feat: dev deploy --ref and --flavor flags

README.md

@@ -293,22 +293,54 @@ UDS CLI includes a vendored version of Zarf inside of its binary. To use Zarf, s
 
 ## Dev Mode
 
-> [!NOTE]  
-> Dev mode is a BETA feature
+<b>NOTE: Dev mode is a BETA feature</b>
 
 Dev mode facilitates faster dev cycles when developing and testing bundles
 
 ```
 uds dev deploy <path-to-bundle-yaml-dir> | <oci-ref>
 ```
 
-The `dev deploy` command performs the following operations
+The `dev deploy` command performs the following operations:
 
-- If local bundle: Creates Zarf packages for all local packages in a bundle
-  - Creates the Zarf tarball in the same directory as the `zarf.yaml`
-      - Can use `--flavor` flag to specify what flavor of package you want to create
-  - Will only create the Zarf tarball if one does not already exist or can use `--force-create` to force the creation of a new zarf package even if one currently exists
-  - Ignores any `kind: ZarfInitConfig` packages in the bundle
-  - Creates a bundle from the newly created Zarf packages
 - Deploys the bundle in [YOLO](https://docs.zarf.dev/faq/#what-is-yolo-mode-and-why-would-i-use-it) mode, eliminating the need to do a `zarf init`
-- For remote packages you can specify what package ref you want to deploy by using the `--ref` flag and specifying the package name and desired ref. (example: `--ref podinfo=0.2.0`)
+  - any `kind: ZarfInitConfig` packages in the bundle will be ignored
+- For local bundles:
+  - Creates the Zarf tarball if one does not already exist or the `--force-create` flag can be used to force the creation of a new zarf package
+    - The Zarf tarball is created in the same directory as the `zarf.yaml`
+    - The `--flavor` flag can be used to specify what flavor of a package you want to create (example: `--flavor podinfo=upstream` to specify the flavor for the `podinfo` package or `--flavor upstream` to specify the flavor for all the packages in the bundle)
+  - Creates a bundle from the newly created Zarf packages
+- For remote packages:
+  - The `--ref` flagcan be used to specify what package ref you want to deploy (example: `--ref podinfo=0.2.0`)
+
+## Scan
+
+> [!NOTE]  
+> Scan is an ALPHA feature.
+> Trivy is a prerequisite for scanning container images and filesystem for vulnerabilities. You can find more information and installation instructions at [Trivy's official documentation](https://aquasecurity.github.io/trivy).
+
+
+The `scan` command is used to scan a Zarf package for vulnerabilities and generate a report. This command is currently in ALPHA.
+
+### Usage
+
+To use the `scan` command, run:
+
+```sh
+uds scan --org <organization> --package-name <package-name> --tag <tag> [options]
+```
+
+### Required Parameters
+- `--org` or `-o`: Organization name (default: `defenseunicorns`)
+- `--package-name` or `-n`: Name of the package (e.g., `packages/uds/gitlab-runner`)
+- `--tag` or `-g`: Tag name (e.g., `16.10.0-uds.0-upstream`)
+- `--output-file` or `-f`: Output file for CSV results
+
+### Optional Parameters
+- `--docker-username` or `-u`: Docker username for registry access, accepts CSV values
+- `--docker-password` or `-p`: Docker password for registry access, accepts CSV values
+
+### Example Usage
+```sh
+uds scan -o defenseunicorns -n packages/uds/gitlab-runner -g 16.10.0-uds.0-upstream -u docker-username -p docker-password -f gitlab-runner.csv
+```

src/config/lang/lang.go

@@ -84,7 +84,7 @@ const (
 	CmdZarfShort = "Run a zarf command"
 
 	// uds dev
-	CmdDevShort                = "Commands useful for developing bundles"
+	CmdDevShort                = "[beta] Commands useful for developing bundles"
 	CmdDevDeployShort          = "[beta] Creates and deploys a UDS bundle from a given directory in dev mode"
 	CmdDevDeployLong           = "[beta] Creates and deploys a UDS bundle from a given directory in dev mode, setting package options like YOLO mode for faster iteration."
 	CmdBundleCreateForceCreate = "For local bundles with local packages, specify whether to create a zarf package even if it already exists."

