fix(ci): remove harpoon from workflow

.github/ISSUE_TEMPLATE/bug_report.md

@@ -9,7 +9,7 @@ assignees: ''
 
 <!--
 Thanks for taking time reporting a Capsule bug!
-  
+
 -->
 
 # Bug description

.github/ISSUE_TEMPLATE/feature_request.md

@@ -32,4 +32,4 @@ How would the new interaction with Capsule look like? E.g.
 Feel free to add a diagram if that helps explain things.
 
 # Expected behavior
-A clear and concise description of what you expect to happen.
+A clear and concise description of what you expect to happen.

.github/configs/lintconf.yaml

@@ -6,6 +6,11 @@ ignore:
 rules:
   truthy:
     level: warning
+    allowed-values:
+    - "true"
+    - "false"
+    - "on"
+    - "off"
     check-keys: false
   braces:
     min-spaces-inside: 0

.github/workflows/coverage.yml

@@ -14,28 +14,6 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  compliance:
-    name: "License Compliance"
-    runs-on: ubuntu-24.04
-    steps:
-      - name: "Checkout Code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Check secret
-        id: checksecret
-        uses: ./.github/actions/exists
-        with:
-          value: ${{ secrets.FOSSA_API_KEY }}
-      - name: "Run FOSSA Scan"
-        if: steps.checksecret.outputs.result == 'true'
-        uses: fossas/fossa-action@c0a7d013f84c8ee5e910593186598625513cc1e4 # v1.6.0
-        with:
-          api-key: ${{ secrets.FOSSA_API_KEY }}
-      - name: "Run FOSSA Test"
-        if: steps.checksecret.outputs.result == 'true'
-        uses: fossas/fossa-action@c0a7d013f84c8ee5e910593186598625513cc1e4 # v1.6.0
-        with:
-          api-key: ${{ secrets.FOSSA_API_KEY }}
-          run-tests: true
   sast:
     name: "SAST"
     runs-on: ubuntu-24.04

.github/workflows/e2e.yml

@@ -34,14 +34,5 @@ jobs:
       - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
         with:
           version: v3.14.2
-      - name: unit tracing
-        run: sudo make trace-unit
-      - name: e2e tracing
-        run: sudo make trace-e2e
-      - name: build seccomp profile
-        run: make seccomp
-      - name: upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: capsule-seccomp
-          path: capsule-seccomp.json
+      - name: e2e testing
+        run: make e2e

.github/workflows/releaser.yml

@@ -11,41 +11,40 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  seccomp-generation:
-    name: Seccomp Generation
-    strategy:
-      fail-fast: false
-      matrix:
-        # differently from the e2e workflow
-        # we don't need all the versions of kubernetes
-        # to generate the seccomp profile.
-        k8s-version:
-          - "v1.30.0"
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
-        with:
-          go-version-file: 'go.mod'
-      - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
-        with:
-          version: v3.14.2
-      - name: unit tracing
-        run: sudo make trace-unit
-      - name: e2e tracing
-        run: sudo KIND_K8S_VERSION=${{ matrix.k8s-version }} make trace-e2e
-      - name: build seccomp profile
-        run: make seccomp
-      - name: upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: capsule-seccomp
-          path: capsule-seccomp.json
-
+  # seccomp-generation:
+  #  name: Seccomp Generation
+  #  strategy:
+  #    fail-fast: false
+  #    matrix:
+  #      # differently from the e2e workflow
+  #      # we don't need all the versions of kubernetes
+  #      # to generate the seccomp profile.
+  #      k8s-version:
+  #        - "v1.30.0"
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+  #      with:
+  #        fetch-depth: 0
+  #    - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+  #      with:
+  #        go-version-file: 'go.mod'
+  #    - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+  #      with:
+  #        version: v3.14.2
+  #    - name: unit tracing
+  #      run: sudo make trace-unit
+  #    - name: e2e tracing
+  #      run: sudo KIND_K8S_VERSION=${{ matrix.k8s-version }} make trace-e2e
+  #    - name: build seccomp profile
+  #      run: make seccomp
+  #    - name: upload artifact
+  #      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+  #      with:
+  #        name: capsule-seccomp
+  #        path: capsule-seccomp.json
   create-release:
-    needs: seccomp-generation
+    # needs: seccomp-generation
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -66,12 +65,12 @@ jobs:
       - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
       - uses: anchore/sbom-action/download-syft@9f7302141466aa6482940f15371237e9d9f4c34a
       - name: Install Cosign
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
-      - name: download artifact
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: capsule-seccomp
-          path: ./capsule-seccomp.json
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+      # - name: download artifact
+      #  uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+      #  with:
+      #    name: capsule-seccomp
+      #    path: ./capsule-seccomp.json
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
         with:

.goreleaser.yml

@@ -56,8 +56,8 @@ release:
 
 
     Thanks to all the contributors! 🚀 🦄
-  extra_files:
-    - glob: ./capsule-seccomp.json
+  # extra_files:
+  #  - glob: ./capsule-seccomp.json
 checksum:
   name_template: 'checksums.txt'
 changelog:

.pre-commit-config.yaml

@@ -35,24 +35,8 @@ repos:
     entry: make helm-lint
     language: system
     files: ^charts/
-  # Currently too slow smw
-  # - id: golangci-lint
-  #   name: Execute golangci-lint
-  #   entry: make golint
-  #   language: system
-  #   files: \.go$
-# - repo: https://github.com/tekwizely/pre-commit-golang
-#  rev: v1.0.0-rc.1
-#  hooks:
-#  - id: go-vet
-#  - id: go-vet-mod
-#  - id: go-vet-pkg
-#  - id: go-vet-repo-mod
-#  - id: go-vet-repo-pkg
-#  - id: go-revive
-#  - id: go-revive-mod
-#  - id: go-revive-repo-mod
-#  - id: go-sec-mod
-#  - id: go-sec-pkg
-#  - id: go-sec-repo-mod
-#  - id: go-sec-repo-pkg
+  - id: golangci-lint
+    name: Execute golangci-lint
+    entry: make golint
+    language: system
+    files: \.go$

ADOPTERS.md

@@ -7,6 +7,9 @@ This is a list of companies that have adopted Capsule, feel free to open a Pull-
 ### [Bedag Informatik AG](https://www.bedag.ch/)
 ![Bedag](https://www.bedag.ch/wGlobal/wGlobal/layout/images/logo.svg)
 
+### [Begasoft AG](https://www.begasoft.ch)
+![Begasoft](./assets/adopters/begasoft.png)
+
 ### [Department of Defense](https://www.defense.gov/)
 ![United States Department of Defense](https://www.access-board.gov/images/dod-seal.png)
 

CHANGELOG.md

@@ -7,4 +7,4 @@ See the [Releases](https://github.com/projectcapsule/capsule/releases)
 
 ## Helm Chart
 
-For the helm chart, a dedicated changelog is created based on the chart's annotations ([See](./DEVELOPMENT.md#helm-changelog)).
+For the helm chart, a dedicated changelog is created based on the chart's annotations ([See](./DEVELOPMENT.md#helm-changelog)).

CONTRIBUTING.md

@@ -45,7 +45,7 @@ Prereleases are marked as `-rc.x` (release candidate) and may refere to any type
 
 The pull request title is checked according to the described [semantics](#semantics) (pull requests don't require a scope). However pull requests are currently not used to generate the changelog. Check if your pull requests body meets the following criteria:
 
-- reference a previously opened issue: https://docs.github.com/en/github/writing-on-github/autolinked-references-and-urls#issues-and-pull-requests 
+- reference a previously opened issue: https://docs.github.com/en/github/writing-on-github/autolinked-references-and-urls#issues-and-pull-requests
 - splitting changes into several and documented small commits
 - limit the git subject to 50 characters and write as the continuation of the
   sentence "If applied, this commit will ..."
@@ -104,7 +104,7 @@ To reorganise your commits, do the following (or use your way of doing it):
 
 
 1. Pull upstream changes
-   
+
 ```bash
 git remote add upstream [email protected]:projectcapsule/capsule.git
 git pull upstream main
@@ -186,4 +186,3 @@ The following types are allowed for commits and pull requests:
   * `fix`: bug fixes
   * `test`: test related changes
   * `sec`: security related changes
-

DEPENDENCY.md

@@ -23,10 +23,10 @@ Capsule maintainers must follow these guidelines when consuming third-party pack
 
 When adding a new third-party package to Capsule, maintainers must follow these steps:
 
-1. Evaluate the need for the package. Is it necessary for the functionality of Capsule? 
-2. Research the package. Is it well-maintained? Does it have a good reputation? 
-3. Choose a version of the package. Use the latest version whenever possible. 
-4. Pin the package to the specific version in the Capsule codebase. 
+1. Evaluate the need for the package. Is it necessary for the functionality of Capsule?
+2. Research the package. Is it well-maintained? Does it have a good reputation?
+3. Choose a version of the package. Use the latest version whenever possible.
+4. Pin the package to the specific version in the Capsule codebase.
 5. Update the Capsule documentation to reflect the new dependency.
 
 ## Archive/Deprecation

DEVELOPMENT.md

@@ -60,7 +60,7 @@ To achieve that, there are some necessary steps we need to walk through, which h
 
 So the TL;DR answer is:
 
-**Make sure a *KinD* cluster is running on your laptop, and then run `make dev-setup` to setup the dev environment.**. This is not done in the `make dev-setup` setup. 
+**Make sure a *KinD* cluster is running on your laptop, and then run `make dev-setup` to setup the dev environment.**. This is not done in the `make dev-setup` setup.
 
