Fix CN use in rolebindings

.github/workflows/build-test-push-to-test-registry.yml

@@ -29,7 +29,7 @@ jobs:
         id: install
 
       - name: Install helm plugin helm-images
-        run: helm plugin install https://github.com/nikhilsbhat/helm-images       
+        run: helm plugin install --verify=false https://github.com/nikhilsbhat/helm-images       
 
       - name: Install GoReleaser
         uses: goreleaser/goreleaser-action@v6

.github/workflows/build-test-release.yml

@@ -37,7 +37,7 @@ jobs:
         id: install
 
       - name: Install helm plugin helm-images
-        run: helm plugin install https://github.com/nikhilsbhat/helm-images       
+        run: helm plugin install --verify=false https://github.com/nikhilsbhat/helm-images       
 
       - name: Install GoReleaser
         uses: goreleaser/goreleaser-action@v6

.goreleaser.yml

@@ -54,7 +54,7 @@ builds:
       - -trimpath
 
 dockers:
-  - id: docker-operator
+  - id: docker-operator-amd64
     ids:
       - operator
     use: buildx
@@ -68,8 +68,26 @@ dockers:
       - "--label=org.opencontainers.image.url=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
+    goarch: amd64
     image_templates:
     - "ghcr.io/{{.Env.ORG}}/{{.ProjectName}}-operator:{{.ShortCommit}}-amd64"
+  - id: docker-operator-arm64
+    ids:
+      - operator
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/arm64"
+      - "--build-arg=BINARYNAME=operator"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-operator"
+      - "--label=org.opencontainers.image.source=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.url=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+    goarch: arm64
+    image_templates:
+    - "ghcr.io/{{.Env.ORG}}/{{.ProjectName}}-operator:{{.ShortCommit}}-arm64"
 
   - id: docker-api
     ids:

internal/services/rolebindings.go

@@ -3,6 +3,7 @@ package services
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/ca-gip/kubi/internal/utils"
@@ -115,17 +116,17 @@ func generateRoleBindings(project *cagipv1.Project, defaultServiceAccountRole st
 				{
 					APIGroup: "rbac.authorization.k8s.io",
 					Kind:     "Group",
-					Name:     strings.ToUpper(utils.Config.Ldap.AppMasterGroupBase), // the equivalent of application master (appops)
+					Name:     getGroupCN(utils.Config.Ldap.AppMasterGroupBase), // the equivalent of application master (appops)
 				},
 				{
 					APIGroup: "rbac.authorization.k8s.io",
 					Kind:     "Group",
-					Name:     strings.ToUpper(utils.Config.Ldap.CustomerOpsGroupBase), // the equivalent of application master (customerops)
+					Name:     getGroupCN(utils.Config.Ldap.CustomerOpsGroupBase), // the equivalent of application master (customerops)
 				},
 				{
 					APIGroup: "rbac.authorization.k8s.io",
 					Kind:     "Group",
-					Name:     strings.ToUpper(utils.Config.Ldap.OpsMasterGroupBase), // the equivalent of ops master
+					Name:     getGroupCN(utils.Config.Ldap.OpsMasterGroupBase), // the equivalent of ops master
 				},
 			},
 		},
@@ -141,7 +142,7 @@ func generateRoleBindings(project *cagipv1.Project, defaultServiceAccountRole st
 				{
 					APIGroup: "rbac.authorization.k8s.io",
 					Kind:     "Group",
-					Name:     strings.ToUpper(utils.Config.Ldap.ViewerGroupBase),
+					Name:     getGroupCN(utils.Config.Ldap.ViewerGroupBase),
 				},
 			},
 		},
@@ -184,3 +185,13 @@ func generateRoleBindings(project *cagipv1.Project, defaultServiceAccountRole st
 	}
 	return nil
 }
+
+func getGroupCN(ldapDN string) string {
+	// Example: "CN=group1,OU=groups,DC=example,DC=com" -> "group1"
+	pat := regexp.MustCompile(`CN=([^,]+)`)
+	matches := pat.FindStringSubmatch(ldapDN)
+	if len(matches) > 1 {
+		return strings.ToUpper(matches[1])
+	}
+	return strings.ToUpper(ldapDN)
+}

scripts/install_cfssl.sh

@@ -20,10 +20,11 @@ sudo mkdir -p "$CFSSL_DIR"
 docker pull cloudflare/cfssl
 
 # Run CFSSL inside a Docker container to download and store binaries in /opt/cfssl
+PLATFORM="$(go env GOARCH)"
 docker run --rm -v "$CFSSL_DIR":/cfssl cloudflare/cfssl \
-    sh -c "wget https://github.com/cloudflare/cfssl/releases/download/${VERSION}/cfssljson_${VNUMBER}_linux_amd64 -O /cfssl/cfssljson && \
+    sh -c "wget https://github.com/cloudflare/cfssl/releases/download/${VERSION}/cfssljson_${VNUMBER}_linux_${PLATFORM} -O /cfssl/cfssljson && \
            chmod +x /cfssl/cfssljson && \
-           wget https://github.com/cloudflare/cfssl/releases/download/${VERSION}/cfssl_${VNUMBER}_linux_amd64 -O /cfssl/cfssl && \
+           wget https://github.com/cloudflare/cfssl/releases/download/${VERSION}/cfssl_${VNUMBER}_linux_${PLATFORM} -O /cfssl/cfssl && \
            chmod +x /cfssl/cfssl && \
            cfssljson -version && \
            /cfssl/cfssl -version"

test/e2e/bootstrap-fixtures-test-e2e.sh

@@ -91,7 +91,8 @@ EOF
 
 # Set deployments images
 COMMIT_SHA="$(git rev-parse --short HEAD)"
-IMG_VERSION="${COMMIT_SHA}-amd64"
+PLATFORM="$(go env GOARCH)"
+IMG_VERSION="${COMMIT_SHA}-${PLATFORM}"
 IMG_REPO="ghcr.io/ca-gip"
 
 ORG=ca-gip goreleaser release --clean --snapshot