /docs/v1alpha5/tutorial/overview/ 301
/docs/tutorial/ /docs/v1alpha5/tutorial/overview/ 301
/docs/quickstart /docs/v1alpha5/tutorial/overview/ 301
/docs/quickstart/ /docs/v1alpha5/tutorial/overview/ 301
/docs/overview /docs/v1alpha5/tutorial/overview/ 301
/docs/overview/ /docs/v1alpha5/tutorial/overview/ 301
/docs/topics /docs/v1alpha5/topics/ 301
/docs/topics/ /docs/v1alpha5/topics/ 301
/docs/setup /docs/v1alpha5/tutorial/setup/ 301
/docs/setup/ /docs/v1alpha5/tutorial/setup/ 301
/docs/local-cluster /docs/v1alpha5/topics/local-cluster/ 301
/docs/local-cluster/ /docs/v1alpha5/topics/local-cluster/ 301
/docs/guides/helm /docs/v1alpha5/tutorial/helm-values/ 301
/docs/guides/helm/ /docs/v1alpha5/tutorial/helm-values/ 301
/docs/kargo /docs/v1alpha5/topics/kargo/ 301
/docs/kargo/ /docs/v1alpha5/topics/kargo/ 301
/docs/comparison /docs/v1alpha5/topics/comparison/ 301
/docs/comparison/ /docs/v1alpha5/topics/comparison/ 301
/docs/support /docs/v1alpha5/tutorial/overview/#getting-help 301
/docs/support/ /docs/v1alpha5/tutorial/overview/#getting-help 301

BIN
doc/website/static/img/cards/validators.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 98 KiB

127
go.mod
View File

@@ -10,7 +10,7 @@ require (
connectrpc.com/grpcreflect v1.2.0
connectrpc.com/otelconnect v0.7.0
connectrpc.com/validate v0.1.0
cuelang.org/go v0.10.1
cuelang.org/go v0.11.1
entgo.io/ent v0.13.1
github.com/bufbuild/buf v1.35.1
github.com/choria-io/machine-room v0.0.0-20240417064836-c604da2f005e
@@ -27,23 +27,24 @@ require (
github.com/mennanov/fieldmask-utils v1.1.2
github.com/olekukonko/tablewriter v0.0.5
github.com/princjef/gomarkdoc v1.1.0
github.com/prometheus/client_golang v1.19.0
github.com/prometheus/client_golang v1.19.1
github.com/rogpeppe/go-internal v1.13.1
github.com/sethvargo/go-retry v0.2.4
github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.9.0
golang.org/x/net v0.28.0
golang.org/x/net v0.30.0
golang.org/x/sync v0.8.0
golang.org/x/tools v0.24.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4
golang.org/x/tools v0.26.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094
google.golang.org/protobuf v1.34.2
gopkg.in/yaml.v3 v3.0.1
helm.sh/helm/v3 v3.16.3
honnef.co/go/tools v0.4.7
k8s.io/api v0.29.2
k8s.io/apimachinery v0.29.4
k8s.io/client-go v0.29.2
k8s.io/kubectl v0.29.2
k8s.io/api v0.31.1
k8s.io/apimachinery v0.31.1
k8s.io/client-go v0.31.1
k8s.io/kubectl v0.31.1
modernc.org/sqlite v1.29.6
sigs.k8s.io/yaml v1.4.0
)
@@ -52,9 +53,11 @@ require (
ariga.io/atlas v0.19.1-0.20240203083654-5948b60a8e43 // indirect
buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240610164129-660609bc46d3.1 // indirect
buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.2-20240610164129-660609bc46d3.2 // indirect
cel.dev/expr v0.15.0 // indirect
cloud.google.com/go/compute/metadata v0.3.0 // indirect
cuelabs.dev/go/oci/ociregistry v0.0.0-20240807094312-a32ad29eed79 // indirect
dario.cat/mergo v1.0.0 // indirect
cuelabs.dev/go/oci/ociregistry v0.0.0-20240906074133-82eb438dd565 // indirect
dario.cat/mergo v1.0.1 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AlecAivazis/survey/v2 v2.3.7 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
@@ -68,11 +71,13 @@ require (
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
github.com/Freman/eventloghook v0.0.0-20191003051739-e4d803b6b48b // indirect
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver v1.5.0 // indirect
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Masterminds/semver/v3 v3.3.0 // indirect
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
github.com/Masterminds/squirrel v1.5.4 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
github.com/VividCortex/ewma v1.2.0 // indirect
@@ -107,6 +112,7 @@ require (
github.com/bufbuild/protoyaml-go v0.1.9 // indirect
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/cheekybits/genny v1.0.0 // indirect
github.com/cheggaaa/pb/v3 v3.0.8 // indirect
github.com/choria-io/fisk v0.6.2 // indirect
@@ -117,11 +123,15 @@ require (
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
github.com/cloudevents/sdk-go/v2 v2.15.2 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 // indirect
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b // indirect
github.com/cockroachdb/apd/v3 v3.2.1 // indirect
github.com/containerd/containerd v1.7.23 // indirect
github.com/containerd/errdefs v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/cyphar/filepath-securejoin v0.3.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/reference v0.6.0 // indirect
@@ -130,6 +140,7 @@ require (
github.com/docker/docker v27.0.0+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.2 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
@@ -138,18 +149,22 @@ require (
github.com/emirpasic/gods v1.18.1 // indirect
github.com/envoyproxy/go-control-plane v0.12.0 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
github.com/evanphx/json-patch v5.7.0+incompatible // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/expr-lang/expr v1.16.4 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/felixge/fgprof v0.9.4 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-chi/chi/v5 v5.0.14 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-git/go-git/v5 v5.11.0 // indirect
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
github.com/go-ini/ini v1.67.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.1 // indirect
github.com/go-logr/logr v1.4.2 // indirect
@@ -166,7 +181,7 @@ require (
github.com/go-openapi/strfmt v0.22.0 // indirect
github.com/go-openapi/swag v0.22.9 // indirect
github.com/go-openapi/validate v0.22.4 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gofrs/uuid/v5 v5.2.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
@@ -174,6 +189,7 @@ require (
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.0.1 // indirect
github.com/google/cel-go v0.20.1 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-cmp v0.6.0 // indirect
@@ -185,18 +201,22 @@ require (
github.com/google/uuid v1.6.0 // indirect
github.com/google/wire v0.5.0 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/goss-org/GOnetstat v0.0.0-20230101144325-22be0bd9e64d // indirect
github.com/goss-org/go-ps v0.0.0-20230609005227-7b318e6a56e5 // indirect
github.com/goss-org/goss v0.4.6 // indirect
github.com/gosuri/uilive v0.0.4 // indirect
github.com/gosuri/uiprogress v0.0.1 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect
github.com/gosuri/uitable v0.0.4 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
github.com/guptarohit/asciigraph v0.7.1 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/hashicorp/hcl/v2 v2.13.0 // indirect
github.com/hashicorp/logutils v1.0.0 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/int128/listener v1.1.0 // indirect
@@ -209,14 +229,18 @@ require (
github.com/jdx/go-netrc v1.0.0 // indirect
github.com/jhump/protoreflect v1.16.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jmoiron/sqlx v1.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.17.9 // indirect
github.com/klauspost/pgzip v1.2.6 // indirect
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/logrusorgru/aurora/v4 v4.0.0 // indirect
github.com/looplab/fsm v1.0.1 // indirect
github.com/lufia/plan9stats v0.0.0-20240408141607-282e7b5d6b74 // indirect
@@ -233,12 +257,16 @@ require (
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/spdystream v0.4.0 // indirect
github.com/moby/sys/mountinfo v0.7.1 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/nats-io/jsm.go v0.1.1 // indirect
github.com/nats-io/jwt/v2 v2.5.5 // indirect
github.com/nats-io/nats-server/v2 v2.10.14 // indirect
@@ -249,14 +277,15 @@ require (
github.com/nxadm/tail v1.4.11 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oleiade/reflections v1.0.1 // indirect
github.com/onsi/ginkgo/v2 v2.17.1 // indirect
github.com/onsi/gomega v1.32.0 // indirect
github.com/onsi/ginkgo/v2 v2.19.0 // indirect
github.com/onsi/gomega v1.33.1 // indirect
github.com/open-policy-agent/opa v0.63.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
github.com/pkg/errors v0.9.1 // indirect
@@ -266,14 +295,15 @@ require (
github.com/princjef/mageutil v1.0.0 // indirect
github.com/princjef/termdiff v0.1.0 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.52.3 // indirect
github.com/prometheus/procfs v0.13.0 // indirect
github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf // indirect
github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/protocolbuffers/txtpbfmt v0.0.0-20240823084532-8e6b51fa9bef // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/rs/cors v1.11.0 // indirect
github.com/rubenv/sql-migrate v1.7.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@@ -292,7 +322,7 @@ require (
github.com/skeema/knownhosts v1.2.1 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/spf13/viper v1.18.2 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/stretchr/objx v0.5.2 // indirect
@@ -307,45 +337,53 @@ require (
github.com/tklauser/numcpus v0.7.0 // indirect
github.com/vbatts/tar-split v0.11.5 // indirect
github.com/x-cray/logrus-prefixed-formatter v0.5.2 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xlab/tablewriter v0.0.0-20160610135559-80b567a11ad5 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
github.com/yashtewari/glob-intersection v0.2.0 // indirect
github.com/yuin/goldmark v1.7.4 // indirect
github.com/yusufpapurcu/wmi v1.2.4 // indirect
github.com/zclconf/go-cty v1.8.0 // indirect
go.mongodb.org/mongo-driver v1.13.1 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
go.opentelemetry.io/otel v1.25.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0 // indirect
go.opentelemetry.io/otel/metric v1.25.0 // indirect
go.opentelemetry.io/otel/sdk v1.25.0 // indirect
go.opentelemetry.io/otel/trace v1.25.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/otel v1.28.0 // indirect
go.opentelemetry.io/otel/metric v1.28.0 // indirect
go.opentelemetry.io/otel/sdk v1.28.0 // indirect
go.opentelemetry.io/otel/trace v1.28.0 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
go.uber.org/atomic v1.11.0 // indirect
go.uber.org/automaxprocs v1.5.3 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
golang.org/x/mod v0.20.0 // indirect
golang.org/x/oauth2 v0.22.0 // indirect
golang.org/x/sys v0.23.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/mod v0.21.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/time v0.5.0 // indirect
google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect
google.golang.org/grpc v1.64.0 // indirect
google.golang.org/grpc v1.65.0 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 // indirect
k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
k8s.io/apiextensions-apiserver v0.31.1 // indirect
k8s.io/apiserver v0.31.1 // indirect
k8s.io/cli-runtime v0.31.1 // indirect
k8s.io/component-base v0.31.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
modernc.org/libc v1.41.0 // indirect
modernc.org/mathutil v1.6.0 // indirect
@@ -353,7 +391,10 @@ require (
modernc.org/strutil v1.2.0 // indirect
modernc.org/token v1.1.0 // indirect
mvdan.cc/xurls/v2 v2.2.0 // indirect
oras.land/oras-go v1.2.5 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kind v0.23.0 // indirect
sigs.k8s.io/kustomize/api v0.17.2 // indirect
sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)

365
go.sum
View File

@@ -6,6 +6,8 @@ buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240610164129-660609bc
buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240610164129-660609bc46d3.1/go.mod h1:4ptL49VoWyYwajT6j4zu5vmQ/k/om4tGMB9atY2FhEo=
buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.2-20240610164129-660609bc46d3.2 h1:y1+UxFIWzj/eF2RCPqt9egR7Rt9vgQkXNUzSdmR6iEU=
buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.2-20240610164129-660609bc46d3.2/go.mod h1:psseUmlKRo9v5LZJtR/aTpdTLuyp9o3X7rnLT87SZEo=
cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w=
cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -48,15 +50,19 @@ connectrpc.com/otelconnect v0.7.0 h1:ZH55ZZtcJOTKWWLy3qmL4Pam4RzRWBJFOqTPyAqCXkY
connectrpc.com/otelconnect v0.7.0/go.mod h1:Bt2ivBymHZHqxvo4HkJ0EwHuUzQN6k2l0oH+mp/8nwc=
connectrpc.com/validate v0.1.0 h1:r55jirxMK7HO/xZwVHj3w2XkVFarsUM77ZDy367NtH4=
connectrpc.com/validate v0.1.0/go.mod h1:GU47c9/x/gd+u9wRSPkrQOP46gx2rMN+Wo37EHgI3Ow=
cuelabs.dev/go/oci/ociregistry v0.0.0-20240807094312-a32ad29eed79 h1:EceZITBGET3qHneD5xowSTY/YHbNybvMWGh62K2fG/M=
cuelabs.dev/go/oci/ociregistry v0.0.0-20240807094312-a32ad29eed79/go.mod h1:5A4xfTzHTXfeVJBU6RAUf+QrlfTCW+017q/QiW+sMLg=
cuelang.org/go v0.10.1 h1:vDRRsd/5CICzisZ/13kBmXt3M+9eDl/pI06rrHyhlgA=
cuelang.org/go v0.10.1/go.mod h1:HzlaqqqInHNiqE6slTP6+UtxT9hN6DAzgJgdbNxXvX8=
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
cuelabs.dev/go/oci/ociregistry v0.0.0-20240906074133-82eb438dd565 h1:R5wwEcbEZSBmeyg91MJZTxfd7WpBo2jPof3AYjRbxwY=
cuelabs.dev/go/oci/ociregistry v0.0.0-20240906074133-82eb438dd565/go.mod h1:5A4xfTzHTXfeVJBU6RAUf+QrlfTCW+017q/QiW+sMLg=
cuelang.org/go v0.11.1 h1:pV+49MX1mmvDm8Qh3Za3M786cty8VKPWzQ1Ho4gZRP0=
cuelang.org/go v0.11.1/go.mod h1:PBY6XvPUswPPJ2inpvUozP9mebDVTXaeehQikhZPBz0=
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
entgo.io/ent v0.13.1 h1:uD8QwN1h6SNphdCCzmkMN3feSUzNnVvV/WIkHKMbzOE=
entgo.io/ent v0.13.1/go.mod h1:qCEmo+biw3ccBn9OyL4ZK5dfpwg++l1Gxwac5B1206A=
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
@@ -90,28 +96,35 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
github.com/Freman/eventloghook v0.0.0-20191003051739-e4d803b6b48b h1:IltY1fRcdIshI/c8KOdmaO8P4lBwDXHJYPymMisvvDs=
github.com/Freman/eventloghook v0.0.0-20191003051739-e4d803b6b48b/go.mod h1:VGwG8f2pQ8SAFjTSH3PEDmLdlvi0XTd7a4C4AZn+pVw=
github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
@@ -121,6 +134,8 @@ github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tj
github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
@@ -168,12 +183,16 @@ github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f h1:Z0kS9pJDQgCg3u2lH6+CdYaFbyQtyukVTiUCG6re0E4=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f/go.mod h1:rAE739ssmE5O5fLuQ2y8uHdmOJaelE5I0Es3SxV0y1A=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/brutella/hc v1.2.5 h1:P1tHqJtrGngob6Lv5E7RVGlLcdo54X/03Gseo5+soVw=
github.com/brutella/hc v1.2.5/go.mod h1:kluioDmG4z8OweN0boeTf08696sH8odlhPDdq3gwuZw=
github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
github.com/bufbuild/buf v1.35.1 h1:aiCi/YFOg7eXKZeveWb2ZhnmLFwUMM/FnDCM0roFp+M=
github.com/bufbuild/buf v1.35.1/go.mod h1:SM7b5QW3FkQPNkkqIa/9UWzLOoe51la+GGZpEgH9b68=
github.com/bufbuild/protocompile v0.14.0 h1:z3DW4IvXE5G/uTOnSQn+qwQQxvhckkTWLS/0No/o7KU=
@@ -184,6 +203,12 @@ github.com/bufbuild/protovalidate-go v0.6.2 h1:U/V3CGF0kPlR12v41rjO4DrYZtLcS4ZON
github.com/bufbuild/protovalidate-go v0.6.2/go.mod h1:4BR3rKEJiUiTy+sqsusFn2ladOf0kYmA2Reo6BHSBgQ=
github.com/bufbuild/protoyaml-go v0.1.9 h1:anV5UtF1Mlvkkgp4NWA6U/zOnJFng8Orq4Vf3ZUQHBU=
github.com/bufbuild/protoyaml-go v0.1.9/go.mod h1:KCBItkvZOK/zwGueLdH1Wx1RLyFn5rCH7YjQrdty2Wc=
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q=
@@ -197,6 +222,8 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
github.com/cheggaaa/pb v2.0.7+incompatible/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
@@ -238,12 +265,22 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP
github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 h1:DBmgJDC9dTfkVyGgipamEh2BpGYxScCH1TOF1LL1cXc=
github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM=
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw=
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=
github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
@@ -254,8 +291,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8=
github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -269,6 +306,8 @@ github.com/dgryski/trifles v0.0.0-20220729183022-231ecf6ed548 h1:acdRTG6Vp8kMaN3
github.com/dgryski/trifles v0.0.0-20220729183022-231ecf6ed548/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
@@ -281,8 +320,14 @@ github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZ
github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 h1:PRxIJD8XjimM5aTknUK9w6DHLDox2r2M3DI4i2pnd3w=
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936/go.mod h1:ttYvX5qlB+mlV1okblJqcSMtR4c52UKxDiX9GRBS8+Q=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
@@ -305,10 +350,12 @@ github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/Ir
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
github.com/expr-lang/expr v1.16.4 h1:1Mq5RHw5T5jxXMUvyb+eT546mJREm1yFyNHkybYQ81c=
github.com/expr-lang/expr v1.16.4/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -334,12 +381,16 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fullstorydev/grpcurl v1.9.1 h1:YxX1aCcCc4SDBQfj9uoWcTLe8t4NWrZe1y+mk83BQgo=
github.com/fullstorydev/grpcurl v1.9.1/go.mod h1:i8gKLIC6s93WdU3LSmkE5vtsCxyRmihUj5FK1cNW5EM=
github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
github.com/go-chi/chi/v5 v5.0.14 h1:PyEwo2Vudraa0x/Wl6eDRRW2NXBvekgfxyydcM0WGE0=
github.com/go-chi/chi/v5 v5.0.14/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
@@ -351,14 +402,18 @@ github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lK
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -390,9 +445,12 @@ github.com/go-openapi/validate v0.22.4 h1:5v3jmMyIPKTR8Lv9syBAIRxG6lY0RqeBPB1LKE
github.com/go-openapi/validate v0.22.4/go.mod h1:qm6O8ZIcPVdSY5219468Jv7kBdGvkiZLPOmqnqTUZ2A=
github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -406,6 +464,7 @@ github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1
github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gofrs/uuid/v5 v5.2.0 h1:qw1GMx6/y8vhVsx626ImfKMuS5CvJmhIKKtuyvfajMM=
github.com/gofrs/uuid/v5 v5.2.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
@@ -415,8 +474,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w
github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4=
github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -452,8 +511,12 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k=
github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
github.com/google/flatbuffers v23.3.3+incompatible h1:5PJI/WbJkaMTvpGxsHVKG/LurN/KnWXNyGpwSCDgen0=
@@ -500,7 +563,6 @@ github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -508,8 +570,12 @@ github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8=
github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/goss-org/GOnetstat v0.0.0-20230101144325-22be0bd9e64d h1:50mlZKtg8BUvBtFs0ioVpSgMMwcKaJefg/2pZ+lQf98=
github.com/goss-org/GOnetstat v0.0.0-20230101144325-22be0bd9e64d/go.mod h1:MBdRlloGIbpQVDuH5Gxg3hjqwZBCZsmFqbYPaeR6r0M=
github.com/goss-org/go-ps v0.0.0-20230609005227-7b318e6a56e5 h1:NW0Jo4leMIrQxNOyOkBu4yBnygI37m0Ey0EUUgvzr+8=
@@ -520,13 +586,25 @@ github.com/gosuri/uilive v0.0.4 h1:hUEBpQDj8D8jXgtCdBu7sWsy5sbW/5GhuO8KBwJ2jyY=
github.com/gosuri/uilive v0.0.4/go.mod h1:V/epo5LjjlDE5RJUcqx8dbw+zc93y5Ya3yg8tfZ74VI=
github.com/gosuri/uiprogress v0.0.1 h1:0kpv/XY/qTmFWl/SkaJykZXrBBzwwadmW8fRb7RJSxw=
github.com/gosuri/uiprogress v0.0.1/go.mod h1:C1RTYn4Sc7iEyf6j8ft5dyoZ4212h8G1ol9QQluh5+0=
github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
github.com/guptarohit/asciigraph v0.7.1 h1:K+JWbRc04XEfv8BSZgNuvhCmpbvX4+9NYd/UxXVnAuk=
github.com/guptarohit/asciigraph v0.7.1/go.mod h1:dYl5wwK4gNsnFf9Zp+l06rFiDZ5YtXM6x7SRWZ3KGag=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=
@@ -539,14 +617,12 @@ github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4Dvx
github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02 h1:AgcIVYPa6XJnU3phs104wLj8l5GEththEw6+F79YsIY=
github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -580,12 +656,17 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -597,6 +678,8 @@ github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2
github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -607,11 +690,17 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s=
github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491/go.mod h1:o158RFmdEbYyIZmXAbrvmJWesbyxlLKee6X64VPVuOc=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lmittmann/tint v1.0.4 h1:LeYihpJ9hyGvE0w+K2okPTGUdVLfng1+nDNVR4vWISc=
github.com/lmittmann/tint v1.0.4/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE=
github.com/logrusorgru/aurora/v4 v4.0.0 h1:sRjfPpun/63iADiSvGGjgA1cAYegEWMPCJdUpJYn9JA=
@@ -647,6 +736,7 @@ github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZ
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mennanov/fieldmask-utils v1.1.2 h1:f5hd3hYeWdl+q2thiKYyZZmqTqn90uayWG03bca9U+E=
github.com/mennanov/fieldmask-utils v1.1.2/go.mod h1:xRqd9Fjz/gFEDYCQw7pxGouxqLhSPrkOdx2yhEAXEls=
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
@@ -658,7 +748,6 @@ github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g=
github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
@@ -667,25 +756,37 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/nats-io/jsm.go v0.1.1 h1:6vjllz276SdC+3Fb3XI71p9B6toxkCruuB1K6unQEr0=
github.com/nats-io/jsm.go v0.1.1/go.mod h1:cFz5wR1pW0zLFotntS4HA7V8Wm+sf8zpF+iQJHbsS6M=
github.com/nats-io/jwt/v2 v2.5.5 h1:ROfXb50elFq5c9+1ztaUbdlrArNFl2+fQWP6B8HGEq4=
@@ -715,14 +816,14 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw=
github.com/open-policy-agent/opa v0.63.0/go.mod h1:9VQPqEfoB2N//AToTxzZ1pVTVPUoF2Mhd64szzjWPpU=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -734,13 +835,18 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -752,6 +858,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/princjef/gomarkdoc v1.1.0 h1:xtl7mESKQWVuGiFdd1AO3dFA6OenWG86bZu97IqBNPE=
@@ -760,17 +868,27 @@ github.com/princjef/mageutil v1.0.0 h1:1OfZcJUMsooPqieOz2ooLjI+uHUo618pdaJsbCXcF
github.com/princjef/mageutil v1.0.0/go.mod h1:mkShhaUomCYfAoVvTKRcbAs8YSVPdtezI5j6K+VXhrs=
github.com/princjef/termdiff v0.1.0 h1:O3PWhfPFzX6GqzQ+41B3XzzJpMlx0+9Vysm+Pv76C9U=
github.com/princjef/termdiff v0.1.0/go.mod h1:JJOfCA/eR6T1JfsoxQQ6jsG3LGoQDoKUIRQrKqAO+p4=
github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA=
github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o=
github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g=
github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk=
github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/protocolbuffers/txtpbfmt v0.0.0-20240823084532-8e6b51fa9bef h1:ej+64jiny5VETZTqcc1GFVAPEtaSk6U1D0kKC2MS5Yc=
github.com/protocolbuffers/txtpbfmt v0.0.0-20240823084532-8e6b51fa9bef/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
@@ -788,6 +906,8 @@ github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI=
github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
@@ -812,7 +932,6 @@ github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFt
github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
github.com/sigstore/cosign/v2 v2.2.3 h1:WX7yawI+EXu9h7S5bZsfYCbB9XW6Jc43ctKy/NoOSiA=
@@ -821,6 +940,7 @@ github.com/sigstore/rekor v1.3.4 h1:RGIia1iOZU7fOiiP2UY/WFYhhp50S5aUm7YrM8aiA6E=
github.com/sigstore/rekor v1.3.4/go.mod h1:1GubPVO2yO+K0m0wt/3SHFqnilr/hWbsjSOe7Vzxrlg=
github.com/sigstore/sigstore v1.8.1 h1:mAVposMb14oplk2h/bayPmIVdzbq2IhCgy4g6R0ZSjo=
github.com/sigstore/sigstore v1.8.1/go.mod h1:02SL1158BSj15bZyOFz7m+/nJzLZfFd9A8ab3Kz7w/E=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -830,9 +950,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -842,6 +961,7 @@ github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMV
github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
@@ -888,17 +1008,24 @@ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+
github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
github.com/x-cray/logrus-prefixed-formatter v0.5.2 h1:00txxvfBM9muc0jiLIEAkAcIMJzfthRT6usrui8uGmg=
github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xlab/tablewriter v0.0.0-20160610135559-80b567a11ad5 h1:gmD7q6cCJfBbcuobWQe/KzLsd9Cd3amS1Mq5f3uU1qo=
github.com/xlab/tablewriter v0.0.0-20160610135559-80b567a11ad5/go.mod h1:fVwOndYN3s5IaGlMucfgxwMhqwcaJtlGejBU6zX6Yxw=
github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg=
github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok=
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
@@ -912,6 +1039,12 @@ github.com/yuin/goldmark v1.7.4 h1:BDXOHExt+A7gwPCJgPIIq7ENvceR7we7rOS9TNoLZeg=
github.com/yuin/goldmark v1.7.4/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
github.com/zclconf/go-cty v1.8.0 h1:s4AvqaeQzJIu3ndv4gVIhplVD0krU+bgrcLSVUnaWuA=
github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
@@ -923,27 +1056,29 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k=
go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0 h1:dT33yIHtmsqpixFsSQPwNeY5drM9wTcoL8h0FWF4oGM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0/go.mod h1:h95q0LBGh7hlAC08X2DhSeyIG02YQ0UyioTCVAqRPmc=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM=
go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA=
go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s=
go.opentelemetry.io/otel/sdk v1.25.0 h1:PDryEJPC8YJZQSyLY5eqLeafHtG+X7FWnf3aXMtxbqo=
go.opentelemetry.io/otel/sdk v1.25.0/go.mod h1:oFgzCM2zdsxKzz6zwpTZYLLQsFwc+K0daArPdIhuxkw=
go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
go.opentelemetry.io/otel/sdk/metric v1.19.0 h1:EJoTO5qysMsYCa+w4UghwFV/ptQgqSL/8Ni+hx+8i1k=
go.opentelemetry.io/otel/sdk/metric v1.19.0/go.mod h1:XjG0jQyFJrv2PbMvwND7LwCEhsJzCzV5210euduKcKY=
go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM=
go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I=
go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8=
@@ -954,6 +1089,7 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -963,13 +1099,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1007,11 +1142,12 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -1019,6 +1155,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1048,16 +1185,16 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1073,7 +1210,9 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1084,6 +1223,7 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1138,17 +1278,18 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1163,8 +1304,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1217,8 +1358,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1280,8 +1421,8 @@ google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/b
google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc=
google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1297,8 +1438,8 @@ google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1317,6 +1458,7 @@ google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/VividCortex/ewma.v1 v1.1.1/go.mod h1:TekXuFipeiHWiAlO1+wSS23vTcyFau5u3rxXUSXj710=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1324,6 +1466,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/cheggaaa/pb.v2 v2.0.7/go.mod h1:0CiZ1p8pvtxBlQpLXkHuUTpdJ1shm3OqCF1QugkjHL4=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/fatih/color.v1 v1.7.0/go.mod h1:P7yosIhqIl/sX8J8UypY5M+dDpD2KmyfP5IRs5v/fo0=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=
@@ -1339,6 +1483,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1352,6 +1497,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY=
helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1361,20 +1508,28 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.4.7 h1:9MDAWxMoSnB6QoSqiVr7P5mtkT9pOc1kSxchzPCnqJs=
honnef.co/go/tools v0.4.7/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0=
k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A=
k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0=
k8s.io/apimachinery v0.29.4 h1:RaFdJiDmuKs/8cm1M6Dh1Kvyh59YQFDcFuFTSmXes6Q=
k8s.io/apimachinery v0.29.4/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg=
k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA=
k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=
k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
k8s.io/kubectl v0.29.2 h1:uaDYaBhumvkwz0S2XHt36fK0v5IdNgL7HyUniwb2IUo=
k8s.io/kubectl v0.29.2/go.mod h1:BhizuYBGcKaHWyq+G7txGw2fXg576QbPrrnQdQDZgqI=
k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk=
k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U=
k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8=
k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24=
k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 h1:5D53IMaUuA5InSeMu9eJtlQXS2NxAhyWQvkKEgXZhHI=
@@ -1393,6 +1548,8 @@ modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
mvdan.cc/xurls/v2 v2.2.0 h1:NSZPykBXJFCetGZykLAxaL6SIpvbVy/UFEniIfHAa8A=
mvdan.cc/xurls/v2 v2.2.0/go.mod h1:EV1RMtya9D6G5DMYPGD8zTQzaHet6Jh8gFlRgGRJeO8=
oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
@@ -1400,6 +1557,10 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kind v0.23.0 h1:8fyDGWbWTeCcCTwA04v4Nfr45KKxbSPH1WO9K+jVrBg=
sigs.k8s.io/kind v0.23.0/go.mod h1:ZQ1iZuJLh3T+O8fzhdi3VWcFTzsdXtNv2ppsHc8JQ7s=
sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

