fix syntax err

.github/workflows/makefile.yml

@@ -25,11 +25,11 @@ jobs:
     - uses: actions/checkout@v3
 
     - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: go vet lint
       run: make vet lint
@@ -49,13 +49,6 @@ jobs:
     - name: install-crds
       run: make install
 
-    - name: system-registry
-      env:
-        DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
-        DOCKER_REGISTRY_USER: ${{ secrets.DOCKER_REGISTRY_USER }}
-        DOCKER_REGISTRY_PASS: ${{ secrets.DOCKER_REGISTRY_PASS }}
-      run: make system-registry
-
     - name: deploy 
       run: make deploy
 

.github/workflows/release.yml

@@ -0,0 +1,82 @@
+name: Release Workflow
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  release:
+    name: Release
+    runs-on: [ self-hosted ]
+
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Log in to the Container registry
+      uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: set version
+      run: echo "version=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT
+      id: version
+
+    - name: docker build
+      run: VERSION=${{ steps.version.outputs.version }} make docker-build
+    - name: docker-push 
+      run: VERSION=${{ steps.version.outputs.version }} make docker-push
+
+    - name: prepare release artifacts 
+      run:  VERSION=${{ steps.version.outputs.version }} make release
+    - name: Github release
+      uses: actions/create-release@v1
+      id: gh_release
+      with:
+        draft: false
+        prerelease: false
+        release_name: ${{ github.ref_name }}
+        tag_name: ${{ github.ref_name }}
+        body_path: RELEASE.md
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+    - name: upload cfapi crd
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      with:
+        upload_url: ${{ steps.gh_release.outputs.upload_url }}
+        asset_path: ./release-${{ steps.version.outputs.version }}/cfapi-crd.yaml
+        asset_name: cfapi-crd.yaml
+        asset_content_type: yaml
+    - name: upload release default CR yaml
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      with:
+        upload_url: ${{ steps.gh_release.outputs.upload_url }}
+        asset_path: ./release-${{ steps.version.outputs.version }}/cfapi-default-cr.yaml
+        asset_name: cfapi-default-cr.yaml
+        asset_content_type: yaml
+    - name: upload release controller yaml
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      with:
+        upload_url: ${{ steps.gh_release.outputs.upload_url }}
+        asset_path: ./release-${{ steps.version.outputs.version }}/cfapi-manager.yaml
+        asset_name: cfapi-manager.yaml
+        asset_content_type: yaml

Dockerfile

@@ -38,24 +38,24 @@ ENV VERSION_KORIFI=0.12.0
 
 
 WORKDIR /workspace/module-data/servicebinding
-RUN curl -O https://github.com/servicebinding/runtime/releases/download/v$VERSION_SERVICEBINDING/servicebinding-runtime-v$VERSION_SERVICEBINDING.yaml
-RUN curl -O https://github.com/servicebinding/runtime/releases/download/v$VERSION_SERVICEBINDING/servicebinding-workloadresourcemappings-v$VERSION_SERVICEBINDING.yaml 
+RUN curl -OLf https://github.com/servicebinding/runtime/releases/download/v$VERSION_SERVICEBINDING/servicebinding-runtime-v$VERSION_SERVICEBINDING.yaml
+RUN curl -OLf https://github.com/servicebinding/runtime/releases/download/v$VERSION_SERVICEBINDING/servicebinding-workloadresourcemappings-v$VERSION_SERVICEBINDING.yaml 
 
 WORKDIR /workspace/module-data/kpack
-RUN curl -O https://github.com/buildpacks-community/kpack/releases/download/v$VERSION_KPACK/release-$VERSION_KPACK.yaml
+RUN curl -OLf https://github.com/buildpacks-community/kpack/releases/download/v$VERSION_KPACK/release-$VERSION_KPACK.yaml
 
 WORKDIR /workspace/module-data/cert-manager
-RUN curl -O https://github.com/cert-manager/cert-manager/releases/download/v$VERSION_CERT_MANAGER/cert-manager.yaml
+RUN curl -OLf https://github.com/cert-manager/cert-manager/releases/download/v$VERSION_CERT_MANAGER/cert-manager.yaml
 
