gardener · elankath · Jan 6, 2022 · Jan 6, 2022 · Jan 11, 2022 · Jan 12, 2022
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -e
+
+# For the build step concourse will set the following environment variables:
+# SOURCE_PATH - path to component repository root directory.
+# BINARY_PATH - path to an existing (empty) directory to place build results into.
+
+if [[ $(uname) == 'Darwin' ]]; then
+  READLINK_BIN="greadlink"
+else
+  READLINK_BIN="readlink"
+fi
+
+if [[ -z "${SOURCE_PATH}" ]]; then
+  export SOURCE_PATH="$(${READLINK_BIN} -f $(dirname ${0})/..)"
+else
+  export SOURCE_PATH="$(${READLINK_BIN} -f "${SOURCE_PATH}")"
+fi
+
+if [[ -z "${BINARY_PATH}" ]]; then
+  export BINARY_PATH="${SOURCE_PATH}/bin"
+else
+  export BINARY_PATH="$(${READLINK_BIN} -f "${BINARY_PATH}")/bin"
+fi
+
+VCS="github.com"
+ORGANIZATION="gardener"
+PROJECT="machine-controller-manager"
+REPOSITORY=${VCS}/${ORGANIZATION}/${PROJECT}
+GIT_SHA="${GIT_SHA:-$(git rev-parse --short HEAD || echo "GitNotFound")}"
+
+cd "${SOURCE_PATH}" 
+
+###############################################################################
+
+VERSION_FILE="$(${READLINK_BIN}  -f "${SOURCE_PATH}/VERSION")"
+VERSION="${VERSION:-"$(cat "${VERSION_FILE}")"}"
+GIT_SHA="${GIT_SHA:-$(git rev-parse --short HEAD || echo "GitNotFound")}"
+
+CGO_ENABLED=0 GO111MODULE=on go build \
+  -v \
+  -o "${BINARY_PATH}/machine-controller-manager" \
+	-ldflags "-w -X ${REPOSITORY}/pkg/version.Version=${VERSION} -X ${REPOSITORY}/pkg/version.GitSHA=${GIT_SHA}" \
+  cmd/machine-controller-manager/controller_manager.go
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -e
+
+export GO111MODULE=on
+
+# For the check step concourse will set the following environment variables:
+# SOURCE_PATH - path to component repository root directory.
+
+if [[ $(uname) == 'Darwin' ]]; then
+  READLINK_BIN="greadlink"
+else
+  READLINK_BIN="readlink"
+fi
+
+if [[ -z "${SOURCE_PATH}" ]]; then
+  export SOURCE_PATH="$(${READLINK_BIN} -f $(dirname ${0})/..)"
+else
+  export SOURCE_PATH="$(${READLINK_BIN} -f "${SOURCE_PATH}")"
+fi
+
+cd "${SOURCE_PATH}"
+
+# Install golangci-lint (linting tool).
+if [[ -z "${GOLANGCI_LINT_VERSION}" ]]; then
+  export GOLANGCI_LINT_VERSION=v1.64.8
+fi
+go install github.com/golangci/golangci-lint/cmd/golangci-lint@"${GOLANGCI_LINT_VERSION}"
+
+###############################################################################
+
+PACKAGES="$(go list -e ./... | grep -vE '/pkg/client|/pkg/apis|/pkg/openapi')"
+PACKAGES_DIRS="$(echo ${PACKAGES} | sed "s|github.com/gardener/machine-controller-manager|.|g")"
+
+# Execute static code checks.
+echo "Running go vet..."
+go vet ${PACKAGES}
+
+# Execute automatic code formatting directive.
+echo "Running gofmt..."
+gofmt -s -l -w ${PACKAGES_DIRS}
+
+## Execute lint checks.
+echo "Running golangci-lint..."
+# golangci-lint can't be run from outside the directory
+(cd ${SOURCE_PATH} && golangci-lint run -c .golangci.yaml --timeout 10m)
+
+# Run Static Application Security Testing (SAST) using gosec
+make sast-report
@@ -0,0 +1,84 @@
+machine-controller-manager:
+  base_definition:
+    repo:
+      source_labels:
+        - name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
+          value:
+            policy: skip
+            comment: |
+              we use gosec for sast scanning. See attached log.