1
internal/artifact/artifact.go
View File

@@ -20,6 +20,7 @@ var _ Store = NewStore()
type Store interface {
Get(path string) (data []byte, ok bool)
Set(path string, data []byte) error
// Save previously set path to dir preserving directories.
Save(dir, path string) error
}

71
internal/builder/instance.go
View File

@@ -5,17 +5,68 @@ import (
"encoding/json"
"fmt"
"log/slog"
"os"
"path/filepath"
"strings"
"cuelang.org/go/cue"
"cuelang.org/go/cue/cuecontext"
"cuelang.org/go/cue/interpreter/embed"
"cuelang.org/go/cue/load"
"cuelang.org/go/encoding/yaml"
"github.com/holos-run/holos/internal/errors"
"github.com/holos-run/holos/internal/holos"
"github.com/holos-run/holos/internal/util"
)
func LoadInstance(path string, tags []string) (*Instance, error) {
// ExtractYAML extracts yaml encoded data from file paths. The data is unified
// into one [cue.Value]. If a path element is a directory, all files in the
// directory are loaded non-recursively.
//
// Attribution: https://github.com/cue-lang/cue/issues/3504
func ExtractYAML(ctxt *cue.Context, filepaths []string) (cue.Value, error) {
value := ctxt.CompileString("")
files := make([]string, 0, 10*len(filepaths))
for _, path := range filepaths {
info, err := os.Stat(path)
if err != nil {
return value, errors.Wrap(err)
}
if !info.IsDir() {
files = append(files, path)
continue
}
entries, err := os.ReadDir(path)
if err != nil {
return value, errors.Wrap(err)
}
for _, entry := range entries {
if entry.IsDir() {
continue
}
files = append(files, filepath.Join(path, entry.Name()))
}
}
for _, file := range files {
f, err := yaml.Extract(file, nil)
if err != nil {
return value, errors.Wrap(err)
}
value = value.Unify(ctxt.BuildFile(f))
}
return value, nil
}
// LoadInstance loads the cue configuration instance at path. External data
// file paths are loaded by calling [ExtractYAML] providing filepaths. The
// extracted data values are unified with the platform configuration [cue.Value]
// in the returned [Instance].
func LoadInstance(path string, filepaths []string, tags []string) (*Instance, error) {
root, leaf, err := util.FindRootLeaf(path)
if err != nil {
return nil, errors.Wrap(err)
@@ -26,20 +77,26 @@ func LoadInstance(path string, tags []string) (*Instance, error) {
ModuleRoot: root,
Tags: tags,
}
ctxt := cuecontext.New(cuecontext.Interpreter(embed.New()))
ctx := cuecontext.New()
instances := load.Instances([]string{leaf}, cfg)
values, err := ctx.BuildInstances(instances)
bis := load.Instances([]string{path}, cfg)
values, err := ctxt.BuildInstances(bis)
if err != nil {
return nil, errors.Wrap(err)
}
value, err := ExtractYAML(ctxt, filepaths)
if err != nil {
return nil, errors.Wrap(err)
}
// TODO: https://cuelang.org/docs/howto/place-data-go-api/
value = value.Unify(values[0])
inst := &Instance{
path: leaf,
ctx: ctx,
ctx: ctxt,
cfg: cfg,
value: values[0],
value: value,
}
return inst, nil

5
internal/builder/platform.go
View File

@@ -15,7 +15,7 @@ import (
// PlatformOpts represents build options when processing the components in a
// platform.
type PlatformOpts struct {
Fn BuildFunc
Fn func(context.Context, int, holos.Component) error
Selector holos.Selector
Concurrency int
InfoEnabled bool
@@ -89,9 +89,6 @@ func (p *Platform) Build(ctx context.Context, opts PlatformOpts) error {
return nil
}
// BuildFunc is executed concurrently when processing platform components.
type BuildFunc func(context.Context, int, holos.Component) error
func LoadPlatform(i *Instance) (platform Platform, err error) {
err = i.Discriminate(func(tm holos.TypeMeta) error {
if tm.Kind != "Platform" {

