diff --git a/.github/.codecov.yml b/.github/.codecov.yml new file mode 100644 index 0000000000..c17bea84b0 --- /dev/null +++ b/.github/.codecov.yml @@ -0,0 +1,20 @@ +# To validate: +# cat codecov.yml | curl --data-binary @- https://codecov.io/validate + +codecov: + notify: + require_ci_to_pass: yes + +coverage: + status: + patch: false + + status: + project: + default: + target: auto + threshold: 1% + patch: + default: + enabled: no # disable patch since it is noisy and not correct + if_not_found: success \ No newline at end of file diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index f6243f526e..a03541314d 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -21,7 +21,7 @@ jobs: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - name: Install commitlint run: npm install --save-dev @commitlint/{config-conventional,cli} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 01843002e6..ed74def218 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -6,10 +6,10 @@ permissions: contents: read jobs: - validate: + dependency-review: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Dependency Review - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 + uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml index 9ff144c4ff..ca9bf97ca4 100644 --- a/.github/workflows/nightly-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -15,7 +15,7 @@ permissions: contents: read jobs: - validate: + ecr-nightly-test: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 18b23bb1c6..3ea9aae5a9 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -23,7 +23,7 @@ concurrency: cancel-in-progress: true jobs: - validate: + eks-nightly-test: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cc5d405a95..8da6cbc22b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ on: - "v*" jobs: - build: + build-release: runs-on: ubuntu-latest permissions: packages: write @@ -78,9 +78,9 @@ jobs: path: build/ retention-days: 1 - validate: + validate-release: runs-on: ubuntu-latest - needs: build + needs: build-release steps: # Checkout the repo and setup the tooling for this job - name: Checkout @@ -114,9 +114,9 @@ jobs: if: always() uses: ./.github/actions/save-logs - push: + create-release: runs-on: ubuntu-latest - needs: validate + needs: validate-release environment: release permissions: contents: write diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml index 4f651e704a..e5ab9bd6d8 100644 --- a/.github/workflows/scan-codeql.yml +++ b/.github/workflows/scan-codeql.yml @@ -30,7 +30,7 @@ on: - cron: "32 2 * * 5" jobs: - validate: + codeql-scan: runs-on: ubuntu-latest permissions: actions: read diff --git a/.github/workflows/scan-docs-and-schema.yml b/.github/workflows/scan-docs-and-schema.yml index e614faa5a1..c4819b6525 100644 --- a/.github/workflows/scan-docs-and-schema.yml +++ b/.github/workflows/scan-docs-and-schema.yml @@ -7,7 +7,7 @@ permissions: contents: read jobs: - validate: + validate-docs-and-schema: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/scan-lint.yml b/.github/workflows/scan-lint.yml index 45421e95de..95642fe5cc 100644 --- a/.github/workflows/scan-lint.yml +++ b/.github/workflows/scan-lint.yml @@ -7,7 +7,7 @@ permissions: contents: read jobs: - validate: + lint: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 34e7ac5ca5..451a2082a9 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -30,7 +30,7 @@ concurrency: cancel-in-progress: true jobs: - build: + build-bigbang: runs-on: ubuntu-latest steps: - name: Checkout @@ -69,9 +69,9 @@ jobs: path: build/ retention-days: 1 - validate: + validate-bigbang: runs-on: ubuntu-latest - needs: build + needs: build-bigbang steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 91a5f160a4..b3fee07a16 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -31,7 +31,7 @@ concurrency: jobs: # Build the binary and init package - build: + build-e2e: runs-on: ubuntu-latest steps: - name: Checkout @@ -55,7 +55,7 @@ jobs: validate-without-cluster: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -90,7 +90,7 @@ jobs: # Run the tests on k3d validate-k3d: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -128,7 +128,7 @@ jobs: # Run the tests on k3s validate-k3s: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -166,7 +166,7 @@ jobs: # Run the tests on kind validate-kind: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -206,7 +206,7 @@ jobs: # Run the tests on minikube validate-minikube: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/test-external.yml b/.github/workflows/test-external.yml index 081ac7c461..2db9dcbcd3 100644 --- a/.github/workflows/test-external.yml +++ b/.github/workflows/test-external.yml @@ -30,7 +30,7 @@ concurrency: cancel-in-progress: true jobs: - validate: + validate-external: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/test-site.yml b/.github/workflows/test-site.yml index 1042f3a0b6..f581379037 100644 --- a/.github/workflows/test-site.yml +++ b/.github/workflows/test-site.yml @@ -12,7 +12,7 @@ concurrency: cancel-in-progress: true jobs: - validate: + validate-site: runs-on: ubuntu-latest defaults: run: @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - name: npm ci run: npm ci diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 78b49b9c90..4690674604 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -34,7 +34,7 @@ concurrency: cancel-in-progress: true jobs: - validate: + validate-unit: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index 3ffe41a13c..a86c02e5cc 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -30,7 +30,7 @@ concurrency: cancel-in-progress: true jobs: - build: + build-upgrade: runs-on: ubuntu-latest steps: - name: Checkout @@ -52,9 +52,9 @@ jobs: path: build/ retention-days: 1 - validate: + validate-upgrade: runs-on: ubuntu-latest - needs: build + needs: build-upgrade steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/go.mod b/go.mod index f21373efd3..4e4ef20ac3 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,9 @@ replace github.com/zarf-dev/zarf/src/api => ./src/api // TODO (@AABRO): Pending merge into github.com/gojsonschema/gojsonschema (https://github.com/gojsonschema/gojsonschema/pull/5) replace github.com/xeipuuv/gojsonschema => github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 +// TODO once helm updates to use v25.0.6 we can delete this +replace github.com/docker/docker => github.com/docker/docker v25.0.6+incompatible + require ( github.com/AlecAivazis/survey/v2 v2.3.7 github.com/Masterminds/semver/v3 v3.2.1 @@ -21,13 +24,14 @@ require ( github.com/distribution/reference v0.5.0 github.com/fairwindsops/pluto/v5 v5.18.4 github.com/fatih/color v1.17.0 + github.com/fluxcd/gitkit v0.6.0 github.com/fluxcd/helm-controller/api v1.0.1 github.com/fluxcd/pkg/apis/meta v1.5.0 github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.11.0 github.com/goccy/go-yaml v1.12.0 github.com/gofrs/flock v0.8.1 - github.com/google/go-containerregistry v0.19.0 + github.com/google/go-containerregistry v0.20.1 github.com/gosuri/uitable v0.0.4 github.com/invopop/jsonschema v0.12.0 github.com/mholt/archiver/v3 v3.5.1 @@ -40,8 +44,8 @@ require ( github.com/sigstore/cosign/v2 v2.2.3 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 - github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.1 - github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.1 + github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.18.2 @@ -51,13 +55,13 @@ require ( golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 golang.org/x/term v0.22.0 - helm.sh/helm/v3 v3.14.2 + helm.sh/helm/v3 v3.15.3 k8s.io/api v0.30.3 k8s.io/apimachinery v0.30.3 k8s.io/client-go v0.30.3 k8s.io/component-base v0.30.3 k8s.io/klog/v2 v2.120.1 - k8s.io/kubectl v0.29.1 + k8s.io/kubectl v0.30.0 oras.land/oras-go/v2 v2.5.0 sigs.k8s.io/cli-utils v0.36.0 sigs.k8s.io/kustomize/api v0.16.0 @@ -67,7 +71,9 @@ require ( require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/logr v1.4.2 // indirect + github.com/gofrs/uuid v4.2.0+incompatible // indirect ) require ( @@ -75,11 +81,11 @@ require ( atomicgo.dev/keyboard v0.2.9 // indirect atomicgo.dev/schedule v0.1.0 // indirect cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.6.0 // indirect + cloud.google.com/go/auth v0.6.