refactor: update repository references to adm-controller

.github/ISSUE_TEMPLATE/3-kubewarden-release.yml

@@ -19,15 +19,15 @@ body:
         follow the checklist below to ensure a smooth release process.
 
         - [ ] Notify consumers if any.
-        - [ ] Check that `:latest` images and `kwctl` builds from [kubewarden/kubewarden-controller](github.com/kubewarden/kubewarden-controller) for `main` are fine.
-        - [ ] Trigger an [`open-release-pr`](https://github.com/kubewarden/kubewarden-controller/actions/workflows/open-release-pr.yml)
+        - [ ] Check that `:latest` images and `kwctl` builds from [kubewarden/adm-controller](https://github.com/kubewarden/adm-controller) for `main` are fine.
+        - [ ] Trigger an [`open-release-pr`](https://github.com/kubewarden/adm-controller/actions/workflows/open-release-pr.yml)
           job run with the desired Adm Controller stack version.
-          This opens an automated release PR in [kubewarden/kubewarden-controller](github.com/kubewarden/kubewarden-controller) repo.
+        This opens an automated release PR in [kubewarden/adm-controller](https://github.com/kubewarden/adm-controller) repo.
         - [ ] Review & merge the automated PR.
-        - [ ] Tag desired version in [kubewarden/kubewarden-controller](github.com/kubewarden/kubewarden-controller) repo.
+        - [ ] Tag desired version in [kubewarden/adm-controller](https://github.com/kubewarden/adm-controller) repo.
         - [ ] Wait for images to be built, so e2e tests can work.
         - [ ] Trigger an [update-adm-controller](https://github.com/kubewarden/helm-charts/actions/workflows/update-adm-controller.yaml)
-          job run. This opens an automated PR that syncs adm controller charts in [kubewarden/helm-charts](github.com/kubewarden/helm-charts) repo.
+        job run. This opens an automated PR that syncs adm controller charts in [kubewarden/helm-charts](https://github.com/kubewarden/helm-charts) repo.
         - [ ] Merge automated PR on kubewarden/helm-chart repo.
         - [ ] chart-releaser releases the charts on Helm chart repo.                                                                       
         - [ ] Write and release the blog post about the release.

.github/workflows/build-containers.yml

@@ -15,7 +15,7 @@ jobs:
   build:
     strategy:
       matrix:
-        component: [policy-server, kubewarden-controller, audit-scanner]
+        component: [policy-server, controller, audit-scanner]
         arch: [amd64, arm64]
         include:
           - arch: amd64
@@ -49,7 +49,7 @@ jobs:
       id-token: write # Signing images with cosign
     strategy:
       matrix:
-        component: [policy-server, kubewarden-controller, audit-scanner]
+        component: [policy-server, controller, audit-scanner]
     steps:
       - name: Retrieve tag name (main)
         if: ${{ startsWith(github.ref, 'refs/heads/main') }}

.github/workflows/release.yml

@@ -63,7 +63,7 @@ jobs:
     name: Build container images
     strategy:
       matrix:
-        component: [policy-server, kubewarden-controller, audit-scanner]
+        component: [policy-server, controller, audit-scanner]
         arch: [amd64, arm64]
         include:
           - arch: amd64
@@ -98,7 +98,7 @@ jobs:
       id-token: write # Signing images with cosign
     strategy:
       matrix:
-        component: [policy-server, kubewarden-controller, audit-scanner]
+        component: [policy-server, controller, audit-scanner]
     steps:
       - name: Merge multi-arch images
         uses: kubewarden/github-actions/merge-multiarch@e57db07ca384bf09ec40c4c49ff25d600c0d23d9 # v5.1.1
@@ -127,7 +127,7 @@ jobs:
       id-token: write
     strategy:
       matrix:
-        component: [kubewarden-controller, audit-scanner, policy-server]
+        component: [controller, audit-scanner, policy-server]
         arch: [amd64, arm64]
     steps:
       - name: Generate and sign attestations
@@ -210,14 +210,14 @@ jobs:
             let path = require('path');
 
             let files = [
-              'kubewarden-controller-attestation-amd64-provenance.intoto.jsonl',
-              'kubewarden-controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore',
-              'kubewarden-controller-attestation-arm64-provenance.intoto.jsonl',
-              'kubewarden-controller-attestation-arm64-provenance.intoto.jsonl.bundle.sigstore',
-              'kubewarden-controller-attestation-amd64-sbom.json',
-              'kubewarden-controller-attestation-amd64-sbom.json.bundle.sigstore',
-              'kubewarden-controller-attestation-arm64-sbom.json',
-              'kubewarden-controller-attestation-arm64-sbom.json.bundle.sigstore',
+              'controller-attestation-amd64-provenance.intoto.jsonl',
+              'controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore',
+              'controller-attestation-arm64-provenance.intoto.jsonl',
+              'controller-attestation-arm64-provenance.intoto.jsonl.bundle.sigstore',
+              'controller-attestation-amd64-sbom.json',
+              'controller-attestation-amd64-sbom.json.bundle.sigstore',
+              'controller-attestation-arm64-sbom.json',
+              'controller-attestation-arm64-sbom.json.bundle.sigstore',
               'audit-scanner-attestation-amd64-provenance.intoto.jsonl',
               'audit-scanner-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore',
               'audit-scanner-attestation-arm64-provenance.intoto.jsonl',

CONTRIBUTING.md

@@ -335,7 +335,7 @@ specifically.
 1. Check that `:latest` builds of kubewarden-controller for main are fine,
    including kwctl
 1. Open an automated release PR with
-   https://github.com/kubewarden/kubewarden-controller/actions/workflows/open-release-pr.yml
+   https://github.com/kubewarden/adm-controller/actions/workflows/open-release-pr.yml
    Set the desired kubewarden version.
 1. Review & merge automated PR
 1. Tag version in kubewarden-controller repo

Makefile

@@ -13,7 +13,7 @@ GO_BUILD_ENV := CGO_ENABLED=0 GOOS=linux GOARCH=amd64
 ENVTEST_DIR ?= $(shell pwd)/.envtest
 
 REGISTRY ?= ghcr.io
-REPO ?= kubewarden
+REPO ?= kubewarden/adm-controller
 TAG ?= dev
 
 # Detect architecture for Rust builds
@@ -102,9 +102,9 @@ controller: $(CONTROLLER_SRCS) vet
 
 .PHONY: controller-image
 controller-image:
-	docker build -f ./Dockerfile.kubewarden-controller \
-		-t "$(REGISTRY)/$(REPO)/kubewarden-controller:$(TAG)" .
-	@echo "Built $(REGISTRY)/$(REPO)/kubewarden-controller:$(TAG)"
+	docker build -f ./Dockerfile.controller \
+		-t "$(REGISTRY)/$(REPO)/controller:$(TAG)" .
+	@echo "Built $(REGISTRY)/$(REPO)/controller:$(TAG)"
 
 AUDIT_SCANNER_SRC_DIRS := cmd/audit-scanner api internal/audit-scanner
 AUDIT_SCANNER_GO_SRCS := $(shell find $(AUDIT_SCANNER_SRC_DIRS) -type f -name '*.go')

README.md

@@ -3,7 +3,7 @@
 [![Artifact HUB](https://img.shields.io/badge/ArtifactHub-Helm_Charts-blue?style=flat&logo=artifacthub&link=https%3A%2F%2Fartifacthub.io%2Fpackages%2Fsearch%3Frepo%3Dkubewarden%26kind%3D0%26verified_publisher%3Dtrue%26official%3Dtrue%26cncf%3Dtrue%26sort%3Drelevance%26page%3D1)](https://artifacthub.io/packages/search?repo=kubewarden&kind=0&verified_publisher=true&official=true&cncf=true&sort=relevance&page=1)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6502/badge)](https://www.bestpractices.dev/projects/6502)
 [![FOSSA license scan](https://app.fossa.com/api/projects/custom%2B25850%2Fgithub.com%2Fkubewarden%2Fkubewarden-controller.svg?type=shield)](https://app.fossa.com/projects/custom%252B25850%252Fgithub.com%252Fkubewarden%252Fkubewarden-controller?ref=badge_shield)
-[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/kubewarden/kubewarden-controller/badge)](https://scorecard.dev/viewer/?uri=github.com/kubewarden/kubewarden-controller)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/kubewarden/adm-controller/badge)](https://scorecard.dev/viewer/?uri=github.com/kubewarden/adm-controller)
 [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/kubewarden/badge)](https://clomonitor.io/projects/cncf/kubewarden)
 
 Kubewarden is a Kubernetes Dynamic Admission Controller that uses policies written
@@ -16,7 +16,7 @@ For more information refer to the [official Kubewarden website](https://kubeward
 This repository is a monorepo containing the source code for all the different
 components of the Kubewarden Admission Controller:
 
-- **kubewarden-controller**: A Kubernetes controller that allows you to dynamically register Kubewarden admission policies and reconcile them with the Kubernetes webhooks of the cluster where it's deployed
+- **adm-controller**: A Kubernetes controller that allows you to dynamically register Kubewarden admission policies and reconcile them with the Kubernetes webhooks of the cluster where it's deployed
 - **policy-server**: The runtime component that evaluates admission policies written in WebAssembly
 - **audit-scanner**: A component that scans existing resources in the cluster against registered policies
 - **kwctl**: A CLI tool for testing and managing Kubewarden policies
@@ -35,7 +35,7 @@ The [`docs/`](./docs) folder contains README files for each component:
 
 ## Installation
 
-The kubewarden-controller can be deployed using a Helm chart. For instructions,
+The adm-controller can be deployed using a Helm chart. For instructions,
 see https://charts.kubewarden.io.
 
 Please refer to our [quickstart](https://docs.kubewarden.io/quick-start) for more details.
@@ -53,7 +53,7 @@ as well as upload in the release page.
 
 You can find them together with the signature and certificate used to sign it
 in the [release
-assets](https://github.com/kubewarden/kubewarden-controller/releases), and
+assets](https://github.com/kubewarden/adm-controller/releases), and
 attached to the image as JSON-encoded documents following the [in-toto SPDX
 predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md)
 format. You can obtain them with
@@ -65,17 +65,17 @@ You can verify the container image with:
 
 ```shell
 cosign verify-blob --certificate-oidc-issuer=https://token.actions.githubusercontent.com  \
-    --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
-    --bundle kubewarden-controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \
-    kubewarden-controller-attestation-amd64-provenance.intoto.jsonl
+    --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
+    --bundle controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \
+    controller-attestation-amd64-provenance.intoto.jsonl
 ```
 
 To verify the attestation manifest and its layer signatures:
 
 ```shell
 cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com  \
-    --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
-    ghcr.io/kubewarden/kubewarden-controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e
+    --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
+    ghcr.io/kubewarden/adm-controller/controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e
 ```
 
 > [!NOTE]
@@ -89,7 +89,7 @@ like `crane`. For example, the following command will show you all the
 attestation manifests of the `latest` tag:
 
 ```shell
-crane manifest  ghcr.io/kubewarden/kubewarden-controller:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")'
+crane manifest  ghcr.io/kubewarden/adm-controller/controller:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")'
 {
   "mediaType": "application/vnd.oci.image.manifest.v1+json",
   "digest": "sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8",
@@ -123,10 +123,10 @@ layers signatures.
 
 ```shell
 cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com  \
-    --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
-    ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8
+    --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
+    ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8
 
-crane manifest  ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8
+crane manifest  ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8
 {
   "schemaVersion": 2,
   "mediaType": "application/vnd.oci.image.manifest.v1+json",
@@ -180,8 +180,8 @@ crane manifest  ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeff
 }
 
 cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com  \
-    --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
-    ghcr.io/kubewarden/kubewarden-controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d
+    --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>" \
+    ghcr.io/kubewarden/adm-controller/controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d
 ```
 
 Note that each attestation manifest (for each architecture) has its own layers.
@@ -190,7 +190,7 @@ Buildx during the multi stage build process. You can also use `crane` to
 download the attestation file:
 
 ```shell
-crane blob ghcr.io/kubewarden/kubewarden-controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca
+crane blob ghcr.io/kubewarden/adm-controller/controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca
 ```
 
 ## Security disclosure
@@ -199,4 +199,4 @@ See [SECURITY.md](https://github.com/kubewarden/community/blob/main/SECURITY.md)
 
 # Changelog
 
-See [GitHub Releases content](https://github.com/kubewarden/kubewarden-controller/releases).
+See [GitHub Releases content](https://github.com/kubewarden/adm-controller/releases).

SECURITY-INSIGHTS.yml

@@ -3,9 +3,9 @@ header:
   last-updated: "2024-08-12"
   last-reviewed: "2023-08-12"
   expiration-date: "2025-10-01T01:00:00.000Z"
-  project-url: https://github.com/kubewarden/kubewarden-controller/
-  changelog: https://github.com/kubewarden/kubewarden-controller/releases/latest
-  license: https://github.com/kubewarden/kubewarden-controller/blob/main/LICENSE
+  project-url: https://github.com/kubewarden/adm-controller/
+  changelog: https://github.com/kubewarden/adm-controller/releases/latest
+  license: https://github.com/kubewarden/adm-controller/blob/main/LICENSE
 project-lifecycle:
   bug-fixes-only: false
   core-maintainers:
@@ -15,12 +15,12 @@ project-lifecycle:
 contribution-policy:
   accepts-pull-requests: true
   accepts-automated-pull-requests: true
-  contributing-policy: https://github.com/kubewarden/kubewarden-controller/blob/main/CONTRIBUTING.md
+  contributing-policy: https://github.com/kubewarden/adm-controller/blob/main/CONTRIBUTING.md
   code-of-conduct: https://github.com/kubewarden/community/blob/main/CODE_OF_CONDUCT.md
 documentation:
   - https://docs.kubewarden.io
 distribution-points:
-  - https://github.com/kubewarden/kubewarden-controller/
+  - https://github.com/kubewarden/adm-controller/
   - https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
   - https://github.com/orgs/kubewarden/packages?repo_name=helm-charts
 security-artifacts:
@@ -50,9 +50,9 @@ vulnerability-reporting:
 dependencies:
   third-party-packages: true
   dependencies-lists:
-    - https://github.com/kubewarden/kubewarden-controller/blob/main/go.sum
+    - https://github.com/kubewarden/adm-controller/blob/main/go.sum
   sbom:
-    - sbom-file: https://github.com/kubewarden/kubewarden-controller/releases/latest/download/kubewarden-controller-sbom-adm64.spdx
+    - sbom-file: https://github.com/kubewarden/adm-controller/releases/latest/download/controller-sbom-adm64.spdx
       sbom-format: SPDX
       sbom-url: https://github.com/anchore/sbom-action
   dependencies-lifecycle:

api/policies/v1/admissionpolicy_webhook.go

@@ -23,7 +23,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/go-logr/logr"
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 // SetupWebhookWithManager registers the AdmissionPolicy webhook with the controller manager.

api/policies/v1/admissionpolicy_webhook_test.go

@@ -22,7 +22,7 @@ import (
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 func TestAdmissionPolicyDefault(t *testing.T) {

api/policies/v1/admissionpolicygroup_webhook.go

@@ -23,7 +23,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/go-logr/logr"
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 // SetupWebhookWithManager registers the AdmissionPolicyGroup webhook with the controller manager.

api/policies/v1/admissionpolicygroup_webhook_test.go

@@ -23,7 +23,7 @@ import (
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 func TestAdmissionPolicyGroupDefault(t *testing.T) {

api/policies/v1/clusteradmissionpolicy_webhook.go

@@ -24,7 +24,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	"github.com/go-logr/logr"
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 // SetupWebhookWithManager registers the ClusterAdmissionPolicy webhook with the controller manager.

api/policies/v1/clusteradmissionpolicy_webhook_test.go

@@ -23,7 +23,7 @@ import (
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 func TestClusterAdmissionPolicyDefault(t *testing.T) {

api/policies/v1/clusteradmissionpolicygroup_webhook.go

@@ -24,7 +24,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	"github.com/go-logr/logr"
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 func (r *ClusterAdmissionPolicyGroup) SetupWebhookWithManager(mgr ctrl.Manager) error {

api/policies/v1/clusteradmissionpolicygroup_webhook_test.go

@@ -22,7 +22,7 @@ import (
 	"github.com/stretchr/testify/require"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 func TestClusterAdmissionPolicyGroupDefault(t *testing.T) {

api/policies/v1/factories.go

@@ -10,12 +10,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 const (
 	integrationTestsFinalizer          = "kubewarden.io/integration-tests-safety-net-finalizer"
-	defaultKubewardenRepository        = "ghcr.io/kubewarden/policy-server"
+	defaultKubewardenRepository        = "ghcr.io/kubewarden/adm-controller/policy-server"
 	maxNameSuffixLength                = 8
 	defaultPolicyGroupRejectionMessage = "policy group default rejection message"
 )

api/policies/v1/policyserver_types.go

@@ -17,7 +17,7 @@ limitations under the License.
 package v1
 
 import (
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"

api/policies/v1/policyserver_webhook.go

@@ -35,7 +35,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/go-logr/logr"
-	"github.com/kubewarden/kubewarden-controller/internal/constants"
+	"github.com/kubewarden/adm-controller/internal/constants"
 )
 
 // capabilityNode is a node in the host-capability path tree.