726
internal/builder/v1alpha5/builder.go
View File

@@ -9,18 +9,19 @@ import (
"os"
"path/filepath"
"strings"
"syscall"
"sync"
"time"
"cuelang.org/go/cue"
core "github.com/holos-run/holos/api/core/v1alpha5"
"github.com/holos-run/holos/internal/artifact"
"github.com/holos-run/holos/internal/errors"
"github.com/holos-run/holos/internal/helm"
"github.com/holos-run/holos/internal/holos"
"github.com/holos-run/holos/internal/logger"
"github.com/holos-run/holos/internal/util"
"golang.org/x/sync/errgroup"
"gopkg.in/yaml.v3"
"helm.sh/helm/v3/pkg/cli"
)
// Platform represents a platform builder.
@@ -106,168 +107,113 @@ func (c *Component) Path() string {
return util.DotSlash(c.Component.Path)
}
var _ holos.BuildPlan = &BuildPlan{}
// BuildPlan represents a component builder.
type BuildPlan struct {
core.BuildPlan
Opts holos.BuildOpts
}
// Build builds a BuildPlan into Artifact files.
func (b *BuildPlan) Build(ctx context.Context) error {
name := b.BuildPlan.Metadata.Name
path := b.Opts.Path
log := logger.FromContext(ctx).With("name", name, "path", path)
msg := fmt.Sprintf("could not build %s", name)
if b.BuildPlan.Spec.Disabled {
log.WarnContext(ctx, fmt.Sprintf("%s: disabled", msg))
return nil
// ExtractYAML returns the path values for the --extract-yaml command line flag.
func (c *Component) ExtractYAML() ([]string, error) {
if c == nil {
return nil, nil
}
g, ctx := errgroup.WithContext(ctx)
// One more for the producer
g.SetLimit(b.Opts.Concurrency + 1)
// Producer.
g.Go(func() error {
for _, a := range b.BuildPlan.Spec.Artifacts {
msg := fmt.Sprintf("%s artifact %s", msg, a.Artifact)
log := log.With("artifact", a.Artifact)
if a.Skip {
log.WarnContext(ctx, fmt.Sprintf("%s: skipped field is true", msg))
continue
}
select {
case <-ctx.Done():
return ctx.Err()
default:
// https://golang.org/doc/faq#closures_and_goroutines
a := a
// Worker. Blocks if limit has been reached.
g.Go(func() error {
for _, gen := range a.Generators {
switch gen.Kind {
case "Resources":
if err := b.resources(log, gen, b.Opts.Store); err != nil {
return errors.Format("could not generate resources: %w", err)
}
case "Helm":
if err := b.helm(ctx, log, gen, b.Opts.Store); err != nil {
return errors.Format("could not generate helm: %w", err)
}
case "File":
if err := b.file(log, gen, b.Opts.Store); err != nil {
return errors.Format("could not generate file: %w", err)
}
default:
return errors.Format("%s: unsupported kind %s", msg, gen.Kind)
}
}
for _, t := range a.Transformers {
switch t.Kind {
case "Kustomize":
if err := b.kustomize(ctx, log, t, b.Opts.Store); err != nil {
return errors.Wrap(err)
}
case "Join":
s := make([][]byte, 0, len(t.Inputs))
for _, input := range t.Inputs {
if data, ok := b.Opts.Store.Get(string(input)); ok {
s = append(s, data)
} else {
return errors.Format("%s: missing %s", msg, input)
}
}
data := bytes.Join(s, []byte(t.Join.Separator))
if err := b.Opts.Store.Set(string(t.Output), data); err != nil {
return errors.Format("%s: %w", msg, err)
}
log.Debug("set artifact: " + string(t.Output))
default:
return errors.Format("%s: unsupported kind %s", msg, t.Kind)
}
}
for _, validator := range a.Validators {
switch validator.Kind {
case "Command":
if err := b.validate(ctx, log, validator, b.Opts.Store); err != nil {
return errors.Wrap(err)
}
default:
return errors.Format("%s: unsupported kind %s", msg, validator.Kind)
}
}
// Write the final artifact
if err := b.Opts.Store.Save(b.Opts.WriteTo, string(a.Artifact)); err != nil {
return errors.Format("%s: %w", msg, err)
}
log.DebugContext(ctx, "wrote "+filepath.Join(b.Opts.WriteTo, string(a.Artifact)))
return nil
})
}
instances := make([]string, 0, len(c.Component.Instances))
for _, instance := range c.Component.Instances {
if instance.Kind == "ExtractYAML" {
instances = append(instances, instance.ExtractYAML.Path)
}
return nil
})
// Wait for completion and return the first error (if any)
return g.Wait()
}
return instances, nil
}
func (b *BuildPlan) Export(idx int, encoder holos.OrderedEncoder) error {
if err := encoder.Encode(idx, &b.BuildPlan); err != nil {
return errors.Wrap(err)
var _ holos.BuildPlan = &BuildPlan{}
var _ task = generatorTask{}
var _ task = transformersTask{}
var _ task = validatorTask{}
type task interface {
id() string
run(ctx context.Context) error
}
type taskParams struct {
taskName string
buildPlanName string
opts holos.BuildOpts
}
func (t taskParams) id() string {
return fmt.Sprintf("%s:%s/%s", t.opts.Path, t.buildPlanName, t.taskName)
}
type generatorTask struct {
taskParams
generator core.Generator
wg *sync.WaitGroup
}
func (t generatorTask) run(ctx context.Context) error {
defer t.wg.Done()
msg := fmt.Sprintf("could not build %s", t.id())
switch t.generator.Kind {
case "Resources":
if err := t.resources(); err != nil {
return errors.Format("%s: could not generate resources: %w", msg, err)
}
case "Helm":
if err := t.helm(ctx); err != nil {
return errors.Format("%s: could not generate helm: %w", msg, err)
}
case "File":
if err := t.file(); err != nil {
return errors.Format("%s: could not generate file: %w", msg, err)
}
default:
return errors.Format("%s: unsupported kind %s", msg, t.generator.Kind)
}
return nil
}
func (b *BuildPlan) Load(v cue.Value) error {
return errors.Wrap(v.Decode(&b.BuildPlan))
}
func (b *BuildPlan) file(
log *slog.Logger,
g core.Generator,
store artifact.Store,
) error {
data, err := os.ReadFile(filepath.Join(string(b.Opts.Path), string(g.File.Source)))
func (t generatorTask) file() error {
data, err := os.ReadFile(filepath.Join(string(t.opts.Path), string(t.generator.File.Source)))
if err != nil {
return errors.Wrap(err)
}
if err := store.Set(string(g.Output), data); err != nil {
if err := t.opts.Store.Set(string(t.generator.Output), data); err != nil {
return errors.Wrap(err)
}
log.Debug("set artifact: " + string(g.Output))
return nil
}
func (b *BuildPlan) helm(
ctx context.Context,
log *slog.Logger,
g core.Generator,
store artifact.Store,
) error {
chartName := g.Helm.Chart.Name
log = log.With("chart", chartName)
// Unnecessary? cargo cult copied from internal/cli/render/render.go
if chartName == "" {
return errors.New("missing chart name")
func (t generatorTask) helm(ctx context.Context) error {
h := t.generator.Helm
// Cache the chart by version to pull new versions. (#273)
cacheDir := filepath.Join(string(t.opts.Path), "vendor", t.generator.Helm.Chart.Version)
cachePath := filepath.Join(cacheDir, filepath.Base(h.Chart.Name))
log := logger.FromContext(ctx)
username := h.Chart.Repository.Auth.Username.Value
if username == "" {
username = os.Getenv(h.Chart.Repository.Auth.Username.FromEnv)
}
password := h.Chart.Repository.Auth.Password.Value
if password == "" {
password = os.Getenv(h.Chart.Repository.Auth.Password.FromEnv)
}
// Cache the chart by version to pull new versions. (#273)
cacheDir := filepath.Join(string(b.Opts.Path), "vendor", g.Helm.Chart.Version)
cachePath := filepath.Join(cacheDir, filepath.Base(chartName))
if _, err := os.Stat(cachePath); os.IsNotExist(err) {
timeout, cancel := context.WithTimeout(ctx, 5*time.Minute)
defer cancel()
err := onceWithLock(log, timeout, cachePath, func() error {
return b.cacheChart(ctx, log, cacheDir, g.Helm.Chart)
})
err := func() error {
ctx, cancel := context.WithTimeout(ctx, 5*time.Minute)
defer cancel()
return onceWithLock(log, ctx, cachePath, func() error {
return errors.Wrap(helm.PullChart(
ctx,
cli.New(),
h.Chart.Name,
h.Chart.Version,
h.Chart.Repository.URL,
cacheDir,
username,
password,
))
})
}()
if err != nil {
return errors.Format("could not cache chart: %w", err)
}
@@ -280,7 +226,7 @@ func (b *BuildPlan) helm(
}
defer util.Remove(ctx, tempDir)
data, err := yaml.Marshal(g.Helm.Values)
data, err := yaml.Marshal(t.generator.Helm.Values)
if err != nil {
return errors.Format("could not marshal values: %w", err)
}
@@ -293,22 +239,22 @@ func (b *BuildPlan) helm(
// Run charts
args := []string{"template"}
if !g.Helm.EnableHooks {
if !t.generator.Helm.EnableHooks {
args = append(args, "--no-hooks")
}
for _, apiVersion := range g.Helm.APIVersions {
for _, apiVersion := range t.generator.Helm.APIVersions {
args = append(args, "--api-versions", apiVersion)
}
if kubeVersion := g.Helm.KubeVersion; kubeVersion != "" {
if kubeVersion := t.generator.Helm.KubeVersion; kubeVersion != "" {
args = append(args, "--kube-version", kubeVersion)
}
args = append(args,
"--include-crds",
"--values", valuesPath,
"--namespace", g.Helm.Namespace,
"--namespace", t.generator.Helm.Namespace,
"--kubeconfig", "/dev/null",
"--version", g.Helm.Chart.Version,
g.Helm.Chart.Release,
"--version", t.generator.Helm.Chart.Version,
t.generator.Helm.Chart.Release,
cachePath,
)
helmOut, err := util.RunCmd(ctx, "helm", args...)
@@ -325,36 +271,31 @@ func (b *BuildPlan) helm(
}
// Set the artifact
if err := store.Set(string(g.Output), helmOut.Stdout.Bytes()); err != nil {
if err := t.opts.Store.Set(string(t.generator.Output), helmOut.Stdout.Bytes()); err != nil {
return errors.Format("could not store helm output: %w", err)
}
log.Debug("set artifact: " + string(g.Output))
log.Debug("set artifact: " + string(t.generator.Output))
return nil
}
func (b *BuildPlan) resources(
log *slog.Logger,
g core.Generator,
store artifact.Store,
) error {
func (t generatorTask) resources() error {
var size int
for _, m := range g.Resources {
for _, m := range t.generator.Resources {
size += len(m)
}
list := make([]core.Resource, 0, size)
for _, m := range g.Resources {
for _, m := range t.generator.Resources {
for _, r := range m {
list = append(list, r)
}
}
msg := fmt.Sprintf(
"could not generate %s for %s path %s",
g.Output,
b.BuildPlan.Metadata.Name,
b.Opts.Path,
"could not generate %s for %s",
t.generator.Output,
t.id(),
)
buf, err := marshal(list)
@@ -362,114 +303,220 @@ func (b *BuildPlan) resources(
return errors.Format("%s: %w", msg, err)
}
if err := store.Set(string(g.Output), buf.Bytes()); err != nil {
return errors.Format("%s: %w", msg, err)
}
log.Debug("set artifact " + string(g.Output))
return nil
}
func (b *BuildPlan) validate(
ctx context.Context,
log *slog.Logger,
validator core.Validator,
store artifact.Store,
) error {
tempDir, err := os.MkdirTemp("", "holos.validate")
if err != nil {
return errors.Wrap(err)
}
defer util.Remove(ctx, tempDir)
msg := fmt.Sprintf(
"could not validate %s path %s",
b.BuildPlan.Metadata.Name,
b.Opts.Path,
)
// Write the inputs
for _, input := range validator.Inputs {
path := string(input)
if err := store.Save(tempDir, path); err != nil {
return errors.Format("%s: %w", msg, err)
}
log.DebugContext(ctx, "wrote "+filepath.Join(tempDir, path))
}
if len(validator.Command.Args) < 1 {
return errors.Format("%s: command args length must be at least 1", msg)
}
size := len(validator.Command.Args) + len(validator.Inputs)
args := make([]string, 0, size)
args = append(args, validator.Command.Args...)
for _, input := range validator.Inputs {
args = append(args, filepath.Join(tempDir, string(input)))
}
// Execute the validator
if _, err = util.RunCmdA(ctx, b.Opts.Stderr, args[0], args[1:]...); err != nil {
if err := t.opts.Store.Set(string(t.generator.Output), buf.Bytes()); err != nil {
return errors.Format("%s: %w", msg, err)
}
return nil
}
func (b *BuildPlan) kustomize(
ctx context.Context,
log *slog.Logger,
t core.Transformer,
store artifact.Store,
) error {
tempDir, err := os.MkdirTemp("", "holos.kustomize")
if err != nil {
return errors.Wrap(err)
}
defer util.Remove(ctx, tempDir)
msg := fmt.Sprintf(
"could not transform %s for %s path %s",
t.Output,
b.BuildPlan.Metadata.Name,
b.Opts.Path,
)
type transformersTask struct {
taskParams
transformers []core.Transformer
wg *sync.WaitGroup
}
// Write the kustomization
data, err := yaml.Marshal(t.Kustomize.Kustomization)
if err != nil {
return errors.Format("%s: %w", msg, err)
}
path := filepath.Join(tempDir, "kustomization.yaml")
if err := os.WriteFile(path, data, 0666); err != nil {
return errors.Format("%s: %w", msg, err)
}
log.DebugContext(ctx, "wrote "+path)
// Write the inputs
for _, input := range t.Inputs {
path := string(input)
if err := store.Save(tempDir, path); err != nil {
return errors.Format("%s: %w", msg, err)
func (t transformersTask) run(ctx context.Context) error {
defer t.wg.Done()
for idx, transformer := range t.transformers {
msg := fmt.Sprintf("could not build %s/%d", t.id(), idx)
switch transformer.Kind {
case "Kustomize":
if err := kustomize(ctx, transformer, t.taskParams); err != nil {
return errors.Wrap(err)
}
case "Join":
s := make([][]byte, 0, len(transformer.Inputs))
for _, input := range transformer.Inputs {
if data, ok := t.opts.Store.Get(string(input)); ok {
s = append(s, data)
} else {
return errors.Format("%s: missing %s", msg, input)
}
}
data := bytes.Join(s, []byte(transformer.Join.Separator))
if err := t.opts.Store.Set(string(transformer.Output), data); err != nil {
return errors.Format("%s: %w", msg, err)
}
default:
return errors.Format("%s: unsupported kind %s", msg, transformer.Kind)
}
log.DebugContext(ctx, "wrote "+filepath.Join(tempDir, path))
}
return nil
}
// Execute kustomize
r, err := util.RunCmdW(ctx, b.Opts.Stderr, "kubectl", "kustomize", tempDir)
if err != nil {
kErr := r.Stderr.String()
err = errors.Format("%s: could not run kustomize: %w", msg, err)
log.ErrorContext(ctx, fmt.Sprintf("%s: stderr:\n%s", err.Error(), kErr), "err", err, "stderr", kErr)
return err
type validatorTask struct {
taskParams
validator core.Validator
wg *sync.WaitGroup
}
func (t validatorTask) run(ctx context.Context) error {
defer t.wg.Done()
msg := fmt.Sprintf("could not validate %s", t.id())
switch kind := t.validator.Kind; kind {
case "Command":
if err := validate(ctx, t.validator, t.taskParams); err != nil {
return errors.Wrap(err)
}
default:
return errors.Format("%s: unsupported kind %s", msg, kind)
}
return nil
}
// Store the artifact
if err := store.Set(string(t.Output), r.Stdout.Bytes()); err != nil {
func worker(ctx context.Context, idx int, tasks chan task) error {
log := logger.FromContext(ctx).With("worker", idx)
for {
select {
case <-ctx.Done():
return ctx.Err()
case task, ok := <-tasks:
if !ok {
log.DebugContext(ctx, fmt.Sprintf("worker %d returning: tasks chan closed", idx))
return nil
}
log.DebugContext(ctx, fmt.Sprintf("worker %d task %s starting", idx, task.id()))
if err := task.run(ctx); err != nil {
return errors.Wrap(err)
}
log.DebugContext(ctx, fmt.Sprintf("worker %d task %s finished ok", idx, task.id()))
}
}
}
func buildArtifact(ctx context.Context, idx int, artifact core.Artifact, tasks chan task, buildPlanName string, opts holos.BuildOpts) error {
var wg sync.WaitGroup
msg := fmt.Sprintf("could not build %s artifact %s", buildPlanName, artifact.Artifact)
// Process Generators concurrently
for gid, gen := range artifact.Generators {
task := generatorTask{
taskParams: taskParams{
taskName: fmt.Sprintf("artifact/%d/generator/%d", idx, gid),
buildPlanName: buildPlanName,
opts: opts,
},
generator: gen,
wg: &wg,
}
wg.Add(1)
select {
case <-ctx.Done():
return ctx.Err()
case tasks <- task:
}
}
wg.Wait()
// Process Transformers sequentially
task := transformersTask{
taskParams: taskParams{
taskName: fmt.Sprintf("artifact/%d/transformers", idx),
buildPlanName: buildPlanName,
opts: opts,
},
transformers: artifact.Transformers,
wg: &wg,
}
wg.Add(1)
select {
case <-ctx.Done():
return ctx.Err()
case tasks <- task:
}
wg.Wait()
// Process Validators concurrently
for vid, val := range artifact.Validators {
task := validatorTask{
taskParams: taskParams{
taskName: fmt.Sprintf("artifact/%d/validator/%d", idx, vid),
buildPlanName: buildPlanName,
opts: opts,
},
validator: val,
wg: &wg,
}
wg.Add(1)
select {
case <-ctx.Done():
return ctx.Err()
case tasks <- task:
}
}
wg.Wait()
// Write the final artifact
out := string(artifact.Artifact)
if err := opts.Store.Save(opts.WriteTo, out); err != nil {
return errors.Format("%s: %w", msg, err)
}
log.Debug("set artifact " + string(t.Output))
log := logger.FromContext(ctx)
log.DebugContext(ctx, fmt.Sprintf("wrote %s", filepath.Join(opts.WriteTo, out)))
return nil
}
// BuildPlan represents a component builder.
type BuildPlan struct {
core.BuildPlan
Opts holos.BuildOpts
}
func (b *BuildPlan) Build(ctx context.Context) error {
name := b.BuildPlan.Metadata.Name
path := b.Opts.Path
log := logger.FromContext(ctx).With("name", name, "path", path)
msg := fmt.Sprintf("could not build %s", name)
if b.BuildPlan.Spec.Disabled {
log.WarnContext(ctx, fmt.Sprintf("%s: disabled", msg))
return nil
}
g, ctx := errgroup.WithContext(ctx)
tasks := make(chan task)
// Start the worker pool.
for idx := 0; idx < max(1, b.Opts.Concurrency); idx++ {
g.Go(func() error {
return worker(ctx, idx, tasks)
})
}
// Start one producer that fans out to one pipeline per artifact.
g.Go(func() error {
// Close the tasks chan when the producer returns.
defer func() {
log.DebugContext(ctx, "producer returning: closing tasks chan")
close(tasks)
}()
// Separate error group for producers.
p, ctx := errgroup.WithContext(ctx)
for idx, a := range b.BuildPlan.Spec.Artifacts {
p.Go(func() error {
return buildArtifact(ctx, idx, a, tasks, b.Metadata.Name, b.Opts)
})
}
// Wait on producers to finish.
return errors.Wrap(p.Wait())
})
// Wait on workers to finish.
return g.Wait()
}
func (b *BuildPlan) Export(idx int, encoder holos.OrderedEncoder) error {
if err := encoder.Encode(idx, &b.BuildPlan); err != nil {
return errors.Wrap(err)
}
return nil
}
func (b *BuildPlan) Load(v cue.Value) error {
return errors.Wrap(v.Decode(&b.BuildPlan))
}
func marshal(list []core.Resource) (buf bytes.Buffer, err error) {
encoder := yaml.NewEncoder(&buf)
defer encoder.Close()
@@ -482,95 +529,6 @@ func marshal(list []core.Resource) (buf bytes.Buffer, err error) {
return
}
// cacheChart stores a cached copy of Chart in the chart subdirectory of path.
//
// We assume the only method responsible for writing to chartDir is cacheChart
// itself. cacheChart runs concurrently when rendering a platform.
//
// We rely on the atomicity of moving temporary directories into place on the
// same filesystem via os.Rename. If a syscall.EEXIST error occurs during
// renaming, it indicates that the cached chart already exists, which is
// expected when this function is called concurrently.
//
// TODO(jeff): Break the dependency on v1alpha5, make it work across versions as
// a utility function.
func (b *BuildPlan) cacheChart(
ctx context.Context,
log *slog.Logger,
cacheDir string,
chart core.Chart,
) error {
// Add repositories
repo := chart.Repository
stderr := b.Opts.Stderr
if repo.URL == "" {
// repo update not needed for oci charts so this is debug instead of warn.
log.DebugContext(ctx, "skipped helm repo add and update: repo url is empty")
} else {
if _, err := util.RunCmdW(ctx, stderr, "helm", "repo", "add", repo.Name, repo.URL); err != nil {
return errors.Format("could not run helm repo add: %w", err)
}
if _, err := util.RunCmdW(ctx, stderr, "helm", "repo", "update", repo.Name); err != nil {
return errors.Format("could not run helm repo update: %w", err)
}
}
cacheTemp, err := os.MkdirTemp(cacheDir, chart.Name)
if err != nil {
return errors.Wrap(err)
}
defer util.Remove(ctx, cacheTemp)
cn := chart.Name
if chart.Repository.Name != "" {
cn = fmt.Sprintf("%s/%s", chart.Repository.Name, chart.Name)
}
helmOut, err := util.RunCmdW(ctx, stderr, "helm", "pull", "--destination", cacheTemp, "--untar=true", "--version", chart.Version, cn)
if err != nil {
stderr := helmOut.Stderr.String()
lines := strings.Split(stderr, "\n")
for _, line := range lines {
log.DebugContext(ctx, line)
if strings.HasPrefix(line, "Error:") {
err = fmt.Errorf("%s: %w", line, err)
}
}
return errors.Format("could not run helm pull: %w", err)
}
log.Debug("helm pull", "stdout", helmOut.Stdout, "stderr", helmOut.Stderr)
items, err := os.ReadDir(cacheTemp)
if err != nil {
return errors.Wrap(fmt.Errorf("could not read directory: %w", err))
}
if len(items) != 1 {
return errors.Format("want: exactly one item, have: %+v", items)
}
item := items[0]
src := filepath.Join(cacheTemp, item.Name())
dst := filepath.Join(cacheDir, chart.Name)
if err := os.Rename(src, dst); err != nil {
var linkErr *os.LinkError
if errors.As(err, &linkErr) && errors.Is(linkErr.Err, syscall.EEXIST) {
log.DebugContext(ctx, "cache already exists", "chart", chart.Name, "chart_version", chart.Version, "path", dst)
} else {
return errors.Wrap(fmt.Errorf("could not rename: %w", err))
}
} else {
log.DebugContext(ctx, fmt.Sprintf("renamed %s to %s", src, dst), "src", src, "dst", dst)
}
log.InfoContext(ctx,
fmt.Sprintf("cached %s %s", chart.Name, chart.Version),
"chart", chart.Name,
"chart_version", chart.Version,
"path", dst,
)
return nil
}
// onceWithLock obtains a filesystem lock with mkdir, then executes fn. If the
// lock is already locked, onceWithLock waits for it to be released then returns
// without calling fn.
@@ -619,3 +577,83 @@ func onceWithLock(log *slog.Logger, ctx context.Context, path string, fn func()
// Unexpected error
return errors.Wrap(err)
}
func kustomize(ctx context.Context, t core.Transformer, p taskParams) error {
tempDir, err := os.MkdirTemp("", "holos.kustomize")
if err != nil {
return errors.Wrap(err)
}
defer util.Remove(ctx, tempDir)
msg := fmt.Sprintf(
"could not transform %s for %s path %s",
t.Output,
p.buildPlanName,
p.opts.Path,
)
// Write the kustomization
data, err := yaml.Marshal(t.Kustomize.Kustomization)
if err != nil {
return errors.Format("%s: %w", msg, err)
}
path := filepath.Join(tempDir, "kustomization.yaml")
if err := os.WriteFile(path, data, 0666); err != nil {
return errors.Format("%s: %w", msg, err)
}
// Write the inputs
for _, input := range t.Inputs {
path := string(input)
if err := p.opts.Store.Save(tempDir, path); err != nil {
return errors.Format("%s: %w", msg, err)
}
}
// Execute kustomize
r, err := util.RunCmdW(ctx, p.opts.Stderr, "kubectl", "kustomize", tempDir)
if err != nil {
return errors.Format("%s: could not run kustomize: %w", msg, err)
}
// Store the artifact
if err := p.opts.Store.Set(string(t.Output), r.Stdout.Bytes()); err != nil {
return errors.Format("%s: %w", msg, err)
}
return nil
}
func validate(ctx context.Context, validator core.Validator, p taskParams) error {
store := p.opts.Store
tempDir, err := os.MkdirTemp("", "holos.validate")
if err != nil {
return errors.Wrap(err)
}
// defer util.Remove(ctx, tempDir)
msg := fmt.Sprintf("could not validate %s", p.id())
// Write the inputs
for _, input := range validator.Inputs {
path := string(input)
if err := store.Save(tempDir, path); err != nil {
return errors.Format("%s: %w", msg, err)
}
}
if len(validator.Command.Args) < 1 {
return errors.Format("%s: command args length must be at least 1", msg)
}
size := len(validator.Command.Args) + len(validator.Inputs)
args := make([]string, 0, size)
args = append(args, validator.Command.Args...)
for _, input := range validator.Inputs {
args = append(args, filepath.Join(tempDir, string(input)))
}
// Execute the validator
if _, err = util.RunCmdA(ctx, p.opts.Stderr, args[0], args[1:]...); err != nil {
return errors.Format("%s: %w", msg, err)
}
return nil
}

70
internal/cli/main.go
View File

@@ -1,71 +1 @@
package cli
import (
"context"
"fmt"
"log/slog"
"connectrpc.com/connect"
cue "cuelang.org/go/cue/errors"
"github.com/holos-run/holos/internal/errors"
"github.com/holos-run/holos/internal/holos"
"google.golang.org/genproto/googleapis/rpc/errdetails"
)
// MakeMain makes a main function for the cli or tests.
func MakeMain(options ...holos.Option) func() int {
return func() (exitCode int) {
cfg := holos.New(options...)
slog.SetDefault(cfg.Logger())
ctx := context.Background()
feature := &holos.EnvFlagger{}
if err := New(cfg, feature).ExecuteContext(ctx); err != nil {
return HandleError(ctx, err, cfg)
}
return 0
}
}
// HandleError is the top level error handler that unwraps and logs errors.
func HandleError(ctx context.Context, err error, hc *holos.Config) (exitCode int) {
// Connect errors have codes, log them.
log := hc.NewTopLevelLogger().With("code", connect.CodeOf(err))
var cueErr cue.Error
var errAt *errors.ErrorAt
if errors.As(err, &errAt) {
loc := errAt.Source.Loc()
err2 := errAt.Unwrap()
log.ErrorContext(ctx, fmt.Sprintf("could not run: %s at %s", err2, loc), "err", err2, "loc", loc)
} else {
log.ErrorContext(ctx, fmt.Sprintf("could not run: %s", err), "err", err)
}
// cue errors are bundled up as a list and refer to multiple files / lines.
if errors.As(err, &cueErr) {
msg := cue.Details(cueErr, nil)
if _, err := fmt.Fprint(hc.Stderr(), msg); err != nil {
log.ErrorContext(ctx, "could not write CUE error details: "+err.Error(), "err", err)
}
}
// connect errors have details and codes.
// Refer to https://connectrpc.com/docs/go/errors
if connectErr := new(connect.Error); errors.As(err, &connectErr) {
for _, detail := range connectErr.Details() {
msg, valueErr := detail.Value()
if valueErr != nil {
log.WarnContext(ctx, "could not decode error detail", "err", err, "type", detail.Type(), "note", "this usually means we don't have the schema for the protobuf message type")
continue
}
if info, ok := msg.(*errdetails.ErrorInfo); ok {
logDetail := log.With("reason", info.GetReason(), "domain", info.GetDomain())
for k, v := range info.GetMetadata() {
logDetail = logDetail.With(k, v)
}
logDetail.ErrorContext(ctx, info.String())
}
}
}
return 1
}

36
internal/cli/render/render.go
View File

@@ -16,6 +16,8 @@ import (
"github.com/spf13/cobra"
)
const tagHelp = "set the value of a cue @tag field in the form key [ = value ]"
func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
cmd := command.New("render")
cmd.Args = cobra.NoArgs
@@ -26,7 +28,7 @@ func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
}
func newPlatform(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
cmd := command.New("platform DIRECTORY")
cmd := command.New("platform")
cmd.Args = cobra.MaximumNArgs(1)
cmd.Example = "holos render platform"
cmd.Short = "render an entire platform"
@@ -38,13 +40,15 @@ func newPlatform(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
}
var concurrency int
cmd.Flags().IntVar(&concurrency, "concurrency", min(runtime.NumCPU(), 8), "number of components to render concurrently")
cmd.Flags().IntVar(&concurrency, "concurrency", runtime.NumCPU(), "number of components to render concurrently")
var platform string
cmd.Flags().StringVar(&platform, "platform", "./platform", "platform directory path")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
var selector holos.Selector
cmd.Flags().VarP(&selector, "selector", "l", "label selector (e.g. label==string,label!=string)")
tagMap := make(holos.TagMap)
cmd.Flags().VarP(&tagMap, "inject", "t", "set the value of a cue @tag field from a key=value pair")
cmd.Flags().VarP(&tagMap, "inject", "t", tagHelp)
cmd.RunE = func(cmd *cobra.Command, args []string) error {
ctx := cmd.Root().Context()
@@ -55,7 +59,7 @@ func newPlatform(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
log.WarnContext(ctx, fmt.Sprintf(msg, platform))
}
inst, err := builder.LoadInstance(platform, tagMap.Tags())
inst, err := builder.LoadInstance(platform, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -70,7 +74,7 @@ func newPlatform(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
"--log-format", cfg.LogConfig().Format(),
}
opts := builder.PlatformOpts{
Fn: makePlatformRenderFunc(cmd.ErrOrStderr(), prefixArgs),
Fn: makeComponentRenderFunc(cmd.ErrOrStderr(), prefixArgs, tagMap.Tags()),
Selector: selector,
Concurrency: concurrency,
InfoEnabled: true,
@@ -102,15 +106,17 @@ func newComponent(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
}
tagMap := make(holos.TagMap)
cmd.Flags().VarP(&tagMap, "inject", "t", "set the value of a cue @tag field from a key=value pair")
cmd.Flags().VarP(&tagMap, "inject", "t", tagHelp)
var concurrency int
cmd.Flags().IntVar(&concurrency, "concurrency", min(runtime.NumCPU(), 8), "number of concurrent build steps")
cmd.Flags().IntVar(&concurrency, "concurrency", runtime.NumCPU(), "number of concurrent build steps")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
cmd.RunE = func(cmd *cobra.Command, args []string) error {
ctx := cmd.Root().Context()
path := args[0]
inst, err := builder.LoadInstance(path, tagMap.Tags())
inst, err := builder.LoadInstance(path, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -134,7 +140,7 @@ func newComponent(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
return cmd
}
func makePlatformRenderFunc(w io.Writer, prefixArgs []string) builder.BuildFunc {
func makeComponentRenderFunc(w io.Writer, prefixArgs, cliTags []string) func(context.Context, int, holos.Component) error {
return func(ctx context.Context, idx int, component holos.Component) error {
select {
case <-ctx.Done():
@@ -144,12 +150,22 @@ func makePlatformRenderFunc(w io.Writer, prefixArgs []string) builder.BuildFunc
if err != nil {
return errors.Wrap(err)
}
args := make([]string, 0, 10+len(prefixArgs)+(len(tags)*2))
filepaths, err := component.ExtractYAML()
if err != nil {
return errors.Wrap(err)
}
args := make([]string, 0, 10+len(prefixArgs)+(len(tags)*2+len(filepaths)*2))
args = append(args, prefixArgs...)
args = append(args, "render", "component")
for _, tag := range cliTags {
args = append(args, "--inject", tag)
}
for _, tag := range tags {
args = append(args, "--inject", tag)
}
for _, path := range filepaths {
args = append(args, "--extract-yaml", path)
}
args = append(args, component.Path())
if _, err := util.RunCmdA(ctx, w, "holos", args...); err != nil {
return errors.Format("could not render component: %w", err)

