mirror of
https://github.com/argoproj/argo-cd
synced 2026-04-21 17:07:16 +00:00
be718e2b61
* Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
128 lines
5.1 KiB
Bash
Executable file
128 lines
5.1 KiB
Bash
Executable file
#! /usr/bin/env bash
|
|
|
|
# This script auto-generates protobuf related files. It is intended to be run manually when either
|
|
# API types are added/modified, or server gRPC calls are added. The generated files should then
|
|
# be checked into source control.
|
|
|
|
set -x
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
# output tool versions
|
|
protoc --version
|
|
swagger version
|
|
jq --version
|
|
|
|
PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd)
|
|
CODEGEN_PKG=${CODEGEN_PKG:-$(cd ${PROJECT_ROOT}; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
|
|
PATH="${PROJECT_ROOT}/dist:${PATH}"
|
|
MOD_ROOT=${GOPATH}/pkg/mod
|
|
|
|
. ${PROJECT_ROOT}/hack/versions.sh
|
|
|
|
export GO111MODULE=off
|
|
|
|
# protobuf tooling required to build .proto files from go annotations from k8s-like api types
|
|
go build -i -o dist/go-to-protobuf ./vendor/k8s.io/code-generator/cmd/go-to-protobuf
|
|
go build -i -o dist/protoc-gen-gogo ./vendor/k8s.io/code-generator/cmd/go-to-protobuf/protoc-gen-gogo
|
|
|
|
# Generate pkg/apis/<group>/<apiversion>/(generated.proto,generated.pb.go)
|
|
# NOTE: any dependencies of our types to the k8s.io apimachinery types should be added to the
|
|
# --apimachinery-packages= option so that go-to-protobuf can locate the types, but prefixed with a
|
|
# '-' so that go-to-protobuf will not generate .proto files for it.
|
|
PACKAGES=(
|
|
github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1
|
|
)
|
|
APIMACHINERY_PKGS=(
|
|
+k8s.io/apimachinery/pkg/util/intstr
|
|
+k8s.io/apimachinery/pkg/api/resource
|
|
+k8s.io/apimachinery/pkg/runtime/schema
|
|
+k8s.io/apimachinery/pkg/runtime
|
|
k8s.io/apimachinery/pkg/apis/meta/v1
|
|
k8s.io/api/core/v1
|
|
)
|
|
|
|
${PROJECT_ROOT}/dist/go-to-protobuf \
|
|
--go-header-file=${PROJECT_ROOT}/hack/custom-boilerplate.go.txt \
|
|
--packages=$(IFS=, ; echo "${PACKAGES[*]}") \
|
|
--apimachinery-packages=$(IFS=, ; echo "${APIMACHINERY_PKGS[*]}") \
|
|
--proto-import=./vendor
|
|
|
|
# Either protoc-gen-go, protoc-gen-gofast, or protoc-gen-gogofast can be used to build
|
|
# server/*/<service>.pb.go from .proto files. golang/protobuf and gogo/protobuf can be used
|
|
# interchangeably. The difference in the options are:
|
|
# 1. protoc-gen-go - official golang/protobuf
|
|
#go build -i -o dist/protoc-gen-go ./vendor/github.com/golang/protobuf/protoc-gen-go
|
|
#GOPROTOBINARY=go
|
|
# 2. protoc-gen-gofast - fork of golang golang/protobuf. Faster code generation
|
|
#go build -i -o dist/protoc-gen-gofast ./vendor/github.com/gogo/protobuf/protoc-gen-gofast
|
|
#GOPROTOBINARY=gofast
|
|
# 3. protoc-gen-gogofast - faster code generation and gogo extensions and flexibility in controlling
|
|
# the generated go code (e.g. customizing field names, nullable fields)
|
|
go build -i -o dist/protoc-gen-gogofast ./vendor/github.com/gogo/protobuf/protoc-gen-gogofast
|
|
GOPROTOBINARY=gogofast
|
|
|
|
# protoc-gen-grpc-gateway is used to build <service>.pb.gw.go files from from .proto files
|
|
go build -i -o dist/protoc-gen-grpc-gateway ./vendor/github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway
|
|
# protoc-gen-swagger is used to build swagger.json
|
|
go build -i -o dist/protoc-gen-swagger ./vendor/github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger
|
|
|
|
# Generate server/<service>/(<service>.pb.go|<service>.pb.gw.go)
|
|
PROTO_FILES=$(find $PROJECT_ROOT \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" \) | sort)
|
|
for i in ${PROTO_FILES}; do
|
|
GOOGLE_PROTO_API_PATH=${MOD_ROOT}/github.com/grpc-ecosystem/grpc-gateway@${grpc_gateway_version}/third_party/googleapis
|
|
GOGO_PROTOBUF_PATH=${PROJECT_ROOT}/vendor/github.com/gogo/protobuf
|
|
protoc \
|
|
-I${PROJECT_ROOT} \
|
|
-I/usr/local/include \
|
|
-I./vendor \
|
|
-I$GOPATH/src \
|
|
-I${GOOGLE_PROTO_API_PATH} \
|
|
-I${GOGO_PROTOBUF_PATH} \
|
|
--${GOPROTOBINARY}_out=plugins=grpc:$GOPATH/src \
|
|
--grpc-gateway_out=logtostderr=true:$GOPATH/src \
|
|
--swagger_out=logtostderr=true:. \
|
|
$i
|
|
done
|
|
|
|
# collect_swagger gathers swagger files into a subdirectory
|
|
collect_swagger() {
|
|
SWAGGER_ROOT="$1"
|
|
EXPECTED_COLLISIONS="$2"
|
|
SWAGGER_OUT="${PROJECT_ROOT}/assets/swagger.json"
|
|
PRIMARY_SWAGGER=`mktemp`
|
|
COMBINED_SWAGGER=`mktemp`
|
|
|
|
cat <<EOF > "${PRIMARY_SWAGGER}"
|
|
{
|
|
"swagger": "2.0",
|
|
"info": {
|
|
"title": "Consolidate Services",
|
|
"description": "Description of all APIs",
|
|
"version": "version not set"
|
|
},
|
|
"paths": {}
|
|
}
|
|
EOF
|
|
|
|
rm -f "${SWAGGER_OUT}"
|
|
|
|
find "${SWAGGER_ROOT}" -name '*.swagger.json' -exec swagger mixin -c "${EXPECTED_COLLISIONS}" "${PRIMARY_SWAGGER}" '{}' \+ > "${COMBINED_SWAGGER}"
|
|
jq -r 'del(.definitions[].properties[]? | select(."$ref"!=null and .description!=null).description) | del(.definitions[].properties[]? | select(."$ref"!=null and .title!=null).title)' "${COMBINED_SWAGGER}" > "${SWAGGER_OUT}"
|
|
|
|
/bin/rm "${PRIMARY_SWAGGER}" "${COMBINED_SWAGGER}"
|
|
}
|
|
|
|
# clean up generated swagger files (should come after collect_swagger)
|
|
clean_swagger() {
|
|
SWAGGER_ROOT="$1"
|
|
find "${SWAGGER_ROOT}" -name '*.swagger.json' -delete
|
|
}
|
|
|
|
echo "If additional types are added, the number of expected collisions may need to be increased"
|
|
EXPECTED_COLLISION_COUNT=33
|
|
collect_swagger server ${EXPECTED_COLLISION_COUNT}
|
|
clean_swagger server
|
|
clean_swagger reposerver
|
|
clean_swagger controller
|