Merge remote-tracking branch 'common-upstream/main' into common-automatic-update

Author: mbaldessari

common/golang-external-secrets/Chart.yaml

@@ -6,6 +6,6 @@ name: golang-external-secrets
 version: 0.0.3
 dependencies:
   - name: external-secrets
-    version: "0.9.10"
+    version: "0.9.11"
     repository: "https://charts.external-secrets.io"
     #"https://external-secrets.github.io/kubernetes-external-secrets"

common/golang-external-secrets/charts/external-secrets-0.9.10.tgz

@@ -27,10 +27,10 @@ clusterGroup:
 
 external-secrets:
   image:
-    tag: v0.9.10-ubi
+    tag: v0.9.11-ubi
   webhook:
     image:
-      tag: v0.9.10-ubi
+      tag: v0.9.11-ubi
   certController:
     image:
-      tag: v0.9.10-ubi
+      tag: v0.9.11-ubi

common/golang-external-secrets/charts/external-secrets-0.9.11.tgz

@@ -1,19 +1,45 @@
 #!/bin/bash
 
+function is_available {
+  command -v $1 >/dev/null 2>&1 || { echo >&2 "$1 is required but it's not installed. Aborting."; exit 1; }
+}
+
+function version {
+    echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'
+}
+
 if [ -z "$PATTERN_UTILITY_CONTAINER" ]; then
 	PATTERN_UTILITY_CONTAINER="quay.io/hybridcloudpatterns/utility-container"
 fi
 
+readonly commands=(podman)
+for cmd in ${commands[@]}; do is_available "$cmd"; done
+
 UNSUPPORTED_PODMAN_VERSIONS="1.6 1.5"
+PODMAN_VERSION_STR=$(podman --version)
 for i in ${UNSUPPORTED_PODMAN_VERSIONS}; do
 	# We add a space
-	if podman --version | grep -q -E "\b${i}"; then
-		echo "Unsupported podman version. We recommend >= 4.2.0"
+	if echo "${PODMAN_VERSION_STR}" | grep -q -E "\b${i}"; then
+		echo "Unsupported podman version. We recommend > 4.3.0"
 		podman --version
 		exit 1
 	fi
 done
 
+# podman --version outputs:
+# podman version 4.8.2
+PODMAN_VERSION=$(echo "${PODMAN_VERSION_STR}" | awk '{ print $NF }')
+
+# podman < 4.3.0 do not support keep-id:uid=...
+if [ $(version "${PODMAN_VERSION}") -lt $(version "4.3.0") ]; then
+    PODMAN_ARGS="-v ${HOME}:/root"
+else
+    # We do not rely on bash's $UID and $GID because on MacOSX $GID is not set
+    MYUID=$(id -u)
+    MYGID=$(id -g)
+    PODMAN_ARGS="--user ${MYUID}:${MYGID} --userns keep-id:uid=${MYUID},gid=${MYGID}"
+fi
+
 if [ -n "$KUBECONFIG" ]; then
     if [[ ! "${KUBECONFIG}" =~ ^$HOME* ]]; then
         echo "${KUBECONFIG} is pointing outside of the HOME folder, this will make it unavailable from the container."
@@ -25,15 +51,13 @@ fi
 # $HOME is mounted as itself for any files that are referenced with absolute paths
 # $HOME is mounted to /root because the UID in the container is 0 and that's where SSH looks for credentials
 
-# Do not quote the ${KUBECONF_ENV} below, otherwise we will pass '' to podman
-# which will be confused
 podman run -it --rm --pull=newer \
 	--security-opt label=disable \
 	-e EXTRA_HELM_OPTS \
 	-e KUBECONFIG \
 	-v "${HOME}":"${HOME}" \
 	-v "${HOME}":/pattern-home \
-	-v "${HOME}":/root \
+	${PODMAN_ARGS} \
 	-w "$(pwd)" \
 	"$PATTERN_UTILITY_CONTAINER" \
 	$@