├── .github ├── dependabot.yaml └── workflows │ ├── release.yaml │ └── test.yaml ├── .gitignore ├── .goreleaser.yaml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DCO ├── Dockerfile ├── LICENSE ├── Makefile ├── PROJECT ├── README.md ├── config ├── default │ ├── kustomization.yaml │ └── namespace.yaml ├── manager │ ├── deployment.yaml │ └── kustomization.yaml ├── rbac │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ └── role_binding.yaml └── release │ └── kustomization.yaml ├── controllers ├── gitrepository_predicate.go └── gitrepository_watcher.go ├── go.mod ├── go.sum ├── hack └── boilerplate.go.txt └── main.go /.github/dependabot.yaml: -------------------------------------------------------------------------------- 1 | version: 2 2 | 3 | updates: 4 | - package-ecosystem: "gomod" 5 | directory: "/" 6 | schedule: 7 | interval: "daily" 8 | groups: 9 | flux-deps: 10 | patterns: 11 | - "github.com/fluxcd/*" 12 | misc-deps: 13 | patterns: 14 | - "*" 15 | exclude-patterns: 16 | - "github.com/fluxcd/*" 17 | allow: 18 | - dependency-type: "direct" 19 | ignore: 20 | - dependency-name: "k8s.io/*" 21 | - dependency-name: "sigs.k8s.io/*" 22 | - package-ecosystem: "github-actions" 23 | directory: "/" 24 | schedule: 25 | interval: "daily" 26 | groups: 27 | ci: 28 | patterns: 29 | - "*" 30 | - package-ecosystem: "docker" 31 | directory: "/" 32 | schedule: 33 | interval: "daily" 34 | groups: 35 | docker: 36 | patterns: 37 | - "*" 38 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: release 2 | 3 | on: 4 | push: 5 | tags: 6 | - 'v*' 7 | workflow_dispatch: 8 | inputs: 9 | tag: 10 | description: 'image tag prefix' 11 | default: 'rc' 12 | required: true 13 | 14 | permissions: 15 | contents: read 16 | 17 | env: 18 | CONTROLLER: ${{ github.event.repository.name }} 19 | 20 | jobs: 21 | release: 22 | outputs: 23 | hashes: ${{ steps.hash.outputs.hashes }} 24 | image_url: ${{ steps.hash.outputs.image_url }} 25 | image_digest: ${{ steps.hash.outputs.image_digest }} 26 | runs-on: ubuntu-latest 27 | permissions: 28 | contents: write # needed to write releases 29 | id-token: write # needed for keyless signing 30 | packages: write # needed for ghcr access 31 | steps: 32 | - name: Checkout 33 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 34 | - name: Setup Kustomize 35 | uses: fluxcd/pkg/actions/kustomize@main 36 | - name: Prepare 37 | id: prep 38 | run: | 39 | VERSION="${{ github.event.inputs.tag }}-${GITHUB_SHA::8}" 40 | if [[ $GITHUB_REF == refs/tags/* ]]; then 41 | VERSION=${GITHUB_REF/refs\/tags\//} 42 | fi 43 | echo "version=${VERSION}" >> $GITHUB_OUTPUT 44 | - name: Setup Go 45 | uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 46 | with: 47 | go-version: 1.23.x 48 | cache-dependency-path: | 49 | **/go.sum 50 | **/go.mod 51 | - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 52 | - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 53 | - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 54 | - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 55 | - name: Docker login ghcr.io 56 | uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 57 | with: 58 | registry: ghcr.io 59 | username: fluxcdbot 60 | password: ${{ secrets.GHCR_TOKEN }} 61 | - name: Docker login docker.io 62 | uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 63 | with: 64 | username: fluxcdbot 65 | password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }} 66 | - name: Docker meta 67 | id: meta 68 | uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 69 | with: 70 | images: | 71 | fluxcd/${{ env.CONTROLLER }} 72 | ghcr.io/fluxcd/${{ env.CONTROLLER }} 73 | tags: | 74 | type=raw,value=${{ steps.prep.outputs.version }} 75 | - name: Docker push 76 | uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0 77 | id: build-push 78 | with: 79 | sbom: true 80 | provenance: true 81 | push: true 82 | builder: ${{ steps.buildx.outputs.name }} 83 | context: . 84 | file: ./Dockerfile 85 | platforms: linux/amd64,linux/arm/v7,linux/arm64 86 | tags: ${{ steps.meta.outputs.tags }} 87 | labels: ${{ steps.meta.outputs.labels }} 88 | - name: Sign images 89 | env: 90 | COSIGN_EXPERIMENTAL: 1 91 | run: | 92 | cosign sign --yes fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }} 93 | cosign sign --yes ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }} 94 | - name: GoReleaser publish signed SBOM 95 | id: run-goreleaser 96 | if: startsWith(github.ref, 'refs/tags/v') 97 | uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 98 | with: 99 | version: latest 100 | args: release --clean --skip=validate 101 | env: 102 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 103 | - name: Generate SLSA hashes 104 | id: hash 105 | env: 106 | ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" 107 | run: | 108 | set -euo pipefail 109 | 110 | hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0) 111 | echo "hashes=$hashes" >> $GITHUB_OUTPUT 112 | 113 | image_url=fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }} 114 | image_digest=${{ steps.build-push.outputs.digest }} 115 | echo "image_url=$image_url" >> $GITHUB_OUTPUT 116 | echo "image_digest=$image_digest" >> $GITHUB_OUTPUT 117 | 118 | release-provenance: 119 | needs: [release] 120 | permissions: 121 | actions: read # To read the workflow path. 122 | id-token: write # To sign the provenance. 123 | contents: write # To add assets to the release. 124 | uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 125 | with: 126 | base64-subjects: "${{ needs.release.outputs.hashes }}" 127 | upload-assets: true 128 | 129 | dockerhub-provenance: 130 | needs: [release] 131 | permissions: 132 | actions: read # for detecting the Github Actions environment. 133 | id-token: write # for creating OIDC tokens for signing. 134 | packages: write # for uploading attestations. 135 | uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 136 | with: 137 | image: ${{ needs.release.outputs.image_url }} 138 | digest: ${{ needs.release.outputs.image_digest }} 139 | registry-username: fluxcdbot 140 | secrets: 141 | registry-password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }} 142 | 143 | ghcr-provenance: 144 | needs: [release] 145 | permissions: 146 | actions: read # for detecting the Github Actions environment. 