Skip to content

Upgrade dependencies, restructure repo, and address code review #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dcruver merged 10 commits into from
Feb 20, 2026
Merged

Upgrade dependencies, restructure repo, and address code review #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
2331026
Restructure repo and simplify operator deployment
dcruver Feb 18, 2026
9a8aba9
Update documentation and developer reference
dcruver Feb 18, 2026
9529d8f
Upgrade to Java 21
dcruver Feb 18, 2026
5594a97
Upgrade to Spring Boot 4.0.2 and Spring Framework 7
dcruver Feb 18, 2026
f7fb467
Upgrade CRD to v1alpha2
dcruver Feb 18, 2026
11e6a3a
Enhance webapp with improved k8s client and test coverage
dcruver Feb 18, 2026
e924352
Add Dockerfile for minimal-app container image
dcruver Feb 18, 2026
2f13fbc
Address code review findings across all severity levels
dcruver Feb 19, 2026
940a220
Fix CI failures: lint, test deps, and version bumps
dcruver Feb 19, 2026
6ad4428
Complete minimal-app to keip-integration rename and upgrade fixups
dcruver Feb 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Github Actions
This monorepo consists of 3 artifacts that are versioned, built, and released separately.
- minimal-app
- keip-integration
- operator
- operator/webapp
- webapp

## PR builds
When a PR is opened or updated, it will determine if any files changed in each of the sub-project directories.
Expand Down
33 changes: 18 additions & 15 deletions .github/workflows/minimal-app.yml → .github/workflows/keip-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,34 @@
name: minimal-app
name: keip-integration

on:
workflow_dispatch:
pull_request:
paths:
- minimal-app/**
- .github/workflows/minimal-app.yml
- keip-integration/**
- .github/workflows/keip-integration.yml
- .github/workflows/scripts
push:
branches:
- main
paths:
- minimal-app/**
- keip-integration/**

env:
WORKING_DIR: ./minimal-app
JAVA_VERSION: 17
GIT_TAG_PREFIX: minimal-app_v
WORKING_DIR: ./keip-integration
JAVA_VERSION: 21
GIT_TAG_PREFIX: keip-integration_v

permissions:
contents: read

jobs:
verify-versions:
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: sh .github/workflows/scripts/verify_minimal_app_releasable.sh
name: Verify minimal app is in a state to be released on merge
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- run: sh .github/workflows/scripts/verify_keip_integration_releasable.sh
name: Verify keip-integration is in a state to be released on merge
build:
name: build image
if: github.ref != 'refs/heads/main'
Expand All @@ -35,8 +38,8 @@ jobs:
shell: bash
working-directory: ${{ env.WORKING_DIR }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
with:
java-version: "${{ env.JAVA_VERSION }}"
distribution: "temurin"
Expand All @@ -54,7 +57,7 @@ jobs:
contents: write # create git tags
packages: write # push docker images
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- run: |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
REGISTRY=$(mvn help:evaluate -Dexpression=docker.registry -q -DforceStdout)
Expand All @@ -77,7 +80,7 @@ jobs:
fi
name: check if release is needed

- uses: actions/setup-java@v3
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
if: env.needs_release == 'true'
with:
java-version: "${{ env.JAVA_VERSION }}"
Expand All @@ -99,7 +102,7 @@ jobs:
docker push ${{ steps.naming-selector.outputs.LATEST_FULL_IMAGE_NAME }}
if: env.needs_release == 'true'

- uses: mathieudutour/github-tag-action@v6.1
- uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # v6.1
if: env.needs_release == 'true'
id: tag_version
with:
Expand Down
17 changes: 10 additions & 7 deletions .github/workflows/operator.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,28 @@ on:
- operator/**
- .github/workflows/operator.yml
- .github/workflows/scripts
- "!operator/webapp/**"
- '!**.md'
- '!operator/examples/**'
push:
branches:
- main
paths:
- operator/**
- "!operator/webapp/**"
- '!**.md'
- '!operator/examples/**'

env:
WORKING_DIR: ./operator

permissions:
contents: read

jobs:
verify-versions:
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- run: sh .github/workflows/scripts/verify_operator_releasable.sh
name: Verify operator is in a state to be released on merge

Expand All @@ -38,19 +39,21 @@ jobs:
shell: bash
working-directory: ${{ env.WORKING_DIR }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- run: make prep-release
name: generate release files

release:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: write
defaults:
run:
shell: bash
working-directory: ${{ env.WORKING_DIR }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

# set variables used by multiple steps in the job
- run: |
Expand All @@ -71,7 +74,7 @@ jobs:
if: env.needs_release == 'true'
name: generate release files

- uses: mathieudutour/github-tag-action@v6.1
- uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # v6.1
if: env.needs_release == 'true'
id: tag_version
with:
Expand All @@ -80,7 +83,7 @@ jobs:
# avoid v prefix before tag
tag_prefix: ""

- uses: ncipollo/release-action@v1
- uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1
if: env.needs_release == 'true'
with:
tag: ${{ steps.tag_version.outputs.new_tag }}
Expand Down
10 changes: 7 additions & 3 deletions .github/workflows/scripts/shared/verify_changes_update_version.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,19 @@ GREP_FILTER_STDERR_OUTPUT="/tmp/diff_grep_filter_stderr"

main() {
# github actions job does not fetch other git objects by default
git fetch origin $GITHUB_BASE_REF
if [ -z "$GITHUB_BASE_REF" ]; then
echo "ERROR: GITHUB_BASE_REF is not set"
exit 1
fi
git fetch origin "$GITHUB_BASE_REF"
git fetch --tags

# if 'grep -v' (inverted-match) matches all the file-paths in the list, an error code is returned, which immediately
# exits the script. This behavior is not desirable, since an empty list of diffs is valid in the context of
# checking if a release is required. A '|| true' is added at the end of the command to force a non-error return code.
# To still be able to catch any unexpected errors with the 'grep' command, stderr is piped to a file that is later
# checked for errors.
filtered_changes=$(git diff --name-only origin/$GITHUB_BASE_REF -- $DIRECTORY | grep -E -v \
filtered_changes=$(git diff --name-only "origin/$GITHUB_BASE_REF" -- "$DIRECTORY" | grep -E -v \
-e 'test/' \
-e 'requirements-dev\.txt$' \
-e '\.md$' \
Expand All @@ -37,7 +41,7 @@ main() {
exit 1
fi

echo "Comparing current branch and $GITHUB_BASE_REF at directory: ${DIRECTORY}"
echo "Comparing current branch and $GITHUB_BASE_REF at directory: $DIRECTORY"

if [ -n "$filtered_changes" ]; then
echo "$filtered_changes"
Expand Down
14 changes: 9 additions & 5 deletions .github/workflows/scripts/shared/verify_current_webapp_img.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,19 @@
OPERATOR_DIR=operator
OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/core-controller.yaml
OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/webhook-deployment.yaml

verify_current_webapp_img() {
current_webapp_img=$(make --no-print-directory -C operator/webapp get-image-name)
webapp_image_used=$(yq eval '.spec.template.spec.containers[].image' $OPERATOR_CONTROLLER_YAML)
set -eu

current_webapp_img=$(make --no-print-directory -C webapp get-image-name)
webapp_image_used=$(yq eval '.spec.template.spec.containers[].image' "$OPERATOR_CONTROLLER_YAML")

test -n "$current_webapp_img"
test -n "$webapp_image_used"

error_message="Operator is using $webapp_image_used but should be using the most recent $current_webapp_img."
test "$webapp_image_used" = "$current_webapp_img" || (echo $error_message && exit 1)
if [ "$webapp_image_used" != "$current_webapp_img" ]; then
echo "Operator is using $webapp_image_used but should be using the most recent $current_webapp_img."
exit 1
fi
}

verify_current_webapp_img
11 changes: 11 additions & 0 deletions .github/workflows/scripts/verify_keip_integration_releasable.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
set -eux

KEIP_INTEGRATION_DIR=keip-integration

verify_version_bump() {
version=$(mvn -f keip-integration/pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)
potential_tag="${GIT_TAG_PREFIX}${version}"
sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $KEIP_INTEGRATION_DIR
}

verify_version_bump
11 changes: 0 additions & 11 deletions .github/workflows/scripts/verify_minimal_app_releasable.sh
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/scripts/verify_operator_releasable.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ verify_version_bump() {
sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $OPERATOR_DIR \
'-e ^operator/examples/
-e ^operator/example/
-e ^operator/webapp/'
-e ^webapp/'
}

sh .github/workflows/scripts/shared/verify_current_webapp_img.sh
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scripts/verify_webapp_releasable.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
set -eux

WEBAPP_DIR=operator/webapp
WEBAPP_DIR=webapp

verify_version_bump() {
potential_tag=$(make --no-print-directory -C $WEBAPP_DIR get-tag)
Expand Down
29 changes: 16 additions & 13 deletions .github/workflows/webapp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,27 +3,30 @@ on:
workflow_dispatch:
pull_request:
paths:
- operator/webapp/**
- webapp/**
- .github/workflows/webapp.yml
- .github/workflows/scripts
- '!**.md'
push:
branches:
- main
paths:
- operator/webapp/**
- webapp/**
- '!**.md'

env:
PYTHON_VERSION: 3.11
WORKING_DIR: ./operator/webapp
WORKING_DIR: ./webapp

permissions:
contents: read

jobs:
verify-versions:
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- run: sh .github/workflows/scripts/verify_webapp_releasable.sh
name: Verify webapp is in a state to be released on merge
test:
Expand All @@ -34,8 +37,8 @@ jobs:
shell: bash
working-directory: ${{ env.WORKING_DIR }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- run: make test
Expand All @@ -48,8 +51,8 @@ jobs:
shell: bash
working-directory: ${{ env.WORKING_DIR }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- run: make lint
Expand All @@ -64,9 +67,9 @@ jobs:
shell: bash
working-directory: ${{ env.WORKING_DIR }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: ${{ env.WORKING_DIR }}
Expand All @@ -85,7 +88,7 @@ jobs:
contents: write # create git tags
packages: write # push docker images
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- run: |
REGISTRY=$(make get-registry)
IMAGE_NAME=$(make get-image-name)
Expand Down Expand Up @@ -116,7 +119,7 @@ jobs:

- name: Set up Docker Buildx
if: env.needs_release == 'true'
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

- uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
if: env.needs_release == 'true'
Expand All @@ -126,7 +129,7 @@ jobs:
push: true
tags: ${{ steps.naming-selector.outputs.FULL_IMAGE_NAME }}

- uses: mathieudutour/github-tag-action@v6.1
- uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # v6.1
if: env.needs_release == 'true'
id: tag_version
with:
Expand Down
Loading