Merge pull request envoyproxy#3 from danehans/lizan_authn_policy_doc_…

…update

Rebases Resolves Review Feedback

.github/markdown_lint_config.json

@@ -0,0 +1,52 @@
+{
+  "MD001": true,
+  "MD002": false,
+  "MD003": false,
+  "MD004": false,
+  "MD005": false,
+  "MD006": false,
+  "MD007": false,
+  "MD008": false,
+  "MD009": false,
+  "MD010": false,
+  "MD011": false,
+  "MD012": false,
+  "MD013": false,
+  "MD014": false,
+  "MD015": false,
+  "MD016": false,
+  "MD017": false,
+  "MD018": false,
+  "MD019": false,
+  "MD020": false,
+  "MD021": false,
+  "MD022": false,
+  "MD023": false,
+  "MD024": false,
+  "MD025": false,
+  "MD026": false,
+  "MD027": false,
+  "MD028": false,
+  "MD029": false,
+  "MD030": false,
+  "MD031": true,
+  "MD032": false,
+  "MD033": false,
+  "MD034": false,
+  "MD035": false,
+  "MD036": false,
+  "MD037": true,
+  "MD038": true,
+  "MD039": false,
+  "MD040": false,
+  "MD041": false,
+  "MD042": false,
+  "MD043": false,
+  "MD044": false,
+  "MD045": false,
+  "MD046": false,
+  "MD047": false,
+  "MD048": false,
+  "MD049": false,
+  "MD050": false
+}

.github/workflows/build_and_test.yaml

@@ -3,13 +3,13 @@ on:
   push:
     branches:
     - "main"
-    - "release-v*"
+    - "release/v*"
     paths-ignore:
     - "**/*.png"
   pull_request:
     branches:
     - "main"
-    - "release-v*"
+    - "release/v*"
     paths-ignore:
     - "**/*.png"
 jobs:
@@ -28,27 +28,52 @@ jobs:
     - uses: ./tools/github-actions/setup-deps
     - run: make -k gen-check
 
+  license-check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: ./tools/github-actions/setup-deps
+    - run: make -k licensecheck
+
   build-and-test:
     runs-on: ubuntu-latest
+    needs: [lint, gen-check, license-check]
     steps:
     - uses: actions/checkout@v3
     - uses: ./tools/github-actions/setup-deps
 
     # test
-    - run: make go.test.coverage
+    - name: Run Coverage Tests
+      run: make go.test.coverage
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@v3
       with:
         fail_ci_if_error: true
         files: ./coverage.xml
         name: codecov-envoy-gateway
         verbose: true
 
     # build
-    - run: make build-multiarch
+    - name: Build Multiarch EG Binaries
+      run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64"
 
     # conformance
-    - name: Run Conformance Tests
+    - name: Run Conformance Tests (v1.24.0)
+      env:
+        KIND_NODE_TAG: v1.24.0
+        CONFORMANCE_UNIQUE_PORTS: false
+      run: make conformance
+
+    - name: Run Conformance Tests (v1.23.6)
+      env:
+        KIND_NODE_TAG: v1.23.6
+        CONFORMANCE_UNIQUE_PORTS: false
+      run: make conformance
+
+    - name: Run Conformance Tests (v1.22.9)
+      env:
+        KIND_NODE_TAG: v1.22.9
+        CONFORMANCE_UNIQUE_PORTS: false
       run: make conformance
 
     # build and push image
@@ -59,14 +84,15 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-    - run: make image.multiarch.setup
+    - name: Setup Multiarch Environment
+      run: make image.multiarch.setup
 
     - name: Build and Push EG Commit Image
       if: github.event_name == 'push'
       # tag is set to the short SHA of the commit
-      run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64"
+      run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev
 
     - name: Build and Push EG Latest Image
       if: github.event_name == 'push' && github.ref == 'refs/heads/main'
       # tag is set to `latest` when pushing to main branch
-      run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64"
+      run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev

.github/workflows/docs.yaml

@@ -3,24 +3,37 @@ on:
   push:
     branches:
       - "main"
-      - "release-v*"
     paths-ignore:
       - "**/*.png"
-  # pull_request:
-  #   branches:
-  #     - "main"
-  #     - "release-v*"
-  #   paths-ignore:
-  #     - "**/*.png"
+  pull_request:
+    branches:
+      - "main"
+    paths-ignore:
+      - "**/*.png"
+
 jobs:
+  docs-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Run markdown linter
+        uses: nosborn/github-action-markdown-cli@v3.1.0
+        with:
+          files: docs/*
+          config_file: ".github/markdown_lint_config.json"
+
   docs-build:
+    if: github.event_name == 'push'
     runs-on: ubuntu-latest
+    needs: docs-lint
     steps:
       - uses: actions/checkout@v3
       - uses: ./tools/github-actions/setup-deps
 
-      # docs
-      - run: make docs
+      - name: Generate EG Pages
+        run: make docs
 