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.9 // indirect - cloud.google.com/go/kms v1.18.0 // indirect + cloud.google.com/go/kms v1.18.2 // indirect cloud.google.com/go/longrunning v0.5.7 // indirect cloud.google.com/go/storage v1.42.0 // indirect cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 // indirect @@ -149,22 +155,22 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/atotto/clipboard v0.1.4 // indirect github.com/aws/aws-sdk-go v1.54.9 // indirect - github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2 v1.27.2 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.18 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.18 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 // indirect github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect - github.com/aws/smithy-go v1.19.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 // indirect + github.com/aws/smithy-go v1.20.2 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/bahlo/generic-list-go v0.2.0 // indirect @@ -180,7 +186,7 @@ require ( github.com/buildkite/go-pipeline v0.3.2 // indirect github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/charmbracelet/bubbles v0.16.1 // indirect @@ -201,7 +207,7 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/containerd/ttrpc v1.2.2 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect - github.com/coreos/go-oidc/v3 v3.9.0 // indirect + github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -216,9 +222,9 @@ require ( github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/cli v26.0.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v24.0.9+incompatible // indirect + github.com/docker/docker v25.0.6+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -247,7 +253,7 @@ require ( github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.5.0 // indirect + github.com/go-git/go-billy/v5 v5.5.0 github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect @@ -264,7 +270,7 @@ require ( github.com/go-openapi/validate v0.22.4 // indirect github.com/go-piv/piv-go v1.11.0 // indirect github.com/go-restruct/restruct v1.2.0-alpha // indirect - github.com/go-test/deep v1.1.0 // indirect + github.com/go-test/deep v1.1.1 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -304,7 +310,7 @@ require ( github.com/hashicorp/go-sockaddr v1.0.5 // indirect github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/hashicorp/vault/api v1.10.0 // indirect + github.com/hashicorp/vault/api v1.14.0 // indirect github.com/huandu/xstrings v1.4.0 // indirect github.com/iancoleman/strcase v0.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect @@ -312,7 +318,7 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect - github.com/jellydator/ttlcache/v3 v3.1.1 // indirect + github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect @@ -333,7 +339,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect + github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/lithammer/dedent v1.1.0 // indirect @@ -369,7 +375,6 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect - github.com/morikuni/aec v1.0.0 // indirect github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect @@ -428,7 +433,7 @@ require ( github.com/shopspring/decimal v1.3.1 // indirect github.com/sigstore/fulcio v1.4.3 // indirect github.com/sigstore/rekor v1.3.4 // indirect - github.com/sigstore/sigstore v1.8.1 // indirect + github.com/sigstore/sigstore v1.8.7 // indirect github.com/sigstore/timestamp-authority v1.2.1 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect @@ -476,29 +481,28 @@ require ( go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect go.opentelemetry.io/otel v1.27.0 // indirect go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.step.sm/crypto v0.42.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 // indirect + golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sys v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect - google.golang.org/api v0.186.0 // indirect + google.golang.org/api v0.187.0 // indirect google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect - gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect @@ -508,16 +512,16 @@ require ( gorm.io/gorm v1.25.5 // indirect k8s.io/apiextensions-apiserver v0.30.0 // indirect k8s.io/apiserver v0.30.0 // indirect - k8s.io/cli-runtime v0.29.1 // indirect - k8s.io/component-helpers v0.29.1 // indirect + k8s.io/cli-runtime v0.30.0 // indirect + k8s.io/component-helpers v0.30.0 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/metrics v0.29.1 // indirect + k8s.io/metrics v0.30.0 // indirect k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect modernc.org/libc v1.29.0 // indirect modernc.org/mathutil v1.6.0 // indirect modernc.org/memory v1.7.2 // indirect modernc.org/sqlite v1.28.0 // indirect - oras.land/oras-go v1.2.4 // indirect + oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/controller-runtime v0.18.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3 // indirect diff --git a/go.sum b/go.sum index a37a950db1..4d6331b57f 100644 --- a/go.sum +++ b/go.sum @@ -55,8 +55,8 @@ cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjby cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= -cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= -cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= +cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= +cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= @@ -123,8 +123,8 @@ cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= -cloud.google.com/go/kms v1.18.0 h1:pqNdaVmZJFP+i8OVLocjfpdTWETTYa20FWOegSCdrRo= -cloud.google.com/go/kms v1.18.0/go.mod h1:DyRBeWD/pYBMeyiaXFa/DGNyxMDL3TslIKb8o/JkLkw= +cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= +cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= @@ -265,8 +265,8 @@ github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= @@ -425,41 +425,41 @@ github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX github.com/aws/aws-sdk-go v1.54.9 h1:e0Czh9AhrCVPuyaIUnibYmih3cYexJKlqlHSJ2eMKbI= github.com/aws/aws-sdk-go v1.54.9/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= -github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= -github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= -github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= -github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= -github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= -github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= +github.com/aws/aws-sdk-go-v2 v1.27.2 h1:pLsTXqX93rimAOZG2FIYraDQstZaaGVVN4tNw65v0h8= +github.com/aws/aws-sdk-go-v2 v1.27.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.18 h1:wFvAnwOKKe7QAyIxziwSKjmer9JBMH1vzIL6W+fYuKk= +github.com/aws/aws-sdk-go-v2/config v1.27.18/go.mod h1:0xz6cgdX55+kmppvPm2IaKzIXOheGJhAufacPJaXZ7c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.18 h1:D/ALDWqK4JdY3OFgA2thcPO1c9aYTT5STS/CvnkqY1c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.18/go.mod h1:JuitCWq+F5QGUrmMPsk945rop6bB57jdscu+Glozdnc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 h1:dDgptDO9dxeFkXy+tEgVkzSClHZje/6JkPW5aZyEvrQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5/go.mod h1:gjvE2KBUgUQhcv89jqxrIxH9GaKs1JbZzWejj/DaHGA= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 h1:cy8ahBJuhtM8GTTSyOkfy6WVPV1IE+SS5/wfXUYuulw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9/go.mod h1:CZBXGLaJnEZI6EVNcPd7a6B5IC5cA/GkRWtu9fp3S6Y= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 h1:A4SYk07ef04+vxZToz9LWvAXl9LW0NClpPpMsi31cz0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9/go.mod h1:5jJcHuwDagxN+ErjQ3PU3ocf6Ylc/p9x+BLO/+X4iXw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 h1:o4T+fKxA3gTMcluBNZZXE9DNaMkJuUL1O3mffCUjoJo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11/go.mod h1:84oZdJ+VjuJKs9v1UTC9NaodRZRseOXCTgku+vQJWR8= github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 h1:W9PbZAZAEcelhhjb7KuwUtf+Lbc+i7ByYJRuWLlnxyQ= github.com/aws/aws-sdk-go-v2/service/kms v1.27.9/go.mod h1:2tFmR7fQnOdQlM2ZCEPpFnBIQD1U8wmXmduBgZbOag0= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 h1:gEYM2GSpr4YNWc6hCd5nod4+d4kd9vWIAWrmGuLdlMw= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.11/go.mod h1:gVvwPdPNYehHSP9Rs7q27U1EU+3Or2ZpXvzAYJNh63w= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 h1:iXjh3uaH3vsVcnyZX7MqCoCfcyxIrVE9iOQruRaWPrQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5/go.mod h1:5ZXesEuy/QcO0WUnt+4sDkxhdXRHTu2yG0uCSH8B6os= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 h1:M/1u4HBpwLuMtjlxuI2y6HoVLzF5e2mfxHCg7ZVMYmk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.12/go.mod h1:kcfd+eTdEi/40FIbLq4Hif3XMXnl5b/+t/KTfLt9xIk= github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= -github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= @@ -500,8 +500,8 @@ github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HV