open-component-model · hilmarf · Jan 30, 2025 · Jan 30, 2025 · Jan 30, 2025 · Jan 30, 2025
@@ -0,0 +1,20 @@
+name: "Code scanning"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "26 14 * * 2"
+
+jobs:
+  gosec:
+    permissions:
+      # Required to upload SARIF files
+      security-events: write
+      # for actions/checkout to fetch code
+      contents: read
+    # call reusable workflow from central '.github' repo
+    uses: open-component-model/.github/.github/workflows/code-scan.yml@main
+    secrets: inherit
diff --git a/.reuse/dep5 b/.reuse/dep5
diff --git a/Makefile b/Makefile
@@ -1,7 +1,3 @@
-# SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Gardener contributors.
-#
-# SPDX-License-Identifier: Apache-2.0
-
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
@@ -46,8 +42,8 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 	$(CONTROLLER_GEN) rbac:roleName=replication-manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
-generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+generate: controller-gen manifests ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object paths="./..."
 
 .PHONY: fmt
 fmt: ## Run go fmt against code.
@@ -147,7 +143,7 @@ GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.9.2
+CONTROLLER_TOOLS_VERSION ?= v0.17.1
 GEN_API_REF_DOCS_VERSION ?= e327d0730470cbd61b06300f81c5fcf91c23c113
 GOLANGCI_LINT_VERSION ?= v1.55.2
 
@@ -173,16 +169,6 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
-.PHONY: generate-license
-generate-license:
-	for f in $(shell find . -name "*.go" -o -name "*.sh"); do \
-		reuse addheader -r \
-			--copyright="SAP SE or an SAP affiliate company and Open Component Model contributors." \
-			--license="Apache-2.0" \
-			$$f \
-			--skip-unrecognised; \
-	done
-
 .PHONY: golangci-lint
 golangci-lint: $(GOLANGCI_LINT)
 $(GOLANGCI_LINT): $(LOCALBIN)

diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
-[![REUSE status](https://api.reuse.software/badge/github.com/open-component-model/replication-controller)](https://api.reuse.software/info/github.com/open-component-model/replication-controller)
-
 # replication-controller
 
+[![REUSE status](https://api.reuse.software/badge/github.com/open-component-model/replication-controller)](https://api.reuse.software/info/github.com/open-component-model/replication-controller)
+
 The `replication-controller` is part of the Open Component Model Kubernetes controller set that enables transferring components from one OCM repository to another.
 
 The behaviour of the `replication-controller` is similar to that of the `ocm transfer` command with the addition of a reconciliation loop. It can therefore be used to "subscribe" to components and ensure that any component versions matching a semantic version constraint will be replicated from the source OCM repository to the destination.
 
-### Installation
+## Installation
 
 Install the latest version of the controller using the following command:
 
@@ -16,7 +16,7 @@ VERSION=$(curl -sL https://api.github.com/repos/open-component-model/replication
 kubectl apply -f https://github.com/open-component-model/replication-controller/releases/download/$VERSION/install.yaml
 ```
 
-### Usage
+## Usage
 
 ```yaml
 apiVersion: delivery.ocm.software/v1alpha1
@@ -52,6 +52,6 @@ OCM follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/m
 
 ## Licensing
 
-Copyright 2022-2023 SAP SE or an SAP affiliate company and Open Component Model contributors.
+Copyright 2025 SAP SE or an SAP affiliate company and Open Component Model contributors.
 Please see our [LICENSE](LICENSE) for copyright and license information.
 Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/open-component-model/replication-controller).
diff --git a/REUSE.toml b/REUSE.toml
@@ -0,0 +1,11 @@
+version = 1
+SPDX-PackageName = "replication-controller"
+SPDX-PackageSupplier = "ospo@sap.com"
+SPDX-PackageDownloadLocation = "https://github.com/open-component-model/replication-controller"
+SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products, or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls."
+
+[[annotations]]
+path = "**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2025 SAP SE or an SAP affiliate company and Open Component Model contributors"
+SPDX-License-Identifier = "Apache-2.0"
diff --git a/api/v1alpha1/componentsubscription_types.go b/api/v1alpha1/componentsubscription_types.go
@@ -1,7 +1,3 @@
-// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
-//
-// SPDX-License-Identifier: Apache-2.0
-
 package v1alpha1
 
 import (

diff --git a/api/v1alpha1/condition_types.go b/api/v1alpha1/condition_types.go
@@ -1,7 +1,3 @@
-// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
-//
-// SPDX-License-Identifier: Apache-2.0
-
 package v1alpha1
 
 const (

diff --git a/api/v1alpha1/doc.go b/api/v1alpha1/doc.go
@@ -1,7 +1,3 @@
-// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
-//
-// SPDX-License-Identifier: Apache-2.0
-
 // Package v1alpha1 contains API Schema definitions for the delivery v1alpha1 API group
 // +kubebuilder:object:generate=true
 // +groupName=delivery.ocm.software

diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go
@@ -1,7 +1,3 @@
-// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
-//
-// SPDX-License-Identifier: Apache-2.0
-
 // Package v1alpha1 contains API Schema definitions for the delivery v1alpha1 API group
 // +kubebuilder:object:generate=true
 // +groupName=delivery.ocm.software

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go