Align files (#34)

Co-authored-by: github-actions <[email protected]>

.github/workflows/zz_generated.check_values_schema.yaml

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 name: 'Values and schema'
 on:

.github/workflows/zz_generated.create_release.yaml

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 name: Create Release
 on:
@@ -32,11 +32,10 @@ jobs:
     steps:
       - name: Get version
         id: get_version
+        env:
+          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
         run: |
-          title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 -
-          ${{ github.event.head_commit.message }}
-          COMMIT_MESSAGE_END
-          )"
+          title=$(echo -n "${COMMIT_MESSAGE}" | head -1)
           # Matches strings like:
           #
           #   - "Release v1.2.3"
@@ -66,11 +65,10 @@ jobs:
           echo "path=${path}" >> $GITHUB_OUTPUT
       - name: Check if reference version
         id: ref_version
+        env:
+          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
         run: |
-          title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 -
-          ${{ github.event.head_commit.message }}
-          COMMIT_MESSAGE_END
-          )"
+          title=$(echo -n "${COMMIT_MESSAGE}" | head -1)
           if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then
             version=$(echo "${title}" | cut -d ' ' -f 2)
           fi
@@ -93,7 +91,7 @@ jobs:
         uses: giantswarm/[email protected]
         with:
           binary: "architect"
-          version: "6.13.0"
+          version: "6.14.1"
       - name: Install semver
         uses: giantswarm/[email protected]
         with:
@@ -144,6 +142,15 @@ jobs:
           title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}"
         run: |
           gh pr create --title "${{ env.title }}" --body "" --base ${{ env.base }} --head ${{ env.branch }} --reviewer ${{ github.actor }}
+      - name: Enable auto-merge for PR
+        env:
+          GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
+          base: "${{ github.ref }}"
+          branch: "${{ github.ref }}-version-bump"
+          version: "${{ needs.gather_facts.outputs.version }}"
+          title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}"
+        run: |
+          gh pr merge --auto --squash "${{ env.branch }}" || echo "::warning::Auto-merge not allowed. Please adjust the repository settings."
   create_release:
     name: Create release
     runs-on: ubuntu-22.04

.github/workflows/zz_generated.create_release_pr.yaml

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 name: Create Release PR
 on:

.github/workflows/zz_generated.fix_vulnerabilities.yaml

@@ -0,0 +1,107 @@
+# DO NOT EDIT. Generated with:
+#
+#    [email protected]
+#
+name: Fix Vulnerabilities
+on:
+  schedule:
+    - cron: '0 10 * * *'
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch on which to fix vulnerabilities"
+        required: true
+        type: string
+  workflow_call:
+    inputs:
+      branch:
+        required: true
+        type: string
+jobs:
+  gather_facts:
+    name: Gather facts
+    runs-on: ubuntu-22.04
+    outputs:
+      branch: ${{ steps.gather_facts.outputs.branch }}
+      skip : ${{ steps.gather_facts.outputs.skip }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch || github.event.ref }}
+      - name: Gather facts
+        id: gather_facts
+        run: |
+          head="${{ inputs.branch || github.event.ref }}"
+          echo "branch=${head}" >> $GITHUB_OUTPUT
+
+          head="${head#refs/heads/}" # Strip "refs/heads/" prefix.
+          echo "head=${head}" >> $GITHUB_OUTPUT
+
+          # Skip if there are no go mod files
+          if [[ ! -e go.mod ]] && [[ ! -e go.sum ]]; then
+            skip=true
+            echo "There are no go mod files in the repo, skipping"
+          else
+            skip=false
+          fi
+
+          echo "skip=${skip}" >> $GITHUB_OUTPUT
+          echo "head=\"$head\" branch=\"$branch\" skip=\"$skip\""
+  run_nancy_fixer:
+    name: Fix vulnerabilities with nancy-fixer
+    runs-on: ubuntu-22.04
+    needs:
+      - gather_facts
+    if: ${{ needs.gather_facts.outputs.skip != 'true' }}
+    steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.HERALD_APP_ID }}
+          private-key: ${{ secrets.HERALD_APP_KEY }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          persist-credentials: false
+          ref: ${{ needs.gather_facts.outputs.branch }}
+      - name: Create new branch
+        id: create_branch
+        run: |
+          branch="remediate-vulnerabilities-${{ needs.gather_facts.outputs.branch }}"
+          echo "branch=${branch}" >> $GITHUB_OUTPUT
+          git checkout -b "${branch}"
+          git pull origin "${branch}" || true
+      - name: Run nancy-fixer fix
+        uses: docker://gsoci.azurecr.io/giantswarm/nancy-fixer:0.4.0
+      - name: Set up git identity
+        run: |
+          git config --local user.email "149080493+heraldbot[bot]@users.noreply.github.com"
+          git config --local user.name "HeraldBot[bot]"
+      - name: Commit new files
+        id: commit_changes
+        run: |
+          git add -A
+          if git diff-index --quiet HEAD; then
+            echo "No changes found"
+            skip=true
+          else
+            git commit -m "Remediate Nancy findings"
+            skip=false
+          fi
+          echo "skip=${skip}" >> $GITHUB_OUTPUT
+      - name: Push changes
+        if: "${{ steps.commit_changes.outputs.skip != 'true' }}"
+        env:
+          remote_repo: "https://${{ github.actor }}:${{ steps.generate_token.outputs.token }}@github.com/${{ github.repository }}.git"
+        run: |
+          git push "${remote_repo}" HEAD:"${{ steps.create_branch.outputs.branch }}"
+      - name: Create PR
+        env:
+          GITHUB_TOKEN: "${{ steps.generate_token.outputs.token }}"
+        if: "${{ steps.commit_changes.outputs.skip != 'true' }}"
+        run: |
+          gh pr create --title "Remediate Nancy findings on ${{ needs.gather_facts.outputs.branch }}" --body "Fix Nancy findings on branch ${{ needs.gather_facts.outputs.branch }}" --head ${{ steps.create_branch.outputs.branch }} --base "${{ needs.gather_facts.outputs.branch }}"
+          gh pr merge --auto --squash

.github/workflows/zz_generated.gitleaks.yaml

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 name: gitleaks
 

.github/workflows/zz_generated.run_ossf_scorecard.yaml

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 
 # This workflow uses actions that are not certified by GitHub. They are provided

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2016 - 2023 Giant Swarm GmbH
+   Copyright 2016 - 2024 Giant Swarm GmbH
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 
 include Makefile.*.mk

Makefile.gen.app.mk

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 
 ##@ App

Makefile.gen.go.mk

@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@6.18.0
+#    devctl@6.20.0
 #
 
 APPLICATION    := $(shell go list -m | cut -d '/' -f 3)