Fix #32: checks and revision of manifest files (#36)

Signed-off-by: Ricardo Zanini <[email protected]>
m88i · May 2, 2020 · b31b486 · b31b486
1 parent 84ced1e
commit b31b486
Show file tree

Hide file tree

Showing 31 changed files with 793 additions and 243 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
diff --git a/.github/workflows/nexus-operator-pr-checks.yml b/.github/workflows/nexus-operator-pr-checks.yml
@@ -0,0 +1,64 @@
+name: Nexus Operator PR Checks
+on: [push]
+jobs:
+  unit_test:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go 1.14
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14
+        id: go
+
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Cache dependencies
+        uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod/cache
+          key: ${{ runner.os }}-go-cache-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-cache-
+
+      - name: Mod Tidy
+        run: |
+          go mod tidy
+
+      - name: FMT
+        run: gofmt -s -l -w cmd/ pkg/ version/
+
+      - name: Vet
+        run: go vet ./...
+
+      - name: Test Packages
+        run: go test ./pkg/... -count=1
+
+  olm_verify:
+    name: Operator OLM Verify
+    runs-on: ubuntu-latest
+    env:
+      OPERATOR_SDK_VERSION: 0.17.0
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Cache Operator SDK Binary
+        uses: actions/cache@v1
+        with:
+          path: ./bin
+          key: ${{ runner.os }}-operator-sdk-${{ env.OPERATOR_SDK_VERSION }}
+          restore-keys: |
+            ${{ runner.os }}-operator-sdk-
+
+      - name: Install Operator SDK
+        run: |
+          ./hack/ci/install-operator-sdk.sh
+          echo "::add-path::$GITHUB_WORKSPACE/bin"
+
+      - name: Generate Manifests
+        run: ./hack/generate-manifests.sh
+
+      - name: Run Operator Framewok verify
+        run: ./hack/operator-verify.sh
diff --git a/.osdk-scorecard.yaml b/.osdk-scorecard.yaml
@@ -1,12 +1,11 @@
 scorecard:
   # Setting a global scorecard option
-  output: json
+  output: text
   plugins:
     - basic:
         cr-manifest:
           - "deploy/crds/apps.m88i.io_v1alpha1_nexus_cr.yaml"
     - olm:
         cr-manifest:
           - "deploy/crds/apps.m88i.io_v1alpha1_nexus_cr.yaml"
-        csv-path: "deploy/olm-catalog/nexus-operator/0.2.0-rc1/nexus-operator.v0.2.0-rc1.clusterserviceversion.yaml"
-
+        csv-path: "deploy/olm-catalog/nexus-operator/0.2.0/nexus-operator.v0.2.0.clusterserviceversion.yaml"
diff --git a/Makefile b/Makefile
@@ -59,7 +59,11 @@ install:
 uninstall:
 	./hack/uninstall.sh
 
-.PHONY: prepare-olm
+.PHONY: operator-verify
+operator-verify:
+	./hack/operator-verify.sh
+
+.PHONY: olm-integration
 version = ""
-prepare-olm:
-	./hack/pr-operatorhub.sh $(version)
+olm-integration:
+	./hack/olm-integration.sh
diff --git a/README.md b/README.md
@@ -97,7 +97,7 @@ If you're running on Minikube, take a look in the article ["Set up Ingress on Mi
 