       # Upload docs for GitHub Pages    
       - name: Upload GitHub Pages artifact
@@ -33,6 +46,7 @@ jobs:
 
   # This workflow contains a single job called "build"
   docs-publish:
+    if: github.event_name == 'push'
     runs-on: ubuntu-latest
     needs: docs-build
 

.github/workflows/latest_release.yaml

@@ -0,0 +1,51 @@
+name: Latest Release
+
+on:
+  push:
+    branches:
+    - "main"
+    paths-ignore:
+    - "**/*.png"
+
+jobs:
+  latest-release:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Generate Release Manifests
+      run: make generate-manifests IMAGE=envoyproxy/gateway-dev TAG=latest OUTPUT_DIR=release-artifacts
+
+    # Ignore the error when we delete the latest release, it might not exist.
+    - name: Delete the Latest Release
+      continue-on-error: true
+      run: |
+        gh release delete latest --repo $GITHUB_REPOSITORY
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_REPOSITORY: ${{ github.repository_owner }}/${{ github.event.repository.name }}
+
+    # Ignore the error when we delete the latest tag, it might not exist.
+    - name: Delete the Latest Tag
+      continue-on-error: true
+      run:
+        gh api --method DELETE /repos/$GITHUB_REPOSITORY/git/refs/tags/latest
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_REPOSITORY: ${{ github.repository_owner }}/${{ github.event.repository.name }}
+
+    - name: Recreate the Latest Release and Tag
+      uses: softprops/action-gh-release@v1
+      with:
+        draft: false
+        prerelease: true
+        tag_name: latest
+        files: |
+          release-artifacts/install.yaml
+          release-artifacts/quickstart.yaml
+        body: |
+          This is the "latest" release of **Envoy Gateway**, which contains the most recent commits from the main branch.
+          
+          This release **might not be stable**.
+
+          It is only intended for developers wishing to try out the latest features in Envoy Gateway, some of which may not be fully implemented.

.github/workflows/release.yaml

@@ -15,8 +15,8 @@ jobs:
         id: vars
         shell: bash
         run: |
-          echo "::set-output name=release_tag::$(echo ${GITHUB_REF##*/})"
-          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+          echo "release_tag=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV
+          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
@@ -25,16 +25,15 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Retag and push existing gateway-dev image
         run: |
-          skopeo copy --all docker://docker.io/envoyproxy/gateway-dev:${{ steps.vars.outputs.sha_short }} docker://docker.io/envoyproxy/gateway:${{ steps.vars.outputs.release_tag }}
+          skopeo copy --all docker://docker.io/envoyproxy/gateway-dev:${{ env.sha_short }} docker://docker.io/envoyproxy/gateway:${{ env.release_tag }}
 
-      - name: Generate Release Manifests
-        run: make release-manifests TAG=${{ steps.vars.outputs.release_tag}}
+      - name: Generate Release Artifacts
+        run: make generate-artifacts IMAGE=envoyproxy/gateway TAG=${{ env.release_tag}} OUTPUT_DIR=release-artifacts
 
       - name: Upload Release Manifests
         uses: softprops/action-gh-release@v1
         with:
           files: |
-            release-artifacts/gatewayapi-crds.yaml
             release-artifacts/install.yaml
-
-        
+            release-artifacts/quickstart.yaml
+            release-artifacts/release-notes.yaml

.gitignore

@@ -1,6 +1,7 @@
 .DS_Store
 bin/
-/docs/html
+
+docs/html
 
 # Intellij
 *.iml
@@ -15,3 +16,11 @@ release-artifacts/
 
 # Outputs
 coverage.xml
+
+# `go mod vendor`
+vendor/
+
+# TLS assets that may have been created for secure gateways.
+*.crt
+*.csr
+*.key

.golangci.yml

@@ -0,0 +1,46 @@
+run:
+  deadline: 10m
+
+linters:
+  enable:
+    - bodyclose
+    - gofmt
+    - goimports
+    - revive
+    - gosec
+    - misspell
+    - scopelint
+    - unconvert
+    - unparam
+    - goheader
+    - gocritic
+
+linters-settings:
+  gofmt:
+    simplify: true
+  unparam:
+    check-exported: false
+  goheader:
+    # Note that because the format is different (this needs no comment markers),
+    # updating this text means also updating /tools/boilerplate.txt so that
+    # `make generate` will update the generated files correctly.
+    template: |-
+      Copyright Envoy Gateway Authors
+      SPDX-License-Identifier: Apache-2.0
+      The full text of the Apache license is available in the LICENSE file at
+      the root of the repo.
+
+issues:
+  exclude-rules:
+    - path: zz_generated
+      linters:
+        - goimports
+    - linters:
+        - staticcheck
+      text: "SA1019:"
+    - path: test/e2e
+      linters:
+        - bodyclose
+  # Show the complete output
+  max-issues-per-linter: 0
+  max-same-issues: 0

CODEOWNERS.md

@@ -1,3 +1,3 @@
 # The following owners, listed in alphabetical order, own everything
 # in the repo.
-*       @alexgervais @arkodg @danehans @LukeShu @skriss @youngnick
+*       @AliceProxy @arkodg @danehans @LukeShu @skriss @Xunzhuo @youngnick