github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -570,8 +570,8 @@ github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtO github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= -github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= +github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= +github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -639,12 +639,12 @@ github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUy github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= -github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= +github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= @@ -706,6 +706,8 @@ github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g= github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fluxcd/gitkit v0.6.0 h1:iNg5LTx6ePo+Pl0ZwqHTAkhbUHxGVSY3YCxCdw7VIFg= +github.com/fluxcd/gitkit v0.6.0/go.mod h1:svOHuKi0fO9HoawdK4HfHAJJseZDHHjk7I3ihnCIqNo= github.com/fluxcd/helm-controller/api v1.0.1 h1:Gn9qEVuif6D5+gHmVwTEZkR4+nmLOcOhKx4Sw2gL2EA= github.com/fluxcd/helm-controller/api v1.0.1/go.mod h1:/6AD5a2qjo/ttxVM8GR33syLZwqigta60DCLdy8GrME= github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= @@ -770,6 +772,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -813,8 +817,8 @@ github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-restruct/restruct v1.2.0-alpha h1:2Lp474S/9660+SJjpVxoKuWX09JsXHSrdV7Nv3/gkvc= github.com/go-restruct/restruct v1.2.0-alpha/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk= -github.com/go-rod/rod v0.114.5 h1:1x6oqnslwFVuXJbJifgxspJUd3O4ntaGhRLHt+4Er9c= -github.com/go-rod/rod v0.114.5/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= +github.com/go-rod/rod v0.116.1 h1:BDMZY3qm/14SmvHBV7DoFUhXeJ2MbUYgumQ88b+v2WE= +github.com/go-rod/rod v0.116.1/go.mod h1:3Ash9fYwznqz9S1uLQgQRStur4fCXjoxxGW+ym6TYjU= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= @@ -822,8 +826,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= -github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= @@ -841,6 +845,8 @@ github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0= +github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -923,8 +929,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= -github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0= +github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -1011,8 +1017,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWet github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b h1:wDUNC2eKiL35DbLvsDhiblTUXHxcOPwQSCzi7xpQUN4= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b/go.mod h1:VzxiSdG6j1pi7rwGm/xYI5RbtpBgM8sARDXlvEvxlu0= github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= @@ -1077,8 +1083,8 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ= -github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= +github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= +github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog= @@ -1109,8 +1115,8 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E= -github.com/jellydator/ttlcache/v3 v3.1.1 h1:RCgYJqo3jgvhl+fEWvjNW8thxGWsgxi+TPhRir1Y9y8= -github.com/jellydator/ttlcache/v3 v3.1.1/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= +github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= +github.com/jellydator/ttlcache/v3 v3.2.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= @@ -1191,8 +1197,8 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= -github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s= -github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491/go.mod h1:o158RFmdEbYyIZmXAbrvmJWesbyxlLKee6X64VPVuOc= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= @@ -1265,8 +1271,8 @@ github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5/go.mod h1:v github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -1347,8 +1353,9 @@ github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8Q github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ= github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= +github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM= @@ -1542,16 +1549,16 @@ github.com/sigstore/fulcio v1.4.3 h1:9JcUCZjjVhRF9fmhVuz6i1RyhCc/EGCD7MOl+iqCJLQ github.com/sigstore/fulcio v1.4.3/go.mod h1:BQPWo7cfxmJwgaHlphUHUpFkp5+YxeJes82oo39m5og= github.com/sigstore/rekor v1.3.4 h1:RGIia1iOZU7fOiiP2UY/WFYhhp50S5aUm7YrM8aiA6E= github.com/sigstore/rekor v1.3.4/go.mod h1:1GubPVO2yO+K0m0wt/3SHFqnilr/hWbsjSOe7Vzxrlg= -github.com/sigstore/sigstore v1.8.1 h1:mAVposMb14oplk2h/bayPmIVdzbq2IhCgy4g6R0ZSjo= -github.com/sigstore/sigstore v1.8.1/go.mod h1:02SL1158BSj15bZyOFz7m+/nJzLZfFd9A8ab3Kz7w/E= +github.com/sigstore/sigstore v1.8.7 h1:L7/zKauHTg0d0Hukx7qlR4nifh6T6O6UIt9JBwAmTIg= +github.com/sigstore/sigstore v1.8.7/go.mod h1:MPiQ/NIV034Fc3Kk2IX9/XmBQdK60wfmpvgK9Z1UjRA= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 h1:rEDdUefulkIQaMJyzLwtgPDLNXBIltBABiFYfb0YmgQ= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1/go.mod h1:RCdYCc1IxCYWzh2IdzdA6Yf7JIY0cMRqH08fpQYechw= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 h1:DvRWG99QGWZC5mp42SEde2Xke/Q384Idnj2da7yB+Mk= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1/go.mod h1:s13mo3a0UCQS3+PAUUZfvKe48sMDMsHk2GE1b2YfPcU= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.1 h1:lwdRsJv1UbBemuk7w5YfXAQilQxMoFevrzamdPbG0wY= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.1/go.mod h1:2OaSQ80EcdyVRSQ3T4d1lsc6Scopblsiq8U2AEk5K1A= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.1 h1:9Ki0qudKpc1FQdef7xHO2bkLyTuw+qNUpWRzjBEmF4c= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.1/go.mod h1:nhIgyu4YwwNgalIwTGsoAzam16jjAn3ADRSWKbWPwGI= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 h1:zYg1XlbKpQkmE7FpWTkLuUn7RttLAq4FcZ1G9JcqhoY= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7/go.mod h1:VmUsO1R4OHuyHBEgI4bbSUn0z2nojszrDMvlDxyX/dE= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7 h1:dbcB9VEddYrvK+y4rHeES5OZ/pMQuucfJ0qCNWQmnp0= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7/go.mod h1:96MrPJBkHiAvqFyqviuYbwPAdbPCj8CR3V0RJ9bKjrE= github.com/sigstore/timestamp-authority v1.2.1 h1:j9RmqSAdvKgSofeltPO4x7d+1M3AXaROBzUJ+AA7L5Q= github.com/sigstore/timestamp-authority v1.2.1/go.mod h1:Ce+vWWEf0QaKLY2u6mpwEJbmYXEVeOfUk4fQ69kE6ck= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -1697,8 +1704,8 @@ github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns= github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18= -github.com/ysmood/got v0.34.1 h1:IrV2uWLs45VXNvZqhJ6g2nIhY+pgIG1CUoOcqfXFl1s= -github.com/ysmood/got v0.34.1/go.mod h1:yddyjq/PmAf08RMLSwDjPyCvHvYed+WjHnQxpH851LM= +github.com/ysmood/got v0.40.0 h1:ZQk1B55zIvS7zflRrkGfPDrPG3d7+JOza1ZkNxcc74Q= +github.com/ysmood/got v0.40.0/go.mod h1:W7DdpuX6skL3NszLmAsC5hT7JAhuLZhByVzHTq874Qg= github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE= github.com/ysmood/gson v0.7.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= github.com/ysmood/leakless v0.8.0 h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak= @@ -1748,10 +1755,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w= @@ -1762,15 +1769,15 @@ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYf go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= -go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= -go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= +go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0= go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q= go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.step.sm/crypto v0.42.1 h1:OmwHm3GJO8S4VGWL3k4+I+Q4P/F2s+j8msvTyGnh1Vg= @@ -1821,8 +1828,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 h1:mchzmB1XO2pMaKFRqk/+MV3mgGG96aqaPXaMifQU47w= -golang.org/x/exp v0.0.0-20231108232855-2478ac86f678/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1918,8 +1925,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2230,8 +2237,8 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= -google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= +google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= +google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2386,8 +2393,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2418,8 +2425,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk= gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= -gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -2449,8 +2454,8 @@ gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls= gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA= -helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= +helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= +helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2466,22 +2471,22 @@ k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/cli-runtime v0.29.1 h1:By3WVOlEWYfyxhGko0f/IuAOLQcbBSMzwSaDren2JUs= -k8s.io/cli-runtime v0.29.1/go.mod h1:vjEY9slFp8j8UoMhV5AlO8uulX9xk6ogfIesHobyBDU= +k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= +k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= -k8s.io/component-helpers v0.29.1 h1:54MMEDu6xeJmMtAKztsPwu0kJKr4+jCUzaEIn2UXRoc= -k8s.io/component-helpers v0.29.1/go.mod h1:+I7xz4kfUgxWAPJIVKrqe4ml4rb9UGpazlOmhXYo+cY= +k8s.io/component-helpers v0.30.0 h1:xbJtNCfSM4SB/Tz5JqCKDZv4eT5LVi/AWQ1VOxhmStU= +k8s.io/component-helpers v0.30.0/go.mod h1:68HlSwXIumMKmCx8cZe1PoafQEYh581/sEpxMrkhmX4= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.29.1 h1:rWnW3hi/rEUvvg7jp4iYB68qW5un/urKbv7fu3Vj0/s= -k8s.io/kubectl v0.29.1/go.mod h1:SZzvLqtuOJYSvZzPZR9weSuP0wDQ+N37CENJf0FhDF4= -k8s.io/metrics v0.29.1 h1:qutc3aIPMCniMuEApuLaeYX47rdCn8eycVDx7R6wMlQ= -k8s.io/metrics v0.29.1/go.mod h1:JrbV2U71+v7d/9qb90UVKL8r0uJ6Z2Hy4V7mDm05cKs= +k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= +k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= +k8s.io/metrics v0.30.0 h1:tqB+T0GJY288KahaO3Eb41HaDVeLR18gBmyPo0R417s= +k8s.io/metrics v0.30.0/go.mod h1:nSDA8V19WHhCTBhRYuyzJT9yPJBxSpqbyrGCCQ4jPj4= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/libc v1.29.0 h1:tTFRFq69YKCF2QyGNuRUQxKBm1uZZLubf6Cjh/pVHXs= @@ -2492,8 +2497,8 @@ modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E= modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E= modernc.org/sqlite v1.28.0 h1:Zx+LyDDmXczNnEQdvPuEfcFVA2ZPyaD7UCZDjef3BHQ= modernc.org/sqlite v1.28.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0= -oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= -oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= +oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= +oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/site/src/content/docs/commands/zarf_tools_registry_ls.md b/site/src/content/docs/commands/zarf_tools_registry_ls.md index 262a676377..f7754e813f 100644 --- a/site/src/content/docs/commands/zarf_tools_registry_ls.md +++ b/site/src/content/docs/commands/zarf_tools_registry_ls.md @@ -31,7 +31,7 @@ $ zarf tools registry ls reg.example.com/stefanprodan/podinfo ``` --full-ref (Optional) if true, print the full image reference -h, --help help for ls - --omit-digest-tags (Optional), if true, omit digest tags (e.g., ':sha256-...') + -O, --omit-digest-tags (Optional), if true, omit digest tags (e.g., ':sha256-...') ``` ### Options inherited from parent commands diff --git a/src/api/go.mod b/src/api/go.mod index b7783a9211..1351380609 100644 --- a/src/api/go.mod +++ b/src/api/go.mod @@ -9,7 +9,7 @@ require ( github.com/invopop/jsonschema v0.12.0 github.com/stretchr/testify v1.9.0 github.com/zarf-dev/zarf v0.37.0 - k8s.io/apimachinery v0.30.0 + k8s.io/apimachinery v0.30.3 ) require ( diff --git a/src/api/go.sum b/src/api/go.sum index 60ab6795e3..3cd2d742fb 100644 --- a/src/api/go.sum +++ b/src/api/go.sum @@ -29,8 +29,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= diff --git a/src/api/v1alpha1/package.go b/src/api/v1alpha1/package.go index c7ae1af3ad..02bfd719c9 100644 --- a/src/api/v1alpha1/package.go +++ b/src/api/v1alpha1/package.go @@ -62,6 +62,16 @@ func (pkg ZarfPackage) IsInitConfig() bool { return pkg.Kind == ZarfInitConfig } +// HasImages returns true if one of the components contains an image. +func (pkg ZarfPackage) HasImages() bool { + for _, component := range pkg.Components { + if len(component.Images) > 0 { + return true + } + } + return false +} + // IsSBOMAble checks if a package has contents that an SBOM can be created on (i.e. images, files, or data injections). func (pkg ZarfPackage) IsSBOMAble() bool { for _, c := range pkg.Components { diff --git a/src/api/v1alpha1/package_test.go b/src/api/v1alpha1/package_test.go new file mode 100644 index 0000000000..b23df834d8 --- /dev/null +++ b/src/api/v1alpha1/package_test.go @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package v1alpha1 holds the definition of the v1alpha1 Zarf Package +package v1alpha1 + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestZarfPackageIsInitPackage(t *testing.T) { + t.Parallel() + + pkg := ZarfPackage{ + Kind: ZarfInitConfig, + } + require.True(t, pkg.IsInitConfig()) + pkg = ZarfPackage{ + Kind: ZarfPackageConfig, + } + require.False(t, pkg.IsInitConfig()) +} + +func TestZarfPackageHasImages(t *testing.T) { + t.Parallel() + + pkg := ZarfPackage{ + Components: []ZarfComponent{ + { + Name: "without images", + }, + }, + } + require.False(t, pkg.HasImages()) + pkg = ZarfPackage{ + Components: []ZarfComponent{ + { + Name: "with images", + Images: []string{"docker.io/library/alpine:latest"}, + }, + }, + } + require.True(t, pkg.HasImages()) +} + +func TestZarfPackageIsSBOMable(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + images []string + files []ZarfFile + dataInjections []ZarfDataInjection + expected bool + }{ + { + name: "empty component", + expected: false, + }, + { + name: "only images", + images: []string{""}, + expected: true, + }, + { + name: "only files", + files: []ZarfFile{{}}, + expected: true, + }, + { + name: "only data injections", + dataInjections: []ZarfDataInjection{{}}, + expected: true, + }, + { + name: "all three set", + images: []string{""}, + files: []ZarfFile{{}}, + dataInjections: []ZarfDataInjection{{}}, + expected: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + pkg := ZarfPackage{ + Components: []ZarfComponent{ + { + Name: "without images", + Images: tt.images, + Files: tt.files, + DataInjections: tt.dataInjections, + }, + }, + } + require.Equal(t, tt.expected, pkg.IsSBOMAble()) + }) + } +} diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go index b940b8221d..6b59d2a829 100644 --- a/src/extensions/bigbang/bigbang.go +++ b/src/extensions/bigbang/bigbang.go @@ -533,7 +533,7 @@ func findImagesforBBChartRepo(ctx context.Context, repo string, values chartutil spinner := message.NewProgressSpinner("Discovering images in %s", repo) defer spinner.Stop() - gitPath, err := helm.DownloadChartFromGitToTemp(ctx, repo, spinner) + gitPath, err := helm.DownloadChartFromGitToTemp(ctx, repo) if err != nil { return images, err } diff --git a/src/internal/git/fallback.go b/src/internal/git/fallback.go new file mode 100644 index 0000000000..960747413a --- /dev/null +++ b/src/internal/git/fallback.go @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package git contains functions for interacting with git repositories. +package git + +import ( + "context" + "io" + + "github.com/go-git/go-git/v5/plumbing" + + "github.com/zarf-dev/zarf/src/pkg/utils/exec" +) + +// gitCloneFallback is a fallback if go-git fails to clone a repo. +func (r *Repository) gitCloneFallback(ctx context.Context, gitURL string, ref plumbing.ReferenceName, shallow bool) error { + // If we can't clone with go-git, fallback to the host clone + // Only support "all tags" due to the azure clone url format including a username + cloneArgs := []string{"clone", "--origin", onlineRemoteName, gitURL, r.path} + + // Don't clone all tags / refs if we're cloning a specific tag or branch. + if ref.IsTag() || ref.IsBranch() { + cloneArgs = append(cloneArgs, "--no-tags") + cloneArgs = append(cloneArgs, "-b", ref.Short()) + cloneArgs = append(cloneArgs, "--single-branch") + } + + // If this is a shallow clone set the depth to 1 + if shallow { + cloneArgs = append(cloneArgs, "--depth", "1") + } + + cloneExecConfig := exec.Config{ + Stdout: io.Discard, + Stderr: io.Discard, + } + _, _, err := exec.CmdWithContext(ctx, cloneExecConfig, "git", cloneArgs...) + if err != nil { + return err + } + + // If we're cloning the whole repo, we need to also fetch the other branches besides the default. + if ref == emptyRef { + fetchArgs := []string{"fetch", "--tags", "--update-head-ok", onlineRemoteName, "refs/*:refs/*"} + fetchExecConfig := exec.Config{ + Stdout: io.Discard, + Stderr: io.Discard, + Dir: r.path, + } + _, _, err := exec.CmdWithContext(ctx, fetchExecConfig, "git", fetchArgs...) + if err != nil { + return err + } + } + + return nil +} diff --git a/src/internal/git/git.go b/src/internal/git/git.go new file mode 100644 index 0000000000..506f2bea24 --- /dev/null +++ b/src/internal/git/git.