Merge branch 'main' into 1640_helm_templates_correspond

defenseunicorns · Jan 14, 2025 · 07a02c9 · 07a02c9
2 parents a1995fe + a4a942f
commit 07a02c9
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 19 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/fixtures/loader.ts b/src/fixtures/loader.ts
@@ -6,11 +6,11 @@ import admissionRequestDeletePod from "./data/admission-delete-pod.json";
 import admissionRequestCreateClusterRole from "./data/admission-create-clusterrole.json";
 import admissionRequestCreateDeployment from "./data/admission-create-deployment.json";
 
-export function AdmissionRequestCreateDeployment() {
+export function AdmissionRequestCreateDeployment(): AdmissionRequest<kind.Deployment> {
   return cloneObject<kind.Deployment>(admissionRequestCreateDeployment);
 }
 
-export function AdmissionRequestCreatePod() {
+export function AdmissionRequestCreatePod(): AdmissionRequest<kind.Pod> {
   return cloneObject<kind.Pod>(admissionRequestCreatePod);
 }
 

diff --git a/src/lib/assets/assets.ts b/src/lib/assets/assets.ts
@@ -33,7 +33,6 @@ export class Assets {
 
   image: string;
   buildTimestamp: string;
-  hash: string;
 
   constructor(
     readonly config: ModuleConfig,
@@ -44,18 +43,13 @@ export class Assets {
     this.buildTimestamp = `${Date.now()}`;
     this.alwaysIgnore = config.alwaysIgnore;
     this.image = `ghcr.io/defenseunicorns/pepr/controller:v${config.peprVersion}`;
-    this.hash = "";
     // Generate the ephemeral tls things
     this.tls = genTLS(this.host || `${this.name}.pepr-system.svc`);
 
     // Generate the api token for the controller / webhook
     this.apiToken = crypto.randomBytes(32).toString("hex");
   }
 
-  setHash = (hash: string): void => {
-    this.hash = hash;
-  };
-
   deploy = async (force: boolean, webhookTimeout?: number): Promise<void> => {
     this.capabilities = await loadCapabilities(this.path);
     await deploy(this, force, webhookTimeout);
@@ -79,19 +73,18 @@ export class Assets {
 
     const code = await fs.readFile(this.path);
 
-    // Generate a hash of the code
-    this.hash = crypto.createHash("sha256").update(code).digest("hex");
+    const moduleHash = crypto.createHash("sha256").update(code).digest("hex");
 
     const deployments = {
-      default: getDeployment(this, this.hash, this.buildTimestamp, imagePullSecret),
-      watch: getWatcher(this, this.hash, this.buildTimestamp, imagePullSecret),
+      default: getDeployment(this, moduleHash, this.buildTimestamp, imagePullSecret),
+      watch: getWatcher(this, moduleHash, this.buildTimestamp, imagePullSecret),
     };
 
     const assetsInputs = {
       apiToken: this.apiToken,
       capabilities: this.capabilities,
       config: this.config,
-      hash: this.hash,
+      hash: moduleHash,
       name: this.name,
       path: this.path,
       tls: this.tls,
@@ -129,6 +122,7 @@ export class Assets {
       );
 
       const code = await fs.readFile(this.path);
+      const moduleHash = crypto.createHash("sha256").update(code).digest("hex");
 
       const pairs: [string, () => string][] = [
         [helm.files.chartYaml, (): string => dedent(chartYaml(this.config.uuid, this.config.description || ""))],
@@ -142,12 +136,12 @@ export class Assets {
         [helm.files.clusterRoleYaml, (): string => dedent(clusterRoleTemplate())],
         [helm.files.clusterRoleBindingYaml, (): string => toYaml(clusterRoleBinding(this.name))],
         [helm.files.serviceAccountYaml, (): string => toYaml(serviceAccount(this.name))],
-        [helm.files.moduleSecretYaml, (): string => toYaml(getModuleSecret(this.name, code, this.hash))],
+        [helm.files.moduleSecretYaml, (): string => toYaml(getModuleSecret(this.name, code, moduleHash))],
       ];
       await Promise.all(pairs.map(async ([file, content]) => await fs.writeFile(file, content())));
 
       const overrideData = {
-        hash: this.hash,
+        hash: moduleHash,
         name: this.name,
         image: this.image,
         config: this.config,
@@ -163,7 +157,7 @@ export class Assets {
 
       await this.writeWebhookFiles(validateWebhook, mutateWebhook, helm);
 
-      const watchDeployment = getWatcher(this, this.hash, this.buildTimestamp);
+      const watchDeployment = getWatcher(this, moduleHash, this.buildTimestamp);
       if (watchDeployment) {
         await fs.writeFile(helm.files.watcherDeploymentYaml, dedent(watcherDeployTemplate(this.buildTimestamp)));
         await fs.writeFile(helm.files.watcherServiceMonitorYaml, dedent(serviceMonitorTemplate("watcher")));