From d76cb4fb0b116651882837079f99ef5526ef6c7a Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Sun, 8 Sep 2024 12:47:50 -0700 Subject: [PATCH 1/2] Support jmespath for references with jmes: prefix Signed-off-by: Tamal Saha --- pkg/graph/lib.go | 100 +++++++++++++++++++++++++++++------------------ 1 file changed, 63 insertions(+), 37 deletions(-) diff --git a/pkg/graph/lib.go b/pkg/graph/lib.go index 3681063c55..cd543c5c48 100644 --- a/pkg/graph/lib.go +++ b/pkg/graph/lib.go @@ -26,6 +26,7 @@ import ( "sort" "strings" + "github.com/jmespath/go-jmespath" "gomodules.xyz/jsonpath" core "k8s.io/api/core/v1" kerr "k8s.io/apimachinery/pkg/api/errors" @@ -304,25 +305,19 @@ func (finder ObjectFinder) ResourcesFor(src *unstructured.Unstructured, e *Edge) // TODO: check that namespacePath must be empty var out []*unstructured.Unstructured - for _, reference := range e.Connection.References { - j := jsonpath.New("jsonpath") - j.AllowMissingKeys(true) - err := j.Parse(reference) - if err != nil { - return nil, fmt.Errorf("fails to parse reference %q between %s -> %s. err:%v", e.Connection.References, e.Src, e.Dst, err) - } - buf := new(bytes.Buffer) - err = j.Execute(buf, src.Object) - if err != nil { - return nil, fmt.Errorf("fails to execute reference %q between %s -> %s. err:%v", e.Connection.References, e.Src, e.Dst, err) - } - r := csv.NewReader(buf) - // Mapper.Comma = ';' - r.Comment = '#' - records, err := r.ReadAll() - if err != nil { - return nil, err + var records [][]string + var err error + if strings.HasPrefix(reference, "jmes:") { + records, err = execJmesPath(src.Object, reference[5:], e.Src, e.Dst) + if err != nil { + return nil, err + } + } else { + records, err = execJsonPath(src.Object, reference, e.Src, e.Dst) + if err != nil { + return nil, err + } } refs, err := ParseResourceRefs(records) if err != nil { @@ -509,25 +504,18 @@ func (finder ObjectFinder) ResourcesFor(src *unstructured.Unstructured, e *Edge) rs := result.Items[i] for _, reference := range e.Connection.References { - - j := jsonpath.New("jsonpath") - j.AllowMissingKeys(true) - err := j.Parse(reference) - if err != nil { - return nil, fmt.Errorf("fails to parse reference %q between %s -> %s. err:%v", e.Connection.References, e.Src, e.Dst, err) - } - - buf := new(bytes.Buffer) - err = j.Execute(buf, rs.Object) - if err != nil { - return nil, fmt.Errorf("fails to execute reference %q between %s -> %s. err:%v", e.Connection.References, e.Src, e.Dst, err) - } - r := csv.NewReader(buf) - // Mapper.Comma = ';' - r.Comment = '#' - records, err := r.ReadAll() - if err != nil { - return nil, err + var records [][]string + var err error + if strings.HasPrefix(reference, "jmes:") { + records, err = execJmesPath(rs.Object, reference[5:], e.Src, e.Dst) + if err != nil { + return nil, err + } + } else { + records, err = execJsonPath(rs.Object, reference, e.Src, e.Dst) + if err != nil { + return nil, err + } } refs, err := ParseResourceRefs(records) if err != nil { @@ -581,6 +569,44 @@ func (finder ObjectFinder) ResourcesFor(src *unstructured.Unstructured, e *Edge) return nil, nil } +func execJmesPath(data any, reference string, src, dst schema.GroupVersionKind) ([][]string, error) { + result, err := jmespath.Search(reference, data) + if err != nil { + return nil, fmt.Errorf("fails to execute jmes reference %q between %s -> %s. err:%w", reference, src, dst, err) + } + switch v := result.(type) { + case string: + return [][]string{{v}}, nil + case []string: + out := make([][]string, len(v)) + for i, s := range v { + out[i] = []string{s} + } + return out, nil + case [][]string: + return v, nil + } + return nil, fmt.Errorf("invalid result type %T for jmes reference %q between %s -> %s", result, reference, src, dst) +} + +func execJsonPath(data any, reference string, src, dst schema.GroupVersionKind) ([][]string, error) { + j := jsonpath.New("jsonpath") + j.AllowMissingKeys(true) + err := j.Parse(reference) + if err != nil { + return nil, fmt.Errorf("fails to parse reference %q between %s -> %s. err:%v", reference, src, dst, err) + } + buf := new(bytes.Buffer) + err = j.Execute(buf, data) + if err != nil { + return nil, fmt.Errorf("fails to execute reference %q between %s -> %s. err:%v", reference, src, dst, err) + } + r := csv.NewReader(buf) + // Mapper.Comma = ';' + r.Comment = '#' + return r.ReadAll() +} + func isConnected(conn rsapi.OwnershipLevel, obj *unstructured.Unstructured, owner *unstructured.Unstructured) bool { switch conn { case rsapi.Controller: From 65a89721520234e419680ab094c8d8917225d58c Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Fri, 15 May 2026 12:16:38 +0600 Subject: [PATCH 2/2] Harden CI workflows; replace GHCRX app token with LGTM_GITHUB_TOKEN Signed-off-by: Tamal Saha --- .github/.kodiak.toml | 2 +- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release-tracker.yml | 9 +-------- .github/workflows/release.yml | 20 +++++++++++++------- Makefile | 2 +- hack/scripts/update-release-tracker.sh | 2 +- 6 files changed, 21 insertions(+), 22 deletions(-) diff --git a/.github/.kodiak.toml b/.github/.kodiak.toml index ded81e43d9..b64a5f6fc7 100644 --- a/.github/.kodiak.toml +++ b/.github/.kodiak.toml @@ -15,4 +15,4 @@ strip_html_comments = true # default: false always = true # default: false [approve] -auto_approve_usernames = ["1gtm", "tamalsaha"] +auto_approve_usernames = ["tamalsaha", "1gtm", "1gtm-app[bot]"] \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b0d3f63455..34321a4cfc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,19 +21,19 @@ jobs: steps: - name: Set up Go 1.23 - uses: actions/setup-go@v1 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: go-version: '1.23' id: go - - uses: actions/checkout@v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Set up QEMU id: qemu - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Run checks run: | diff --git a/.github/workflows/release-tracker.yml b/.github/workflows/release-tracker.yml index 24d5afa7dd..62e0b9b2fc 100644 --- a/.github/workflows/release-tracker.yml +++ b/.github/workflows/release-tracker.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Prepare git env: @@ -25,15 +25,8 @@ jobs: git config --global user.email "${GITHUB_USER}@appscode.com" git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git - - name: Install GitHub CLI - run: | - curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 - sudo mv bin/hub /usr/local/bin - name: Update release tracker - if: | - github.event.action == 'closed' && - github.event.pull_request.merged == true env: GITHUB_USER: 1gtm GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2bf951582..f83b13f2c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,8 +15,10 @@ jobs: build: name: Build runs-on: ubuntu-22.04 + permissions: + contents: write steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Print version info id: semver @@ -25,23 +27,27 @@ jobs: - name: Set up QEMU id: qemu - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + + - name: Log in to the GitHub Container registry + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ghcr.io + username: 1gtm + password: ${{ secrets.LGTM_GITHUB_TOKEN }} - name: Publish to GitHub Container Registry env: REGISTRY: ghcr.io/appscode - DOCKER_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} - USERNAME: 1gtm APPSCODE_ENV: prod run: | - docker login ghcr.io --username ${USERNAME} --password ${DOCKER_TOKEN} make release - name: Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2 if: startsWith(github.ref, 'refs/tags/') env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Makefile b/Makefile index cc20bd0d4b..04ec591dff 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ SRC_REG ?= # This version-strategy uses git tags to set the version string git_branch := $(shell git rev-parse --abbrev-ref HEAD) -git_tag := $(shell git describe --exact-match --abbrev=0 2>/dev/null || echo "") +git_tag := $(shell git describe --tags --exact-match --abbrev=0 2>/dev/null || echo "") commit_hash := $(shell git rev-parse --verify HEAD) commit_timestamp := $(shell date --date="@$$(git show -s --format=%ct)" --utc +%FT%T) diff --git a/hack/scripts/update-release-tracker.sh b/hack/scripts/update-release-tracker.sh index 55be4c91b1..dee1e317d7 100755 --- a/hack/scripts/update-release-tracker.sh +++ b/hack/scripts/update-release-tracker.sh @@ -69,4 +69,4 @@ case $GITHUB_BASE_REF in ;; esac -hub api "$api_url" -f body="$msg" +gh api "$api_url" -f body="$msg"