55
internal/cli/root.go
View File

@@ -1,14 +1,18 @@
package cli
import (
"context"
_ "embed"
"fmt"
"log/slog"
"connectrpc.com/connect"
"github.com/spf13/cobra"
"google.golang.org/genproto/googleapis/rpc/errdetails"
"github.com/holos-run/holos/version"
"github.com/holos-run/holos/internal/errors"
"github.com/holos-run/holos/internal/holos"
"github.com/holos-run/holos/internal/logger"
"github.com/holos-run/holos/internal/server"
@@ -28,7 +32,8 @@ import (
"github.com/holos-run/holos/internal/cli/token"
"github.com/holos-run/holos/internal/cli/txtar"
cue "cuelang.org/go/cmd/cue/cmd"
cueCmd "cuelang.org/go/cmd/cue/cmd"
cue_errors "cuelang.org/go/cue/errors"
)
//go:embed help.txt
@@ -119,7 +124,7 @@ func newOrgCmd(feature holos.Flagger) (cmd *cobra.Command) {
func newCueCmd() (cmd *cobra.Command) {
// Get a handle on the cue root command fields.
root, _ := cue.New([]string{})
root, _ := cueCmd.New([]string{})
// Copy the fields to our embedded command.
cmd = command.New("cue")
cmd.Short = root.Short
@@ -130,8 +135,52 @@ func newCueCmd() (cmd *cobra.Command) {
// We do it this way so we handle errors correctly.
cmd.RunE = func(cmd *cobra.Command, args []string) error {
cueRootCommand, _ := cue.New(args)
cueRootCommand, _ := cueCmd.New(args)
return cueRootCommand.Run(cmd.Root().Context())
}
return cmd
}
// HandleError is the top level error handler that unwraps and logs errors.
func HandleError(ctx context.Context, err error, hc *holos.Config) (exitCode int) {
// Connect errors have codes, log them.
log := hc.NewTopLevelLogger().With("code", connect.CodeOf(err))
var cueErr cue_errors.Error
var errAt *errors.ErrorAt
if errors.As(err, &errAt) {
loc := errAt.Source.Loc()
err2 := errAt.Unwrap()
log.ErrorContext(ctx, fmt.Sprintf("could not run: %s at %s", err2, loc), "err", err2, "loc", loc)
} else {
log.ErrorContext(ctx, fmt.Sprintf("could not run: %s", err), "err", err)
}
// cue errors are bundled up as a list and refer to multiple files / lines.
if errors.As(err, &cueErr) {
msg := cue_errors.Details(cueErr, nil)
if _, err := fmt.Fprint(hc.Stderr(), msg); err != nil {
log.ErrorContext(ctx, "could not write CUE error details: "+err.Error(), "err", err)
}
}
// connect errors have details and codes.
// Refer to https://connectrpc.com/docs/go/errors
if connectErr := new(connect.Error); errors.As(err, &connectErr) {
for _, detail := range connectErr.Details() {
msg, valueErr := detail.Value()
if valueErr != nil {
log.WarnContext(ctx, "could not decode error detail", "err", err, "type", detail.Type(), "note", "this usually means we don't have the schema for the protobuf message type")
continue
}
if info, ok := msg.(*errdetails.ErrorInfo); ok {
logDetail := log.With("reason", info.GetReason(), "domain", info.GetDomain())
for k, v := range info.GetMetadata() {
logDetail = logDetail.With(k, v)
}
logDetail.ErrorContext(ctx, info.String())
}
}
}
return 1
}

18
internal/cli/show.go
View File

@@ -30,13 +30,15 @@ func newShowPlatformCmd() (cmd *cobra.Command) {
var platform string
cmd.Flags().StringVar(&platform, "platform", "./platform", "platform directory path")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
var format string
cmd.Flags().StringVar(&format, "format", "yaml", "yaml or json format")
tagMap := make(holos.TagMap)
cmd.Flags().VarP(&tagMap, "inject", "t", "set the value of a cue @tag field from a key=value pair")
cmd.RunE = func(c *cobra.Command, args []string) (err error) {
inst, err := builder.LoadInstance(platform, tagMap.Tags())
inst, err := builder.LoadInstance(platform, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -64,6 +66,8 @@ func newShowBuildPlanCmd() (cmd *cobra.Command) {
var platform string
cmd.Flags().StringVar(&platform, "platform", "./platform", "platform directory path")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
var format string
cmd.Flags().StringVar(&format, "format", "yaml", "yaml or json format")
var selector holos.Selector
@@ -75,7 +79,7 @@ func newShowBuildPlanCmd() (cmd *cobra.Command) {
cmd.RunE = func(c *cobra.Command, args []string) (err error) {
path := platform
inst, err := builder.LoadInstance(path, tagMap.Tags())
inst, err := builder.LoadInstance(path, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -94,6 +98,7 @@ func newShowBuildPlanCmd() (cmd *cobra.Command) {
buildPlanOpts := holos.NewBuildOpts(path)
buildPlanOpts.Stderr = cmd.ErrOrStderr()
buildPlanOpts.Concurrency = concurrency
buildPlanOpts.Tags = tagMap.Tags()
platformOpts := builder.PlatformOpts{
Fn: makeBuildFunc(encoder, buildPlanOpts),
@@ -110,7 +115,7 @@ func newShowBuildPlanCmd() (cmd *cobra.Command) {
return cmd
}
func makeBuildFunc(encoder holos.OrderedEncoder, opts holos.BuildOpts) builder.BuildFunc {
func makeBuildFunc(encoder holos.OrderedEncoder, opts holos.BuildOpts) func(context.Context, int, holos.Component) error {
return func(ctx context.Context, idx int, component holos.Component) error {
select {
case <-ctx.Done():
@@ -120,7 +125,12 @@ func makeBuildFunc(encoder holos.OrderedEncoder, opts holos.BuildOpts) builder.B
if err != nil {
return errors.Wrap(err)
}
inst, err := builder.LoadInstance(component.Path(), tags)
tags = append(tags, opts.Tags...)
filepaths, err := component.ExtractYAML()
if err != nil {
return errors.Wrap(err)
}
inst, err := builder.LoadInstance(component.Path(), filepaths, tags)
if err != nil {
return errors.Wrap(err)
}

51
internal/generate/platforms/cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha5/types_go_gen.cue
View File

@@ -164,9 +164,26 @@ package core
}
// Repository represents a [Helm] [Chart] repository.
//
// The Auth field is useful to configure http basic authentication to the Helm
// repository. Holos gets the username and password from the environment
// variables represented by the Auth field.
#Repository: {
name: string @go(Name)
url: string @go(URL)
name: string @go(Name)
url: string @go(URL)
auth?: #Auth @go(Auth)
}
// Auth represents environment variable names containing auth credentials.
#Auth: {
username: #AuthSource @go(Username)
password: #AuthSource @go(Password)
}
// AuthSource represents a source for the value of an [Auth] field.
#AuthSource: {
value?: string @go(Value)
fromEnv?: string @go(FromEnv)
}
// Transformer combines multiple inputs from prior [Generator] or [Transformer]
@@ -317,6 +334,11 @@ package core
// Injected as the tag variable "holos_component_path".
path: string @go(Path)
// Instances represents additional cue instance paths to unify with Path.
// Useful to unify data files into a component BuildPlan. Added in holos
// 0.101.7.
instances?: [...#Instance] @go(Instances,[]Instance)
// WriteTo represents the holos render component --write-to flag. If empty,
// the default value for the --write-to flag is used.
writeTo?: string @go(WriteTo)
@@ -336,3 +358,28 @@ package core
// `cli.holos.run/description` to customize the log message of each BuildPlan.
annotations?: {[string]: string} @go(Annotations,map[string]string)
}
// Instance represents a data instance to unify with the configuration.
//
// Useful to unify json and yaml files with cue configuration files for
// integration with other tools. For example, executing holos render platform
// from a pull request workflow after [Kargo] executes the [yaml update] and
// [git wait for pr] promotion steps.
//
// [Kargo]: https://docs.kargo.io/
// [yaml update]: https://docs.kargo.io/references/promotion-steps#yaml-update
// [git wait for pr]: https://docs.kargo.io/references/promotion-steps#git-wait-for-pr
#Instance: {
// Kind is a discriminator.
kind: string & "ExtractYAML" @go(Kind)
// Ignored unless kind is ExtractYAML.
extractYAML?: #ExtractYAML @go(ExtractYAML)
}
// ExtractYAML represents a cue data instance encoded as yaml or json. If Path
// refers to a directory all files in the directory are extracted
// non-recursively. Otherwise, path must refer to a file.
#ExtractYAML: {
path: string @go(Path)
}

753
internal/generate/platforms/cue.mod/gen/helm.toolkit.fluxcd.io/helmrelease/v2/types_gen.cue Normal file
View File

@@ -0,0 +1,753 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v2
import "strings"
// HelmRelease is the Schema for the helmreleases API
#HelmRelease: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "helm.toolkit.fluxcd.io/v2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRelease"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmReleaseSpec defines the desired state of a Helm release.
spec!: #HelmReleaseSpec
}
// HelmReleaseSpec defines the desired state of a Helm release.
#HelmReleaseSpec: {
// Chart defines the template of the v1.HelmChart that should be
// created
// for this HelmRelease.
chart?: {
// ObjectMeta holds the template for metadata like labels and
// annotations.
metadata?: {
// Annotations is an unstructured key value map stored with a
// resource that may be
// set by external tools to store and retrieve arbitrary metadata.
// They are not
// queryable and should be preserved when modifying objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations?: {
[string]: string
}
// Map of string keys and values that can be used to organize and
// categorize
// (scope and select) objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels?: {
[string]: string
}
}
// Spec holds the template for the v1.HelmChartSpec for this
// HelmRelease.
spec: {
// The name or path the Helm chart is available at in the
// SourceRef.
chart: strings.MaxRunes(2048) & strings.MinRunes(1)
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which to check the v1.Source for updates. Defaults
// to
// 'HelmReleaseSpec.Interval'.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The name and namespace of the v1.Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported for OCI sources.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact,
// are not verified.
verify?: {
// Provider specifies the technology used to sign the OCI Helm
// chart.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version semver expression, ignored for charts from
// v1.GitRepository and
// v1beta2.Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}
}
// ChartRef holds a reference to a source controller resource
// containing the
// Helm chart artifact.
chartRef?: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "HelmChart"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with
// references to HelmRelease resources that must be ready before
// this HelmRelease
// can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// DriftDetection holds the configuration for detecting and
// handling
// differences between the manifest in the Helm storage and the
// resources
// currently existing in the cluster.
driftDetection?: {
// Ignore contains a list of rules for specifying which changes to
// ignore
// during diffing.
ignore?: [...{
// Paths is a list of JSON Pointer (RFC 6901) paths to be excluded
// from
// consideration in a Kubernetes object.
paths: [...string]
// Target is a selector for specifying Kubernetes objects to which
// this
// rule applies.
// If Target is not set, the Paths will be ignored for all
// Kubernetes
// objects within the manifest of the Helm release.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Mode defines how differences should be handled between the Helm
// manifest
// and the manifest currently applied to the cluster.
// If not explicitly set, it defaults to DiffModeDisabled.
mode?: "enabled" | "warn" | "disabled"
}
// Install holds the configuration for Helm install actions for
// this HelmRelease.
install?: {
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Create` and if omitted
// CRDs are installed but not updated.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are applied (installed) during Helm install
// action.
// With this option users can opt in to CRD replace existing CRDs
// on Helm
// install actions, which is not (yet) natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// CreateNamespace tells the Helm install action to create the
// HelmReleaseSpec.TargetNamespace if it does not exist yet.
// On uninstall, the namespace will not be garbage collected.
createNamespace?: bool
// DisableHooks prevents hooks from running during the Helm
// install action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm install action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableSchemaValidation prevents the Helm install action from
// validating
// the values against the JSON Schema.
disableSchemaValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// install has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// install has been performed.
disableWaitForJobs?: bool
// Remediation holds the remediation configuration for when the
// Helm install
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an install action but fail. Defaults to
// 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false'.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using an uninstall, is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
}
// Replace tells the Helm install action to re-use the
// 'ReleaseName', but only
// if that name is a deleted release which remains in the history.
replace?: bool
// SkipCRDs tells the Helm install action to not install any CRDs.
// By default,
// CRDs are installed if not already present.
//
// Deprecated use CRD policy (`crds`) attribute with value `Skip`
// instead.
skipCRDs?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm install
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Interval at which to reconcile the Helm release.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// MaxHistory is the number of revisions saved by Helm for this
// HelmRelease.
// Use '0' for an unlimited number of revisions; defaults to '5'.
maxHistory?: int
// PersistentClient tells the controller to use a persistent
// Kubernetes
// client for this release. When enabled, the client will be
// reused for the
// duration of the reconciliation, instead of being created and
// destroyed
// for each (step of a) Helm action.
//
// This can improve performance, but may cause issues with some
// Helm charts
// that for example do create Custom Resource Definitions during
// installation
// outside Helm's CRD lifecycle hooks, which are then not observed
// to be
// available by e.g. post-install hooks.
//
// If not set, it defaults to true.
persistentClient?: bool
// PostRenderers holds an array of Helm PostRenderers, which will
// be applied in order
// of their definition.
postRenderers?: [...{
// Kustomization to apply as PostRenderer.
kustomize?: {
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
}
}]
// ReleaseName used for the Helm release. Defaults to a
// composition of
// '[TargetNamespace-]Name'.
releaseName?: strings.MaxRunes(53) & strings.MinRunes(1)
// Rollback holds the configuration for Helm rollback actions for
// this HelmRelease.
rollback?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// rollback action when it fails.
cleanupOnFail?: bool
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// rollback has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// rollback has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// Recreate performs pod restarts for the resource if applicable.
recreate?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm rollback
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// The name of the Kubernetes service account to impersonate
// when reconciling this HelmRelease.
serviceAccountName?: strings.MaxRunes(253) & strings.MinRunes(1)
// StorageNamespace used for the Helm storage.
// Defaults to the namespace of the HelmRelease.
storageNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Suspend tells the controller to suspend reconciliation for this
// HelmRelease,
// it does not apply to already started reconciliations. Defaults
// to false.
suspend?: bool
// TargetNamespace to target when performing operations for the
// HelmRelease.
// Defaults to the namespace of the HelmRelease.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Test holds the configuration for Helm test actions for this
// HelmRelease.
test?: {
// Enable enables Helm test actions for this HelmRelease after an
// Helm install
// or upgrade action has been performed.
enable?: bool
// Filters is a list of tests to run or exclude from running.
filters?: [...{
// Exclude specifies whether the named test should be excluded.
exclude?: bool
// Name is the name of the test.
name: strings.MaxRunes(253) & strings.MinRunes(1)
}]
// IgnoreFailures tells the controller to skip remediation when
// the Helm tests
// are run but fail. Can be overwritten for tests run after
// install or upgrade
// actions in 'Install.IgnoreTestFailures' and
// 'Upgrade.IgnoreTestFailures'.
ignoreFailures?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation during
// the performance of a Helm test action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like Jobs
// for hooks) during the performance of a Helm action. Defaults to
// '5m0s'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Uninstall holds the configuration for Helm uninstall actions
// for this HelmRelease.
uninstall?: {
// DeletionPropagation specifies the deletion propagation policy
// when
// a Helm uninstall is performed.
deletionPropagation?: "background" | "foreground" | "orphan" | *"background"
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables waiting for all the resources to be
// deleted after
// a Helm uninstall is performed.
disableWait?: bool
// KeepHistory tells Helm to remove all associated resources and
// mark the
// release as deleted, but retain the release history.
keepHistory?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm uninstall
// action. Defaults
// to 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Upgrade holds the configuration for Helm upgrade actions for
// this HelmRelease.
upgrade?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// upgrade action when it fails.
cleanupOnFail?: bool
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Skip` and if omitted
// CRDs are neither installed nor upgraded.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are not applied during Helm upgrade action.
// With this
// option users can opt-in to CRD upgrade, which is not (yet)
// natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// DisableHooks prevents hooks from running during the Helm
// upgrade action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm upgrade action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableSchemaValidation prevents the Helm upgrade action from
// validating
// the values against the JSON Schema.
disableSchemaValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// upgrade has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// upgrade has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// PreserveValues will make Helm reuse the last release's values
// and merge in
// overrides from 'Values'. Setting this flag makes the
// HelmRelease
// non-declarative.
preserveValues?: bool
// Remediation holds the remediation configuration for when the
// Helm upgrade
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an upgrade action but fail.
// Defaults to 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false' unless 'Retries' is
// greater than 0.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using 'Strategy', is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
// Strategy to use for failure remediation. Defaults to
// 'rollback'.
strategy?: "rollback" | "uninstall"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm upgrade
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Values holds the values for this Helm release.
values?: _
// ValuesFrom holds references to resources containing Helm values
// for this HelmRelease,
// and information about how they should be merged.
valuesFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional marks this ValuesReference as optional. When set, a
// not found error
// for the values reference is ignored, but any ValuesKey,
// TargetPath or
// transient error will still result in a reconciliation failure.
optional?: bool
// TargetPath is the YAML dot notation path the value should be
// merged at. When
// set, the ValuesKey is expected to be a single flat value.
// Defaults to 'None',
// which results in the values getting merged at the root.
targetPath?: strings.MaxRunes(250) & {
=~"^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$"
}
// ValuesKey is the data key where the values.yaml or a specific
// value can be
// found at. Defaults to 'values.yaml'.
valuesKey?: strings.MaxRunes(253) & {
=~"^[\\-._a-zA-Z0-9]+$"
}
}]
}

825
internal/generate/platforms/cue.mod/gen/helm.toolkit.fluxcd.io/helmrelease/v2beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,825 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v2beta1
import "strings"
// HelmRelease is the Schema for the helmreleases API
#HelmRelease: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRelease"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmReleaseSpec defines the desired state of a Helm release.
spec!: #HelmReleaseSpec
}
// HelmReleaseSpec defines the desired state of a Helm release.
#HelmReleaseSpec: {
// Chart defines the template of the v1beta2.HelmChart that should
// be created
// for this HelmRelease.
chart: {
// ObjectMeta holds the template for metadata like labels and
// annotations.
metadata?: {
// Annotations is an unstructured key value map stored with a
// resource that may be
// set by external tools to store and retrieve arbitrary metadata.
// They are not
// queryable and should be preserved when modifying objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations?: {
[string]: string
}
// Map of string keys and values that can be used to organize and
// categorize
// (scope and select) objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels?: {
[string]: string
}
}
// Spec holds the template for the v1beta2.HelmChartSpec for this
// HelmRelease.
spec: {
// The name or path the Helm chart is available at in the
// SourceRef.
chart: string
// Interval at which to check the v1beta2.Source for updates.
// Defaults to
// 'HelmReleaseSpec.Interval'.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The name and namespace of the v1beta2.Source the chart is
// available at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// Alternative values file to use as the default chart values,
// expected to
// be a relative path in the SourceRef. Deprecated in favor of
// ValuesFiles,
// for backwards compatibility the file defined here is merged
// before the
// ValuesFiles items. Ignored when omitted.
valuesFile?: string
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported for OCI sources.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact, are not verified.
verify?: {
// Provider specifies the technology used to sign the OCI Helm
// chart.
provider: "cosign" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version semver expression, ignored for charts from
// v1beta2.GitRepository and
// v1beta2.Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}
}
// ChartRef holds a reference to a source controller resource
// containing the
// Helm chart artifact.
//
// Note: this field is provisional to the v2 API, and not actively
// used
// by v2beta1 HelmReleases.
chartRef?: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "HelmChart"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with
// references to HelmRelease resources that must be ready before
// this HelmRelease
// can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// DriftDetection holds the configuration for detecting and
// handling
// differences between the manifest in the Helm storage and the
// resources
// currently existing in the cluster.
//
// Note: this field is provisional to the v2beta2 API, and not
// actively used
// by v2beta1 HelmReleases.
driftDetection?: {
// Ignore contains a list of rules for specifying which changes to
// ignore
// during diffing.
ignore?: [...{
// Paths is a list of JSON Pointer (RFC 6901) paths to be excluded
// from
// consideration in a Kubernetes object.
paths: [...string]
// Target is a selector for specifying Kubernetes objects to which
// this
// rule applies.
// If Target is not set, the Paths will be ignored for all
// Kubernetes
// objects within the manifest of the Helm release.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Mode defines how differences should be handled between the Helm
// manifest
// and the manifest currently applied to the cluster.
// If not explicitly set, it defaults to DiffModeDisabled.
mode?: "enabled" | "warn" | "disabled"
}
// Install holds the configuration for Helm install actions for
// this HelmRelease.
install?: {
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Create` and if omitted
// CRDs are installed but not updated.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are applied (installed) during Helm install
// action.
// With this option users can opt-in to CRD replace existing CRDs
// on Helm
// install actions, which is not (yet) natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// CreateNamespace tells the Helm install action to create the
// HelmReleaseSpec.TargetNamespace if it does not exist yet.
// On uninstall, the namespace will not be garbage collected.
createNamespace?: bool
// DisableHooks prevents hooks from running during the Helm
// install action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm install action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// install has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// install has been performed.
disableWaitForJobs?: bool
// Remediation holds the remediation configuration for when the
// Helm install
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an install action but fail. Defaults to
// 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false'.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using an uninstall, is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
}
// Replace tells the Helm install action to re-use the
// 'ReleaseName', but only
// if that name is a deleted release which remains in the history.
replace?: bool
// SkipCRDs tells the Helm install action to not install any CRDs.
// By default,
// CRDs are installed if not already present.
//
// Deprecated use CRD policy (`crds`) attribute with value `Skip`
// instead.
skipCRDs?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm install
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Interval at which to reconcile the Helm release.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// MaxHistory is the number of revisions saved by Helm for this
// HelmRelease.
// Use '0' for an unlimited number of revisions; defaults to '10'.
maxHistory?: int
// PersistentClient tells the controller to use a persistent
// Kubernetes
// client for this release. When enabled, the client will be
// reused for the
// duration of the reconciliation, instead of being created and
// destroyed
// for each (step of a) Helm action.
//
// This can improve performance, but may cause issues with some
// Helm charts
// that for example do create Custom Resource Definitions during
// installation
// outside Helm's CRD lifecycle hooks, which are then not observed
// to be
// available by e.g. post-install hooks.
//
// If not set, it defaults to true.
persistentClient?: bool
// PostRenderers holds an array of Helm PostRenderers, which will
// be applied in order
// of their definition.
postRenderers?: [...{
// Kustomization to apply as PostRenderer.
kustomize?: {
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
patchesStrategicMerge?: [...]
}
}]
// ReleaseName used for the Helm release. Defaults to a
// composition of
// '[TargetNamespace-]Name'.
releaseName?: strings.MaxRunes(53) & strings.MinRunes(1)
// Rollback holds the configuration for Helm rollback actions for
// this HelmRelease.
rollback?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// rollback action when it fails.
cleanupOnFail?: bool
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// rollback has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// rollback has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// Recreate performs pod restarts for the resource if applicable.
recreate?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm rollback
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// The name of the Kubernetes service account to impersonate
// when reconciling this HelmRelease.
serviceAccountName?: string
// StorageNamespace used for the Helm storage.
// Defaults to the namespace of the HelmRelease.
storageNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Suspend tells the controller to suspend reconciliation for this
// HelmRelease,
// it does not apply to already started reconciliations. Defaults
// to false.
suspend?: bool
// TargetNamespace to target when performing operations for the
// HelmRelease.
// Defaults to the namespace of the HelmRelease.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Test holds the configuration for Helm test actions for this
// HelmRelease.
test?: {
// Enable enables Helm test actions for this HelmRelease after an
// Helm install
// or upgrade action has been performed.
enable?: bool
// IgnoreFailures tells the controller to skip remediation when
// the Helm tests
// are run but fail. Can be overwritten for tests run after
// install or upgrade
// actions in 'Install.IgnoreTestFailures' and
// 'Upgrade.IgnoreTestFailures'.
ignoreFailures?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation during
// the performance of a Helm test action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like Jobs
// for hooks) during the performance of a Helm action. Defaults to
// '5m0s'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Uninstall holds the configuration for Helm uninstall actions
// for this HelmRelease.
uninstall?: {
// DeletionPropagation specifies the deletion propagation policy
// when
// a Helm uninstall is performed.
deletionPropagation?: "background" | "foreground" | "orphan" | *"background"
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables waiting for all the resources to be
// deleted after
// a Helm uninstall is performed.
disableWait?: bool
// KeepHistory tells Helm to remove all associated resources and
// mark the
// release as deleted, but retain the release history.
keepHistory?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm uninstall
// action. Defaults
// to 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Upgrade holds the configuration for Helm upgrade actions for
// this HelmRelease.
upgrade?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// upgrade action when it fails.
cleanupOnFail?: bool
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Skip` and if omitted
// CRDs are neither installed nor upgraded.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are not applied during Helm upgrade action.
// With this
// option users can opt-in to CRD upgrade, which is not (yet)
// natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// DisableHooks prevents hooks from running during the Helm
// upgrade action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm upgrade action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// upgrade has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// upgrade has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// PreserveValues will make Helm reuse the last release's values
// and merge in
// overrides from 'Values'. Setting this flag makes the
// HelmRelease
// non-declarative.
preserveValues?: bool
// Remediation holds the remediation configuration for when the
// Helm upgrade
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an upgrade action but fail.
// Defaults to 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false' unless 'Retries' is
// greater than 0.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using 'Strategy', is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
// Strategy to use for failure remediation. Defaults to
// 'rollback'.
strategy?: "rollback" | "uninstall"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm upgrade
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Values holds the values for this Helm release.
values?: _
// ValuesFrom holds references to resources containing Helm values
// for this HelmRelease,
// and information about how they should be merged.
valuesFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional marks this ValuesReference as optional. When set, a
// not found error
// for the values reference is ignored, but any ValuesKey,
// TargetPath or
// transient error will still result in a reconciliation failure.
optional?: bool
// TargetPath is the YAML dot notation path the value should be
// merged at. When
// set, the ValuesKey is expected to be a single flat value.
// Defaults to 'None',
// which results in the values getting merged at the root.
targetPath?: strings.MaxRunes(250) & {
=~"^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$"
}
// ValuesKey is the data key where the values.yaml or a specific
// value can be
// found at. Defaults to 'values.yaml'.
// When set, must be a valid Data Key, consisting of alphanumeric
// characters,
// '-', '_' or '.'.
valuesKey?: strings.MaxRunes(253) & {
=~"^[\\-._a-zA-Z0-9]+$"
}
}]
}

831
internal/generate/platforms/cue.mod/gen/helm.toolkit.fluxcd.io/helmrelease/v2beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,831 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v2beta2
import "strings"
// HelmRelease is the Schema for the helmreleases API
#HelmRelease: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "helm.toolkit.fluxcd.io/v2beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRelease"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmReleaseSpec defines the desired state of a Helm release.
spec!: #HelmReleaseSpec
}
// HelmReleaseSpec defines the desired state of a Helm release.
#HelmReleaseSpec: {
// Chart defines the template of the v1beta2.HelmChart that should
// be created
// for this HelmRelease.
chart?: {
// ObjectMeta holds the template for metadata like labels and
// annotations.
metadata?: {
// Annotations is an unstructured key value map stored with a
// resource that may be
// set by external tools to store and retrieve arbitrary metadata.
// They are not
// queryable and should be preserved when modifying objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations?: {
[string]: string
}
// Map of string keys and values that can be used to organize and
// categorize
// (scope and select) objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels?: {
[string]: string
}
}
// Spec holds the template for the v1beta2.HelmChartSpec for this
// HelmRelease.
spec: {
// The name or path the Helm chart is available at in the
// SourceRef.
chart: strings.MaxRunes(2048) & strings.MinRunes(1)
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which to check the v1.Source for updates. Defaults
// to
// 'HelmReleaseSpec.Interval'.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The name and namespace of the v1.Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// Alternative values file to use as the default chart values,
// expected to
// be a relative path in the SourceRef. Deprecated in favor of
// ValuesFiles,
// for backwards compatibility the file defined here is merged
// before the
// ValuesFiles items. Ignored when omitted.
valuesFile?: string
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported for OCI sources.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact,
// are not verified.
verify?: {
// Provider specifies the technology used to sign the OCI Helm
// chart.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version semver expression, ignored for charts from
// v1beta2.GitRepository and
// v1beta2.Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}
}
// ChartRef holds a reference to a source controller resource
// containing the
// Helm chart artifact.
//
// Note: this field is provisional to the v2 API, and not actively
// used
// by v2beta2 HelmReleases.
chartRef?: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "HelmChart"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with
// references to HelmRelease resources that must be ready before
// this HelmRelease
// can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// DriftDetection holds the configuration for detecting and
// handling
// differences between the manifest in the Helm storage and the
// resources
// currently existing in the cluster.
driftDetection?: {
// Ignore contains a list of rules for specifying which changes to
// ignore
// during diffing.
ignore?: [...{
// Paths is a list of JSON Pointer (RFC 6901) paths to be excluded
// from
// consideration in a Kubernetes object.
paths: [...string]
// Target is a selector for specifying Kubernetes objects to which
// this
// rule applies.
// If Target is not set, the Paths will be ignored for all
// Kubernetes
// objects within the manifest of the Helm release.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Mode defines how differences should be handled between the Helm
// manifest
// and the manifest currently applied to the cluster.
// If not explicitly set, it defaults to DiffModeDisabled.
mode?: "enabled" | "warn" | "disabled"
}
// Install holds the configuration for Helm install actions for
// this HelmRelease.
install?: {
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Create` and if omitted
// CRDs are installed but not updated.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are applied (installed) during Helm install
// action.
// With this option users can opt in to CRD replace existing CRDs
// on Helm
// install actions, which is not (yet) natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// CreateNamespace tells the Helm install action to create the
// HelmReleaseSpec.TargetNamespace if it does not exist yet.
// On uninstall, the namespace will not be garbage collected.
createNamespace?: bool
// DisableHooks prevents hooks from running during the Helm
// install action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm install action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// install has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// install has been performed.
disableWaitForJobs?: bool
// Remediation holds the remediation configuration for when the
// Helm install
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an install action but fail. Defaults to
// 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false'.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using an uninstall, is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
}
// Replace tells the Helm install action to re-use the
// 'ReleaseName', but only
// if that name is a deleted release which remains in the history.
replace?: bool
// SkipCRDs tells the Helm install action to not install any CRDs.
// By default,
// CRDs are installed if not already present.
//
// Deprecated use CRD policy (`crds`) attribute with value `Skip`
// instead.
skipCRDs?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm install
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Interval at which to reconcile the Helm release.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// MaxHistory is the number of revisions saved by Helm for this
// HelmRelease.
// Use '0' for an unlimited number of revisions; defaults to '5'.
maxHistory?: int
// PersistentClient tells the controller to use a persistent
// Kubernetes
// client for this release. When enabled, the client will be
// reused for the
// duration of the reconciliation, instead of being created and
// destroyed
// for each (step of a) Helm action.
//
// This can improve performance, but may cause issues with some
// Helm charts
// that for example do create Custom Resource Definitions during
// installation
// outside Helm's CRD lifecycle hooks, which are then not observed
// to be
// available by e.g. post-install hooks.
//
// If not set, it defaults to true.
persistentClient?: bool
// PostRenderers holds an array of Helm PostRenderers, which will
// be applied in order
// of their definition.
postRenderers?: [...{
// Kustomization to apply as PostRenderer.
kustomize?: {
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
// Deprecated: use Patches instead.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
// Deprecated: use Patches instead.
patchesStrategicMerge?: [...]
}
}]
// ReleaseName used for the Helm release. Defaults to a
// composition of
// '[TargetNamespace-]Name'.
releaseName?: strings.MaxRunes(53) & strings.MinRunes(1)
// Rollback holds the configuration for Helm rollback actions for
// this HelmRelease.
rollback?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// rollback action when it fails.
cleanupOnFail?: bool
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// rollback has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// rollback has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// Recreate performs pod restarts for the resource if applicable.
recreate?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm rollback
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// The name of the Kubernetes service account to impersonate
// when reconciling this HelmRelease.
serviceAccountName?: strings.MaxRunes(253) & strings.MinRunes(1)
// StorageNamespace used for the Helm storage.
// Defaults to the namespace of the HelmRelease.
storageNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Suspend tells the controller to suspend reconciliation for this
// HelmRelease,
// it does not apply to already started reconciliations. Defaults
// to false.
suspend?: bool
// TargetNamespace to target when performing operations for the
// HelmRelease.
// Defaults to the namespace of the HelmRelease.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Test holds the configuration for Helm test actions for this
// HelmRelease.
test?: {
// Enable enables Helm test actions for this HelmRelease after an
// Helm install
// or upgrade action has been performed.
enable?: bool
// Filters is a list of tests to run or exclude from running.
filters?: [...{
// Exclude specifies whether the named test should be excluded.
exclude?: bool
// Name is the name of the test.
name: strings.MaxRunes(253) & strings.MinRunes(1)
}]
// IgnoreFailures tells the controller to skip remediation when
// the Helm tests
// are run but fail. Can be overwritten for tests run after
// install or upgrade
// actions in 'Install.IgnoreTestFailures' and
// 'Upgrade.IgnoreTestFailures'.
ignoreFailures?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation during
// the performance of a Helm test action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like Jobs
// for hooks) during the performance of a Helm action. Defaults to
// '5m0s'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Uninstall holds the configuration for Helm uninstall actions
// for this HelmRelease.
uninstall?: {
// DeletionPropagation specifies the deletion propagation policy
// when
// a Helm uninstall is performed.
deletionPropagation?: "background" | "foreground" | "orphan" | *"background"
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables waiting for all the resources to be
// deleted after
// a Helm uninstall is performed.
disableWait?: bool
// KeepHistory tells Helm to remove all associated resources and
// mark the
// release as deleted, but retain the release history.
keepHistory?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm uninstall
// action. Defaults
// to 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Upgrade holds the configuration for Helm upgrade actions for
// this HelmRelease.
upgrade?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// upgrade action when it fails.
cleanupOnFail?: bool
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Skip` and if omitted
// CRDs are neither installed nor upgraded.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are not applied during Helm upgrade action.
// With this
// option users can opt-in to CRD upgrade, which is not (yet)
// natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// DisableHooks prevents hooks from running during the Helm
// upgrade action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm upgrade action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// upgrade has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// upgrade has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// PreserveValues will make Helm reuse the last release's values
// and merge in
// overrides from 'Values'. Setting this flag makes the
// HelmRelease
// non-declarative.
preserveValues?: bool
// Remediation holds the remediation configuration for when the
// Helm upgrade
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an upgrade action but fail.
// Defaults to 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false' unless 'Retries' is
// greater than 0.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using 'Strategy', is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
// Strategy to use for failure remediation. Defaults to
// 'rollback'.
strategy?: "rollback" | "uninstall"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm upgrade
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Values holds the values for this Helm release.
values?: _
// ValuesFrom holds references to resources containing Helm values
// for this HelmRelease,
// and information about how they should be merged.
valuesFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional marks this ValuesReference as optional. When set, a
// not found error
// for the values reference is ignored, but any ValuesKey,
// TargetPath or
// transient error will still result in a reconciliation failure.
optional?: bool
// TargetPath is the YAML dot notation path the value should be
// merged at. When
// set, the ValuesKey is expected to be a single flat value.
// Defaults to 'None',
// which results in the values getting merged at the root.
targetPath?: strings.MaxRunes(250) & {
=~"^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$"
}
// ValuesKey is the data key where the values.yaml or a specific
// value can be
// found at. Defaults to 'values.yaml'.
valuesKey?: strings.MaxRunes(253) & {
=~"^[\\-._a-zA-Z0-9]+$"
}
}]
}

105
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagepolicy/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// ImagePolicy is the Schema for the imagepolicies API
#ImagePolicy: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImagePolicy"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy
spec!: #ImagePolicySpec
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy
#ImagePolicySpec: {
// FilterTags enables filtering for only a subset of tags based on
// a set of
// rules. If no rules are provided, all the tags from the
// repository will be
// ordered and compared.
filterTags?: {
// Extract allows a capture group to be extracted from the
// specified regular
// expression pattern, useful before tag evaluation.
extract?: string
// Pattern specifies a regular expression pattern used to filter
// for image
// tags.
pattern?: string
}
// ImageRepositoryRef points at the object specifying the image
// being scanned
imageRepositoryRef: {
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}
// Policy gives the particulars of the policy to be followed in
// selecting the most recent image
policy: {
alphabetical?: {
// Order specifies the sorting order of the tags. Given the
// letters of the
// alphabet as tags, ascending order would select Z, and
// descending order
// would select A.
order?: "asc" | "desc" | *"asc"
}
numerical?: {
// Order specifies the sorting order of the tags. Given the
// integer values
// from 0 to 9 as tags, ascending order would select 9, and
// descending order
// would select 0.
order?: "asc" | "desc" | *"asc"
}
semver?: {
// Range gives a semver range for the image tag; the highest
// version within the range that's a tag yields the latest image.
range: string
}
}
}

105
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagepolicy/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// ImagePolicy is the Schema for the imagepolicies API
#ImagePolicy: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImagePolicy"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy.
spec!: #ImagePolicySpec
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy.
#ImagePolicySpec: {
// FilterTags enables filtering for only a subset of tags based on
// a set of
// rules. If no rules are provided, all the tags from the
// repository will be
// ordered and compared.
filterTags?: {
// Extract allows a capture group to be extracted from the
// specified regular
// expression pattern, useful before tag evaluation.
extract?: string
// Pattern specifies a regular expression pattern used to filter
// for image
// tags.
pattern?: string
}
// ImageRepositoryRef points at the object specifying the image
// being scanned
imageRepositoryRef: {
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}
// Policy gives the particulars of the policy to be followed in
// selecting the most recent image
policy: {
alphabetical?: {
// Order specifies the sorting order of the tags. Given the
// letters of the
// alphabet as tags, ascending order would select Z, and
// descending order
// would select A.
order?: "asc" | "desc" | *"asc"
}
numerical?: {
// Order specifies the sorting order of the tags. Given the
// integer values
// from 0 to 9 as tags, ascending order would select 9, and
// descending order
// would select 0.
order?: "asc" | "desc" | *"asc"
}
semver?: {
// Range gives a semver range for the image tag; the highest
// version within the range that's a tag yields the latest image.
range: string
}
}
}

105
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagerepository/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// ImageRepository is the Schema for the imagerepositories API
#ImageRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
spec!: #ImageRepositorySpec
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
#ImageRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// ExclusionList is a list of regex strings used to exclude
// certain tags
// from being stored in the database.
exclusionList?: [...string]
// Image is the name of the image repository
image: string
// Interval is the length of time to wait between
// scans of the image repository.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
secretRef?: {
// Name of the referent.
name: string
}
// ServiceAccountName is the name of the Kubernetes ServiceAccount
// used to authenticate
// the image pull if the service account has attached pull
// secrets.
serviceAccountName?: strings.MaxRunes(253)
// This flag tells the controller to suspend subsequent image
// scans.
// It does not apply to already started scans. Defaults to false.
suspend?: bool
// Timeout for image scanning.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
}

121
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagerepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,121 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import (
"strings"
"list"
)
// ImageRepository is the Schema for the imagerepositories API
#ImageRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
spec!: #ImageRepositorySpec
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
#ImageRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// ExclusionList is a list of regex strings used to exclude
// certain tags
// from being stored in the database.
exclusionList?: list.MaxItems(25) & [...string] | *["^.*\\.sig$"]
// Image is the name of the image repository
image: string
// Insecure allows connecting to a non-TLS HTTP container
// registry.
insecure?: bool
// Interval is the length of time to wait between
// scans of the image repository.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// The provider used for authentication, can be 'aws', 'azure',
// 'gcp' or 'generic'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
secretRef?: {
// Name of the referent.
name: string
}
// ServiceAccountName is the name of the Kubernetes ServiceAccount
// used to authenticate
// the image pull if the service account has attached pull
// secrets.
serviceAccountName?: strings.MaxRunes(253)
// This flag tells the controller to suspend subsequent image
// scans.
// It does not apply to already started scans. Defaults to false.
suspend?: bool
// Timeout for image scanning.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
}

179
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imageupdateautomation/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,179 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// ImageUpdateAutomation is the Schema for the
// imageupdateautomations API
#ImageUpdateAutomation: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageUpdateAutomation"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
spec!: #ImageUpdateAutomationSpec
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
#ImageUpdateAutomationSpec: {
// GitSpec contains all the git-specific definitions. This is
// technically optional, but in practice mandatory until there are
// other kinds of source allowed.
git?: {
checkout?: {
// Reference gives a branch, tag or commit to clone from the Git
// repository.
ref: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
}
// Commit specifies how to commit to the git repository.
commit: {
// Author gives the email and optionally the name to use as the
// author of commits.
author: {
// Email gives the email to provide when making a commit.
email: string
// Name gives the name to provide when making a commit.
name?: string
}
// MessageTemplate provides a template for the commit message,
// into which will be interpolated the details of the change made.
messageTemplate?: string
signingKey?: {
secretRef: {
// Name of the referent.
name: string
}
}
}
// Push specifies how and where to push commits made by the
// automation. If missing, commits are pushed (back) to
// `.spec.checkout.branch` or its default.
push?: {
// Branch specifies that commits should be pushed to the branch
// named. The branch is created using `.spec.checkout.branch` as
// the
// starting point, if it doesn't already exist.
branch?: string
// Options specifies the push options that are sent to the Git
// server when performing a push operation. For details, see:
// https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
options?: {
[string]: string
}
// Refspec specifies the Git Refspec to use for a push operation.
// If both Branch and Refspec are provided, then the commit is
// pushed
// to the branch and also using the specified refspec.
// For more details about Git Refspecs, see:
// https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
refspec?: string
}
}
// Interval gives an lower bound for how often the automation
// run should be attempted.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// SourceRef refers to the resource giving access details
// to a git repository.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "GitRepository" | *"GitRepository"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes resource object that contains the reference.
namespace?: string
}
// Suspend tells the controller to not run this automation, until
// it is unset (or set to false). Defaults to false.
suspend?: bool
// Update gives the specification for how to update the files in
// the repository. This can be left empty, to use the default
// value.
update?: {
// Path to the directory containing the manifests to be updated.
// Defaults to 'None', which translates to the root path
// of the GitRepositoryRef.
path?: string
// Strategy names the strategy to be used.
strategy: "Setters" | *"Setters"
} | *{
strategy: "Setters"
}
}

214
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imageupdateautomation/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,214 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// ImageUpdateAutomation is the Schema for the
// imageupdateautomations API
#ImageUpdateAutomation: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageUpdateAutomation"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
spec!: #ImageUpdateAutomationSpec
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
#ImageUpdateAutomationSpec: {
// GitSpec contains all the git-specific definitions. This is
// technically optional, but in practice mandatory until there are
// other kinds of source allowed.
git?: {
checkout?: {
// Reference gives a branch, tag or commit to clone from the Git
// repository.
ref: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
}
// Commit specifies how to commit to the git repository.
commit: {
// Author gives the email and optionally the name to use as the
// author of commits.
author: {
// Email gives the email to provide when making a commit.
email: string
// Name gives the name to provide when making a commit.
name?: string
}
// MessageTemplate provides a template for the commit message,
// into which will be interpolated the details of the change made.
messageTemplate?: string
signingKey?: {
secretRef: {
// Name of the referent.
name: string
}
}
}
// Push specifies how and where to push commits made by the
// automation. If missing, commits are pushed (back) to
// `.spec.checkout.branch` or its default.
push?: {
// Branch specifies that commits should be pushed to the branch
// named. The branch is created using `.spec.checkout.branch` as
// the
// starting point, if it doesn't already exist.
branch?: string
// Options specifies the push options that are sent to the Git
// server when performing a push operation. For details, see:
// https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
options?: {
[string]: string
}
// Refspec specifies the Git Refspec to use for a push operation.
// If both Branch and Refspec are provided, then the commit is
// pushed
// to the branch and also using the specified refspec.
// For more details about Git Refspecs, see:
// https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
refspec?: string
}
}
// Interval gives an lower bound for how often the automation
// run should be attempted.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// PolicySelector allows to filter applied policies based on
// labels.
// By default includes all policies in namespace.
policySelector?: {
// matchExpressions is a list of label selector requirements. The
// requirements are ANDed.
matchExpressions?: [...{
// key is the label key that the selector applies to.
key: string
// operator represents a key's relationship to a set of values.
// Valid operators are In, NotIn, Exists and DoesNotExist.
operator: string
// values is an array of string values. If the operator is In or
// NotIn,
// the values array must be non-empty. If the operator is Exists
// or DoesNotExist,
// the values array must be empty. This array is replaced during a
// strategic
// merge patch.
values?: [...string]
}]
// matchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}
// SourceRef refers to the resource giving access details
// to a git repository.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "GitRepository" | *"GitRepository"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes resource object that contains the reference.
namespace?: string
}
// Suspend tells the controller to not run this automation, until
// it is unset (or set to false). Defaults to false.
suspend?: bool
// Update gives the specification for how to update the files in
// the repository. This can be left empty, to use the default
// value.
update?: {
// Path to the directory containing the manifests to be updated.
// Defaults to 'None', which translates to the root path
// of the GitRepositoryRef.
path?: string
// Strategy names the strategy to be used.
strategy: "Setters" | *"Setters"
} | *{
strategy: "Setters"
}
}

154
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/freight/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,154 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Freight represents a collection of versioned artifacts.
#Freight: {
// Alias is a human-friendly alias for a piece of Freight. This is
// an optional
// field. A defaulting webhook will sync this field with the value
// of the
// kargo.akuity.io/alias label. When the alias label is not
// present or differs
// from the value of this field, the defaulting webhook will set
// the label to
// the value of this field. If the alias label is present and this
// field is
// empty, the defaulting webhook will set the value of this field
// to the value
// of the alias label. If this field is empty and the alias label
// is not
// present, the defaulting webhook will choose an available alias
// and assign
// it to both the field and label.
alias?: string
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Charts describes specific versions of specific Helm charts.
charts?: [...{
// Name specifies the name of the chart.
name?: string
// RepoURL specifies the URL of a Helm chart repository. Classic
// chart
// repositories (using HTTP/S) can contain differently named
// charts. When this
// field points to such a repository, the Name field will specify
// the name of
// the chart within the repository. In the case of a repository
// within an OCI
// registry, the URL implicitly points to a specific chart and the
// Name field
// will be empty.
repoURL?: string
// Version specifies a particular version of the chart.
version?: string
}]
// Commits describes specific Git repository commits.
commits?: [...{
// Author is the author of the commit.
author?: string
// Branch denotes the branch of the repository where this commit
// was found.
branch?: string
// Committer is the person who committed the commit.
committer?: string
// ID is the ID of a specific commit in the Git repository
// specified by
// RepoURL.
id?: string
// Message is the message associated with the commit. At present,
// this only
// contains the first line (subject) of the commit message.
message?: string
// RepoURL is the URL of a Git repository.
repoURL?: string
// Tag denotes a tag in the repository that matched selection
// criteria and
// resolved to this commit.
tag?: string
}]
// Images describes specific versions of specific container
// images.
images?: [...{
// Digest identifies a specific version of the image in the
// repository
// specified by RepoURL. This is a more precise identifier than
// Tag.
digest?: string
// GitRepoURL specifies the URL of a Git repository that contains
// the source
// code for the image repository referenced by the RepoURL field
// if Kargo was
// able to infer it.
gitRepoURL?: string
// RepoURL describes the repository in which the image can be
// found.
repoURL?: string
// Tag identifies a specific version of the image in the
// repository specified
// by RepoURL.
tag?: string
}]
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Freight"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Origin describes a kind of Freight in terms of its origin.
origin: {
// Kind is the kind of resource from which Freight may have
// originated. At
// present, this can only be "Warehouse".
kind: "Warehouse"
// Name is the name of the resource of the kind indicated by the
// Kind field
// from which Freight may originated.
name: string
}
}