src/pkg/bundle/common.go

@@ -348,6 +348,11 @@ func validateBundleVars(packages []types.Package) error {
 // setPackageRef sets the package reference
 func (b *Bundle) setPackageRef(pkg types.Package) types.Package {
 	if ref, ok := b.cfg.DevDeployOpts.Ref[pkg.Name]; ok {
+		// Can only set refs for remote packages
+		if pkg.Repository == "" {
+			message.Fatalf(errors.New("Invalid input"), "Cannot set ref for local packages: %s", pkg.Name)
+		}
+
 		errMsg := fmt.Sprintf("Unable to access %s:%s", pkg.Repository, ref)
 
 		// Get SHA from registry

src/pkg/bundle/dev.go

@@ -5,6 +5,7 @@
 package bundle
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -28,6 +29,15 @@ func (b *Bundle) CreateZarfPkgs() {
 
 	zarfPackagePattern := `^zarf-.*\.tar\.zst$`
 	for _, pkg := range b.bundle.Packages {
+		// Can only set flavors for local packages
+		if pkg.Path == "" {
+			// check if attempting to apply flavor to remote package
+			if (len(b.cfg.DevDeployOpts.Flavor) == 1 && b.cfg.DevDeployOpts.Flavor[""] != "") ||
+				(b.cfg.DevDeployOpts.Flavor[pkg.Name] != "") {
+				message.Fatalf(errors.New("Invalid input"), "Cannot set flavor for remote packages: %s", pkg.Name)
+			}
+		}
+
 		// if pkg is a local zarf package, attempt to create it if it doesn't exist
 		if pkg.Path != "" {
 			path := getPkgPath(pkg, config.GetArch(b.bundle.Metadata.Architecture), srcDir)

src/test/bundles/15-dev-deploy/uds-bundle.yaml

@@ -0,0 +1,10 @@
+kind: UDSBundle
+metadata:
+  name: dev-deploy-flavors
+  description: building from a local Zarf pkg with flavors
+  version: 0.0.1
+
+packages:
+  - name: podinfo
+    path: "../../packages/podinfo/flavors"
+    ref: 0.0.1

src/test/e2e/commands_test.go

@@ -119,14 +119,14 @@ func deploy(t *testing.T, tarballPath string) (stdout string, stderr string) {
 }
 
 func devDeploy(t *testing.T, bundlePath string) (stdout string, stderr string) {
-	cmd := strings.Split(fmt.Sprintf("dev deploy %s --confirm", bundlePath), " ")
+	cmd := strings.Split(fmt.Sprintf("dev deploy %s", bundlePath), " ")
 	stdout, stderr, err := e2e.UDS(cmd...)
 	require.NoError(t, err)
 	return stdout, stderr
 }
 
 func devDeployPackages(t *testing.T, tarballPath string, packages string) (stdout string, stderr string) {
-	cmd := strings.Split(fmt.Sprintf("dev deploy %s --packages %s --confirm", tarballPath, packages), " ")
+	cmd := strings.Split(fmt.Sprintf("dev deploy %s --packages %s", tarballPath, packages), " ")
 	stdout, stderr, err := e2e.UDS(cmd...)
 	require.NoError(t, err)
 	return stdout, stderr

src/test/e2e/dev_test.go

@@ -70,8 +70,8 @@ func TestDevDeploy(t *testing.T) {
 	})
 
 	t.Run("Test dev deploy with flavor flag", func(t *testing.T) {
-		e2e.DeleteZarfPkg(t, "src/test/packages/podinfo")
-		bundleDir := "src/test/bundles/03-local-and-remote"
+		e2e.DeleteZarfPkg(t, "src/test/packages/podinfo/flavors")
+		bundleDir := "src/test/bundles/15-dev-deploy"
 
 		cmd := strings.Split(fmt.Sprintf("dev deploy %s --flavor %s", bundleDir, "podinfo=patchVersion3"), " ")
 		_, _, err := e2e.UDS(cmd...)
@@ -82,12 +82,12 @@ func TestDevDeploy(t *testing.T) {
 		require.Contains(t, ref, "ghcr.io/stefanprodan/podinfo:6.6.3")
 		require.NoError(t, err)
 
