Skip to content

Commit

Permalink
Merge branch 'master' into test-dapr-112
Browse files Browse the repository at this point in the history
  • Loading branch information
@sozercan
sozercan authored Dec 13, 2023
2 parents a1d13ed + c0e231a commit 8796d28
Show file tree
Hide file tree
Showing 29 changed files with 80 additions and 48 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/benchmark.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,20 +17,20 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

- name: Initialize CodeQL
uses: github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80
uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75
with:
languages: go

- name: Autobuild
uses: github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80
uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80
uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75
4 changes: 2 additions & 2 deletions .github/workflows/dependency-review.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.5.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
2 changes: 1 addition & 1 deletion .github/workflows/license-lint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pre-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/release-pr.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down Expand Up @@ -85,3 +85,6 @@ jobs:
branch: "release-${{ env.NEWVERSION }}"
base: "${{ env.TARGET_BRANCH }}"
signoff: true
labels: |
release-pr
${{ github.event.inputs.release_version }}
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base"
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scan-vulns.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand All @@ -41,7 +41,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with:
results_file: results.sarif
results_format: sarif
Expand Down Expand Up @@ -71,6 +71,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
with:
sarif_file: results.sarif
28 changes: 28 additions & 0 deletions .github/workflows/tag.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: create_tag
on:
pull_request:
types: [closed]

permissions:
contents: write

jobs:
create_tag:
name: "Create tag"
if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release-pr') && startsWith(github.event.pull_request.title, format('chore{0} Prepare', ':'))
runs-on: ubuntu-22.04
steps:
- name: "Set release tag"
env:
GITHUB_CONTEXT: ${{ toJson(github.event.pull_request.labels.*.name) }}
run: |
RELEASE_TAG=$(echo "$GITHUB_CONTEXT" | jq '.[1]' | tr -d '"')
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.5.2

- uses: rickstaa/action-create-tag@861755f3fcbce1b21a65c17bad10e7d35c27b6d9 #v1.7.1
with:
tag: ${{ env.RELEASE_TAG }}
tag_exists_error: false
2 changes: 1 addition & 1 deletion .github/workflows/upgrade.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
HELM_VERSION: ["3.7.2"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/website.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@ jobs:
working-directory: website
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

- name: Setup Node
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: "16"

Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/workflow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
timeout-minutes: 7
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand All @@ -57,7 +57,7 @@ jobs:
timeout-minutes: 20
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down Expand Up @@ -85,7 +85,7 @@ jobs:
timeout-minutes: 10
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand All @@ -110,7 +110,7 @@ jobs:
timeout-minutes: 5
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down Expand Up @@ -140,7 +140,7 @@ jobs:
KUBERNETES_VERSION: ["1.25.8", "1.26.3", "1.27.1", "1.28.0"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down Expand Up @@ -198,7 +198,7 @@ jobs:
GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down Expand Up @@ -260,7 +260,7 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit

Expand Down
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -461,6 +461,7 @@ release-manifest:
@sed -i "s/tag: $(VERSION)/tag: ${NEWVERSION}/" ./cmd/build/helmify/static/values.yaml
@sed -i 's/Current release version: `$(VERSION)`/Current release version: `'"${NEWVERSION}"'`/' ./cmd/build/helmify/static/README.md
@sed -i -e 's/^VERSION := $(VERSION)/VERSION := ${NEWVERSION}/' ./Makefile
@sed -i 's/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/master\/deploy\/gatekeeper\.yaml.*/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/${NEWVERSION}\/deploy\/gatekeeper\.yaml/' ./website/docs/install.md
export
$(MAKE) manifests

Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ func (ks *kindSet) Write() error {
}

if kind == DeploymentKind {
obj = strings.Replace(obj, " labels:", " labels:\n{{- include \"gatekeeper.podLabels\" . }}", 1)
obj = strings.Replace(obj, " labels:", " labels:\n{{- include \"gatekeeper.podLabels\" . | nindent 8 }}", 1)
}

if name == "gatekeeper-manager-role" && kind == "Role" {
Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ information._
| preUninstall.nodeSelector | The node selector to use for pod scheduling in preUninstall hook jobs | `kubernetes.io/os: linux` |
| preUninstall.resources | The resource request/limits for the container image in preUninstall hook jobs | `{}` |
| preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| psp.enabled | Enabled PodSecurityPolicy | `true` |
| psp.enabled | Enabled PodSecurityPolicy | `false` |
| upgradeCRDs.enabled | Upgrade CRDs using pre-install/pre-upgrade hooks | `true` |
| upgradeCRDs.extraRules | Extra rules for the gatekeeper-admin-upgrade-crds ClusterRole | `[]` |
| upgradeCRDs.priorityClassName | Priority class name for gatekeeper-update-crds-hook Job | `` |
Expand Down
2 changes: 1 addition & 1 deletion cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ pdb:
service: {}
disabledBuiltins: ["{http.send}"]
psp:
enabled: true
enabled: false
upgradeCRDs:
enabled: true
extraRules: []
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ information._
| preUninstall.nodeSelector | The node selector to use for pod scheduling in preUninstall hook jobs | `kubernetes.io/os: linux` |
| preUninstall.resources | The resource request/limits for the container image in preUninstall hook jobs | `{}` |
| preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| psp.enabled | Enabled PodSecurityPolicy | `true` |
| psp.enabled | Enabled PodSecurityPolicy | `false` |
| upgradeCRDs.enabled | Upgrade CRDs using pre-install/pre-upgrade hooks | `true` |
| upgradeCRDs.extraRules | Extra rules for the gatekeeper-admin-upgrade-crds ClusterRole | `[]` |
| upgradeCRDs.priorityClassName | Priority class name for gatekeeper-update-crds-hook Job | `` |
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
{{- toYaml .Values.auditPodAnnotations | trim | nindent 8 }}
{{- end }}
labels:
{{- include "gatekeeper.podLabels" . }}
{{- include "gatekeeper.podLabels" . | nindent 8 }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
control-plane: audit-controller
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ spec:
{{- toYaml .Values.podAnnotations | trim | nindent 8 }}
{{- end }}
labels:
{{- include "gatekeeper.podLabels" . }}
{{- include "gatekeeper.podLabels" . | nindent 8 }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
control-plane: controller-manager
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ pdb:
service: {}
disabledBuiltins: ["{http.send}"]
psp:
enabled: true
enabled: false
upgradeCRDs:
enabled: true
extraRules: []
Expand Down
Loading

0 comments on commit 8796d28

Please sign in to comment.