Merge pull request #27 from olblak/addPulummi

init pulumi policy
updatecli · Apr 27, 2024 · 78bcf91 · 78bcf91
2 parents 6ac970a + d89caf7
commit 78bcf91
Show file tree

Hide file tree

Showing 7 changed files with 268 additions and 0 deletions.
diff --git a/updatecli/policies/pulumi/CHANGELOG.md b/updatecli/policies/pulumi/CHANGELOG.md
@@ -0,0 +1,5 @@
+# CHANGELOG
+
+## 0.1.0
+
+  * Initial release
diff --git a/updatecli/policies/pulumi/Policy.yaml b/updatecli/policies/pulumi/Policy.yaml
@@ -0,0 +1,29 @@
+---
+# Policy.yaml contains metadata for the Updatecli policy.
+
+## Authors is the policy authors
+authors:
+  - olivier Vernin <[email protected]>
+
+## URL is the policy url
+url: ghcr.io/updatecli/policies/updatecli/pulumi
+
+## Documentation is the policy documentation URL
+documentation: https://github.com/updatecli/policies/blob/main/updatecli/policies/pulumi/README.md
+
+## Source is the policy source URL
+source: https://github.com/updatecli/policies/blob/main/updatecli/policies/pulumi/
+
+# Version is the policy version. 
+version: 0.1.0
+
+## Vendor is the policy vendor
+vendor: Updatecli Project
+
+# License is the policy licenses
+licenses:
+  - "Apache-2.0 license"
+
+# Description is the short policy description
+description: |
+  Bump Pulumi golang packages to align with versions defined in github.com/pulumi/pulumi-terraform-bridge
diff --git a/updatecli/policies/pulumi/README.md b/updatecli/policies/pulumi/README.md
@@ -0,0 +1,85 @@
+# README
+
+WARNING: This policy is written for demo purpose and will be relocated to a better place if needed.
+
+## DESCRIPTION
+
+Bump Pulumi golang packages to align with versions defined in github.com/pulumi/pulumi-terraform-bridge
+
+Pulumi can "bridge" TF providers. In this setup, the Pulumi provider uses this Go module:
+
+github.com/pulumi/pulumi-terraform-bridge
+
+The provider *and* the bridge uses the core Pulumi SDK:
+
+github.com/pulumi/pulumi/pkg/v3
+github.com/pulumi/pulumi/sdk/v3
+
+Upgrading the dependency on pulumi-terraform-bridge, I need to upgrade core pulumi SDK (sdk & pkg) to the same version that the bridge uses.
+
+
+## HOW TO USE
+
+**Show**
+
+They are two different approaches to see the content of this policy:
+
+Using the policy from the local filesystem by running:
+
+	updatecli manifest show --config updatecli.d --values values.d/default.yaml
+
+Using the policy from the registry by running:
+
+    updatecli manifest show $OCI_REGISTRY/< insert your policy name>:v0.1.0
+
+
+**Use**
+
+Similarly to the show command, they are two ways to execute an Updatecli policy, either using the local file or the one stored on the registry.
+
+Using the policy from the local filesystem by running:
+
+    updatecli diff --config updatecli.d --values values.d/default.yaml
+
+Using the policy from the registry by running:
+
+    updatecli diff ghcr.io/updatecli/policies/<a policy name>:v0.1.0
+
+
+If "diff" is replaced by "apply", then the policy will be executed in enforce mode.
+
+⚠ Any values files specified at runtime will override default values set from the policy bundle
+
+**Login**
+
+Regardless your Updatecli policy is meant to be public or private, you probably always want to be authenticated with your registry, by running:
+
+    docker login "$OCI_REGISTRY"
+
+INFO: OCI_REGISTRY can be any OCI compliant registry such as [Zot](https://github.com/project-zot/zot), [DockerHub](https://hub.docker.com), [ghcr.io](https://ghcr.io),etc.
+
+**Publish**
+
+Policies defines in this repository can be published to your registry by running:
+
+	updatecli manifest push \
+		--config updatecli.d \
+		--values values.d/default.yaml \
+    	--policy Policy.yaml \
+    	--tag "$OCI_REGISTRY/<insert your policy name>" \
+		.
+
+⚠ The tag is defined by the version field in the policy file
+⚠ The latest tag always represents the latest version published from
+a semantic versioning point of view.
+
+## NEXT STEPS
+
+Feel free to look on the [Updatecli documentation](https://updatecli.io) to learn more about how to use Updatecli.
+
+Another good starting point is to understand how to use [update-compose.yaml](https://www.updatecli.io/docs/core/compose/) to orchestrate multiple Updatecli policies.
+
+## CONTRIBUTING
+
+This document has been generated from this [template](https://github.com/updatecli/updatecli/blob/main/pkg/core/scaffold/readme.go).
+Feel free to suggest any improvements or open an [issue](https://github.com/updatecli/updatecli/issues).
diff --git a/updatecli/policies/pulumi/testdata/values.yaml b/updatecli/policies/pulumi/testdata/values.yaml
@@ -0,0 +1,9 @@
+scm:
+  default:  
+    owner: pulumiverse
+    repository: pulumi-talos
+    branch: main
+    user: updatecli
+    email: 
+    #username: 
+    #token:
diff --git a/updatecli/policies/pulumi/updatecli.d/pulumi-pkg.yaml b/updatecli/policies/pulumi/updatecli.d/pulumi-pkg.yaml
@@ -0,0 +1,65 @@
+---
+name: "deps: bump github.com/pulumi/pulumi/pkg/v3"
+
+## scms defines the source control management system to interact with.
+scms:
+  default:
+    kind: github
+    spec:
+      owner: "{{ .scm.default.owner }}"
+      repository: "{{ .scm.default.repository }}"
+      branch: "{{ .scm.default.branch }}"
+      user: "{{ .scm.default.user }}"
+      email: "{{ .scm.default.email }}"
+      username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
+      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+
+## actions defines what to do when a target with the same scmid is modified.
+actions:
+  default:
+    kind: "github/pullrequest"
+    scmid: "default"
+    spec:
+      automerge: false
+      labels:
+        - "dependencies"
+
+## sources defines where to find the information.
+sources:
+  bridge:
+    scmid: "default"
+    kind: "golang/gomod"
+    spec:
+      file: "provider/go.mod"
+      module: "github.com/pulumi/pulumi-terraform-bridge/v3"
+
+  pulumi/pkg:
+    name: 'Get github.com/pulumi/pulumi/pkg/v3 version used by github.com/pulumi/pulumi-terraform-bridge/v3 {{ source "bridge" }}'
+    kind: "golang/gomod"
+    dependson:
+      - "bridge"
+    spec:
+      file: 'https://raw.githubusercontent.com/pulumi/pulumi-terraform-bridge/{{ source "bridge" }}/go.mod'
+      module: "github.com/pulumi/pulumi/pkg/v3"
+
+conditions:
+  pulumi/pkg:
+    name: 'is github.com/pulumi/pulumi/pkg/v3 is defined'
+    scmid: "default"
+    disablesourceinput: true
+    kind: "golang/gomod"
+    spec:
+      file: "provider/go.mod"
+      module: "github.com/pulumi/pulumi/pkg/v3"
+
+targets:
+  pulumi/pkg:
+    name: 'deps: bump github.com/pulumi/pulumi/pkg/v3 to {{ source "pulumi/pkg" }}'
+    scmid: "default"
+    kind: "golang/gomod"
+    sourceid: "pulumi/pkg"
+    spec:
+      file: "provider/go.mod"
+      module: "github.com/pulumi/pulumi/pkg/v3"
+
+version: 0.76.0
diff --git a/updatecli/policies/pulumi/updatecli.d/pulumi-sdk.yaml b/updatecli/policies/pulumi/updatecli.d/pulumi-sdk.yaml
@@ -0,0 +1,65 @@
+---
+name: Default pipeline name
+
+## scms defines the source control management system to interact with.
+scms:
+  default:
+    kind: github
+    spec:
+      owner: "{{ .scm.default.owner }}"
+      repository: "{{ .scm.default.repository }}"
+      branch: "{{ .scm.default.branch }}"
+      user: "{{ .scm.default.user }}"
+      email: "{{ .scm.default.email }}"
+      username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
+      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+
+## actions defines what to do when a target with the same scmid is modified.
+actions:
+  default:
+    kind: "github/pullrequest"
+    scmid: "default"
+    spec:
+      automerge: false
+      labels:
+        - "dependencies"
+
+## sources defines where to find the information.
+sources:
+  bridge:
+    scmid: "default"
+    kind: "golang/gomod"
+    spec:
+      file: "provider/go.mod"
+      module: "github.com/pulumi/pulumi-terraform-bridge/v3"
+
+  pulumi/sdk:
+    name: 'Get github.com/pulumi/pulumi/sdk/v3 version used by github.com/pulumi/pulumi-terraform-bridge/v3 {{ source "bridge" }}'
+    kind: "golang/gomod"
+    dependson:
+      - "bridge"
+    spec:
+      file: 'https://raw.githubusercontent.com/pulumi/pulumi-terraform-bridge/{{ source "bridge" }}/go.mod'
+      module: "github.com/pulumi/pulumi/sdk/v3"
+
+conditions:
+  pulumi/sdk:
+    name: 'is github.com/pulumi/pulumi/sdk/v3 defined'
+    scmid: "default"
+    disablesourceinput: true
+    kind: "golang/gomod"
+    spec:
+      file: "provider/go.mod"
+      module: "github.com/pulumi/pulumi/sdk/v3"
+
+targets:
+  pulumi/sdk:
+    name: 'deps: bump github.com/pulumi/pulumi/sdk/v3 to {{ source "pulumi/sdk" }}'
+    scmid: "default"
+    kind: "golang/gomod"
+    sourceid: "pulumi/sdk"
+    spec:
+      file: "provider/go.mod"
+      module: "github.com/pulumi/pulumi/sdk/v3"
+
+version: 0.76.0
diff --git a/updatecli/policies/pulumi/values.yaml b/updatecli/policies/pulumi/values.yaml
@@ -0,0 +1,10 @@
+---
+# Values.yaml contains settings that be used from Updatecli manifest.
+# scm:
+#   default:
+#     user: updatecli-bot
+#     email: [email protected]
+#     owner: github_owner
+#     repository: github_repository
+#     username: "updatecli-bot"
+#     branch: main