fluxcd · pjbgf · Aug 9, 2022 · Aug 9, 2022 · Aug 9, 2022
diff --git a/api/go.mod b/api/go.mod
@@ -4,8 +4,8 @@ go 1.18
 
 require (
 	github.com/fluxcd/pkg/apis/meta v0.14.2
-	github.com/fluxcd/source-controller/api v0.25.9
-	k8s.io/apimachinery v0.24.1
+	github.com/fluxcd/source-controller/api v0.26.0
+	k8s.io/apimachinery v0.24.3
 	sigs.k8s.io/controller-runtime v0.11.2
 )
 

diff --git a/api/go.sum b/api/go.sum
@@ -21,8 +21,8 @@ github.com/fluxcd/pkg/apis/acl v0.0.3 h1:Lw0ZHdpnO4G7Zy9KjrzwwBmDZQuy4qEjaU/RvA6
 github.com/fluxcd/pkg/apis/acl v0.0.3/go.mod h1:XPts6lRJ9C9fIF9xVWofmQwftvhY25n1ps7W9xw0XLU=
 github.com/fluxcd/pkg/apis/meta v0.14.2 h1:/Hf7I/Vz01vv3m7Qx7DtQvrzAL1oVt0MJcLb/I1Y1HE=
 github.com/fluxcd/pkg/apis/meta v0.14.2/go.mod h1:ijZ61VG/8T3U17gj0aFL3fdtZL+mulD6V8VrLLUCAgM=
-github.com/fluxcd/source-controller/api v0.25.9 h1:hdaBYYNuW3qTcXRMfrxO5paK+UVFL9ApZS495nd7K2w=
-github.com/fluxcd/source-controller/api v0.25.9/go.mod h1:/e7YRDOqb8z8I3N8ifbDF1mknf8zFsoADtS/Q93iWPs=
+github.com/fluxcd/source-controller/api v0.26.0 h1:DOf9R7YLV0lNiIRnaYg5bh8fGbIB6zGbK5vFqejeSAk=
+github.com/fluxcd/source-controller/api v0.26.0/go.mod h1:1W0Xx/GpZ14Z/sOltxjsQKXeCv8zxAqSivbX9e4s+H8=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
@@ -232,8 +232,8 @@ gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA=
-k8s.io/apimachinery v0.24.1 h1:ShD4aDxTQKN5zNf8K1RQ2u98ELLdIW7jEnlO9uAMX/I=
-k8s.io/apimachinery v0.24.1/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apimachinery v0.24.3 h1:hrFiNSA2cBZqllakVYyH/VyEh4B581bQRmqATJSeQTg=
+k8s.io/apimachinery v0.24.3/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=

diff --git a/controllers/imageupdateautomation_controller.go b/controllers/imageupdateautomation_controller.go
@@ -62,7 +62,6 @@ import (
 	"github.com/fluxcd/pkg/runtime/predicates"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 	"github.com/fluxcd/source-controller/pkg/git"
-	gitlibgit2 "github.com/fluxcd/source-controller/pkg/git/libgit2"
 	"github.com/fluxcd/source-controller/pkg/git/libgit2/managed"
 	gitstrat "github.com/fluxcd/source-controller/pkg/git/strategy"
 
@@ -270,21 +269,18 @@ func (r *ImageUpdateAutomationReconciler) Reconcile(ctx context.Context, req ctr
 		return failWithError(err)
 	}
 
