Merge branch 'release/v3.40.1-1'

Author: nhinze23

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v3.40.1-1] - 2022-07-12
+### Changed
+- Upgrade Sonatype Nexus to v3.40.1-01; #106
+- Upgrade Makefiles to 6.0.3
+- Upgrade Base Image to 8u302-3
+
 ## [v3.37.3-4] - 2022-04-06
 ### Changed
 - Upgrade zlib package to fix CVE-2018-25032; #100

Dockerfile

@@ -1,11 +1,11 @@
 # registry.cloudogu.com/official/nexus
-FROM registry.cloudogu.com/official/java:8u302-1
+FROM registry.cloudogu.com/official/java:8u302-3
 LABEL maintainer="[email protected]" \
     NAME="official/nexus" \
-    VERSION="3.37.3-4"
+    VERSION="3.40.1-1"
 
 # The version of nexus to install
-ENV NEXUS_VERSION=3.37.3-02 \
+ENV NEXUS_VERSION=3.40.1-01 \
     TINI_VERSION=0.19.0 \
     NEXUS_CLAIM_VERSION=1.0.0 \
     NEXUS_CARP_VERSION=1.3.1 \
@@ -16,7 +16,7 @@ ENV NEXUS_VERSION=3.37.3-02 \
     NEXUS_WORKDIR=/opt/sonatype/nexus \
     NEXUS_SERVER="http://localhost:8081/nexus" \
     SHA256_TINI="c5b0666b4cb676901f90dfcb37106783c5fe2077b04590973b885950611b30ee" \
-    SHA256_NEXUS_TAR="c1db431908c5a76b44015c555d6ef4517abf0a86844faffee0f5d6c62359312d" \
+    SHA256_NEXUS_TAR="97f4e847e5c2ba714b09456f9fb5f449c7e89b2f0a2b8c175f36cc31f345774e" \
     SHA256_NEXUS_CLAIM="a34608ac7b516d6bc91f8a157bea286919c14e5fb5ecc76fc15edccb35adec42" \
     SHA256_NEXUS_SCRIPTING="60c7f3d8a0c97b1d90d954ebad9dc07dbeb7927934b618c874b2e72295cafb48" \
     SHA256_NEXUS_CARP="f9a9d9f9efcabd27fb4df2544142000d5607c8feb9772e77f23239d7a6647458"

Makefile

@@ -1,4 +1,5 @@
-MAKEFILES_VERSION=4.2.0
+MAKEFILES_VERSION=6.0.3
+VERSION=3.40.1-1
 
 .DEFAULT_GOAL:=dogu-release
 

build/make/bower.mk

@@ -1,7 +1,9 @@
+##@ Bower dependency management
+
 BOWER_JSON=$(WORKDIR)/bower.json
 
 .PHONY: bower-install
-bower-install: $(BOWER_TARGET)
+bower-install: $(BOWER_TARGET) ## Execute yarn run bower (in Docker)
 
 ifeq ($(ENVIRONMENT), ci)
 
@@ -19,7 +21,7 @@ $(BOWER_TARGET): $(BOWER_JSON) $(PASSWD) $(YARN_TARGET)
 	  -v $(PASSWD):/etc/passwd:ro \
 	  -v $(WORKDIR):$(WORKDIR) \
 	  -w $(WORKDIR) \
-	  node:8 \
+	  node:$(NODE_VERSION) \
 	  yarn run bower
 	@touch $@
 

build/make/build.mk

@@ -1,24 +1,28 @@
+##@ Compiling go software
+
 ADDITIONAL_LDFLAGS?=-extldflags -static
 LDFLAGS?=-ldflags "$(ADDITIONAL_LDFLAGS) -X main.Version=$(VERSION) -X main.CommitID=$(COMMIT_ID)"
-GOIMAGE?=cloudogu/golang
-GOTAG?=1.10.2-2
+GOIMAGE?=golang
+GOTAG?=1.14.13
 GOOS?=linux
 GOARCH?=amd64
 PRE_COMPILE?=
 GO_ENV_VARS?=
+CUSTOM_GO_MOUNT?=-v /tmp:/tmp
+GO_BUILD_FLAGS?=-mod=vendor -a -tags netgo $(LDFLAGS) -installsuffix cgo -o $(BINARY)
 
