first commit

Author: Nicolas-Richard

.github/workflows/auto-release.yaml

@@ -0,0 +1,31 @@
+---
+name: Auto Release
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - name: set up go version
+        uses: actions/setup-go@v3
+      - name: Go Build x64
+        run:  go build -o mani-diffy
+      - name: Go Build arm64
+        run:  GOOS=darwin GOARCH=arm64 go build -o mani-diffy-darwin-arm64
+      - name: Create Release Text
+        run: echo ${{ github.sha }} > Release.txt
+      - name: Test Build x64
+        run: file mani-diffy | grep "x86-64"
+      - name: Test Build arm64
+        run: file mani-diffy-darwin-arm64 | grep "arm64"
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            mani-diffy
+            mani-diffy-darwin-arm64
+            Release.txt

.github/workflows/generate-manifests-demos.yaml

@@ -0,0 +1,35 @@
+name: Generate manifests for demo
+on: [push]
+
+jobs:
+  build-and-run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Git
+        run: |
+          git config --global user.name 'Bot'
+          git config --global user.email '[email protected]'
+
+      - name: Compile
+        run: |
+          make build-binaries
+
+      - name: Run for demo
+        run: |
+          cd demo
+          rm -rf .zz.auto-generated
+          ../mani-diffy -hash-store=json
+
+      - name: Commit and push changes to /demo
+        run: |
+          if git diff --quiet; then
+              echo "No changes to commit"
+          else
+              git add .
+              git commit -m "Some manifests have changed in the demo."
+              git push
+          fi
+          cd ..

.github/workflows/tests.yaml

@@ -0,0 +1,38 @@
+---
+name: tests
+
+on:
+  pull_request:
+    types: [assigned, opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  go_test:
+    # strategy:
+    #   matrix:
+    #     go-versions: [1.18.x]
+    #     os: [ubuntu-latest, macos-latest]
+    # runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - name: set up go version
+        uses: actions/setup-go@v3
+        with:
+          # go-version: ${{ matrix.go-versions }}
+          go-version: '1.20'
+      - name: run go tests
+        run: |
+          go test -v ./...
+  golangci:
+    # https://github.com/golangci/golangci-lint-action
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v3
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.53
+          # use config in .golangci.yaml to configure the action further

.gitignore

@@ -0,0 +1,7 @@
+# ignore binaries build during testing
+mani-diffy*
+hashes.json
+hash.sum
+
+.idea
+.DS_Store

.golangci.yaml

@@ -0,0 +1,36 @@
+# https://golangci-lint.run/usage/configuration/#config-file
+run:
+  allow-parallel-runners: true
+  timeout: 5m
+  go: '1.20'
+
+linters:
+  enable:
+    - errcheck
+    - errorlint
+    - exportloopref
+    - gocritic
+    - gofmt
+    - goimports
+    - gosec
+    - govet
+    - misspell
+    - revive
+    - staticcheck
+    - tenv
+    - unconvert
+    - unused
+    - unparam
+
+issues:
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - text: "G306:"
+      linters:
+        - gosec
+    - text: "G204:"
+      linters:
+        - gosec
+    - text: "G112:"
+      linters:
+        - gosec

CODEOWNERS

@@ -0,0 +1 @@
+* @1debit/infrastructure-eng

CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at "[email protected]". All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Chime Financial
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

Makefile

@@ -0,0 +1,17 @@
+test:
+		go test ./...
+
+test-verbose:
+		go test -v ./...
+
+benchmark:
+		go test -bench=.
+
+benchmark-all:
+		go test ./... -bench=.
+
+lint:
+		golangci-lint run
+
+build-binaries:
+	  go build -o mani-diffy

README.md

@@ -0,0 +1,57 @@
+# mani-diffy
+
+![Tests](https://github.com/1debit/mani-diffy/actions/workflows/tests.yaml/badge.svg)
+
+This program walks a hierarchy of Argo CD Application templates, renders Kubernetes manifests from the input templates, and posts the rendered files back for the user to review and validate. 
+
+It is designed to be called from a CI job within a pull request, enabling the author to update templates and see the resulting manifests directly within the pull request before the changes are applied to the Kubernetes cluster. 
+
+The rendered manifests are kept within the repository, making diffs between revisions easy to parse, dramatically improving safety when updating complex application templates.
+
+---
+## How it works:
+1. A user makes their desired change to the application's templates (charts, overrides, etc) and submits a PR with the change.
+2. A CI job executes `mani-diffy`, rendering all manifests affected by the change.
+3. Any updated manifests are submitted back to the same PR as a new commit.
+4. The author and any reviewers will be able to review the diff between the new changes and the previous version of the manifests.
+
+## Post Renderers
+
+`mani-diffy` also supports something called a "post renderer". This is a command that will be called immediately after an Application is rendered. This can be used to run linting, or alter the output of the generated manifest.
+
+```
+mani-diffy -post-renderer="bin/post-render" -output=.zz-auto-generated
+```
+
+The command will be called with the output directory as the first argument (e.g. `.zz-auto-generated/<application name>`)
+
+---
+
+## Pre-requisites 
+
+This is for a new user that is looking to use mani-diffy on a new repo.
+
+In order to make use of mani-diffy on the repo that holds all of your ArgoCD applications the pre-requisites are:
+
+- You have a "root" Application
+- All of your charts and Application manifests live in the same repo.
+
+`mani-diffy` itself makes no assumptions about how the repo is structured, as long as it can successfully render the charts it encounters while walking the Application tree.
+
+However, you may find it useful to organize your repo similarly to the demo app, with 3 key directories : 
+
+1. a "root" or "bootstrap" directory that holds all the ArgoCD applications manifests.
+2. a "charts" directory that contains all the helm charts needed for the ArgoCD applications.
+3. a "rendered" or "generated" directory, where all rendered charts will be committed.
+
+You can see an example of that in the [`demo`](demo/README.md) directory.
+
+# FAQ
+
+Q: Is ArgoCD using the rendered manifests in `.zz.auto-generated` ?
+
+A: No, ArgoCD renders the charts itself. There is no expected discrepancy between the manifest files rendered by mani-diffy and by ArgoCD as long as they are using the same version of Helm.
+
+
+
+

demo/.zz.auto-generated/prod-app-group-1/manifest.yaml

@@ -0,0 +1,48 @@
+---
+# Source: app-of-apps/templates/apps.yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prod-service-bar
+spec:
+  destination:
+    namespace: argocd
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    repoURL: https://github.com/my-org/my-repo.git
+    path: charts/service
+    helm:
+      version: v3
+      parameters:
+      - name: env
+        value: prod
+      valueFiles:
+        - ../../overrides/service/bar/base.yaml
+        - ../../overrides/service/bar/prod.yaml
+  syncPolicy:
+    automated: {}
+---
+# Source: app-of-apps/templates/apps.yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prod-service-foo
+spec:
+  destination:
+    namespace: argocd
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    repoURL: https://github.com/my-org/my-repo.git
+    path: charts/service
+    helm:
+      version: v3
+      parameters:
+      - name: env
+        value: prod
+      valueFiles:
+        - ../../overrides/service/foo/base.yaml
+        - ../../overrides/service/foo/prod.yaml
+  syncPolicy:
+    automated: {}