72
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/project/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,72 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Project is a resource type that reconciles to a specially
// labeled namespace
// and other TODO: TBD project-level resources.
#Project: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Project"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes a Project.
spec!: #ProjectSpec
}
#ProjectSpec: {
// PromotionPolicies defines policies governing the promotion of
// Freight to
// specific Stages within this Project.
promotionPolicies?: [...{
// AutoPromotionEnabled indicates whether new Freight can
// automatically be
// promoted into the Stage referenced by the Stage field. Note:
// There are may
// be other conditions also required for an auto-promotion to
// occur. This
// field defaults to false, but is commonly set to true for Stages
// that
// subscribe to Warehouses instead of other, upstream Stages. This
// allows
// users to define Stages that are automatically updated as soon
// as new
// artifacts are detected.
autoPromotionEnabled?: bool
stage: strings.MinRunes(1) & {
=~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
}
}]
}

163
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/promotion/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,163 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Promotion represents a request to transition a particular Stage
// into a
// particular Freight.
#Promotion: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Promotion"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes the desired transition of a specific Stage into
// a specific
// Freight.
spec!: #PromotionSpec
}
// Spec describes the desired transition of a specific Stage into
// a specific
// Freight.
#PromotionSpec: {
// Freight specifies the piece of Freight to be promoted into the
// Stage
// referenced by the Stage field.
freight: strings.MinRunes(1)
// Stage specifies the name of the Stage to which this Promotion
// applies. The Stage referenced by this field MUST be in the same
// namespace as the Promotion.
stage: strings.MinRunes(1) & {
=~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
}
// Steps specifies the directives to be executed as part of this
// Promotion.
// The order in which the directives are executed is the order in
// which they
// are listed in this field.
steps?: [...{
// As is the alias this step can be referred to as.
as?: string
// Config is opaque configuration for the PromotionStep that is
// understood
// only by each PromotionStep's implementation. It is legal to
// utilize
// expressions in defining values at any level of this block.
// See https://docs.kargo.io/references/expression-language for
// details.
config?: _
// Retry is the retry policy for this step.
retry?: {
// ErrorThreshold is the number of consecutive times the step must
// fail (for
// any reason) before retries are abandoned and the entire
// Promotion is marked
// as failed.
//
// If this field is set to 0, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also 0), the
// effective
// default will be the system-wide default of 1.
//
// A value of 1 will cause the Promotion to be marked as failed
// after just
// a single failure; i.e. no retries will be attempted.
//
// There is no option to specify an infinite number of retries
// using a value
// such as -1.
//
// In a future release, Kargo is likely to become capable of
// distinguishing
// between recoverable and non-recoverable step failures. At that
// time, it is
// planned that unrecoverable failures will not be subject to this
// threshold
// and will immediately cause the Promotion to be marked as failed
// without
// further condition.
errorThreshold?: int
// Timeout is the soft maximum interval in which a step that
// returns a Running
// status (which typically indicates it's waiting for something to
// happen)
// may be retried.
//
// The maximum is a soft one because the check for whether the
// interval has
// elapsed occurs AFTER the step has run. This effectively means a
// step may
// run ONCE beyond the close of the interval.
//
// If this field is set to nil, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also nil), the
// effective
// default will be the system-wide default of 0.
//
// A value of 0 will cause the step to be retried indefinitely
// unless the
// ErrorThreshold is reached.
timeout?: string
}
// Uses identifies a runner that can execute this step.
uses: strings.MinRunes(1)
}]
// Vars is a list of variables that can be referenced by
// expressions in
// promotion steps.
vars?: [...{
// Name is the name of the variable.
name: strings.MinRunes(1) & {
=~"^[a-zA-Z_]\\w*$"
}
// Value is the value of the variable. It is allowed to utilize
// expressions
// in the value.
// See https://docs.kargo.io/references/expression-language for
// details.
value: string
}]
}

264
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/stage/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,264 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Stage is the Kargo API's main type.
#Stage: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Stage"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes sources of Freight used by the Stage and how to
// incorporate
// Freight into the Stage.
spec!: #StageSpec
}
// Spec describes sources of Freight used by the Stage and how to
// incorporate
// Freight into the Stage.
#StageSpec: {
promotionTemplate?: {
// PromotionTemplateSpec describes the (partial) specification of
// a Promotion
// for a Stage. This is a template that can be used to create a
// Promotion for a
// Stage.
spec: {
// Steps specifies the directives to be executed as part of a
// Promotion.
// The order in which the directives are executed is the order in
// which they
// are listed in this field.
steps?: [...{
// As is the alias this step can be referred to as.
as?: string
// Config is opaque configuration for the PromotionStep that is
// understood
// only by each PromotionStep's implementation. It is legal to
// utilize
// expressions in defining values at any level of this block.
// See https://docs.kargo.io/references/expression-language for
// details.
config?: _
// Retry is the retry policy for this step.
retry?: {
// ErrorThreshold is the number of consecutive times the step must
// fail (for
// any reason) before retries are abandoned and the entire
// Promotion is marked
// as failed.
//
// If this field is set to 0, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also 0), the
// effective
// default will be the system-wide default of 1.
//
// A value of 1 will cause the Promotion to be marked as failed
// after just
// a single failure; i.e. no retries will be attempted.
//
// There is no option to specify an infinite number of retries
// using a value
// such as -1.
//
// In a future release, Kargo is likely to become capable of
// distinguishing
// between recoverable and non-recoverable step failures. At that
// time, it is
// planned that unrecoverable failures will not be subject to this
// threshold
// and will immediately cause the Promotion to be marked as failed
// without
// further condition.
errorThreshold?: int
// Timeout is the soft maximum interval in which a step that
// returns a Running
// status (which typically indicates it's waiting for something to
// happen)
// may be retried.
//
// The maximum is a soft one because the check for whether the
// interval has
// elapsed occurs AFTER the step has run. This effectively means a
// step may
// run ONCE beyond the close of the interval.
//
// If this field is set to nil, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also nil), the
// effective
// default will be the system-wide default of 0.
//
// A value of 0 will cause the step to be retried indefinitely
// unless the
// ErrorThreshold is reached.
timeout?: string
}
// Uses identifies a runner that can execute this step.
uses: strings.MinRunes(1)
}] & [_, ...]
// Vars is a list of variables that can be referenced by
// expressions in
// promotion steps.
vars?: [...{
// Name is the name of the variable.
name: strings.MinRunes(1) & {
=~"^[a-zA-Z_]\\w*$"
}
// Value is the value of the variable. It is allowed to utilize
// expressions
// in the value.
// See https://docs.kargo.io/references/expression-language for
// details.
value: string
}]
}
}
// RequestedFreight expresses the Stage's need for certain pieces
// of Freight,
// each having originated from a particular Warehouse. This list
// must be
// non-empty. In the common case, a Stage will request Freight
// having
// originated from just one specific Warehouse. In advanced cases,
// requesting
// Freight from multiple Warehouses provides a method of advancing
// new
// artifacts of different types through parallel pipelines at
// different
// speeds. This can be useful, for instance, if a Stage is home to
// multiple
// microservices that are independently versioned.
requestedFreight: [...{
// Origin specifies from where the requested Freight must have
// originated.
// This is a required field.
origin: {
// Kind is the kind of resource from which Freight may have
// originated. At
// present, this can only be "Warehouse".
kind: "Warehouse"
// Name is the name of the resource of the kind indicated by the
// Kind field
// from which Freight may originated.
name: string
}
// Sources describes where the requested Freight may be obtained
// from. This is
// a required field.
sources: {
// Direct indicates the requested Freight may be obtained directly
// from the
// Warehouse from which it originated. If this field's value is
// false, then
// the value of the Stages field must be non-empty. i.e. Between
// the two
// fields, at least one source must be specified.
direct?: bool
// Stages identifies other "upstream" Stages as potential sources
// of the
// requested Freight. If this field's value is empty, then the
// value of the
// Direct field must be true. i.e. Between the two fields, at
// least on source
// must be specified.
stages?: [...string]
}
}] & [_, ...]
// Shard is the name of the shard that this Stage belongs to. This
// is an
// optional field. If not specified, the Stage will belong to the
// default
// shard. A defaulting webhook will sync the value of the
// kargo.akuity.io/shard label with the value of this field. When
// this field
// is empty, the webhook will ensure that label is absent.
shard?: string
// Verification describes how to verify a Stage's current Freight
// is fit for
// promotion downstream.
verification?: {
// AnalysisRunMetadata contains optional metadata that should be
// applied to
// all AnalysisRuns.
analysisRunMetadata?: {
// Additional annotations to apply to an AnalysisRun.
annotations?: {
[string]: string
}
// Additional labels to apply to an AnalysisRun.
labels?: {
[string]: string
}
}
// AnalysisTemplates is a list of AnalysisTemplates from which
// AnalysisRuns
// should be created to verify a Stage's current Freight is fit to
// be promoted
// downstream.
analysisTemplates?: [...{
// Name is the name of the AnalysisTemplate in the same
// project/namespace as
// the Stage.
name: string
}]
// Args lists arguments that should be added to all AnalysisRuns.
args?: [...{
// Name is the name of the argument.
name: string
// Value is the value of the argument.
value: string
}]
}
}

402
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/warehouse/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,402 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Warehouse is a source of Freight.
#Warehouse: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Warehouse"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes sources of artifacts.
spec!: #WarehouseSpec
}
// Spec describes sources of artifacts.
#WarehouseSpec: {
// FreightCreationPolicy describes how Freight is created by this
// Warehouse.
// This field is optional. When left unspecified, the field is
// implicitly
// treated as if its value were "Automatic".
// Accepted values: Automatic, Manual
freightCreationPolicy?: "Automatic" | "Manual" | *"Automatic"
// Interval is the reconciliation interval for this Warehouse. On
// each
// reconciliation, the Warehouse will discover new artifacts and
// optionally
// produce new Freight. This field is optional. When left
// unspecified, the
// field is implicitly treated as if its value were "5m0s".
interval: =~"^([0-9]+(\\.[0-9]+)?(s|m|h))+$" | *"5m0s"
// Shard is the name of the shard that this Warehouse belongs to.
// This is an
// optional field. If not specified, the Warehouse will belong to
// the default
// shard. A defaulting webhook will sync this field with the value
// of the
// kargo.akuity.io/shard label. When the shard label is not
// present or differs
// from the value of this field, the defaulting webhook will set
// the label to
// the value of this field. If the shard label is present and this
// field is
// empty, the defaulting webhook will set the value of this field
// to the value
// of the shard label.
shard?: string
// Subscriptions describes sources of artifacts to be included in
// Freight
// produced by this Warehouse.
subscriptions: [...{
// Chart describes a subscription to a Helm chart repository.
chart?: {
// DiscoveryLimit is an optional limit on the number of chart
// versions that
// can be discovered for this subscription. The limit is applied
// after
// filtering charts based on the SemverConstraint field.
// When left unspecified, the field is implicitly treated as if
// its value
// were "20". The upper limit for this field is 100.
discoveryLimit?: int & <=100 & >=1 | *20
// Name specifies the name of a Helm chart to subscribe to within
// a classic
// chart repository specified by the RepoURL field. This field is
// required
// when the RepoURL field points to a classic chart repository and
// MUST
// otherwise be empty.
name?: string
// RepoURL specifies the URL of a Helm chart repository. It may be
// a classic
// chart repository (using HTTP/S) OR a repository within an OCI
// registry.
// Classic chart repositories can contain differently named
// charts. When this
// field points to such a repository, the Name field MUST also be
// used
// to specify the name of the desired chart within that
// repository. In the
// case of a repository within an OCI registry, the URL implicitly
// points to
// a specific chart and the Name field MUST NOT be used. The
// RepoURL field is
// required.
repoURL: strings.MinRunes(1) & {
=~"^(((https?)|(oci))://)([\\w\\d\\.\\-]+)(:[\\d]+)?(/.*)*$"
}
// SemverConstraint specifies constraints on what new chart
// versions are
// permissible. This field is optional. When left unspecified,
// there will be
// no constraints, which means the latest version of the chart
// will always be
// used. Care should be taken with leaving this field unspecified,
// as it can
// lead to the unanticipated rollout of breaking changes.
// More info:
// https://github.com/masterminds/semver#checking-version-constraints
semverConstraint?: string
}
// Git describes a subscriptions to a Git repository.
git?: {
// AllowTags is a regular expression that can optionally be used
// to limit the
// tags that are considered in determining the newest commit of
// interest. The
// value in this field only has any effect when the
// CommitSelectionStrategy is
// Lexical, NewestTag, or SemVer. This field is optional.
allowTags?: string
// Branch references a particular branch of the repository. The
// value in this
// field only has any effect when the CommitSelectionStrategy is
// NewestFromBranch or left unspecified (which is implicitly the
// same as
// NewestFromBranch). This field is optional. When left
// unspecified, (and the
// CommitSelectionStrategy is NewestFromBranch or unspecified),
// the
// subscription is implicitly to the repository's default branch.
branch?: strings.MinRunes(1) & {
=~"^\\w+([-/]\\w+)*$"
}
// CommitSelectionStrategy specifies the rules for how to identify
// the newest
// commit of interest in the repository specified by the RepoURL
// field. This
// field is optional. When left unspecified, the field is
// implicitly treated
// as if its value were "NewestFromBranch".
// Accepted values: Lexical, NewestFromBranch, NewestTag, SemVer
commitSelectionStrategy?: "Lexical" | "NewestFromBranch" | "NewestTag" | "SemVer" | *"NewestFromBranch"
// DiscoveryLimit is an optional limit on the number of commits
// that can be
// discovered for this subscription. The limit is applied after
// filtering
// commits based on the AllowTags and IgnoreTags fields.
// When left unspecified, the field is implicitly treated as if
// its value
// were "20". The upper limit for this field is 100.
discoveryLimit?: int & <=100 & >=1 | *20
// ExcludePaths is a list of selectors that designate paths in the
// repository
// that should NOT trigger the production of new Freight when
// changes are
// detected therein. When specified, changes in the identified
// paths will not
// trigger Freight production. When not specified, paths that
// should trigger
// Freight production will be defined solely by IncludePaths.
// Selectors may be
// defined using:
// 1. Exact paths to files or directories (ex. "charts/foo")
// 2. Glob patterns (prefix the pattern with "glob:"; ex.
// "glob:*.yaml")
// 3. Regular expressions (prefix the pattern with "regex:" or
// "regexp:";
// ex. "regexp:^.*\.yaml$")
// Paths selected by IncludePaths may be unselected by
// ExcludePaths. This
// is a useful method for including a broad set of paths and then
// excluding a
// subset of them.
excludePaths?: [...string]
// IgnoreTags is a list of tags that must be ignored when
// determining the
// newest commit of interest. No regular expressions or glob
// patterns are
// supported yet. The value in this field only has any effect when
// the
// CommitSelectionStrategy is Lexical, NewestTag, or SemVer. This
// field is
// optional.
ignoreTags?: [...string]
// IncludePaths is a list of selectors that designate paths in the
// repository
// that should trigger the production of new Freight when changes
// are detected
// therein. When specified, only changes in the identified paths
// will trigger
// Freight production. When not specified, changes in any path
// will trigger
// Freight production. Selectors may be defined using:
// 1. Exact paths to files or directories (ex. "charts/foo")
// 2. Glob patterns (prefix the pattern with "glob:"; ex.
// "glob:*.yaml")
// 3. Regular expressions (prefix the pattern with "regex:" or
// "regexp:";
// ex. "regexp:^.*\.yaml$")
// Paths selected by IncludePaths may be unselected by
// ExcludePaths. This
// is a useful method for including a broad set of paths and then
// excluding a
// subset of them.
includePaths?: [...string]
// InsecureSkipTLSVerify specifies whether certificate
// verification errors
// should be ignored when connecting to the repository. This
// should be enabled
// only with great caution.
insecureSkipTLSVerify?: bool
// URL is the repository's URL. This is a required field.
repoURL: strings.MinRunes(1) & {
=~"(?:^(https?)://(?:([\\w-]+):(.+)@)?([\\w-]+(?:\\.[\\w-]+)*)(?::(\\d{1,5}))?(/.*)$)|(?:^([\\w-]+)@([\\w+]+(?:\\.[\\w-]+)*):(/?.*))"
}
// SemverConstraint specifies constraints on what new tagged
// commits are
// considered in determining the newest commit of interest. The
// value in this
// field only has any effect when the CommitSelectionStrategy is
// SemVer. This
// field is optional. When left unspecified, there will be no
// constraints,
// which means the latest semantically tagged commit will always
// be used. Care
// should be taken with leaving this field unspecified, as it can
// lead to the
// unanticipated rollout of breaking changes.
semverConstraint?: string
// StrictSemvers specifies whether only "strict" semver tags
// should be
// considered. A "strict" semver tag is one containing ALL of
// major, minor,
// and patch version components. This is enabled by default, but
// only has any
// effect when the CommitSelectionStrategy is SemVer. This should
// be disabled
// cautiously, as it creates the potential for any tag containing
// numeric
// characters only to be mistaken for a semver string containing
// the major
// version number only.
strictSemvers: bool | *true
}
// Image describes a subscription to container image repository.
image?: {
// AllowTags is a regular expression that can optionally be used
// to limit the
// image tags that are considered in determining the newest
// version of an
// image. This field is optional.
allowTags?: string
// DiscoveryLimit is an optional limit on the number of image
// references
// that can be discovered for this subscription. The limit is
// applied after
// filtering images based on the AllowTags and IgnoreTags fields.
// When left unspecified, the field is implicitly treated as if
// its value
// were "20". The upper limit for this field is 100.
discoveryLimit?: int & <=100 & >=1 | *20
// GitRepoURL optionally specifies the URL of a Git repository
// that contains
// the source code for the image repository referenced by the
// RepoURL field.
// When this is specified, Kargo MAY be able to infer and link to
// the exact
// revision of that source code that was used to build the image.
gitRepoURL?: =~"^https?://(\\w+([\\.-]\\w+)*@)?\\w+([\\.-]\\w+)*(:[\\d]+)?(/.*)?$"
// IgnoreTags is a list of tags that must be ignored when
// determining the
// newest version of an image. No regular expressions or glob
// patterns are
// supported yet. This field is optional.
ignoreTags?: [...string]
// ImageSelectionStrategy specifies the rules for how to identify
// the newest version
// of the image specified by the RepoURL field. This field is
// optional. When
// left unspecified, the field is implicitly treated as if its
// value were
// "SemVer".
// Accepted values: Digest, Lexical, NewestBuild, SemVer
imageSelectionStrategy?: "Digest" | "Lexical" | "NewestBuild" | "SemVer" | *"SemVer"
// InsecureSkipTLSVerify specifies whether certificate
// verification errors
// should be ignored when connecting to the repository. This
// should be enabled
// only with great caution.
insecureSkipTLSVerify?: bool
// Platform is a string of the form <os>/<arch> that limits the
// tags that can
// be considered when searching for new versions of an image. This
// field is
// optional. When left unspecified, it is implicitly equivalent to
// the
// OS/architecture of the Kargo controller. Care should be taken
// to set this
// value correctly in cases where the image referenced by this
// ImageRepositorySubscription will run on a Kubernetes node with
// a different
// OS/architecture than the Kargo controller. At present this is
// uncommon, but
// not unheard of.
platform?: string
// RepoURL specifies the URL of the image repository to subscribe
// to. The
// value in this field MUST NOT include an image tag. This field
// is required.
repoURL: strings.MinRunes(1) & {
=~"^(\\w+([\\.-]\\w+)*(:[\\d]+)?/)?(\\w+([\\.-]\\w+)*)(/\\w+([\\.-]\\w+)*)*$"
}
// SemverConstraint specifies constraints on what new image
// versions are
// permissible. The value in this field only has any effect when
// the
// ImageSelectionStrategy is SemVer or left unspecified (which is
// implicitly
// the same as SemVer). This field is also optional. When left
// unspecified,
// (and the ImageSelectionStrategy is SemVer or unspecified),
// there will be no
// constraints, which means the latest semantically tagged version
// of an image
// will always be used. Care should be taken with leaving this
// field
// unspecified, as it can lead to the unanticipated rollout of
// breaking
// changes. Refer to Image Updater documentation for more details.
// More info:
// https://github.com/masterminds/semver#checking-version-constraints
semverConstraint?: string
// StrictSemvers specifies whether only "strict" semver tags
// should be
// considered. A "strict" semver tag is one containing ALL of
// major, minor,
// and patch version components. This is enabled by default, but
// only has any
// effect when the ImageSelectionStrategy is SemVer. This should
// be disabled
// cautiously, as it is not uncommon to tag container images with
// short Git
// commit hashes, which have the potential to contain numeric
// characters only
// and could be mistaken for a semver string containing the major
// version
// number only.
strictSemvers: bool | *true
}
}] & [_, ...]
}

