Enhance HTTPRoute controller with exponential backoff retry logic for ConfigMap updates to handle conflicts. Update Makefile to enable Gateway API when running the controller. Modify Docker publish workflow to improve image signing process with retries for transient issues.

Author: rajsinghtech

.github/workflows/docker-publish.yml

@@ -96,22 +96,25 @@ jobs:
         if: github.event_name != 'pull_request'
         env:
           DIGEST: ${{ steps.build.outputs.digest }}
+          TAGS: ${{ steps.meta.outputs.tags }}
         run: |
           # Simple retry for transient Sigstore issues
-          for tag in ${{ steps.meta.outputs.tags }}; do
-            echo "Signing: $tag@${DIGEST}"
-            if ! cosign sign --yes "$tag@${DIGEST}"; then
-              echo "First attempt failed, retrying in 10 seconds..."
-              sleep 10
+          echo "$TAGS" | while IFS= read -r tag; do
+            if [[ -n "$tag" ]]; then
+              echo "Signing: $tag@${DIGEST}"
               if ! cosign sign --yes "$tag@${DIGEST}"; then
-                echo "❌ Failed to sign $tag after retry"
-                echo "::warning::Failed to sign image $tag - continuing with unsigned image"
-                # Continue with other images rather than failing entire workflow
+                echo "First attempt failed, retrying in 10 seconds..."
+                sleep 10
+                if ! cosign sign --yes "$tag@${DIGEST}"; then
+                  echo "❌ Failed to sign $tag after retry"
+                  echo "::warning::Failed to sign image $tag - continuing with unsigned image"
+                  # Continue with other images rather than failing entire workflow
+                else
+                  echo "✅ Successfully signed $tag on retry"
+                fi
               else
-                echo "✅ Successfully signed $tag on retry"
+                echo "✅ Successfully signed $tag"
               fi
-            else
-              echo "✅ Successfully signed $tag"
             fi
           done
 

Makefile

@@ -115,7 +115,7 @@ build: manifests generate fmt vet ## Build manager binary.
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./cmd/main.go
+	ENABLE_GATEWAY_API=true go run ./cmd/main.go
 
 # If you wish to build the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.

internal/controller/httproute_controller.go

@@ -51,12 +51,6 @@ func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
-	// Check if the HTTPRoute has homer annotations
-	if len(httproute.Annotations) == 0 {
-		log.Info("HTTPRoute has no annotations, skipping", "httproute", req.NamespacedName)
-		return ctrl.Result{}, nil
-	}
-
 	// List all Dashboard CRs
 	dashboardList := &homerv1alpha1.DashboardList{}
 	if err := r.List(ctx, dashboardList); err != nil {

pkg/homer/config.go

@@ -289,7 +289,7 @@ func CreateDeployment(name string, namespace string, replicas *int32, owner clie
 							Command: []string{
 								"sh",
 								"-c",
-								"cp /config/config.yml /www/assets/config.yml && chmod -R 755 /www/assets",
+								"cp /config/config.yml /www/assets/config.yml",
 							},
 							SecurityContext: &corev1.SecurityContext{
 								AllowPrivilegeEscalation: &[]bool{false}[0],
@@ -591,8 +591,8 @@ func CreateDeploymentWithAssets(name string, namespace string, replicas *int32,
 		initCommand += " && cat > /www/assets/manifest.json << 'EOF'\n" + pwaManifest + "\nEOF"
 	}
 
-	// Complete init command with permissions
-	initCommand += " && chmod -R 755 /www/assets"
+	// Complete init command (FSGroup handles permissions)
+	// No chmod needed - FSGroup=1000 ensures proper volume permissions
 
 	d := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{