147 | id-token: write # for creating OIDC tokens for signing. 148 | packages: write # for uploading attestations. 149 | uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 150 | with: 151 | image: ghcr.io/${{ needs.release.outputs.image_url }} 152 | digest: ${{ needs.release.outputs.image_digest }} 153 | registry-username: fluxcdbot 154 | secrets: 155 | registry-password: ${{ secrets.GHCR_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: test 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: 7 | - main 8 | - test* 9 | 10 | jobs: 11 | unit: 12 | if: "!contains(github.event.pull_request.labels.*.name, 'skip-ci')" 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 17 | - name: Setup Go 18 | uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 19 | with: 20 | go-version: 1.23.x 21 | cache-dependency-path: | 22 | **/go.sum 23 | **/go.mod 24 | - name: Run tests 25 | run: make test 26 | - name: Check if working tree is dirty 27 | run: | 28 | if [[ $(git diff --stat) != '' ]]; then 29 | git --no-pager diff 30 | echo 'run make test and commit changes' 31 | exit 1 32 | fi 33 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, built with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool 12 | *.out 13 | 14 | # Local build output dir 15 | bin/ 16 | testbin/ 17 | build/ 18 | -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- 1 | project_name: source-watcher 2 | 3 | builds: 4 | - skip: true 5 | 6 | release: 7 | prerelease: auto 8 | footer: | 9 | ## Container images 10 | 11 | - `docker.io/fluxcd/{{.ProjectName}}:{{.Tag}}` 12 | - `ghcr.io/fluxcd/{{.ProjectName}}:{{.Tag}}` 13 | 14 | Supported architectures: `linux/amd64`, `linux/arm64` and `linux/arm/v7`. 15 | 16 | The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. 17 | To verify the images and their provenance (SLSA level 3), please see the [security documentation](https://fluxcd.io/flux/security/). 18 | 19 | changelog: 20 | use: github-native 21 | 22 | checksum: 23 | name_template: 'checksums.txt' 24 | 25 | source: 26 | enabled: true 27 | 28 | sboms: 29 | - artifacts: archive 30 | - id: source 31 | artifacts: source 32 | 33 | # signs the checksum file 34 | # all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to 35 | # https://goreleaser.com/customization/sign 36 | signs: 37 | - cmd: cosign 38 | env: 39 | - COSIGN_EXPERIMENTAL=1 40 | certificate: '${artifact}.pem' 41 | args: 42 | - sign-blob 43 | - "--yes" 44 | - '--output-certificate=${certificate}' 45 | - '--output-signature=${signature}' 46 | - '${artifact}' 47 | artifacts: checksum 48 | output: true 49 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | 3 | Source watcher follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Source watcher is [Apache 2.0 licensed](LICENSE) and accepts contributions 4 | via GitHub pull requests. This document outlines some of the conventions on 5 | to make it easier to get your contribution accepted. 6 | 7 | We gratefully welcome improvements to issues and documentation as well as to 8 | code. 9 | 10 | ## Certificate of Origin 11 | 12 | By contributing to this project you agree to the Developer Certificate of 13 | Origin (DCO). This document was created by the Linux Kernel community and is a 14 | simple statement that you, as a contributor, have the legal right to make the 15 | contribution. 16 | 17 | We require all commits to be signed. By signing off with your signature, you 18 | certify that you wrote the patch or otherwise have the right to contribute the 19 | material by the rules of the [DCO](DCO): 20 | 21 | `Signed-off-by: Jane Doe ` 22 | 23 | The signature must contain your real name 24 | (sorry, no pseudonyms or anonymous contributions) 25 | If your `user.name` and `user.email` are configured in your Git config, 26 | you can sign your commit automatically with `git commit -s`. 27 | 28 | ## Communications 29 | 30 | The project uses Slack: To join the conversation, simply join the 31 | [CNCF](https://slack.cncf.io/) Slack workspace and use the 32 | [#flux](https://cloud-native.slack.com/messages/flux/) channel. 33 | 34 | The developers use a mailing list to discuss development as well. 35 | Simply subscribe to [flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev) 36 | to join the conversation (this will also add an invitation to your 37 | Google calendar for our [Flux 38 | meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/edit#)). 39 | 40 | ### How to run the test suite 41 | 42 | Prerequisites: 43 | * go >= 1.20 44 | * docker >= 20.10 45 | * kustomize >= 4.4 46 | 47 | You can run the unit tests by simply doing 48 | 49 | ```bash 50 | make test 51 | ``` 52 | 53 | ## Acceptance policy 54 | 55 | These things will make a PR more likely to be accepted: 56 | 57 | - a well-described requirement 58 | - tests for new code 59 | - tests for old code! 60 | - new code and tests follow the conventions in old code and tests 61 | - a good commit message (see below) 62 | - all code must abide [Go Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments) 63 | - names should abide [What's in a name](https://talks.golang.org/2014/names.slide#1) 64 | - code must build on both Linux and Darwin, via plain `go build` 65 | - code should have appropriate test coverage and tests should be written 66 | to work with `go test` 67 | 68 | In general, we will merge a PR once one maintainer has endorsed it. 69 | For substantial changes, more people may become involved, and you might 70 | get asked to resubmit the PR or divide the changes into more than one PR. 71 | 72 | ### Format of the Commit Message 73 | 74 | For Kustomize Controller we prefer the following rules for good commit messages: 75 | 76 | - Limit the subject to 50 characters and write as the continuation 77 | of the sentence "If applied, this commit will ..." 78 | - Explain what and why in the body, if more than a trivial change; 79 | wrap it at 72 characters. 