Merge branch 'bb-merge-values' of github.com:defenseunicorns/zarf int…

…o bb-merge-values

CODEOWNERS

@@ -2,9 +2,9 @@
 
 # Docs & examples
 /adr/ @jeff-mccoy @YrrepNoj @Racer159
-/docs/ @Madeline-UX @JasonvanBrackel @RothAndrew @jeff-mccoy @YrrepNoj @Racer159 @wirewc
-/examples/ @JasonvanBrackel @RothAndrew @jeff-mccoy @YrrepNoj @Racer159 @wirewc
-*.md @Madeline-UX @JasonvanBrackel @RothAndrew @jeff-mccoy @YrrepNoj @Racer159 @wirewc
+/docs/ @Madeline-UX @JasonvanBrackel @jeff-mccoy @YrrepNoj @Racer159 @wirewc
+/examples/ @JasonvanBrackel @jeff-mccoy @YrrepNoj @Racer159 @wirewc
+*.md @Madeline-UX @JasonvanBrackel @jeff-mccoy @YrrepNoj @Racer159 @wirewc
 
 # Core code
 /src/ @jeff-mccoy @YrrepNoj @Racer159

CONTRIBUTING.md

@@ -46,6 +46,12 @@ You can learn more about the testing of Zarf [here](docs/6-developer-guide/2-tes
 
 ## Documentation
 
+### Updating Our Documentation
+
+Our documentation is auto-generated from the `src/types` and `src/cmd` go packages.  This includes the [Zarf package jsonschema](https://github.com/defenseunicorns/zarf/blob/main/zarf.schema.json), the [Zarf schema docs](https://docs.zarf.dev/docs/user-guide/zarf-schema), the [Zarf CLI docs](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/), and our [front-end API types](https://github.com/defenseunicorns/zarf/blob/main/src/ui/lib/api-types.ts).   When an update to types or the CLI commands is made you will need to run `make docs-and-schema` locally to regenerate the schema and documentation. CI checks if this was ran, and will fail if it wasn't.
+
+We do this so that there is a git commit signature from a person on the commit for better traceability, rather than a non-person entity (e.g. GitHub CI token).
+
 ### Architecture Decision Records (ADR)
 
 We've chosen to use ADRs to document architecturally significant decisions. We primarily use the guidance found in [this article by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions) with a couple of tweaks:

docs/1-understand-the-basics.md

@@ -1,4 +1,4 @@
-# Understand The Basics
+# Understand the Basics
 
 Before you can effectively use Zarf, it is useful to have an understanding of the technology Zarf is built on and around. The sections below provide some helpful links to start building up this foundation as well as a glossary of the terms used in this project.
 
@@ -18,7 +18,7 @@ Before you can effectively use Zarf, it is useful to have an understanding of th
 - [What is AirGap](https://ibm.github.io/kubernetes-networking/vpc/airgap/)
 - AirGap Kubernetes Course - Coming Soon!
 
-## GitOps Basics
+### GitOps Basics
 
 - [CloudBees GitOps Definition](https://www.cloudbees.com/gitops/what-is-gitops)
 - [Understanding Git](https://hackernoon.com/understanding-git-fcffd87c15a3)
@@ -31,9 +31,9 @@ Before you can effectively use Zarf, it is useful to have an understanding of th
 
