Merge remote-tracking branch 'origin/master' into errkit-migration-1

kanisterio · Mar 19, 2024 · 599ab3f · 599ab3f
2 parents 8b3aabb + f711b7c
commit 599ab3f
Show file tree

Hide file tree

Showing 367 changed files with 12,855 additions and 5,397 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -41,11 +41,140 @@ updates:
     open-pull-requests-limit: 3
     schedule:
       interval: daily
+    commit-message:
+      prefix: "deps(github):"
     groups:
       github-actions:
         patterns:
-        - "^actions/*"
-        - "^github/codeql-action"
+        - "actions/*"
+        - "github/codeql-action"
       docker:
         patterns:
         - "docker/*"
+  ## Currently dependabot does not support wildcard or multiple directories
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/build"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/cassandra"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/controller"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/couchbase-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/docs-build"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/foundationdb"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kafka-adobe3Connector/image"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-elasticsearch/image"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-kubectl"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-mongodb-replicaset"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-mysql"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/license_extractor"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/mongodb"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/mongodb-atlas"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/mssql-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/postgres-kanister-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/postgresql"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/redis-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/repo-server-controller"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
diff --git a/.github/workflows/atlas-image-build.yaml b/.github/workflows/atlas-image-build.yaml
@@ -18,10 +18,10 @@ jobs:
     outputs:
       changed: ${{ steps.changed-files.outputs.any_changed }}
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           fetch-depth: 0
-      - uses: tj-actions/changed-files@94549999469dbfa032becf298d95c87a14c34394 # v40.2.2
+      - uses: tj-actions/changed-files@77af4bed286740ef1a6387dc4e4e4dec39f96054 # v43.0.0
         name: Get changed files
         id: changed-files
         with:
@@ -36,10 +36,10 @@ jobs:
     if: needs.check-files.outputs.changed == 'true'
     steps:
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+      uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
     - name: Image metadata
       id: meta
-      uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+      uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
         tags: |
@@ -48,13 +48,13 @@ jobs:
           {{date 'YYYY.MM.DD-HHmm'}}
           ${{ inputs.tag }}
     - name: Login to GHCR
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+      uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
       with:
         context: "{{defaultContext}}:docker/mongodb-atlas"
         push: true

diff --git a/.github/workflows/dependendy-review.yml b/.github/workflows/dependendy-review.yml
@@ -15,6 +15,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
+      - id: govulncheck
+        name: 'Govulncheck'
+        uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
+        continue-on-error: true
+        with:
+          repo-checkout: false
+          cache: false
diff --git a/.github/workflows/grype-vulnerability-scanner.yaml b/.github/workflows/grype-vulnerability-scanner.yaml
@@ -1,13 +1,21 @@
 name: container vulnerability scanning
-on: [workflow_dispatch]
+on:
+  workflow_dispatch:
+  workflow_run:
+    workflows: ["Build and test"]
+    types:
+      - completed
+    branches:
+      - master
+
 jobs:
   vulnerability-scanner:
     runs-on: ubuntu-20.04
     steps:
       - name: Create repo directory before checking out latest code
         run: mkdir -p repo
       - name: Checkout the latest code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           ref: master
           path: repo
@@ -34,10 +42,10 @@ jobs:
     steps:
       - name: Printing Image Registry
         id: image-registry
-        run: echo "image_registry=${{fromJson(needs.vulnerability-scanner.outputs.valid_images).image_registry}}" >>  "$GITHUB_ENV"  
+        run: echo "image_registry=${{fromJson(needs.vulnerability-scanner.outputs.valid_images).image_registry}}" >>  "$GITHUB_ENV"
       - name: Printing Image Tag
         id: image-tag
-        run: echo "image_tag=${{fromJson(needs.vulnerability-scanner.outputs.valid_images).tag}}" >>  "$GITHUB_ENV"  
+        run: echo "image_tag=${{fromJson(needs.vulnerability-scanner.outputs.valid_images).tag}}" >>  "$GITHUB_ENV"
       - name: Printing Image Path
         run: echo "image_path=${{env.image_registry}}/${{matrix.images}}:${{env.image_tag}}" >> "$GITHUB_ENV"
       - name: Running vulnerability scanner
@@ -51,10 +59,10 @@ jobs:
       - name: Create repo directory before checking out latest code
         run: mkdir -p repo
       - name: Checkout the latest code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           ref: master
           path: repo
-      - name: Parsing vulnerability scanner report 
-        run: go run repo/pkg/tools/grype_report_parser_tool.go -s "High,Critical" -p results.json
+      - name: Parsing vulnerability scanner report
+        run: go run repo/pkg/tools/grype_report_parser_tool.go -s "High,Critical" -p results.json --github
 
diff --git a/.github/workflows/kanister-image-build.yaml b/.github/workflows/kanister-image-build.yaml
@@ -38,11 +38,13 @@ jobs:
     # needs: check-files
     # if: needs.check-files.outputs.changed == 'true'
     steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+      uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
     - name: Image metadata
       id: meta
-      uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+      uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
         tags: |
@@ -51,15 +53,16 @@ jobs:
           {{date 'YYYY.MM.DD-HHmm'}}
           ${{ inputs.tag }}
     - name: Login to GHCR
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+      uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
       with:
         context: "{{defaultContext}}:docker/build"
+        platforms: linux/amd64,linux/arm64
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}