Merge branch 'dependabot/go_modules/gopkg.in/yaml.v3-3.0.0' of github…

….com:st-tech/gatling-operator into dependabot/go_modules/gopkg.in/yaml.v3-3.0.0

.devcontainer/devcontainer.json

@@ -0,0 +1,35 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile
+{
+	"name": "Gatling Operator Dev Container",
+	"build": {
+		// Sets the run context to one level up instead of the .devcontainer folder.
+		"context": "..",
+		// Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
+		"dockerfile": "../Dockerfile.dev"
+	},
+	"mounts": [
+		// Mount the host's Docker socket.
+		// Official document: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/docker.md
+		"source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+	],
+	"runArgs": [
+		"--name=gatling-operator-dev-container",
+		"--hostname=gatling-operator-dev-container",
+		// Set network mode to host to communicate with other containers.
+		"--network=host"
+	],
+	"containerEnv": {
+		"IN_DEV_CONTAINER": "true"
+	},
+	// Restore the local kubectl config to a dev container.
+	"postStartCommand": "if [ -d ${containerWorkspaceFolder}/.kube ]; then cp -r ${containerWorkspaceFolder}/.kube $HOME/.kube; fi",
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"streetsidesoftware.code-spell-checker",
+				"mhutchie.git-graph"
+			]
+		}
+	}
+}

.github/ISSUE_TEMPLATE/trivy-results.tpl

@@ -0,0 +1,27 @@
+{{ $d := dict "CRITICAL" "🔴" "HIGH" "🟠" "MEDIUM" "🟡" "UNKNOWN" "🟤" }}
+
+{{- range . -}}
+## {{ .Target }}
+
+### {{ .Type }} [{{ .Class }}]
+
+{{ if .Vulnerabilities -}}
+| Title | Severity | CVE | Package Name | Installed Version | Fixed Version | PrimaryURL |
+| :--: | :--: | :--: | :--: | :--: | :--: | :-- |
+{{- range .Vulnerabilities }}
+| {{ .Title -}}
+| {{ get $d .Severity }}{{ .Severity -}}
+| {{ .VulnerabilityID -}}
+| {{ .PkgName -}}
+| {{ .InstalledVersion -}}
+| {{ .FixedVersion -}}
+| {{ .PrimaryURL -}}
+|
+{{- end }}
+
+{{ else -}}
+_No vulnerabilities found_
+
+{{ end }}
+
+{{- end }}

.github/workflows/daily-vul-scan.yml

@@ -0,0 +1,72 @@
+name: daily vulnerability scan
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+env:
+  IMAGE_NAME: zozo-gatling-operator
+  TRIVY_RESULTS_MARKDOWN: trivy-results.md
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  build-scan-and-save-results:
+    name: Build, scan, and save results
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: ./go.mod
+          cache: true
+
+      - name: Go modules sync
+        run: go mod tidy
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build an image from Dockerfile
+        run: |
+          make docker-build IMG="${{ env.IMAGE_NAME }}:${{ github.sha }}"
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: image
+          image-ref: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          exit-code: 1
+          ignore-unfixed: true
+          vuln-type: os,library
+          severity: HIGH,CRITICAL
+          timeout: 10m0s
+          scanners: vuln,secret,config
+          format: template
+          template: "@.github/ISSUE_TEMPLATE/trivy-results.tpl"
+          output: ${{ env.TRIVY_RESULTS_MARKDOWN }}
+
+      - name: Insert YAML front matter into the results markdown
+        if: always()
+        run: |
+          sed -i '1i\
+          ---\
+          title: "[DO NOT CHANGE] Security Alert"\
+          labels: "trivy, vulnerability"\
+          ---\
+          ' "${{ env.TRIVY_RESULTS_MARKDOWN }}"
+
+      - name: Create or update the trivy results issue
+        uses: JasonEtco/create-an-issue@v2
+        if: always()
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          filename: ${{ env.TRIVY_RESULTS_MARKDOWN }}
+          update_existing: true
+          search_existing: open

.gitignore

@@ -17,6 +17,7 @@ testbin/*
 # Kubernetes Generated files - skip generated files, except for vendored files
 
 !vendor/**/zz_generated.*
+.kube
 
 # editor and IDE paraphernalia
 .idea

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "cSpell.words": [
+        "devcontainer"
+    ]
+}

Dockerfile

@@ -16,7 +16,7 @@ COPY controllers/ controllers/
 COPY pkg/ pkg/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=$(dpkg --print-architecture) go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Dockerfile.dev