-		cmd = strings.Split("zarf tools kubectl delete ns podinfo nginx zarf podinfo-flavor", " ")
+		cmd = strings.Split("zarf tools kubectl delete ns zarf podinfo-flavor", " ")
 		_, _, err = e2e.UDS(cmd...)
 		require.NoError(t, err)
 	})
 	t.Run("Test dev deploy with global flavor", func(t *testing.T) {
-		bundleDir := "src/test/bundles/03-local-and-remote"
+		bundleDir := "src/test/bundles/15-dev-deploy"
 
 		cmd := strings.Split(fmt.Sprintf("dev deploy %s --flavor %s --force-create", bundleDir, "patchVersion3"), " ")
 		_, _, err := e2e.UDS(cmd...)
@@ -98,14 +98,14 @@ func TestDevDeploy(t *testing.T) {
 		require.Contains(t, ref, "ghcr.io/stefanprodan/podinfo:6.6.3")
 		require.NoError(t, err)
 
-		cmd = strings.Split("zarf tools kubectl delete ns podinfo nginx zarf podinfo-flavor", " ")
+		cmd = strings.Split("zarf tools kubectl delete ns zarf podinfo-flavor", " ")
 		_, _, err = e2e.UDS(cmd...)
 		require.NoError(t, err)
 	})
 
 	t.Run("Test dev deploy with flavor and force create", func(t *testing.T) {
 
-		bundleDir := "src/test/bundles/03-local-and-remote"
+		bundleDir := "src/test/bundles/15-dev-deploy"
 
 		// create flavor patchVersion3 podinfo-flavor package
 		pkgDir := "src/test/packages/podinfo"
@@ -124,7 +124,7 @@ func TestDevDeploy(t *testing.T) {
 		require.Contains(t, ref, "ghcr.io/stefanprodan/podinfo:6.6.2")
 		require.NoError(t, err)
 
-		cmd = strings.Split("zarf tools kubectl delete ns podinfo nginx zarf podinfo-flavor", " ")
+		cmd = strings.Split("zarf tools kubectl delete ns zarf podinfo-flavor", " ")
 		_, _, err = e2e.UDS(cmd...)
 		require.NoError(t, err)
 	})

src/test/packages/podinfo/flavors/zarf.yaml

@@ -0,0 +1,49 @@
+kind: ZarfPackageConfig
+metadata:
+  name: podinfo
+  version: 0.0.1
+
+components:
+  - name: podinfo-flavor
+    required: true
+    only:
+      flavor: patchVersion2
+    charts:
+      - name: podinfo
+        version: 6.6.2
+        namespace: podinfo-flavor
+        url: https://github.com/stefanprodan/podinfo.git
+        gitPath: charts/podinfo
+    images:
+      - ghcr.io/stefanprodan/podinfo:6.6.2
+    actions:
+      onDeploy:
+        after:
+          - wait:
+              cluster:
+                kind: deployment
+                name: podinfo
+                namespace: podinfo-flavor
+                condition: available
+
+  - name: podinfo-flavor
+    required: true
+    only:
+      flavor: patchVersion3
+    charts:
+      - name: podinfo
+        version: 6.6.3
+        namespace: podinfo-flavor
+        url: https://github.com/stefanprodan/podinfo.git
+        gitPath: charts/podinfo
+    images:
+      - ghcr.io/stefanprodan/podinfo:6.6.3
+    actions:
+      onDeploy:
+        after:
+          - wait:
+              cluster:
+                kind: deployment
+                name: podinfo
+                namespace: podinfo-flavor
+                condition: available

src/test/packages/podinfo/zarf.yaml

@@ -23,47 +23,3 @@ components:
                 name: podinfo
                 namespace: podinfo
                 condition: available
-
-  - name: podinfo-flavor
-    required: true
-    only:
-      flavor: patchVersion2
-    charts:
-      - name: podinfo
-        version: 6.6.2
-        namespace: podinfo-flavor
-        url: https://github.com/stefanprodan/podinfo.git
-        gitPath: charts/podinfo
-    images:
-      - ghcr.io/stefanprodan/podinfo:6.6.2
-    actions:
-      onDeploy:
-        after:
-          - wait:
-              cluster:
-                kind: deployment
-                name: podinfo
-                namespace: podinfo-flavor
-                condition: available
-
-  - name: podinfo-flavor
-    required: true
-    only:
-      flavor: patchVersion3
-    charts:
-      - name: podinfo
-        version: 6.6.3
-        namespace: podinfo-flavor
-        url: https://github.com/stefanprodan/podinfo.git
-        gitPath: charts/podinfo
-    images:
-      - ghcr.io/stefanprodan/podinfo:6.6.3
-    actions:
-      onDeploy:
-        after:
-          - wait:
-              cluster:
-                kind: deployment
-                name: podinfo
-                namespace: podinfo-flavor
-                condition: available