80 | 81 | The [following article](https://chris.beams.io/posts/git-commit/#seven-rules) 82 | has some more helpful advice on documenting your work. 83 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 660 York Street, Suite 102, 6 | San Francisco, CA 94110 USA 7 | 8 | Everyone is permitted to copy and distribute verbatim copies of this 9 | license document, but changing it is not allowed. 10 | 11 | 12 | Developer's Certificate of Origin 1.1 13 | 14 | By making a contribution to this project, I certify that: 15 | 16 | (a) The contribution was created in whole or in part by me and I 17 | have the right to submit it under the open source license 18 | indicated in the file; or 19 | 20 | (b) The contribution is based upon previous work that, to the best 21 | of my knowledge, is covered under an appropriate open source 22 | license and I have the right under that license to submit that 23 | work with modifications, whether created in whole or in part 24 | by me, under the same open source license (unless I am 25 | permitted to submit under a different license), as indicated 26 | in the file; or 27 | 28 | (c) The contribution was provided directly to me by some other 29 | person who certified (a), (b) or (c) and I have not modified 30 | it. 31 | 32 | (d) I understand and agree that this project and the contribution 33 | are public and that a record of the contribution (including all 34 | personal information I submit with it, including my sign-off) is 35 | maintained indefinitely and may be redistributed consistent with 36 | this project or the open source license(s) involved. 37 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | ARG GO_VERSION=1.23 2 | ARG XX_VERSION=1.4.0 3 | 4 | FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx 5 | 6 | FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS builder 7 | 8 | # Copy the build utilities. 9 | COPY --from=xx / / 10 | 11 | ARG TARGETPLATFORM 12 | 13 | WORKDIR /workspace 14 | 15 | # copy modules manifests 16 | COPY go.mod go.mod 17 | COPY go.sum go.sum 18 | 19 | # cache modules 20 | RUN go mod download 21 | 22 | # copy source code 23 | COPY main.go main.go 24 | COPY controllers/ controllers/ 25 | 26 | # build 27 | ENV CGO_ENABLED=0 28 | RUN xx-go build -a -o source-watcher main.go 29 | 30 | FROM alpine:3.21 31 | 32 | RUN apk add --no-cache ca-certificates tini 33 | 34 | COPY --from=builder /workspace/source-watcher /usr/local/bin/ 35 | 36 | RUN addgroup -S controller && adduser -S controller -G controller 37 | 38 | USER controller 39 | 40 | ENTRYPOINT [ "/sbin/tini", "--", "source-watcher" ] 41 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Image URL to use all building/pushing image targets 2 | IMG ?= fluxcd/source-watcher:latest 3 | # Produce CRDs that work back to Kubernetes 1.16 4 | CRD_OPTIONS ?= crd:crdVersions=v1 5 | 6 | # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) 7 | ifeq (,$(shell go env GOBIN)) 8 | GOBIN=$(shell go env GOPATH)/bin 9 | else 10 | GOBIN=$(shell go env GOBIN) 11 | endif 12 | 13 | # Allows for defining additional Docker buildx arguments, e.g. '--push'. 14 | BUILD_ARGS ?= 15 | # Architectures to build images for. 16 | BUILD_PLATFORMS ?= linux/amd64 17 | 18 | # Architecture to use envtest with 19 | ENVTEST_ARCH ?= amd64 20 | 21 | all: manager 22 | 23 | # Run tests 24 | KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)" 25 | test: generate tidy fmt vet manifests install-envtest 26 | KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) go test ./... -coverprofile cover.out 27 | 28 | # Build manager binary 29 | manager: generate fmt vet 30 | go build -o bin/manager main.go 31 | 32 | # Run against the configured Kubernetes cluster in ~/.kube/config 33 | run: generate fmt vet manifests 34 | go run ./main.go 35 | 36 | # Install CRDs into a cluster 37 | install: manifests 38 | kustomize build config/crd | kubectl apply -f - 39 | 40 | # Uninstall CRDs from a cluster 41 | uninstall: manifests 42 | kustomize build config/crd | kubectl delete -f - 43 | 44 | # Deploy controller in the configured Kubernetes cluster in ~/.kube/config 45 | deploy: manifests 46 | cd config/manager && kustomize edit set image source-watcher=${IMG} 47 | kustomize build config/default | kubectl apply -f - 48 | 49 | # Generate manifests e.g. CRD, RBAC etc. 50 | manifests: controller-gen 51 | $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=source-reader paths="./..." output:crd:artifacts:config=config/crd/bases 52 | 53 | # Run go tidy to cleanup go.mod 54 | tidy: 55 | rm -f go.sum; go mod tidy -compat=1.23 56 | 57 | # Run go fmt against code 58 | fmt: 59 | go fmt ./... 60 | 61 | # Run go vet against code 62 | vet: 63 | go vet ./... 64 | 65 | # Generate code 66 | generate: controller-gen 67 | $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." 68 | 69 | # Build the docker image 70 | docker-build: 71 | docker buildx build \ 72 | --platform=$(BUILD_PLATFORMS) \ 73 | -t ${IMG} \ 74 | --load \ 75 | ${BUILD_ARGS} . 76 | 77 | # Push the docker image 78 | docker-push: 79 | docker push ${IMG} 80 | 81 | manifests-release: 82 | mkdir -p ./build 83 | mkdir -p config/release-tmp && cp config/release/* config/release-tmp 84 | cd config/release-tmp && kustomize edit set image fluxcd/source-watcher=${IMG} 85 | kustomize build config/release-tmp > ./build/source-watcher.deployment.yaml 86 | rm -rf config/release-tmp 87 | 88 | # Find or download controller-gen 89 | CONTROLLER_GEN = $(shell pwd)/bin/controller-gen 90 | CONTROLLER_GEN_VERSION ?= v0.15.0 91 | .PHONY: controller-gen 92 | controller-gen: ## Download controller-gen locally if necessary. 93 | $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION)) 94 | 95 | ENVTEST_ASSETS_DIR=$(shell pwd)/testbin 96 | ENVTEST_KUBERNETES_VERSION?=latest 97 | install-envtest: setup-envtest 98 | mkdir -p ${ENVTEST_ASSETS_DIR} 99 | $(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR) 100 | 101 | ENVTEST = $(shell pwd)/bin/setup-envtest 102 | .PHONY: envtest 103 | setup-envtest: ## Download envtest-setup locally if necessary. 104 | $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest) 105 | 106 | # go-install-tool will 'go install' any package $2 and install it to $1. 107 | PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) 108 | define go-install-tool 109 | @[ -f $(1) ] || { \ 110 | set -e ;\ 111 | TMP_DIR=$$(mktemp -d) ;\ 112 | cd $$TMP_DIR ;\ 113 | go mod init tmp ;\ 114 | echo "Downloading $(2)" ;\ 115 | GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\ 116 | rm -rf $$TMP_DIR ;\ 117 | } 118 | endef 119 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: fluxcd.io 2 | repo: github.com/fluxcd/source-watcher 3 | version: "2" 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # source-watcher 2 | 3 | [![test](https://github.com/fluxcd/source-watcher/workflows/test/badge.svg)](https://github.com/fluxcd/source-watcher/actions) 4 | 5 | Example consumer of the GitOps Toolkit Source APIs. 6 | 7 | ![Source Controller Overview](https://raw.githubusercontent.com/fluxcd/website/main/static/img/source-controller.png) 8 | 9 | ## Guides 10 | 11 | * [Watching for source changes](https://fluxcd.io/flux/gitops-toolkit/source-watcher/) 12 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: source-system 4 | resources: 5 | - ../rbac 6 | - ../manager 7 | - github.com/fluxcd/source-controller/config/crd?ref=main 8 | - github.com/fluxcd/source-controller/config/manager?ref=main 9 | - namespace.yaml 10 | -------------------------------------------------------------------------------- /config/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller 6 | name: source-system 7 | -------------------------------------------------------------------------------- /config/manager/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: source-watcher 5 | labels: 6 | control-plane: controller 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: source-watcher 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | app: source-watcher 16 | annotations: 17 | prometheus.io/scrape: "true" 18 | prometheus.io/port: "8080" 19 | spec: 20 | terminationGracePeriodSeconds: 10 21 | containers: 22 | - name: manager 23 | image: fluxcd/source-watcher 24 | imagePullPolicy: IfNotPresent 25 | securityContext: 26 | allowPrivilegeEscalation: false 27 | readOnlyRootFilesystem: true 28 | ports: 29 | - containerPort: 8080 30 | name: http-prom 31 | env: 32 | - name: RUNTIME_NAMESPACE 33 | valueFrom: 34 | fieldRef: 35 | fieldPath: metadata.namespace 36 | args: 37 | - --log-level=info 38 | - --log-json 39 | - --enable-leader-election 40 | livenessProbe: 41 | httpGet: 42 | port: http 43 | path: / 44 | readinessProbe: 45 | httpGet: 46 | port: http 47 | path: / 48 | resources: 49 | limits: 50 | cpu: 1000m 51 | memory: 1Gi 52 | requests: 53 | cpu: 50m 54 | memory: 64Mi 55 | volumeMounts: 56 | - name: tmp 57 | mountPath: /tmp 58 | volumes: 59 | - name: tmp 60 | emptyDir: {} 61 | 62 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - deployment.yaml 5 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - role.yaml 5 | - role_binding.yaml 6 | - leader_election_role.yaml 7 | - leader_election_role_binding.yaml 8 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: source-reader 6 | rules: 7 | - apiGroups: 8 | - source.toolkit.fluxcd.io 9 | resources: 10 | - gitrepositories 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - source.toolkit.fluxcd.io 17 | resources: 18 | - gitrepositories/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: source-reader 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: source-reader 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: source-system 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRoleBinding 16 | metadata: 17 | name: source-writter 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: ClusterRole 21 | name: cluster-admin 22 | subjects: 23 | - kind: ServiceAccount 24 | name: default 25 | namespace: source-system 26 | -------------------------------------------------------------------------------- /config/release/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - ../manager 6 | patchesStrategicMerge: 7 | - |- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: source-watcher 12 | spec: 13 | template: 14 | spec: 15 | serviceAccountName: source-controller 16 | -------------------------------------------------------------------------------- /controllers/gitrepository_predicate.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020, 2021 The Flux authors 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controllers 18 | 19 | import ( 20 | "sigs.k8s.io/controller-runtime/pkg/event" 21 | "sigs.k8s.io/controller-runtime/pkg/predicate" 22 | 23 | sourcev1 "github.com/fluxcd/source-controller/api/v1" 24 | ) 25 | 26 | // GitRepositoryRevisionChangePredicate triggers an update event 27 | // when a GitRepository revision changes. 28 | type GitRepositoryRevisionChangePredicate struct { 29 | predicate.Funcs 30 | } 31 | 32 | func (GitRepositoryRevisionChangePredicate) Create(e event.CreateEvent) bool { 33 | src, ok := e.Object.(sourcev1.Source) 34 | 35 | if !ok || src.GetArtifact() == nil { 36 | return false 37 | } 38 | 39 | return true 40 | } 41 | 42 | func (GitRepositoryRevisionChangePredicate) Update(e event.UpdateEvent) bool { 43 | if e.ObjectOld == nil || e.ObjectNew == nil { 44 | return false 45 | } 46 | 47 | oldSource, ok := e.ObjectOld.(sourcev1.Source) 48 | if !ok { 49 | return false 50 | } 51 | 52 | newSource, ok := e.ObjectNew.(sourcev1.Source) 53 | if !ok { 54 | return false 55 | } 56 | 57 | if oldSource.GetArtifact() == nil && newSource.GetArtifact() != nil { 58 | return true 59 | } 60 | 61 | if oldSource.GetArtifact() != nil && newSource.GetArtifact() != nil && 62 | oldSource.GetArtifact().Revision != newSource.GetArtifact().Revision { 63 | return true 64 | } 65 | 66 | return false 67 | } 68 | -------------------------------------------------------------------------------- /controllers/gitrepository_watcher.