Obmondo
diff --git a/‎.dockerignore‎
Lines changed: 0 additions & 7 deletions b/‎.dockerignore‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎.github/workflows/release.yaml‎
Lines changed: 44 additions & 71 deletions b/‎.github/workflows/release.yaml‎
Lines changed: 44 additions & 71 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 18 additions & 3 deletions b/‎Makefile‎
Lines changed: 18 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 97 deletions b/‎README.md‎
Lines changed: 1 addition & 97 deletions
diff --git a/‎build/docker/Dockerfile‎
Lines changed: 0 additions & 30 deletions b/‎build/docker/Dockerfile‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎build/docker/Dockerfile.dev‎
Lines changed: 0 additions & 13 deletions b/‎build/docker/Dockerfile.dev‎
Lines changed: 0 additions & 13 deletions
diff --git a/‎cmd/cluster/upgrade/aws.go‎
Lines changed: 4 additions & 2 deletions b/‎cmd/cluster/upgrade/aws.go‎
Lines changed: 4 additions & 2 deletions
@@ -1,94 +1,67 @@
 name: Release
 
-# This Github Action workflow is triggered, when a new release is published.
+# This Github Action workflow is triggered, when a new release is created.
 on:
   release:
-    types: [published]
+    types: [created]
+
+permissions:
+  packages: write
+  security-events: write
 
 jobs:
-  build_and_push_container_image:
-    name: Build and push container image
+  scan_sourcecode:
+    name: Scanning sourcecode to find vulberabilities, misconfigurations and exposed secrets
     runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      security-events: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: actions/checkout@v4
 
       - name: Create outputs directory
-        run: mkdir -p ./outputs/trivy
+        run: mkdir -p /tmp/trivy
 
-      - name: Run Trivy vulnerability and secret scanner in fs mode
-        uses: aquasecurity/trivy-action@master
+      - name: Run Trivy security scan against the sourcecode
+        id: security-scan
+        uses: aquasecurity/[email protected]
         with:
           scan-type: fs
+          vuln-type: library
           scan-ref: .
           trivy-config: trivy.yaml
-          format: sarif
-          output: ./outputs/trivy/fs.sarif
-
-      - name: Upload the scan result to CodeQL
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: ./outputs/trivy/fs.sarif
-          category: fs
-
-      - name: Detect IaC vulnerabilities and misconfigurations using Trivy
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: config
-          scan-ref: .
-          trivy-config: trivy.yaml
-          format: sarif
-          output: ./outputs/trivy/iac-and-config.sarif
+          format: table
+          output: security-scan-result.txt
 
-      - name: Upload the scan result to CodeQL
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: ./outputs/trivy/iac-and-config.sarif
-          category: iac-and-configurations
+      - name: Append the security scan result to the job summary
+        run: |
+          {
+            echo "### 🛡️ Sourcecode security scan result :"
+            echo ""
+            echo '```terraform'
+            cat security-scan-result.txt
+            echo '```'
+          } >> $GITHUB_STEP_SUMMARY
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+  build_and_publish_binaries:
+    name: Build and publish binary
+    runs-on: ubuntu-latest
 
-      - name: Login to GitHub Container Registry
-        uses: docker/[email protected]
-        with:
-          registry: ghcr.io
-          username: obmondo
-          password: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        goos: [linux, darwin]
+        goarch: [amd64, arm64]
 
-      - name: Build and push KubeAid Bootstrap Script AMD64 and ARM64 container images
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: build/docker/Dockerfile
-          # NOTE : It takes pretty long to build container images for the ARM64 platform (even when
-          # using QEMU).
-          platforms: linux/amd64,linux/arm64
-          tags: ghcr.io/obmondo/kubeaid-bootstrap-script:${{ github.event.release.tag_name }}
-          push: true
-          # Experimental cache exporter for GitHub Actions provided by buildx and BuildKit.
-          # It uses the GitHub Cache API to fetch and load the Docker layer cache blobs across
-          # builds.
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-      - name: Scan container image for vulnerabilities
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ghcr.io/obmondo/kubeaid-bootstrap-script:${{ github.event.release.tag_name }}
-          vuln-type: os,library
-          trivy-config: trivy.yaml
-          format: sarif
-          output: ./outputs/trivy/container-image.sarif
+      - name: Create outputs directory
+        run: mkdir -p ./outputs/trivy
 