326
internal/generate/platforms/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,326 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// Kustomization is the Schema for the kustomizations API.
#Kustomization: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kustomize.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Kustomization"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// KustomizationSpec defines the configuration to calculate the
// desired state
// from a Source using Kustomize.
spec!: #KustomizationSpec
}
// KustomizationSpec defines the configuration to calculate the
// desired state
// from a Source using Kustomize.
#KustomizationSpec: {
// CommonMetadata specifies the common labels and annotations that
// are
// applied to all resources. Any existing label or annotation will
// be
// overridden if its key matches a common one.
commonMetadata?: {
// Annotations to be added to the object's metadata.
annotations?: {
[string]: string
}
// Labels to be added to the object's metadata.
labels?: {
[string]: string
}
}
// Components specifies relative paths to specifications of other
// Components.
components?: [...string]
// Decrypt Kubernetes secrets before applying them on the cluster.
decryption?: {
// Provider is the name of the decryption engine.
provider: "sops"
secretRef?: {
// Name of the referent.
name: string
}
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with references to Kustomization resources that must be ready
// before this
// Kustomization can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Force instructs the controller to recreate resources
// when patching fails due to an immutable field change.
force?: bool | *false
// A list of resources to be included in the health assessment.
healthChecks?: [...{
// API version of the referent, if not specified the Kubernetes
// preferred version will be used.
apiVersion?: string
// Kind of the referent.
kind: string
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// The interval at which to reconcile the Kustomization.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// NamePrefix will prefix the names of all managed resources.
namePrefix?: strings.MaxRunes(200) & strings.MinRunes(1)
// NameSuffix will suffix the names of all managed resources.
nameSuffix?: strings.MaxRunes(200) & strings.MinRunes(1)
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Path to the directory containing the kustomization.yaml file,
// or the
// set of plain YAMLs a kustomization.yaml should be generated
// for.
// Defaults to 'None', which translates to the root path of the
// SourceRef.
path?: string
// PostBuild describes which actions to perform on the YAML
// manifest
// generated by building the kustomize overlay.
postBuild?: {
// Substitute holds a map of key/value pairs.
// The variables defined in your YAML manifests that match any of
// the keys
// defined in the map will be substituted with the set value.
// Includes support for bash string replacement functions
// e.g. ${var:=default}, ${var:position} and
// ${var/substring/replacement}.
substitute?: {
[string]: string
}
// SubstituteFrom holds references to ConfigMaps and Secrets
// containing
// the variables and their values to be substituted in the YAML
// manifests.
// The ConfigMap and the Secret data keys represent the var names,
// and they
// must match the vars declared in the manifests for the
// substitution to
// happen.
substituteFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional indicates whether the referenced resource must exist,
// or whether to
// tolerate its absence. If true and the referenced resource is
// absent, proceed
// as if the resource was present but empty, without any variables
// defined.
optional?: bool | *false
}]
}
// Prune enables garbage collection.
prune: bool
// The interval at which to retry a previously failed
// reconciliation.
// When not specified, the controller uses the
// KustomizationSpec.Interval
// value to retry failures.
retryInterval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// The name of the Kubernetes service account to impersonate
// when reconciling this Kustomization.
serviceAccountName?: string
// Reference of the source where the kustomization file is.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: string
}
// This flag tells the controller to suspend subsequent kustomize
// executions,
// it does not apply to already started executions. Defaults to
// false.
suspend?: bool
// TargetNamespace sets or overrides the namespace in the
// kustomization.yaml file.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Timeout for validation, apply and health checking operations.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Wait instructs the controller to check the health of all the
// reconciled
// resources. When enabled, the HealthChecks are ignored. Defaults
// to false.
wait?: bool
}

343
internal/generate/platforms/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,343 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Kustomization is the Schema for the kustomizations API.
#Kustomization: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kustomize.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Kustomization"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// KustomizationSpec defines the desired state of a kustomization.
spec!: #KustomizationSpec
}
// KustomizationSpec defines the desired state of a kustomization.
#KustomizationSpec: {
// Decrypt Kubernetes secrets before applying them on the cluster.
decryption?: {
// Provider is the name of the decryption engine.
provider: "sops"
secretRef?: {
// Name of the referent.
name: string
}
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with references to Kustomization resources that must be ready
// before this
// Kustomization can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Force instructs the controller to recreate resources
// when patching fails due to an immutable field change.
force?: bool | *false
// A list of resources to be included in the health assessment.
healthChecks?: [...{
// API version of the referent, if not specified the Kubernetes
// preferred version will be used.
apiVersion?: string
// Kind of the referent.
kind: string
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// The interval at which to reconcile the Kustomization.
interval: string
kubeConfig?: {
secretRef: {
// Name of the referent.
name: string
}
}
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
patchesStrategicMerge?: [...]
// Path to the directory containing the kustomization.yaml file,
// or the
// set of plain YAMLs a kustomization.yaml should be generated
// for.
// Defaults to 'None', which translates to the root path of the
// SourceRef.
path?: string
// PostBuild describes which actions to perform on the YAML
// manifest
// generated by building the kustomize overlay.
postBuild?: {
// Substitute holds a map of key/value pairs.
// The variables defined in your YAML manifests
// that match any of the keys defined in the map
// will be substituted with the set value.
// Includes support for bash string replacement functions
// e.g. ${var:=default}, ${var:position} and
// ${var/substring/replacement}.
substitute?: {
[string]: string
}
// SubstituteFrom holds references to ConfigMaps and Secrets
// containing
// the variables and their values to be substituted in the YAML
// manifests.
// The ConfigMap and the Secret data keys represent the var names
// and they
// must match the vars declared in the manifests for the
// substitution to happen.
substituteFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
}]
}
// Prune enables garbage collection.
prune: bool
// The interval at which to retry a previously failed
// reconciliation.
// When not specified, the controller uses the
// KustomizationSpec.Interval
// value to retry failures.
retryInterval?: string
// The name of the Kubernetes service account to impersonate
// when reconciling this Kustomization.
serviceAccountName?: string
// Reference of the source where the kustomization file is.
sourceRef: {
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "GitRepository" | "Bucket"
// Name of the referent
name: string
// Namespace of the referent, defaults to the Kustomization
// namespace
namespace?: string
}
// This flag tells the controller to suspend subsequent kustomize
// executions,
// it does not apply to already started executions. Defaults to
// false.
suspend?: bool
// TargetNamespace sets or overrides the namespace in the
// kustomization.yaml file.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Timeout for validation, apply and health checking operations.
// Defaults to 'Interval' duration.
timeout?: string
// Validate the Kubernetes objects before applying them on the
// cluster.
// The validation strategy can be 'client' (local dry-run),
// 'server'
// (APIServer dry-run) or 'none'.
// When 'Force' is 'true', validation will fallback to 'client' if
// set to
// 'server' because server-side validation is not supported in
// this scenario.
validation?: "none" | "client" | "server"
}

389
internal/generate/platforms/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,389 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Kustomization is the Schema for the kustomizations API.
#Kustomization: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kustomize.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Kustomization"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// KustomizationSpec defines the configuration to calculate the
// desired state from a Source using Kustomize.
spec!: #KustomizationSpec
}
// KustomizationSpec defines the configuration to calculate the
// desired state from a Source using Kustomize.
#KustomizationSpec: {
// CommonMetadata specifies the common labels and annotations that
// are applied to all resources.
// Any existing label or annotation will be overridden if its key
// matches a common one.
commonMetadata?: {
// Annotations to be added to the object's metadata.
annotations?: {
[string]: string
}
// Labels to be added to the object's metadata.
labels?: {
[string]: string
}
}
// Components specifies relative paths to specifications of other
// Components.
components?: [...string]
// Decrypt Kubernetes secrets before applying them on the cluster.
decryption?: {
// Provider is the name of the decryption engine.
provider: "sops"
secretRef?: {
// Name of the referent.
name: string
}
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with references to Kustomization resources that must be ready
// before this
// Kustomization can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Force instructs the controller to recreate resources
// when patching fails due to an immutable field change.
force?: bool | *false
// A list of resources to be included in the health assessment.
healthChecks?: [...{
// API version of the referent, if not specified the Kubernetes
// preferred version will be used.
apiVersion?: string
// Kind of the referent.
kind: string
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// The interval at which to reconcile the Kustomization.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
// Deprecated: Use Patches instead.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
// Deprecated: Use Patches instead.
patchesStrategicMerge?: [...]
// Path to the directory containing the kustomization.yaml file,
// or the
// set of plain YAMLs a kustomization.yaml should be generated
// for.
// Defaults to 'None', which translates to the root path of the
// SourceRef.
path?: string
// PostBuild describes which actions to perform on the YAML
// manifest
// generated by building the kustomize overlay.
postBuild?: {
// Substitute holds a map of key/value pairs.
// The variables defined in your YAML manifests
// that match any of the keys defined in the map
// will be substituted with the set value.
// Includes support for bash string replacement functions
// e.g. ${var:=default}, ${var:position} and
// ${var/substring/replacement}.
substitute?: {
[string]: string
}
// SubstituteFrom holds references to ConfigMaps and Secrets
// containing
// the variables and their values to be substituted in the YAML
// manifests.
// The ConfigMap and the Secret data keys represent the var names
// and they
// must match the vars declared in the manifests for the
// substitution to happen.
substituteFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional indicates whether the referenced resource must exist,
// or whether to
// tolerate its absence. If true and the referenced resource is
// absent, proceed
// as if the resource was present but empty, without any variables
// defined.
optional?: bool | *false
}]
}
// Prune enables garbage collection.
prune: bool
// The interval at which to retry a previously failed
// reconciliation.
// When not specified, the controller uses the
// KustomizationSpec.Interval
// value to retry failures.
retryInterval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// The name of the Kubernetes service account to impersonate
// when reconciling this Kustomization.
serviceAccountName?: string
// Reference of the source where the kustomization file is.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes resource object that contains the reference.
namespace?: string
}
// This flag tells the controller to suspend subsequent kustomize
// executions,
// it does not apply to already started executions. Defaults to
// false.
suspend?: bool
// TargetNamespace sets or overrides the namespace in the
// kustomization.yaml file.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Timeout for validation, apply and health checking operations.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Deprecated: Not used in v1beta2.
validation?: "none" | "client" | "server"
// Wait instructs the controller to check the health of all the
// reconciled resources.
// When enabled, the HealthChecks are ignored. Defaults to false.
wait?: bool
}

96
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/alert/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,96 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Alert is the Schema for the alerts API
#Alert: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Alert"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// AlertSpec defines an alerting rule for events involving a list
// of objects
spec!: #AlertSpec
}
// AlertSpec defines an alerting rule for events involving a list
// of objects
#AlertSpec: {
// Filter events based on severity, defaults to ('info').
// If set to 'info' no events will be filtered.
eventSeverity?: "info" | "error" | *"info"
// Filter events based on the involved objects.
eventSources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
// Name of the referent
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
// A list of Golang regular expressions to be used for excluding
// messages.
exclusionList?: [...string]
providerRef: {
// Name of the referent.
name: string
}
// Short description of the impact and affected cluster.
summary?: string
// This flag tells the controller to suspend subsequent events
// dispatching.
// Defaults to false.
suspend?: bool
}

116
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/alert/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Alert is the Schema for the alerts API
#Alert: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Alert"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
spec!: #AlertSpec
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
#AlertSpec: {
// EventMetadata is an optional field for adding metadata to
// events dispatched by the
// controller. This can be used for enhancing the context of the
// event. If a field
// would override one already present on the original event as
// generated by the emitter,
// then the override doesn't happen, i.e. the original value is
// preserved, and an info
// log is printed.
eventMetadata?: {
[string]: string
}
// EventSeverity specifies how to filter events based on severity.
// If set to 'info' no events will be filtered.
eventSeverity?: "info" | "error" | *"info"
// EventSources specifies how to filter events based
// on the involved object kind, name and namespace.
eventSources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
// ExclusionList specifies a list of Golang regular expressions
// to be used for excluding messages.
exclusionList?: [...string]
// InclusionList specifies a list of Golang regular expressions
// to be used for including messages.
inclusionList?: [...string]
providerRef: {
// Name of the referent.
name: string
}
// Summary holds a short description of the impact and affected
// cluster.
summary?: strings.MaxRunes(255)
// Suspend tells the controller to suspend subsequent
// events handling for this Alert.
suspend?: bool
}

116
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/alert/v1beta3/types_gen.cue Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta3
import "strings"
// Alert is the Schema for the alerts API
#Alert: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta3"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Alert"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
spec!: #AlertSpec
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
#AlertSpec: {
// EventMetadata is an optional field for adding metadata to
// events dispatched by the
// controller. This can be used for enhancing the context of the
// event. If a field
// would override one already present on the original event as
// generated by the emitter,
// then the override doesn't happen, i.e. the original value is
// preserved, and an info
// log is printed.
eventMetadata?: {
[string]: string
}
// EventSeverity specifies how to filter events based on severity.
// If set to 'info' no events will be filtered.
eventSeverity?: "info" | "error" | *"info"
// EventSources specifies how to filter events based
// on the involved object kind, name and namespace.
eventSources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
// ExclusionList specifies a list of Golang regular expressions
// to be used for excluding messages.
exclusionList?: [...string]
// InclusionList specifies a list of Golang regular expressions
// to be used for including messages.
inclusionList?: [...string]
providerRef: {
// Name of the referent.
name: string
}
// Summary holds a short description of the impact and affected
// cluster.
summary?: strings.MaxRunes(255)
// Suspend tells the controller to suspend subsequent
// events handling for this Alert.
suspend?: bool
}

80
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/provider/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,80 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Provider is the Schema for the providers API
#Provider: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Provider"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ProviderSpec defines the desired state of Provider
spec!: #ProviderSpec
}
// ProviderSpec defines the desired state of Provider
#ProviderSpec: {
// HTTP/S webhook address of this provider
address?: =~"^(http|https)://"
certSecretRef?: {
// Name of the referent.
name: string
}
// Alert channel for this provider
channel?: string
// HTTP/S address of the proxy
proxy?: =~"^(http|https)://"
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend subsequent events
// handling.
// Defaults to false.
suspend?: bool
// Timeout for sending alerts to the provider.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type of provider
type: "slack" | "discord" | "msteams" | "rocket" | "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "azuredevops" | "googlechat" | "webex" | "sentry" | "azureeventhub" | "telegram" | "lark" | "matrix" | "opsgenie" | "alertmanager" | "grafana" | "githubdispatch"
// Bot username for this provider
username?: string
}

93
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/provider/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,93 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Provider is the Schema for the providers API.
#Provider: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Provider"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ProviderSpec defines the desired state of the Provider.
spec!: #ProviderSpec
}
// ProviderSpec defines the desired state of the Provider.
#ProviderSpec: {
// Address specifies the endpoint, in a generic sense, to where
// alerts are sent.
// What kind of endpoint depends on the specific Provider type
// being used.
// For the generic Provider, for example, this is an HTTP/S
// address.
// For other Provider types this could be a project ID or a
// namespace.
address?: strings.MaxRunes(2048)
certSecretRef?: {
// Name of the referent.
name: string
}
// Channel specifies the destination channel where events should
// be posted.
channel?: strings.MaxRunes(2048)
// Interval at which to reconcile the Provider with its Secret
// references.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Proxy the HTTP/S address of the proxy server.
proxy?: strings.MaxRunes(2048) & {
=~"^(http|https)://.*$"
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this Provider.
suspend?: bool
// Timeout for sending alerts to the Provider.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type specifies which Provider implementation to use.
type: "slack" | "discord" | "msteams" | "rocket" | "generic" | "generic-hmac" | "github" | "gitlab" | "gitea" | "bitbucketserver" | "bitbucket" | "azuredevops" | "googlechat" | "googlepubsub" | "webex" | "sentry" | "azureeventhub" | "telegram" | "lark" | "matrix" | "opsgenie" | "alertmanager" | "grafana" | "githubdispatch" | "pagerduty" | "datadog"
// Username specifies the name under which events are posted.
username?: strings.MaxRunes(2048)
}

94
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/provider/v1beta3/types_gen.cue Normal file
View File

@@ -0,0 +1,94 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta3
import "strings"
// Provider is the Schema for the providers API
#Provider: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta3"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Provider"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ProviderSpec defines the desired state of the Provider.
spec!: #ProviderSpec
}
// ProviderSpec defines the desired state of the Provider.
#ProviderSpec: {
// Address specifies the endpoint, in a generic sense, to where
// alerts are sent.
// What kind of endpoint depends on the specific Provider type
// being used.
// For the generic Provider, for example, this is an HTTP/S
// address.
// For other Provider types this could be a project ID or a
// namespace.
address?: strings.MaxRunes(2048)
certSecretRef?: {
// Name of the referent.
name: string
}
// Channel specifies the destination channel where events should
// be posted.
channel?: strings.MaxRunes(2048)
// Interval at which to reconcile the Provider with its Secret
// references.
// Deprecated and not used in v1beta3.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Proxy the HTTP/S address of the proxy server.
proxy?: strings.MaxRunes(2048) & {
=~"^(http|https)://.*$"
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this Provider.
suspend?: bool
// Timeout for sending alerts to the Provider.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type specifies which Provider implementation to use.
type: "slack" | "discord" | "msteams" | "rocket" | "generic" | "generic-hmac" | "github" | "gitlab" | "gitea" | "bitbucketserver" | "bitbucket" | "azuredevops" | "googlechat" | "googlepubsub" | "webex" | "sentry" | "azureeventhub" | "telegram" | "lark" | "matrix" | "opsgenie" | "alertmanager" | "grafana" | "githubdispatch" | "pagerduty" | "datadog" | "nats"
// Username specifies the name under which events are posted.
username?: strings.MaxRunes(2048)
}

96
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/receiver/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,96 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// Receiver is the Schema for the receivers API.
#Receiver: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Receiver"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ReceiverSpec defines the desired state of the Receiver.
spec!: #ReceiverSpec
}
// ReceiverSpec defines the desired state of the Receiver.
#ReceiverSpec: {
// Events specifies the list of event types to handle,
// e.g. 'push' for GitHub or 'Push Hook' for GitLab.
events?: [...string]
// Interval at which to reconcile the Receiver with its Secret
// references.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" | *"10m"
// A list of resources to be notified about changes.
resources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
secretRef: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this receiver.
suspend?: bool
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
type: "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "harbor" | "dockerhub" | "quay" | "gcr" | "nexus" | "acr" | "cdevents"
}

91
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/receiver/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,91 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Receiver is the Schema for the receivers API
#Receiver: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Receiver"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ReceiverSpec defines the desired state of Receiver
spec!: #ReceiverSpec
}
// ReceiverSpec defines the desired state of Receiver
#ReceiverSpec: {
// A list of events to handle,
// e.g. 'push' for GitHub or 'Push Hook' for GitLab.
events?: [...string]
// A list of resources to be notified about changes.
resources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
// Name of the referent
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
secretRef: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend subsequent events
// handling.
// Defaults to false.
suspend?: bool
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
type: "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "harbor" | "dockerhub" | "quay" | "gcr" | "nexus" | "acr"
}

96
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/receiver/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,96 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Receiver is the Schema for the receivers API.
#Receiver: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Receiver"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ReceiverSpec defines the desired state of the Receiver.
spec!: #ReceiverSpec
}
// ReceiverSpec defines the desired state of the Receiver.
#ReceiverSpec: {
// Events specifies the list of event types to handle,
// e.g. 'push' for GitHub or 'Push Hook' for GitLab.
events?: [...string]
// Interval at which to reconcile the Receiver with its Secret
// references.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// A list of resources to be notified about changes.
resources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
secretRef: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this receiver.
suspend?: bool
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
type: "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "harbor" | "dockerhub" | "quay" | "gcr" | "nexus" | "acr"
}

135
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/bucket/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,135 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// Bucket is the Schema for the buckets API.
#Bucket: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Bucket"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
spec!: #BucketSpec
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
#BucketSpec: {
// BucketName is the name of the object storage bucket.
bucketName: string
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the object storage address the BucketName is
// located at.
endpoint: string
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS HTTP Endpoint.
insecure?: bool
// Interval at which the Bucket Endpoint is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Prefix to use for server-side filtering of files in the Bucket.
prefix?: string
// Provider of the object storage bucket.
// Defaults to 'generic', which expects an S3 (API) compatible
// object
// storage.
provider?: "generic" | "aws" | "gcp" | "azure" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
// Region of the Endpoint where the BucketName is located in.
region?: string
secretRef?: {
// Name of the referent.
name: string
}
// STS specifies the required configuration to use a Security
// Token
// Service for fetching temporary credentials to authenticate in a
// Bucket provider.
//
// This field is only supported for the `aws` and `generic`
// providers.
sts?: {
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the HTTP/S endpoint of the Security Token Service
// from
// where temporary credentials will be fetched.
endpoint: =~"^(http|https)://.*$"
// Provider of the Security Token Service.
provider: "aws" | "ldap"
secretRef?: {
// Name of the referent.
name: string
}
}
// Suspend tells the controller to suspend the reconciliation of
// this
// Bucket.
suspend?: bool
// Timeout for fetch operations, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
}

103
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/bucket/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,103 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Bucket is the Schema for the buckets API
#Bucket: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Bucket"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// BucketSpec defines the desired state of an S3 compatible bucket
spec!: #BucketSpec
}
// BucketSpec defines the desired state of an S3 compatible bucket
#BucketSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// The bucket name.
bucketName: string
// The bucket endpoint address.
endpoint: string
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS S3 HTTP endpoint.
insecure?: bool
// The interval at which to check for bucket updates.
interval: string
// The S3 compatible storage provider name, default ('generic').
provider?: "generic" | "aws" | "gcp" | *"generic"
// The bucket region.
region?: string
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout for download operations, defaults to 60s.
timeout?: string | *"60s"
}

152
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/bucket/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,152 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Bucket is the Schema for the buckets API.
#Bucket: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Bucket"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
spec!: #BucketSpec
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
#BucketSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// BucketName is the name of the object storage bucket.
bucketName: string
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the object storage address the BucketName is
// located at.
endpoint: string
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS HTTP Endpoint.
insecure?: bool
// Interval at which the Bucket Endpoint is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Prefix to use for server-side filtering of files in the Bucket.
prefix?: string
// Provider of the object storage bucket.
// Defaults to 'generic', which expects an S3 (API) compatible
// object
// storage.
provider?: "generic" | "aws" | "gcp" | "azure" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
// Region of the Endpoint where the BucketName is located in.
region?: string
secretRef?: {
// Name of the referent.
name: string
}
// STS specifies the required configuration to use a Security
// Token
// Service for fetching temporary credentials to authenticate in a
// Bucket provider.
//
// This field is only supported for the `aws` and `generic`
// providers.
sts?: {
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the HTTP/S endpoint of the Security Token Service
// from
// where temporary credentials will be fetched.
endpoint: =~"^(http|https)://.*$"
// Provider of the Security Token Service.
provider: "aws" | "ldap"
secretRef?: {
// Name of the referent.
name: string
}
}
// Suspend tells the controller to suspend the reconciliation of
// this
// Bucket.
suspend?: bool
// Timeout for fetch operations, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
}

167
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/gitrepository/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,167 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// GitRepository is the Schema for the gitrepositories API.
#GitRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "GitRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
spec!: #GitRepositorySpec
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
#GitRepositorySpec: {
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Include specifies a list of GitRepository resources which
// Artifacts
// should be included in the Artifact produced for this
// GitRepository.
include?: [...{
// FromPath specifies the path to copy contents from, defaults to
// the root
// of the Artifact.
fromPath?: string
repository: {
// Name of the referent.
name: string
}
// ToPath specifies the path to copy contents to, defaults to the
// name of
// the GitRepositoryRef.
toPath?: string
}]
// Interval at which the GitRepository URL is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Provider used for authentication, can be 'azure', 'generic'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "azure"
proxySecretRef?: {
// Name of the referent.
name: string
}
// RecurseSubmodules enables the initialization of all submodules
// within
// the GitRepository as cloned from the URL, using their default
// settings.
recurseSubmodules?: bool
// Reference specifies the Git reference to resolve and monitor
// for
// changes, defaults to the 'master' branch.
ref?: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// GitRepository.
suspend?: bool
// Timeout for Git operations like cloning, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
// URL specifies the Git repository URL, it can be an HTTP/S or
// SSH address.
url: =~"^(http|https|ssh)://.*$"
// Verification specifies the configuration to verify the Git
// commit
// signature(s).
verify?: {
// Mode specifies which Git object(s) should be verified.
//
// The variants "head" and "HEAD" both imply the same thing, i.e.
// verify
// the commit that the HEAD of the Git repository points to. The
// variant
// "head" solely exists to ensure backwards compatibility.
mode?: "head" | "HEAD" | "Tag" | "TagAndHEAD" | *"HEAD"
secretRef: {
// Name of the referent.
name: string
}
}
}

