Merge branch 'main' into imagecatalogs-rbac

Signed-off-by: Dmitry Grigoryev <[email protected]>

Author: icekom

.github/actions/setup-kind/action.yml

@@ -12,7 +12,7 @@ runs:
   steps:
     - id: helm
       name: Set up Helm
-      uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+      uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
       with:
         version: v3.16.2
 
@@ -21,4 +21,4 @@ runs:
       uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
 
     - name: Create kind cluster
-      uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+      uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0

.github/workflows/lint.yml

@@ -19,16 +19,16 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
         with:
           version: v3.16.2
 
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: 3.12
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed

.github/workflows/release-publish.yml

@@ -33,7 +33,7 @@ jobs:
           echo "${{ secrets.PGP_KEY_PASSPHRASE }}" > /tmp/passphrase-file.txt
 
       - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
         with:
           version: v3.16.2
 
@@ -42,7 +42,7 @@ jobs:
           helm repo add cnpg-grafana-dashboard https://cloudnative-pg.github.io/grafana-dashboards
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_KEY: [email protected]
@@ -58,14 +58,14 @@ jobs:
         run: shred --remove=wipesync /tmp/keyring.gpg /tmp/passphrase-file.txt
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install sigstore/cosign
-        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
 
       - name: Push charts to GHCR
         env:

.github/workflows/tests-cluster-chainsaw.yaml

@@ -1,21 +1,38 @@
-name: tests-cluster-chainsaw
+name: test( cluster )
 
 on:
   pull_request:
     branches-ignore:
       - 'gh-pages'
 
 jobs:
-  test-cluster-standalone:
+  test-list:
     runs-on: ubuntu-24.04
+    outputs:
+      tests: ${{ steps.listTests.outputs.tests }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+      - id: listTests
+        run: |
+          echo "tests=$(ls charts/cluster/test -1 | jq -cRn '{ include: [inputs | { test: "\(.)" }]}')" >> $GITHUB_OUTPUT
+  test:
+    needs: test-list
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.test-list.outputs.tests) }}
+    name: ${{matrix.test}}
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
 
       - name: Setup kind
         uses: ./.github/actions/setup-kind
@@ -51,4 +68,4 @@ jobs:
             tenant minio-operator/tenant
 
       - name: Run Kyverno/Chainsaw
-        run: chainsaw test
+        run: chainsaw test charts/cluster/test/${{matrix.test}}

RELEASE.md

@@ -23,7 +23,9 @@ In order to create a new release of the `cloudnative-pg` chart, follow these ste
 
 1. Take note of the current value of the release: see `.version` in `charts/cloudnative-pg/Chart.yaml`
     ```bash
-    yq -r '.version' charts/cloudnative-pg/Chart.yaml
+    OLD_VERSION=$(yq -r '.version' charts/cloudnative-pg/Chart.yaml)
+    OLD_CNPG_VERSION=$(yq -r '.appVersion' charts/cloudnative-pg/Chart.yaml)
+    echo $OLD_VERSION
     ```
 2. Decide which version to create, depending on the kind of jump of the CloudNativePG release, following semver
     semantics. For this document, let's call it `X.Y.Z`
@@ -39,36 +41,41 @@ In order to create a new release of the `cloudnative-pg` chart, follow these ste
     sed -i -E "s/^version: \"([0-9]+.?)+\"/version: \"$NEW_VERSION\"/" charts/cloudnative-pg/Chart.yaml
     ```
 5. Update everything else as required, e.g. if releasing due to a new `cloudnative-pg` version being released, you might
-    want to update the following:
-    1. `.appVersion` in the [Chart.yaml](./charts/cloudnative-pg/Chart.yaml) file
-    2. [crds.yaml](./charts/cloudnative-pg/templates/crds/crds.yaml), which can be built using
+    want to:
+    1. Find the latest `cloudnative-pg` version by running:
+        ```bash
+        NEW_CNPG_VERSION=$(curl  "https://api.github.com/repos/cloudnative-pg/cloudnative-pg/tags" | jq -r '.[0].name | ltrimstr("v")')
+        echo $NEW_CNPG_VERSION
+        ```
+    2. Update `.appVersion` in the [Chart.yaml](./charts/cloudnative-pg/Chart.yaml) file
+        ```bash
+        sed -i -E "s/^appVersion: \"([0-9]+.?)+\"/appVersion: \"$NEW_CNPG_VERSION\"/" charts/cloudnative-pg/Chart.yaml
+        ```
+    3. Update [crds.yaml](./charts/cloudnative-pg/templates/crds/crds.yaml), which can be built using
         [kustomize](https://kustomize.io/) from the `cloudnative-pg` repo using kustomize
         [remoteBuild](https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md)
         running:
+
+        Verify the version is correct. Edit it if incorrect, then run:
         ```bash
-        VERSION=v1.16.0
-        kustomize build https://github.com/cloudnative-pg/cloudnative-pg/tree/release-1.16/config/helm/\?ref=v1.16.0
+        echo '{{- if .Values.crds.create }}' > ./charts/cloudnative-pg/templates/crds/crds.yaml
+        kustomize build https://github.com/cloudnative-pg/cloudnative-pg/config/helm/\?ref\=v$NEW_CNPG_VERSION >> ./charts/cloudnative-pg/templates/crds/crds.yaml
+        echo '{{- end }}' >> ./charts/cloudnative-pg/templates/crds/crds.yaml
         ```
-        It might be easier to run `kustomize build config/helm` from the `cloudnative-pg` repo, with the desired release
-        branch checked out, and copy the result to `./charts/cloudnative-pg/templates/crds/crds.yaml`.
-    3. NOTE: please keep the guards for `.Values.crds.create`, i.e.
-        `{{- if .Values.crds.create }}` and `{{- end }}` after you copy the CRD into `templates/crds/crds.yaml`.
     4. To update the files in the [templates](./charts/cloudnative-pg/templates) directory, you can diff the previous
         CNPG release yaml against the new one, to find what should be updated (e.g.
         ```bash
-        OLD_VERSION=1.15.0
-        NEW_VERSION=1.15.1
         vimdiff \
-            "https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/main/releases/cnpg-${OLD_VERSION}.yaml" \
-            "https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/main/releases/cnpg-${NEW_VERSION}.yaml"
+            "https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v${OLD_CNPG_VERSION}/cnpg-${OLD_CNPG_VERSION}.yaml" \
+            "https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v${NEW_CNPG_VERSION}/cnpg-${NEW_CNPG_VERSION}.yaml"
        ```
        Or from the `cloudnative-pg` repo, with the desired release branch checked out:
        ```bash
        vimdiff releases/cnpg-1.15.0.yaml releases/cnpg-1.15.1.yaml
        ```
-   5. Update [values.yaml](./charts/cloudnative-pg/values.yaml) if needed
-   6. NOTE: updating `values.yaml` just for the CNPG  version may not be necessary, as the value should default to the
-       `appVersion` in `Chart.yaml`
+    5. Update [values.yaml](./charts/cloudnative-pg/values.yaml) if needed
+    6. NOTE: updating `values.yaml` just for the CNPG  version may not be necessary, as the value should default to the
+        `appVersion` in `Chart.yaml`
 6. Run `make docs schema` to regenerate the docs and the values schema in case it is needed
     ```bash
     make docs schema

charts/cloudnative-pg/Chart.yaml

@@ -18,12 +18,12 @@ name: cloudnative-pg
 description: CloudNativePG Operator Helm Chart
 icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg
 type: application
-version: "0.22.1"
+version: "0.23.2"
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning, they should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.24.1"
+appVersion: "1.25.1"
 sources:
   - https://github.com/cloudnative-pg/charts
 keywords:

charts/cloudnative-pg/README.md

@@ -1,5 +1,5 @@
 
-CloudNativePG operator should be installed in namespace "{{ .Release.Namespace }}".
+CloudNativePG operator should be installed in namespace "{{ include "cloudnative-pg.namespace" . }}".
 You can now create a PostgreSQL cluster with 3 nodes as follows:
 
 cat <<EOF | kubectl apply -f -
@@ -9,7 +9,7 @@ kind: Cluster
 metadata:
   name: cluster-example
   {{if not .Values.config.clusterWide  -}}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cloudnative-pg.namespace" . }}
   {{- end }}
 spec:
   instances: 3

charts/cloudnative-pg/templates/NOTES.txt

@@ -1,3 +1,14 @@
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "cloudnative-pg.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
 {{/*
 Expand the name of the chart.
 */}}
@@ -185,8 +196,11 @@ namespace scope or clusterwide
   resources:
   - backups
   - clusters
+  - databases
   - poolers
+  - publications
   - scheduledbackups
+  - subscriptions
   verbs:
   - create
   - delete
@@ -199,7 +213,10 @@ namespace scope or clusterwide
   - postgresql.cnpg.io
   resources:
   - backups/status
+  - databases/status
+  - publications/status
   - scheduledbackups/status
+  - subscriptions/status
   verbs:
   - get
   - patch

charts/cloudnative-pg/templates/_helpers.tpl

@@ -19,6 +19,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Values.config.name }}
+  namespace: {{ include "cloudnative-pg.namespace" . }}
   labels:
     {{- include "cloudnative-pg.labels" . | nindent 4 }}
   {{- with .Values.commonAnnotations }}