+    traits:
+      version:
+        preprocess:
+          'inject-commit-hash'
+        inject_effective_version: true
+      component_descriptor:
+        ocm_repository: europe-docker.pkg.dev/gardener-project/snapshots
+      publish:
+        oci-builder: docker-buildx
+        platforms:
+        - linux/amd64
+        - linux/arm64
+        dockerimages:
+          machine-controller-manager:
+            inputs:
+              repos:
+                source: ~ # default
+              steps:
+                build: ~
+            image: europe-docker.pkg.dev/gardener-project/snapshots/gardener/machine-controller-manager
+            resource_labels:
+            - name: 'gardener.cloud/cve-categorisation'
+              value:
+                network_exposure: 'protected'
+                authentication_enforced: false
+                user_interaction: 'gardener-operator'
+                confidentiality_requirement: 'high'
+                integrity_requirement: 'high'
+                availability_requirement: 'low'
+    steps:
+      check:
+        image: 'golang:1.23.3'
+      test:
+        image: europe-docker.pkg.dev/gardener-project/releases/testmachinery/base-step:stable
+      build:
+        image: 'golang:1.23.3'
+        output_dir: 'binary'
+  jobs:
+    head-update:
+      traits:
+        component_descriptor:
+          ocm_repository_mappings:
+            - repository: europe-docker.pkg.dev/gardener-project/releases
+        draft_release: ~
+    pull-request:
+      traits:
+        pull-request: ~
+    release:
+      traits:
+        version:
+          preprocess: 'finalize'
+        component_descriptor:
+          ocm_repository: europe-docker.pkg.dev/gardener-project/releases
+        release:
+          nextversion: 'bump_minor'
+          assets:
+            - type: build-step-log
+              step_name: check
+              purposes:
+                - lint
+                - sast
+                - gosec
+              comment: |
+                we use gosec (linter) for SAST scans
+                see: https://github.com/securego/gosec
+        publish:
+          dockerimages:
+            machine-controller-manager:
+              image: europe-docker.pkg.dev/gardener-project/releases/gardener/machine-controller-manager
+        slack:
+          default_channel: 'internal_scp_workspace'
+          channel_cfgs:
+            internal_scp_workspace:
+              channel_name: 'C0170QTBJUW' # gardener-mcm
+              slack_cfg_name: 'scp_workspace'
@@ -0,0 +1,13 @@
+# Sample machine object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: Machine
+metadata:
+  name: test-machine # Name of the machine to be created
+  namespace: aws
+  labels:
+    test-label: test-label # Label used by machine-set to match (optional)
+spec:
+  class:
+    kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+    name: mc-v1 # Name of the machine class
@@ -0,0 +1,27 @@
+# Sample machine-deploy object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: MachineDeployment
+metadata:
+  name: test-md # Name of the machine deploy
+  namespace: aws
+spec:
+  replicas: 2 # Number of healthy replicas that should always be healthy
+  minReadySeconds: 500 # Minimum time to wait for machine to be ready
+  progressDeadlineSeconds: 1200
+  strategy:
+    type: RollingUpdate # Strategy for update RollingUpdate/Recreate
+    rollingUpdate:
+      maxSurge: 0 # Maximum addition machines that spawned over the desired replicas during update
+      maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
+  selector:
+    matchLabels:
+      test-label: test-label # Label to match the template (XXXXX)
+  template:
+    metadata:
+      labels:
+        test-label: test-label # Label to match with selector (XXXXX)
+    spec:
+      class:
+        kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+        name: mc-v1 # Name of the machine class
@@ -0,0 +1,27 @@
+# Sample machine-deploy object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: MachineDeployment
+metadata:
+  name: test-md # Name of the machine deploy
+  namespace: aws
+spec:
+  replicas: 6 # Number of healthy replicas that should always be healthy
+  minReadySeconds: 500 # Minimum time to wait for machine to be ready
+  progressDeadlineSeconds: 1200
+  strategy:
+    type: RollingUpdate # Strategy for update RollingUpdate/Recreate
+    rollingUpdate:
+      maxSurge: 0 # Maximum addition machines that spawned over the desired replicas during update
+      maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
+  selector:
+    matchLabels:
+      test-label: test-label # Label to match the template (XXXXX)
