fix bw installation -.-

Fixes #29

.github/workflows/release.yml

@@ -36,7 +36,7 @@ jobs:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Get app version from chart
-        uses: mikefarah/yq@v4.33.3
+        uses: mikefarah/yq@v4.34.1
         id: app_version
         with:
           cmd: yq '.appVersion' charts/bitwarden-crd-operator/Chart.yaml

.github/workflows/test-and-lint.yml

@@ -0,0 +1,55 @@
+name: Lint and Test
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.11.2
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.4.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+  pr-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: "GHCR Build"
+        id: docker_build
+        uses: docker/build-push-action@v4
+        with:
+          push: false
+          platforms: linux/amd64,linux/arm64
+          tags: ghcr.io/lerentis/bitwarden-crd-operator:dev
+

.gitignore

@@ -166,3 +166,5 @@ lib
 lib64
 
 myvalues.yaml
+
+.vscode

Dockerfile

@@ -1,34 +1,45 @@
-FROM alpine:latest as builder
+FROM alpine:3.18.0
-
-ARG BW_VERSION=2023.1.0
-
-RUN apk add wget unzip
-
-RUN cd /tmp && wget https://github.com/bitwarden/clients/releases/download/cli-v${BW_VERSION}/bw-linux-${BW_VERSION}.zip && \
-    unzip /tmp/bw-linux-${BW_VERSION}.zip
-
-FROM alpine:3.17.3
 
 LABEL org.opencontainers.image.source=https://github.com/Lerentis/bitwarden-crd-operator
 LABEL org.opencontainers.image.description="Kubernetes Operator to create k8s secrets from bitwarden"
 LABEL org.opencontainers.image.licenses=MIT
 
-ARG PYTHON_VERSION=3.10.11-r0
+ARG PYTHON_VERSION=3.11.4-r0
-ARG PIP_VERSION=22.3.1-r1
+ARG PIP_VERSION=23.1.2-r0
-ARG GCOMPAT_VERSION=1.1.0-r0
+ARG GCOMPAT_VERSION=1.1.0-r1
-ARG LIBCRYPTO_VERSION=3.0.8-r4
+ARG LIBCRYPTO_VERSION=3.1.0-r4
+ARG BW_VERSION=2023.1.0
 
-COPY --from=builder /tmp/bw /usr/local/bin/bw
+COPY requirements.txt /requirements.txt
-COPY requirements.txt requirements.txt
 
 RUN set -eux; \
+    apk add --virtual build-dependencies wget unzip; \
+    ARCH="$(apk --print-arch)"; \
+    case "${ARCH}" in \
+       aarch64|arm64) \
+          apk add npm; \
+          npm install -g @bitwarden/cli@${BW_VERSION}; \
+         ;; \
+       amd64|x86_64) \
+          cd /tmp; \
+          wget https://github.com/bitwarden/clients/releases/download/cli-v${BW_VERSION}/bw-linux-${BW_VERSION}.zip; \
+          unzip /tmp/bw-linux-${BW_VERSION}.zip; \
+          mv /tmp/bw /usr/local/bin/bw; \
+          chmod +x /usr/local/bin/bw; \
+         ;; \
+       *) \
+         echo "Unsupported arch: ${ARCH}"; \
+         exit 1; \
+         ;; \
+    esac; \
+    apk del --purge build-dependencies; \
     addgroup -S -g 1000 bw-operator; \
     adduser -S -D -u 1000 -G bw-operator bw-operator; \
     mkdir -p /home/bw-operator; \
     chown -R bw-operator /home/bw-operator; \
-    chmod +x /usr/local/bin/bw; \
+    apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py3-pip=${PIP_VERSION} libcrypto3=${LIBCRYPTO_VERSION}; \
-    apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py3-pip=${PIP_VERSION} libcrypto3=${LIBCRYPTO_VERSION} libssl3=${LIBCRYPTO_VERSION}; \
+    pip install -r /requirements.txt --no-warn-script-location; \
-    pip install -r requirements.txt --no-warn-script-location; \
+    rm /requirements.txt; \
     apk del --purge gcc musl-dev libstdc++;
 
 COPY --chown=bw-operator:bw-operator src /home/bw-operator

charts/bitwarden-crd-operator/Chart.yaml

@@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator
 
 type: application
 
-version: "v0.7.1"
+version: "v0.7.4"
 
-appVersion: "0.6.1"
+appVersion: "0.6.4"
 
 keywords:
   - operator
@@ -20,7 +20,7 @@ home: https://lerentis.github.io/bitwarden-crd-operator/
 sources:
   - https://github.com/Lerentis/bitwarden-crd-operator
 
-kubeVersion: '>= 1.23.0-0'
+kubeVersion: ">= 1.23.0-0"
 
 maintainers:
   - name: lerentis
@@ -93,12 +93,10 @@ annotations:
                 enabled: true
   artifacthub.io/license: MIT
   artifacthub.io/operator: "true"
-  artifacthub.io/containsSecurityUpdates: "true"
+  artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/changes: |
     - kind: fixed
-      description: "Fixed fields lookup"
+      description: "Fixed bitwarden installation"
-    - kind: fixed
-      description: "Fixed CVE-2023-1255 in base image"
   artifacthub.io/images: |
     - name: bitwarden-crd-operator
-      image: ghcr.io/lerentis/bitwarden-crd-operator:0.6.1
+      image: ghcr.io/lerentis/bitwarden-crd-operator:0.6.4

charts/bitwarden-crd-operator/values.yaml

@@ -14,15 +14,15 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-#env:
+# env:
-#  - name: BW_HOST
+#   - name: BW_HOST
-#    value: "define_it"
+#     value: "define_it"
-#  - name: BW_CLIENTID
+#   - name: BW_CLIENTID
-#    value: "define_it"
+#     value: "define_it"
-#  - name: BW_CLIENTSECRET
+#   - name: BW_CLIENTSECRET
-#    value: "define_it"
+#     value: "define_it"
-#  - name: BW_PASSWORD
+#   - name: BW_PASSWORD
-#    value: "define_id"
+#     value: "define_id"
 
 externalConfigSecret:
   enabled: false

src/utils/utils.py

@@ -32,9 +32,9 @@ def command_wrapper(logger, command, use_success: bool = True):
         shell=True,
         env=system_env)
     out, err = sp.communicate()
-    resp = json.loads(out.decode(encoding='UTF-8'))
     if "DEBUG" in system_env:
-        logger.info(resp)
+        logger.info(out.decode(encoding='UTF-8'))
+    resp = json.loads(out.decode(encoding='UTF-8'))
     if resp["success"] != None and (not use_success or (use_success and resp["success"] == True)):
         return resp
     logger.warn(resp)