 ## Terms Used
 
-- **Declarative**:  A user states (via configuration file) which resources are needed and Zarf locates & packages them. A user does not have to know _how_ to download, collect, roll, and unroll dependencies for transport, they only have to know _what_ they need.
-- **Package**:  A well-defined, tool-generated, versioned, and compressed collection of software intended for movement (and later use) across a network / administrative boundary.
-- **Remote systems**:  Systems that are organized such that development & maintenance actions occur _primarily_ in locations physically & logically separate from where operations occur.
-- **Constrained systems**:  Systems with explicit resource / administrative / capability limitations.
+- **Declarative**:  A user states (via configuration file) which resources are needed and Zarf locates and packages them. A user does not have to know _how_ to download, collect, roll, and unroll dependencies for transport, they only have to know _what_ they need.
+- **Package**:  A well-defined, tool-generated, versioned, and compressed collection of software intended for movement (and later use) across a network/administrative boundary.
+- **Remote systems**:  Systems that are organized such that development and maintenance actions occur _primarily_ in locations physically and logically separate from where operations occur.
+- **Constrained systems**:  Systems with explicit resource/administrative/capability limitations.
 - **Independent systems**:  Systems are organized such that continued operation is possible even when disconnected (temporarily or otherwise) from external systems dependencies.
-- **Air-gapped systems**:  Systems are designed to operate while _physically disconnected_ from "unsecured" networks like the internet. More on that [here](<https://en.wikipedia.org/wiki/Air_gap_(networking)>).
+- **Air-gapped systems**:  Systems are designed to operate while _physically disconnected_ from "unsecured" networks like the internet. For more information, see [Air Gap Networking](<https://en.wikipedia.org/wiki/Air_gap_(networking)>).

docs/4-user-guide/3-zarf-schema.md

@@ -1748,12 +1748,17 @@ Must be one of:
  
 <blockquote>
 
-**Description:** The URL of the chart repository or git url if the chart is using a git repo instead of helm repo
+**Description:** The URL of the OCI registry, chart repository, or git repo where the helm chart is stored
 
 |          |          |
 | -------- | -------- |
 | **Type** | `string` |
 
+**Examples:** 
+
+<code>
+"OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo", "helm chart repo: https://stefanprodan.github.io/podinfo", "git repo: https://github.com/stefanprodan/podinfo"</code>
+
 </blockquote>
 </details>
 

examples/big-bang/config/ingress.yaml

@@ -7,36 +7,63 @@ istio:
       tls: # certs for *.bigbang.dev
         key: |
           -----BEGIN PRIVATE KEY-----
-          MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbI4SyUc4dXDvtm/x
-          PxxrC7qjmb2Kxit/ZphilhOoUF+hRANCAARBXS6lFbqcDFR5VUzihkUshJ7yX2s7
-          cXFqUD0ChkmsDnT+igae9xg6hEnz83JaTr4YAqJhEpI2B0ZLcVa4kMkw
+          MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDvKUzWiZucm6/
+          8D2Nx4KVe8t6uHtARpw112f4yGv7xKcOJkbxLbVtor8pj/HS5tRSZq2ziIQl9y98
+          8TVAOBezgzPPMDxOqDeyHl5gAtqzpK/eSPmueZIhR88BH2+SMYqa5kxmjn752Rf0
+          jVeCrVdQ5MD9rqA00oQi/zO+gQQoz6QSuiEQ2pSKYB3gv9oIoJorIU1n4qLYAezn
+          TvFwjmKWPPhRdyslpcAi1rVO+mVX3Y2DKU/CfpWNFVVT+H788Srn4yP6iWUymfQU
+          vHOXII1erMnES2H9BDffumrRf3m3IpgueQ3vPhB8ftjFZozURj2t/WSeaKsyQSoZ
+          Wr99DWxpAgMBAAECggEAAW8ARsACSAzOgtlfmgo8Cpw9gUiYnn/l5P8O4+OT5uQp
+          1RCytFGBYqwuej9zpffK1k+qNgZp8V0+G8wod6/xfH8Zggr4ZhsVTVirmEhtEaPD
+          Jf2i1oRNbbD48yknyApU2Y2WQaoJhArzAfeHDI34db83KqR8x+ZC0X7NAjgvr5zS
+          b0OfY2tht4oxEWh2m67FzlFgF+cWyszRYyfvHfOFBqLesuCnSfMoOzmbT3SlnxHo
+          6GSa1e/kCJVzFJNb74BZTIH0w6Ar/a0QG829VXivqj8lRENU/1xUI2JhNz4RdH7F
+          6MeiwQbq4pWjHfh4djuzQFIwOgCnSNRnNuNywOVuAQKBgQDjleEI1XFQawXmHtHu
+          6GMhbgptRoSUyutDDdo2MHGvDbxDOIsczIBjxCuYAM47nmGMuWbDJUN+2VQAX32J
+          WZagRxWikxnEqv3B7No7tLSQ42rRo/tDBrZPCCuS9u/ZJM4o7MCa/VzTtbicGOCh
+          bTIoTeEtT2piIdkrjHFGGlYOLQKBgQDcLNFHrSJCkHfCoz75+zytfYan+2dIxuV/
+          MlnrT8XHt33cst4ZwoIQbsE6mv7J4CJqOgUYDvoJpioLV3InUACDxXd+bVY7RwxP
+          j25pXzYL++RctVO3IEOCmFkwlq0fNFdrOn8Y/cnRTwd2e60n08rCKgJS8KhEAaO0
+          QvVmAHw4rQKBgQDL7hCAnunzuoLFqpZI8tlpKjaTpp3EynO3WSFQb2ZfCvrIbVFS
+          U/kz7KN3iDlEeO5GcBeiA7EQaGN6FhbiTXHIWwoK7K8paGMMM1V2LL2kGvQruDm8
+          3LXd6Z9KCJXxSKanS0ZnW2KjnnE3Bp+6ZqOMNATzWfckydnUyPrza0PzXQKBgEYS
+          1YCUb8Tzqcn+nrp85XDp9INeFh8pfj0fT1L/DpljouEs5Fcaer60ITd/wPuLJCje
+          0mQ30AhmJBd7+07bvW4y2LcaIUm4cQiZQ7CxpsfloWaIJ16vHA1iY3B9ZBf8Vp4/
+          /dd8XlEJb/ybnB6C35MwP5EaGtOaGfnzHZsbKG35AoGAWm9tpqhuldQ3MCvoAr5Q
+          b42JLSKqwpvVjQDiFZPI/0wZTo3WkWm9Rd7CAACheb8S70K1r/JIzsmIcnj0v4xs
+          sfd+R35UE+m8MExbDP4lKFParmvi2/UZfb3VFNMmMPTV6AEIBl6N4PmhHMZOsIRs
+          H4RxbE+FpmsMAUCpdrzvFkc=
           -----END PRIVATE KEY-----
         cert: |
           -----BEGIN CERTIFICATE-----
-          MIIEUzCCAzugAwIBAgISBHoCz33seokZ+hWF+OfiTMqlMA0GCSqGSIb3DQEBCwUA
+          MIIFHzCCBAegAwIBAgISA5mpYS+M8wSuhJbgCNVoGbYiMA0GCSqGSIb3DQEBCwUA
           MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
-          EwJSMzAeFw0yMjExMjgwMjA3MzBaFw0yMzAyMjYwMjA3MjlaMBgxFjAUBgNVBAMM
-          DSouYmlnYmFuZy5kZXYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBXS6lFbqc
-          DFR5VUzihkUshJ7yX2s7cXFqUD0ChkmsDnT+igae9xg6hEnz83JaTr4YAqJhEpI2
-          B0ZLcVa4kMkwo4ICRjCCAkIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG
-          AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZLuU4qIJi
-          qr/SY+/C7ifK344D4zAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV
-          BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y