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package git contains functions for interacting with git repositories. +package git + +import ( + "fmt" + "strings" + + "github.com/go-git/go-git/v5/plumbing" +) + +const onlineRemoteName = "online-upstream" +const offlineRemoteName = "offline-downstream" +const emptyRef = "" + +// ParseRef parses the provided ref into a ReferenceName if it's not a hash. +func ParseRef(r string) plumbing.ReferenceName { + // If not a full ref, assume it's a tag at this point. + if !plumbing.IsHash(r) && !strings.HasPrefix(r, "refs/") { + r = fmt.Sprintf("refs/tags/%s", r) + } + // Set the reference name to the provided ref. + return plumbing.ReferenceName(r) +} diff --git a/src/internal/git/git_test.go b/src/internal/git/git_test.go new file mode 100644 index 0000000000..640d8a8b43 --- /dev/null +++ b/src/internal/git/git_test.go @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package git + +import ( + "testing" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/stretchr/testify/require" +) + +func TestParseRef(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + refPlain string + expectedRef plumbing.ReferenceName + }{ + { + name: "basic", + refPlain: "v1.0.0", + expectedRef: plumbing.ReferenceName("refs/tags/v1.0.0"), + }, + { + name: "basic", + refPlain: "refs/heads/branchname", + expectedRef: plumbing.ReferenceName("refs/heads/branchname"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + ref := ParseRef(tt.refPlain) + require.Equal(t, tt.expectedRef, ref) + }) + } +} diff --git a/src/internal/git/repository.go b/src/internal/git/repository.go new file mode 100644 index 0000000000..9d2b2d4918 --- /dev/null +++ b/src/internal/git/repository.go @@ -0,0 +1,271 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package git + +import ( + "context" + "errors" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/http" + + "github.com/zarf-dev/zarf/src/pkg/message" + "github.com/zarf-dev/zarf/src/pkg/transform" + "github.com/zarf-dev/zarf/src/pkg/utils" +) + +// Open opens an existing local repository at the given path. +func Open(rootPath, address string) (*Repository, error) { + repoFolder, err := transform.GitURLtoFolderName(address) + if err != nil { + return nil, fmt.Errorf("unable to parse git url %s: %w", address, err) + } + repoPath := filepath.Join(rootPath, repoFolder) + + // Check that this package is using the new repo format (if not fallback to the format from <= 0.24.x) + _, err = os.Stat(repoPath) + if err != nil && !os.IsNotExist(err) { + return nil, err + } + if os.IsNotExist(err) { + repoFolder, err = transform.GitURLtoRepoName(address) + if err != nil { + return nil, fmt.Errorf("unable to parse git url %s: %w", address, err) + } + repoPath = filepath.Join(rootPath, repoFolder) + } + + return &Repository{ + path: repoPath, + }, nil +} + +// Clone clones a git repository to the given local path. +func Clone(ctx context.Context, rootPath, address string, shallow bool) (*Repository, error) { + // Split the remote url and the zarf reference + gitURLNoRef, refPlain, err := transform.GitURLSplitRef(address) + if err != nil { + return nil, err + } + + // Parse the ref from the git URL. + var ref plumbing.ReferenceName + if refPlain != emptyRef { + ref = ParseRef(refPlain) + } + + // Construct a path unique to this git repo + repoFolder, err := transform.GitURLtoFolderName(address) + if err != nil { + return nil, err + } + + r := &Repository{ + path: filepath.Join(rootPath, repoFolder), + } + + // Clone the repository + cloneOpts := &git.CloneOptions{ + URL: gitURLNoRef, + RemoteName: onlineRemoteName, + } + if ref.IsTag() || ref.IsBranch() { + cloneOpts.Tags = git.NoTags + cloneOpts.ReferenceName = ref + cloneOpts.SingleBranch = true + } + if shallow { + cloneOpts.Depth = 1 + } + gitCred, err := utils.FindAuthForHost(gitURLNoRef) + if err != nil { + return nil, err + } + if gitCred != nil { + cloneOpts.Auth = &gitCred.Auth + } + repo, err := git.PlainCloneContext(ctx, r.path, false, cloneOpts) + if err != nil { + message.Notef("Falling back to host 'git', failed to clone the repo %q with Zarf: %s", gitURLNoRef, err.Error()) + err := r.gitCloneFallback(ctx, gitURLNoRef, ref, shallow) + if err != nil { + return nil, err + } + } + + // If we're cloning the whole repo, we need to also fetch the other branches besides the default. + if ref == emptyRef { + fetchOpts := &git.FetchOptions{ + RemoteName: onlineRemoteName, + RefSpecs: []config.RefSpec{"refs/*:refs/*"}, + Tags: git.AllTags, + } + if gitCred != nil { + fetchOpts.Auth = &gitCred.Auth + } + if err := repo.FetchContext(ctx, fetchOpts); err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) { + return nil, err + } + } + + // Optionally checkout ref + if ref != emptyRef && !ref.IsBranch() { + // Remove the "refs/tags/" prefix from the ref. + stripped := strings.TrimPrefix(refPlain, "refs/tags/") + // Use the plain ref as part of the branch name so it is unique and doesn't conflict with other refs. + alias := fmt.Sprintf("zarf-ref-%s", stripped) + trunkBranchName := plumbing.NewBranchReferenceName(alias) + // Checkout the ref as a branch. + err := r.checkoutRefAsBranch(stripped, trunkBranchName) + if err != nil { + return nil, err + } + } + + return r, nil +} + +// Repository manages a local git repository. +type Repository struct { + path string +} + +// Path returns the local path the repository is stored at. +func (r *Repository) Path() string { + return r.path +} + +// Push pushes the repository to the remote git server. +func (r *Repository) Push(ctx context.Context, address, username, password string) error { + repo, err := git.PlainOpen(r.path) + if err != nil { + return fmt.Errorf("not a valid git repo or unable to open: %w", err) + } + + // Configure new remote + remote, err := repo.Remote(onlineRemoteName) + if err != nil { + return fmt.Errorf("unable to find the git remote: %w", err) + } + if len(remote.Config().URLs) == 0 { + return fmt.Errorf("repository has zero remotes configured") + } + targetURL, err := transform.GitURL(address, remote.Config().URLs[0], username) + if err != nil { + return fmt.Errorf("unable to transform the git url: %w", err) + } + // Remove any preexisting offlineRemotes (happens when a retry is triggered) + err = repo.DeleteRemote(offlineRemoteName) + if err != nil && !errors.Is(err, git.ErrRemoteNotFound) { + return err + } + _, err = repo.CreateRemote(&config.RemoteConfig{ + Name: offlineRemoteName, + URLs: []string{targetURL.String()}, + }) + if err != nil { + return fmt.Errorf("failed to create offline remote: %w", err) + } + + // Push to new remote + gitCred := http.BasicAuth{ + Username: username, + Password: password, + } + + // Fetch remote offline refs in case of old update or if multiple refs are specified in one package + // Attempt the fetch, if it fails, log a warning and continue trying to push (might as well try..) + fetchOptions := &git.FetchOptions{ + RemoteName: offlineRemoteName, + Auth: &gitCred, + RefSpecs: []config.RefSpec{ + "refs/heads/*:refs/heads/*", + "refs/tags/*:refs/tags/*", + }, + } + err = repo.FetchContext(ctx, fetchOptions) + if errors.Is(err, transport.ErrRepositoryNotFound) { + message.Debugf("Repo not yet available offline, skipping fetch...") + } else if errors.Is(err, git.ErrForceNeeded) { + message.Debugf("Repo fetch requires force, skipping fetch...") + } else if errors.Is(err, git.NoErrAlreadyUpToDate) { + message.Debugf("Repo already up-to-date, skipping fetch...") + } else if err != nil { + return fmt.Errorf("unable to fetch the git repo prior to push: %w", err) + } + + // Push all heads and tags to the offline remote + err = repo.PushContext(ctx, &git.PushOptions{ + RemoteName: offlineRemoteName, + Auth: &gitCred, + // TODO: (@JEFFMCCOY) add the parsing for the `+` force prefix (see https://github.com/zarf-dev/zarf/issues/1410) + //Force: isForce, + // If a provided refspec doesn't push anything, it is just ignored + RefSpecs: []config.RefSpec{ + "refs/heads/*:refs/heads/*", + "refs/tags/*:refs/tags/*", + }, + }) + if errors.Is(err, git.NoErrAlreadyUpToDate) { + message.Debug("Repo already up-to-date") + } else if errors.Is(err, plumbing.ErrObjectNotFound) { + return fmt.Errorf("unable to push repo due to likely shallow clone: %s", err.Error()) + } else if err != nil { + return fmt.Errorf("unable to push repo to the gitops service: %s", err.Error()) + } + + return nil +} +func (r *Repository) checkoutRefAsBranch(ref string, branch plumbing.ReferenceName) error { + repo, err := git.PlainOpen(r.path) + if err != nil { + return fmt.Errorf("not a valid git repo or unable to open: %w", err) + } + + var hash plumbing.Hash + if plumbing.IsHash(ref) { + hash = plumbing.NewHash(ref) + } else { + tagRef, err := repo.Tag(ref) + if err != nil { + return fmt.Errorf("failed to locate tag %s in repository: %w", ref, err) + } + hash = tagRef.Hash() + } + + objRef, err := repo.Object(plumbing.AnyObject, hash) + if err != nil { + return fmt.Errorf("an error occurred when getting the repo's object reference: %w", err) + } + + var commitHash plumbing.Hash + switch objRef := objRef.