chore: implement expected tagging strategy (#6820)

* chore: implement expected tagging strategy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2023-04-07 14:10:53 +02:00 · 2023-04-07 14:10:53 +02:00 · 37c7880cc9
commit 37c7880cc9
parent a5fb8bdbd3
7 changed files with 78 additions and 106 deletions
--- a/.github/actions/publish-image/action.yaml
+++ b/.github/actions/publish-image/action.yaml
@ -18,6 +18,9 @@ inputs:
  repository:
    required: true
    description: repository to publish image to
+  version:
+    required: true
+    description: published image version
  sign-image:
    required: true
    description: sign image
@ -51,7 +54,7 @@ runs:
        COSIGN_REPOSITORY: ${{ inputs.sbom-repository }}
      run: |
        set -e
-        echo "digest=$(make ${{ inputs.makefile-target }})" >> $GITHUB_OUTPUT
+        echo "digest=$(VERSION=${{ inputs.version }} make ${{ inputs.makefile-target }})" >> $GITHUB_OUTPUT
    - uses: CycloneDX/gh-gomod-generate-sbom@d4aee0cf5133055dbd98899978246c10c18c440f # v1.1.0
      with:
        version: v1
--- a/.github/workflows/cli.yaml
+++ b/.github/workflows/cli.yaml
@ -37,7 +37,7 @@ jobs:
          fi
      - name: Test CLI
        run: |
-          make test-cli
+          VERSION=${{ github.ref_name }} make test-cli
      - name: Test CLI (failures)
        run: |
          CLI_PATH=$PWD/cmd/cli/kubectl-kyverno/kubectl-kyverno
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@ -21,7 +21,7 @@ jobs:
        with:
          build-cache-key: build-images
      - name: ko build
-        run: make docker-save-image-all
+        run: VERSION=${{ github.ref_name }} make docker-save-image-all
      - name: upload images archive
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
--- a/.github/workflows/images-build.yaml
+++ b/.github/workflows/images-build.yaml
@ -23,7 +23,7 @@ jobs:
        with:
          build-cache-key: build-images
      - name: ko build
-        run: make ko-build-all
+        run: VERSION=${{ github.ref_name }} make ko-build-all
      - name: Trivy Scan Image
        uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # v0.9.2
        with:
--- a/.github/workflows/images-publish.yaml
+++ b/.github/workflows/images-publish.yaml
@ -40,7 +40,7 @@ jobs:
      - name: Publish kyverno
        uses: ./.github/actions/publish-image
        with:
-          makefile-target: ko-publish-kyverno-dev
+          makefile-target: ko-publish-kyverno
          registry: ghcr.io
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
@ -53,11 +53,12 @@ jobs:
      - name: Publish kyvernopre
        uses: ./.github/actions/publish-image
        with:
-          makefile-target: ko-publish-kyverno-init-dev
+          makefile-target: ko-publish-kyverno-init
          registry: ghcr.io
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: kyvernopre
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -66,11 +67,12 @@ jobs:
      - name: Publish cleanup-controller
        uses: ./.github/actions/publish-image
        with:
-          makefile-target: ko-publish-cleanup-controller-dev
+          makefile-target: ko-publish-cleanup-controller
          registry: ghcr.io
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: cleanup-controller
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -79,11 +81,12 @@ jobs:
      - name: Publish cli
        uses: ./.github/actions/publish-image
        with:
-          makefile-target: ko-publish-cli-dev
+          makefile-target: ko-publish-cli
          registry: ghcr.io
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: cli
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -92,11 +95,12 @@ jobs:
      - name: Publish reports-controller
        uses: ./.github/actions/publish-image
        with:
-          makefile-target: ko-publish-reports-controller-dev
+          makefile-target: ko-publish-reports-controller
          registry: ghcr.io
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: reports-controller
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -105,11 +109,12 @@ jobs:
      - name: Publish background-controller
        uses: ./.github/actions/publish-image
        with:
-          makefile-target: ko-publish-background-controller-dev
+          makefile-target: ko-publish-background-controller
          registry: ghcr.io
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: background-controller
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -39,6 +39,7 @@ jobs:
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: kyverno
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -52,6 +53,7 @@ jobs:
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: kyvernopre
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -65,6 +67,7 @@ jobs:
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: background-controller
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -78,6 +81,7 @@ jobs:
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: cleanup-controller
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -91,6 +95,7 @@ jobs:
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: cli
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -104,6 +109,7 @@ jobs:
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.CR_PAT }}
          repository: ${{ github.repository_owner }}
+          version: ${{ github.ref_name }}
          sign-image: true
          sbom-name: reports-controller
          sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom
@ -204,9 +210,6 @@ jobs:
    runs-on: ubuntu-latest
    needs: release-images
    steps:
-      - name: Set version
-        id: version
-        run: echo "version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
      - name: Setup build env
@ -214,7 +217,7 @@ jobs:
      - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
      - name: Make Release
        env:
-          VERSION: ${{ steps.version.outputs.version }}
+          VERSION: ${{ github.ref_name }}
        run: |
          rm -rf release
          mkdir release
@ -236,9 +239,6 @@ jobs:
      id-token: write # needed for keyless signing
      packages: write # needed for ghcr access  
    steps:
-      - name: Set version
-        id: version
-        run: echo "version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
      - name: Setup build env
@ -252,7 +252,7 @@ jobs:
        with:
          cosign-release: 'v1.13.0'
      - name: Build yaml manifest
-        run: make codegen-manifest-release
+        run: VERSION=${{ github.ref_name }} make codegen-manifest-release
      - name: Upload install manifest
        uses: svenstaro/upload-release-action@7319e4733ec7a184d739a6f412c40ffc339b69c7 # 2.5.0
        with:
@ -281,15 +281,15 @@ jobs:
          mkdir -p config/.release-manifests
          cp .manifest/release.yaml config/.release-manifests/install.yaml
          cd config/.release-manifests/ && \
-          flux push artifact oci://ghcr.io/${{ github.repository_owner }}/manifests/kyverno:${{ steps.version.outputs.version }} \
+          flux push artifact oci://ghcr.io/${{ github.repository_owner }}/manifests/kyverno:${{ github.ref_name }} \
            --path="." \
            --source="$(git config --get remote.origin.url)" \
-            --revision="${{ steps.version.outputs.version }}/$(git rev-parse HEAD)"
+            --revision="${{ github.ref_name }}/$(git rev-parse HEAD)"
      - name: Sign manifests in GHCR with Cosign
        env:
          COSIGN_EXPERIMENTAL: 1
        run: |
-          cosign sign ghcr.io/${{ github.repository_owner }}/manifests/kyverno:${{ steps.version.outputs.version }}
+          cosign sign ghcr.io/${{ github.repository_owner }}/manifests/kyverno:${{ github.ref_name }}

