Merge branch 'main' into update-dos-games

zarf-dev · Aug 6, 2024 · 50d066d · 50d066d
2 parents eac1d2c + 5f0f8de
commit 50d066d
Show file tree

Hide file tree

Showing 220 changed files with 4,810 additions and 3,962 deletions.
diff --git a/.github/.codecov.yml b/.github/.codecov.yml
@@ -0,0 +1,20 @@
+# To validate:
+#   cat codecov.yml | curl --data-binary @- https://codecov.io/validate
+
+codecov:
+  notify:
+    require_ci_to_pass: yes
+
+coverage:
+  status:
+    patch: false
+
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 1%
+    patch:
+      default:
+        enabled: no # disable patch since it is noisy and not correct
+        if_not_found: success
diff --git a/.github/actions/cleanup-files/action.yaml b/.github/actions/cleanup-files/action.yaml
@@ -7,10 +7,16 @@ runs:
     - run: |
         lsblk -f
 
+        echo "removing some github actions pre-installed tools to save space"
+        sudo rm -rf /usr/share/dotnet
+        sudo rm -rf /opt/ghc
+        sudo rm -rf /opt/hostedtoolcache/CodeQL
+        sudo docker system prune --all --force
+
+        echo "removing zarf sboms, packages, cache"
         sudo rm -rf zarf-sbom /tmp/zarf-*
         sudo env "PATH=$PATH" CI=true make delete-packages
         sudo build/zarf tools clear-cache
-        sudo docker system prune --all --force
 
         lsblk -f
       shell: bash
diff --git a/.github/actions/debug-cluster/action.yaml b/.github/actions/debug-cluster/action.yaml
@@ -0,0 +1,22 @@
+name: debug-cluster
+description: "Setup Go binary and caching"
+
+runs:
+  using: composite
+  steps:
+    - run: |
+        echo "***** Getting pods *****"
+        kubectl get pods -A
+
+        echo "***** Getting pods yaml *****"
+        kubectl get pods -A -o yaml
+
+        echo "***** Describing pods *****"
+        kubectl describe pods -A
+
+        echo "***** Getting nodes *****"
+        kubectl get nodes -A
+
+        echo "***** describing nodes *****"
+        kubectl describe nodes -A
+      shell: bash
diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
@@ -8,11 +8,4 @@ runs:
 
     - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
 
-    - name: install grype
-      env:
-        # renovate: datasource=github-tags depName=anchore/grype versioning=semver
-        VERSION: v0.74.6
-      run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION"
-      shell: bash
-
     - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repo"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Install tools
         uses: ./.github/actions/install-tools
@@ -34,7 +34,7 @@ jobs:
           shasum zarf-injector-arm64 >> checksums.txt
 
       - name: Auth with AWS
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
         with:
           role-to-assume: ${{ secrets.AWS_WRITE_ROLE }}
           role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }}

diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -16,12 +16,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
       - name: Setup Node.js
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
 
       - name: Install commitlint
         run: npm install --save-dev @commitlint/{config-conventional,cli}

diff --git a/.github/workflows/compare-cves.yml b/.github/workflows/compare-cves.yml
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -6,10 +6,10 @@ permissions:
   contents: read
 
 jobs:
-  validate:
+  dependency-review:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Dependency Review
-        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml
@@ -15,11 +15,11 @@ permissions:
   contents: read
 
 jobs:
-  validate:
+  ecr-nightly-test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang
@@ -28,7 +28,7 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Auth with AWS
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
         with:
           role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
           role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }}

diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml
@@ -23,11 +23,11 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  validate:
+  eks-nightly-test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang
@@ -36,12 +36,12 @@ jobs:
         uses: ./.github/actions/packages
 
       - name: Auth with AWS
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
         with:
           role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
           role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }}
           aws-region: us-east-1
-          role-duration-seconds: 3600
+          role-duration-seconds: 7200
 
       - name: Build the eks package
         run: ./build/zarf package create packages/distros/eks -o build --confirm
@@ -57,6 +57,10 @@ jobs:
       - name: Run tests
         run: make test-e2e-with-cluster ARCH=amd64
 
+      - name: show cluster logs
+        uses: ./.github/actions/debug-cluster
+        if: always()
+
       - name: Teardown the cluster
         if: always()
         run: |

diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml
@@ -18,15 +18,15 @@ jobs:
       packages: write
     steps:
       - name: "Checkout Repo"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           ref: ${{ github.event.inputs.branchName }}
 
       - name: Install The Latest Release Version of Zarf
         uses: defenseunicorns/setup-zarf@10e539efed02f75ec39eb8823e22a5c795f492ae #v1.0.1
 
       - name: "Login to GHCR"
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ghcr.io
           username: dummy

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,14 +9,14 @@ on:
       - "v*"
 
 jobs:
-  build:
+  build-release:
     runs-on: ubuntu-latest
     permissions:
       packages: write
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
@@ -32,7 +32,7 @@ jobs:
           make build-cli-linux-arm
 
       - name: "Zarf Agent: Login to GHCR"
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ghcr.io
           username: dummy
@@ -63,7 +63,7 @@ jobs:
 
       - name: Publish Init Package as OCI and Skeleton
         run: |
-          make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/zerf-dev/packages
+          make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/zarf-dev/packages
           make publish-init-package ARCH=arm64 REPOSITORY_URL=ghcr.io/zarf-dev/packages
 
       # Create a CVE report based on this build
@@ -72,24 +72,24 @@ jobs:
 
       # Upload the contents of the build directory for later stages to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: build-artifacts
           path: build/
           retention-days: 1
 
-  validate:
+  validate-release:
     runs-on: ubuntu-latest
-    needs: build
+    needs: build-release
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
       - name: Download build artifacts
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: build-artifacts
           path: build/
@@ -114,16 +114,16 @@ jobs:
         if: always()
         uses: ./.github/actions/save-logs
 
-  push:
+  create-release:
     runs-on: ubuntu-latest
-    needs: validate
+    needs: validate-release
     environment: release
     permissions:
       contents: write
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
@@ -134,19 +134,11 @@ jobs:
         uses: ./.github/actions/install-tools
 
       - name: Download build artifacts
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: build-artifacts
           path: build/
 
-      # Set up AWS credentials for GoReleaser to upload backups of artifacts to S3
-      - name: Set AWS Credentials
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }}
-          aws-region: us-gov-west-1
-
       - name: Make zarf executable and skip brew latest for pre-release tags
         run: |
           chmod +x build/zarf
@@ -175,7 +167,7 @@ jobs:
 
       - name: Get Brew tap repo token
         id: brew-tap-token
-        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
         with:
           app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
@@ -194,7 +186,7 @@ jobs:
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }}
 
       - name: Save CVE report
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: cve-report
           path: build/zarf-known-cves.csv