 .PHONY: compile
-compile: $(BINARY)
+compile: $(BINARY) ## Compile the go program via Docker
 
-compile-ci:
+compile-ci: ## Compile the go program without Docker
 	@echo "Compiling (CI)..."
 	make compile-generic
 
 compile-generic:
 	@echo "Compiling..."
 # here is go called without mod capabilities because of error "go: error loading module requirements"
 # see https://github.com/golang/go/issues/30868#issuecomment-474199640
-	@$(GO_ENV_VARS) go build -a -tags netgo $(LDFLAGS) -installsuffix cgo -o $(BINARY)
+	@$(GO_ENV_VARS) go build $(GO_BUILD_FLAGS)
 
 
 ifeq ($(ENVIRONMENT), ci)
@@ -29,17 +33,19 @@ $(BINARY): $(SRC) vendor $(PRE_COMPILE)
 
 else
 
-$(BINARY): $(SRC) vendor $(PASSWD) $(HOME_DIR) $(PRE_COMPILE)
+$(BINARY): $(SRC) vendor $(PASSWD) $(ETCGROUP) $(HOME_DIR) $(PRE_COMPILE)
 	@echo "Building locally (in Docker)"
 	@docker run --rm \
-	 -e GOOS=$(GOOS) \
-	 -e GOARCH=$(GOARCH) \
-	 -u "$(UID_NR):$(GID_NR)" \
-	 -v $(PASSWD):/etc/passwd:ro \
-	 -v $(HOME_DIR):/home/$(USER) \
-	 -v $(WORKDIR):/go/src/github.com/cloudogu/$(ARTIFACT_ID) \
-	 -w /go/src/github.com/cloudogu/$(ARTIFACT_ID) \
-	 $(GOIMAGE):$(GOTAG) \
+		-e GOOS=$(GOOS) \
+		-e GOARCH=$(GOARCH) \
+		-u "$(UID_NR):$(GID_NR)" \
+		-v $(PASSWD):/etc/passwd:ro \
+		-v $(ETCGROUP):/etc/group:ro \
+		-v $(HOME_DIR):/home/$(USER) \
+		-v $(WORKDIR):/go/src/github.com/cloudogu/$(ARTIFACT_ID) \
+		$(CUSTOM_GO_MOUNT) \
+		-w /go/src/github.com/cloudogu/$(ARTIFACT_ID) \
+		$(GOIMAGE):$(GOTAG) \
   make compile-generic
 
 endif

build/make/clean.mk

@@ -1,10 +1,13 @@
+##@ Cleaning
+
 .PHONY: clean
-clean: $(ADDITIONAL_CLEAN)
+clean: $(ADDITIONAL_CLEAN) ## Remove target and tmp directories
 	rm -rf ${TARGET_DIR}
 	rm -rf ${TMP_DIR}
+	rm -rf ${UTILITY_BIN_PATH}
 
 .PHONY: dist-clean
-dist-clean: clean
+dist-clean: clean ## Remove all generated directories
 	rm -rf node_modules
 	rm -rf public/vendor
 	rm -rf vendor

build/make/dependencies-gomod.mk

@@ -1,5 +1,7 @@
+##@ Go mod dependency management
+
 .PHONY: dependencies
-dependencies: vendor
+dependencies: vendor ## Install dependencies using go mod
 
 vendor: go.mod go.sum
 	@echo "Installing dependencies using go modules..."