  release-cli-via-krew:
    runs-on: ubuntu-latest
--- a/134
+++ b/134
@ -4,22 +4,10 @@
 # DEFAULTS #
 ############

-GIT_VERSION          := $(shell git describe --match "v[0-9]*" --tags $(git rev-list --tags --max-count=1))
-GIT_VERSION_DEV      := $(shell git describe --match "[0-9].[0-9]-dev*")
-GIT_BRANCH           := $(shell git branch --show-current | cut -d ' ' -f2)
-GIT_HASH             := $(GIT_BRANCH)/$(shell git log -1 --pretty=format:"%H")
+GIT_SHA              := $(shell git rev-parse HEAD)
 TIMESTAMP            := $(shell date '+%Y-%m-%d_%I:%M:%S%p')
-VERSION              ?= $(shell git describe --match "v[0-9]*")
 REGISTRY             ?= ghcr.io
 REPO                 ?= kyverno
-ifeq ($(GIT_BRANCH),main)
-IMAGE_TAG_LATEST     := latest
-else
-IMAGE_TAG_LATEST     := $(subst release-,,$(GIT_BRANCH))-latest
-endif
-IMAGE_TAG_DEV         = $(GIT_VERSION_DEV)
-IMAGE_TAG            ?= $(GIT_VERSION)
-K8S_VERSION          ?= $(shell kubectl version --short | grep -i server | cut -d" " -f3 | cut -c2-)
 KIND_IMAGE           ?= kindest/node:v1.26.2
 KIND_NAME            ?= kind
 GOOS                 ?= $(shell go env GOOS)
@ -155,8 +143,11 @@ REPORTS_BIN    := $(REPORTS_DIR)/reports-controller
 BACKGROUND_BIN := $(BACKGROUND_DIR)/background-controller
 PACKAGE        ?= github.com/kyverno/kyverno
 CGO_ENABLED    ?= 0
-LD_FLAGS        = "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
-LD_FLAGS_DEV    = "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION_DEV) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
+ifdef VERSION
+LD_FLAGS       := "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(VERSION) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_SHA) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
+else
+LD_FLAGS       := "-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_SHA) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_SHA) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
+endif

 .PHONY: fmt
 fmt: ## Run go fmt
@ -208,7 +199,7 @@ $(KYVERNO_BIN): fmt vet

 $(CLI_BIN): fmt vet
 	@echo Build cli binary... >&2
-	@CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) \
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) \
 		go build -o ./$(CLI_BIN) -ldflags=$(LD_FLAGS) ./$(CLI_DIR)

 $(CLEANUP_BIN): fmt vet
@ -252,6 +243,14 @@ build-all: build-kyverno-init build-kyverno build-cli build-cleanup-controller b

 LOCAL_PLATFORM      := linux/$(GOARCH)
 KO_REGISTRY         := ko.local
+ifndef VERSION
+KO_TAGS             := $(GIT_SHA)
+else ifeq ($(VERSION),main)
+KO_TAGS             := $(GIT_SHA),latest
+else
+KO_TAGS             := $(GIT_SHA),$(subst /,-,$(VERSION))
+endif
+
 KO_CLI_REPO         := $(PACKAGE)/$(CLI_DIR)
 KO_KYVERNOPRE_REPO  := $(PACKAGE)/$(KYVERNOPRE_DIR)
 KO_KYVERNO_REPO     := $(PACKAGE)/$(KYVERNO_DIR)
@ -262,38 +261,38 @@ KO_BACKGROUND_REPO  := $(PACKAGE)/$(BACKGROUND_DIR)
 .PHONY: ko-build-kyverno-init
 ko-build-kyverno-init: $(KO) ## Build kyvernopre local image (with ko)
 	@echo Build kyvernopre local image with ko... >&2
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
-		$(KO) build ./$(KYVERNOPRE_DIR) --preserve-import-paths --tags=$(IMAGE_TAG_DEV) --platform=$(LOCAL_PLATFORM)
+	LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build ./$(KYVERNOPRE_DIR) --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)

 .PHONY: ko-build-kyverno
 ko-build-kyverno: $(KO) ## Build kyverno local image (with ko)
 	@echo Build kyverno local image with ko... >&2
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
-		$(KO) build ./$(KYVERNO_DIR) --preserve-import-paths --tags=$(IMAGE_TAG_DEV) --platform=$(LOCAL_PLATFORM)
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build ./$(KYVERNO_DIR) --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)

 .PHONY: ko-build-cli
 ko-build-cli: $(KO) ## Build cli local image (with ko)
 	@echo Build cli local image with ko... >&2
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
-		$(KO) build ./$(CLI_DIR) --preserve-import-paths --tags=$(IMAGE_TAG_DEV) --platform=$(LOCAL_PLATFORM)
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build ./$(CLI_DIR) --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)

 .PHONY: ko-build-cleanup-controller
 ko-build-cleanup-controller: $(KO) ## Build cleanup controller local image (with ko)
 	@echo Build cleanup controller local image with ko... >&2
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
-		$(KO) build ./$(CLEANUP_DIR) --preserve-import-paths --tags=$(IMAGE_TAG_DEV) --platform=$(LOCAL_PLATFORM)
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build ./$(CLEANUP_DIR) --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)

 .PHONY: ko-build-reports-controller
 ko-build-reports-controller: $(KO) ## Build reports controller local image (with ko)
 	@echo Build reports controller local image with ko... >&2
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
-		$(KO) build ./$(REPORTS_DIR) --preserve-import-paths --tags=$(IMAGE_TAG_DEV) --platform=$(LOCAL_PLATFORM)
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build ./$(REPORTS_DIR) --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)

 .PHONY: ko-build-background-controller
 ko-build-background-controller: $(KO) ## Build background controller local image (with ko)
 	@echo Build background controller local image with ko... >&2
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
-		$(KO) build ./$(BACKGROUND_DIR) --preserve-import-paths --tags=$(IMAGE_TAG_DEV) --platform=$(LOCAL_PLATFORM)
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
+		$(KO) build ./$(BACKGROUND_DIR) --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)

 .PHONY: ko-build-all
 ko-build-all: ko-build-kyverno-init ko-build-kyverno ko-build-cli ko-build-cleanup-controller ko-build-reports-controller ko-build-background-controller ## Build all local images (with ko)
@ -304,8 +303,6 @@ ko-build-all: ko-build-kyverno-init ko-build-kyverno ko-build-cli ko-build-clean

 REGISTRY_USERNAME   ?= dummy
 PLATFORMS           := all
-KO_TAGS             := $(IMAGE_TAG_LATEST),$(IMAGE_TAG)
-KO_TAGS_DEV         := $(IMAGE_TAG_LATEST),$(IMAGE_TAG_DEV)

 .PHONY: ko-login
 ko-login: $(KO)
@ -341,42 +338,9 @@ ko-publish-background-controller: ko-login ## Build and publish background contr
 	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_BACKGROUND) \
 		$(KO) build ./$(BACKGROUND_DIR) --bare --tags=$(KO_TAGS) --platform=$(PLATFORMS)

-.PHONY: ko-publish-kyverno-init-dev
-ko-publish-kyverno-init-dev: ko-login ## Build and publish kyvernopre dev image (with ko)
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_KYVERNOPRE) \
-		$(KO) build ./$(KYVERNOPRE_DIR) --bare --tags=$(KO_TAGS_DEV) --platform=$(PLATFORMS)
-
-.PHONY: ko-publish-kyverno-dev
-ko-publish-kyverno-dev: ko-login ## Build and publish kyverno dev image (with ko)
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_KYVERNO) \
-		$(KO) build ./$(KYVERNO_DIR) --bare --tags=$(KO_TAGS_DEV) --platform=$(PLATFORMS)
-
-.PHONY: ko-publish-cli-dev
-ko-publish-cli-dev: ko-login ## Build and publish cli dev image (with ko)
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_CLI) \
-		$(KO) build ./$(CLI_DIR) --bare --tags=$(KO_TAGS_DEV) --platform=$(PLATFORMS)
-
-.PHONY: ko-publish-cleanup-controller-dev
-ko-publish-cleanup-controller-dev: ko-login ## Build and publish cleanup controller dev image (with ko)
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_CLEANUP) \
-		$(KO) build ./$(CLEANUP_DIR) --bare --tags=$(KO_TAGS_DEV) --platform=$(PLATFORMS)
-
-.PHONY: ko-publish-reports-controller-dev
-ko-publish-reports-controller-dev: ko-login ## Build and publish reports controller dev image (with ko)
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_REPORTS) \
-		$(KO) build ./$(REPORTS_DIR) --bare --tags=$(KO_TAGS_DEV) --platform=$(PLATFORMS)
-
-.PHONY: ko-publish-background-controller-dev
-ko-publish-background-controller-dev: ko-login ## Build and publish background controller dev image (with ko)
-	@LD_FLAGS=$(LD_FLAGS_DEV) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(REPO_BACKGROUND) \
-		$(KO) build ./$(BACKGROUND_DIR) --bare --tags=$(KO_TAGS_DEV) --platform=$(PLATFORMS)
-
 .PHONY: ko-publish-all
 ko-publish-all: ko-publish-kyverno-init ko-publish-kyverno ko-publish-cli ko-publish-cleanup-controller ko-publish-reports-controller ko-publish-background-controller ## Build and publish all images (with ko)

-.PHONY: ko-publish-all-dev
-ko-publish-all-dev: ko-publish-kyverno-init-dev ko-publish-kyverno-dev ko-publish-cli-dev ko-publish-cleanup-controller-dev ko-publish-reports-controller-dev ko-publish-background-controller-dev ## Build and publish all dev images (with ko)
-
 #################
 # BUILD (IMAGE) #
 #################
@ -552,16 +516,16 @@ codegen-manifest-release: $(HELM) ## Create release manifest
 	@mkdir -p ./.manifest
 	@$(HELM) template kyverno --namespace kyverno --skip-tests ./charts/kyverno \
 		--set templating.enabled=true \
-		--set templating.version=$(GIT_VERSION) \
-		--set admissionController.container.image.tag=$(GIT_VERSION) \
-		--set admissionController.initContainer.image.tag=$(GIT_VERSION) \
-		--set cleanupController.image.tag=$(GIT_VERSION) \
-		--set reportsController.image.tag=$(GIT_VERSION) \
+		--set templating.version=$(VERSION) \
+		--set admissionController.container.image.tag=$(VERSION) \
+		--set admissionController.initContainer.image.tag=$(VERSION) \
+		--set cleanupController.image.tag=$(VERSION) \
+		--set reportsController.image.tag=$(VERSION) \
 		| $(SED) -e '/^#.*/d' \
 		> ./.manifest/release.yaml

 .PHONY: codegen-manifest-all
-codegen-manifest-all: codegen-manifest-install-latest codegen-manifest-debug codegen-manifest-release ## Create all manifests
+codegen-manifest-all: codegen-manifest-install-latest codegen-manifest-debug ## Create all manifests

 .PHONY: codegen-quick
 codegen-quick: codegen-deepcopy-all codegen-crds-all codegen-api-docs codegen-helm-all codegen-manifest-all ## Generate all generated code except client
@ -767,12 +731,12 @@ test-perf: $(PACKAGE_SHIM) ## Run perf tests

 .PHONY: docker-save-image-all
 docker-save-image-all: $(KIND) image-build-all ## Save docker images in archive
-	docker save 														\
-		$(LOCAL_REGISTRY)/$(LOCAL_KYVERNOPRE_REPO):$(IMAGE_TAG_DEV) 	\
-		$(LOCAL_REGISTRY)/$(LOCAL_KYVERNO_REPO):$(IMAGE_TAG_DEV) 		\
-		$(LOCAL_REGISTRY)/$(LOCAL_CLEANUP_REPO):$(IMAGE_TAG_DEV) 		\
-		$(LOCAL_REGISTRY)/$(LOCAL_REPORTS_REPO):$(IMAGE_TAG_DEV) 		\
-		$(LOCAL_REGISTRY)/$(LOCAL_BACKGROUND_REPO):$(IMAGE_TAG_DEV) 	\
+	docker save 												\
+		$(LOCAL_REGISTRY)/$(LOCAL_KYVERNOPRE_REPO):$(GIT_SHA) 	\
+		$(LOCAL_REGISTRY)/$(LOCAL_KYVERNO_REPO):$(GIT_SHA) 		\
+		$(LOCAL_REGISTRY)/$(LOCAL_CLEANUP_REPO):$(GIT_SHA) 		\
+		$(LOCAL_REGISTRY)/$(LOCAL_REPORTS_REPO):$(GIT_SHA) 		\
+		$(LOCAL_REGISTRY)/$(LOCAL_BACKGROUND_REPO):$(GIT_SHA) 	\
 	> kyverno.tar

 ########
@ -792,27 +756,27 @@ kind-delete-cluster: $(KIND) ## Delete kind cluster
 .PHONY: kind-load-kyverno-init
 kind-load-kyverno-init: $(KIND) image-build-kyverno-init ## Build kyvernopre image and load it in kind cluster
 	@echo Load kyvernopre image... >&2
-	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_KYVERNOPRE_REPO):$(IMAGE_TAG_DEV)
+	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_KYVERNOPRE_REPO):$(GIT_SHA)