-      - name: Upload the container image scan result to CodeQL
-        uses: github/codeql-action/upload-sarif@v3
+      - uses: wangyoucao577/go-release-action@v1
         with:
-          sarif_file: ./outputs/trivy/container-image.sarif
-          category: container-image
+          goos: ${{ matrix.goos }}
+          goarch: ${{ matrix.goarch }}
+          project_path: ./cmd
+          binary_name: kubeaid-bootstrap-script-${{ matrix.goos }}-${{ matrix.goarch }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          compress_assets: OFF
@@ -3,6 +3,7 @@
 
 vendor/
 
+build/
 outputs/
 
 temp/
 
@@ -70,6 +70,13 @@ delete-provisioned-cluster-aws-dev:
 	@go run ./cmd/ cluster delete \
     --configs-directory ./outputs/configs/aws/
 
+.PHONY: recover-cluster-aws-dev
+recover-cluster-aws-dev:
+	@go run ./cmd/ cluster recover aws \
+		--debug \
+    --configs-directory ./outputs/configs/aws/ \
+    --skip-pr-workflow
+
 .PHONY: sample-config-generate-azure-dev
 sample-config-generate-azure-dev:
 	@go run ./cmd/ config generate azure
@@ -108,9 +115,9 @@ recover-cluster-azure-dev:
     --configs-directory ./outputs/configs/azure/ \
     --skip-pr-workflow
 
-.PHONY: sample-config-generate-hetzner-dev
-sample-config-generate-hetzner-dev:
-	@go run ./cmd/ config generate hetzner
+.PHONY: sample-config-generate-hcloud-dev
+sample-config-generate-hcloud-dev:
+	@go run ./cmd/ config generate hetzner hcloud
 
 .PHONY: devenv-create-hcloud-dev
 devenv-create-hcloud-dev:
@@ -133,6 +140,10 @@ delete-provisioned-cluster-hcloud-dev:
 	@go run ./cmd/ cluster delete \
     --configs-directory ./outputs/configs/hetzner/hcloud/
 
+.PHONY: sample-config-generate-hcloud-dev
+sample-config-generate-hetzner-bare-metal-dev:
+	@go run ./cmd/ config generate hetzner bare-metal
+
 .PHONY: devenv-create-hetzner-bare-metal-dev
 devenv-create-hetzner-bare-metal-dev:
 	@go run ./cmd/ devenv create \
@@ -154,6 +165,10 @@ delete-provisioned-cluster-hetzner-bare-metal-dev:
     --debug \
     --configs-directory ./outputs/configs/hetzner/bare-metal/
 
+.PHONY: sample-config-generate-hetzner-hybrid-dev
+sample-config-generate-hetzner-hybrid-dev:
+	@go run ./cmd/ config generate hetzner hybrid
+
 .PHONY: devenv-create-hetzner-hybrid-dev
 devenv-create-hetzner-hybrid-dev:
 	@go run ./cmd/ devenv create \
 
