feat: Nautobot operator

.github/workflows/build-nautobotop.yaml

@@ -0,0 +1,93 @@
+---
+name: build-nautobotop-images
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - nautobotop-v*
+    paths:
+      - "go/nautobotop/**"
+
+jobs:
+  build-nautobotop:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: '1.24'
+          cache: true
+          cache-dependency-path: 'go/nautobotop/go.sum'
+
+      - name: Install syft
+        uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Login to ghcr.io
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
+        with:
+          registry: "ghcr.io"
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract tag name
+        id: extract_tag
+        run: echo "tag=${GITHUB_REF#refs/tags/nautobotop-v}" >> $GITHUB_OUTPUT
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: "~> v2"
+          args: release --clean --skip=validate
+          workdir: go/nautobotop
+        env:
+          CUSTOM_TAG: ${{ steps.extract_tag.outputs.tag }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  chart:
+    runs-on: ubuntu-latest
+    needs:
+      - build-nautobotop
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Log in to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+      - name: Package and push Helm chart
+        working-directory: go/nautobotop
+        env:
+          PKG_VER: '${{ github.ref_name }}'
+        run: |
+          PKG_VER=${PKG_VER#nautobotop-v}
+          # update Chart.yaml with tag version
+          yq -i ".version = \"${PKG_VER}\"" helm/Chart.yaml
+          yq -i ".appVersion = \"${PKG_VER}\"" helm/Chart.yaml
+          yq helm/Chart.yaml
+          # package chart
+          helm package -u -d ${{ github.workspace }} helm
+          # push chart to ghcr.io
+          helm push ${{ github.workspace }}/nautobotop-${PKG_VER}.tgz \
+            oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts

.gitignore

@@ -1,6 +1,7 @@
 # where helm charts will get downloaded by kustomize
 /charts/
 
+
 # un-encrypted secrets
 /secret-*.yaml
 # sealed secrets
@@ -19,6 +20,9 @@ venv/
 __pycache__
 .coverage
 .idea
+.vscode
+.kiro
+.DS_Store
 
 # auto-generated argo-workflows docs
 # see .github/workflows/mkdocs.yaaml

apps/appsets/project-understack.yaml

@@ -19,6 +19,8 @@ spec:
     server: '*'
   - namespace: 'nautobot'
     server: '*'
+  - namespace: 'nautobotop'
+    server: '*'
   - namespace: 'undersync'
     server: '*'
   - namespace: 'openstack'

apps/global/nautobotop.yaml

@@ -0,0 +1,13 @@
+---
+component: nautobotop
+sources:
+  - repoURL: ghcr.io/rackerlabs/charts
+    chart: nautobotop
+    targetRevision: 0.0.1
+    helm:
+      releaseName: nautobotop
+      ignoreMissingValueFiles: true
+      valueFiles:
+        - $deploy/{{.name}}/helm-configs/nautobotop.yaml
+  - ref: deploy
+    path: '{{.name}}/manifests/nautobotop'

go/rax/.gitignore → go/nautobotop/.gitignore

@@ -1,10 +1,12 @@
 # Binaries for programs and plugins
 *.exe
+.DS_Store
 *.exe~
 *.dll
 *.so
 *.dylib
 bin/*
+dist/*
 Dockerfile.cross
 
 # Test binary, built with `go test -c`
@@ -24,5 +26,4 @@ go.work
 .vscode
 *.swp
 *.swo
-.DS_Store
 *~

go/nautobotop/.golangci.yml

@@ -0,0 +1,52 @@
+version: "2"
+run:
+  allow-parallel-runners: true
+linters:
+  default: none
+  enable:
+    - copyloopvar
+    - dupl
+    - errcheck
+    - ginkgolinter
+    - goconst
+    - gocyclo
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - prealloc
+    - revive
+    - staticcheck
+    - unconvert
+    - unparam
+    - unused
+  settings:
+    revive:
+      rules:
+        - name: comment-spacings
+        - name: import-shadowing
+  exclusions:
+    generated: lax
+    rules:
+      - linters:
+          - lll
+        path: api/*
+      - linters:
+          - dupl
+          - lll
+        path: internal/*
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

