Merge branch 'main' into adr/schema

.github/workflows/compare-cves.yml

@@ -6,10 +6,16 @@ permissions:
 on:
   pull_request:
     paths:
-      - "go.mod"
-      - "go.sum"
-      - "cargo.toml"
-      - "cargo.lock"
+    - "go.mod"
+    - "go.sum"
+    - "cargo.toml"
+    - "cargo.lock"
+  merge_group:
+    paths:
+    - "go.mod"
+    - "go.sum"
+    - "cargo.toml"
+    - "cargo.lock"
 
 jobs:
   validate:

.github/workflows/dependency-review.yml

@@ -1,5 +1,6 @@
 name: Dependency Review
-on: pull_request
+on:
+  pull_request:
 
 permissions:
   contents: read

.github/workflows/release.yml

@@ -184,11 +184,11 @@ jobs:
 
       # Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
         with:
           distribution: goreleaser
-          version: latest
-          args: release --rm-dist --debug
+          version: "~> v2"
+          args: release --clean --verbose
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }}

.github/workflows/scan-codeql.yml

@@ -16,6 +16,16 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
   schedule:
     - cron: "32 2 * * 5"
 

.github/workflows/scan-docs-and-schema.yml

@@ -1,6 +1,7 @@
 name: Validate Docs and Schema
 on:
   pull_request:
+  merge_group:
 
 permissions:
   contents: read

.github/workflows/scan-lint.yml

@@ -1,5 +1,7 @@
 name: Validate Lint
-on: pull_request
+on:
+  pull_request:
+  merge_group:
 
 permissions:
   contents: read

.github/workflows/test-bigbang.yml

@@ -10,6 +10,16 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
 
 permissions:
   contents: read

.github/workflows/test-e2e-shim.yml

@@ -1,6 +1,16 @@
 name: Docs Skip Shim
 on:
   pull_request:
+   paths:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
+  merge_group:
     paths:
       - "**.md"
       - "**.jpg"

.github/workflows/test-e2e.yml

@@ -10,6 +10,16 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
 
 permissions:
   contents: read

.github/workflows/test-external.yml

@@ -10,6 +10,16 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
 
 permissions:
   contents: read

.github/workflows/test-site.yml

@@ -0,0 +1,34 @@
+name: Test Site
+on:
+  pull_request:
+  merge_group:
+
+permissions:
+  contents: read
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: site-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./site
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup Node.js
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+
+      - name: npm ci
+        run: npm ci
+
+      - name: run site build
+        run: npm run build
+
+      - name: check links
+        run: npm run link-check

.github/workflows/test-unit.yml

@@ -10,6 +10,20 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
+  push:
+    # Running unit tests on main gives codecov a base to compare PRs against
+    branches:
+      - main
 
 permissions:
   contents: read
@@ -31,8 +45,8 @@ jobs:
 
       - name: Run unit tests
         run: make test-unit
-      
+
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1
         with:
-          token: ${{ secrets.CODECOV_TOKEN }}
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/test-upgrade.yml

@@ -10,6 +10,16 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
 
 permissions:
   contents: read
@@ -71,7 +81,7 @@ jobs:
         # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of zarf installed
         #       in a previous step. This test run will the current release to create a K3s cluster.
         run: |
-          sudo env "PATH=$PATH" CI=true zarf init --components k3s,git-server,logging --nodeport 31337 --confirm
+          sudo env "PATH=$PATH" CI=true zarf init --components k3s,git-server --nodeport 31337 --confirm
 
       # Before we run the regular tests we need to aggressively cleanup files to reduce disk pressure
       - name: Cleanup files

.github/workflows/test-windows.yml

@@ -10,6 +10,16 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
+  merge_group:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
 
 permissions:
   contents: read
@@ -20,23 +30,22 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  validate:
+  test-unit:
     runs-on: windows-latest
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Optimize caching
-        run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
-        shell: cmd
-
-      - name: Setup golang
-        uses: ./.github/actions/golang
-
       - name: Run Windows unit tests
         run: make test-unit
         shell: pwsh
 
+  test-e2e-without-cluster:
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
       - name: Build Windows binary and zarf packages
         uses: ./.github/actions/packages
         with:
@@ -52,5 +61,5 @@ jobs:
           make release-init-package ARCH=amd64 AGENT_IMAGE_TAG=v0.30.1
 
       - name: Run windows E2E tests
-        run: make test-e2e ARCH=amd64 -e SKIP_K8S=true
+        run: make test-e2e-without-cluster
         shell: pwsh