-	// managed GIT transport only affects the libgit2 implementation
-	if managed.Enabled() {
-		// We set the TransportOptionsURL of this set of authentication options here by constructing
-		// a unique URL that won't clash in a multi tenant environment. This unique URL is used by
-		// libgit2 managed transports. This enables us to bypass the inbuilt credentials callback in
-		// libgit2, which is inflexible and unstable.
-		// NB: The Transport Options URL must be unique, therefore it must use the object under
-		// reconciliation details, instead of the repository it depends on.
-		if strings.HasPrefix(origin.Spec.URL, "http") {
-			access.auth.TransportOptionsURL = fmt.Sprintf("http://%s/%s/%d", auto.Name, auto.UID, auto.Generation)
-		} else if strings.HasPrefix(origin.Spec.URL, "ssh") {
-			access.auth.TransportOptionsURL = fmt.Sprintf("ssh://%s/%s/%d", auto.Name, auto.UID, auto.Generation)
-		} else {
-			return failWithError(fmt.Errorf("git repository URL '%s' has invalid transport type, supported types are: http, https, ssh", origin.Spec.URL))
-		}
+	// We set the TransportOptionsURL of this set of authentication options here by constructing
+	// a unique URL that won't clash in a multi tenant environment. This unique URL is used by
+	// libgit2 managed transports. This enables us to bypass the inbuilt credentials callback in
+	// libgit2, which is inflexible and unstable.
+	// NB: The Transport Options URL must be unique, therefore it must use the object under
+	// reconciliation details, instead of the repository it depends on.
+	if strings.HasPrefix(origin.Spec.URL, "http") {
+		access.auth.TransportOptionsURL = fmt.Sprintf("http://%s/%s/%d", auto.Name, auto.UID, auto.Generation)
+	} else if strings.HasPrefix(origin.Spec.URL, "ssh") {
+		access.auth.TransportOptionsURL = fmt.Sprintf("ssh://%s/%s/%d", auto.Name, auto.UID, auto.Generation)
+	} else {
+		return failWithError(fmt.Errorf("git repository URL '%s' has invalid transport type, supported types are: http, https, ssh", origin.Spec.URL))
 	}
 
 	// Use the git operations timeout for the repo.
@@ -296,19 +292,17 @@ func (r *ImageUpdateAutomationReconciler) Reconcile(ctx context.Context, req ctr
 	}
 	defer repo.Free()
 
-	if managed.Enabled() {
-		// Checkout removes TransportOptions before returning, therefore this
-		// must happen after cloneInto.
-		// TODO(pjbgf): Git consolidation should improve the API workflow.
-		managed.AddTransportOptions(access.auth.TransportOptionsURL, managed.TransportOptions{
-			TargetURL:    origin.Spec.URL,
-			AuthOpts:     access.auth,
-			ProxyOptions: &libgit2.ProxyOptions{Type: libgit2.ProxyTypeAuto},
-			Context:      cloneCtx,
-		})
+	// Checkout removes TransportOptions before returning, therefore this
+	// must happen after cloneInto.
+	// TODO(pjbgf): Git consolidation should improve the API workflow.
+	managed.AddTransportOptions(access.auth.TransportOptionsURL, managed.TransportOptions{
+		TargetURL:    origin.Spec.URL,
+		AuthOpts:     access.auth,
+		ProxyOptions: &libgit2.ProxyOptions{Type: libgit2.ProxyTypeAuto},
+		Context:      cloneCtx,
+	})
 
-		defer managed.RemoveTransportOptions(access.auth.TransportOptionsURL)
-	}
+	defer managed.RemoveTransportOptions(access.auth.TransportOptionsURL)
 
 	// When there's a push spec, the pushed-to branch is where commits
 	// shall be made
@@ -554,10 +548,6 @@ func (r *ImageUpdateAutomationReconciler) getRepoAccess(ctx context.Context, rep
 	return access, nil
 }
 
-func (r repoAccess) remoteCallbacks(ctx context.Context) libgit2.RemoteCallbacks {
-	return gitlibgit2.RemoteCallbacks(ctx, r.auth)
-}
-
 // cloneInto clones the upstream repository at the `ref` given (which
 // can be `nil`). It returns a `*libgit2.Repository` since that is used
 // for committing changes.
@@ -763,12 +753,9 @@ func switchToBranch(repo *libgit2.Repository, ctx context.Context, branch string
 	}
 	defer origin.Free()
 
-	callbacks := access.remoteCallbacks(ctx)
-	if managed.Enabled() {
-		// Override callbacks with dummy ones as they are not needed within Managed Transport.
-		// However, not setting them may lead to git2go panicing.
-		callbacks = managed.RemoteCallbacks()
-	}
+	// Override callbacks with dummy ones as they are not needed within Managed Transport.
+	// However, not setting them may lead to git2go panicing.
+	callbacks := managed.RemoteCallbacks()
 
