From cd0b997c2f2384aa87c58b27d36612194f6f1c05 Mon Sep 17 00:00:00 2001 From: Razin Bouzar Date: Sat, 28 Feb 2026 15:28:56 -0500 Subject: [PATCH 1/4] Adding Apache Rat to ci/cd License headers auditing should be included as part of ci/cd builds. This includes adding the Apache Rat audit tool and adds license headers --- .dockerignore | 17 +++++++++++++++++ Makefile | 30 ++++++++++++++++++++++++++++++ chart/.helmignore | 17 +++++++++++++++++ go.mod | 17 +++++++++++++++++ 4 files changed, 81 insertions(+) diff --git a/.dockerignore b/.dockerignore index 0f046820..97a57a69 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file # Ignore build and test binaries. bin/ diff --git a/Makefile b/Makefile index 4027938b..cd597da7 100644 --- a/Makefile +++ b/Makefile @@ -35,6 +35,8 @@ NAMESPACE_MINIO_OPERATOR ?= "minio-operator" MINIO_VERSION ?= "6.0.4" # NAMESPACE for druid app e2e NAMESPACE_DRUID ?= "druid" +# Set to false to skip the Apache RAT license audit +ENABLE_RAT ?= true # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.26.0 @@ -103,6 +105,22 @@ test: manifests generate fmt vet envtest ## Run tests. e2e: ## Runs e2e tests e2e/e2e.sh +ifeq ($(ENABLE_RAT),true) +.PHONY: rat +rat: rat-jar ## Run Apache RAT license audit (set ENABLE_RAT=false to skip). + java -jar $(RAT_JAR) \ + --input-exclude-std GIT \ + --input-exclude "**/*.png" \ + --input-exclude "**/*.sum" \ + --input-exclude "**/zz_generated.*.go" \ + --input-exclude "**/PROJECT" \ + -- . +else +.PHONY: rat +rat: ## Run Apache RAT license audit (set ENABLE_RAT=false to skip). + @echo "Skipping Apache RAT license audit (ENABLE_RAT=false)" +endif + .PHONY: docker-build-local-test docker-build-local-test: ## Build docker image with the manager for test on kind. docker build -t ${IMG_KIND}:${TEST_IMG_TAG} -f e2e/Dockerfile-testpod . @@ -247,11 +265,13 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen GEN_CRD_API_REFERENCE_DOCS = $(LOCALBIN)/gen-crd-api-reference-docs ENVTEST ?= $(LOCALBIN)/setup-envtest +RAT_JAR ?= $(LOCALBIN)/apache-rat.jar ## Tool Versions KUSTOMIZE_VERSION ?= v3.8.7 CONTROLLER_TOOLS_VERSION ?= v0.14.0 GEN_CRD_API_REF_VERSION ?= v0.3.0 +RAT_VERSION ?= 0.17 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize @@ -278,3 +298,13 @@ $(ENVTEST): $(LOCALBIN) gen-crd-api-reference-docs: $(GEN_CRD_API_REFERENCE_DOCS) $(GEN_CRD_API_REFERENCE_DOCS): $(LOCALBIN) GOBIN=$(LOCALBIN) go install github.com/ahmetb/gen-crd-api-reference-docs@$(GEN_CRD_API_REF_VERSION) + +.PHONY: rat-jar +rat-jar: $(RAT_JAR) ## Download Apache RAT jar locally if necessary. +$(RAT_JAR): $(LOCALBIN) + mkdir -p /tmp/rat-download && \ + curl -sSL "https://dlcdn.apache.org/creadur/apache-rat-$(RAT_VERSION)/apache-rat-$(RAT_VERSION)-bin.tar.gz" \ + -o /tmp/rat-download/rat.tar.gz && \ + tar -xzf /tmp/rat-download/rat.tar.gz -C /tmp/rat-download && \ + mv /tmp/rat-download/apache-rat-$(RAT_VERSION)/apache-rat-$(RAT_VERSION).jar $(RAT_JAR) && \ + rm -rf /tmp/rat-download diff --git a/chart/.helmignore b/chart/.helmignore index 0e8a0eb3..fa5198e3 100644 --- a/chart/.helmignore +++ b/chart/.helmignore @@ -1,3 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. diff --git a/go.mod b/go.mod index 01f34480..9af90909 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,20 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + module github.com/datainfrahq/druid-operator go 1.20 From e155a6121d7b669a7522ab60b58fe38bc4234598 Mon Sep 17 00:00:00 2001 From: Razin Bouzar Date: Sat, 28 Feb 2026 19:48:53 -0500 Subject: [PATCH 2/4] Update permissions All six e2e/*.sh scripts were stored in git with mode 100644 (not executable), which caused the CI failure. Fixed with git update-index --chmod=+x to set mode 100755 in the git index, and chmod +x locally to