@@ -0,0 +1,53 @@
+FROM ubuntu:22.04
+
+ENV GO_VERSION 1.17.13
+ENV KUBECTL_VERSION v1.21.10
+
+# KEEP the value as arm64.
+# This environment variable is for arm64, but should be left as is for any architecture
+# References:
+# https://github.com/etcd-io/etcd/issues/10677
+# https://github.com/k0sproject/k0s/issues/424
+ENV ETCD_UNSUPPORTED_ARCH arm64
+
+# Development tools
+RUN apt-get update && apt-get upgrade -y && apt-get install -y \
+        wget \
+        git \
+        make \
+        gcc
+
+# Docker CLI
+# Referring to https://docs.docker.com/engine/install/ubuntu/#installation-methods
+RUN apt-get install -y \
+        ca-certificates \
+        curl \
+        gnupg \
+    && install -m 0755 -d /etc/apt/keyrings \
+    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+        | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
+    && chmod a+r /etc/apt/keyrings/docker.gpg \
+    && echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+        "$(. /etc/os-release && echo "${VERSION_CODENAME}")" stable" \
+        | tee /etc/apt/sources.list.d/docker.list > /dev/null \
+    && apt-get update && apt-get install -y \
+        docker-ce-cli
+
+# kubectl
+# Referring to https://kubernetes.io/ja/docs/tasks/tools/install-kubectl/
+RUN curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/"$(dpkg --print-architecture)"/kubectl" \
+    && chmod +x ./kubectl \
+    && mv ./kubectl /usr/local/bin/kubectl
+
+# golang
+# Referring to https://go.dev/doc/install
+RUN wget "https://go.dev/dl/go${GO_VERSION}.linux-"$(dpkg --print-architecture)".tar.gz" \
+    && tar -C /usr/local -xzf "go${GO_VERSION}.linux-"$(dpkg --print-architecture)".tar.gz"
+ENV PATH "${PATH}:/usr/local/go/bin"
+ENV PATH "${PATH}:/root/go/bin"
+
+# kind
+# References:
+# https://github.com/kind-ci/examples/blob/master/.github/workflows/kind.yml
+# https://kind.sigs.k8s.io/docs/user/resources/
+RUN GO111MODULE=on go install sigs.k8s.io/kind@latest

Makefile

@@ -26,7 +26,8 @@ SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
 
 ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
-KIND_CONFIG_DIR=$(shell pwd)/config/kind
+KIND_CLUSTER_CONFIG_DIR=$(shell pwd)/config/kind
+KUBECONFIG_BACKUP_DIR=$(shell pwd)/.kube
 
 all: build
 
@@ -46,12 +47,16 @@ all: build
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-kind-create: ## Create a kind cluster named ${KIND_CLUSTER_NAME} locally if necessary
+kind-create: ## Create a kind cluster named ${KIND_CLUSTER_NAME} locally if necessary and save the kubectl config.
 ifeq (1, $(shell kind get clusters | grep ${KIND_CLUSTER_NAME} | wc -l | tr -d ' '))
 	@echo "Cluster already exists"
 else
 	@echo "Creating Cluster"
-	kind create cluster --name ${KIND_CLUSTER_NAME} --image=kindest/node:${K8S_NODE_IMAGE} --config ${KIND_CONFIG_DIR}/cluster.yaml
+	kind create cluster --name ${KIND_CLUSTER_NAME} --image=kindest/node:${K8S_NODE_IMAGE} --config ${KIND_CLUSTER_CONFIG_DIR}/cluster.yaml
+ifeq ($(IN_DEV_CONTAINER), true)
+	@echo "kubeconfig backup =>"
+	mkdir -p ${KUBECONFIG_BACKUP_DIR} && kind get kubeconfig --name ${KIND_CLUSTER_NAME} > ${KUBECONFIG_BACKUP_DIR}/kind-conifg.yaml
+endif
 endif
 
 ##@ Development

README.md

@@ -1,6 +1,6 @@
 # Gatling Operator
 
-[![Go Report Card](https://goreportcard.com/badge/github.com/st-tech/gatling-operator)](https://goreportcard.com/report/github.com/st-tech/gatling-operator) [![CI](https://github.com/st-tech/gatling-operator/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/st-tech/gatling-operator/actions/workflows/ci.yml) ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/st-tech/gatling-operator)
+[![Go Report Card](https://goreportcard.com/badge/github.com/st-tech/gatling-operator)](https://goreportcard.com/report/github.com/st-tech/gatling-operator) [![CI](https://github.com/st-tech/gatling-operator/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/st-tech/gatling-operator/actions/workflows/ci.yml)  [![daily vulnerability scan](https://github.com/st-tech/gatling-operator/actions/workflows/daily-vul-scan.yml/badge.svg?branch=main)](https://github.com/st-tech/gatling-operator/actions/workflows/daily-vul-scan.yml) ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/st-tech/gatling-operator)
 
 [Gatling](https://gatling.io/) is an open source load testing tool that allows to analyze and measure the performance of a variety of services. [Gatling Operator](https://github.com/st-tech/gatling-operator) is a Kubernetes Operator for running automated distributed Gatling load testing.
 
@@ -19,7 +19,7 @@ The desired state of a distributed Gatling load testing is described through a K
   - Horizontal scaling: number of pods running in parallel during a load testing can be configured
   - Vertical scaling: CPU and RAM resource allocation for Gatling runner Pod can be configured
 - Allows Gatling load testing to start running at a specific time
-  - By default, the Gatling load testing starts running as soon as the runner Pod's init container gets ready. By specifing the start time, the Gatling load testing waits to start running until the specified time
+  - By default, the Gatling load testing starts running as soon as the runner Pod's init container gets ready. By specifying the start time, the Gatling load testing waits to start running until the specified time
 - Gatling Pod attributions
   - Gatling runtime container image
   - [rclone](https://rclone.org/) container image
@@ -43,11 +43,13 @@ The desired state of a distributed Gatling load testing is described through a K
 ## Quick Start
 
 - [Quick Start Guide](docs/quickstart-guide.md)
+
 ## Documentations
 
 - [Architecture](docs/architecture.md)
 - [Gatling CRD Reference](docs/api.md)
 - [User Guide](docs/user-guide.md)
+- [How to build Gatling Operator](docs/build-guide.md)
 
 ## Contributing