Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update prometheus-stack (#863) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/kube-webhook-certgen-fips](https://images.chainguard.dev/directory/image/kube-webhook-certgen-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/kube-webhook-certgen-fips)) | patch | `1.11.2` -> `1.11.3` | | [kube-prometheus-stack](https://redirect.github.com/prometheus-operator/kube-prometheus) ([source](https://redirect.github.com/prometheus-community/helm-charts)) | minor | `65.0.0` -> `65.2.0` | | [registry.k8s.io/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx) | patch | `v1.4.3` -> `v1.4.4` | | [registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx/) ([source](https://repo1.dso.mil/dsop/opensource/kubernetes/ingress-nginx/kube-webhook-certgen)) | patch | `v1.4.3` -> `v1.4.4` | --- <details> <summary>prometheus-community/helm-charts (kube-prometheus-stack)</summary> [`v65.2.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.1...kube-prometheus-stack-65.2.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.1...kube-prometheus-stack-65.2.0) [`v65.1.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.0...kube-prometheus-stack-65.1.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.0...kube-prometheus-stack-65.1.1) [`v65.1.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.0.0...kube-prometheus-stack-65.1.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.0.0...kube-prometheus-stack-65.1.0) </details> --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzguMTE1LjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <[email protected]> chore(deps): update support-deps (#912) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | aws | required_provider | minor | `~> 5.71.0` -> `~> 5.72.0` | | [terraform-aws-modules/rds/aws](https://registry.terraform.io/modules/terraform-aws-modules/rds/aws) ([source](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds)) | module | minor | `6.9.0` -> `6.10.0` | --- <details> <summary>terraform-aws-modules/terraform-aws-rds (terraform-aws-modules/rds/aws)</summary> [`v6.10.0`](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/blob/HEAD/CHANGELOG.md#6100-2024-10-16) [Compare Source](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/compare/v6.9.0...v6.10.0) - Support `cloudwatch_log_group_tags` parameter ([#​571](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/issues/571)) ([73e33fe](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/commit/73e33feba5d907801791168ebf6d3132fbd646f5)) - Update CI workflow versions to latest ([#​570](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/issues/570)) ([220cc85](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/commit/220cc85dcdc8eb63772e25526db693dd563d40a1)) </details> --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Micah Nagel <[email protected]> fix: don't add duplicate policy names to `uds-core.pepr.dev/mutated` annotation (#916) Adds a check to the `annotateMutation` function that prevents duplicate values (policy names) from being added to the `uds-core.pepr.dev/mutated` key Fixes #717 - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Co-authored-by: Micah Nagel <[email protected]> fix: decompose istio oscal (#826) Splits the validations out from the OSCAL Component-Definition. `lula validate` can work remotely to validate the validations. Updated the OSCAL Assessment-Result as the baseline has changed from High to Moderate. Updated the Istio catalog source url to a tagged version (recent GSA release) This pattern allows for easier maintenance and development of the validations by not reading through 1000s of lines of OSCAL and OSCAL formatting just to make a small update. All of the validations under the ./compliance/validations directory are a pull from the compliance-artifacts repo where OSCAL and Validations development happen. Relates to #797 - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed chore(deps): update pepr to v0.38.1 (#922) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pepr](https://redirect.github.com/defenseunicorns/pepr) | [`0.38.0` -> `0.38.1`](https://renovatebot.com/diffs/npm/pepr/0.38.0/0.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/pepr/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pepr/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pepr/0.38.0/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pepr/0.38.0/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- <details> <summary>defenseunicorns/pepr (pepr)</summary> [`v0.38.1`](https://redirect.github.com/defenseunicorns/pepr/releases/tag/v0.38.1) [Compare Source](https://redirect.github.com/defenseunicorns/pepr/compare/v0.38.0...v0.38.1) - chore: get pods each reporting interval by [@​cmwylie19](https://redirect.github.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/1279](https://redirect.github.com/defenseunicorns/pepr/pull/1279) - chore: node-latest is breaking ci - change matrix to 22 by [@​cmwylie19](https://redirect.github.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/1288](https://redirect.github.com/defenseunicorns/pepr/pull/1288) - chore: reduce package size - exclude tests from package by [@​cmwylie19](https://redirect.github.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/1275](https://redirect.github.com/defenseunicorns/pepr/pull/1275) - test: http2-enable watcher and iso format logs in soak test by [@​btlghrants](https://redirect.github.com/btlghrants) in [https://github.com/defenseunicorns/pepr/pull/1277](https://redirect.github.com/defenseunicorns/pepr/pull/1277) - test: http2-enable watcher in smoke test by [@​btlghrants](https://redirect.github.com/btlghrants) in [https://github.com/defenseunicorns/pepr/pull/1281](https://redirect.github.com/defenseunicorns/pepr/pull/1281) - chore: update resource limits/requests on controllers by [@​cmwylie19](https://redirect.github.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/1291](https://redirect.github.com/defenseunicorns/pepr/pull/1291) - chore: bump peter-murray/workflow-application-token-action from 3.0.1 to 4.0.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/1273](https://redirect.github.com/defenseunicorns/pepr/pull/1273) - chore: bump anchore/scan-action from 5.0.0 to 5.0.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/1272](https://redirect.github.com/defenseunicorns/pepr/pull/1272) - chore: bump chainguard/node from `8a604e5` to `b0b04bb` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/1271](https://redirect.github.com/defenseunicorns/pepr/pull/1271) - chore: bump kubernetes-fluent-client from 3.1.1 to 3.1.2 in the production-dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/1292](https://redirect.github.com/defenseunicorns/pepr/pull/1292) - chore: bump [@​types/node](https://redirect.github.com/types/node) from 22.7.5 to 22.7.6 in the development-dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/1293](https://redirect.github.com/defenseunicorns/pepr/pull/1293) - chore: bump chainguard/node from `b0b04bb` to `96260af` by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/1289](https://redirect.github.com/defenseunicorns/pepr/pull/1289) **Full Changelog**: defenseunicorns/pepr@v0.38.0...v0.38.1 </details> --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> fix: test ci license check (#924) CI currently doesn't check for license linting. Also updating some compliance files with license headers. - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed chore: group setup action in support deps (#930) Should regroup these: https://github.com/defenseunicorns/uds-core/pull/926/files N/A - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed chore(deps): update prometheus-stack to v65.3.1 (#920) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [kube-prometheus-stack](https://redirect.github.com/prometheus-operator/kube-prometheus) ([source](https://redirect.github.com/prometheus-community/helm-charts)) | minor | `65.2.0` -> `65.3.1` | --- <details> <summary>prometheus-community/helm-charts (kube-prometheus-stack)</summary> [`v65.3.1`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-65.3.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.3.0...kube-prometheus-stack-65.3.1) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - \[kube-prometheus-stack] fix Provision Grafana comment example by [@​VergeDX](https://redirect.github.com/VergeDX) in [https://github.com/prometheus-community/helm-charts/pull/4919](https://redirect.github.com/prometheus-community/helm-charts/pull/4919) - [@​VergeDX](https://redirect.github.com/VergeDX) made their first contribution in [https://github.com/prometheus-community/helm-charts/pull/4919](https://redirect.github.com/prometheus-community/helm-charts/pull/4919) **Full Changelog**: prometheus-community/helm-charts@prometheus-operator-admission-webhook-0.16.0...kube-prometheus-stack-65.3.1 [`v65.3.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-65.3.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.2.0...kube-prometheus-stack-65.3.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - \[kube-prometheus-stack] support kubelet endpoint slices by [@​DrFaust92](https://redirect.github.com/DrFaust92) in [https://github.com/prometheus-community/helm-charts/pull/4899](https://redirect.github.com/prometheus-community/helm-charts/pull/4899) **Full Changelog**: prometheus-community/helm-charts@prometheus-mongodb-exporter-3.7.2...kube-prometheus-stack-65.3.0 </details> --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <[email protected]> chore: add nightly testing for AKS (#908) Adds nightly testing for uds-core on AKS Callouts: - Removes `nightly-testing.yaml` in favor of a single workflow for each distribution - Deploys storage account and containers for velero and loki and configures uds-core to use them - Deploys postgresql database and configures grafana to use it for HA configuration - adds `uds-config.tf` file and writes `uds-config.yaml` using terraform `local_sensitive_file` instead of `tf output xyz >> uds-config.yaml` pattern used in the past Fixes: - #727 - #856 - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) - [x] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Co-authored-by: Micah Nagel <[email protected]> chore: add local lula compose task (#892) Created a local task to run Lula Compose. Due to the structure of UDS Core there are several oscal-component.yaml under src/service-name with a top level oscal-component.yaml in the ./compliance directory. To create a single holistic artifact that can be used as a deliverable and the source of truth/tested artifact we need a way to run `lula tools compose -f ./compliance/oscal-component.yaml` The task will likely stay local as opposed to moving into UDS Common because the functionality of the monorepo. This could be change in the future as more scenarios unfold but can be easily ported. Relates to #798 - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed chore: group vscode/settings.json with support-deps (#933) Add .vscode/settings.json to support-deps renovate for capturing uds-cli version changes. - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed chore: add e2e playwright tests for grafana (#844) Adds e2e testing structure and specific e2e test for Grafana using playwright. This test: - Validates existence and successful connection to datasources (Loki and Prometheus) - Validates two custom dashboards exist and dropdowns populate for ns selection (resources and loki quicksearch) - Validates SSO login success Fixes #764 - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed fix: merge main and add single package test
- Loading branch information