.goreleaser.yaml

@@ -1,3 +1,5 @@
+version: 2
+
 before:
   hooks:
     - go mod tidy
@@ -72,7 +74,7 @@ release:
 # Update the 'generic' brew formula and create a versioned brew formula for artifacts from this release
 brews:
   - name: "{{ .Env.BREW_NAME }}"
-    tap:
+    repository:
       owner: defenseunicorns
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
@@ -91,7 +93,7 @@ brews:
   # NOTE: We are using .Version instead of .Tag because homebrew has weird semver parsing rules and won't be able to
   #       install versioned releases that has a `v` character before the version number.
   - name: "zarf@{{ .Version }}"
-    tap:
+    repository:
       owner: defenseunicorns
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
@@ -111,4 +113,4 @@ blobs:
   - provider: s3
     region: us-gov-west-1
     bucket: zarf-public
-    folder: "release/{{.Version}}"
+    directory: "release/{{.Version}}"

Makefile

@@ -107,6 +107,8 @@ docs-and-schema: ## Generate the Zarf Documentation and Schema
 	ZARF_CONFIG=hack/empty-config.toml go run main.go internal gen-cli-docs
 	ZARF_CONFIG=hack/empty-config.toml hack/create-zarf-schema.sh
 
+init-package-with-agent: build build-local-agent-image init-package
+
 lint-packages-and-examples: build ## Recursively lint all zarf.yaml files in the repo except for those dedicated to tests
 	hack/lint-all-zarf-packages.sh $(ZARF_BIN) false
 
@@ -133,7 +135,7 @@ release-init-package:
 
 # INTERNAL: used to build an iron bank version of the init package with an ib version of the registry image
 ib-init-package:
-	@test -s $(ZARF_BIN) || $(MAKE) build-cli
+	@test -s $(ZARF_BIN) || $(MAKE)
 	$(ZARF_BIN) package create -o build -a $(ARCH) --confirm . \
 		--set REGISTRY_IMAGE_DOMAIN="registry1.dso.mil/" \
 		--set REGISTRY_IMAGE="ironbank/opensource/docker/registry-v2" \
@@ -191,7 +193,7 @@ test-e2e-without-cluster: build-examples ## Run all of the core Zarf CLI E2E tes
 ## NOTE: Requires an existing cluster
 .PHONY: test-external
 test-external: ## Run the Zarf CLI E2E tests for an external registry and cluster
-	@test -s $(ZARF_BIN) || $(MAKE) build-cli
+	@test -s $(ZARF_BIN) || $(MAKE)
 	@test -s ./build/zarf-init-$(ARCH)-$(CLI_VERSION).tar.zst || $(MAKE) init-package
 	@test -s ./build/zarf-package-podinfo-flux-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/podinfo-flux -o build -a $(ARCH) --confirm
 	@test -s ./build/zarf-package-argocd-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/argocd -o build -a $(ARCH) --confirm
@@ -200,7 +202,7 @@ test-external: ## Run the Zarf CLI E2E tests for an external registry and cluste
 ## NOTE: Requires an existing cluster and
 .PHONY: test-upgrade
 test-upgrade: ## Run the Zarf CLI E2E tests for an external registry and cluster
-	@test -s $(ZARF_BIN) || $(MAKE) build-cli
+	@test -s $(ZARF_BIN) || $(MAKE)
 	[ -n "$(shell zarf version)" ] || (echo "Zarf must be installed prior to the upgrade test" && exit 1)
 	[ -n "$(shell zarf package list 2>&1 | grep test-upgrade-package)" ] || (echo "Zarf must be initialized and have the 6.3.3 upgrade-test package installed prior to the upgrade test" && exit 1)
 	@test -s "zarf-package-test-upgrade-package-amd64-6.3.4.tar.zst" || zarf package create src/test/upgrade/ --set PODINFO_VERSION=6.3.4 --confirm

README.md

@@ -32,13 +32,12 @@ Zarf eliminates the [complexity of air gap software delivery](https://www.itopst
 
 - Automate Kubernetes deployments in disconnected environments
 - Automate [Software Bill of Materials (SBOM)](https://docs.zarf.dev/ref/sboms/) generation
-- Build and [publish packages as OCI image artifacts](https://docs.zarf.dev/tutorials/7-publish-and-deploy/)
+- Build and [publish packages as OCI image artifacts](https://docs.zarf.dev/tutorials/6-publish-and-deploy/)
 - Provide a [web dashboard](https://docs.zarf.dev/ref/sboms/#the-sbom-viewer) for viewing SBOM output
 - Create and verify package signatures with [cosign](https://github.com/sigstore/cosign)
 - [Publish](https://docs.zarf.dev/commands/zarf_package_publish), [pull](https://docs.zarf.dev/commands/zarf_package_pull), and [deploy](https://docs.zarf.dev/commands/zarf_package_deploy) packages from an [OCI registry](https://opencontainers.org/)
 - Powerful component lifecycle [actions](https://docs.zarf.dev/ref/actions)
 - Deploy a new cluster while fully disconnected with [K3s](https://k3s.io/) or into any existing cluster using a [kube config](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
-- Builtin logging stack with [Loki](https://grafana.com/oss/loki/)
 - Built-in Git server with [Gitea](https://gitea.io/en-us/)
 - Built-in Docker registry
 - Builtin [K9s Dashboard](https://k9scli.io/) for managing a cluster from the terminal