+  template:
+    metadata:
+      labels:
+        test-label: test-label # Label to match with selector (XXXXX)
+    spec:
+      class:
+        kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+        name: mc-v1 # Name of the machine class
@@ -0,0 +1,27 @@
+# Sample machine-deploy object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: MachineDeployment
+metadata:
+  name: test-md # Name of the machine deploy
+  namespace: aws
+spec:
+  replicas: 4 # Number of healthy replicas that should always be healthy
+  minReadySeconds: 500 # Minimum time to wait for machine to be ready
+  progressDeadlineSeconds: 1200
+  strategy:
+    type: RollingUpdate # Strategy for update RollingUpdate/Recreate
+    rollingUpdate:
+      maxSurge: 0 # Maximum addition machines that spawned over the desired replicas during update
+      maxUnavailable: 2 # Maximum unavailable machines that the cluster can tolerate
+  selector:
+    matchLabels:
+      test-label: test-label # Label to match the template (XXXXX)
+  template:
+    metadata:
+      labels:
+        test-label: test-label # Label to match with selector (XXXXX)
+    spec:
+      class:
+        kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+        name: mc-v2 # Name of the machine class
@@ -0,0 +1,27 @@
+# Sample machine-deploy object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: MachineDeployment
+metadata:
+  name: test-md # Name of the machine deploy
+  namespace: aws
+spec:
+  replicas: 3 # Number of healthy replicas that should always be healthy
+  minReadySeconds: 500 # Minimum time to wait for machine to be ready
+  progressDeadlineSeconds: 1200
+  strategy:
+    type: RollingUpdate # Strategy for update RollingUpdate/Recreate
+    rollingUpdate:
+      maxSurge: 0 # Maximum addition machines that spawned over the desired replicas during update
+      maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
+  selector:
+    matchLabels:
+      test-label: test-label # Label to match the template (XXXXX)
+  template:
+    metadata:
+      labels:
+        test-label: test-label # Label to match with selector (XXXXX)
+    spec:
+      class:
+        kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+        name: mc-v1 # Name of the machine class
@@ -0,0 +1,13 @@
+# Sample machine object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: Machine
+metadata:
+  name: test-machine # Name of the machine to be created
+  namespace: az
+  labels:
+    test-label: test-label # Label used by machine-set to match (optional)
+spec:
+  class:
+    kind: AzureMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+    name: mc-v1 # Name of the machine class
@@ -0,0 +1,27 @@
+# Sample machine-deploy object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: MachineDeployment
+metadata:
+  name: test-md # Name of the machine deploy
+  namespace: az
+spec:
+  replicas: 2 # Number of healthy replicas that should always be healthy
+  minReadySeconds: 500 # Minimum time to wait for machine to be ready
+  progressDeadlineSeconds: 1200
+  strategy:
+    type: RollingUpdate # Strategy for update RollingUpdate/Recreate
+    rollingUpdate:
+      maxSurge: 0 # Maximum addition machines that spawned over the desired replicas during update
+      maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
+  selector:
+    matchLabels:
+      test-label: test-label # Label to match the template (XXXXX)
+  template:
+    metadata:
+      labels:
+        test-label: test-label # Label to match with selector (XXXXX)
+    spec:
+      class:
+        kind: AzureMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+        name: mc-v1 # Name of the machine class
@@ -0,0 +1,27 @@
+# Sample machine-deploy object
+
+apiVersion: machine.sapcloud.io/v1alpha1
+kind: MachineDeployment
+metadata:
+  name: test-md # Name of the machine deploy
+  namespace: az
+spec:
+  replicas: 6 # Number of healthy replicas that should always be healthy
+  minReadySeconds: 500 # Minimum time to wait for machine to be ready
+  progressDeadlineSeconds: 1200
+  strategy:
+    type: RollingUpdate # Strategy for update RollingUpdate/Recreate
+    rollingUpdate:
+      maxSurge: 0 # Maximum addition machines that spawned over the desired replicas during update
+      maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
+  selector:
+    matchLabels:
+      test-label: test-label # Label to match the template (XXXXX)
+  template:
+    metadata:
+      labels:
+        test-label: test-label # Label to match with selector (XXXXX)
+    spec:
+      class:
+        kind: AzureMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
+        name: mc-v1 # Name of the machine class