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Flux authors 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controllers 18 | 19 | import ( 20 | "context" 21 | "fmt" 22 | "os" 23 | 24 | ctrl "sigs.k8s.io/controller-runtime" 25 | "sigs.k8s.io/controller-runtime/pkg/builder" 26 | "sigs.k8s.io/controller-runtime/pkg/client" 27 | 28 | "github.com/fluxcd/pkg/http/fetch" 29 | "github.com/fluxcd/pkg/tar" 30 | sourcev1 "github.com/fluxcd/source-controller/api/v1" 31 | ) 32 | 33 | // GitRepositoryWatcher watches GitRepository objects for revision changes 34 | type GitRepositoryWatcher struct { 35 | client.Client 36 | artifactFetcher *fetch.ArchiveFetcher 37 | HttpRetry int 38 | } 39 | 40 | func (r *GitRepositoryWatcher) SetupWithManager(mgr ctrl.Manager) error { 41 | r.artifactFetcher = fetch.New( 42 | fetch.WithRetries(r.HttpRetry), 43 | fetch.WithMaxDownloadSize(tar.UnlimitedUntarSize), 44 | fetch.WithUntar(tar.WithMaxUntarSize(tar.UnlimitedUntarSize)), 45 | fetch.WithHostnameOverwrite(os.Getenv("SOURCE_CONTROLLER_LOCALHOST")), 46 | fetch.WithLogger(nil), 47 | ) 48 | 49 | return ctrl.NewControllerManagedBy(mgr). 50 | For(&sourcev1.GitRepository{}, builder.WithPredicates(GitRepositoryRevisionChangePredicate{})). 51 | Complete(r) 52 | } 53 | 54 | // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories,verbs=get;list;watch 55 | // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories/status,verbs=get 56 | 57 | func (r *GitRepositoryWatcher) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { 58 | log := ctrl.LoggerFrom(ctx) 59 | 60 | // get source object 61 | var repository sourcev1.GitRepository 62 | if err := r.Get(ctx, req.NamespacedName, &repository); err != nil { 63 | return ctrl.Result{}, client.IgnoreNotFound(err) 64 | } 65 | 66 | artifact := repository.Status.Artifact 67 | log.Info("New revision detected", "revision", artifact.Revision) 68 | 69 | // create tmp dir 70 | tmpDir, err := os.MkdirTemp("", repository.Name) 71 | if err != nil { 72 | return ctrl.Result{}, fmt.Errorf("failed to create temp dir, error: %w", err) 73 | } 74 | 75 | defer func(path string) { 76 | err := os.RemoveAll(path) 77 | if err != nil { 78 | log.Error(err, "unable to remove temp dir") 79 | } 80 | }(tmpDir) 81 | 82 | // download and extract artifact 83 | if err := r.artifactFetcher.Fetch(artifact.URL, artifact.Digest, tmpDir); err != nil { 84 | log.Error(err, "unable to fetch artifact") 85 | return ctrl.Result{}, err 86 | } 87 | 88 | // list artifact content 89 | files, err := os.ReadDir(tmpDir) 90 | if err != nil { 91 | return ctrl.Result{}, fmt.Errorf("failed to list files, error: %w", err) 92 | } 93 | 94 | // do something with the artifact content 95 | for _, f := range files { 96 | log.Info("Processing " + f.Name()) 97 | } 98 | 99 | return ctrl.Result{}, nil 100 | } 101 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/fluxcd/source-watcher 2 | 3 | go 1.23.0 4 | 5 | // Replace digest lib to master to gather access to BLAKE3. 6 | // xref: https://github.com/opencontainers/go-digest/pull/66 7 | replace github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.1-0.20220411205349-bde1400a84be 8 | 9 | require ( 10 | github.com/fluxcd/pkg/http/fetch v0.15.0 11 | github.com/fluxcd/pkg/runtime v0.53.1 12 | github.com/fluxcd/pkg/tar v0.11.0 13 | github.com/fluxcd/source-controller/api v1.5.0 14 | github.com/spf13/pflag v1.0.6 15 | k8s.io/apimachinery v0.32.2 16 | k8s.io/client-go v0.32.2 17 | sigs.k8s.io/controller-runtime v0.20.2 18 | ) 19 | 20 | require ( 21 | github.com/beorn7/perks v1.0.1 // indirect 22 | github.com/cespare/xxhash/v2 v2.3.0 // indirect 23 | github.com/cyphar/filepath-securejoin v0.4.1 // indirect 24 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 25 | github.com/emicklei/go-restful/v3 v3.12.1 // indirect 26 | github.com/evanphx/json-patch/v5 v5.9.11 // indirect 27 | github.com/fluxcd/pkg/apis/acl v0.6.0 // indirect 28 | github.com/fluxcd/pkg/apis/meta v1.10.0 // indirect 29 | github.com/fsnotify/fsnotify v1.8.0 // indirect 30 | github.com/fxamacker/cbor/v2 v2.7.0 // indirect 31 | github.com/go-logr/logr v1.4.2 // indirect 32 | github.com/go-logr/zapr v1.3.0 // indirect 33 | github.com/go-openapi/jsonpointer v0.21.0 // indirect 34 | github.com/go-openapi/jsonreference v0.21.0 // indirect 35 | github.com/go-openapi/swag v0.23.0 // indirect 36 | github.com/gogo/protobuf v1.3.2 // indirect 37 | github.com/golang/protobuf v1.5.4 // indirect 38 | github.com/google/btree v1.1.3 // indirect 39 | github.com/google/gnostic-models v0.6.9 // indirect 40 | github.com/google/go-cmp v0.6.0 // indirect 41 | github.com/google/gofuzz v1.2.0 // indirect 42 | github.com/google/uuid v1.6.0 // indirect 43 | github.com/hashicorp/go-cleanhttp v0.5.2 // indirect 44 | github.com/hashicorp/go-retryablehttp v0.7.7 // indirect 45 | github.com/josharian/intern v1.0.0 // indirect 46 | github.com/json-iterator/go v1.1.12 // indirect 47 | github.com/klauspost/compress v1.17.11 // indirect 48 | github.com/klauspost/cpuid/v2 v2.2.9 // indirect 49 | github.com/mailru/easyjson v0.9.0 // indirect 50 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 51 | github.com/modern-go/reflect2 v1.0.2 // indirect 52 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 53 | github.com/opencontainers/go-digest v1.0.0 // indirect 54 | github.com/opencontainers/go-digest/blake3 v0.0.0-20240426182413-22b78e47854a // indirect 55 | github.com/pkg/errors v0.9.1 // indirect 56 | github.com/prometheus/client_golang v1.20.5 // indirect 57 | github.com/prometheus/client_model v0.6.1 // indirect 58 | github.com/prometheus/common v0.62.0 // indirect 59 | github.com/prometheus/procfs v0.15.1 // indirect 60 | github.com/x448/float16 v0.8.4 // indirect 61 | github.com/zeebo/blake3 v0.2.4 // indirect 62 | go.uber.org/multierr v1.11.0 // indirect 63 | go.uber.org/zap v1.27.0 // indirect 64 | golang.org/x/net v0.35.0 // indirect 65 | golang.org/x/oauth2 v0.26.0 // indirect 66 | golang.org/x/sync v0.11.0 // indirect 67 | golang.org/x/sys v0.30.0 // indirect 68 | golang.org/x/term v0.29.0 // indirect 69 | golang.org/x/text v0.22.0 // indirect 70 | golang.org/x/time v0.10.0 // indirect 71 | gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect 72 | google.golang.org/protobuf v1.36.4 // indirect 73 | gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect 74 | gopkg.in/inf.v0 v0.9.1 // indirect 75 | gopkg.in/yaml.v3 v3.0.1 // indirect 76 | k8s.io/api v0.32.2 // indirect 77 | k8s.io/apiextensions-apiserver v0.32.2 // indirect 78 | k8s.io/klog/v2 v2.130.1 // indirect 79 | k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect 80 | k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect 81 | sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect 82 | sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect 83 | sigs.k8s.io/yaml v1.4.0 // indirect 84 | ) 85 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= 2 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 3 | github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= 4 | github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 5 | github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= 6 | github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= 7 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 8 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 9 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= 10 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 11 | github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= 12 | github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= 13 | github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k= 14 | github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= 15 | github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= 16 | github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= 17 | github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= 18 | github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= 19 | github.com/fluxcd/pkg/apis/acl v0.6.0 h1:rllf5uQLzTow81ZCslkQ6LPpDNqVQr6/fWaNksdUEtc= 20 | github.com/fluxcd/pkg/apis/acl v0.6.0/go.mod h1:IVDZx3MAoDWjlLrJHMF9Z27huFuXAEQlnbWw0M6EcTs= 21 | github.com/fluxcd/pkg/apis/meta v1.10.0 h1:rqbAuyl5ug7A5jjRf/rNwBXmNl6tJ9wG2iIsriwnQUk= 22 | github.com/fluxcd/pkg/apis/meta v1.10.0/go.mod h1:n7NstXHDaleAUMajcXTVkhz0MYkvEXy1C/eLI/t1xoI= 23 | github.com/fluxcd/pkg/http/fetch v0.15.0 h1:AJ1JuE2asuK4QMfbHjxctFURke5FvZtyljjI1Qv4ArQ= 24 | github.com/fluxcd/pkg/http/fetch v0.15.0/go.mod h1:feTESfETKU14jq+e/Ce8QnMBTCh9O79bLMSMe5t55fQ= 25 | github.com/fluxcd/pkg/runtime v0.53.1 h1:S+QRSoiU+LH1sTvJLNvT1x3E5hBq/sjOsRHazA7OqTo= 26 | github.com/fluxcd/pkg/runtime v0.53.1/go.mod h1:8vkIhS1AhkmjC98LRm5xM+CRG5KySFTXpJWk+ZdtT4I= 27 | github.com/fluxcd/pkg/tar v0.11.0 h1:pjf/rzr6HNAPiuxT59mtba9tfBtdNiSQ/UqduG8vZ2I= 28 | github.com/fluxcd/pkg/tar v0.11.0/go.mod h1:+kiP25NqibWMpFWgizyPEMqnMJIux7bCgEy+4pfxyI4= 29 | github.com/fluxcd/pkg/testserver v0.9.0 h1:UD6gyT1KXXbl5BbuE7o+UdxKeuYd7/CePAUdULokJbc= 30 | github.com/fluxcd/pkg/testserver v0.9.0/go.mod h1:dqpWALgSYdcmPS9OXq165s4OjUexVysl++EZJ8uZVkw= 31 | github.com/fluxcd/source-controller/api v1.5.0 h1:caSR+u/r2Vh0jq/0pNR0r1zLxyvgatWuGSV2mxgTB/I= 32 | github.com/fluxcd/source-controller/api v1.5.0/go.mod h1:OZPuHMlLH2E2mnj6Q5DLkWfUOmJ20zA1LIvUVfNsYl8= 33 | github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= 34 | github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= 35 | github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= 36 | github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= 37 | github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= 38 | github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= 39 | github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= 40 | github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= 41 | github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= 42 | github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= 43 | github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= 44 | github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= 45 | github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= 46 | github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= 47 | github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= 48 | github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= 49 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= 50 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= 51 | github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= 52 | github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= 53 | github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= 54 | github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= 55 | github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= 56 | github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= 57 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 58 | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= 59 | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 60 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 61 | github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= 62 | github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 63 | github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= 64 | github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= 65 | github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 66 | github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 67 | github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= 68 | github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= 69 | github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= 70 | github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= 71 | github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= 72 | github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= 73 | github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= 74 | github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= 75 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= 76 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= 