Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] master from kumahq:master #26

Merged
merged 106 commits into from
May 7, 2024
Merged

[pull] master from kumahq:master #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
106 commits
Select commit Hold shift + click to select a range
9449580
test(e2e): add debug information on failure (#9984)
jakubdyszkiewicz Apr 22, 2024
3b2239d
chore(deps): upgrade Envoy to version 1.29.4 (#10033)
lukidzi Apr 22, 2024
7378e49
chore(deps): upgrade Envoy version to 1.29.4 (#10016)
lukidzi Apr 22, 2024
e7006a9
chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.17.0 to…
dependabot[bot] Apr 22, 2024
1267b0e
chore(deps): bump postgres from `5c58707` to `f4b0987` in /test/docke…
dependabot[bot] Apr 22, 2024
7d0bfd2
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#10036)
dependabot[bot] Apr 22, 2024
a286e17
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#10035)
dependabot[bot] Apr 22, 2024
b62fba0
chore(deps): bump github.com/cilium/ebpf from 0.14.0 to 0.15.0 (#10039)
dependabot[bot] Apr 23, 2024
85a3c69
docs(MADR): fix madr docs hyperlink mismatch problems (#10032)
Icarus9913 Apr 23, 2024
d64403e
chore(deps): bump kumahq/kuma-gui to 211e345db942180fb8cbfffa18f67941…
kumahq[bot] Apr 23, 2024
9a23979
chore(deps): bump kumahq/kuma-gui to d3be8b91a48cae43853740d8c059a991…
kumahq[bot] Apr 23, 2024
5a2d836
feat(k8s): opt-in to support tls for GAPI in all namespaces (#10015)
jakubdyszkiewicz Apr 23, 2024
9690881
feat(metrics): add error type to nack metric (#10013)
slonka Apr 23, 2024
de0f8b5
fix(transparent-proxy): stop logging all to stderr when installing tp…
bartsmykla Apr 23, 2024
66d0a62
chore(deps): bump kumahq/kuma-gui to 5a60feadae00cf118efddd0de567badd…
kumahq[bot] Apr 23, 2024
31ae1d4
fix(transparent-proxy): stop logging all to stderr when installing tp…
kumahq[bot] Apr 23, 2024
aef3d27
test(e2e): add gapi resources to kube debug (#10046)
jakubdyszkiewicz Apr 23, 2024
5aa8df2
build(mk): add dev/merge-release target to smart merge release branch…
michaelbeaumont Apr 23, 2024
0581a8f
chore(deps): bump kumahq/kuma-gui to b962c57b38d97d728f7915806a31d2fe…
kumahq[bot] Apr 23, 2024
6f32d26
docs(CHANGELOG.md): updating changelog and version files (#10054)
kumahq[bot] Apr 23, 2024
c6fff36
Merge remote-tracking branch 'upstream/release-2.7'
jakubdyszkiewicz Apr 23, 2024
2017089
fix(kds): make error handling similar between GlobalToZoneSync and Zo…
michaelbeaumont Apr 23, 2024
412899d
chore(deps): bump kumahq/kuma-gui to 8553c737d7f85ab2ba08ba40df07e258…
kumahq[bot] Apr 24, 2024
6345cb1
chore(deps): bump kumahq/kuma-gui to b32f5ff0a3dd0e78c29c7aefb675b067…
kumahq[bot] Apr 24, 2024
7f079c9
Merge pull request #10055 from jakubdyszkiewicz/merge-release-2.7.1-m…
jakubdyszkiewicz Apr 24, 2024
7978902
chore(deps): bump kumahq/kuma-gui to 8c2b54f8ecfc4c4e078bbff04fcec85e…
kumahq[bot] Apr 24, 2024
b26ccf9
chore(deps): bump kumahq/kuma-gui to be68aadf480247c57827007cdaa6c8dc…
kumahq[bot] Apr 24, 2024
583070a
refactor(transparent-proxy): simplify tproxy configuration (#10058)
bartsmykla Apr 24, 2024
ced7fc2
test(e2e): add debug kube to all kube tests (#10063)
jakubdyszkiewicz Apr 24, 2024
baf20b7
ci(github): bump ci-tools to v0.11.0 (#10067)
lahabana Apr 24, 2024
fe1f4fa
docs(MADR): add Kubernetes UX for `MeshService` (#9722)
michaelbeaumont Apr 24, 2024
8d7f65b
test(e2e): add debug to all uni tests (#10068)
jakubdyszkiewicz Apr 25, 2024
083b5ff
test(e2e): add debug to all multizone tests (#10069)
jakubdyszkiewicz Apr 25, 2024
d79801a
docs(CHANGELOG.md): updating changelog and version files (#10075)
kumahq[bot] Apr 25, 2024
92218c0
fix(gateway): handle implicit kuma.io/service in pod annotation (#10076)
jakubdyszkiewicz Apr 25, 2024
79d58a0
fix(gatewayapi): validate presence of all required Gateway API resour…
bartsmykla Apr 25, 2024
ee26b35
fix(gatewayapi): validate presence of all required Gateway API resour…
kumahq[bot] Apr 25, 2024
358de6f
fix(jobs): jobs termination after CP restart (#10085)
jakubdyszkiewicz Apr 25, 2024
c5908cc
chore(deps): bump kumahq/kuma-gui to 6c158bacad13f9562d9c31a300bd1600…
kumahq[bot] Apr 25, 2024
537a450
chore(deps): bump kumahq/kuma-gui to 231bcbf391929764b989c879357700e1…
kumahq[bot] Apr 25, 2024
df4bc89
refactor(app): don't have pkg depend on app (#10078)
lahabana Apr 26, 2024
8c5e693
Merge remote-tracking branch 'upstream/release-2.7' into merge-releas…
jakubdyszkiewicz Apr 26, 2024
7dc1fcb
Merge pull request #10095 from jakubdyszkiewicz/merge-release-2.7.2-m…
jakubdyszkiewicz Apr 26, 2024
c60cdaa
test(e2e): assert cp did not crash and print previous cp logs (#10077)
jakubdyszkiewicz Apr 26, 2024
b48c0d7
test(e2e): enable reachable services test and increase interval (#9535)
lukidzi Apr 26, 2024
f34a903
fix(helm): don't fail when webhook doesn't exist (#10098)
lahabana Apr 26, 2024
ff5f552
chore(deps): bump kumahq/kuma-gui to abc4f7e212872d72d5d5a945ae669281…
kumahq[bot] Apr 29, 2024
b4a52af
chore(deps): bump kumahq/kuma-gui to 66e67f2e21a6f101a101d9ed84d7d436…
kumahq[bot] Apr 29, 2024
132e055
ci(gha): merge release to master (#10107)
jakubdyszkiewicz Apr 29, 2024
684d3dd
chore(docs): fix typo in README (#10110)
jakubdyszkiewicz Apr 29, 2024
3b6d4d8
chore(deps): bump kumahq/kuma-gui to 1334a11d0e5ab377fbfdd4167935c5dc…
kumahq[bot] Apr 29, 2024
d69ec26
chore(deps): update CNI to v1.2.0 (#10101)
Icarus9913 Apr 29, 2024
85acc83
chore(deps): bump kumahq/kuma-gui to 646fb77a369471c3541fdb7dca7d96e7…
kumahq[bot] Apr 29, 2024
ace308f
chore(makefile): fix merge-release target and action (#10114)
jakubdyszkiewicz Apr 29, 2024
51cebd6
chore(deps): bump Kong/public-shared-actions from 2.2.1 to 2.2.2 (#10…
dependabot[bot] Apr 29, 2024
9c338a3
chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5…
dependabot[bot] Apr 29, 2024
51117ae
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#10123)
dependabot[bot] Apr 29, 2024
b4b3d3d
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#10127)
dependabot[bot] Apr 29, 2024
cbefa24
chore(deps): bump github.com/gruntwork-io/terratest from 0.46.13 to 0…
dependabot[bot] Apr 29, 2024
531771a
chore(deps): bump actions/download-artifact from 4.1.5 to 4.1.7 (#10122)
dependabot[bot] Apr 29, 2024
67a3ef9
chore(deps): bump postgres from `f4b0987` to `4aea012` in /test/docke…
dependabot[bot] Apr 29, 2024
b845abf
chore(deps): bump ubuntu from jammy-20240405 to jammy-20240416 in /to…
dependabot[bot] Apr 29, 2024
f52030c
chore(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#10128)
dependabot[bot] Apr 29, 2024
a5abf6f
chore(deps): bump debian from `b37bc25` to `1aadfee` in /tools/releas…
dependabot[bot] Apr 29, 2024
ef2b085
chore(deps): bump kumahq/kuma-gui to 749f4a1cba21c9aecbb854ba08b86e6a…
kumahq[bot] Apr 30, 2024
552dde0
chore(deps): bump kumahq/kuma-gui to bfa2a51a7dbd02f406ae77ecf0b63cc6…
kumahq[bot] Apr 30, 2024
d33f977
build(version): fix detection if latest patch isn't 0 (#10130)
michaelbeaumont Apr 30, 2024
3883746
chore(mk): print latest release branch target (#10140)
jakubdyszkiewicz Apr 30, 2024
72978ae
chore(deps): bump kumahq/ubuntu-netools from `9eba4ba` to `9fd7668` i…
dependabot[bot] Apr 30, 2024
1fe53f2
chore(merge): release-2.7 branch to master
kumahq[bot] Apr 30, 2024
17087a0
chore(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to…
dependabot[bot] Apr 30, 2024
79d44d8
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 (#1…
dependabot[bot] Apr 30, 2024
3053d8b
Merge pull request #10141 from kumahq/chore/merge-release-to-master
jakubdyszkiewicz Apr 30, 2024
73f0162
chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (…
dependabot[bot] Apr 30, 2024
fce9f9f
chore(gha): improve merge release to master job (#10142)
jakubdyszkiewicz Apr 30, 2024
1ab8af6
chore(deps): bump the go-opentelemetry-io group with 9 updates (#10115)
dependabot[bot] Apr 30, 2024
f0c535b
chore(deps): bump kumahq/kuma-gui to 6f8fed6afe85c92f99a666f2b041afbc…
kumahq[bot] Apr 30, 2024
4e5a774
chore(gha): enable trigger for merge release to master (#10144)
jakubdyszkiewicz Apr 30, 2024
cb8ac9a
chore(build): provide CNI only for linux (#10145)
jakubdyszkiewicz Apr 30, 2024
6e250a1
chore(gha): remove concurrency for build test distribute (#10146)
jakubdyszkiewicz Apr 30, 2024
8fc3abd
docs(CHANGELOG.md): updating changelog and version files (#10147)
kumahq[bot] Apr 30, 2024
f005543
docs(CHANGELOG.md): updating changelog and version files (#10149)
kumahq[bot] May 1, 2024
ec2f0ab
chore(docs): fix typos (#10154)
michaelbeaumont May 2, 2024
49e3c00
ci(mk): more robust dev/merge-release (#10155)
michaelbeaumont May 2, 2024
5c1f62d
test(e2e): never fail when running debug commands (#10150)
lahabana May 3, 2024
075c95e
fix(api-server): fix trace/span ID processing in logs (#10100)
bartsmykla May 6, 2024
21b10d8
fix(gateway): support `inlineString` in TLS certificates (#10159)
michaelbeaumont May 6, 2024
c8ae260
fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress …
michaelbeaumont May 6, 2024
f872530
fix(kuma-cp): cleanup generated egress certs (#10162)
michaelbeaumont May 6, 2024
e9ff0ab
fix(kuma-cp): index generated certs by proxy type (#10161)
michaelbeaumont May 6, 2024
11daa0f
chore(deps): bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 (…
dependabot[bot] May 6, 2024
922032e
chore(deps): bump actions/create-github-app-token from 1.9.3 to 1.10.…
dependabot[bot] May 6, 2024
b9a26a2
chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#10173)
dependabot[bot] May 6, 2024
884276b
ci(github): fix release binary check (#10172)
lahabana May 6, 2024
4f22aab
chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#…
dependabot[bot] May 6, 2024
c339f63
chore(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#10180)
dependabot[bot] May 6, 2024
9576dee
chore(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 (#10181)
dependabot[bot] May 6, 2024
bc839ce
chore(deps): bump distroless/base-nossl-debian11 from `4cba3ac` to `1…
dependabot[bot] May 6, 2024
26e90ed
chore(deps): bump ubuntu from jammy-20240416 to jammy-20240427 in /to…
dependabot[bot] May 6, 2024
129918b
chore(deps): bump kumahq/ubuntu-netools from `9fd7668` to `59423e3` i…
dependabot[bot] May 6, 2024
7202d60
chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 (#10176)
dependabot[bot] May 6, 2024
1830c30
chore(kumactl): use _overview endpoint for all entities (#10151)
lahabana May 7, 2024
8fcd778
chore(deps): bump kumahq/kuma-gui to f624dc916003cf5bc9c5509a0e7cea06…
kumahq[bot] May 7, 2024
e57d7dd
chore(deps): bump kumahq/kuma-gui to 3502fcf6d2ea66a1eb3d8bcb22849304…
kumahq[bot] May 7, 2024
2eeb268
chore(deps): bump kumahq/kuma-gui to d6d20ac1f56975cbaf6b0f1a22074768…
kumahq[bot] May 7, 2024
16e335c
ci(stability): add retry to DeleteMeshResources (#10189)
slonka May 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
30 changes: 15 additions & 15 deletions .github/workflows/_build_publish.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@ jobs:
outputs:
BINARY_ARTIFACT_DIGEST_BASE64: ${{ steps.inspect-binary-output.outputs.binary_artifact_digest_base64 }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
Expand All @@ -71,7 +71,7 @@ jobs:
echo "Artifact digest:"
cat ./build/distributions/artifact_digest_file.text
echo "binary_artifact_digest_base64=$(cat ./build/distributions/artifact_digest_file.text)" > $GITHUB_OUTPUT
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
id: binary-artifacts
with:
name: ${{ inputs.BINARY_ARTIFACT_NAME }}
Expand All @@ -95,14 +95,14 @@ jobs:
matrix:
image: ${{ fromJSON(inputs.images) }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Install dependencies for cross builds
if: ${{ fromJSON(inputs.FULL_MATRIX) }}
run: |
sudo apt-get update; sudo apt-get install -y qemu-user-static binfmt-support
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
Expand All @@ -128,15 +128,15 @@ jobs:
make test/container-structure/${{ matrix.image }}
- name: scan amd64 image
id: scan_image-amd64
uses: Kong/public-shared-actions/security-actions/scan-docker-image@23929cfda574afc77b018c51794454b6dc99ca57 # v2.2.1
uses: Kong/public-shared-actions/security-actions/scan-docker-image@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2
with:
asset_prefix: image_${{ matrix.image }}-amd64
image: ./build/docker/${{ matrix.image }}-amd64.tar
upload-sbom-release-assets: true
- name: scan arm64 image
id: scan_image-arm64
if: ${{ fromJSON(inputs.FULL_MATRIX) }}
uses: Kong/public-shared-actions/security-actions/scan-docker-image@23929cfda574afc77b018c51794454b6dc99ca57 # v2.2.1
uses: Kong/public-shared-actions/security-actions/scan-docker-image@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2
with:
asset_prefix: image_${{ matrix.image }}-arm64
image: ./build/docker/${{ matrix.image }}-arm64.tar
Expand Down Expand Up @@ -167,14 +167,14 @@ jobs:
echo "Got digest: $digest"
echo "digest=${digest}" >> $GITHUB_OUTPUT
echo "{\"${{matrix.image}}\": \"${digest}\"}" > ./build/docker/${{ matrix.image }}.digest.json
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
id: image-artifacts
with:
name: image_${{ matrix.image }}
path: |
./build/docker/*.tar
retention-days: ${{ github.event_name == 'pull_request' && 1 || 30 }}
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
id: image-digest-artifacts
with:
name: image_${{ matrix.image }}.digest.json
Expand All @@ -184,7 +184,7 @@ jobs:
- name: sign image
if: ${{ fromJSON(inputs.ALLOW_PUSH) }}
id: sign
uses: Kong/public-shared-actions/security-actions/sign-docker-image@23929cfda574afc77b018c51794454b6dc99ca57 # v2.2.1
uses: Kong/public-shared-actions/security-actions/sign-docker-image@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2
with:
image_digest: ${{ steps.image_digest.outputs.digest }}
tags: ${{ steps.image_meta.outputs.image }}
Expand All @@ -197,7 +197,7 @@ jobs:
outputs:
DIGESTS: ${{ steps.compute-digests.outputs.digests }}
steps:
- uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
pattern: "image_*.digest.json"
path: ./digests
Expand All @@ -213,14 +213,14 @@ jobs:
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Install dependencies for cross builds
if: ${{ fromJSON(inputs.FULL_MATRIX) }}
run: |
sudo apt-get update; sudo apt-get install -y qemu-user-static binfmt-support
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
cache-dependency-path: |
Expand Down Expand Up @@ -253,7 +253,7 @@ jobs:
PKG_FILENAME=$(find .cr-release-packages -type f -printf "%f\n")
echo "filename=${PKG_FILENAME}" >> $GITHUB_OUTPUT
- name: Upload packaged chart
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: ${{ steps.package-helm.outputs.filename }}
path: .cr-release-packages/${{ steps.package-helm.outputs.filename }}
Expand All @@ -263,7 +263,7 @@ jobs:
- name: Generate GitHub app token
id: github-app-token
if: ${{ github.ref_type == 'tag' }}
uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
12 changes: 10 additions & 2 deletions .github/workflows/_e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,12 @@ jobs:
echo "run-type=$RUN_TYPE">> $GITHUB_OUTPUT
- name: "GitHub Actions: check out code"
if: steps.eval-params.outputs.run-type == 'github'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: "GitHub Actions: setup go"
if: steps.eval-params.outputs.run-type == 'github'
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- name: "GitHub Actions: set up cache"
Expand Down Expand Up @@ -139,6 +139,14 @@ jobs:
target="test/e2e"
fi
make ${MAKE_PARAMETERS} CI=true "${target}"
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: always()
with:
name: e2e-debug-${{ env.E2E_PARAM_TARGET }}
if-no-files-found: ignore
path: |
/tmp/e2e-debug/
retention-days: ${{ github.event_name == 'pull_request' && 1 || 30 }}
- name: "CircleCI: make circleci parameters"
if: steps.eval-params.outputs.run-type == 'circleci'
id: circleci-gen-params
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/_provenance.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ permissions:
jobs:
artifact-provenance:
# need to use non hash version because of: https://github.com/slsa-framework/slsa-github-generator/issues/3498
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: ${{ inputs.BINARY_ARTIFACTS_HASH_AS_FILE }}
upload-assets: ${{ github.ref_type == 'tag' }}
Expand All @@ -52,7 +52,7 @@ jobs:
matrix:
IMAGE: ${{ fromJSON(inputs.IMAGES) }}
# need to use non hash version because of: https://github.com/slsa-framework/slsa-github-generator/issues/3498
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
with:
image: ${{ inputs.REGISTRY }}/${{ matrix.IMAGE }}
digest: ${{ fromJSON(inputs.IMAGE_DIGESTS)[matrix.IMAGE] }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@ jobs:
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci/skip-test') }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/auto-merge.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
steps:
- name: Generate GitHub app token
id: github-app-token
uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/blackbox-tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ jobs:
timeout-minutes: 30
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: "Set up Go"
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- name: "Install dependencies"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/bom.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ jobs:
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2.0.0
with:
version: v1
args: mod -licenses -json -output licenses.json
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: licenses
path: |
Expand Down
12 changes: 4 additions & 8 deletions .github/workflows/build-test-distribute.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ on:
tags: ["*"]
pull_request:
branches: ["master", "release-*"]
concurrency:
group: ${{github.workflow}}-${{ github.ref_name }} # group all runs by branch or tag
cancel-in-progress: ${{ github.event_name == 'pull_request' }} # only cancel previous runs on PRs, we want each commit to build on branches
permissions:
contents: write # To upload assets
id-token: write # For using token to sign images
Expand Down Expand Up @@ -43,18 +40,17 @@ jobs:
run: |
echo "::error title=Label 'ci/force-publish' cannot be used on PRs from forks::To prevent accidental exposure of secrets, CI won't use repository secrets on pull requests from forks"
exit 1
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
cache: false
- uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
- uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0
with:
args: --fix=false --verbose
version: v1.56.1
skip-pkg-cache: true
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
Expand All @@ -69,7 +65,7 @@ jobs:
- run: |
make check
- id: sca-project
uses: Kong/public-shared-actions/security-actions/sca@23929cfda574afc77b018c51794454b6dc99ca57 # v2.2.1
uses: Kong/public-shared-actions/security-actions/sca@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2
with:
dir: .
config: .syft.yaml
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Check PR title
# This job checks the PR title using
# https://github.com/conventional-changelog/commitlint
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/codeql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,18 @@ jobs:
matrix:
language: ['go']
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- name: Initialize CodeQL
uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
config-file: ./.github/codeql/codeql-config.yml
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
category: "/language:${{matrix.language}}"
8 changes: 4 additions & 4 deletions .github/workflows/helm-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ jobs:
outputs:
filename: ${{ steps.package.outputs.filename }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
Expand Down Expand Up @@ -61,7 +61,7 @@ jobs:
PKG_FILENAME=$(find .cr-release-packages -type f -printf "%f\n")
echo "filename=${PKG_FILENAME}" >> $GITHUB_OUTPUT
- name: Upload packaged chart
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: ${{ steps.package.outputs.filename }}
path: .cr-release-packages/${{ steps.package.outputs.filename }}
Expand All @@ -71,7 +71,7 @@ jobs:
- name: Generate GitHub app token
id: github-app-token
if: github.event.inputs.release == 'true'
uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
Loading
Loading