 	// Force the fetching of the remote branch.
 	err = origin.Fetch([]string{branch}, &libgit2.FetchOptions{
@@ -866,12 +853,9 @@ func push(ctx context.Context, path, branch string, access repoAccess) error {
 	}
 	defer origin.Free()
 
-	callbacks := access.remoteCallbacks(ctx)
-	if managed.Enabled() {
-		// Override callbacks with dummy ones as they are not needed within Managed Transport.
-		// However, not setting them may lead to git2go panicing.
-		callbacks = managed.RemoteCallbacks()
-	}
+	// Override callbacks with dummy ones as they are not needed within Managed Transport.
+	// However, not setting them may lead to git2go panicing.
+	callbacks := managed.RemoteCallbacks()
 
 	// calling repo.Push will succeed even if a reference update is
 	// rejected; to detect this case, this callback is supplied.

diff --git a/go.mod b/go.mod
@@ -16,30 +16,30 @@ replace github.com/libgit2/git2go/v33 => github.com/pjbgf/git2go/v33 v33.0.9-not
 
 require (
 	github.com/Masterminds/sprig/v3 v3.2.2
-	github.com/ProtonMail/go-crypto v0.0.0-20220714114130-e85cedf506cd
+	github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/fluxcd/image-automation-controller/api v0.23.5
-	github.com/fluxcd/image-reflector-controller/api v0.19.3
+	github.com/fluxcd/image-reflector-controller/api v0.20.0
 	github.com/fluxcd/pkg/apis/acl v0.0.3
 	github.com/fluxcd/pkg/apis/meta v0.14.2
 	github.com/fluxcd/pkg/gittestserver v0.6.0
 	github.com/fluxcd/pkg/runtime v0.16.2
 	github.com/fluxcd/pkg/ssh v0.5.0
-	github.com/fluxcd/source-controller v0.25.10
-	github.com/fluxcd/source-controller/api v0.25.10
+	github.com/fluxcd/source-controller v0.26.0
+	github.com/fluxcd/source-controller/api v0.26.0
 	github.com/go-logr/logr v1.2.3
 	github.com/google/go-containerregistry v0.11.0
 	github.com/libgit2/git2go/v33 v33.0.9
 	github.com/onsi/gomega v1.20.0
 	github.com/otiai10/copy v1.7.0
 	github.com/spf13/pflag v1.0.5
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
-	k8s.io/api v0.24.2
-	k8s.io/apimachinery v0.24.2
-	k8s.io/client-go v0.24.2
-	k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8
+	k8s.io/api v0.24.3
+	k8s.io/apimachinery v0.24.3
+	k8s.io/client-go v0.24.3
+	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea
 	sigs.k8s.io/controller-runtime v0.11.2
-	sigs.k8s.io/kustomize/kyaml v0.13.7
+	sigs.k8s.io/kustomize/kyaml v0.13.9
 )
 
 // Fix CVE-2022-28948
@@ -56,12 +56,11 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cloudflare/circl v1.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
@@ -76,13 +75,13 @@ require (
 	github.com/go-git/go-git/v5 v5.4.2 // indirect
 	github.com/go-logr/zapr v1.2.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/swag v0.21.1 // indirect
 	github.com/gofrs/uuid v4.2.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
@@ -96,7 +95,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/matryer/is v1.4.0 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -118,16 +117,16 @@ require (
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/cobra v1.5.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.1 // indirect
-	github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect
+	github.com/xlab/treeprint v1.1.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
 	golang.org/x/net v0.0.0-20220708220712-1185a9018129 // indirect
 	golang.org/x/oauth2 v0.0.0-20220718184931-c8730f7fcb92 // indirect
 	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
 	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
@@ -140,7 +139,7 @@ require (
 	k8s.io/klog/v2 v2.60.1 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	sigs.k8s.io/cli-utils v0.31.2 // indirect
-	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )