Merge pull request #46 from sensu/js/prep-for-0.7.0

prepping 0.7.0 release

CHANGELOG.md

@@ -7,6 +7,15 @@ Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [0.7.0] - 2022-09-23
+### Added
+- new resource_authors option that lets you select which created_by values you will match. Defaults to sensu-flow
+- added contribured documentation for using docker image for alternative CI/CD workflows.
+
+### Changed
+- Fixed bug using api-key for auth.
+- Added additional verbose logging for troubleshooting.
+
 ## [0.6.0] - 2022-07-01
 ### Changed
 - refactored envar/option names to match existing sensuctl envvars

README.md

@@ -110,17 +110,26 @@ jobs:
 
     # Step 2: use the versioned sensu/sensu-flow action 
     - name: Sensuflow with required settings
-      uses: sensu/sensu-flow@0.6.0
+      uses: sensu/sensu-flow@0.7.0
       with:
+        ##
         # Required configuration
         # Please make use of GitHub secrets for sensitive information 
+        ##
         sensu_api_url: ${{ secrets.SENSU_API_URL }}
         sensu_api_key: ${{ secrets.SENSU_API_KEY }}
+        ##
         # Optional configuration, if not present defaults will be used
+        ##
         namespaces_dir: .sensu/namespaces
         namespaces_file: .sensu/cluster/namespaces.yaml
         matching_label: "sensu.io/workflow"
         matching_condition: "== 'sensu-flow'"
+        ##
+        # Only prune resources created_by these users, you'll want to make sure
+        # this list includes the user associated with the api-key used for authorization
+        ##
+        resource_authors: "sensu-flow"
 
 ```
 ### Your First SensuFlow Workflow
@@ -265,6 +274,7 @@ _OR_
 ## Using the Docker container image with other CI/CD tools
 While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral `sensu/sensu-flow` [Docker](https://hub.docker.com/repository/docker/sensu/sensu-flow) container image available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: 
 
+* [Docker Image](docs/Docker.md)
 * [Bitbucket](docs/BITBUCKET.md)
 * [GitLab](docs/GITLAB.md)
 

docs/BITBUCKET.md

@@ -29,6 +29,7 @@ The following environment variables are taken into account by `sensuflow.sh`. Yo
 * `MANAGED_RESOURCES` - A comma seperated list of resources.
 * `MATCHING_LABEL` - A resource label to match.
 * `MATCHING_CONDITION` - Condition to match.
+* `RESOURCE_AUTHORS` - user names to match in the created_by metadata when pruning resources.
 * `DISABLE_SANITY_CHECKS` - If set sanity checks will be disabled.
 * `DISABLE_TLS_VERIFY` - If TLS verification will be disabled.
 * `VERBOSE` - If set shows verbose description of actions carried out by the script.
@@ -38,7 +39,7 @@ The following environment variables are taken into account by `sensuflow.sh`. Yo
 Create a file named `bitbucket-pipelines.yml` in the root folder of your project with the following contents, and edit it as needed. The example below is set to show verbose output, and to load the credentials necessary for authentication from Bitbucket repository variables. 
 
 ```yaml
-image: sensu/sensu-flow:0.6.0
+image: sensu/sensu-flow:0.7.0
 
 pipelines:
   default:

docs/DOCKER.md

@@ -0,0 +1,40 @@
+## Docker image
+The `sensu/sensu-flow`  [Docker container image](https://hub.docker.com/r/sensu/sensu-flow) can be used with any number of CI/CD pipelines. The `sensuflow.sh` script within this container was originally developed for GitHub actions, but will execute successfully if provided the correct environment variables.
+
+To pull the latest tagged release of the docker image use:
+```
+docker pull sensu/sensu-flow:latest
+```
+
+### Authentication
+
+The `sensuflow.sh` script in the container will use the value of the environment variables `SENSU_API_URL` and `SENSU_API_KEY` for authentication, we recommend using the secrets provider mechanism for the CI/CD system you are using in order to keep your credentials secure. Each CI/CD platform will have a different implementation mechansim. 
+
+
+### Optional configuration
+
+The following optional environment variables are also used by `sensuflow.sh`. If passed to docker run will override the default values assumed by the script.
+
+* `SENSU_CA` - CA certificate as a string.
+* `SENSU_CA_FILE` - CA certificate file, if set overrides `SENSU_CA`.
+* `CONFIGURE_OPTIONS` - Additional sensuctl configure options.
+* `NAMESPACES_DIR` - Directory holding sensuflow namepace subdirectories.
+* `NAMESPACES_FILE` - File holding namespace resource definitions sensuflow action should create.
+* `MANAGED_RESOURCES` - A comma seperated list of resources.
+* `MATCHING_LABEL` - A resource label to match.
+* `MATCHING_CONDITION` - Condition to match.
+* `RESOURCE_AUTHORS` - user names to match in the created_by metadata when pruning resources.
+* `DISABLE_SANITY_CHECKS` - If set sanity checks will be disabled.
+* `DISABLE_TLS_VERIFY` - If TLS verification will be disabled.
+* `VERBOSE` - If set shows verbose description of actions carried out by the script.
+
+### Example docker run invocation
+Using the docker image from a repository following the nominal default layout.
+
+```
+docker run -e SENSU_API_KEY=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee -e SENSU_API_URL=http://WWW.XXX.YYY.ZZZ:8080 -e VERBOSE=1 -v ${PWD}/.sensu:/.sensu sensu/sensu-flow:latest
+```
+
+This the sensu-flow.sh script will execute from inside the container and will look for Sensu resources under the default NAMESPACES_DIR value of  `/.sensu/namespaces/`.  Thie bind mount `-v ${PWD}/.sensu:/.sensu` takes the repository directory `.sensu` and mounts it into the container as `/.sensu`.  The multiple `-e` arguments are setting environment variables for the sensu-flow.sh script to make use of.  You can add additional `-e` calls for the optional configuratin options to tailor operation for your workflow.
+
+

docs/GITLAB.md

@@ -17,6 +17,7 @@ When using the docker image with GitLab, you'll need to be aware of several envi
 # MANAGED_RESOURCES: comma seperated list of resources
 # MATCHING_LABEL: resource label to match
 # MATCHING_CONDITION: condition to match
+# RESOURCE_AUTHORS: user names to match in the created_by metadata when pruning resources.
 # DISABLE_SANITY_CHECKS: if set disable sanity checks
 # DISABLE_TLS_VERIFY: if set disable TLS verification 
 ## Deprecated Authentication Environment Variables