Merge branch 'main' into hotfix-merge-manifests

.github/workflows/release.yml

@@ -63,6 +63,11 @@ jobs:
           make release-init-package ARCH=amd64 AGENT_IMAGE_TAG=$GITHUB_REF_NAME
           make release-init-package ARCH=arm64 AGENT_IMAGE_TAG=$GITHUB_REF_NAME
 
+      - name: Publish Init Package as OCI and Skeleton
+        run: |
+          make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/defenseunicorns/packages
+          make publish-init-package ARCH=arm64 REPOSITORY_URL=ghcr.io/defenseunicorns/packages
+
       # Create a CVE report based on this build
       - name: Create release time CVE report
         run: "make cve-report"

Makefile

@@ -130,6 +130,11 @@ ib-init-package:
 		--set REGISTRY_IMAGE="ironbank/opensource/docker/registry-v2" \
 		--set REGISTRY_IMAGE_TAG="2.8.2"
 
+# INTERNAL: used to publish the init package
+publish-init-package:
+	$(ZARF_BIN) package publish build/zarf-init-$(ARCH)-$(CLI_VERSION).tar.zst oci://$(REPOSITORY_URL)
+	$(ZARF_BIN) package publish . oci://$(REPOSITORY_URL)
+
 build-examples: ## Build all of the example packages
 	@test -s $(ZARF_BIN) || $(MAKE) build-cli
 

docs/2-the-zarf-cli/100-cli-commands/zarf_tools.md

@@ -31,6 +31,7 @@ Collection of additional tools to make airgap easier
 * [zarf tools gen-key](zarf_tools_gen-key.md)	 - Generates a cosign public/private keypair that can be used to sign packages
 * [zarf tools gen-pki](zarf_tools_gen-pki.md)	 - Generates a Certificate Authority and PKI chain of trust for the given host
 * [zarf tools get-creds](zarf_tools_get-creds.md)	 - Displays a table of credentials for deployed Zarf services. Pass a service key to get a single credential
+* [zarf tools helm](zarf_tools_helm.md)	 - Subset of the Helm CLI included with Zarf to help manage helm charts.
 * [zarf tools kubectl](zarf_tools_kubectl.md)	 - Kubectl command. See https://kubernetes.io/docs/reference/kubectl/overview/ for more information.
 * [zarf tools monitor](zarf_tools_monitor.md)	 - Launches a terminal UI to monitor the connected cluster using K9s.
 * [zarf tools registry](zarf_tools_registry.md)	 - Tools for working with container registries using go-containertools

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_helm.md

@@ -0,0 +1,35 @@
+# zarf tools helm
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+Subset of the Helm CLI included with Zarf to help manage helm charts.
+
+## Synopsis
+
+Subset of the Helm CLI that includes the repo and dependency commands for managing helm charts destined for the air gap.
+
+## Options
+
+```
+      --burst-limit int                 client-side default throttling limit (default 100)
+      --debug                           enable verbose output
+  -h, --help                            help for helm
+      --kube-apiserver string           the address and the port for the Kubernetes API server
+      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --kube-as-user string             username to impersonate for the operation
+      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
+      --kube-context string             name of the kubeconfig context to use
+      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
+      --kube-token string               bearer token used for authentication
+      --kubeconfig string               path to the kubeconfig file
+  -n, --namespace string                namespace scope for this request
+      --registry-config string          path to the registry config file
+      --repository-cache string         path to the file containing cached repository indexes
+      --repository-config string        path to the file containing repository names and URLs
+```
+
+## SEE ALSO
+
+* [zarf tools](zarf_tools.md)	 - Collection of additional tools to make airgap easier
+* [zarf tools helm dependency](zarf_tools_helm_dependency.md)	 - manage a chart's dependencies
+* [zarf tools helm repo](zarf_tools_helm_repo.md)	 - add, list, remove, update, and index chart repositories

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_helm_dependency.md

@@ -0,0 +1,87 @@
+# zarf tools helm dependency
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+manage a chart's dependencies
+
+## Synopsis
+
+
+Manage the dependencies of a chart.
+
+Helm charts store their dependencies in 'charts/'. For chart developers, it is
+often easier to manage dependencies in 'Chart.yaml' which declares all
+dependencies.
+
+The dependency commands operate on that file, making it easy to synchronize
+between the desired dependencies and the actual dependencies stored in the
+'charts/' directory.
+
+For example, this Chart.yaml declares two dependencies:
+
+    # Chart.yaml
+    dependencies:
+    - name: nginx
+      version: "1.2.3"
+      repository: "https://example.com/charts"
+    - name: memcached
+      version: "3.2.1"
+      repository: "https://another.example.com/charts"
+
+
+The 'name' should be the name of a chart, where that name must match the name
+in that chart's 'Chart.yaml' file.
+
+The 'version' field should contain a semantic version or version range.
+
+The 'repository' URL should point to a Chart Repository. Helm expects that by
+appending '/index.yaml' to the URL, it should be able to retrieve the chart
+repository's index. Note: 'repository' can be an alias. The alias must start
+with 'alias:' or '@'.
+
+Starting from 2.2.0, repository can be defined as the path to the directory of
+the dependency charts stored locally. The path should start with a prefix of
+"file://". For example,
+
+    # Chart.yaml
+    dependencies:
+    - name: nginx
+      version: "1.2.3"
+      repository: "file://../dependency_chart/nginx"
+
+If the dependency chart is retrieved locally, it is not required to have the
+repository added to helm by "helm add repo". Version matching is also supported
+for this case.
+
+
+## Options
+
+```
+  -h, --help   help for dependency
+```
+
+## Options inherited from parent commands
+
+```
+      --burst-limit int                 client-side default throttling limit (default 100)
+      --debug                           enable verbose output
+      --kube-apiserver string           the address and the port for the Kubernetes API server
+      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --kube-as-user string             username to impersonate for the operation
+      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
+      --kube-context string             name of the kubeconfig context to use
+      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
+      --kube-token string               bearer token used for authentication
+      --kubeconfig string               path to the kubeconfig file
+  -n, --namespace string                namespace scope for this request
+      --registry-config string          path to the registry config file
+      --repository-cache string         path to the file containing cached repository indexes
+      --repository-config string        path to the file containing repository names and URLs
+```
+
+## SEE ALSO
+
+* [zarf tools helm](zarf_tools_helm.md)	 - Subset of the Helm CLI included with Zarf to help manage helm charts.
+* [zarf tools helm dependency build](zarf_tools_helm_dependency_build.md)	 - rebuild the charts/ directory based on the Chart.lock file
+* [zarf tools helm dependency list](zarf_tools_helm_dependency_list.md)	 - list the dependencies for the given chart
+* [zarf tools helm dependency update](zarf_tools_helm_dependency_update.md)	 - update charts/ based on the contents of Chart.yaml

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_helm_dependency_build.md

@@ -0,0 +1,54 @@
+# zarf tools helm dependency build
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+rebuild the charts/ directory based on the Chart.lock file
+
+## Synopsis
+
+
+Build out the charts/ directory from the Chart.lock file.
+
+Build is used to reconstruct a chart's dependencies to the state specified in
+the lock file. This will not re-negotiate dependencies, as 'zarf tools helm dependency update'
+does.
+
+If no lock file is found, 'zarf tools helm dependency build' will mirror the behavior
+of 'zarf tools helm dependency update'.
+
+
+```
+zarf tools helm dependency build CHART [flags]
+```
+
+## Options
+
+```
+  -h, --help             help for build
+      --keyring string   keyring containing public keys
+      --skip-refresh     do not refresh the local repository cache
+      --verify           verify the packages against signatures
+```
+
+## Options inherited from parent commands
+
+```
+      --burst-limit int                 client-side default throttling limit (default 100)
+      --debug                           enable verbose output
+      --kube-apiserver string           the address and the port for the Kubernetes API server
+      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --kube-as-user string             username to impersonate for the operation
+      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
+      --kube-context string             name of the kubeconfig context to use
+      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
+      --kube-token string               bearer token used for authentication
+      --kubeconfig string               path to the kubeconfig file
+  -n, --namespace string                namespace scope for this request
+      --registry-config string          path to the registry config file
+      --repository-cache string         path to the file containing cached repository indexes
+      --repository-config string        path to the file containing repository names and URLs
+```
+
+## SEE ALSO
+
+* [zarf tools helm dependency](zarf_tools_helm_dependency.md)	 - manage a chart's dependencies

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_helm_dependency_list.md

@@ -0,0 +1,50 @@
+# zarf tools helm dependency list
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+list the dependencies for the given chart
+
+## Synopsis
+
+
+List all of the dependencies declared in a chart.
+
+This can take chart archives and chart directories as input. It will not alter
+the contents of a chart.
+
+This will produce an error if the chart cannot be loaded.
+
+
+```
+zarf tools helm dependency list CHART [flags]
+```
+
+## Options
+
+```
+  -h, --help                 help for list
+      --max-col-width uint   maximum column width for output table (default 80)
+```
+
+## Options inherited from parent commands
+
+```
+      --burst-limit int                 client-side default throttling limit (default 100)
+      --debug                           enable verbose output
+      --kube-apiserver string           the address and the port for the Kubernetes API server
+      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --kube-as-user string             username to impersonate for the operation
+      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
+      --kube-context string             name of the kubeconfig context to use
+      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
+      --kube-token string               bearer token used for authentication
+      --kubeconfig string               path to the kubeconfig file
+  -n, --namespace string                namespace scope for this request
+      --registry-config string          path to the registry config file
+      --repository-cache string         path to the file containing cached repository indexes
+      --repository-config string        path to the file containing repository names and URLs
+```
+
+## SEE ALSO
+
+* [zarf tools helm dependency](zarf_tools_helm_dependency.md)	 - manage a chart's dependencies

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_helm_dependency_update.md

@@ -0,0 +1,58 @@
+# zarf tools helm dependency update
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+update charts/ based on the contents of Chart.yaml
+
+## Synopsis
+
+
+Update the on-disk dependencies to mirror Chart.yaml.
+
+This command verifies that the required charts, as expressed in 'Chart.yaml',
+are present in 'charts/' and are at an acceptable version. It will pull down
+the latest charts that satisfy the dependencies, and clean up old dependencies.
+
+On successful update, this will generate a lock file that can be used to
+rebuild the dependencies to an exact version.
+
+Dependencies are not required to be represented in 'Chart.yaml'. For that
+reason, an update command will not remove charts unless they are (a) present
+in the Chart.yaml file, but (b) at the wrong version.
+
+
+```
+zarf tools helm dependency update CHART [flags]
+```
+
+## Options
+
+```
+  -h, --help             help for update
+      --keyring string   keyring containing public keys
+      --skip-refresh     do not refresh the local repository cache
+      --verify           verify the packages against signatures
+```
+
+## Options inherited from parent commands
+
+```
+      --burst-limit int                 client-side default throttling limit (default 100)
+      --debug                           enable verbose output
+      --kube-apiserver string           the address and the port for the Kubernetes API server
+      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --kube-as-user string             username to impersonate for the operation
+      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
+      --kube-context string             name of the kubeconfig context to use
+      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
+      --kube-token string               bearer token used for authentication
+      --kubeconfig string               path to the kubeconfig file
+  -n, --namespace string                namespace scope for this request
+      --registry-config string          path to the registry config file
+      --repository-cache string         path to the file containing cached repository indexes
+      --repository-config string        path to the file containing repository names and URLs
+```
+
+## SEE ALSO
+
+* [zarf tools helm dependency](zarf_tools_helm_dependency.md)	 - manage a chart's dependencies

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_helm_repo.md

@@ -0,0 +1,47 @@
+# zarf tools helm repo
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+add, list, remove, update, and index chart repositories
+
+## Synopsis
+
+
+This command consists of multiple subcommands to interact with chart repositories.
+
+It can be used to add, remove, list, and index chart repositories.
+
+
+## Options
+
+```
+  -h, --help   help for repo
+```
+
+## Options inherited from parent commands
+
+```
+      --burst-limit int                 client-side default throttling limit (default 100)
+      --debug                           enable verbose output
+      --kube-apiserver string           the address and the port for the Kubernetes API server
+      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --kube-as-user string             username to impersonate for the operation
+      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
+      --kube-context string             name of the kubeconfig context to use
+      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
+      --kube-token string               bearer token used for authentication
+      --kubeconfig string               path to the kubeconfig file
+  -n, --namespace string                namespace scope for this request
+      --registry-config string          path to the registry config file
+      --repository-cache string         path to the file containing cached repository indexes
+      --repository-config string        path to the file containing repository names and URLs
+```
+
+## SEE ALSO
+
+* [zarf tools helm](zarf_tools_helm.md)	 - Subset of the Helm CLI included with Zarf to help manage helm charts.
+* [zarf tools helm repo add](zarf_tools_helm_repo_add.md)	 - add a chart repository
+* [zarf tools helm repo index](zarf_tools_helm_repo_index.md)	 - generate an index file given a directory containing packaged charts
+* [zarf tools helm repo list](zarf_tools_helm_repo_list.md)	 - list chart repositories
+* [zarf tools helm repo remove](zarf_tools_helm_repo_remove.md)	 - remove one or more chart repositories
+* [zarf tools helm repo update](zarf_tools_helm_repo_update.md)	 - update information of available charts locally from chart repositories