(type) { + case *object.Tag: + commitHash = objRef.Target + case *object.Commit: + commitHash = objRef.Hash + default: + return fmt.Errorf("hash type %s not supported", objRef.Type().String()) + } + + checkoutOpts := &git.CheckoutOptions{ + Hash: commitHash, + Branch: branch, + Create: true, + Force: true, + } + tree, err := repo.Worktree() + if err != nil { + return fmt.Errorf("unable to load the git repo: %w", err) + } + return tree.Checkout(checkoutOpts) +} diff --git a/src/internal/git/repository_test.go b/src/internal/git/repository_test.go new file mode 100644 index 0000000000..7e75319eee --- /dev/null +++ b/src/internal/git/repository_test.go @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package git + +import ( + "fmt" + "net/http" + "net/http/httptest" + "path/filepath" + "testing" + + "github.com/fluxcd/gitkit" + "github.com/go-git/go-billy/v5/memfs" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/storage/memory" + "github.com/stretchr/testify/require" + + "github.com/defenseunicorns/pkg/helpers/v2" + + "github.com/zarf-dev/zarf/src/test/testutil" +) + +func TestRepository(t *testing.T) { + t.Parallel() + ctx := testutil.TestContext(t) + + cfg := gitkit.Config{ + Dir: t.TempDir(), + AutoCreate: true, + } + gitSrv := gitkit.New(cfg) + err := gitSrv.Setup() + require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(gitSrv.ServeHTTP)) + t.Cleanup(func() { + srv.Close() + }) + + rootPath := t.TempDir() + repoName := "test" + repoAddress := fmt.Sprintf("%s/%s.git", srv.URL, repoName) + checksum := helpers.GetCRCHash(repoAddress) + expectedPath := fmt.Sprintf("%s-%d", repoName, checksum) + + storer := memory.NewStorage() + fs := memfs.New() + initRepo, err := git.Init(storer, fs) + require.NoError(t, err) + w, err := initRepo.Worktree() + require.NoError(t, err) + filePath := "test.txt" + newFile, err := fs.Create(filePath) + require.NoError(t, err) + _, err = newFile.Write([]byte("Hello World")) + require.NoError(t, err) + newFile.Close() + _, err = w.Add(filePath) + require.NoError(t, err) + _, err = w.Commit("Initial commit", &git.CommitOptions{ + Author: &object.Signature{ + Email: "example@example.com", + }, + }) + require.NoError(t, err) + _, err = initRepo.CreateRemote(&config.RemoteConfig{ + Name: "origin", + URLs: []string{repoAddress}, + }) + require.NoError(t, err) + err = initRepo.Push(&git.PushOptions{ + RemoteName: "origin", + }) + require.NoError(t, err) + + repo, err := Clone(ctx, rootPath, repoAddress, false) + require.NoError(t, err) + require.Equal(t, filepath.Join(rootPath, expectedPath), repo.Path()) + + repo, err = Open(rootPath, repoAddress) + require.NoError(t, err) + require.Equal(t, filepath.Join(rootPath, expectedPath), repo.Path()) +} diff --git a/src/internal/packager/git/checkout.go b/src/internal/packager/git/checkout.go deleted file mode 100644 index 5a9a960508..0000000000 --- a/src/internal/packager/git/checkout.go +++ /dev/null @@ -1,97 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "fmt" - - "github.com/go-git/go-git/v5" - "github.com/go-git/go-git/v5/plumbing" - "github.com/go-git/go-git/v5/plumbing/object" -) - -// CheckoutTag performs a `git checkout` of the provided tag to a detached HEAD. -func (g *Git) CheckoutTag(tag string) error { - options := &git.CheckoutOptions{ - Branch: ParseRef(tag), - } - return g.checkout(options) -} - -func (g *Git) checkoutRefAsBranch(ref string, branch plumbing.ReferenceName) error { - if plumbing.IsHash(ref) { - return g.checkoutHashAsBranch(plumbing.NewHash(ref), branch) - } - - return g.checkoutTagAsBranch(ref, branch) -} - -// checkoutTagAsBranch performs a `git checkout` of the provided tag but rather -// than checking out to a detached head, checks out to the provided branch ref -// It will delete the branch provided if it exists. -func (g *Git) checkoutTagAsBranch(tag string, branch plumbing.ReferenceName) error { - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - tagRef, err := repo.Tag(tag) - if err != nil { - return fmt.Errorf("failed to locate tag (%s) in repository: %w", tag, err) - } - - return g.checkoutHashAsBranch(tagRef.Hash(), branch) -} - -// checkoutHashAsBranch performs a `git checkout` of the commit hash associated -// with the provided hash -// It will delete the branch provided if it exists. -func (g *Git) checkoutHashAsBranch(hash plumbing.Hash, branch plumbing.ReferenceName) error { - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - objRef, err := repo.Object(plumbing.AnyObject, hash) - if err != nil { - return fmt.Errorf("an error occurred when getting the repo's object reference: %w", err) - } - - var commitHash plumbing.Hash - switch objRef := objRef.(type) { - case *object.Tag: - commitHash = objRef.Target - case *object.Commit: - commitHash = objRef.Hash - default: - return fmt.Errorf("hash type %s not supported", objRef.Type().String()) - } - - options := &git.CheckoutOptions{ - Hash: commitHash, - Branch: branch, - Create: true, - Force: true, - } - return g.checkout(options) -} - -// checkout performs a `git checkout` on the path provided using the options provided -// It assumes the caller knows what to do and does not perform any safety checks. -func (g *Git) checkout(checkoutOptions *git.CheckoutOptions) error { - // Open the given repo - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - // Get the working tree so we can change refs - tree, err := repo.Worktree() - if err != nil { - return fmt.Errorf("unable to load the git repo: %w", err) - } - - // Perform the checkout - return tree.Checkout(checkoutOptions) -} diff --git a/src/internal/packager/git/clone.go b/src/internal/packager/git/clone.go deleted file mode 100644 index 2f607670e7..0000000000 --- a/src/internal/packager/git/clone.go +++ /dev/null @@ -1,126 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "context" - "errors" - "strings" - - "github.com/go-git/go-git/v5" - goConfig "github.com/go-git/go-git/v5/config" - "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/pkg/utils/exec" -) - -// clone performs a `git clone` of a given repo. -func (g *Git) clone(ctx context.Context, gitURL string, ref plumbing.ReferenceName, shallow bool) error { - cloneOptions := &git.CloneOptions{ - URL: gitURL, - Progress: g.Spinner, - RemoteName: onlineRemoteName, - } - - // Don't clone all tags / refs if we're cloning a specific tag or branch. - if ref.IsTag() || ref.IsBranch() { - cloneOptions.Tags = git.NoTags - cloneOptions.ReferenceName = ref - cloneOptions.SingleBranch = true - } - - // If this is a shallow clone set the depth to 1 - if shallow { - cloneOptions.Depth = 1 - } - - // Setup git credentials if we have them, ignore if we don't. - gitCred, err := utils.FindAuthForHost(gitURL) - if err != nil { - return err - } - if gitCred != nil { - cloneOptions.Auth = &gitCred.Auth - } - - // Clone the given repo. - repo, err := git.PlainClone(g.GitPath, false, cloneOptions) - if err != nil { - message.Notef("Falling back to host 'git', failed to clone the repo %q with Zarf: %s", gitURL, err.Error()) - return g.gitCloneFallback(ctx, gitURL, ref, shallow) - } - - // If we're cloning the whole repo, we need to also fetch the other branches besides the default. - if ref == emptyRef { - fetchOpts := &git.FetchOptions{ - RemoteName: onlineRemoteName, - Progress: g.Spinner, - RefSpecs: []goConfig.RefSpec{"refs/*:refs/*"}, - Tags: git.AllTags, - } - - if gitCred != nil { - fetchOpts.Auth = &gitCred.Auth - } - - if err := repo.Fetch(fetchOpts); err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) { - return err - } - } - - return nil -} - -// gitCloneFallback is a fallback if go-git fails to clone a repo. -func (g *Git) gitCloneFallback(ctx context.Context, gitURL string, ref plumbing.ReferenceName, shallow bool) error { - // If we can't clone with go-git, fallback to the host clone - // Only support "all tags" due to the azure clone url format including a username - cloneArgs := []string{"clone", "--origin", onlineRemoteName, gitURL, g.GitPath} - - // Don't clone all tags / refs if we're cloning a specific tag or branch. - if ref.IsTag() || ref.IsBranch() { - cloneArgs = append(cloneArgs, "--no-tags") - cloneArgs = append(cloneArgs, "-b", ref.Short()) - cloneArgs = append(cloneArgs, "--single-branch") - } - - // If this is a shallow clone set the depth to 1 - if shallow { - cloneArgs = append(cloneArgs, "--depth", "1") - } - - cloneExecConfig := exec.Config{ - Stdout: g.Spinner, - Stderr: g.Spinner, - } - - message.Command("git %s", strings.Join(cloneArgs, " ")) - - _, _, err := exec.CmdWithContext(ctx, cloneExecConfig, "git", cloneArgs...) - if err != nil { - return err - } - - // If we're cloning the whole repo, we need to also fetch the other branches besides the default. - if ref == emptyRef { - fetchArgs := []string{"fetch", "--tags", "--update-head-ok", onlineRemoteName, "refs/*:refs/*"} - - fetchExecConfig := exec.Config{ - Stdout: g.Spinner, - Stderr: g.Spinner, - Dir: g.GitPath, - } - - message.Command("git %s", strings.Join(fetchArgs, " ")) - - _, _, err := exec.CmdWithContext(ctx, fetchExecConfig, "git", fetchArgs...) - if err != nil { - return err - } - } - - return nil -} diff --git a/src/internal/packager/git/common.go b/src/internal/packager/git/common.go deleted file mode 100644 index 6864d3dea5..0000000000 --- a/src/internal/packager/git/common.go +++ /dev/null @@ -1,54 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "fmt" - "strings" - - "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" -) - -// Git is the main struct for managing git repositories. -type Git struct { - // Server is the git server configuration. - Server types.GitServerInfo - // Spinner is an optional spinner to use for long running operations. - Spinner *message.Spinner - // Target working directory for the git repository. - GitPath string -} - -const onlineRemoteName = "online-upstream" -const offlineRemoteName = "offline-downstream" -const emptyRef = "" - -// New creates a new git instance with the provided server config. -func New(server types.GitServerInfo) *Git { - return &Git{ - Server: server, - } -} - -// NewWithSpinner creates a new git instance with the provided server config and spinner. -func NewWithSpinner(server types.GitServerInfo, spinner *message.Spinner) *Git { - return &Git{ - Server: server, - Spinner: spinner, - } -} - -// ParseRef parses the provided ref into a ReferenceName if it's not a hash. -func ParseRef(r string) plumbing.ReferenceName { - // If not a full ref, assume it's a tag at this point. - if !plumbing.IsHash(r) && !strings.HasPrefix(r, "refs/") { - r = fmt.Sprintf("refs/tags/%s", r) - } - - // Set the reference name to the provided ref. - return plumbing.ReferenceName(r) -} diff --git a/src/internal/packager/git/pull.go b/src/internal/packager/git/pull.go deleted file mode 100644 index 5d9e6f1006..0000000000 --- a/src/internal/packager/git/pull.go +++ /dev/null @@ -1,81 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "context" - "fmt" - "path" - "strings" - - "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/pkg/transform" - "github.com/zarf-dev/zarf/src/pkg/utils" -) - -// DownloadRepoToTemp clones or updates a repo into a temp folder to perform ephemeral actions (i.e. process chart repos). -func (g *Git) DownloadRepoToTemp(ctx context.Context, gitURL string) error { - g.Spinner.Updatef("g.DownloadRepoToTemp(%s)", gitURL) - - path, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) - if err != nil { - return fmt.Errorf("unable to create tmpdir: %w", err) - } - - // If downloading to temp, set this as a shallow clone to only pull the exact - // gitURL w/ ref that was specified since we will throw away git history anyway - if err = g.Pull(ctx, gitURL, path, true); err != nil { - return fmt.Errorf("unable to pull the git repo at %s: %w", gitURL, err) - } - - return nil -} - -// Pull clones or updates a git repository into the target folder. -func (g *Git) Pull(ctx context.Context, gitURL, targetFolder string, shallow bool) error { - g.Spinner.Updatef("Processing git repo %s", gitURL) - - // Split the remote url and the zarf reference - gitURLNoRef, refPlain, err := transform.GitURLSplitRef(gitURL) - if err != nil { - return err - } - - var ref plumbing.ReferenceName - - // Parse the ref from the git URL. - if refPlain != emptyRef { - ref = ParseRef(refPlain) - } - - // Construct a path unique to this git repo - repoFolder, err := transform.GitURLtoFolderName(gitURL) - if err != nil { - return err - } - - g.GitPath = path.Join(targetFolder, repoFolder) - - // Clone the git repository. - err = g.clone(ctx, gitURLNoRef, ref, shallow) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to clone (%s): %w", gitURL, err) - } - - if ref != emptyRef && !ref.IsBranch() { - // Remove the "refs/tags/" prefix from the ref. - stripped := strings.TrimPrefix(refPlain, "refs/tags/") - - // Use the plain ref as part of the branch name so it is unique and doesn't conflict with other refs. - alias := fmt.Sprintf("zarf-ref-%s", stripped) - trunkBranchName := plumbing.NewBranchReferenceName(alias) - - // Checkout the ref as a branch. - return g.checkoutRefAsBranch(stripped, trunkBranchName) - } - - return nil -} diff --git a/src/internal/packager/git/push.go b/src/internal/packager/git/push.go deleted file mode 100644 index 60b7b2bdf6..0000000000 --- a/src/internal/packager/git/push.go +++ /dev/null @@ -1,143 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "errors" - "fmt" - "os" - "path" - - "github.com/go-git/go-git/v5" - goConfig "github.com/go-git/go-git/v5/config" - "github.com/go-git/go-git/v5/plumbing" - "github.com/go-git/go-git/v5/plumbing/transport" - "github.com/go-git/go-git/v5/plumbing/transport/http" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/pkg/transform" -) - -// PushRepo pushes a git repository from the local path to the configured git server. -func (g *Git) PushRepo(srcURL, targetFolder string) error { - spinner := message.NewProgressSpinner("Processing git repo %s", srcURL) - defer spinner.Stop() - - // Setup git paths, including a unique name for the repo based on the hash of the git URL to avoid conflicts. - repoFolder, err := transform.GitURLtoFolderName(srcURL) - if err != nil { - return fmt.Errorf("unable to parse git url (%s): %w", srcURL, err) - } - repoPath := path.Join(targetFolder, repoFolder) - - // Check that this package is using the new repo format (if not fallback to the format from <= 0.24.x) - _, err = os.Stat(repoPath) - if os.IsNotExist(err) { - repoFolder, err = transform.GitURLtoRepoName(srcURL) - if err != nil { - return fmt.Errorf("unable to parse git url (%s): %w", srcURL, err) - } - repoPath = path.Join(targetFolder, repoFolder) - } - - g.GitPath = repoPath - - repo, err := g.prepRepoForPush() - if err != nil { - return fmt.Errorf("could not prepare the repo for push: %w", err) - } - - if err := g.push(repo, spinner); err != nil { - return fmt.Errorf("failed to push the git repo %q: %w", repoFolder, err) - } - - spinner.Success() - return nil -} - -func (g *Git) prepRepoForPush() (*git.Repository, error) { - // Open the given repo - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return nil, fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - // Get the upstream URL - remote, err := repo.Remote(onlineRemoteName) - if err != nil { - return nil, fmt.Errorf("unable to find the git remote: %w", err) - } - - remoteURL := remote.Config().URLs[0] - targetURL, err := transform.GitURL(g.Server.Address, remoteURL, g.Server.PushUsername) - if err != nil { - return nil, fmt.Errorf("unable to transform the git url: %w", err) - } - message.Debugf("Rewrite git URL: %s -> %s", remoteURL, targetURL.String()) - // Remove any preexisting offlineRemotes (happens when a retry is triggered) - _ = repo.DeleteRemote(offlineRemoteName) - - _, err = repo.CreateRemote(&goConfig.RemoteConfig{ - Name: offlineRemoteName, - URLs: []string{targetURL.String()}, - }) - if err != nil { - return nil, fmt.Errorf("failed to create offline remote: %w", err) - } - - return repo, nil -} - -func (g *Git) push(repo *git.Repository, spinner *message.Spinner) error { - gitCred := http.BasicAuth{ - Username: g.Server.PushUsername, - Password: g.Server.PushPassword, - } - - // Fetch remote offline refs in case of old update or if multiple refs are specified in one package - fetchOptions := &git.FetchOptions{ - RemoteName: offlineRemoteName, - Auth: &gitCred, - RefSpecs: []goConfig.RefSpec{ - "refs/heads/*:refs/heads/*", - "refs/tags/*:refs/tags/*", - }, - } - - // Attempt the fetch, if it fails, log a warning and continue trying to push (might as well try..) - err := repo.Fetch(fetchOptions) - if errors.Is(err, transport.ErrRepositoryNotFound) { - message.Debugf("Repo not yet available