Merge branch 'master' into refactor_functions_with_pod_runner

kanisterio · Sep 20, 2023 · 5df8365 · 5df8365
2 parents db19f7f + bf03057
commit 5df8365
Show file tree

Hide file tree

Showing 114 changed files with 804 additions and 1,685 deletions.
diff --git a/.github/workflows/atlas-image-build.yaml b/.github/workflows/atlas-image-build.yaml
@@ -18,10 +18,10 @@ jobs:
     outputs:
       changed: ${{ steps.changed-files.outputs.any_changed }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           fetch-depth: 0
-      - uses: tj-actions/changed-files@48566bbcc22ceb7c5809ebdd27377309f2c3de8c # v39
+      - uses: tj-actions/changed-files@8e79ba7ab9fee9984275219aeb2c8db47bcb8a2d # v39
         name: Get changed files
         id: changed-files
         with:
@@ -36,10 +36,10 @@ jobs:
     if: needs.check-files.outputs.changed == 'true'
     steps:
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
     - name: Image metadata
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
         tags: |
@@ -48,13 +48,13 @@ jobs:
           {{date 'YYYY.MM.DD-HHmm'}}
           ${{ inputs.tag }}
     - name: Login to GHCR
-      uses: docker/login-action@v2
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@v4
+      uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
       with:
         context: "{{defaultContext}}:docker/mongodb-atlas"
         push: true

diff --git a/.github/workflows/dependendy-review.yml b/.github/workflows/dependendy-review.yml
@@ -15,6 +15,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/grype-vulnerability-scanner.yaml b/.github/workflows/grype-vulnerability-scanner.yaml
@@ -7,7 +7,7 @@ jobs:
       - name: Create repo directory before checking out latest code
         run: mkdir -p repo
       - name: Checkout the latest code
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           ref: master
           path: repo
@@ -51,7 +51,7 @@ jobs:
       - name: Create repo directory before checking out latest code
         run: mkdir -p repo
       - name: Checkout the latest code
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           ref: master
           path: repo

diff --git a/.github/workflows/kanister-image-build.yaml b/.github/workflows/kanister-image-build.yaml
@@ -39,10 +39,10 @@ jobs:
     # if: needs.check-files.outputs.changed == 'true'
     steps:
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
     - name: Image metadata
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
         tags: |
@@ -51,13 +51,13 @@ jobs:
           {{date 'YYYY.MM.DD-HHmm'}}
           ${{ inputs.tag }}
     - name: Login to GHCR
-      uses: docker/login-action@v2
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@v4
+      uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
       with:
         context: "{{defaultContext}}:docker/build"
         push: true

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -9,19 +9,19 @@ jobs:
   gomod:
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
     - run: make go-mod-tidy
     - run: make go-mod-download
     - run: tar -cvf ./src.tar.gz ./ # preserve file permissions
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
       with:
         name: src
         path: ./src.tar.gz
   lint:
     runs-on: ubuntu-20.04
     needs: gomod
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - run: tar -xvf ./src.tar.gz
@@ -34,7 +34,7 @@ jobs:
       matrix:
         testSuite: [test, integration-test, helm-test]
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - uses: helm/[email protected]
@@ -58,7 +58,7 @@ jobs:
       matrix:
         bin: [controller, kanctl, kando]
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - run: tar -xvf ./src.tar.gz
@@ -67,7 +67,7 @@ jobs:
     runs-on: ubuntu-20.04
     needs: gomod
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - run: tar -xvf ./src.tar.gz
@@ -79,10 +79,10 @@ jobs:
     permissions:
       packages: write
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
-    - uses: docker/login-action@v2
+    - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -26,7 +26,7 @@ jobs:
     steps:
       -
         name: "Checkout repo"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
       -
@@ -39,12 +39,12 @@ jobs:
       -
         # Upload the results to GitHub's code scanning dashboard.
         name: "Upload to results to dashboard"
-        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
+        uses: github/codeql-action/upload-sarif@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
         with:
           sarif_file: results.sarif
       -
         name: "Upload analysis results as 'Job Artifact'"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif

diff --git a/.github/workflows/triage-issues.yaml b/.github/workflows/triage-issues.yaml
@@ -0,0 +1,41 @@
+name: Triage Issues
+
+on:
+  issues:
+    types:
+    - opened
+    - reopened
+
+jobs:
+  triage:
+    if: github.repository == 'kanisterio/kanister'
+    name: Triage
+    permissions:
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+    -
+      name: Add label
+      uses: actions-ecosystem/[email protected]
+      with:
+        labels: "triage"
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    -
+      name: Add comment
+      uses: actions-ecosystem/[email protected]
+      if: github.event.action == 'opened'
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        body: |
+          Thanks for opening this issue :+1:. The team will review it shortly.
+
+          If this is a bug report, make sure to include clear instructions how on to reproduce the problem with [minimal reproducible examples](https://stackoverflow.com/help/minimal-reproducible-example), where possible. If this is a security report, please review our security policy as outlined in [SECURITY.md](https://github.com/kanisterio/kanister/blob/master/SECURITY.md).
+
+          If you haven't already, please take a moment to review our project's [Code of Conduct](https://github.com/kanisterio/kanister/blob/master/CODE_OF_CONDUCT.md) document.
+    -
+      name: Update project
+      uses: alex-page/[email protected]
+      with:
+        repo-token: ${{ secrets.GH_TOKEN }} # must use a PAT here
+        project: Kanister
+        column: To Be Triaged
diff --git a/.github/workflows/triage-prs.yaml b/.github/workflows/triage-prs.yaml
@@ -0,0 +1,40 @@
+name: Triage
+
+on:
+  pull_request:
+    types:
+    - opened
+    - reopened
+
+permissions:
+  contents: read
+
+jobs:
+  pull-requests-comment:
+    name: Comment and Triage
+    if: github.repository == 'kanisterio/kanister' && github.actor != 'dependabot'
+    permissions:
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    -
+      name: Comment
+      uses: actions-ecosystem/[email protected]
+      # Avoid adding a comment when the PR is on the same repo.
+      if: github.event.action == 'opened' && github.event.pull_request.head.repo.fork
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        body: |
+          Thanks for submitting this pull request :tada:. The team will review it soon and get back to you.
+
+          If you haven't already, please take a moment to review our project [contributing guideline](https://github.com/kanisterio/kanister/blob/master/CONTRIBUTING.md) and [Code of Conduct](https://github.com/kanisterio/kanister/blob/master/CODE_OF_CONDUCT.md) document.
+    -
+      name: Update status in project
+      uses: alex-page/[email protected]
+      # This only works for PRs opened in the same repo and not by dependabot.
+      # Other PRs don't get the necessary credentials.
+      if: github.repository == 'kanisterio/kanister' && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot'
+      with:
+        repo-token: ${{ secrets.GH_TOKEN }}
+        project: Kanister
+        column: In Progress
diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -62,8 +62,8 @@ dockers:
   dockerfile: 'docker/tools/Dockerfile'
   build_flag_templates:
   - "--build-arg=kan_tools_version={{ .Tag }}"
-# Refers to https://github.com/kopia/kopia/commit/a1eeeeadb3759fb94184f5c83d0f54e4cbc91f72
-  - "--build-arg=kopiaBuildCommit=a1eeeea"
+# Refers to https://github.com/kopia/kopia/commit/3551f743d762f2ffe669523272d1c8d734120b79
+  - "--build-arg=kopiaBuildCommit=3551f74"
   - "--build-arg=kopiaRepoOrg=kopia"
   extra_files:
   - 'LICENSE'

diff --git a/ADOPTERS.md b/ADOPTERS.md
@@ -2,3 +2,4 @@
 
 - [Kasten by Veeam](https://www.kasten.io/)
 - [Norddeutscher Rundfunk](https://www.ndr.de)
+- [PITS Global Data Recovery Services](https://www.pitsdatarecovery.net/)
diff --git a/Dockerfile.in b/Dockerfile.in
@@ -1,4 +1,4 @@
-ARG base_image=registry.access.redhat.com/ubi9/ubi-minimal:9.2-717
+ARG base_image=registry.access.redhat.com/ubi9/ubi-minimal:9.2-750
 FROM ${base_image}
 ARG kanister_version
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,3 +2,4 @@

		- [Kasten by Veeam](https://www.kasten.io/)
		- [Norddeutscher Rundfunk](https://www.ndr.de)
		- [PITS Global Data Recovery Services](https://www.pitsdatarecovery.net/)