148
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/gitrepository/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,148 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// GitRepository is the Schema for the gitrepositories API
#GitRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "GitRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// GitRepositorySpec defines the desired state of a Git
// repository.
spec!: #GitRepositorySpec
}
// GitRepositorySpec defines the desired state of a Git
// repository.
#GitRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// Determines which git client library to use.
// Defaults to go-git, valid values are ('go-git', 'libgit2').
gitImplementation?: "go-git" | "libgit2" | *"go-git"
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Extra git repositories to map into the repository
include?: [...{
// The path to copy contents from, defaults to the root directory.
fromPath?: string
repository: {
// Name of the referent.
name: string
}
// The path to copy contents to, defaults to the name of the
// source ref.
toPath?: string
}]
// The interval at which to check for repository updates.
interval: string
// When enabled, after the clone is created, initializes all
// submodules within,
// using their default settings.
// This option is available only when using the 'go-git'
// GitImplementation.
recurseSubmodules?: bool
// The Git reference to checkout and monitor for changes, defaults
// to
// master branch.
ref?: {
// The Git branch to checkout, defaults to master.
branch?: string
// The Git commit SHA to checkout, if specified Tag filters will
// be ignored.
commit?: string
// The Git tag semver expression, takes precedence over Tag.
semver?: string
// The Git tag to checkout, takes precedence over Branch.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout for remote Git operations like cloning, defaults to
// 60s.
timeout?: string | *"60s"
// The repository URL, can be a HTTP/S or SSH address.
url: =~"^(http|https|ssh)://.*$"
// Verify OpenPGP signature for the Git commit HEAD points to.
verify?: {
// Mode describes what git object should be verified, currently
// ('head').
mode: "head"
secretRef?: {
// Name of the referent.
name: string
}
}
}

177
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/gitrepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,177 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// GitRepository is the Schema for the gitrepositories API.
#GitRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "GitRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
spec!: #GitRepositorySpec
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
#GitRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// GitImplementation specifies which Git client library
// implementation to
// use. Defaults to 'go-git', valid values are ('go-git',
// 'libgit2').
// Deprecated: gitImplementation is deprecated now that 'go-git'
// is the
// only supported implementation.
gitImplementation?: "go-git" | "libgit2" | *"go-git"
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Include specifies a list of GitRepository resources which
// Artifacts
// should be included in the Artifact produced for this
// GitRepository.
include?: [...{
// FromPath specifies the path to copy contents from, defaults to
// the root
// of the Artifact.
fromPath?: string
repository: {
// Name of the referent.
name: string
}
// ToPath specifies the path to copy contents to, defaults to the
// name of
// the GitRepositoryRef.
toPath?: string
}]
// Interval at which to check the GitRepository for updates.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// RecurseSubmodules enables the initialization of all submodules
// within
// the GitRepository as cloned from the URL, using their default
// settings.
recurseSubmodules?: bool
// Reference specifies the Git reference to resolve and monitor
// for
// changes, defaults to the 'master' branch.
ref?: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// GitRepository.
suspend?: bool
// Timeout for Git operations like cloning, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
// URL specifies the Git repository URL, it can be an HTTP/S or
// SSH address.
url: =~"^(http|https|ssh)://.*$"
// Verification specifies the configuration to verify the Git
// commit
// signature(s).
verify?: {
// Mode specifies what Git object should be verified, currently
// ('head').
mode: "head"
secretRef: {
// Name of the referent.
name: string
}
}
}

149
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmchart/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,149 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// HelmChart is the Schema for the helmcharts API.
#HelmChart: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmChart"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmChartSpec specifies the desired state of a Helm chart.
spec!: #HelmChartSpec
}
// HelmChartSpec specifies the desired state of a Helm chart.
#HelmChartSpec: {
// Chart is the name or path the Helm chart is available at in the
// SourceRef.
chart: string
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values
// files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which the HelmChart SourceRef is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// ReconcileStrategy determines what enables the creation of a new
// artifact.
// Valid values are ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// SourceRef is the reference to the Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent, valid values are ('HelmRepository',
// 'GitRepository',
// 'Bucket').
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// source.
suspend?: bool
// ValuesFiles is an alternative list of values files to use as
// the chart
// values (values.yaml is not included by default), expected to be
// a
// relative path in the SourceRef.
// Values files are merged in the order of this list with the last
// file
// overriding the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported when using HelmRepository source
// with spec.type 'oci'.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact, are not verified.
verify?: {
// MatchOIDCIdentity specifies the identity matching criteria to
// use
// while verifying an OCI artifact which was signed using Cosign
// keyless
// signing. The artifact's identity is deemed to be verified if
// any of the
// specified matchers match against the identity.
matchOIDCIdentity?: [...{
// Issuer specifies the regex pattern to match against to verify
// the OIDC issuer in the Fulcio certificate. The pattern must be
// a
// valid Go regular expression.
issuer: string
// Subject specifies the regex pattern to match against to verify
// the identity subject in the Fulcio certificate. The pattern
// must
// be a valid Go regular expression.
subject: string
}]
// Provider specifies the technology used to sign the OCI
// Artifact.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version is the chart version semver expression, ignored for
// charts from
// GitRepository and Bucket sources. Defaults to latest when
// omitted.
version?: string | *"*"
}

122
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmchart/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,122 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// HelmChart is the Schema for the helmcharts API
#HelmChart: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmChart"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmChartSpec defines the desired state of a Helm chart.
spec!: #HelmChartSpec
}
// HelmChartSpec defines the desired state of a Helm chart.
#HelmChartSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// The name or path the Helm chart is available at in the
// SourceRef.
chart: string
// The interval at which to check the Source for updates.
interval: string
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The reference to the Source the chart is available at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent, valid values are ('HelmRepository',
// 'GitRepository',
// 'Bucket').
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// Alternative values file to use as the default chart values,
// expected to
// be a relative path in the SourceRef. Deprecated in favor of
// ValuesFiles,
// for backwards compatibility the file defined here is merged
// before the
// ValuesFiles items. Ignored when omitted.
valuesFile?: string
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// The chart version semver expression, ignored for charts from
// GitRepository
// and Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}

175
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmchart/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,175 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// HelmChart is the Schema for the helmcharts API.
#HelmChart: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmChart"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmChartSpec specifies the desired state of a Helm chart.
spec!: #HelmChartSpec
}
// HelmChartSpec specifies the desired state of a Helm chart.
#HelmChartSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// Chart is the name or path the Helm chart is available at in the
// SourceRef.
chart: string
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values
// files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which the HelmChart SourceRef is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// ReconcileStrategy determines what enables the creation of a new
// artifact.
// Valid values are ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// SourceRef is the reference to the Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent, valid values are ('HelmRepository',
// 'GitRepository',
// 'Bucket').
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// source.
suspend?: bool
// ValuesFile is an alternative values file to use as the default
// chart
// values, expected to be a relative path in the SourceRef.
// Deprecated in
// favor of ValuesFiles, for backwards compatibility the file
// specified here
// is merged before the ValuesFiles items. Ignored when omitted.
valuesFile?: string
// ValuesFiles is an alternative list of values files to use as
// the chart
// values (values.yaml is not included by default), expected to be
// a
// relative path in the SourceRef.
// Values files are merged in the order of this list with the last
// file
// overriding the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported when using HelmRepository source
// with spec.type 'oci'.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact, are not verified.
verify?: {
// MatchOIDCIdentity specifies the identity matching criteria to
// use
// while verifying an OCI artifact which was signed using Cosign
// keyless
// signing. The artifact's identity is deemed to be verified if
// any of the
// specified matchers match against the identity.
matchOIDCIdentity?: [...{
// Issuer specifies the regex pattern to match against to verify
// the OIDC issuer in the Fulcio certificate. The pattern must be
// a
// valid Go regular expression.
issuer: string
// Subject specifies the regex pattern to match against to verify
// the identity subject in the Fulcio certificate. The pattern
// must
// be a valid Go regular expression.
subject: string
}]
// Provider specifies the technology used to sign the OCI
// Artifact.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version is the chart version semver expression, ignored for
// charts from
// GitRepository and Bucket sources. Defaults to latest when
// omitted.
version?: string | *"*"
}

132
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmrepository/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,132 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// HelmRepository is the Schema for the helmrepositories API.
#HelmRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
spec!: #HelmRepositorySpec
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
#HelmRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// Insecure allows connecting to a non-TLS HTTP container
// registry.
// This field is only taken into account if the .spec.type field
// is set to 'oci'.
insecure?: bool
// Interval at which the HelmRepository URL is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// PassCredentials allows the credentials from the SecretRef to be
// passed
// on to a host that does not match the host as defined in URL.
// This may be required if the host of the advertised chart URLs
// in the
// index differ from the defined URL.
// Enabling this should be done with caution, as it can
// potentially result
// in credentials getting stolen in a MITM-attack.
passCredentials?: bool
// Provider used for authentication, can be 'aws', 'azure', 'gcp'
// or 'generic'.
// This field is optional, and only taken into account if the
// .spec.type field is set to 'oci'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// HelmRepository.
suspend?: bool
// Timeout is used for the index fetch operation for an HTTPS helm
// repository,
// and for remote OCI Repository operations like pulling for an
// OCI helm
// chart by the associated HelmChart.
// Its default value is 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type of the HelmRepository.
// When this field is set to "oci", the URL field value must be
// prefixed with "oci://".
type?: "default" | "oci"
// URL of the Helm repository, a valid URL contains at least a
// protocol and
// host.
url: =~"^(http|https|oci)://.*$"
}

95
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmrepository/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,95 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// HelmRepository is the Schema for the helmrepositories API
#HelmRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmRepositorySpec defines the reference to a Helm repository.
spec!: #HelmRepositorySpec
}
// HelmRepositorySpec defines the reference to a Helm repository.
#HelmRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// The interval at which to check the upstream for updates.
interval: string
// PassCredentials allows the credentials from the SecretRef to be
// passed on to
// a host that does not match the host as defined in URL.
// This may be required if the host of the advertised chart URLs
// in the index
// differ from the defined URL.
// Enabling this should be done with caution, as it can
// potentially result in
// credentials getting stolen in a MITM-attack.
passCredentials?: bool
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout of index downloading, defaults to 60s.
timeout?: string | *"60s"
// The Helm repository URL, a valid URL contains at least a
// protocol and host.
url: string
}

132
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmrepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,132 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// HelmRepository is the Schema for the helmrepositories API.
#HelmRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
spec!: #HelmRepositorySpec
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
#HelmRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// Insecure allows connecting to a non-TLS HTTP container
// registry.
// This field is only taken into account if the .spec.type field
// is set to 'oci'.
insecure?: bool
// Interval at which the HelmRepository URL is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// PassCredentials allows the credentials from the SecretRef to be
// passed
// on to a host that does not match the host as defined in URL.
// This may be required if the host of the advertised chart URLs
// in the
// index differ from the defined URL.
// Enabling this should be done with caution, as it can
// potentially result
// in credentials getting stolen in a MITM-attack.
passCredentials?: bool
// Provider used for authentication, can be 'aws', 'azure', 'gcp'
// or 'generic'.
// This field is optional, and only taken into account if the
// .spec.type field is set to 'oci'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// HelmRepository.
suspend?: bool
// Timeout is used for the index fetch operation for an HTTPS helm
// repository,
// and for remote OCI Repository operations like pulling for an
// OCI helm
// chart by the associated HelmChart.
// Its default value is 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type of the HelmRepository.
// When this field is set to "oci", the URL field value must be
// prefixed with "oci://".
type?: "default" | "oci"
// URL of the Helm repository, a valid URL contains at least a
// protocol and
// host.
url: =~"^(http|https|oci)://.*$"
}

179
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,179 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// OCIRepository is the Schema for the ocirepositories API
#OCIRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "OCIRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// OCIRepositorySpec defines the desired state of OCIRepository
spec!: #OCIRepositorySpec
}
// OCIRepositorySpec defines the desired state of OCIRepository
#OCIRepositorySpec: {
certSecretRef?: {
// Name of the referent.
name: string
}
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS HTTP container
// registry.
insecure?: bool
// Interval at which the OCIRepository URL is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// LayerSelector specifies which layer should be extracted from
// the OCI artifact.
// When not specified, the first layer found in the artifact is
// selected.
layerSelector?: {
// MediaType specifies the OCI media type of the layer
// which should be extracted from the OCI Artifact. The
// first layer matching this type is selected.
mediaType?: string
// Operation specifies how the selected layer should be processed.
// By default, the layer compressed content is extracted to
// storage.
// When the operation is set to 'copy', the layer compressed
// content
// is persisted to storage as it is.
operation?: "extract" | "copy"
}
// The provider used for authentication, can be 'aws', 'azure',
// 'gcp' or 'generic'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
// The OCI reference to pull and monitor for changes,
// defaults to the latest tag.
ref?: {
// Digest is the image digest to pull, takes precedence over
// SemVer.
// The value should be in the format 'sha256:<HASH>'.
digest?: string
// SemVer is the range of tags to pull selecting the latest within
// the range, takes precedence over Tag.
semver?: string
// SemverFilter is a regex pattern to filter the tags within the
// SemVer range.
semverFilter?: string
// Tag is the image tag to pull, defaults to latest.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// ServiceAccountName is the name of the Kubernetes ServiceAccount
// used to authenticate
// the image pull if the service account has attached pull
// secrets. For more information:
// https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
serviceAccountName?: string
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout for remote OCI Repository operations like pulling,
// defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
// URL is a reference to an OCI artifact repository hosted
// on a remote container registry.
url: =~"^oci://.*$"
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
verify?: {
// MatchOIDCIdentity specifies the identity matching criteria to
// use
// while verifying an OCI artifact which was signed using Cosign
// keyless
// signing. The artifact's identity is deemed to be verified if
// any of the
// specified matchers match against the identity.
matchOIDCIdentity?: [...{
// Issuer specifies the regex pattern to match against to verify
// the OIDC issuer in the Fulcio certificate. The pattern must be
// a
// valid Go regular expression.
issuer: string
// Subject specifies the regex pattern to match against to verify
// the identity subject in the Fulcio certificate. The pattern
// must
// be a valid Go regular expression.
subject: string
}]
// Provider specifies the technology used to sign the OCI
// Artifact.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
}

4
internal/generate/platforms/cue.mod/module.cue
View File

@@ -1,2 +1,2 @@
module: "user.holos.run/platform"
language: version: "v0.9.2"
module: "example.com/platform"
language: version: "v0.11.0"

3
internal/generate/platforms/cue.mod/pkg/github.com/holos-run/holos/api/core/v1alpha5/types.cue
View File

@@ -1,5 +1,8 @@
package v1alpha5
// Don't allow password values, use fromEnv instead.
#Auth: password: value?: ""
#Transformer: {
kind: _

1
internal/generate/platforms/v1alpha5/.gitignore vendored
View File

@@ -7,3 +7,4 @@ ehthumbs.db
Thumbs.db
vendor/
node_modules/
tmp/

66
internal/helm/driver.go Normal file
View File

@@ -0,0 +1,66 @@
package helm
import (
"context"
"fmt"
"os"
"github.com/holos-run/holos/internal/server/middleware/logger"
"helm.sh/helm/v3/pkg/action"
"helm.sh/helm/v3/pkg/cli"
"helm.sh/helm/v3/pkg/registry"
)
// https://helm.sh/docs/sdk/examples/#driver
var helmDriver string = os.Getenv("HELM_DRIVER")
func initActionConfig(ctx context.Context, settings *cli.EnvSettings) (*action.Configuration, error) {
return initActionConfigList(ctx, settings, false)
}
func initActionConfigList(ctx context.Context, settings *cli.EnvSettings, allNamespaces bool) (*action.Configuration, error) {
log := logger.FromContext(ctx)
actionConfig := new(action.Configuration)
namespace := func() string {
// For list action, you can pass an empty string instead of settings.Namespace() to list
// all namespaces
if allNamespaces {
return ""
}
return settings.Namespace()
}()
debug := func(format string, a ...any) {
log.DebugContext(ctx, fmt.Sprintf(format, a...))
}
if err := actionConfig.Init(
settings.RESTClientGetter(),
namespace,
helmDriver,
debug); err != nil {
return nil, err
}
return actionConfig, nil
}
func newDefaultRegistryClient(settings *cli.EnvSettings, plainHTTP bool) (*registry.Client, error) {
opts := []registry.ClientOption{
registry.ClientOptDebug(settings.Debug),
registry.ClientOptEnableCache(true),
registry.ClientOptWriter(os.Stderr),
registry.ClientOptCredentialsFile(settings.RegistryConfig),
}
if plainHTTP {
opts = append(opts, registry.ClientOptPlainHTTP())
}
// Create a new registry client
registryClient, err := registry.NewClient(opts...)
if err != nil {
return nil, err
}
return registryClient, nil
}

52
internal/helm/helm.go Normal file
View File

@@ -0,0 +1,52 @@
package helm
import (
"context"
"fmt"
"github.com/holos-run/holos/internal/errors"
"github.com/holos-run/holos/internal/logger"
"helm.sh/helm/v3/pkg/action"
"helm.sh/helm/v3/pkg/cli"
)
// PullChart downloads and caches a Helm chart locally. It handles both OCI and
// HTTP repositories. Returns the path to the cached chart and any error
// encountered. Attribution: Helm SDK Examples [Pull Action].
//
// For convenience, initialize SDK setting via CLI mechanism:
//
// settings := cli.New()
//
// [Pull Action]: https://helm.sh/docs/sdk/examples/#pull-action
func PullChart(ctx context.Context, settings *cli.EnvSettings, chartRef, chartVersion, repoURL, destDir, username, password string) error {
log := logger.FromContext(ctx)
actionConfig, err := initActionConfig(ctx, settings)
if err != nil {
return errors.Format("failed to init action config: %w", err)
}
registryClient, err := newDefaultRegistryClient(settings, false)
if err != nil {
return errors.Format("failed to created registry client: %w", err)
}
actionConfig.RegistryClient = registryClient
pullClient := action.NewPullWithOpts(action.WithConfig(actionConfig))
pullClient.Untar = true
pullClient.RepoURL = repoURL
pullClient.DestDir = destDir
pullClient.Settings = settings
pullClient.Version = chartVersion
pullClient.Username = username
pullClient.Password = password
result, err := pullClient.Run(chartRef)
if err != nil {
return errors.Format("failed to pull chart: %w", err)
}
log.DebugContext(ctx, fmt.Sprintf("%+v", result))
return nil
}

2
internal/holos/interface.go
View File

@@ -21,6 +21,8 @@ type Platform interface {
type Component interface {
Describe() string
Path() string
// ExtractYAML represents the values of the --extract-yaml flag
ExtractYAML() ([]string, error)
Tags() ([]string, error)
WriteTo() string
Labels() Labels

27
internal/holos/types.go
View File

@@ -40,13 +40,22 @@ func (i *StringSlice) Set(value string) error {
return nil
}
// TagMap represents a map of key values for CUE TagMap for flag parsing.
type TagMap map[string]string
// TagMap represents a map of key values for CUE TagMap for flag parsing. The
// values are pointers to disambiguate between the case where a tag is a boolean
// ("--inject foo") and the case where a tag has a string zero value ("--inject
// foo="). Refer to the Tags field of [cue/load.Config]
//
// [cue/load.Config]: https://pkg.go.dev/cuelang.org/go@v0.10.1/cue/load#Config
type TagMap map[string]*string
func (t TagMap) Tags() []string {
parts := make([]string, 0, len(t))
for k, v := range t {
parts = append(parts, fmt.Sprintf("%s=%s", k, v))
for tag, val := range t {
if val == nil {
parts = append(parts, tag)
} else {
parts = append(parts, fmt.Sprintf("%s=%s", tag, *val))
}
}
return parts
}
@@ -60,10 +69,14 @@ func (t TagMap) String() string {
// is not supported.
func (t TagMap) Set(value string) error {
parts := strings.SplitN(value, "=", 2)
if len(parts) != 2 {
switch len(parts) {
case 1:
t[parts[0]] = nil
case 2:
t[parts[0]] = &parts[1]
default:
return errors.Format("invalid format, must be tag=value")
}
t[parts[0]] = parts[1]
return nil
}
@@ -307,6 +320,7 @@ type BuildOpts struct {
Stderr io.Writer
WriteTo string
Path string
Tags []string
}
func NewBuildOpts(path string) BuildOpts {
@@ -316,5 +330,6 @@ func NewBuildOpts(path string) BuildOpts {
Stderr: os.Stderr,
WriteTo: "deploy",
Path: path,
Tags: make([]string, 0, 10),
}
}

5
internal/util/run.go
View File

@@ -43,10 +43,11 @@ func RunCmd(ctx context.Context, name string, args ...string) (result RunResult,
cmd.Stdout = result.Stdout
cmd.Stderr = result.Stderr
log := logger.FromContext(ctx)
log.DebugContext(ctx, "running: "+name, "name", name, "args", args)
command := fmt.Sprintf("%s '%s'", name, strings.Join(args, "' '"))
log.DebugContext(ctx, "running command: "+command, "name", name, "args", args)
err = cmd.Run()
if err != nil {
err = fmt.Errorf("could not run command: %s %s: %w", name, strings.Join(args, " "), err)
err = fmt.Errorf("could not run command:\n\t%s\n\t%w", command, err)
}
return result, err
}

3
internal/util/util.go
View File

@@ -42,6 +42,9 @@ func FindCueMod(path string) (root string, err error) {
return root, nil
}
// FindRootLeaf returns the root path containing the cue.mod and the leaf path
// relative to the root for the given target path. FindRootLeaf calls
// [filepath.Clean] on the returned paths.
func FindRootLeaf(target string) (root string, leaf string, err error) {
if root, err = FindCueMod(target); err != nil {
return "", "", err

4
service/buf.lock
View File

@@ -4,5 +4,5 @@ deps:
- remote: buf.build
owner: bufbuild
repository: protovalidate
commit: 5a7b106cbb87462d9a8c9ffecdbd2e38
digest: shake256:2f7efa5a904668219f039d4f6eeb51e871f8f7f5966055a10663cba335bd65f76cac84da3fa758ab7b5dcb489ec599521390ce3951d119fb56df1fc2def16bb0
commit: a3320276596649bcad929ac829d451f4
digest: shake256:a6e5f64fd3fd47e3e8568e9753f59a1566f56c11ec055baf65463d3bca3499f6f16c2d6f5628fa41cfd0f4fa7e72abe65be4efd77d269749492472ed4cc4070d

2
version/embedded/minor
View File

@@ -1 +1 @@
101
102