match. --- e2e/druid-ingestion-test.sh | 0 e2e/e2e.sh | 0 e2e/kind.sh | 0 e2e/monitor-task.sh | 0 e2e/test-extra-common-config.sh | 0 e2e/wikipedia-test.sh | 0 6 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 e2e/druid-ingestion-test.sh mode change 100644 => 100755 e2e/e2e.sh mode change 100644 => 100755 e2e/kind.sh mode change 100644 => 100755 e2e/monitor-task.sh mode change 100644 => 100755 e2e/test-extra-common-config.sh mode change 100644 => 100755 e2e/wikipedia-test.sh diff --git a/e2e/druid-ingestion-test.sh b/e2e/druid-ingestion-test.sh old mode 100644 new mode 100755 diff --git a/e2e/e2e.sh b/e2e/e2e.sh old mode 100644 new mode 100755 diff --git a/e2e/kind.sh b/e2e/kind.sh old mode 100644 new mode 100755 diff --git a/e2e/monitor-task.sh b/e2e/monitor-task.sh old mode 100644 new mode 100755 diff --git a/e2e/test-extra-common-config.sh b/e2e/test-extra-common-config.sh old mode 100644 new mode 100755 diff --git a/e2e/wikipedia-test.sh b/e2e/wikipedia-test.sh old mode 100644 new mode 100755 From b4e879013521dce80e69b8e971dd423d3dc9d450 Mon Sep 17 00:00:00 2001 From: Razin Bouzar Date: Sun, 1 Mar 2026 23:01:31 -0500 Subject: [PATCH 3/4] Fix for kind dependency for failing builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit e2e/e2e.sh Two changes: 1. kind upgraded from v0.21.0 to v0.31.0 — the version previously installed was outdated. v0.31.0 is the current stable release. 2. PATH export added after go install — go install puts the kind binary in $(go env GOPATH)/bin, but that directory isn't always on $PATH in CI environments. Without this export, the kind command wouldn't be found immediately after install. 3. make kind-load-local and make kind-load-local-test added after the respective docker push calls — explained below under Makefile. --- e2e/kind.sh The containerdConfigPatches block was removed. That block configured a registry mirror inside the kind cluster so pods could pull images from the local registry at localhost:5001. It worked with containerd v1.x, but kindest/node:v1.35.0 (kind v0.31.0's default node image) ships with containerd v2.2.0, which removed that configuration API entirely. Applying the v1.x TOML patch to a v2.x containerd causes containerd to fail on startup, which in turn causes the kubelet to time out — the error seen in both local and CI runs. --- Makefile Two new targets added, and CONTROLLER_TOOLS_VERSION bumped: 1. kind-load-local and kind-load-local-test — these run kind load docker-image, which injects a local Docker image directly into the kind cluster's containerd image store, bypassing the need for a registry mirror entirely. This replaces what containerdConfigPatches used to do: instead of configuring containerd to pull from the local registry over the network, the image is pre-loaded directly. The chart already sets imagePullPolicy: IfNotPresent, so Kubernetes uses the pre-loaded image without attempting a network pull. 2. CONTROLLER_TOOLS_VERSION bumped from v0.14.0 to v0.20.1 — v0.14.0 depends on golang.org/x/tools@v0.16.1, which fails to compile with Go 1.25+ due to a negative array length constant bug. v0.20.1 is compatible. --- Makefile | 10 +++++++++- e2e/e2e.sh | 9 ++++++--- e2e/kind.sh | 5 ----- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index cd597da7..75964331 100644 --- a/Makefile +++ b/Makefile @@ -129,6 +129,10 @@ docker-build-local-test: ## Build docker image with the manager for test on kind docker-push-local-test: ## Push docker image with the manager to kind registry. docker push ${IMG_KIND}:${TEST_IMG_TAG} +.PHONY: kind-load-local-test +kind-load-local-test: ## Load test docker image into kind cluster directly (no registry mirror needed). + kind load docker-image ${IMG_KIND}:${TEST_IMG_TAG} + .PHONY: deploy-testjob