test without custom job scheduler

.github/workflows/release.yaml

@@ -32,45 +32,45 @@ jobs:
           aqua_version: v1.25.0
       - name: Run unit tests
         run: mage test:unit
-  itest-trivy-operator:
-    name: Run integration tests / Trivy Operator
-    needs:
-      - tests
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Install tools
-        uses: aquaproj/aqua-installer@v3.0.1
-        with:
-          aqua_version: v1.25.0
-      - name: Setup Kubernetes cluster (KIND)
-        uses: engineerd/setup-kind@v0.5.0
-        with:
-          version: ${{ env.KIND_VERSION }}
-          image: ${{ env.KIND_IMAGE }}
-      - name: Test connection to Kubernetes cluster
-        run: |
-          kubectl cluster-info
-          kubectl wait --for=condition=Ready nodes --all --timeout=300s
-          kubectl describe node
-      - name: Run integration tests
-        run: |
-          kubectl create -k deploy/static
-          mage test:integration
-        env:
-          KUBECONFIG: /home/runner/.kube/config
-          OPERATOR_NAMESPACE: trivy-system
-          OPERATOR_TARGET_NAMESPACES: default
+  # itest-trivy-operator:
+  #   name: Run integration tests / Trivy Operator
+  #   needs:
+  #     - tests
+  #   runs-on: ubuntu-latest
+  #   timeout-minutes: 15
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v4
+  #     - name: Setup Go
+  #       uses: actions/setup-go@v5
+  #       with:
+  #         go-version: ${{ env.GO_VERSION }}
+  #     - name: Install tools
+  #       uses: aquaproj/aqua-installer@v3.0.1
+  #       with:
+  #         aqua_version: v1.25.0
+  #     - name: Setup Kubernetes cluster (KIND)
+  #       uses: engineerd/setup-kind@v0.5.0
+  #       with:
+  #         version: ${{ env.KIND_VERSION }}
+  #         image: ${{ env.KIND_IMAGE }}
+  #     - name: Test connection to Kubernetes cluster
+  #       run: |
+  #         kubectl cluster-info
+  #         kubectl wait --for=condition=Ready nodes --all --timeout=300s
+  #         kubectl describe node
+  #     - name: Run integration tests
+  #       run: |
+  #         kubectl create -k deploy/static
+  #         mage test:integration
+  #       env:
+  #         KUBECONFIG: /home/runner/.kube/config
+  #         OPERATOR_NAMESPACE: trivy-system
+  #         OPERATOR_TARGET_NAMESPACES: default
   release:
     name: Release
     needs:
-      - itest-trivy-operator
+      - tests
     runs-on: ubuntu-latest
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
@@ -101,18 +101,6 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to ECR
-        uses: docker/login-action@v3.3.0
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.ECR_ACCESS_KEY_ID }}
-          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
-      - name: Login to ghcr.io
-        uses: docker/login-action@v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Release
         uses: goreleaser/goreleaser-action@v6
         with:

.goreleaser.yaml

@@ -63,9 +63,7 @@ changelog:
       order: 9999
 dockers:
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-amd64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-amd64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-amd64"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-amd64"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile
@@ -83,9 +81,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/amd64"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-ubi8-amd64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-amd64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-amd64"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-ubi8-amd64"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile.ubi8
@@ -103,9 +99,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/amd64"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-arm64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-arm64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-arm64"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-arm64"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile
@@ -123,9 +117,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/arm64"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-ubi8-arm64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-arm64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-arm64"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-ubi8-arm64"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile.ubi8
@@ -143,9 +135,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/arm64"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-s390x"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-s390x"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-s390x"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-s390x"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile
@@ -163,9 +153,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/s390x"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-ppc64le"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ppc64le"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ppc64le"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-ppc64le"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile
@@ -183,9 +171,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/ppc64le"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-ubi8-s390x"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-s390x"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-s390x"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-ubi8-s390x"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile.ubi8
@@ -203,9 +189,7 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/s390x"
   - image_templates:
-      - "docker.io/aquasec/trivy-operator:{{ .Version }}-ubi8-ppc64le"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-ppc64le"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-ppc64le"
+      - "docker.io/martinwrona/trivy-operator:{{ .Version }}-ubi8-ppc64le"
     use: buildx
     goos: linux
     dockerfile: build/trivy-operator/Dockerfile.ubi8
@@ -223,42 +207,18 @@ dockers:
       - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy-operator/v{{ .Version }}/"
       - "--platform=linux/ppc64le"
 docker_manifests:
-  - name_template: "aquasec/trivy-operator:{{ .Version }}"
+  - name_template: "martinwrona/trivy-operator:{{ .Version }}"
     image_templates:
-      - "aquasec/trivy-operator:{{ .Version }}-amd64"
-      - "aquasec/trivy-operator:{{ .Version }}-arm64"
-      - "aquasec/trivy-operator:{{ .Version }}-s390x"
-      - "aquasec/trivy-operator:{{ .Version }}-ppc64le"
-  - name_template: "aquasec/trivy-operator:{{ .Version }}-ubi8"
+      - "martinwrona/trivy-operator:{{ .Version }}-amd64"
+      - "martinwrona/trivy-operator:{{ .Version }}-arm64"
+      - "martinwrona/trivy-operator:{{ .Version }}-s390x"
+      - "martinwrona/trivy-operator:{{ .Version }}-ppc64le"
+  - name_template: "martinwrona/trivy-operator:{{ .Version }}-ubi8"
     image_templates:
-      - "aquasec/trivy-operator:{{ .Version }}-ubi8-amd64"
-      - "aquasec/trivy-operator:{{ .Version }}-ubi8-arm64"
-      - "aquasec/trivy-operator:{{ .Version }}-ubi8-s390x"
-      - "aquasec/trivy-operator:{{ .Version }}-ubi8-ppc64le"
-  - name_template: "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}"
-    image_templates:
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-amd64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-arm64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-s390x"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ppc64le"
-  - name_template: "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8"
-    image_templates:
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-amd64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-arm64"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-s390x"
-      - "public.ecr.aws/aquasecurity/trivy-operator:{{ .Version }}-ubi8-ppc64le"
-  - name_template: "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}"
-    image_templates:
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-amd64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-arm64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-s390x"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ppc64le"
-  - name_template: "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8"
-    image_templates:
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-amd64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-arm64"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-s390x"
-      - "ghcr.io/aquasecurity/trivy-operator:{{ .Version }}-ubi8-ppc64le"
+      - "martinwrona/trivy-operator:{{ .Version }}-ubi8-amd64"
+      - "martinwrona/trivy-operator:{{ .Version }}-ubi8-arm64"
+      - "martinwrona/trivy-operator:{{ .Version }}-ubi8-s390x"
+      - "martinwrona/trivy-operator:{{ .Version }}-ubi8-ppc64le"
 
 signs:
   - cmd: cosign

docs/docs/crds/clustervulnerability-report.md

@@ -17,10 +17,10 @@ metadata:
   generation: 1
   labels:
     resource-spec-hash: 6b5887445b
-    trivy-operator.container.name: k8s-cluster
-    trivy-operator.resource.kind: ClusterSbomReport
-    trivy-operator.resource.name: 584b5cdcd5
-    trivy-operator.resource.namespace: ""
+    annotation.trivy-operator.container.name: k8s-cluster
+    annotation.trivy-operator.resource.kind: ClusterSbomReport
+    annotation.trivy-operator.resource.name: 584b5cdcd5
+    annotation.trivy-operator.resource.namespace: ""
   name: clustersbomreport-584b5cdcd5-k8s-cluster
   ownerReferences:
   - apiVersion: aquasecurity.github.io/v1alpha1

docs/docs/crds/configaudit-report.md

@@ -16,9 +16,9 @@ metadata:
   name: replicaset-nginx-6d4cf56db6
   namespace: default
   labels:
-    trivy-operator.resource.kind: ReplicaSet
-    trivy-operator.resource.name: nginx-6d4cf56db6
-    trivy-operator.resource.namespace: default
+    annotation.trivy-operator.resource.kind: ReplicaSet
+    annotation.trivy-operator.resource.name: nginx-6d4cf56db6
+    annotation.trivy-operator.resource.namespace: default
     plugin-config-hash: 7f65d98b75
     resource-spec-hash: 7cb64cb677
   uid: d5cf8847-c96d-4534-beb9-514a34230302

