Merge branch 'main' into vendor-data

.envrc

@@ -1,4 +1,6 @@
-export TINKERBELL_GRPC_AUTHORITY=127.0.0.1:42113
-export TINKERBELL_CERT_URL=http://127.0.0.1:42114/cert
+has nix && use nix
+dotenv_if_exists
+PATH_add bin
+path_add GOBIN bin
 
-which nix &>/dev/null && use nix && unset GOPATH
+export TINKERBELL_GRPC_AUTHORITY=127.0.0.1:42113

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+/.github/settings.yml @mmlb @micahhausler
+/.github/CODEOWNERS @mmlb @micahhausler

.github/mergify.yml

@@ -6,7 +6,6 @@ queue_rules:
       - check-success~=docker-images.*tink-cli
       - check-success~=docker-images.*tink-server
       - check-success~=docker-images.*tink-worker
-      - check-success=validation
 
 pull_request_rules:
   - name: Automatic merge on approval
@@ -19,7 +18,7 @@ pull_request_rules:
       - check-success~=docker-images.*tink-cli
       - check-success~=docker-images.*tink-server
       - check-success~=docker-images.*tink-worker
-      - check-success=validation
+      - check-success=crosscompile
       - label!=do-not-merge
       - label=ready-to-merge
     actions:

.github/settings.yml

@@ -0,0 +1,34 @@
+# Collaborators: give specific users access to this repository.
+# See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
+collaborators:
+  # Maintainers, should also be added to the .github/CODEOWNERS file as owners of this settings.yml file.
+  - username: micahhausler
+    permission: maintain
+  - username: mmlb
+    permission: maintain
+  # Approvers
+  - username: displague
+    permission: push
+  - username: jacobweinstock
+    permission: push
+  - username: nshalman
+    permission: push
+  - username: tstromberg
+    permission: push
+  # Reviewers
+  - username: chrisdoherty4
+    permission: triage
+  - username: detiber
+    permission: triage
+  - username: stephen-fox
+    permission: triage
+  - username: tobert
+    permission: triage
+
+  # Note: `permission` is only valid on organization-owned repositories.
+  # The permission to grant the collaborator. Can be one of:
+  # * `pull` - can pull, but not push to or administer this repository.
+  # * `push` - can pull and push, but not administer this repository.
+  # * `admin` - can pull, push and administer this repository.
+  # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
+  # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.

.github/workflows/ci.yaml

@@ -11,84 +11,102 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
+
       - name: Install Go
         uses: actions/setup-go@v2
         with:
           go-version: "1.17"
+
       - name: make verify
         run: make verify
   test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
+
       - name: Install Go
         uses: actions/setup-go@v2
         with:
           go-version: "1.17"
+
       - name: Install nix
         uses: cachix/install-nix-action@v16
         with:
           nix_path: nixpkgs=channel:nixos-unstable
+
       - name: Fetch Nix Packages
         run: nix-shell --run 'true'
+
       - name: Generate
         run: nix-shell --run 'make generate'
-      - name: go clean -testcache
-        run: go clean -testcache
+
+      - name: e2etest
+        run: make e2etest-setup
+
       - name: go test
-        run: go test -coverprofile=coverage.txt ./... -v
+        run: make test
+
       - name: upload codecov
         run: bash <(curl -s https://codecov.io/bash)
   ci-checks:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
+
       - name: Install nix
         uses: cachix/install-nix-action@v16
         with:
           nix_path: nixpkgs=channel:nixos-unstable
+
       - name: Fetch Nix Packages
         run: nix-shell --run 'true'
+
       - run: make bin/gofumpt
+
       - run: PATH=$PWD/bin/:$PATH ./ci-checks.sh
-  validation:
+  crosscompile:
     runs-on: ubuntu-latest
     needs:
       - ci-checks
       - test
       - verify
-    steps:
-      - name: fake
-        run: echo ":+1:"
-  crosscompile:
-    runs-on: ubuntu-latest
-    needs:
-      - validation
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
+
       - name: Install Go
         uses: actions/setup-go@v2
         with:
           go-version: "1.17"
+
       - run: make crosscompile -j$(nproc)
+
       - name: Upload tink-cli binaries
         uses: actions/upload-artifact@v2
         with:
           name: tink-cli
           path: cmd/tink-cli/tink-cli-*
+
       - name: Upload tink-server binaries
         uses: actions/upload-artifact@v2
         with:
           name: tink-server
           path: cmd/tink-server/tink-server-*
+
       - name: Upload tink-worker binaries
         uses: actions/upload-artifact@v2
         with:
           name: tink-worker
           path: cmd/tink-worker/tink-worker-*
+
+      - name: Upload virtual-worker binaries
+        uses: actions/upload-artifact@v2
+        with:
+          name: virtual-worker
+          path: cmd/virtual-worker/virtual-worker-*
+
       - name: Upload tink-controller binaries
         uses: actions/upload-artifact@v2
         with:
@@ -103,37 +121,47 @@ jobs:
         include:
           - repository: quay.io/tinkerbell/tink-cli
             binary: tink-cli
+
           - repository: quay.io/tinkerbell/tink
             binary: tink-server
+
           - repository: quay.io/tinkerbell/tink-worker
             binary: tink-worker
+
           - repository: quay.io/tinkerbell/tink-controller
             binary: tink-controller
     steps:
       - name: Docker Image Tag for Sha
         id: docker-image-tag
         run: |
           echo ::set-output name=tags::${{ matrix.repository }}:latest,${{ matrix.repository }}:sha-${GITHUB_SHA::8}
+
       - name: Checkout code
         uses: actions/checkout@v2
+
       - name: Login to quay.io
         uses: docker/login-action@v1
         if: ${{ startsWith(github.ref, 'refs/heads/main') }}
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
+
       - name: Download ${{ matrix.binary }} artifacts
         uses: actions/download-artifact@v2
         with:
           name: ${{ matrix.binary}}
           path: cmd/${{ matrix.binary }}
+
       - name: Fix Permissions
         run: chmod +x cmd/${{ matrix.binary }}/${{ matrix.binary }}*
+
       - name: ${{ matrix.repository }}
         uses: docker/build-push-action@v2
         with:

.gitignore

@@ -23,3 +23,6 @@ out/
 
 .*.swp
 hack/tools
+
+# test worker files
+tests/worker

Makefile

@@ -8,12 +8,11 @@ all: cli server worker ## Build all binaries for host OS and CPU
 -include kube.mk
 
 crosscompile: $(crossbinaries) ## Build all binaries for Linux and all supported CPU arches
-images: tink-cli-image tink-server-image tink-worker-image ## Build all docker images
+images: tink-cli-image tink-server-image tink-worker-image virtual-worker-image ## Build all docker images
 run: crosscompile run-stack ## Builds and runs the Tink stack (tink, db, cli) via docker-compose
 
-test: ## Run tests
-	go clean -testcache
-	go test -coverprofile=coverage.txt ./... -v
+test: e2etest-setup ## Run tests
+	source <(setup-envtest use  -p env) && go test -coverprofile=coverage.txt ./...
 
 verify: lint check-generated # Verify code style, is lint free, freshness ...
 	gofumpt -s -d .

buf.gen.yaml

@@ -8,6 +8,3 @@ plugins:
     opt:
       - paths=source_relative
       - require_unimplemented_servers=false
-  - name: grpc-gateway
-    out: .
-    opt: paths=source_relative