scorecard: make config a componentconfig, scaffold config kustomization on init

changelog/fragments/scorecard-config-scaffold.yaml

@@ -0,0 +1,9 @@
+entries:
+  - description: Implemented the scorecard config as a componentconfig object
+    kind: change
+    breaking: true
+    migration:
+      header: Update your scorecard config file to the new format
+      body: See the updated scorecard [config documentation](https://sdk.operatorframework.io/docs/scorecard/scorecard/#config-file) for details.
+  - description: Added `config/scorecard` kustomize scaffolds to `init`
+    kind: addition

cmd/operator-sdk/generate/bundle/bundle.go

@@ -35,6 +35,7 @@ import (
 	"github.com/operator-framework/operator-sdk/internal/registry"
 	"github.com/operator-framework/operator-sdk/internal/scorecard"
 	"github.com/operator-framework/operator-sdk/internal/util/projutil"
+	"github.com/operator-framework/operator-sdk/pkg/apis/scorecard/v1alpha3"
 )
 
 const (
@@ -218,13 +219,37 @@ func (c bundleCmd) runManifests(cfg *config.Config) (err error) {
 		}
 	}
 
+	// Write the scorecard config if it was passed.
+	if err := writeScorecardConfig(c.outputDir, col.ScorecardConfig); err != nil {
+		return fmt.Errorf("error writing bundle scorecard config: %v", err)
+	}
+
 	if !c.quiet && !c.stdout {
 		fmt.Println("Bundle manifests generated successfully in", c.outputDir)
 	}
 
 	return nil
 }
 
+// writeScorecardConfig writes cfg to dir at the hard-coded config path 'config.yaml'.
+func writeScorecardConfig(dir string, cfg v1alpha3.Configuration) error {
+	if cfg.Metadata.Name == "" {
+		return nil
+	}
+
+	b, err := yaml.Marshal(cfg)
+	if err != nil {
+		return err
+	}
+
+	cfgDir := filepath.Join(dir, filepath.FromSlash(scorecard.DefaultConfigDir))
+	if err := os.MkdirAll(cfgDir, 0755); err != nil {
+		return err
+	}
+	scorecardConfigPath := filepath.Join(cfgDir, scorecard.ConfigFileName)
+	return ioutil.WriteFile(scorecardConfigPath, b, 0666)
+}
+
 // validateMetadata validates c for bundle metadata generation.
 func (c bundleCmd) validateMetadata(*config.Config) (err error) {
 	// Ensure a default channel is present.
@@ -282,6 +307,8 @@ func (c bundleCmd) generateMetadata(cfg *config.Config, manifestsDir, outputDir
 	return nil
 }
 
+// TODO(estroz): these updates need to be atomic because the bundle's Dockerfile and annotations.yaml
+// cannot be out-of-sync.
 func updateMetadata(cfg *config.Config, bundleRoot string) error {
 	bundleLabels := metricsannotations.MakeBundleMetadataLabels(cfg)
 	for key, value := range scorecardannotations.MakeBundleMetadataLabels(scorecard.DefaultConfigDir) {
@@ -292,8 +319,6 @@ func updateMetadata(cfg *config.Config, bundleRoot string) error {
 	}
 
 	// Write labels to bundle Dockerfile.
-	// NB(estroz): these "rewrites" need to be atomic because the bundle's Dockerfile and annotations.yaml
-	// cannot be out-of-sync.
 	if err := rewriteDockerfileLabels(bundle.DockerFile, bundleLabels); err != nil {
 		return fmt.Errorf("error writing LABEL's in %s: %v", bundle.DockerFile, err)
 	}
@@ -303,7 +328,8 @@ func updateMetadata(cfg *config.Config, bundleRoot string) error {
 
