v0.4.3

Bug fix 🐛

Skip push error when the repository is already up-to-date #100

In specific cases, an error was thrown when the repository was already up-to-date. Now, the webhook allow the request.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.4.3

Helm chart:
https://syngit-org.github.io/syngit version 0.4.3

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.4.3 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.4.3 syngit syngit/syngit

v0.4.2

Improvement 🌱

Golang 1.22 -> 1.23 #93

Upgrade the golang version of the controller from v1.22 to v1.23.

Bug fixes 🐛

Already deleted file attempt #97

A specific use-case where the manifest gets deleted right before syngit try to push a commit that contains a deletion of this same file. Before it was throwing an error telling that the file is already deleted. This fix avoid this error and let run the full interception process.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.4.2

Helm chart:
https://syngit-org.github.io/syngit version 0.4.2

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.4.2 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.4.2 syngit syngit/syngit

v0.4.1

Bug fixes 🐛

RemoteSyncer update did not trigger the patterns #90 #91

When changing the remoteRepository and defaultBranch, if the RemoteSyncer uses some patterns, the corresponding RemoteTargets were not changed. Now, every RemoteTargets and references in each RemoteUserBinding are updated according to the current specs of the RemoteSyncer.

Empty commit #92

A specific use-case where the user first push on the main branch and then push the same object to a different branch was throwing an error considering the commit as empty. It is considered as empty because syngit first fetch the changes from the upstream (containing the exact same object). In this specific case, no new commit is created and the changes from the upstream are simply pushed to the target.

Gitlab provider 0.2.1 #88

Fix a bug where the ca bundle was not found when targeting the offical gitlab.com server.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.4.1

Helm chart:
https://syngit-org.github.io/syngit version 0.4.1

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.4.1 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.4.1 syngit syngit/syngit

v0.4.0

Features ✨

RemoteTarget #81

The RemoteTarget CRD brings a new way of using Syngit. The whole operator architecture has been modified to implement this new feature. A RemoteTarget allows the user to define the repository and the branch where the resources should be pushed. The RemoteTarget must be associated with a Kubernetes user in the RemoteUserBinding object. It will be used if it is associated with the user AND if the upstream repository & branch are the same as the RemoteSyncer which as intercepted the resource.

Example:

apiVersion: syngit.io/v1beta3
kind: RemoteTarget
metadata:
  name: remotetarget-sample
spec:
  upstreamRepository: https://github.com/upstream/repo.git
  upstreamBranch: main
  targetRepository: https://github.com/myself/fork-repo.git
  targetBranch: main
  mergeStrategy: TryFastForwardOrHardReset

Patterns #81

Patterns are a way to quickly configure Syngit by letting the operator manage the associations and targets. Basic patterns already exist in Syngit; they are based on common and the majority of use cases. Patterns can be used using annotations on objects. This version brings patterns for RemoteTarget. The annotations must be used on the RemoteSyncer object:

1. syngit.io/remotetarget.pattern.user-specific: one-user-one-branch
   A specific RemoteTarget will be automatically associated and managed for each users. This RemoteTarget has the same target repository as the upstream and targets a branch with the same name as the user.

2. syngit.io/remotetarget.pattern.user-specific: one-user-one-fork
   A specific RemoteTarget will be automatically associated and managed for each users. This RemoteTarget will target the forked repository. The target branch is the same as the default branch of the RemoteSyncer. An external provider addon must be installed to make it works.

3. syngit.io/remotetarget.pattern.one-or-many-branches: branch1, branch2
   The same RemoteTarget will be automatically associated and managed for all users. This RemoteTarget will target the same repository as the one defined in the RemoteSyncer. One RemoteTarget will be created for each branch. In the case of multiple branches, the targetStrategy of the RemoteSyncer must be set to MultipleTarget.

Gitlab provider 0.2.0

Implement the gitlab provider v0.2.0. This version brings annotations to skip TLS verification or add a CA bundle to the RemoteUser connection test.

Internal features 🛠️

RBAC test refactor #83

Before, the test users were all used almost randomly in the tests. This PR brings clear distinct roles/personas for each users (described in the documentation). It is now easier to write tests using the right role/persona.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.4.0

Helm chart:
https://syngit-org.github.io/syngit version 0.4.0

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.4.0 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.4.0 syngit syngit/syngit

v0.3.5

Bug fix 🐛

Fix conversion webhook

The conversion webhook embedded in the chart was calling the wrong Service.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.5

Helm chart:
https://syngit-org.github.io/syngit version 0.3.5

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.5 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.3.5 syngit syngit/syngit

v0.3.4

Improvement 🌱

Prevent unauthorized impersonation on RemoteUserBinding

Before, user A was able to turn off the RemoteUserBinding association on a RemoteUser that belongs to user B (syngit.io/associated-remoteuserbinding: "false"). Now, the association webhook prevents this action.

Internal features 🛠️

Refactor cert-injection architecture

The injection scripts are located in /hack. The custom resources related to the custom certificate injection are now located in config/local.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.4

Helm chart:
https://syngit-org.github.io/syngit version 0.3.4

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.4 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.3.4 syngit syngit/syngit

v0.3.3

Improvement 🌱

RemoteUserBindings managed by label selector #64

The RemoteUserBinding managed by syngit (with the syngit.io/associated-remote-userbinding: "true" annotation on RemoteUser) were retrieved by name selector (if the name of the RUB starts with associated-rub-). That was a bad way of getting the RemoteUserBindings managed by syngit.

Now, the RemoteUserBindings managed by Syngit have two labels:
"managed-by": "syngit.io" and "syngit.io/k8s-user": "username".

The RemoteUser association webhook selects the corresponding RemoteUserBinding using these label as selectors.

RemoteUser association annotation change #64

syngit.io/associated-remote-userbinding: "true" -> syngit.io/associated-remoteuserbinding: "true"

Better RemoteUserBinding management #65

If an user already created an associated-rub-username RemoteUserBinding, then the one managed by syngit will be called associated-rub-username-1 (and selected with the labels). If the ..-1 already exists, then the one managed by syngit will be ..-2 and so on.

Internal features 🛠️

Automatic dev webhook management #66

The make run command automatically generate development purpose certificates. Therefore, we can test webhook logic by using make run.

Others 👀

Change behavior test command name #65

make test-e2e -> make test-behavior

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.3

Helm chart:
https://syngit-org.github.io/syngit version 0.3.3

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.3 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.3.2

Features ✨

Dynamic webhook lifecycle management

• The dynamic webhook (that handle the RemoteSyncers interception) is now created/deleted on operator's creation/deletion.
• The dynamic webhook is automatically reconciled when manually updating or deleting it. The only way to get rid of it is to uninstall the Syngit operator.

Dynamic webhook server registered with the default server

The dynamic webhook server was running in parallel as the main controller-runtime's webhook server. It was served on the port 9444.
Now, the dynamic webhook server is served by the main controller-runtime's webhook server.

Helm chart startup checker

The chart has been fully reviewed to be cleaner. When installing or upgrading the chart, the process is blocked until the operator is fully deployed:

• the controller has its state set to Ready
• the certificate is Ready

Internal features 🛠️

Clean Makefile

Commands are placed in the right section. Make the commands name simpler.

Bug fixes 🐛

• Fix a memory issue in the webhook interceptor that was calling an empty Log object.

Others 👀

Add new tests

• helm install test
• helm upgrade test

Test coverage

The end-to-end tests are now executed using the coverage option.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.2

Helm chart:
https://syngit-org.github.io/syngit version 0.3.2

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.2 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.3.1

End-users features ✨

RemoteUser RBAC checker

When creating, updating or deleting a RemoteUser, a webhook will take care of checking if the user who has made the operation has the permission to get the referenced secret.

RemoteUserBinding RBAC checker

When creating, updating or deleting a RemoteUserBinding, a webhook will take care of checking if the user who has made the operation has the permission to get the referenced remoteusers.

Internal features 🛠️

Commands refinement

Rename some commands to make them more intuitive to use.

• make dev-deploy -> make deploy-all
• make cleanup-deploy -> make undeploy-all

Add some commands:

• make chart-install
• make chart-upgrade
• make chart-uninstall
• make fast-e2e

See the 💻 Commands documentation for more information.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.1

Helm chart:
https://syngit-org.github.io/syngit version 0.3.1

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.1 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.3.0

End-users features ✨

Add authentication checker for Github & Gitlab

The main goal is to use features that are specific to these platforms (such as PR/MR, forks, etc...). For this version, we implement the v0.1.0 version of each of them. This version implement an authentication check against the Gitlab/Github API.

To use this feature, add github.syngit.io/auth.test= "true" / gitlab.syngit.io/auth.test= "true" annotation to the RemoteUser. Then check the status of the RemoteUser. The test is performed when updating the RemoteUser or the referenced Secret.

Last Transition Time:  2024-12-24T12:49:08Z
Message:               Authentication was successful with the user damsien
Reason:                AuthenticationSucceded
Status:                True
Type:                  Authenticated

These providers act as a micro-operator that are plugged to Syngit. They do not have their own api. They reconcile on the Syngit's CRD instead. Access to the providers projects by following these links:

• https://github.com/syngit-org/syngit-provider-github
• https://github.com/syngit-org/syngit-provider-gitlab

Bug fixes 🐛

• Fix wrong default image used in the helm chart for the providers.

Others 👀

• Change the demo gif (quality increased).
• Restructure the files architecture in order to have a more convenient coding space. Also, it is important to export the rights variables & functions to be used in the providers projects.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.0

Helm chart:
https://syngit-org.github.io/syngit version 0.3.0

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.0 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit