Migrate makefiles and CI/CD

.github/dependabot.yaml

@@ -1,3 +1,6 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead.
+
 # Update Go dependencies and GitHub Actions dependencies weekly.
 version: 2
 updates:

.github/workflows/make-self-upgrade.yaml

@@ -0,0 +1,86 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.
+
+name: make-self-upgrade
+concurrency: make-self-upgrade
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Fail if branch is not main
+        if: github.ref != 'refs/heads/main'
+        run: |
+          echo "This workflow should not be run on a branch other than main."
+          exit 1
+
+      - uses: actions/checkout@v4
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: |
+          git checkout -B "self-upgrade"
+
+      - run: |
+          make -j upgrade-klone
+          make -j generate
+
+      - id: is-up-to-date
+        shell: bash
+        run: |
+          git_status=$(git status -s)
+          is_up_to_date="true"
+          if [ -n "$git_status" ]; then
+              is_up_to_date="false"
+              echo "The following changes will be committed:"
+              echo "$git_status"
+          fi
+          echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        run: |
+          git config --global user.name "jetstack-bot"
+          git config --global user.email "jetstack-bot@users.noreply.github.com"
+          git commit -a -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff
+          git push -f origin self-upgrade
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { repo, owner } = context.repo;
+            const pulls = await github.rest.pulls.list({
+              owner: owner,
+              repo: repo,
+              head: owner + ':self-upgrade',
+              base: 'main',
+              state: 'open',
+            });
+
+            if (pulls.data.length < 1) {
+              await github.rest.pulls.create({
+                title: '[CI] Merge self-upgrade into main',
+                owner: owner,
+                repo: repo,
+                head: 'self-upgrade',
+                base: 'main',
+                body: [
+                  'This PR is auto-generated to bump the Makefile modules.',
+                ].join('\n'),
+              });
+            }

.github/workflows/release.yaml

@@ -0,0 +1,85 @@
+name: release
+on:
+  push:
+    tags:
+      - "v*"
+
+env:
+  VERSION: ${{ github.ref_name }}
+
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read # needed for checkout
+      packages: write # needed for push images
+      id-token: write # needed for keyless signing
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - id: release
+        run: make release
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}-${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}.tgz
+          path: ${{ steps.release.outputs.RELEASE_HELM_CHART_TAR }}
+          if-no-files-found: error
+
+    outputs:
+      RELEASE_OCI_MANAGER_IMAGE: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_IMAGE }}
+      RELEASE_OCI_MANAGER_TAG: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_TAG }}
+      RELEASE_HELM_CHART_NAME: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}
+      RELEASE_HELM_CHART_VERSION: ${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}
+
+  github_release:
+    runs-on: ubuntu-latest
+
+    needs: build_images
+
+    permissions:
+      contents: write # needed for creating a PR
+      pull-requests: write # needed for creating a PR
+
+    steps:
+      - run: |
+          touch .notes-file
+          echo "OCI_MANAGER_IMAGE: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_IMAGE }}" >> .notes-file
+          echo "OCI_MANAGER_TAG: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_TAG }}" >> .notes-file
+          echo "HELM_CHART_NAME: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}" >> .notes-file
+          echo "HELM_CHART_VERSION: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file
+
+      - id: chart_download
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz
+
+      - env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "$VERSION" \
+            --repo="$GITHUB_REPOSITORY" \
+            --title="${VERSION}" \
+            --draft \
+            --verify-tag \
+            --notes-file .notes-file
+          
+          gh release upload "$VERSION" \
+            --repo="$GITHUB_REPOSITORY" \
+            "${{ steps.chart_download.outputs.download-path }}/${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz"

.gitignore

@@ -1,11 +1,11 @@
-
 # Binaries for programs and plugins
 *.exe
 *.exe~
 *.dll
 *.so
 *.dylib
 bin
+testbin/*
 
 # Test binary, build with `go test -c`
 *.test
@@ -14,7 +14,6 @@ bin
 *.out
 
 # Kubernetes Generated files - skip generated files, except for vendored files
-
 !vendor/**/zz_generated.*
 
 # editor and IDE paraphernalia
@@ -23,5 +22,10 @@ bin
 *.swo
 *~
 
-/csi-driver-spiffe
-/_artifacts
+_bin
+_certs
+_artifacts
+.vscode
+
+# direnv files
+.envrc