 	// Add a COPY for the scorecard config to bundle Dockerfile.
 	// TODO: change input config path to be a flag-based value.
-	err := writeDockerfileCOPYScorecardConfig(bundle.DockerFile, filepath.FromSlash(scorecard.DefaultConfigDir))
+	localScorecardConfigPath := filepath.Join(bundleRoot, filepath.FromSlash(scorecard.DefaultConfigDir))
+	err := writeDockerfileCOPYScorecardConfig(bundle.DockerFile, localScorecardConfigPath)
 	if err != nil {
 		return fmt.Errorf("error writing scorecard config COPY in %s: %v", bundle.DockerFile, err)
 	}

cmd/operator-sdk/generate/kustomize/manifests.go

@@ -153,6 +153,7 @@ func (c *manifestsCmd) setDefaults(cfg *config.Config) {
 const manifestsKustomization = `resources:
 - ../default
 - ../samples
+- ../scorecard
 `
 
 // run generates kustomize bundle bases and a kustomization.yaml if one does not exist.

internal/generate/collector/collect.go

@@ -16,6 +16,7 @@ package collector
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -32,6 +33,7 @@ import (
 	"sigs.k8s.io/yaml"
 
 	"github.com/operator-framework/operator-sdk/internal/util/k8sutil"
+	scorecardv1alpha3 "github.com/operator-framework/operator-sdk/pkg/apis/scorecard/v1alpha3"
 )
 
 // Manifests holds a collector of all manifests relevant to CSV updates.
@@ -44,7 +46,9 @@ type Manifests struct {
 	ValidatingWebhooks               []admissionregv1.ValidatingWebhook
 	MutatingWebhooks                 []admissionregv1.MutatingWebhook
 	CustomResources                  []unstructured.Unstructured
-	Others                           []unstructured.Unstructured
+	ScorecardConfig                  scorecardv1alpha3.Configuration
+
+	Others []unstructured.Unstructured
 }
 
 // UpdateFromDirs adds Roles, ClusterRoles, Deployments, and Custom Resource examples
@@ -85,6 +89,10 @@ func (c *Manifests) UpdateFromDirs(deployDir, crdsDir string) error {
 				err = c.addValidatingWebhookConfigurations(manifest)
 			case "MutatingWebhookConfiguration":
 				err = c.addMutatingWebhookConfigurations(manifest)
+			case scorecardv1alpha3.ConfigurationKind:
+				if gvk.GroupVersion() == scorecardv1alpha3.SchemeGroupVersion {
+					err = c.addScorecardConfig(manifest)
+				}
 			default:
 				err = c.addOthers(manifest)
 			}
@@ -145,6 +153,10 @@ func (c *Manifests) UpdateFromReader(r io.Reader) error {
 			err = c.addValidatingWebhookConfigurations(manifest)
 		case "MutatingWebhookConfiguration":
 			err = c.addMutatingWebhookConfigurations(manifest)
+		case scorecardv1alpha3.ConfigurationKind:
+			if gvk.GroupVersion() == scorecardv1alpha3.SchemeGroupVersion {
+				err = c.addScorecardConfig(manifest)
+			}
 		default:
 			err = c.addOthers(manifest)
 		}
@@ -167,7 +179,7 @@ func (c *Manifests) UpdateFromReader(r io.Reader) error {
 	return nil
 }
 
-// addRoles assumes add manifest data in rawManifests are Roles and adds them
+// addRoles assumes all manifest data in rawManifests are Roles and adds them
 // to the collector.
 func (c *Manifests) addRoles(rawManifests ...[]byte) error {
 	for _, rawManifest := range rawManifests {
@@ -180,7 +192,7 @@ func (c *Manifests) addRoles(rawManifests ...[]byte) error {
 	return nil
 }
 
-// addClusterRoles assumes add manifest data in rawManifests are ClusterRoles
+// addClusterRoles assumes all manifest data in rawManifests are ClusterRoles
 // and adds them to the collector.
 func (c *Manifests) addClusterRoles(rawManifests ...[]byte) error {
 	for _, rawManifest := range rawManifests {
@@ -193,7 +205,7 @@ func (c *Manifests) addClusterRoles(rawManifests ...[]byte) error {
 	return nil
 }
 