 WORKDIR /workspace/module-data/gateway-api
-RUN curl -O https://github.com/kubernetes-sigs/gateway-api/releases/download/v$VERSION_GATEWAY_API/experimental-install.yaml
+RUN curl -OLf https://github.com/kubernetes-sigs/gateway-api/releases/download/v$VERSION_GATEWAY_API/experimental-install.yaml
 
 WORKDIR /workspace/module-data/twuni-helm
-RUN curl -L -O https://github.com/twuni/docker-registry.helm/archive/refs/tags/v$VERSION_TWUNI.tar.gz
+RUN curl -OLf https://github.com/twuni/docker-registry.helm/archive/refs/tags/v$VERSION_TWUNI.tar.gz
 
 #Some day we are going to use the OSS Korifi project
 #WORKDIR /workspace/module-data/korifi
-#RUN curl -L -O https://github.com/cloudfoundry/korifi/releases/download/v$VERSION_KORIFI/korifi-$VERSION_KORIFI.tgz
+#RUN curl -OLf https://github.com/cloudfoundry/korifi/releases/download/v$VERSION_KORIFI/korifi-$VERSION_KORIFI.tgz
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Makefile

@@ -98,7 +98,7 @@ release: manifests kustomize
 	mkdir -p release-$(VERSION)
 	cp default-cr.yaml release-$(VERSION)/cfapi-default-cr.yaml
 	$(KUSTOMIZE) build config/crd > release-$(VERSION)/cfapi-crd.yaml
-	pushd config/manager && $(KUSTOMIZE) edit set image controller=${REGISRRY}/${IMG} && popd
+	pushd config/manager && $(KUSTOMIZE) edit set image controller=${REGISTRY}/${IMG} && popd
 	$(KUSTOMIZE) build config/default > release-$(VERSION)/cfapi-manager.yaml
 
 ##@ Deployment
@@ -139,7 +139,7 @@ system-namespace:
 
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${REGISTRY}/${IMG}
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
 
 .PHONY: deploy-cr

RELEASE.md

@@ -2,7 +2,7 @@
 
 # Prerequisites
 * UAA set as OIDC provider
-* A dockerregistry secret with name cfapi-system-registry with credentials to artifactory project trinity
+
 
 # In this release 
 * API servicebinding.io installed

config/rbac/role.yaml

@@ -201,7 +201,7 @@ rules:
 - apiGroups:
   - servicebinding.io
   resources:
-  - servicebindings
+  - "*"
   verbs:
   - get
   - list

config/rbac/service_account.yaml

@@ -1,5 +1,3 @@
-imagePullSecrets:
-- name: cfapi-system-registry
 apiVersion: v1
 kind: ServiceAccount
 metadata:

controllers/cfapi_auth.go

@@ -1,87 +1,87 @@
-package controllers
-
-import (
-	"context"
-	"strings"
-
-	rbacv1 "k8s.io/api/rbac/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-)
-
-func (r *CFAPIReconciler) getUserClusterAdmins(ctx context.Context) (error, []rbacv1.Subject) {
-	subjects := []rbacv1.Subject{}
-	crblist := &rbacv1.ClusterRoleBindingList{}
-	err := r.Client.List(ctx, crblist, client.MatchingLabels{"app": "kyma"})
-	if err != nil {
-		return err, subjects
-	}
-	for _, crb := range crblist.Items {
-		if crb.RoleRef.Name == "cluster-admin" {
-			for _, subject := range crb.Subjects {
-				if subject.Kind == "User" {
-					subjects = append(subjects, subject)
-				}
-			}
-		}
-	}
-	return nil, subjects
-}
-
-func toSubjectList(users []string) []rbacv1.Subject {
-	if users == nil {
-		return nil
-	}
-	var subjects = make([]rbacv1.Subject, len(users))
-	for i, user := range users {
-		subjects[i] = rbacv1.Subject{
-			Kind: "User",
-			Name: user,
-		}
-	}
-	return subjects
-}
-
-func (r *CFAPIReconciler) assignCfAdministrators(ctx context.Context, subjects []rbacv1.Subject, cfNs string) error {
-	logger := log.FromContext(ctx)
-	var err error
-	_subjects := subjects
-
-	if len(subjects) == 0 {
-		logger.Info("No CF administrators specified, will set kyma cluster admins as CF administrators")
-		err, _subjects = r.getUserClusterAdmins(ctx)
-		if err != nil {
-			logger.Error(err, "Failed to list users having clusterrole/cluster-admin")
-			return nil
-		}
-		if len(_subjects) == 0 {
-			logger.Info("No users with kyma cluster-admin role found, no CF administrators set")
-			return nil
-		}
-	}
-
-	rb := &rbacv1.RoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "cfapi-admins-binding",
-			Namespace: cfNs,
-			Annotations: map[string]string{
-				"cloudfoundry.org/propagate-cf-role": "true",
-			},
-		},
-		RoleRef: rbacv1.RoleRef{
-			APIGroup: "rbac.authorization.k8s.io",
-			Kind:     "ClusterRole",
-			Name:     "korifi-controllers-admin",
-		},
-		Subjects: _subjects,
-	}
-
-	userNames := make([]string, len(_subjects))
-	for i, subject := range _subjects {
-		userNames[i] = subject.Name
-	}
-	logger.Info("Bind role/korifi-controllers-admin to cluser-admin users " + strings.Join(userNames, ","))
-
-	return r.createIfMissing(ctx, rb)
-}
+package controllers
+
+import (
+	"context"
+	"strings"
+
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+func (r *CFAPIReconciler) getUserClusterAdmins(ctx context.Context) (error, []rbacv1.Subject) {
+	subjects := []rbacv1.Subject{}
+	crblist := &rbacv1.ClusterRoleBindingList{}
+	err := r.Client.List(ctx, crblist, client.MatchingLabels{"app": "kyma"})
+	if err != nil {
+		return err, subjects
+	}
+	for _, crb := range crblist.Items {
+		if crb.RoleRef.Name == "cluster-admin" {
+			for _, subject := range crb.Subjects {
+				if subject.Kind == "User" {
+					subjects = append(subjects, subject)
+				}
+			}
+		}
+	}
+	return nil, subjects
+}
+
+func toSubjectList(users []string) []rbacv1.Subject {
+	if users == nil {
+		return nil
+	}
+	var subjects = make([]rbacv1.Subject, len(users))
+	for i, user := range users {
+		subjects[i] = rbacv1.Subject{
+			Kind: "User",
+			Name: user,
+		}
+	}
+	return subjects
+}
+
+func (r *CFAPIReconciler) assignCfAdministrators(ctx context.Context, subjects []rbacv1.Subject, cfNs string) error {
+	logger := log.FromContext(ctx)
+	var err error
+	_subjects := subjects
+
+	if len(subjects) == 0 {
+		logger.Info("No CF administrators specified, will set kyma cluster admins as CF administrators")
+		err, _subjects = r.getUserClusterAdmins(ctx)
+		if err != nil {
+			logger.Error(err, "Failed to list users having clusterrole/cluster-admin")
+			return nil
+		}
+		if len(_subjects) == 0 {
+			logger.Info("No users with kyma cluster-admin role found, no CF administrators set")
+			return nil
+		}
+	}
+
+	rb := &rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "cfapi-admins-binding",
+			Namespace: cfNs,
+			Annotations: map[string]string{
+				"cloudfoundry.org/propagate-cf-role": "true",
+			},
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "ClusterRole",
+			Name:     "korifi-controllers-admin",
+		},
+		Subjects: _subjects,
+	}
+
+	userNames := make([]string, len(_subjects))
+	for i, subject := range _subjects {
+		userNames[i] = subject.Name
+	}
+	logger.Info("Bind role/korifi-controllers-admin to cluser-admin users " + strings.Join(userNames, ","))
+
+	return r.createIfMissing(ctx, rb)
+}