deploy-testjob: ## Run a wikipedia test pod kubectl create job wiki-test --image=${IMG_KIND}:${TEST_IMG_TAG} -- sh /wikipedia-test.sh @@ -194,6 +198,10 @@ docker-build-local: ## Build docker image with the manager for kind registry. docker-push-local: ## Push docker image with the manager to kind registry. docker push ${IMG_KIND}:${IMG_TAG} +.PHONY: kind-load-local +kind-load-local: ## Load docker image into kind cluster directly (no registry mirror needed). + kind load docker-image ${IMG_KIND}:${IMG_TAG} + # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ @@ -269,7 +277,7 @@ RAT_JAR ?= $(LOCALBIN)/apache-rat.jar ## Tool Versions KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.14.0 +CONTROLLER_TOOLS_VERSION ?= v0.20.1 GEN_CRD_API_REF_VERSION ?= v0.3.0 RAT_VERSION ?= 0.17 diff --git a/e2e/e2e.sh b/e2e/e2e.sh index 9c0568fa..4696696c 100755 --- a/e2e/e2e.sh +++ b/e2e/e2e.sh @@ -20,7 +20,8 @@ set -o errexit set -x # Get Kind -go install sigs.k8s.io/kind@v0.21.0 +go install sigs.k8s.io/kind@v0.31.0 +export PATH="$(go env GOPATH)/bin:$PATH" # minio statefulset name MINIO_STS_NAME=myminio-minio # druid namespace @@ -33,12 +34,14 @@ make vet make kind # build local docker druid operator image make docker-build-local -# push to kind registry +# push to kind registry and load directly into kind cluster make docker-push-local +make kind-load-local # build local docker test image make docker-build-local-test -# push to kind registry +# push to kind registry and load directly into kind cluster make docker-push-local-test +make kind-load-local-test # try to install the CRD with make make install # install druid-operator diff --git a/e2e/kind.sh b/e2e/kind.sh index b7850e97..c23a93ea 100755 --- a/e2e/kind.sh +++ b/e2e/kind.sh @@ -36,14 +36,9 @@ then kubectl config use-context kind-kind else -# create a cluster with the local registry enabled in containerd cat < Date: Mon, 2 Mar 2026 22:06:50 -0500 Subject: [PATCH 4/4] Create .asf.yaml --- .asf.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .asf.yaml diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 00000000..48467377 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,34 @@ +# note: documentation can be found here https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features + +github: + description: 'Apache Druid Operator: a Kubernetes operator for Apache Druid.' + homepage: https://druid.apache.org/ + + # Attempt to make the auto-generated github emails more easily readable in email clients. + # Configuration adapted from https://github.com/apache/plc4x/blob/develop/.asf.yaml. + custom_subjects: + new_pr: "[PR] {title} ({repository})" + close_pr: "Re: [PR] {title} ({repository})" + comment_pr: "Re: [PR] {title} ({repository})" + diffcomment: "Re: [PR] {title} ({repository})" + merge_pr: "Re: [PR] {title} ({repository})" + new_issue: "[I] {title} ({repository})" + comment_issue: "Re: [I] {title} ({repository})" + close_issue: "Re: [I] {title} ({repository})" + catchall: "[GH] {title} ({repository})" + new_discussion: "[D] {title} ({repository})" + edit_discussion: "Re: [D] {title} ({repository})" + close_discussion: "Re: [D] {title} ({repository})" + close_discussion_with_comment: "Re: [D] {title} ({repository})" + reopen_discussion: "Re: [D] {title} ({repository})" + new_comment_discussion: "Re: [D] {title} ({repository})" + edit_comment_discussion: "Re: [D] {title} ({repository})" + delete_comment_discussion: "Re: [D] {title} ({repository})" + +notifications: + commits: commits@druid.apache.org + issues: commits@druid.apache.org + discussions: commits@druid.apache.org + pullrequests_status: commits@druid.apache.org + pullrequests_comment: commits@druid.apache.org + pullrequests_bot_dependabot: commits@druid.apache.org