Security Profile Operator App : FluxCD directory structure creation

Story: 2010310
Task: 46821

Test Plan:
PASSED: Build process is successful with creation of debian package mentioned below.
PASSED: Extract the content of stx-security-profiles-operator-helm_1.0-1.stx.1_amd64.deb and check if the helm tar file is present.

Signed-off-by: sshaikh1 <sirin.shaikh@windriver.com>
Change-Id: I61e6a8edb119d4da174a29d6d809ade3d85886ea

CONTRIBUTING.rst

@@ -0,0 +1,16 @@
+If you would like to contribute to the development of OpenStack,
+you must follow the steps in this page:
+
+   https://docs.openstack.org/infra/manual/developers.html
+
+Once those steps have been completed, changes to OpenStack
+should be submitted for review via the Gerrit tool, following
+the workflow documented at:
+
+   https://docs.openstack.org/infra/manual/developers.html#development-workflow
+
+Pull requests submitted through GitHub will be ignored.
+
+Bugs should be filed in Launchpad:
+
+   https://bugs.launchpad.net/starlingx

HACKING.rst

@@ -0,0 +1,17 @@
+StarlingX Nginx-Ingress-Controller-Armada-App Style Commandments
+================================================================
+
+- Step 1: Read the OpenStack style commandments
+  https://docs.openstack.org/hacking/latest/
+- Step 2: Read on
+
+Nginx-Ingress-Controller-Armada-App Specific Commandments
+---------------------------------------------------------
+
+None so far
+
+Running tests
+-------------
+The approach to running tests is to simply run the command ``tox``. This will
+create virtual environments, populate them with dependencies and run all of
+the tests that OpenStack CI systems run.

bindep.txt

@@ -0,0 +1,10 @@
+# This is a cross-platform list tracking distribution packages needed for install and tests;
+# see https://docs.openstack.org/infra/bindep/ for additional information.
+
+libffi-dev [platform:dpkg]
+libldap2-dev [platform:dpkg]
+libxml2-dev [platform:dpkg]
+libxslt1-dev [platform:dpkg]
+libsasl2-dev [platform:dpkg]
+libffi-devel [platform:rpm]
+python3-all-dev [platform:dpkg]

debian_build_layer.cfg

@@ -0,0 +1 @@
+flock

debian_pkg_dirs

@@ -0,0 +1 @@
+stx-security-profiles-operator-helm

requirements.txt

@@ -0,0 +1 @@
+# Nothing

stx-security-profiles-operator-helm/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+stx-security-profiles-operator-helm (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Sirin Shaikh <sirin.shaikh@windriver.com>  Tue 08 Nov 2022 02:13:14 AM EST

stx-security-profiles-operator-helm/debian/deb_folder/control

@@ -0,0 +1,18 @@
+Source: stx-security-profiles-operator-helm
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ chartmuseum,
+ helm,
+ procps
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: stx-security-profiles-operator-helm
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}
+Description: StarlingX Security Profiles Operator Application FluxCD Helm Charts
+ This package contains Fluxcd helm charts for the nginx ingress
+ controller application.

stx-security-profiles-operator-helm/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: stx-security-profiles-operator-helm
+Source: https://opendev.org/starlingx/app-security-profiles-operator/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

stx-security-profiles-operator-helm/debian/deb_folder/rules

@@ -0,0 +1,69 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export ROOT = debian/tmp
+export APP_FOLDER = $(ROOT)/usr/local/share/applications/helm
+
+export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
+export MAJOR = $(shell echo $(DEB_VERSION) | cut -f 1 -d '.')
+export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 2 -d '.')
+
+export SPO_PKG="helm-charts-security-profiles-operator-0.5.0.tgz"
+export APP_NAME = security-profiles-operator
+export APP_VERSION = $(MAJOR).$(MINOR_PATCH)
+export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz
+export HELM_REPO = stx-platform
+export STAGING = staging
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	# Host a server for the helm charts.
+	chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." &
+	sleep 2
+	helm repo add local http://localhost:8879/charts
+
+	# Extract the security-profiles-operator chart
+	rm -rf fluxcd
+	mkdir -p fluxcd
+	tar -C fluxcd -xf $(SPO_PKG)
+
+	# Build the charts
+	cd fluxcd/helm-charts/ && export HELM=helm
+
+	# Terminate the helm chart server.
+	pkill chartmuseum
+
+	# Setup the staging directory.
+	mkdir -p $(STAGING)/charts
+
+	# Copy the fluxcd manifests
+	cp -R fluxcd-manifests/ $(STAGING)/
+
+	# Copy the built chart to staging
+	cp $(SPO_PKG) $(STAGING)/charts/
+
+	# Populate metadata.
+	cp files/metadata.yaml $(STAGING)
+	sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
+
+	# Generate checksum file and package the tarball
+	cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
+	tar -zcf $(APP_TARBALL_FLUXCD) -C $(STAGING)/ .
+
+	cp -rf $(STAGING) fluxcd-manifests/
+
+	# Cleanup staging
+	rm -rf $(STAGING)
+
+override_dh_auto_install:
+	# Install the app tar file.
+	install -d -m 755 $(APP_FOLDER)
+	install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER)
+
+override_dh_auto_test:
+
+override_dh_usrlocal:

stx-security-profiles-operator-helm/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

stx-security-profiles-operator-helm/debian/deb_folder/stx-security-profiles-operator-helm.install