build/make/deploy-debian.mk

@@ -1,3 +1,5 @@
+##@ Debian package deployment
+
 # This Makefile holds all targets for deploying and undeploying
 # Uses the variable APT_REPO to determine which apt repos should be used to deploy
 
@@ -21,11 +23,8 @@ ifeq ($(APT_REPO), ces-premium)
 	@echo "... add package to ces-premium repository"
 	@$(APTLY) -X POST "${APT_API_BASE_URL}/repos/ces-premium/file/$$(basename ${DEBIAN_PACKAGE})"
 else
-	@echo "... add package to ces and xenial repositories"
-	# heads up: For migration to a new repo structure we use two repos, new (ces) and old (xenial)
-	# '?noRemove=1': aptly removes the file on success. This leads to an error on the second package add. Keep it this round
-	@$(APTLY) -X POST "${APT_API_BASE_URL}/repos/ces/file/$$(basename ${DEBIAN_PACKAGE})?noRemove=1"
-	@$(APTLY) -X POST "${APT_API_BASE_URL}/repos/xenial/file/$$(basename ${DEBIAN_PACKAGE})"
+	@echo "\n... add package to ces repository"
+	@$(APTLY) -X POST "${APT_API_BASE_URL}/repos/ces/file/$$(basename ${DEBIAN_PACKAGE})"
 endif
 
 define aptly_publish
@@ -34,17 +33,16 @@ endef
 
 .PHONY: publish
 publish:
-	@echo "... publish packages"
+	@echo "\n... publish packages"
 ifeq ($(APT_REPO), ces-premium)
 	@$(call aptly_publish,ces-premium,bionic)
 else
-	@$(call aptly_publish,xenial,xenial)
-	@$(call aptly_publish,ces,xenial)
+	@$(call aptly_publish,ces,focal)
 	@$(call aptly_publish,ces,bionic)
 endif
 
 .PHONY: deploy
-deploy: add-package-to-repo publish
+deploy: add-package-to-repo publish ## Deploy package to apt repository
 
 define aptly_undeploy
 	PREF=$$(${APTLY} "${APT_API_BASE_URL}/repos/$(1)/packages?q=${ARTIFACT_ID}%20(${VERSION})"); \
@@ -56,13 +54,12 @@ remove-package-from-repo:
 ifeq ($(APT_REPO), ces-premium)
 	@$(call aptly_undeploy,ces-premium)
 else
-	@$(call aptly_undeploy,xenial)
 	@$(call aptly_undeploy,ces)
 endif
 
 .PHONY: undeploy
-undeploy: deploy-check remove-package-from-repo publish
+undeploy: deploy-check remove-package-from-repo publish ## Undeploy package from apt repository
 
 .PHONE: lint-deb-package
-lint-deb-package: debian
+lint-deb-package: debian ## Lint debian package
 	@lintian -i $(DEBIAN_PACKAGE)

build/make/digital-signature.mk

@@ -1,7 +1,9 @@
+##@ Digital signatures
+
 CHECKSUM=$(TARGET_DIR)/$(ARTIFACT_ID).sha256sum
 
 .PHONY: checksum
-checksum: $(CHECKSUM)
+checksum: $(CHECKSUM) ## Generate checksums
 # we have to depend on target dir, because we want to rebuild the checksum
 # if one of the artefacts was changed
 $(CHECKSUM): $(TARGET_DIR)
@@ -11,7 +13,12 @@ $(CHECKSUM): $(TARGET_DIR)
 SIGNATURE=$(CHECKSUM).asc
 