 .PHONY: kind-load-kyverno
 kind-load-kyverno: $(KIND) image-build-kyverno ## Build kyverno image and load it in kind cluster
 	@echo Load kyverno image... >&2
-	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_KYVERNO_REPO):$(IMAGE_TAG_DEV)
+	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_KYVERNO_REPO):$(GIT_SHA)

 .PHONY: kind-load-cleanup-controller
 kind-load-cleanup-controller: $(KIND) image-build-cleanup-controller ## Build cleanup controller image and load it in kind cluster
 	@echo Load cleanup controller image... >&2
-	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_CLEANUP_REPO):$(IMAGE_TAG_DEV)
+	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_CLEANUP_REPO):$(GIT_SHA)

 .PHONY: kind-load-reports-controller
 kind-load-reports-controller: $(KIND) image-build-reports-controller ## Build reports controller image and load it in kind cluster
 	@echo Load reports controller image... >&2
-	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_REPORTS_REPO):$(IMAGE_TAG_DEV)
+	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_REPORTS_REPO):$(GIT_SHA)

 .PHONY: kind-load-background-controller
 kind-load-background-controller: $(KIND) image-build-background-controller ## Build background controller image and load it in kind cluster
 	@echo Load background controller image... >&2
-	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_BACKGROUND_REPO):$(IMAGE_TAG_DEV)
+	@$(KIND) load docker-image --name $(KIND_NAME) $(LOCAL_REGISTRY)/$(LOCAL_BACKGROUND_REPO):$(GIT_SHA)

 .PHONY: kind-load-all
 kind-load-all: kind-load-kyverno-init kind-load-kyverno kind-load-cleanup-controller kind-load-reports-controller kind-load-background-controller ## Build images and load them in kind cluster
@ -828,19 +792,19 @@ kind-install-kyverno: $(HELM) ## Install kyverno helm chart
 	$(HELM) upgrade --install kyverno --namespace kyverno --create-namespace --wait ./charts/kyverno \
 		--set admissionController.container.image.registry=$(LOCAL_REGISTRY) \
 		--set admissionController.container.image.repository=$(LOCAL_KYVERNO_REPO) \
-		--set admissionController.container.image.tag=$(IMAGE_TAG_DEV) \
+		--set admissionController.container.image.tag=$(GIT_SHA) \
 		--set admissionController.initContainer.image.registry=$(LOCAL_REGISTRY) \
 		--set admissionController.initContainer.image.repository=$(LOCAL_KYVERNOPRE_REPO) \
-		--set admissionController.initContainer.image.tag=$(IMAGE_TAG_DEV) \
+		--set admissionController.initContainer.image.tag=$(GIT_SHA) \
 		--set cleanupController.image.registry=$(LOCAL_REGISTRY) \
 		--set cleanupController.image.repository=$(LOCAL_CLEANUP_REPO) \
-		--set cleanupController.image.tag=$(IMAGE_TAG_DEV) \
+		--set cleanupController.image.tag=$(GIT_SHA) \
 		--set reportsController.image.registry=$(LOCAL_REGISTRY) \
 		--set reportsController.image.repository=$(LOCAL_REPORTS_REPO) \
-		--set reportsController.image.tag=$(IMAGE_TAG_DEV) \
+		--set reportsController.image.tag=$(GIT_SHA) \
 		--set backgroundController.image.registry=$(LOCAL_REGISTRY) \
 		--set backgroundController.image.repository=$(LOCAL_BACKGROUND_REPO) \
-		--set backgroundController.image.tag=$(IMAGE_TAG_DEV) \
+		--set backgroundController.image.tag=$(GIT_SHA) \
 		$(foreach CONFIG,$(subst $(COMMA), ,$(USE_CONFIG)),--values ./scripts/config/$(CONFIG)/kyverno.yaml)

 .PHONY: kind-deploy-kyverno