-          ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP
-          gg0qLmJpZ2JhbmcuZGV2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T
-          AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB
-          AgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAtz77JN+cTbp18jnFulj0bF38Qs96nzXE
-          nh0JgSXttJkAAAGEvDQ68gAABAMARjBEAiB1/FhMAr6tarPIBlGR9ZiL/WBB6idj
-          yQeNNiGzaz/VcAIgBLdpCxIC+YJ9ASx+6sh4C20P90EsHbjbKX2VXTZiCMgAdQB6
-          MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYS8NDsDAAAEAwBGMEQC
-          IGXii83fe7DSKjK/ySAxHki4A8OBittl2xHFHMwlMMctAiA2offWzUhaozyClcz8
-          fhlQKYsJTfZbEwyEqqhHwyFnRTANBgkqhkiG9w0BAQsFAAOCAQEAuPfgvelt/5FX
-          7ZVkuKWDMdfK/7+mEUk6NFKXgMALC4AY+mFn9FbdwNGcK1kCF1Iri45T/LFwKlOt
-          oZSz3zokzSqboAh7Fbz+ZLWEm+/rcjDtNC741nCfhRALQ3zTXTQ/eko8/KpMbrpJ
-          P9TwblH78XI3CDDl8dxTmKslpfENLUYfkK1dCKUtxykB8uXQ3AjbeKCN8MUPMDIs
-          SShD69vtzjpFIIK44dExBWkDAHZFiG/if3yutAciuipBkacbJMx8/V7BUZbqPaHe
-          IMw7np50bsAZWrIsN5rQfj0nZQWbgk3BpRqtswqpPMmhxFNq0d3uW+HVPTRRmUt8
-          bCov2UvY8g==
+          EwJSMzAeFw0yMzAyMjQxMzU1MzBaFw0yMzA1MjUxMzU1MjlaMBgxFjAUBgNVBAMM
+          DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD
+          vKUzWiZucm6/8D2Nx4KVe8t6uHtARpw112f4yGv7xKcOJkbxLbVtor8pj/HS5tRS
+          Zq2ziIQl9y988TVAOBezgzPPMDxOqDeyHl5gAtqzpK/eSPmueZIhR88BH2+SMYqa
+          5kxmjn752Rf0jVeCrVdQ5MD9rqA00oQi/zO+gQQoz6QSuiEQ2pSKYB3gv9oIoJor
+          IU1n4qLYAeznTvFwjmKWPPhRdyslpcAi1rVO+mVX3Y2DKU/CfpWNFVVT+H788Srn
+          4yP6iWUymfQUvHOXII1erMnES2H9BDffumrRf3m3IpgueQ3vPhB8ftjFZozURj2t
+          /WSeaKsyQSoZWr99DWxpAgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD
+          VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+          BBYEFFWw8Antpeyt5+/J//sIHTWkf8MtMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
+          QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
+          Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
+          MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
+          NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
+          cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQB6MoxU2LcttiDqOOBS
+          HumEFnAyE4VNO9IrwTpXo1LrUgAAAYaD7AyTAAAEAwBGMEQCIG1jzmcfMv+DNdJh
+          8gYpo44sgsASNEF8CjWCyHFhvITiAiASh+KhZXLaFXKsKF99fd6CTnKX30nOz2UR
+          NfSnXwW5JwB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoPs
+          DHAAAAQDAEcwRQIhALnaITI/ItM9FxxA0hc2VAVJ5xk36/FZtjMJyDAx2dmHAiAT
+          hnn8YDRB/fPRnv8PUOcubqK2mNwMRCk5wQBjQGYanTANBgkqhkiG9w0BAQsFAAOC
+          AQEAeviZDlTw9bzxF9vIZ1F+ijIQmnma6CD32eIEQmD/tIpOeayxuRiNFzIt/ixo
+          uC0/hKcC+JbVb7ZJOT9woPDce+g3gbA2i390yf3av3EP7sptV90rTM8gLPAdtHxo
+          RW14cSGmGFmaBRhr7ZbaSumztWcqgOF5orBq26wkhPT5bmqn7YX1W/H7/OMjP1Z+
+          fQTfgFnfkBtzg1Ib4z3SHIPTqo2kAN3cF+b8AxrUKlk0STwesX2mR9h9jUKTapGg
+          Y36zDlKTOI3edM22AZDSmrIiR2LV1qGBDoxrsJmnK/Ci3t0KjwzJz45tyzenk8kO
+          imbt/HYVhe8WfukQ/kQdlhsHCw==
           -----END CERTIFICATE-----
           -----BEGIN CERTIFICATE-----
           MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw

examples/big-bang/virtualservices/gitea.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: gitea
+  namespace: zarf
+spec:
+  gateways:
+    - istio-system/public
+  hosts:
+    - gitea.###ZARF_VAR_DOMAIN###
+  http:
+    - route:
+        - destination:
+            host: zarf-gitea-http.zarf.svc.cluster.local
+            port:
+              number: 3000

examples/big-bang/zarf.yaml

@@ -27,3 +27,12 @@ components:
           - config/loki.yaml
           # Values are merged in order, so this would override the above and disable everything if uncommented
           # - config/disable-all.yaml
+  - name: gitea-virtual-service
+    description: >
+      Expose the internal Zarf Gitea server through the Big Bang Istio deployment via a virtual service.
+      (only applies if you are using the Zarf-provided Gitea deployment - not an externally configured git host)
+    manifests:
+      - name: gitea
+        namespace: zarf
+        files:
+          - virtualservices/gitea.yaml

src/internal/packager/images/pull.go

@@ -70,6 +70,7 @@ func (i *ImgConfig) PullAll() error {
 	}
 
 	totalBytes := int64(0)
+	processedLayers := make(map[string]bool)
 	for src, img := range imageMap {
 		tag, err := name.NewTag(src, name.WeakValidation)
 		if err != nil {
@@ -82,11 +83,21 @@ func (i *ImgConfig) PullAll() error {
 			return fmt.Errorf("unable to get layers for image %s: %w", src, err)
 		}
 		for _, layer := range layers {
-			size, err := layer.Size()
+			layerDigest, err := layer.Digest()
 			if err != nil {
-				return fmt.Errorf("unable to get size of layer: %w", err)
+				return fmt.Errorf("unable to get digest for image layer: %w", err)
 			}
-			totalBytes += size
+
+			// Only calculate this layer size if we haven't already looked at it
+			if !processedLayers[layerDigest.Hex] {
+				size, err := layer.Size()
+				if err != nil {
+					return fmt.Errorf("unable to get size of layer: %w", err)
+				}
+				totalBytes += size
+				processedLayers[layerDigest.Hex] = true
+			}
+
 		}
 	}
 	spinner.Updatef("Preparing image sources and cache for image pulling")

src/pkg/packager/network.go

@@ -252,8 +252,13 @@ func getOCIPackageSize(src *utils.OrasRemote, ref registry.Reference) (int64, er
 		layers = manifest.Layers
 	}
 
+	processedLayers := make(map[string]bool)
 	for _, layer := range layers {
-		total += layer.Size
+		// Only include this layer's size if we haven't already processed it
+		if !processedLayers[layer.Digest.String()] {
+			total += layer.Size
+			processedLayers[layer.Digest.String()] = true
+		}
 	}
 
 	return total, nil

src/types/component.go

@@ -86,7 +86,7 @@ type ZarfFile struct {
 type ZarfChart struct {
 	Name        string   `json:"name" jsonschema:"description=The name of the chart to deploy; this should be the name of the chart as it is installed in the helm repo"`
 	ReleaseName string   `json:"releaseName,omitempty" jsonschema:"description=The name of the release to create; defaults to the name of the chart"`
-	URL         string   `json:"url,omitempty" jsonschema:"oneof_required=url,description=The URL of the chart repository or git url if the chart is using a git repo instead of helm repo"`
+	URL         string   `json:"url,omitempty" jsonschema:"oneof_required=url,example=OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo,example=helm chart repo: https://stefanprodan.github.io/podinfo,example=git repo: https://github.com/stefanprodan/podinfo" jsonschema_description:"The URL of the OCI registry, chart repository, or git repo where the helm chart is stored"`
 	Version     string   `json:"version" jsonschema:"description=The version of the chart to deploy; for git-based charts this is also the tag of the git repo"`
 	Namespace   string   `json:"namespace" jsonschema:"description=The namespace to deploy the chart to"`
 	ValuesFiles []string `json:"valuesFiles,omitempty" jsonschema:"description=List of values files to include in the package; these will be merged together"`

src/ui/lib/api-types.ts

@@ -490,8 +490,7 @@ export interface ZarfChart {
      */
     releaseName?: string;
     /**
-     * The URL of the chart repository or git url if the chart is using a git repo instead of
-     * helm repo
+     * The URL of the OCI registry, chart repository, or git repo where the helm chart is stored
      */
     url?: string;
     /**

zarf.schema.json

@@ -127,7 +127,12 @@
         },
         "url": {
           "type": "string",
-          "description": "The URL of the chart repository or git url if the chart is using a git repo instead of helm repo"
+          "description": "The URL of the OCI registry, chart repository, or git repo where the helm chart is stored",
+          "examples": [
+            "OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo",
+            "helm chart repo: https://stefanprodan.github.io/podinfo",
+            "git repo: https://github.com/stefanprodan/podinfo"
+          ]
         },
         "version": {
           "type": "string",