 ### Minikube
 
-On Minikube the dynamic PV [creation might fail](https://github.com/kubernetes/minikube/issues/7218). If this happens in your environment, **before creating the Nexus server**, create a PV with this template: [deploy/examples/pv-minikube.yaml](deploy/examples/pv-minikube.yaml). Then give the correct permissions to the directory in Minikube VM:
+On Minikube the dynamic PV [creation might fail](https://github.com/kubernetes/minikube/issues/7218). If this happens in your environment, **before creating the Nexus server**, create a PV with this template: [examples/pv-minikube.yaml](examples/pv-minikube.yaml). Then give the correct permissions to the directory in Minikube VM:
 
 ```sh
 $ minikube ssh
@@ -128,7 +128,7 @@ If you have access to [Red Hat Catalog](https://access.redhat.com/containers/#/r
 
 ### Publish to OpenShift 4.x Marketplace
 
-1. Run `make prepare-olm version=0.2.0`
+1. Run `make operator-verify`
 
 2. Grab [Quay credentials](https://github.com/operator-framework/operator-courier/#authentication) with:
 
@@ -150,7 +150,7 @@ $ AUTH_TOKEN=$(curl -sH "Content-Type: application/json" -XPOST https://quay.io/
 ```
 $ export OPERATOR_DIR=build/_output/operatorhub/
 $ export QUAY_NAMESPACE=m88i # should be different for you ;)
-$ export PACKAGE_NAME=nexus-operator-hub
+$ export PACKAGE_NAME=nexus-operator
 $ export PACKAGE_VERSION=0.2.0
 $ export TOKEN=$AUTH_TOKEN
 ```

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.redhat.io/ubi8-minimal:latest
+FROM registry.redhat.io/ubi8/ubi-minimal:latest
 
 ENV OPERATOR=/usr/local/bin/nexus-operator \
     USER_UID=1001 \

diff --git a/build/bin/entrypoint b/build/bin/entrypoint
@@ -1,12 +1,3 @@
 #!/bin/sh -e
 
-# This is documented here:
-# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
-
-if ! whoami &>/dev/null; then
-  if [ -w /etc/passwd ]; then
-    echo "${USER_NAME:-nexus-operator}:x:$(id -u):$(id -g):${USER_NAME:-nexus-operator} user:${HOME}:/sbin/nologin" >> /etc/passwd
-  fi
-fi
-
 exec ${OPERATOR} $@
diff --git a/build/bin/user_setup b/build/bin/user_setup
@@ -2,12 +2,10 @@
 set -x
 
 # ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
-mkdir -p ${HOME}
-chown ${USER_UID}:0 ${HOME}
-chmod ug+rwx ${HOME}
-
-# runtime user will need to be able to self-insert in /etc/passwd
-chmod g+rw /etc/passwd
+echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd
+mkdir -p "${HOME}"
+chown "${USER_UID}:0" "${HOME}"
+chmod ug+rwx "${HOME}"
 
 # no need for this script to remain in the image after running
-rm $0
+rm "$0"
diff --git a/deploy/crds/apps.m88i.io_v1alpha1_nexus_cr.yaml b/deploy/crds/apps.m88i.io_v1alpha1_nexus_cr.yaml
@@ -19,10 +19,11 @@ spec:
       memory: "2Gi"
   # Data persistence details
   persistence:
-    # Should we persist Nexus data? Yes, please. (turn this to false only if you're evaluating this resource)
-    persistent: true
+    # Should we persist Nexus data? Turn this to false only if you're evaluating this resource.
+    # In case you need persistence, also set the volumeSize parameter to meet your needs.
+    persistent: false
     # Size of the volume reserved for the pods. Be aware that if replicas greater then 1, a RWX Persistent Volume will be created, hence
     # make sure that your cluster has support for this configuration. Ignored if persistent is set to false. Defaults to 10Gi
-    volumeSize: 10Gi
+    #volumeSize: 10Gi
   networking:
-    expose: true
+    expose: false
diff --git a/deploy/olm-catalog/nexus-operator/0.2.0/nexus-operator.v0.2.0.clusterserviceversion.yaml b/deploy/olm-catalog/nexus-operator/0.2.0/nexus-operator.v0.2.0.clusterserviceversion.yaml
@@ -12,11 +12,10 @@ metadata:
           },
           "spec": {
             "networking": {
-              "expose": true
+              "expose": false
             },
             "persistence": {
-              "persistent": true,
-              "volumeSize": "10Gi"
+              "persistent": false
             },
             "replicas": 1,
             "resources": {
@@ -31,94 +30,6 @@ metadata:
             },
             "useRedHatImage": false
           }
-        },
-        {
-          "apiVersion": "apps.m88i.io/v1alpha1",
-          "kind": "Nexus",
-          "metadata": {
-            "name": "nexus3"