docs/docs/crds/exposedsecret-report.md

@@ -15,10 +15,10 @@ metadata:
   generation: 2
   labels:
     resource-spec-hash: 8495697ff5
-    trivy-operator.container.name: app
-    trivy-operator.resource.kind: ReplicaSet
-    trivy-operator.resource.name: app-67b77f5965
-    trivy-operator.resource.namespace: default
+    annotation.trivy-operator.container.name: app
+    annotation.trivy-operator.resource.kind: ReplicaSet
+    annotation.trivy-operator.resource.name: app-67b77f5965
+    annotation.trivy-operator.resource.namespace: default
   name: replicaset-app-67b77f5965-app
   namespace: default
   ownerReferences:

docs/docs/crds/infraassessment-report.md

@@ -24,9 +24,9 @@ metadata:
   labels:
     plugin-config-hash: 659b7b9c46
     resource-spec-hash: 56fd79dd67
-    trivy-operator.resource.kind: Pod
-    trivy-operator.resource.name: kube-apiserver-minikube
-    trivy-operator.resource.namespace: kube-system
+    annotation.trivy-operator.resource.kind: Pod
+    annotation.trivy-operator.resource.name: kube-apiserver-minikube
+    annotation.trivy-operator.resource.namespace: kube-system
   name: pod-kube-apiserver-minikube
   namespace: kube-system
   ownerReferences:

docs/docs/crds/rbacassessment-report.md

@@ -13,15 +13,15 @@ apiVersion: aquasecurity.github.io/v1alpha1
 kind: RbacAssessmentReport
 metadata:
   annotations:
-    trivy-operator.resource.name: system:controller:token-cleaner
+    annotation.trivy-operator.resource.name: system:controller:token-cleaner
   creationTimestamp: "2022-07-04T07:23:07Z"
   generation: 1
   labels:
     plugin-config-hash: 659b7b9c46
     resource-spec-hash: 59b6bf95c6
-    trivy-operator.resource.kind: Role
-    trivy-operator.resource.name-hash: 868458b9d6
-    trivy-operator.resource.namespace: default
+    annotation.trivy-operator.resource.kind: Role
+    annotation.trivy-operator.resource.name-hash: 868458b9d6
+    annotation.trivy-operator.resource.namespace: default
   name: role-868458b9d6
   namespace: kube-system
   ownerReferences:

docs/docs/crds/sbom-report.md

@@ -17,10 +17,10 @@ metadata:
   generation: 1
   labels:
     resource-spec-hash: 796669cd5d
-    trivy-operator.container.name: kube-apiserver
-    trivy-operator.resource.kind: Pod
-    trivy-operator.resource.name: kube-apiserver-kind-control-plane
-    trivy-operator.resource.namespace: kube-system
+    annotation.trivy-operator.container.name: kube-apiserver
+    annotation.trivy-operator.resource.kind: Pod
+    annotation.trivy-operator.resource.name: kube-apiserver-kind-control-plane
+    annotation.trivy-operator.resource.namespace: kube-system
   name: pod-kube-apiserver-kind-control-plane-kube-apiserver
   namespace: kube-system
   ownerReferences:

docs/docs/crds/vulnerability-report.md

@@ -16,10 +16,10 @@ metadata:
   name: replicaset-nginx-6d4cf56db6-nginx
   namespace: default
   labels:
-    trivy-operator.container.name: nginx
-    trivy-operator.resource.kind: ReplicaSet
-    trivy-operator.resource.name: nginx-6d4cf56db6
-    trivy-operator.resource.namespace: default
+    annotation.trivy-operator.container.name: nginx
+    annotation.trivy-operator.resource.kind: ReplicaSet
+    annotation.trivy-operator.resource.name: nginx-6d4cf56db6
+    annotation.trivy-operator.resource.namespace: default
     resource-spec-hash: 7cb64cb677
   uid: 8aa1a7cb-a319-4b93-850d-5a67827dfbbf
   ownerReferences:
@@ -90,10 +90,10 @@ metadata:
   name: replicaset-nginx-6d4cf56db6-nginx
   namespace: default
   labels:
-    trivy-operator.container.name: nginx
-    trivy-operator.resource.kind: ReplicaSet
-    trivy-operator.resource.name: nginx-6d4cf56db6
-    trivy-operator.resource.namespace: default
+    annotation.trivy-operator.container.name: nginx
+    annotation.trivy-operator.resource.kind: ReplicaSet
+    annotation.trivy-operator.resource.name: nginx-6d4cf56db6
+    annotation.trivy-operator.resource.namespace: default
     resource-spec-hash: 7cb64cb677
   uid: 8aa1a7cb-a319-4b93-850d-5a67827dfbbf
   ownerReferences:

docs/docs/design/explain_saving_vulnerability_reports.excalidraw

@@ -2025,7 +2025,7 @@
       "versionNonce": 466109904,
       "isDeleted": false,
       "boundElementIds": null,
-      "text": "pod-spec-hash: 6649968fbf\ntrivy-operator.container.name: nginx\ntrivy-operator.resource.kind: ReplicaSet\ntrivy-operator.resource.name: foo-548d487d9d\ntrivy-operator.resource.namespace: qa",
+      "text": "pod-spec-hash: 6649968fbf\nannotation.trivy-operator.container.name: nginx\nannotation.trivy-operator.resource.kind: ReplicaSet\nannotation.trivy-operator.resource.name: foo-548d487d9d\nannotation.trivy-operator.resource.namespace: qa",
       "fontSize": 16,
       "fontFamily": 3,
       "textAlign": "left",
@@ -2087,7 +2087,7 @@
       "versionNonce": 1012861904,
       "isDeleted": false,
       "boundElementIds": null,
-      "text": "pod-spec-hash: 6649968fbf\ntrivy-operator.container.name: redis\ntrivy-operator.resource.kind: ReplicaSet\ntrivy-operator.resource.name: foo-548d487d9d\ntrivy-operator.resource.namespace: qa",
+      "text": "pod-spec-hash: 6649968fbf\nannotation.trivy-operator.container.name: redis\nannotation.trivy-operator.resource.kind: ReplicaSet\nannotation.trivy-operator.resource.name: foo-548d487d9d\nannotation.trivy-operator.resource.namespace: qa",
       "fontSize": 16,
       "fontFamily": 3,
       "textAlign": "left",
@@ -2670,7 +2670,7 @@
       "versionNonce": 944626480,
       "isDeleted": false,
       "boundElementIds": null,
-      "text": "# Get VulnerabilityReports for the specified workload with kubectl get command and label selectors\n$ kubectl get vuln -l trivy-operator.resource.kind=ReplicaSet -l trivy-operator.resource.name=foo-548d487d9d\n\n# Get VulnerabilityReports for the specified workload using trivy-operator get command or dashboard plugin,\n# which are more powerful than kubectl get, but leverage label selectors\n$ trivy-operator get vuln replicaset/foo-548d487d9d\n\n# Get VulnerabilityReports for the specified root workload (e.g. Deployment) even though they're owned\n# by the immediate workload (e.g. ReplicaSet)\n$ trivy-operator get vuln deployment/foo\n\n# Get VulnerabilityReports for the specified workload in the specified namespace\n$ trivy-operator get vuln deployment/baz -n stage\n\n# Get all VulnerabilityReports for the specified namespace\n$ kubectl get vuln -n stage",
+      "text": "# Get VulnerabilityReports for the specified workload with kubectl get command and label selectors\n$ kubectl get vuln -l annotation.trivy-operator.resource.kind=ReplicaSet -l annotation.trivy-operator.resource.name=foo-548d487d9d\n\n# Get VulnerabilityReports for the specified workload using trivy-operator get command or dashboard plugin,\n# which are more powerful than kubectl get, but leverage label selectors\n$ trivy-operator get vuln replicaset/foo-548d487d9d\n\n# Get VulnerabilityReports for the specified root workload (e.g. Deployment) even though they're owned\n# by the immediate workload (e.g. ReplicaSet)\n$ trivy-operator get vuln deployment/foo\n\n# Get VulnerabilityReports for the specified workload in the specified namespace\n$ trivy-operator get vuln deployment/baz -n stage\n\n# Get all VulnerabilityReports for the specified namespace\n$ kubectl get vuln -n stage",
       "fontSize": 16,
       "fontFamily": 3,
       "textAlign": "left",