-// addDeployments assumes add manifest data in rawManifests are Deployments
+// addDeployments assumes all manifest data in rawManifests are Deployments
 // and adds them to the collector.
 func (c *Manifests) addDeployments(rawManifests ...[]byte) error {
 	for _, rawManifest := range rawManifests {
@@ -206,7 +218,7 @@ func (c *Manifests) addDeployments(rawManifests ...[]byte) error {
 	return nil
 }
 
-// addCustomResourceDefinitions assumes add manifest data in rawManifests are
+// addCustomResourceDefinitions assumes all manifest data in rawManifests are
 // CustomResourceDefinitions and adds them to the collector. version determines
 // which CustomResourceDefinition type is used for all manifests in rawManifests.
 func (c *Manifests) addCustomResourceDefinitions(version string, rawManifests ...[]byte) (err error) {
@@ -257,7 +269,21 @@ func (c *Manifests) addMutatingWebhookConfigurations(rawManifests ...[]byte) err
 	return nil
 }
 
-// addOthers assumes add manifest data in rawManifests are able to be
+// addScorecardConfig assumes manifest data in rawManifests is a ScorecardConfigs and adds it to the collector.
+// If a config has already been found, addScorecardConfig will return an error.
+func (c *Manifests) addScorecardConfig(rawManifest []byte) error {
+	cfg := scorecardv1alpha3.Configuration{}
+	if err := yaml.Unmarshal(rawManifest, &cfg); err != nil {
+		return err
+	}
+	if c.ScorecardConfig.Metadata.Name != "" {
+		return errors.New("duplicate scorecard configurations in collector input")
+	}
+	c.ScorecardConfig = cfg
+	return nil
+}
+
+// addOthers assumes all manifest data in rawManifests are able to be
 // unmarshalled into an Unstructured object and adds them to the collector.
 func (c *Manifests) addOthers(rawManifests ...[]byte) error {
 	for _, rawManifest := range rawManifests {

internal/plugins/golang/v2/init.go

@@ -21,6 +21,7 @@ import (
 	"sigs.k8s.io/kubebuilder/pkg/model/config"
 	"sigs.k8s.io/kubebuilder/pkg/plugin"
 
+	"github.com/operator-framework/operator-sdk/internal/plugins/scorecard"
 	utilplugins "github.com/operator-framework/operator-sdk/internal/util/plugins"
 )
 
@@ -50,6 +51,11 @@ func (p *initPlugin) Run() error {
 		return err
 	}
 
+	// Run the scorecard "phase 2" plugin.
+	if err := scorecard.RunInit(p.config); err != nil {
+		return err
+	}
+
 	// Update plugin config section with this plugin's configuration.
 	cfg := Config{}
 	if err := p.config.EncodePluginConfig(pluginConfigKey, cfg); err != nil {

internal/plugins/helm/v1/init.go

@@ -29,6 +29,7 @@ import (
 	"github.com/operator-framework/operator-sdk/internal/kubebuilder/cmdutil"
 	"github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/chartutil"
 	"github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds"
+	"github.com/operator-framework/operator-sdk/internal/plugins/scorecard"
 	utilplugins "github.com/operator-framework/operator-sdk/internal/util/plugins"
 )
 
@@ -128,7 +129,16 @@ func (p *initPlugin) InjectConfig(c *config.Config) {
 
 // Run will call the plugin actions
 func (p *initPlugin) Run() error {
-	return cmdutil.Run(p)
+	if err := cmdutil.Run(p); err != nil {
+		return err
+	}
+
+	// Run the scorecard "phase 2" plugin.
+	if err := scorecard.RunInit(p.config); err != nil {
+		return err
+	}
+
+	return nil
 }
 
 // Validate perform the required validations for this plugin