-          },
-          "spec": {
-            "networking": {
-              "expose": true,
-              "exposeAs": "Ingress",
-              "host": "nexus.example.com"
-            },
-            "persistence": {
-              "persistent": true,
-              "volumeSize": "10Gi"
-            },
-            "replicas": 1,
-            "resources": {
-              "limits": {
-                "cpu": "2",
-                "memory": "2Gi"
-              },
-              "requests": {
-                "cpu": "1",
-                "memory": "2Gi"
-              }
-            },
-            "useRedHatImage": false
-          }
-        },
-        {
-          "apiVersion": "apps.m88i.io/v1alpha1",
-          "kind": "Nexus",
-          "metadata": {
-            "name": "nexus3"
-          },
-          "spec": {
-            "networking": {
-              "expose": true,
-              "exposeAs": "NodePort",
-              "nodePort": 31031
-            },
-            "persistence": {
-              "persistent": true,
-              "volumeSize": "10Gi"
-            },
-            "replicas": 1,
-            "resources": {
-              "limits": {
-                "cpu": "2",
-                "memory": "2Gi"
-              },
-              "requests": {
-                "cpu": "1",
-                "memory": "2Gi"
-              }
-            },
-            "useRedHatImage": false
-          }
-        },
-        {
-          "apiVersion": "apps.m88i.io/v1alpha1",
-          "kind": "Nexus",
-          "metadata": {
-            "name": "nexus3"
-          },
-          "spec": {
-            "networking": {
-              "expose": true
-            },
-            "persistence": {
-              "persistent": true,
-              "volumeSize": "10Gi"
-            },
-            "replicas": 1,
-            "resources": {
-              "limits": {
-                "cpu": "2",
-                "memory": "2Gi"
-              },
-              "requests": {
-                "cpu": "1",
-                "memory": "2Gi"
-              }
-            },
-            "useRedHatImage": true
-          }
         }
       ]
     capabilities: Basic Install
@@ -177,7 +88,7 @@ spec:
     After installing it, you will have to grab the `admin` user password from the deployed container. There's a file auto generated in `/nexus-data/admin.password`.
     Use `cat` to read the file and view the password. Use it to login for the first time and follow the on screen instructions to have the Nexus server ready for use.
 
-    If you experience any issues or have any ideas for new features, please [file an issue in our Github repository](https://github.com/m88i/nexus-operator/issues).
+    If you experience any issues or have any ideas for new features, please [file an issue in our Github repository](https://github.com/m88i/nexus-operator/issues) or send an email to our maillist: [[email protected]](mailto:[email protected])
 
     *Please note that the operator is an individual work and it's not provided nor supported by Sonatype.*
   displayName: Nexus Operator
@@ -231,14 +142,8 @@ spec:
           - events
           - configmaps
           - secrets
-          - limitranges
-          - componentstatuses
-          - persistentvolumes
-          - bindings
           - replicationcontrollers
-          - resourcequotas
           - podtemplates
-          - serviceaccounts
           verbs:
           - create
           - delete
@@ -277,6 +182,19 @@ spec:
           - deployments/finalizers
           verbs:
           - update
+        - apiGroups:
+          - ""
+          resources:
+          - pods
+          verbs:
+          - get
+        - apiGroups:
+          - apps
+          resources:
+          - replicasets
+          - deployments
+          verbs:
+          - get
         - apiGroups:
           - apps.m88i.io
           resources:
@@ -342,9 +260,10 @@ spec:
   - name: Source
     url: https://github.com/m88i/nexus-operator
   maintainers:
-  - email: ricardozanini@gmail.com
+  - email: nexus-operator@googlegroups.com
     name: m88i Labs
   maturity: alpha
   provider:
     name: m88i Labs
+  replaces: nexus-operator.v0.1.0
   version: 0.2.0