@@ -1,97 +1 @@
-# KubeAid Bootstrap
-
-Welcome to the KubeAid Bootstrap repository! This project aims to simplify the process of setting up a Kubernetes (K8s) cluster across multiple cloud providers. With KubeAid Bootstrap, you can get your cluster up and running in just 10 minutes, complete with essential tools like Keycloak, ArgoCD, Cert-Manager, and monitoring via Kube-Prometheus.
-
-## Features
-
-- **Multi-Cloud Support**: Easily deploy on AWS (Self-managed, EKS), Azure (AKS and self-managed), Hetzner (Cloud, Robot, and Hybrid), and local environments.
-- **Latest Kubernetes Version**: Always set up the latest stable version of Kubernetes.
-- **GitOps Workflow**: Manage your cluster configuration and deployments using GitOps principles.
-- **Integrated Tools**:
-  - **Keycloak**: For identity and access management.
-  - **ArgoCD**: For continuous delivery and GitOps.
-  - **Cert-Manager**: For managing TLS certificates.
-  - **Kube-Prometheus**: For monitoring and alerting.
-
-## Getting Started
-
-Follow these steps to set up your Kubernetes cluster:
-
-### Prerequisites
-
-- A cloud account for your chosen provider (AWS, Azure, Hetzner).
-- `kubectl` installed on your local machine.
-- `git` installed on your local machine.
-- `docker` installed on your local machine.
-- `jsonnet` installed on your local machine.
-- `kubeseal` installed on your local machine.
-- `k3d` installed on your local machine.
-- Access to a terminal or command line interface.
-
-NOTE: You can also run the ./scripts/install-runtime-dependencies.sh
-
-- A git repo to hold your custom settings for your cluster, [kubeaid-config](https://github.com/Obmondo/kubeaid-config)
-
-### Quick Setup
-
-1. **Generate the [GitHub token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token)**
-
-2. **Download the compose file**:
-   - Get the compose file
-   ```bash
-   wget https://raw.githubusercontent.com/Obmondo/kubeaid-bootstrap-script/refs/heads/main/docker-compose.yaml
-   ```
-
-3. **Generate the config**:
-   - Run the compose to generate the config, it will drop the file in **/outputs/config**
-   ```bash
-   docker compose run bootstrap-generate
-   ```
-
-4. **Fix the config based on your requirements**:
-   - Edit general.yaml
-   ```yaml
-   forkURLs:
-     kubeaidConfig: https://github.com/xxxxxxxx/kubeaid-config.git
-   ```
-
-5. **Add the git username and token**:
-   - Edit secret.yaml
-   ```yaml
-   git:
-     username: xxxxxxxxxx
-     password: xxxxxxxxxx
-   ```
-
-6. **Choose your provider [here](https://github.com/Obmondo/kubeaid-bootstrap-script/tree/main?tab=readme-ov-file#cloud-provider-support)**
-
-## Cloud Provider Support
-
-- **AWS**: Self-managed and EKS
-  - Documentation: [docs/aws.md](docs/aws.md)
-
-- **Azure**: AKS and self-managed
-  - Documentation: [docs/azure.md](docs/azure.md)
-
-- **Hetzner**: Cloud, Robot, and Hybrid
-  - Documentation: [docs/hetzner.md](docs/hetzner.md)
-
-- **Local**: Minikube or other local setups
-  - Documentation: [docs/local.md](docs/local.md)
-
-## Contributing
-
-We welcome contributions!
-Guidelines coming soon!!
-
-## License
-
-This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
-
-## Support
-
-If you encounter any issues or have questions, please open an issue in the GitHub repository or reach out to the community.
-
----
-
-Get your Kubernetes cluster up and running in no time with KubeAid Bootstrap! Happy clustering! 🚀
+# KubeAid Bootstrap Script
@@ -14,8 +14,10 @@ var AWSCmd = &cobra.Command{
 	Short: "Trigger Kubernetes version upgrade for the provisioned AWS based cluster",
 
 	Run: func(cmd *cobra.Command, args []string) {
-		core.UpgradeCluster(cmd.Context(), skipPRWorkflow, core.UpgradeClusterArgs{
-			NewKubernetesVersion: kubernetesVersion,
+		core.UpgradeCluster(cmd.Context(), core.UpgradeClusterArgs{
+			SkipPRWorkflow: skipPRWorkflow,
+
+			NewKubernetesVersion: newKubernetesVersion,
 
 			CloudSpecificUpdates: aws.AWSMachineTemplateUpdates{
 				AMIID: newAMIID,
-Original file line number
+Diff line change
 vendor/
 +build/
 outputs/
 temp/