This repository has been archived by the owner on Oct 3, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Initial setup * Add workflow for init package and add EKS package * Add script to create IAM roles for IRSA auth in workflow * Remove command to remove tmpdir * Add PR as workflow trigger * Install same version of Go that Zarf users * Fix sed command and update github actions output syntax * Update ecr bootstrap script * Switch to using bash for ecr bootstrap script to use an array * Update readme header * Use gsed for mac in iam bootstrap script for local testing * Fetch pepr pod logs onFailure * Dynamically set AWS account ID in iam script * Specify pepr-system namespace in kubectl logs * Update the way github outputs are set * Fix github outputs * Update run syntax in workflow * Remove onFailure action from package * Rename bootstrap directory to hack to align with k8s convention * Run tests for private and public ECR registry in parallel * Fix zarf command in teardown step * Create build dir before moving zarf binary to it * Use sudo to add exec permissions to zarf binary * Fix cluster name input * Download latest zarf rc version instead of build from source * Move zarf binary to build dir * Specify multiple availability zones for EKS cluster * Add single quotes * Change AZ in EKS config * Remove availability zones * Use setup-zarf action to install zarf binary * Import zarf-agent via init skeleton package * Remove local zarf-agent package * Run zarf init from build directory * Specify availability zones in eks config file to avoid capacity error * Add comment for context about specifying AZs in eks config * Add zarf as prereq to README.md * Update Pepr to v0.14.0 Refactor ECR capability to use new K8s fluent client Split ECR capability up into separate files for private and public APIs * Remove unused make targets for zarf agent * Rebuild Pepr module for changes to take effect * Use zarf vars directly in ECR bootstrap script * Empty commit to trigger workflows * Update docs and Makefile and format module * Update Watch() back to Mutate() * Remove npm ci from build and test make targets * Add a workaround for updating webhook status in package secret Pepr fluent client does not currently support force Apply() Workaround is to clear managedFields and updated webhook status in a single Patch request * Replace IAM role shell script with pulumi typescript program * Install NodeJS and deps in workflow * Add CODEOWNERS file * Add issue templates * Add pull request template * Refactor cluster teardown in EKS package * Update EKS package version in deploy command * Move onRemove action for EKS cluster into single package component Refactor directory structure for pulumi program * Fix filepath to IAM JSON files in pulumi module Add make targets for deploying and removing EKS package * Update Pepr to 0.14.1 Replace Patch with Force Apply to update package secret in webhook Ensure Pepr module is rebuilt in the build job * Specify package-lock.json in root of repo as cache path * Include ts files only in capabilities dir in tsconfig to fix error in CI Remove ./ syntax in npm cache path * Add git-server as optional component to init package * Add workflow to run unit tests for Pepr module Refactor getRepositoryNames() in Pepr module to handle images with digest ref Add test case to unit tests to validate handling of images with digest * Add renovate.json config file * Bump eksctl version to v0.162.0 * Add ADR for using Pulumi TypeScript SDK * Add OpenSSF Scorecard workflow * Downgrade eksctl to v0.160.0 due to goroutine race condition bug * Add option to locally build credential helper image * Install Go in build job to build credential helper binary * Rename openssf scorecard workflow to scorecard.yml * Fix numbered list in ADR * Move zarf init options/vars to zarf-config.toml Update README.md * Uncomment log_level in zarf-config.toml * Run zarf init command for public ECR test from root of repo * Update README.md * Remove docker build command comment from Dockerfile * Remove components from zarf config file to fix cluster teardown * Update dependencies and add workflow to scan CVEs * Install Zarf binary in scan-cves workflow to generate SBOM * Add revive lint workflow for Go CronJob * Add comment to .gype.yaml about false positive for x/net pkg * Fix linting errors * Add scan-labels workflow * Add codeql workflow and config file * Add step to build Go binary in scan-codeql workflow * Update @babel/core package to 7.23.2 to patch critical CVE-2023-45133 * Rebuilt pepr module after updating deps * Moves credential-helper src code to root of repo Exclude ./binaries directory from grype scan Grype was detecting CVEs in the eksctl binaries in ./binaries directory Since the scan now excludes the directory, there are no vulns found This allows us to be able to comment out the .grype.yaml file Adds cve-report make target * Add release workflow * Update development.md doc * Expose Cron schedule as deploy-time variable Default set to run once every hour at the beginning of the hour * Remove version field from zarf.yaml * Remove slack notification steps from aws init package workflow This workflow is set to run on every PR commit, which would make for a noisy slack channel * Fix publish package make target in release workflow * Update permissions needed for AWS CLI in README prereqs * Remove step to deploy workfloads into the cluster from README * Remove setup go step from scan-cves workflow * Add setup-go and build binary steps to release workflow Update publish pkg make target to use zarf version for init pkg name Comment out step to sign the image and add a TODO to setup repo secrets for cosign * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: razzle <[email protected]> * Update .github/ISSUE_TEMPLATE/feature_request.md Co-authored-by: razzle <[email protected]> * Update .github/ISSUE_TEMPLATE/tech_debt.md Co-authored-by: razzle <[email protected]> * Update .github/ISSUE_TEMPLATE/ux_test.md Co-authored-by: razzle <[email protected]> * Update .github/workflows/scan-lint.yml Co-authored-by: razzle <[email protected]> * Update README.md Co-authored-by: razzle <[email protected]> * Add typescript to codql workflow language matrix * Update Node.js to version 20 in workflows * Update pulumi and pulumi/aws packages Remove .grype.yaml file due to no CVEs being ignored Update test-cves make target to not exclude iam/ dir from scanning * Include all package.json and package-lock.json paths in scan-cves workflow * Remove needs-tutorial label from banned labels in scan-labels workflow * Add cons to pulumi typescript SDK in ADR * Move zarf init command and delete repos commands to make targets Use ZARF_CONFIG env var to use config file instead of moving init package * Fix make targets for deleting ECR repos Makefiles use /bin/sh by default which does not support arrays * Remove array assignment from make target * Add make target for linting typescript code in the repo Add step to scan-lint workflow to lint typescript code * Update development.md doc * Rename var in ECRPublic class to be less redundant * Add return statement to end execution in isECRregistry() Previously we were only logging a warning message if Zarf is configured to use an internal registry. This behavior has been changed to log a warning a message and return if using an internal registry * Throw an error if input images array is null in getRepositoryNames() * Call readFileSync() method directly in IaC * Use context.WithTimeout() to prevent binary from waiting forever * Exclude binaries directory from CVE scan * Remove images field from DeployedComponent interface * Add build/ dir to ignorePatterns in .eslintrc.json * Add comments to typescript code and update package.json description * Split logic into functions and separate into modules * Update Pepr to v0.14.2 * Update node dependencies * Update pepr manifest * Update node deps for pulumi IaC * Add link to docs and regex101 for public ECR URL pattern * Add link to docs and regex101 for private ECR pattern * Format and rebuild module * Change zarf-config.toml to zarf-config.yaml Part of the local dev and ci workflow is to programatically update this config file There are much better parsing libs for yaml than toml for node so switched to yaml Updates the update-zarf-config.mjs script to use yaml parser lib instead of regex * Update README.md to use yaml config file * Update README.md * Update eksctl version and ebs driver version in EKS package * Update zarf config file * Update eks package and makefile * Update update-zarf-config.mjs script Use parseDocument and toString methods to preserve blank lines and comments Use has, get, and set methods to safely update the YAML config file * Add a package.json file to manage yaml dep in .mjs script Move to hack/update-zarf-config dir * Add make target to install node deps in every package.json in the repo Run this make target in both validate ecr jobs * Stop tracking zarf-config.yaml in git history * Update update-zarf-config script to make a new copy of the update file git ignore the generated zarf-config.yaml file This reduces the likelihood of commiting an auto-updated config file * Add a system/workflow to keep ts interfaces in sync with Zarf structs * Add root go.mod to workspace and rename nested go.mod * Update pepr manifest * Add make target to ensure build dir exists for cve report * Update indirect deps to resolve CVEs * Update pulumi deps * Add Go grpc CVE to grype ignore file * Simplify gen-schema script Removes cobra as a dependency We are running go run main.go so cobra is not needed * Fix lint errors in gen-schema script * Fix go run command in gen-schema.sh * Change let to const in update-zarf-config script * Use handlebars to update IAM role placeholders instead of regex * Run make format-ts * Add comments to explain update-zarf-config script * Update image ref parsing * Update Zarf version to v0.31.0 Update Go deps * Update Pepr to v0.15.0 * Run make gen-schema and rebuild module * Fix Zarf config file in README.md * Use us-west-2 region for EKS clusters * Update AWS region in IAM roles to us-west-2 for EKS OIDC * Specify AWS region in eksctl write-kubeconfig cmd in EKS pkg * Specify us-west-2 region in Pulumi.yaml project config * Add metadata.version to zarf.yaml * Update README.md to not hard code the version in the init pkg name * Remove metadata.version from zarf.yaml * Add ZARF_CONFIG env var to release-aws-init-package make target * Add zarf-sbom dir to .gitignore * Update .github/ISSUE_TEMPLATE/tech_debt.md Co-authored-by: Wayne Starr <[email protected]> * Remove extra char in .grype.yaml * Add contributing guide that points to the Zarf contributing guide --------- Co-authored-by: razzle <[email protected]> Co-authored-by: Wayne Starr <[email protected]>
- Loading branch information
3 people
authored
Nov 15, 2023
1 parent
c0dd525
commit b3b7a59