@@ -0,0 +1 @@
+usr/local/share/applications/helm/*

stx-security-profiles-operator-helm/debian/meta_data.yaml

@@ -0,0 +1,12 @@
+---
+debname: stx-security-profiles-operator-helm
+debver: 1.0-1
+src_path: stx-security-profiles-operator-helm
+dl_files:
+  helm-charts-security-profiles-operator-0.5.0.tgz:
+    topdir: helm-charts
+    url: https://github.com/kubernetes-sigs/security-profiles-operator/releases/download/v0.5.0/security-profiles-operator-0.5.0.tgz
+    md5sum: 4f63a02708290042feae40c0a195a8ab
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/README

@@ -0,0 +1,5 @@
+This directory contains all StarlingX charts that need to be built for this
+application. Some charts are common across applications. These common charts
+reside in the stx-config/kubernetes/helm-charts directory. To include these in
+this application update the build_srpm.data file and use the COPY_LIST_TO_TAR
+mechanism to populate these common charts.

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/files/Makefile

@@ -0,0 +1,43 @@
+#
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# It's necessary to set this because some environments don't link sh -> bash.
+SHELL := /bin/bash
+TASK  := build
+
+EXCLUDES := helm-toolkit doc tests tools logs tmp
+CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+
+.PHONY: $(EXCLUDES) $(CHARTS)
+
+all: $(CHARTS)
+
+$(CHARTS):
+	@if [ -d $@ ]; then \
+		echo; \
+		echo "===== Processing [$@] chart ====="; \
+		make $(TASK)-$@; \
+	fi
+
+init-%:
+	if [ -f $*/Makefile ]; then make -C $*; fi
+	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: init-%
+	if [ -d $* ]; then helm lint $*; fi
+
+build-%: lint-%
+	if [ -d $* ]; then helm package $*; fi
+
+clean:
+	@echo "Clean all build artifacts"
+	rm -f */templates/_partials.tpl */templates/_globals.tpl
+	rm -f *tgz */charts/*tgz */requirements.lock
+	rm -rf */charts */tmpcharts
+
+%:
+	@:

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/files/index.yaml

@@ -0,0 +1,3 @@
+apiVersion: v1
+entries: {}
+generated: 2019-01-07T12:33:46.098166523-06:00

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/files/metadata.yaml

@@ -0,0 +1,5 @@
+maintain_user_overrides: true
+
+app_name: @APP_NAME@
+app_version: @APP_VERSION@
+helm_repo: @HELM_REPO@

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/files/repositories.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+generated: 2019-01-02T15:19:36.215111369-06:00
+repositories:
+- caFile: ""
+  cache: /builddir/.helm/repository/cache/local-index.yaml
+  certFile: ""
+  keyFile: ""
+  name: local
+  password: ""
+  url: http://127.0.0.1:8879/charts
+  username: ""
+

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/base/helmrepository.yaml

@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: stx-platform
+spec:
+  url: http://192.168.206.1:8080/helm_charts/stx-platform
+  interval: 60m

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/base/kustomization.yaml

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+resources:
+  - helmrepository.yaml

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/base/namespace.yaml

@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: security-profiles-operator

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/kustomization.yaml

@@ -0,0 +1,12 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: security-profiles-operator
+resources:
+  - base
+  - security-profiles-operator

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/security-profiles-operator/helmrelease.yaml

@@ -0,0 +1,36 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: stx-security-profiles-operator
+  labels:
+    chart_group: stx-security-profiles-operator-charts
+spec:
+  releaseName: security-profiles-operator
+  chart:
+    spec:
+      chart: security-profiles-operator
+      version: 0.0.7
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  valuesFrom:
+    - kind: Secret
+      name: spo-static-overrides
+      valuesKey: spo-static-overrides.yaml
+    - kind: Secret
+      name: spo-system-overrides
+      valuesKey: spo-system-overrides.yaml

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/security-profiles-operator/kustomization.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: security-profiles-operator
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: spo-static-overrides
+    files:
+      - spo-static-overrides.yaml
+  - name: spo-system-overrides
+    files:
+      - spo-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/security-profiles-operator/spo-static-overrides.yaml

@@ -0,0 +1,5 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#

stx-security-profiles-operator-helm/stx-security-profiles-operator-helm/fluxcd-manifests/security-profiles-operator/spo-system-overrides.yaml

@@ -0,0 +1,5 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#