go/nautobotop/.goreleaser.Dockerfile

@@ -0,0 +1,5 @@
+# goreleaser is making the binary dynamically linked so can't use the static container
+FROM gcr.io/distroless/base-debian12:nonroot
+COPY --chmod=555 nautobotop /usr/local/bin/nautobotop
+USER 65532:65532
+ENTRYPOINT ["/usr/local/bin/nautobotop"]

go/nautobotop/.goreleaser.yaml

@@ -0,0 +1,97 @@
+project_name: "nautobotop"
+version: 2
+
+before:
+  hooks:
+    - go mod tidy
+
+env:
+  - CUSTOM_TAG={{ .Env.CUSTOM_TAG }}
+
+builds:
+  - main: main.go
+    dir: ./cmd
+    binary: nautobotop
+    goos: ["linux"]
+    goarch: ["amd64", "arm64"]
+    flags:
+      - -trimpath
+    ldflags:
+      - -s
+      - -w
+      - -X main.version={{.Version}}
+      - -X main.commit={{.ShortCommit}}
+    env:
+      - CGO_ENABLED=0
+
+changelog:
+  disable: true
+
+dockers:
+  - skip_push: false
+    use: buildx
+    dockerfile: .goreleaser.Dockerfile
+    image_templates:
+      - ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-amd64
+    build_flag_templates:
+      - --platform=linux/amd64
+      - --label=org.opencontainers.image.version={{ .Env.CUSTOM_TAG }}
+      - --label=org.opencontainers.image.revision={{ .Commit }}
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.created={{ .Date }}
+      - --label=org.opencontainers.image.description=Rackspace Cloud DNS support for cert-manager
+      - --label=org.opencontainers.image.vendor=rackspace
+      - --label=org.opencontainers.image.licenses=Apache License 2.0
+      - --label=org.opencontainers.image.source=https://rackspace.com/
+      - --label=org.opencontainers.image.authors=Rackspace
+  - skip_push: false
+    goarch: arm64
+    use: buildx
+    dockerfile: .goreleaser.Dockerfile
+    image_templates:
+      - ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-arm64
+    build_flag_templates:
+      - --platform=linux/arm64
+      - --label=org.opencontainers.image.version={{ .Env.CUSTOM_TAG }}
+      - --label=org.opencontainers.image.revision={{ .Commit }}
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.created={{ .Date }}
+      - --label=org.opencontainers.image.description=Rackspace Cloud DNS support for cert-manager
+      - --label=org.opencontainers.image.vendor=rackspace
+      - --label=org.opencontainers.image.licenses=Apache License 2.0
+      - --label=org.opencontainers.image.source=https://rackspace.com/
+      - --label=org.opencontainers.image.authors=Rackspace
+docker_manifests:
+  - name_template: ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}
+    image_templates:
+      - ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-amd64
+      - ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-arm64
+  - name_template: ghcr.io/rackerlabs/understack/{{ .ProjectName }}:latest
+    image_templates:
+      - ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-amd64
+      - ghcr.io/rackerlabs/understack/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-arm64
+
+
+signs:
+  - cmd: cosign
+    signature: "${artifact}.sig"
+    certificate: "${artifact}.pem"
+    output: true
+    artifacts: checksum
+    args:
+      - sign-blob
+      - "--oidc-provider=github-actions"
+      - "--output-certificate=${certificate}"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+      - --yes
+
+docker_signs:
+  - cmd: cosign
+    artifacts: manifests
+    output: true
+    args:
+      - "sign"
+      - "--oidc-provider=github-actions"
+      - "${artifact}@${digest}"
+      - --yes

go/rax/Dockerfile → go/nautobotop/Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM docker.io/golang:1.25 AS builder
+FROM golang:1.24 AS builder
 ARG TARGETOS
 ARG TARGETARCH