77 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 78 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 79 | github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= 80 | github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= 81 | github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= 82 | github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= 83 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= 84 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= 85 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 86 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 87 | github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= 88 | github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= 89 | github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= 90 | github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= 91 | github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= 92 | github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= 93 | github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= 94 | github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= 95 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 96 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 97 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 98 | github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= 99 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 100 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= 101 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 102 | github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= 103 | github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= 104 | github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= 105 | github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= 106 | github.com/opencontainers/go-digest v1.0.1-0.20220411205349-bde1400a84be h1:f2PlhC9pm5sqpBZFvnAoKj+KzXRzbjFMA+TqXfJdgho= 107 | github.com/opencontainers/go-digest v1.0.1-0.20220411205349-bde1400a84be/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= 108 | github.com/opencontainers/go-digest/blake3 v0.0.0-20240426182413-22b78e47854a h1:xwooQrLddjfeKhucuLS4ElD3TtuuRwF8QWC9eHrnbxY= 109 | github.com/opencontainers/go-digest/blake3 v0.0.0-20240426182413-22b78e47854a/go.mod h1:kqQaIc6bZstKgnGpL7GD5dWoLKbA6mH1Y9ULjGImBnM= 110 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 111 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 112 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 113 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= 114 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 115 | github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= 116 | github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= 117 | github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= 118 | github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= 119 | github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= 120 | github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= 121 | github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= 122 | github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= 123 | github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= 124 | github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= 125 | github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= 126 | github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 127 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 128 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 129 | github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= 130 | github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= 131 | github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= 132 | github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= 133 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 134 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 135 | github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY= 136 | github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= 137 | github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI= 138 | github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE= 139 | github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo= 140 | github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= 141 | go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= 142 | go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= 143 | go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= 144 | go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= 145 | go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= 146 | go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= 147 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 148 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 149 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 150 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 151 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 152 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 153 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 154 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 155 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 156 | golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= 157 | golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= 158 | golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE= 159 | golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= 160 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 161 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 162 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 163 | golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= 164 | golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= 165 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 166 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 167 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 168 | golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= 169 | golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 170 | golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= 171 | golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= 172 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 173 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 174 | golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= 175 | golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= 176 | golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= 177 | golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= 178 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 179 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 180 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 181 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 182 | golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= 183 | golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= 184 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 185 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 186 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 187 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 188 | gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= 189 | gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= 190 | google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= 191 | google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= 192 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 193 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= 194 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= 195 | gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= 196 | gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= 197 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 198 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 199 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 200 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 201 | k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= 202 | k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= 203 | k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= 204 | k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= 205 | k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= 206 | k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= 207 | k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= 208 | k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= 209 | k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= 210 | k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= 211 | k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= 212 | k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= 213 | k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= 214 | k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= 215 | sigs.k8s.io/controller-runtime v0.20.2 h1:/439OZVxoEc02psi1h4QO3bHzTgu49bb347Xp4gW1pc= 216 | sigs.k8s.io/controller-runtime v0.20.2/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= 217 | sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= 218 | sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= 219 | sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= 220 | sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= 221 | sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= 222 | sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= 223 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Flux authors 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Flux authors 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "os" 21 | 22 | flag "github.com/spf13/pflag" 23 | "k8s.io/apimachinery/pkg/runtime" 24 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 25 | clientgoscheme "k8s.io/client-go/kubernetes/scheme" 26 | _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" 27 | ctrl "sigs.k8s.io/controller-runtime" 28 | metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" 29 | 30 | "github.com/fluxcd/pkg/runtime/logger" 31 | sourcev1 "github.com/fluxcd/source-controller/api/v1" 32 | "github.com/fluxcd/source-watcher/controllers" 33 | // +kubebuilder:scaffold:imports 34 | ) 35 | 36 | var ( 37 | scheme = runtime.NewScheme() 38 | setupLog = ctrl.Log.WithName("setup") 39 | ) 40 | 41 | func init() { 42 | utilruntime.Must(clientgoscheme.AddToScheme(scheme)) 43 | utilruntime.Must(sourcev1.AddToScheme(scheme)) 44 | 45 | // +kubebuilder:scaffold:scheme 46 | } 47 | 48 | func main() { 49 | var ( 50 | metricsAddr string 51 | enableLeaderElection bool 52 | httpRetry int 53 | logOptions logger.Options 54 | ) 55 | 56 | flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") 57 | flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, 58 | "Enable leader election for controller manager. "+ 59 | "Enabling this will ensure there is only one active controller manager.") 60 | flag.IntVar(&httpRetry, "http-retry", 9, "The maximum number of retries when failing to fetch artifacts over HTTP.") 61 | logOptions.BindFlags(flag.CommandLine) 62 | flag.Parse() 63 | 64 | ctrl.SetLogger(logger.NewLogger(logOptions)) 65 | 66 | mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ 67 | Scheme: scheme, 68 | Metrics: metricsserver.Options{BindAddress: metricsAddr}, 69 | LeaderElection: enableLeaderElection, 70 | LeaderElectionID: "source-watcher.fluxcd.io", 71 | Logger: ctrl.Log, 72 | }) 73 | if err != nil { 74 | setupLog.Error(err, "unable to start manager") 75 | os.Exit(1) 76 | } 77 | 78 | if err = (&controllers.GitRepositoryWatcher{ 79 | Client: mgr.GetClient(), 80 | HttpRetry: httpRetry, 81 | }).SetupWithManager(mgr); err != nil { 82 | setupLog.Error(err, "unable to create controller", "controller", "GitRepositoryWatcher") 83 | os.Exit(1) 84 | } 85 | 86 | // +kubebuilder:scaffold:builder 87 | 88 | setupLog.Info("starting manager") 89 | if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { 90 | setupLog.Error(err, "problem running manager") 91 | os.Exit(1) 92 | } 93 | } 94 | --------------------------------------------------------------------------------