 ```bash
 # If you haven't installed or run `make deploy` before, do it first
@@ -222,12 +222,12 @@ time="2023-10-23T13:45:08Z" level=info msg="Found Chart directories [charts/caps
 time="2023-10-23T13:45:08Z" level=info msg="Generating README Documentation for chart /helm-docs/charts/capsule"
 ```
 
-This will update the documentation for the chart in the `README.md` file. 
+This will update the documentation for the chart in the `README.md` file.
 
-### Helm Changelog 
+### Helm Changelog
 
 The `version` of the chart does not require a bump, since it's driven by our release process. The `appVersion` of the chart is the version of the Capsule project. This is the version that should be bumped when a new Capsule version is released. This will be done by the maintainers.
 
 To create the proper changelog for the helm chart, all changes which affect the helm chart must be documented as chart annotation. See all the available [chart annotations](https://artifacthub.io/docs/topics/annotations/helm/).
 
-This annotation can be provided using two different formats: using a plain list of strings with the description of the change or using a list of objects with some extra structured information (see example below). Please feel free to use the one that better suits your needs. The UI experience will be slightly different depending on the choice. When using the list of objects option the valid supported kinds are `added`, `changed`, `deprecated`, `removed`, `fixed` and `security`.
+This annotation can be provided using two different formats: using a plain list of strings with the description of the change or using a list of objects with some extra structured information (see example below). Please feel free to use the one that better suits your needs. The UI experience will be slightly different depending on the choice. When using the list of objects option the valid supported kinds are `added`, `changed`, `deprecated`, `removed`, `fixed` and `security`.

GOVERNANCE.md

@@ -77,7 +77,7 @@ Maintainers who are selected will be granted the necessary GitHub rights.
 Maintainers may resign at any time if they feel that they will not be able to
 continue fulfilling their project duties.
 
-Maintainers may also be removed after being inactive, failure to fulfill their 
+Maintainers may also be removed after being inactive, failure to fulfill their
 Maintainer responsibilities, violating the Code of Conduct, or other reasons.
 A Maintainer may be removed at any time by a 2/3 vote of the remaining maintainers.
 
@@ -88,7 +88,7 @@ and can be rapidly returned to Maintainer status if their availability changes.
 ## Meetings
 
 Time zones permitting, Maintainers are expected to participate in the public
-developer meeting and/or public discussions.  
+developer meeting and/or public discussions.
 
 Maintainers will also have closed meetings in order to discuss security reports
 or Code of Conduct violations. Such meetings should be scheduled by any
@@ -110,7 +110,7 @@ violations by community members will be discussed and resolved in private Mainta
 
 The Maintainers will appoint a Security Response Team to handle security reports.
 This committee may simply consist of the Maintainer Council themselves.  If this
-responsibility is delegated, the Maintainers will appoint a team of at least two 
+responsibility is delegated, the Maintainers will appoint a team of at least two
 contributors to handle it.  The Maintainers will review who is assigned to this
 at least once a year.
 
@@ -119,15 +119,15 @@ holes and breaches according to the [security policy](TODO:Link to security.md).
 
 ## Voting
 
-While most business in Capsule Project is conducted by "[lazy consensus](https://community.apache.org/committers/lazyConsensus.html)", 
+While most business in Capsule Project is conducted by "[lazy consensus](https://community.apache.org/committers/lazyConsensus.html)",
 periodically the Maintainers may need to vote on specific actions or changes.
 Any Maintainer may demand a vote be taken.
 
 Most votes require a simple majority of all Maintainers to succeed, except where
-otherwise noted. Two-thirds majority votes mean at least two-thirds of all 
+otherwise noted. Two-thirds majority votes mean at least two-thirds of all
 existing maintainers.
 
 ## Modifying this Charter
 
-Changes to this Governance and its supporting documents may be approved by 
-a 2/3 vote of the Maintainers.
+Changes to this Governance and its supporting documents may be approved by
+a 2/3 vote of the Maintainers.

MAINTAINERS.md

@@ -10,4 +10,4 @@ The current Maintainers Group for the [TODO: Projectname] Project consists of:
 
 This list must be kept in sync with the [CNCF Project Maintainers list](https://github.com/cncf/foundation/blob/master/project-maintainers.csv).
 
-See [the project Governance](GOVERNANCE.md) for how maintainers are selected and replaced.
+See [the project Governance](GOVERNANCE.md) for how maintainers are selected and replaced.

ROADMAP.md

@@ -1,3 +1,3 @@
 # Roadmap
 
-future features and fixes are planned with [release milestones on GitHub](https://github.com/projectcapsule/capsule/milestones?direction=asc&sort=due_date&state=open). You can influence the roadmap by opening issues or joining our community meetings.
+future features and fixes are planned with [release milestones on GitHub](https://github.com/projectcapsule/capsule/milestones?direction=asc&sort=due_date&state=open). You can influence the roadmap by opening issues or joining our community meetings.

SELF_ASSESSMENT.md

@@ -81,7 +81,7 @@ Capsule was accepted as a CNCF sandbox project in December 2022.
 It's the Operator which provides all the multi-tenant capabilities offered by Capsule.
 It's made of two internal components, such as the webhooks server (known as _policy engine_), and the _tenant controller_.
 
-**Capsule Tenant Controller** 
+**Capsule Tenant Controller**
 
 The controller is responsible for managing the tenants by reconciling the required objects at the Namespace level, such as _Network Policy_, _LimitRange_, _ResourceQuota_, _Role Binding_, as well as labelling the Namespace objects belonging to a Tenant according to their desired metadata.
 It is responsible for binding Namespaces to the selected Tenant, and managing their lifecycle.
@@ -90,10 +90,10 @@ Furthermore, the manager can replicate objects thanks to the **Tenant Resource**
 
 The replicated resources are dynamically created, and replicated by Capsule itself, as well as preserving the deletion of these objects by the Tenant owner.
 
-**Capsule Tenant Controller (Policy Engine)** 
+**Capsule Tenant Controller (Policy Engine)**
 
 Policies are defined on a Tenant basis: therefore the policy engine is enforcing these policies on the tenants's Namespaces and their children's resources.
-The Policy Engine is currently not a dedicated component, but a part of the Capsule Tenant Controller. 
+The Policy Engine is currently not a dedicated component, but a part of the Capsule Tenant Controller.
 
 The webhook server, also known as the policy engine, interpolates the Tenant rules and takes full advantage of the dynamic admission controllers offered by Kubernetes itself (such as `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration`).
 Thanks to the _policy engine_ the cluster administrators can enforce specific rules such as preventing _Pod_ objects from untrusted registries to run or preventing the creation of _PersistentVolumeClaim_ resources using a non-allowed _StorageClass_, etc.
@@ -152,7 +152,7 @@ This is a further abstraction from having cluster defaults (eg. default `Storage
 
 **General**
 
-* **Control Plane**: Capsule can't mimic for each tenant a feeling of a dedicated control plane. 
+* **Control Plane**: Capsule can't mimic for each tenant a feeling of a dedicated control plane.
 
 * **Custom Resource Definitions**: Capsule doesn't want to provide virtual cluster capabilities and it's sticking to the native Kubernetes user experience and design; rather, its focus is to provide a governance solution by focusing on resource optimization and security lockdown.
 

charts/capsule/crds/capsule.clastix.io_capsuleconfigurations.patch

@@ -11,4 +11,4 @@ spec:
         {{- include "capsule.webhooks.service" (dict "path" "/convert" "ctx" $) | nindent 8 }}
       conversionReviewVersions:
         - v1beta1
-        - v1beta2
+        - v1beta2

charts/capsule/crds/capsule.clastix.io_tenants.patch

@@ -11,4 +11,4 @@ spec:
         {{- include "capsule.webhooks.service" (dict "path" "/convert" "ctx" $) | nindent 8 }}
       conversionReviewVersions:
         - v1beta1
-        - v1beta2
+        - v1beta2