Skip to content

Commit ba34dab

Browse files
committed
feat: move SPDX cache to enterprise options
Migrate SPDX document cache configuration from global `Cache.OCI` to enterprise-specific `Enterprise.SPDX.Cache` for better separation of concerns and to enable per-component cache configurations. Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
1 parent cd137ed commit ba34dab

44 files changed

Lines changed: 306 additions & 123 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/renovate.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
3-
"description": "THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.",
3+
"description": "THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.",
44
"prHeader": "Update Request | Renovate Bot",
55
"extends": [
66
":dependencyDashboard",
@@ -32,5 +32,6 @@
3232
]
3333
}
3434
],
35-
"separateMajorMinor": false
35+
"separateMajorMinor": false,
36+
"draftPR": true
3637
}

.github/workflows/ci.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
1+
# THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-05-05T11:14:47Z by kres 1762ab2.
3+
# Generated on 2026-05-20T12:38:08Z by kres fcee7dc.
44

55
concurrency:
66
group: ${{ github.head_ref || github.run_id }}
@@ -349,7 +349,7 @@ jobs:
349349
REGISTRY: registry.dev.siderolabs.io
350350
RUN_TESTS_ENTERPRISE: TestIntegrationDirect
351351
TAG_SUFFIX: -enterprise
352-
TEST_FLAGS: -test.schematic-service-repository=127.0.0.1:5100/image-factory/schematic -test.installer-internal-repository=127.0.0.1:5100/siderolabs -test.cache-repository=127.0.0.1:5100/image-factory/cache -test.signing-cache-repository=127.0.0.1:5100/image-factory/signing-cache -test.vex-data-repository=ghcr.io/siderolabs/image-factory/test-vex-data
352+
TEST_FLAGS: -test.schematic-service-repository=127.0.0.1:5100/image-factory/schematic -test.installer-internal-repository=127.0.0.1:5100/siderolabs -test.cache-repository=127.0.0.1:5100/image-factory/cache -test.signing-cache-repository=127.0.0.1:5100/image-factory/signing-cache -test.spdx-cache-repository=127.0.0.1:5100/image-factory/spdx -test.vex-data-repository=ghcr.io/siderolabs/image-factory/test-vex-data
353353
run: |
354354
make integration-enterprise
355355
- name: coverage

.github/workflows/slack-notify-ci-failure.yaml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
1+
# THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-05-04T15:24:07Z by kres 1762ab2.
3+
# Generated on 2026-05-20T12:52:43Z by kres fae8e06.
44

55
"on":
66
workflow_run:
@@ -11,14 +11,15 @@
1111
branches:
1212
- main
1313
name: slack-notify-failure
14+
permissions: {}
1415
jobs:
1516
slack-notify:
1617
runs-on:
1718
group: generic
1819
if: github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'pull_request'
1920
steps:
2021
- name: Slack Notify
21-
uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # version: v3.0.2
22+
uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # version: v3.0.3
2223
with:
2324
method: chat.postMessage
2425
payload: |
@@ -33,7 +34,7 @@ jobs:
3334
{
3435
"fields": [
3536
{
36-
"text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.get-pr-number.outputs.pull_request_number, github.event.workflow_run.display_title) || format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}",
37+
"text": "${{ format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}",
3738
"type": "mrkdwn"
3839
},
3940
{

.github/workflows/slack-notify.yaml

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
1+
# THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-05-04T15:24:07Z by kres 1762ab2.
3+
# Generated on 2026-05-20T12:52:43Z by kres fae8e06.
44

55
"on":
66
workflow_run:
@@ -9,6 +9,8 @@
99
types:
1010
- completed
1111
name: slack-notify
12+
permissions:
13+
pull-requests: read
1214
jobs:
1315
slack-notify:
1416
runs-on:
@@ -18,12 +20,24 @@ jobs:
1820
- name: Get PR number
1921
id: get-pr-number
2022
if: github.event.workflow_run.event == 'pull_request'
21-
env:
22-
GH_TOKEN: ${{ github.token }}
23-
run: |
24-
echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT
23+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # version: v9.0.0
24+
with:
25+
script: |
26+
const prs = await github.rest.pulls.list({
27+
owner: context.repo.owner,
28+
repo: context.repo.repo,
29+
head: `${context.payload.workflow_run.head_repository.owner.login}:${context.payload.workflow_run.head_branch}`,
30+
state: 'all',
31+
sort: 'updated',
32+
direction: 'desc',
33+
per_page: 1,
34+
})
35+
36+
if (prs.data.length > 0) {
37+
core.setOutput('pull_request_number', prs.data[0].number)
38+
}
2539
- name: Slack Notify
26-
uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # version: v3.0.2
40+
uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # version: v3.0.3
2741
with:
2842
method: chat.postMessage
2943
payload: |

.golangci.yml

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
1+
# THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-04-16T13:14:58Z by kres b6d29bf.
3+
# Generated on 2026-05-20T14:47:27Z by kres 0c6a8db.
44

55
version: "2"
66

@@ -31,8 +31,10 @@ linters:
3131
- funlen
3232
- gochecknoglobals
3333
- gochecknoinits
34+
- goconst # complains about repeated values without understanding code context, it checks comments and logger variables and gives false positives for all of those
3435
- godox
3536
- gomoddirectives
37+
- gomodguard
3638
- gosec
3739
- inamedparam
3840
- ireturn
@@ -71,16 +73,13 @@ linters:
7173
min-complexity: 30
7274
nestif:
7375
min-complexity: 5
74-
goconst:
75-
min-len: 3
76-
min-occurrences: 3
7776
gocritic:
7877
disabled-checks: [ ]
7978
gocyclo:
8079
min-complexity: 20
8180
godot:
8281
scope: declarations
83-
gomodguard: { }
82+
gomodguard_v2: { }
8483
govet:
8584
enable-all: true
8685
lll:

.kres.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -571,7 +571,7 @@ spec:
571571
environment:
572572
REGISTRY: registry.dev.siderolabs.io
573573
RUN_TESTS_ENTERPRISE: TestIntegrationDirect
574-
TEST_FLAGS: "-test.schematic-service-repository=127.0.0.1:5100/image-factory/schematic -test.installer-internal-repository=127.0.0.1:5100/siderolabs -test.cache-repository=127.0.0.1:5100/image-factory/cache -test.signing-cache-repository=127.0.0.1:5100/image-factory/signing-cache -test.vex-data-repository=ghcr.io/siderolabs/image-factory/test-vex-data"
574+
TEST_FLAGS: "-test.schematic-service-repository=127.0.0.1:5100/image-factory/schematic -test.installer-internal-repository=127.0.0.1:5100/siderolabs -test.cache-repository=127.0.0.1:5100/image-factory/cache -test.signing-cache-repository=127.0.0.1:5100/image-factory/signing-cache -test.spdx-cache-repository=127.0.0.1:5100/image-factory/spdx -test.vex-data-repository=ghcr.io/siderolabs/image-factory/test-vex-data"
575575
TAG_SUFFIX: "-enterprise"
576576
---
577577
kind: custom.Step

Dockerfile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
# syntax = docker/dockerfile-upstream:1.23.0-labs
1+
# syntax = docker/dockerfile-upstream:1.24.0-labs
22

3-
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
3+
# THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.
44
#
5-
# Generated on 2026-05-04T15:24:07Z by kres 1762ab2.
5+
# Generated on 2026-05-20T12:38:08Z by kres fcee7dc.
66

77
ARG TOOLCHAIN=scratch
88
ARG PKGS_PREFIX=scratch
@@ -15,7 +15,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build,id=image-factory/root/.cache
1515
&& mv /go/bin/helm-docs /bin/helm-docs
1616

1717
# runs markdownlint
18-
FROM docker.io/oven/bun:1.3.13-alpine AS lint-markdown
18+
FROM docker.io/oven/bun:1.3.14-alpine AS lint-markdown
1919
WORKDIR /src
2020
RUN bun i markdownlint-cli@0.48.0 sentences-per-line@0.5.2
2121
COPY .markdownlint.json .

Makefile

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
1+
# THIS FILE WAS AUTOMATICALLY GENERATED BY KRES, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-05-07T13:45:16Z by kres 1762ab2.
3+
# Generated on 2026-05-20T12:38:08Z by kres fcee7dc.
44

55
# common variables
66

@@ -20,16 +20,16 @@ REGISTRY ?= ghcr.io
2020
USERNAME ?= siderolabs
2121
REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME)
2222
PROTOBUF_GO_VERSION ?= 1.36.11
23-
GRPC_GO_VERSION ?= 1.6.1
23+
GRPC_GO_VERSION ?= 1.6.2
2424
GRPC_GATEWAY_VERSION ?= 2.29.0
2525
VTPROTOBUF_VERSION ?= 0.6.0
26-
GOIMPORTS_VERSION ?= 0.44.0
26+
GOIMPORTS_VERSION ?= 0.45.0
2727
GOMOCK_VERSION ?= 0.6.0
2828
DEEPCOPY_VERSION ?= v0.5.8
29-
GOLANGCILINT_VERSION ?= v2.11.4
30-
GOFUMPT_VERSION ?= v0.9.2
31-
GO_VERSION ?= 1.26.2
32-
DIS_VULNCHECK_VERSION ?= v0.0.0-20260409114749-05440f84fe69
29+
GOLANGCILINT_VERSION ?= v2.12.2
30+
GOFUMPT_VERSION ?= v0.10.0
31+
GO_VERSION ?= 1.26.3
32+
DIS_VULNCHECK_VERSION ?= v0.0.0-20260430093434-b73e0972e2fb
3333
GO_BUILDFLAGS ?=
3434
GO_BUILDTAGS ?= ,
3535
GO_LDFLAGS ?=
@@ -349,8 +349,8 @@ chart-lint: ## Lint helm chart
349349

350350
.PHONY: helm-plugin-install
351351
helm-plugin-install: ## Install helm plugins
352-
-helm plugin install https://github.com/helm-unittest/helm-unittest.git --verify=false --version=v1.0.3
353-
-helm plugin install https://github.com/losisin/helm-values-schema-json.git --verify=false --version=v2.3.1
352+
-helm plugin install https://github.com/helm-unittest/helm-unittest.git --verify=false --version=v1.1.0
353+
-helm plugin install https://github.com/losisin/helm-values-schema-json.git --verify=false --version=v2.4.0
354354

355355
.PHONY: kuttl-plugin-install
356356
kuttl-plugin-install: ## Install kubectl kuttl plugin

cmd/image-factory/cmd/options.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -465,10 +465,18 @@ type EnterpriseOptions struct {
465465
// Scanner contains configuration for the vulnerability scanner.
466466
Scanner ScannerOptions `koanf:"scanner"`
467467

468+
// SPDX contains configuration for SPDX document generation.
469+
SPDX SPDXOptions `koanf:"spdx"`
470+
468471
// VEX contains configuration for VEX data fetching.
469472
VEX VEXOptions `koanf:"vex"`
470473
}
471474

475+
// SPDXOptions configures SPDX document generation and caching.
476+
type SPDXOptions struct {
477+
Cache OCIRepositoryOptions `koanf:"cache"`
478+
}
479+
472480
// VEXOptions configures VEX data caching.
473481
type VEXOptions struct {
474482
// Data specifies the OCI repository where VEX documents are stored.
@@ -579,6 +587,13 @@ var DefaultOptions = Options{
579587
Capacity: 65536,
580588
},
581589
},
590+
SPDX: SPDXOptions{
591+
Cache: OCIRepositoryOptions{
592+
Registry: "ghcr.io",
593+
Namespace: "siderolabs/image-factory",
594+
Repository: "spdx-cache",
595+
},
596+
},
582597
Scanner: ScannerOptions{
583598
DatabaseURL: "https://grype.anchore.io/databases",
584599
Cache: LRUCacheOptions{

cmd/image-factory/cmd/service.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,8 @@ func RunFactory(ctx context.Context, logger *zap.Logger, opts Options) error {
5757
return fmt.Errorf("invalid configuration: %w", err)
5858
}
5959

60-
logger.Info("starting",
60+
logger.Info(
61+
"starting",
6162
zap.String("name", version.Name),
6263
zap.String("version", version.Tag),
6364
zap.String("sha", version.SHA),
@@ -204,8 +205,8 @@ func buildEnterprisePlugins(
204205
ArtifactsManager: artifactsManager,
205206
AssetBuilder: assetBuilder,
206207
AuthProvider: authProvider,
207-
CacheInsecure: opts.Cache.OCI.Insecure,
208-
CacheRepository: opts.Cache.OCI.String(),
208+
CacheInsecure: opts.Enterprise.SPDX.Cache.Insecure,
209+
CacheRepository: opts.Enterprise.SPDX.Cache.String(),
209210
CacheImageSigner: cacheImageSigner,
210211
RemoteOptions: remoteOptions(),
211212
RegistryRefreshInterval: opts.Artifacts.RefreshInterval,

0 commit comments

Comments
 (0)