 .PHONY: signature
-signature: $(SIGNATURE)
+signature: $(SIGNATURE) ## Generate signature
 $(SIGNATURE): $(CHECKSUM)
 	@echo "Generating Signature"
 	@gpg --batch --yes --detach-sign --armor -o $@ $<
+
+.PHONY: signature-ci
+signature-ci: $(CHECKSUM)
+	@echo "Generating Signature"
+	@gpg2 --batch --pinentry-mode loopback --passphrase="${passphrase}" --yes --detach-sign --armor -o ${SIGNATURE} $<

build/make/k8s-controller.mk

@@ -0,0 +1,96 @@
+# This script can be used to build and deploy kubernetes controllers. It is required to implement the controller
+# specific targets `manifests` and `generate`:
+#
+# Examples:
+#
+#.PHONY: manifests
+#manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+#	@echo "Generate manifests..."
+#	@$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+#
+#.PHONY: generate
+#generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+#	@echo "Auto-generate deepcopy functions..."
+#	@$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+# This script requires the k8s.mk script
+include $(WORKDIR)/build/make/k8s.mk
+
+## Variables
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# This is a requirement for 'setup-envtest.sh' in the test target.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+# make sure to create a statically linked binary otherwise it may quit with
+# "exec user process caused: no such file or directory"
+GO_BUILD_FLAGS=-mod=vendor -a -tags netgo,osusergo $(LDFLAGS) -o $(BINARY)
+
+# remove DWARF symbol table and strip other symbols to shave ~13 MB from binary
+ADDITIONAL_LDFLAGS=-extldflags -static -w -s
+
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.23
+K8S_INTEGRATION_TEST_DIR=${TARGET_DIR}/k8s-integration-test
+
+##@ K8s - EcoSystem
+
+.PHONY: build
+build: image-import k8s-apply ## Builds a new version of the dogu and deploys it into the K8s-EcoSystem.
+
+##@ Release
+
+.PHONY: controller-release
+controller-release: ## Interactively starts the release workflow.
+	@echo "Starting git flow release..."
+	@build/make/release.sh controller-tool
+
+##@ K8s - Development
+
+.PHONY: build-controller
+build-controller: ${SRC} compile ## Builds the controller Go binary.
+
+# Allows to perform tasks before locally running the controller
+K8S_RUN_PRE_TARGETS ?=
+.PHONY: run
+run: manifests generate vet $(K8S_RUN_PRE_TARGETS) ## Run a controller from your host.
+	go run -ldflags "-X main.Version=$(VERSION)" ./main.go
+
+##@ K8s - Integration test with envtest
+
+$(K8S_INTEGRATION_TEST_DIR):
+	@mkdir -p $@
+
+.PHONY: k8s-integration-test
+k8s-integration-test: $(K8S_INTEGRATION_TEST_DIR) manifests generate vet envtest ## Run k8s integration tests.
+	@echo "Running K8s integration tests..."
+	@KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -tags=k8s_integration ./... -coverprofile ${K8S_INTEGRATION_TEST_DIR}/report-k8s-integration.out
+
+##@ K8s - Controller Resource
+
+# The pre generation script creates a K8s resource yaml containing generated manager yaml.
+.PHONY: k8s-create-temporary-resource
+ k8s-create-temporary-resource: ${TARGET_DIR} manifests kustomize
+	@echo "Generating temporary k8s resources $(K8S_RESOURCE_TEMP_YAML)..."
+	cd $(WORKDIR)/config/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE)
+	$(KUSTOMIZE) build config/default > $(K8S_RESOURCE_TEMP_YAML)
+	@echo "Done."
+
+##@ K8s - Download Kubernetes Utility Tools
+
+CONTROLLER_GEN = $(UTILITY_BIN_PATH)/controller-gen
+.PHONY: controller-gen
+controller-gen: ## Download controller-gen locally if necessary.
+	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
+
+KUSTOMIZE = $(UTILITY_BIN_PATH)/kustomize
+.PHONY: kustomize
+kustomize: ## Download kustomize locally if necessary.
+	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/[email protected])
+
+ENVTEST = $(UTILITY_BIN_PATH)/setup-envtest
+.PHONY: envtest
+envtest: ## Download envtest-setup locally if necessary.
+	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)

