Merge pull request #56 from controlplaneio-fluxcd/release-v2.3.0

Release v2.3.0

.github/workflows/e2e-fips.yaml

@@ -1,8 +1,17 @@
 name: FIPS conformance tests
 on:
   workflow_dispatch:
+    inputs:
+      version:
+        description: 'Flux version'
+        required: false
   schedule:
     - cron: '00 8 * * 1'
+  push:
+    branches:
+      - 'release-*'
+    tags-ignore:
+      - '*'
 
 permissions:
   contents: read
@@ -34,6 +43,17 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           VERSION=$(gh release view --json tagName -q '.tagName')
+          
+          branch=${{ github.ref_name }}
+          prefix="release-"
+          if [[ "${branch}" =~ ^$prefix.*  ]]; then
+            VERSION=${branch#"$prefix"}
+          fi
+          
+          if [ "${{ github.event.inputs.version }}" != "" ]; then
+            VERSION="${{ github.event.inputs.version }}"
+          fi
+          
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup Flux
         uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d #v2.2.3

.github/workflows/update-images.yaml

@@ -2,6 +2,10 @@ name: Update images
 
 on:
   workflow_dispatch:
+    inputs:
+      version:
+        description: 'Flux version'
+        required: false
   schedule:
     - cron: '00 10 * * 1-5'
 
@@ -33,6 +37,11 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           VERSION=$(gh release view --json tagName -q '.tagName')
+          
+          if [ "${{ github.event.inputs.version }}" != "" ]; then
+            VERSION="${{ github.event.inputs.version }}"
+          fi
+          
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup Flux
         uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d #v2.2.3

releases/release-v2.3.md

@@ -0,0 +1,85 @@
+# Enterprise Distribution for Flux v2.3.x
+
+- [apis](#api-versions)
+  - [ga](#general-availability-ga)
+  - [beta](#beta-preview)
+  - [promotions](#promotions)
+- [v2.3.0](#v230)
+  - [mainline](#mainline-v230)
+  - [FIPS-compliant](#fips-compliant-v230)
+
+## API Versions
+
+### General Availability (GA)
+
+| kind                                                                                   | apiVersion                          |
+|:---------------------------------------------------------------------------------------|:------------------------------------|
+| [GitRepository](https://v2-3.docs.fluxcd.io/flux/components/source/gitrepositories/)   | `source.toolkit.fluxcd.io/v1`       |
+| [HelmChart](https://v2-3.docs.fluxcd.io/flux/components/source/helmcharts/)            | `source.toolkit.fluxcd.io/v1`       |
+| [HelmRelease](https://v2-3.docs.fluxcd.io/flux/components/helm/helmreleases/)          | `helm.toolkit.fluxcd.io/v2`         |
+| [HelmRepository](https://v2-3.docs.fluxcd.io/flux/components/source/helmrepositories/) | `source.toolkit.fluxcd.io/v1`       |
+| [Kustomization](https://v2-3.docs.fluxcd.io/flux/components/kustomize/kustomizations/) | `kustomize.toolkit.fluxcd.io/v1`    |
+| [Receiver](https://v2-3.docs.fluxcd.io/flux/components/notification/receivers/)        | `notification.toolkit.fluxcd.io/v1` |
+
+### Beta (Preview)
+
+| kind                                                                                               | apiVersion                               |
+|:---------------------------------------------------------------------------------------------------|:-----------------------------------------|
+| [Alert](https://v2-3.docs.fluxcd.io/flux/components/notification/alerts/)                          | `notification.toolkit.fluxcd.io/v1beta3` |
+| [Bucket](https://v2-3.docs.fluxcd.io/flux/components/source/buckets/)                              | `source.toolkit.fluxcd.io/v1beta2`       |
+| [ImagePolicy](https://v2-3.docs.fluxcd.io/flux/components/image/imagepolicies/)                    | `image.toolkit.fluxcd.io/v1beta2`        |
+| [ImageRepository](https://v2-3.docs.fluxcd.io/flux/components/image/imagerepositories/)            | `image.toolkit.fluxcd.io/v1beta2`        |
+| [ImageUpdateAutomation](https://v2-3.docs.fluxcd.io/flux/components/image/imageupdateautomations/) | `image.toolkit.fluxcd.io/v1beta2`        |
+| [OCIRepository](https://v2-3.docs.fluxcd.io/flux/components/source/ocirepositories/)               | `source.toolkit.fluxcd.io/v1beta2`       |
+| [Provider](https://v2-3.docs.fluxcd.io/flux/components/notification/providers/)                    | `notification.toolkit.fluxcd.io/v1beta3` |
+
+### Promotions
+
+| Kind                  | New Version | Deprecated Version | Group                      |
+|:----------------------|:------------|:-------------------|:---------------------------|
+| HelmChart             | **v1**      | v1beta2            | `source.toolkit.fluxcd.io` |
+| HelmRelease           | **v2**      | v2beta2            | `helm.toolkit.fluxcd.io`   |
+| HelmRepository        | **v1**      | v1beta2            | `source.toolkit.fluxcd.io` |
+| ImageUpdateAutomation | **v1beta2** | v1beta1            | `image.toolkit.fluxcd.io`  |
+
+## v2.3.0
+
+Upstream changelog: [fluxcd/flux2 v2.3.0](https://github.com/fluxcd/flux2/releases/tag/v2.3.0)
+
+### Mainline v2.3.0
+
+#### Flux Controllers
+
+| Controller                                                         | Version | Architectures |
+|:-------------------------------------------------------------------|---------|---------------|
+| `ghcr.io/controlplaneio-fluxcd/alpine/source-controller`           | v1.3.0  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/alpine/kustomize-controller`        | v1.3.0  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/alpine/helm-controller`             | v1.0.1  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/alpine/notification-controller`     | v1.3.0  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/alpine/image-reflector-controller`  | v0.32.0 | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/alpine/image-automation-controller` | v0.38.0 | amd64 / arm64 |
+
+#### Flux Manifests
+
+| OCI Artifact                                          | Version |
+|:------------------------------------------------------|---------|
+| `ghcr.io/controlplaneio-fluxcd/alpine/flux-manifests` | v2.3.0  |
+
+### FIPS-compliant v2.3.0
+
+#### Flux Controllers
+
+| Controller                                                              | Version | Architectures |
+|:------------------------------------------------------------------------|---------|---------------|
+| `ghcr.io/controlplaneio-fluxcd/distroless/source-controller`            | v1.3.0  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/distroless/kustomize-controller`         | v1.3.0  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/distroless/helm-controller`              | v1.0.1  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/distroless/notification-controller`      | v1.3.0  | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/distroless/image-reflector-controller`   | v0.32.0 | amd64 / arm64 |
+| `ghcr.io/controlplaneio-fluxcd/distroless/image-automation-controller`  | v0.38.0 | amd64 / arm64 |
+
+#### Flux Manifests
+
+| OCI Artifact                                               | Version |
+|:-----------------------------------------------------------|---------|
+| `ghcr.io/controlplaneio-fluxcd/distroless/flux-manifests`  | v2.3.0  |

tests/v2.3/appliers/helm-sync.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: appliers
+spec:
+  type: oci
+  interval: 10m
+  url: oci://ghcr.io/stefanprodan/charts
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: podinfo
+  namespace: appliers
+spec:
+  interval: 10m
+  timeout: 2m
+  chart:
+    spec:
+      chart: podinfo
+      version: ">1.0.0"
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+      interval: 50m
+  releaseName: podinfo-helm
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  test:
+    enable: false
+  driftDetection:
+    mode: enabled
+    ignore:
+      - paths: ["/spec/replicas"]
+        target:
+          kind: Deployment
+  values:
+    replicaCount: 2

tests/v2.3/appliers/kustomize-sync.yaml

@@ -0,0 +1,36 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: OCIRepository
+metadata:
+  name: podinfo
+  namespace: appliers
+spec:
+  interval: 10m
+  url: oci://ghcr.io/stefanprodan/manifests/podinfo
+  ref:
+    semver: ">1.0.0"
+  ignore: |
+    # exclude all
+    /*
+    # include deployment and service
+    !deployment.yaml
+    !service.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: podinfo
+  namespace: appliers
+spec:
+  interval: 10m
+  wait: true
+  timeout: 2m
+  retryInterval: 5m
+  prune: true
+  force: false
+  targetNamespace: appliers
+  sourceRef:
+    kind: OCIRepository
+    name: podinfo
+    namespace: appliers
+  path: "./"

tests/v2.3/appliers/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: appliers

tests/v2.3/clusters/kind/appliers.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: appliers
+  namespace: flux-system
+spec:
+  dependsOn:
+    - name: sources
+  serviceAccountName: kustomize-controller
+  interval: 10m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./tests/v2.3/appliers
+  prune: true
+  wait: true
+  timeout: 5m

tests/v2.3/clusters/kind/sources.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: sources
+  namespace: flux-system
+spec:
+  serviceAccountName: kustomize-controller
+  interval: 10m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./tests/v2.3/sources
+  prune: true
+  wait: true
+  timeout: 5m

tests/v2.3/sources/helm.yaml

@@ -0,0 +1,69 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: podinfo-https
+  namespace: sources
+spec:
+  interval: 10m
+  url: https://stefanprodan.github.io/podinfo
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmChart
+metadata:
+  name: podinfo-https
+  namespace: sources
+spec:
+  interval: 10m
+  chart: podinfo
+  reconcileStrategy: ChartVersion
+  sourceRef:
+    kind: HelmRepository
+    name: podinfo-https
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: podinfo-oci
+  namespace: sources
+spec:
+  type: oci
+  interval: 10m
+  url: oci://ghcr.io/stefanprodan/charts
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmChart
+metadata:
+  name: podinfo-oci
+  namespace: sources
+spec:
+  interval: 10m
+  chart: podinfo
+  reconcileStrategy: ChartVersion
+  sourceRef:
+    kind: HelmRepository
+    name: podinfo-oci
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: podinfo-git
+  namespace: sources
+spec:
+  interval: 10m
+  url: https://github.com/stefanprodan/podinfo
+  ref:
+    semver: ">1.0.0"
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmChart
+metadata:
+  name: podinfo-git
+  namespace: sources
+spec:
+  interval: 10m
+  chart: ./charts/podinfo
+  reconcileStrategy: Revision
+  sourceRef:
+    kind: GitRepository
+    name: podinfo-git

tests/v2.3/sources/namespace.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sources
+

tests/v2.3/sources/oci.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: OCIRepository
+metadata:
+  name: podinfo-cosign
+  namespace: sources
+spec:
+  interval: 10m
+  url: oci://ghcr.io/stefanprodan/manifests/podinfo
+  ref:
+    semver: ">1.0.0"
+  verify:
+    provider: cosign
+    matchOIDCIdentity:
+      - issuer: "^https://token.actions.githubusercontent.com$"
+        subject: "^https://github.com/stefanprodan/podinfo.*$"