diff --git a/.github/workflows/bootstrap.yaml b/.github/workflows/bootstrap.yaml
index 2d4a4f587268eb4390a0caf95767e0cd80c54fbf..74ed0ed0b3d5635cdca204e8f0d9ceb2bcc0cf5a 100644
--- a/.github/workflows/bootstrap.yaml
+++ b/.github/workflows/bootstrap.yaml
@@ -64,6 +64,21 @@ jobs:
--team=team-z
env:
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+ - name: bootstrap customize
+ run: |
+ make setup-bootstrap-patch
+ /tmp/flux bootstrap github --manifests ./manifests/install/ \
+ --owner=fluxcd-testing \
+ --repository=${{ steps.vars.outputs.test_repo_name }} \
+ --branch=main \
+ --path=test-cluster \
+ --team=team-z
+ if [ $(kubectl get deployments.apps source-controller -o jsonpath='{.spec.template.spec.securityContext.runAsUser}') != "10000" ]; then
+ echo "Bootstrap not customized as controller is not running as user 10000" && exit 1
+ fi
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+ GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
- name: libgit2
run: |
/tmp/flux create source git test-libgit2 \
diff --git a/Makefile b/Makefile
index f6d168d0ae0c7e04837b61995b5f320b32960f61..631d2767505232908fac4799ab81263af601487e 100644
--- a/Makefile
+++ b/Makefile
@@ -58,10 +58,12 @@ install:
install-dev:
CGO_ENABLED=0 go build -o /usr/local/bin ./cmd/flux
-
install-envtest: setup-envtest
$(SETUP_ENVTEST) use $(ENVTEST_BIN_VERSION)
+setup-bootstrap-patch:
+ go run ./tests/bootstrap/main.go
+
# Find or download setup-envtest
setup-envtest:
ifeq (, $(shell which setup-envtest))
diff --git a/tests/bootstrap/main.go b/tests/bootstrap/main.go
new file mode 100644
index 0000000000000000000000000000000000000000..e7735d8e30c83c8bfefd0b9a042312d26c13d13f
--- /dev/null
+++ b/tests/bootstrap/main.go
@@ -0,0 +1,81 @@
+package main
+
+import (
+ "context"
+ "log"
+ "os"
+
+ "github.com/fluxcd/go-git-providers/github"
+ "github.com/fluxcd/go-git-providers/gitprovider"
+)
+
+func main() {
+ ks := "test-cluster/flux-system/kustomization.yaml"
+ patchName := "test-cluster/flux-system/gotk-patches.yaml"
+ ksContent := `apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- gotk-components.yaml
+- gotk-sync.yaml
+patches:
+ - path: gotk-patches.yaml
+ target:
+ kind: Deployment`
+ patchContent := `apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: all-flux-components
+spec:
+ template:
+ metadata:
+ annotations:
+ # Required by Kubernetes node autoscaler
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+ spec:
+ securityContext:
+ runAsUser: 10000
+ fsGroup: 1337
+ containers:
+ - name: manager
+ securityContext:
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+`
+ commitFiles := []gitprovider.CommitFile{
+ {
+ Path: &ks,
+ Content: &ksContent,
+ },
+ {
+ Path: &patchName,
+ Content: &patchContent,
+ },
+ }
+ repoName := os.Getenv("GITHUB_REPO_NAME")
+ githubToken := os.Getenv("GITHUB_TOKEN")
+ client, err := github.NewClient(github.WithOAuth2Token(githubToken))
+ if err != nil {
+ log.Fatalf("error initializing github client: %s", err)
+ }
+
+ repoRef := gitprovider.OrgRepositoryRef{
+ OrganizationRef: gitprovider.OrganizationRef{
+ Organization: "flux-testing",
+ Domain: "github.com",
+ },
+ RepositoryName: repoName,
+ }
+ repo, err := client.OrgRepositories().Get(context.Background(), repoRef)
+ if err != nil {
+ log.Fatalf("error getting %s repository in org %s: %s", repoRef.RepositoryName, repoRef.Organization, err)
+ }
+
+ _, err = repo.Commits().Create(context.Background(), "main", "add patch manifest 3", commitFiles)
+ if err != nil {
+ log.Fatalf("error making commit: %s", err)
+ }
+}