diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml index def33f7..5bacf55 100644 --- a/.github/workflows/test-and-lint.yml +++ b/.github/workflows/test-and-lint.yml @@ -1,4 +1,4 @@ -name: Lint and Test Charts +name: Lint and Test on: pull_request @@ -36,10 +36,20 @@ jobs: if: steps.list-changed.outputs.changed == 'true' run: ct lint --target-branch ${{ github.event.repository.default_branch }} - - name: Create kind cluster - if: steps.list-changed.outputs.changed == 'true' - uses: helm/kind-action@v1.5.0 + pr-build: + runs-on: ubuntu-latest + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: "GHCR Build" + id: docker_build + uses: docker/build-push-action@v4 + with: + push: false + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/lerentis/bitwarden-crd-operator:dev - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/Dockerfile b/Dockerfile index 94396a6..4197dfd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,3 @@ -FROM alpine:latest as builder - -ARG BW_VERSION=2023.1.0 - -RUN apk add wget unzip - -RUN cd /tmp && wget https://github.com/bitwarden/clients/releases/download/cli-v${BW_VERSION}/bw-linux-${BW_VERSION}.zip && \ - unzip /tmp/bw-linux-${BW_VERSION}.zip - FROM alpine:3.17.3 LABEL org.opencontainers.image.source=https://github.com/Lerentis/bitwarden-crd-operator @@ -17,18 +8,36 @@ ARG PYTHON_VERSION=3.10.11-r0 ARG PIP_VERSION=22.3.1-r1 ARG GCOMPAT_VERSION=1.1.0-r0 ARG LIBCRYPTO_VERSION=3.0.8-r4 +ARG BW_VERSION=2023.1.0 -COPY --from=builder /tmp/bw /usr/local/bin/bw -COPY requirements.txt requirements.txt +COPY requirements.txt /requirements.txt RUN set -eux; \ + apk add --virtual build-dependencies wget unzip; \ + ARCH="$(apk --print-arch)"; \ + case "${ARCH}" in \ + aarch64|arm64) \ + apk add npm; \ + npm install -g @bitwarden/cli@${BW_VERSION}; \ + ;; \ + amd64|x86_64) \ + cd /tmp; \ + wget https://github.com/bitwarden/clients/releases/download/cli-v${BW_VERSION}/bw-linux-${BW_VERSION}.zip; \ + unzip /tmp/bw-linux-${BW_VERSION}.zip; \ + ;; \ + *) \ + echo "Unsupported arch: ${ARCH}"; \ + exit 1; \ + ;; \ + esac; \ + apk del --purge build-dependencies; \ addgroup -S -g 1000 bw-operator; \ adduser -S -D -u 1000 -G bw-operator bw-operator; \ mkdir -p /home/bw-operator; \ chown -R bw-operator /home/bw-operator; \ - chmod +x /usr/local/bin/bw; \ apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py3-pip=${PIP_VERSION} libcrypto3=${LIBCRYPTO_VERSION} libssl3=${LIBCRYPTO_VERSION}; \ - pip install -r requirements.txt --no-warn-script-location; \ + pip install -r /requirements.txt --no-warn-script-location; \ + rm /requirements.txt; \ apk del --purge gcc musl-dev libstdc++; COPY --chown=bw-operator:bw-operator src /home/bw-operator diff --git a/charts/bitwarden-crd-operator/Chart.yaml b/charts/bitwarden-crd-operator/Chart.yaml index e848e47..74e7d1a 100644 --- a/charts/bitwarden-crd-operator/Chart.yaml +++ b/charts/bitwarden-crd-operator/Chart.yaml @@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator type: application -version: "v0.7.1" +version: "v0.7.2" -appVersion: "0.6.1" +appVersion: "0.6.2" keywords: - operator @@ -20,7 +20,7 @@ home: https://lerentis.github.io/bitwarden-crd-operator/ sources: - https://github.com/Lerentis/bitwarden-crd-operator -kubeVersion: '>= 1.23.0-0' +kubeVersion: ">= 1.23.0-0" maintainers: - name: lerentis @@ -55,10 +55,10 @@ annotations: content: - element: secretName: username - secretRef: nameofUser + secretRef: nameofUser - element: secretName: password - secretRef: passwordOfUser + secretRef: passwordOfUser id: "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" name: "test-secret" namespace: "default" @@ -90,15 +90,13 @@ annotations: apps: "some.app.identifier:some_version": pubkey: {{ bitwarden_lookup("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "fields", "public_key") }} - enabled: true + enabled: true artifacthub.io/license: MIT - artifacthub.io/operator: "true" - artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/operator: "true" + artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/changes: | - kind: fixed - description: "Fixed fields lookup" - - kind: fixed - description: "Fixed CVE-2023-1255 in base image" + description: "Fallback to npm package on ARM as native bitwarden cli package is not compatible with ARM" artifacthub.io/images: | - name: bitwarden-crd-operator - image: ghcr.io/lerentis/bitwarden-crd-operator:0.6.1 + image: ghcr.io/lerentis/bitwarden-crd-operator:0.6.2 diff --git a/charts/bitwarden-crd-operator/values.yaml b/charts/bitwarden-crd-operator/values.yaml index b153a88..5a3aa6e 100644 --- a/charts/bitwarden-crd-operator/values.yaml +++ b/charts/bitwarden-crd-operator/values.yaml @@ -14,15 +14,15 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -#env: -# - name: BW_HOST -# value: "define_it" -# - name: BW_CLIENTID -# value: "define_it" -# - name: BW_CLIENTSECRET -# value: "define_it" -# - name: BW_PASSWORD -# value: "define_id" +# env: +# - name: BW_HOST +# value: "define_it" +# - name: BW_CLIENTID +# value: "define_it" +# - name: BW_CLIENTSECRET +# value: "define_it" +# - name: BW_PASSWORD +# value: "define_id" externalConfigSecret: enabled: false