build/make/k8s-dogu.mk

@@ -0,0 +1,46 @@
+
+# Variables
+
+# Path to the dogu json of the dogu
+DOGU_JSON_FILE=$(WORKDIR)/dogu.json
+DOGU_JSON_DEV_FILE=${TARGET_DIR}/dogu.json
+# Name of the dogu is extracted from the dogu.json
+ARTIFACT_ID=$(shell yq -e ".Name" $(DOGU_JSON_FILE) | sed "s|.*/||g")
+# Namespace of the dogu is extracted from the dogu.json
+ARTIFACT_NAMESPACE=$(shell yq -e ".Name" $(DOGU_JSON_FILE) | sed "s|/.*||g")
+# Namespace of the dogu is extracted from the dogu.json
+VERSION=$(shell yq -e ".Version" $(DOGU_JSON_FILE))
+# Image of the dogu is extracted from the dogu.json
+IMAGE=$(shell yq -e ".Image" $(DOGU_JSON_FILE)):$(VERSION)
+IMAGE_DEV_WITHOUT_TAG=$(shell yq -e ".Image" $(DOGU_JSON_FILE) | sed "s|registry\.cloudogu\.com\(.\+\)|${K3CES_REGISTRY_URL_PREFIX}\1|g")
+IMAGE_DEV=${IMAGE_DEV_WITHOUT_TAG}:${VERSION}
+
+include $(WORKDIR)/build/make/k8s.mk
+
+##@ K8s - EcoSystem
+
+.PHONY: build
+build: image-import install-dogu-descriptor k8s-apply ## Builds a new version of the dogu and deploys it into the K8s-EcoSystem.
+
+##@ K8s - Dogu - Resource
+
+# The additional k8s yaml files
+K8S_RESOURCE_PRODUCTIVE_FOLDER ?= $(WORKDIR)/k8s
+K8S_RESOURCE_PRODUCTIVE_YAML ?= $(K8S_RESOURCE_PRODUCTIVE_FOLDER)/$(ARTIFACT_ID).yaml
+K8S_RESOURCE_DOGU_CR_TEMPLATE_YAML ?= $(WORKDIR)/build/make/k8s-dogu.tpl
+# The pre generation script creates a k8s resource yaml containing the dogu crd and the content from the k8s folder.
+.PHONY: k8s-create-temporary-resource
+ k8s-create-temporary-resource: $(TARGET_DIR) $(K8S_RESOURCE_TEMP_FOLDER)
+	@echo "Generating temporary K8s resources $(K8S_RESOURCE_TEMP_YAML)..."
+	@rm -f $(K8S_RESOURCE_TEMP_YAML)
+	@sed "s|NAMESPACE|$(ARTIFACT_NAMESPACE)|g" $(K8S_RESOURCE_DOGU_CR_TEMPLATE_YAML) | sed "s|NAME|$(ARTIFACT_ID)|g"  | sed "s|VERSION|$(VERSION)|g" >> $(K8S_RESOURCE_TEMP_YAML)
+	@echo "Done."
+
+##@ K8s - Dogu
+
+.PHONY: install-dogu-descriptor
+install-dogu-descriptor: $(TARGET_DIR) ## Installs a configmap with current dogu.json into the cluster.
+	@echo "Generate configmap from dogu.json..."
+	@jq ".Image=\"${IMAGE_DEV_WITHOUT_TAG}\"" ${DOGU_JSON_FILE} > ${DOGU_JSON_DEV_FILE}
+	@kubectl create configmap "$(ARTIFACT_ID)-descriptor" --from-file=$(DOGU_JSON_DEV_FILE) --dry-run=client -o yaml | kubectl apply -f -
+	@echo "Done."

build/make/k8s-dogu.tpl

@@ -0,0 +1,9 @@
+apiVersion: k8s.cloudogu.com/v1
+kind: Dogu
+metadata:
+  name: NAME
+  labels:
+    dogu: NAME
+spec:
+  name: NAMESPACE/NAME
+  version: VERSION