offline, skipping fetch...") - } else if errors.Is(err, git.ErrForceNeeded) { - message.Debugf("Repo fetch requires force, skipping fetch...") - } else if errors.Is(err, git.NoErrAlreadyUpToDate) { - message.Debugf("Repo already up-to-date, skipping fetch...") - } else if err != nil { - return fmt.Errorf("unable to fetch the git repo prior to push: %w", err) - } - - // Push all heads and tags to the offline remote - err = repo.Push(&git.PushOptions{ - RemoteName: offlineRemoteName, - Auth: &gitCred, - Progress: spinner, - // TODO: (@JEFFMCCOY) add the parsing for the `+` force prefix (see https://github.com/zarf-dev/zarf/issues/1410) - //Force: isForce, - // If a provided refspec doesn't push anything, it is just ignored - RefSpecs: []goConfig.RefSpec{ - "refs/heads/*:refs/heads/*", - "refs/tags/*:refs/tags/*", - }, - }) - - if errors.Is(err, git.NoErrAlreadyUpToDate) { - message.Debug("Repo already up-to-date") - } else if errors.Is(err, plumbing.ErrObjectNotFound) { - return fmt.Errorf("unable to push repo due to likely shallow clone: %s", err.Error()) - } else if err != nil { - return fmt.Errorf("unable to push repo to the gitops service: %s", err.Error()) - } - - return nil -} diff --git a/src/internal/packager/helm/repo.go b/src/internal/packager/helm/repo.go index dad0e59aab..24f3a7f4b0 100644 --- a/src/internal/packager/helm/repo.go +++ b/src/internal/packager/helm/repo.go @@ -15,11 +15,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" "helm.sh/helm/v3/pkg/action" "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/cli" @@ -119,7 +118,7 @@ func (h *Helm) PackageChartFromGit(ctx context.Context, cosignKeyPath string) er defer spinner.Stop() // Retrieve the repo containing the chart - gitPath, err := DownloadChartFromGitToTemp(ctx, h.chart.URL, spinner) + gitPath, err := DownloadChartFromGitToTemp(ctx, h.chart.URL) if err != nil { return err } @@ -233,17 +232,16 @@ func (h *Helm) DownloadPublishedChart(ctx context.Context, cosignKeyPath string) } // DownloadChartFromGitToTemp downloads a chart from git into a temp directory -func DownloadChartFromGitToTemp(ctx context.Context, url string, spinner *message.Spinner) (string, error) { - // Create the Git configuration and download the repo - gitCfg := git.NewWithSpinner(types.GitServerInfo{}, spinner) - - // Download the git repo to a temporary directory - err := gitCfg.DownloadRepoToTemp(ctx, url) +func DownloadChartFromGitToTemp(ctx context.Context, url string) (string, error) { + path, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) if err != nil { - return "", fmt.Errorf("unable to download the git repo %s: %w", url, err) + return "", fmt.Errorf("unable to create tmpdir: %w", err) } - - return gitCfg.GitPath, nil + repository, err := git.Clone(ctx, path, url, true) + if err != nil { + return "", err + } + return repository.Path(), nil } func (h *Helm) finalizeChartPackage(ctx context.Context, saved, cosignKeyPath string) error { diff --git a/src/pkg/packager/actions/actions.go b/src/pkg/packager/actions/actions.go index afd882c2b0..4fdf71fdd5 100644 --- a/src/pkg/packager/actions/actions.go +++ b/src/pkg/packager/actions/actions.go @@ -22,13 +22,13 @@ import ( ) // Run runs all provided actions. -func Run(defaultCfg v1alpha1.ZarfComponentActionDefaults, actions []v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { +func Run(ctx context.Context, defaultCfg v1alpha1.ZarfComponentActionDefaults, actions []v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { if variableConfig == nil { variableConfig = template.GetZarfVariableConfig() } for _, a := range actions { - if err := runAction(defaultCfg, a, variableConfig); err != nil { + if err := runAction(ctx, defaultCfg, a, variableConfig); err != nil { return err } } @@ -36,10 +36,8 @@ func Run(defaultCfg v1alpha1.ZarfComponentActionDefaults, actions []v1alpha1.Zar } // Run commands that a component has provided. -func runAction(defaultCfg v1alpha1.ZarfComponentActionDefaults, action v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { +func runAction(ctx context.Context, defaultCfg v1alpha1.ZarfComponentActionDefaults, action v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { var ( - ctx context.Context - cancel context.CancelFunc cmdEscaped string out string err error @@ -56,7 +54,7 @@ func runAction(defaultCfg v1alpha1.ZarfComponentActionDefaults, action v1alpha1. } // Convert the wait to a command. - if cmd, err = convertWaitToCmd(*action.Wait, action.MaxTotalSeconds); err != nil { + if cmd, err = convertWaitToCmd(ctx, *action.Wait, action.MaxTotalSeconds); err != nil { return err } @@ -85,9 +83,9 @@ func runAction(defaultCfg v1alpha1.ZarfComponentActionDefaults, action v1alpha1. // Persist the spinner output so it doesn't get overwritten by the command output. spinner.EnablePreserveWrites() - actionDefaults := actionGetCfg(defaultCfg, action, variableConfig.GetAllTemplates()) + actionDefaults := actionGetCfg(ctx, defaultCfg, action, variableConfig.GetAllTemplates()) - if cmd, err = actionCmdMutation(cmd, actionDefaults.Shell); err != nil { + if cmd, err = actionCmdMutation(ctx, cmd, actionDefaults.Shell); err != nil { spinner.Errorf(err, "Error mutating command: %s", cmdEscaped) } @@ -128,7 +126,8 @@ retryCmd: // If no timeout is set, run the command and return or continue retrying. if actionDefaults.MaxTotalSeconds < 1 { spinner.Updatef("Waiting for \"%s\" (no timeout)", cmdEscaped) - if err := tryCmd(context.TODO()); err != nil { + //TODO (schristoff): Make it so tryCmd can take a normal ctx + if err := tryCmd(context.Background()); err != nil { continue retryCmd } @@ -144,7 +143,7 @@ retryCmd: // Otherwise, try running the command. default: - ctx, cancel = context.WithTimeout(context.Background(), duration) + ctx, cancel := context.WithTimeout(ctx, duration) defer cancel() if err := tryCmd(ctx); err != nil { continue retryCmd @@ -169,7 +168,7 @@ retryCmd: } // convertWaitToCmd will return the wait command if it exists, otherwise it will return the original command. -func convertWaitToCmd(wait v1alpha1.ZarfComponentActionWait, timeout *int) (string, error) { +func convertWaitToCmd(_ context.Context, wait v1alpha1.ZarfComponentActionWait, timeout *int) (string, error) { // Build the timeout string. timeoutString := fmt.Sprintf("--timeout %ds", *timeout) @@ -205,7 +204,7 @@ func convertWaitToCmd(wait v1alpha1.ZarfComponentActionWait, timeout *int) (stri } // Perform some basic string mutations to make commands more useful. -func actionCmdMutation(cmd string, shellPref exec.Shell) (string, error) { +func actionCmdMutation(_ context.Context, cmd string, shellPref exec.Shell) (string, error) { zarfCommand, err := utils.GetFinalExecutableCommand() if err != nil { return cmd, err @@ -236,7 +235,7 @@ func actionCmdMutation(cmd string, shellPref exec.Shell) (string, error) { } // Merge the ActionSet defaults with the action config. -func actionGetCfg(cfg v1alpha1.ZarfComponentActionDefaults, a v1alpha1.ZarfComponentAction, vars map[string]*variables.TextTemplate) v1alpha1.ZarfComponentActionDefaults { +func actionGetCfg(_ context.Context, cfg v1alpha1.ZarfComponentActionDefaults, a v1alpha1.ZarfComponentAction, vars map[string]*variables.TextTemplate) v1alpha1.ZarfComponentActionDefaults { if a.Mute != nil { cfg.Mute = *a.Mute } diff --git a/src/pkg/packager/common.go b/src/pkg/packager/common.go index a753ec29d4..dd4588a193 100644 --- a/src/pkg/packager/common.go +++ b/src/pkg/packager/common.go @@ -149,16 +149,6 @@ func (p *Packager) isConnectedToCluster() bool { return p.cluster != nil } -// hasImages returns whether the current package contains images -func (p *Packager) hasImages() bool { - for _, component := range p.cfg.Pkg.Components { - if len(component.Images) > 0 { - return true - } - } - return false -} - // attemptClusterChecks attempts to connect to the cluster and check for useful metadata and config mismatches. // NOTE: attemptClusterChecks should only return an error if there is a problem significant enough to halt a deployment, otherwise it should return nil and print a warning message. func (p *Packager) attemptClusterChecks(ctx context.Context) (err error) { @@ -197,7 +187,7 @@ func (p *Packager) attemptClusterChecks(ctx context.Context) (err error) { // validatePackageArchitecture validates that the package architecture matches the target cluster architecture. func (p *Packager) validatePackageArchitecture(ctx context.Context) error { // Ignore this check if we don't have a cluster connection, or the package contains no images - if !p.isConnectedToCluster() || !p.hasImages() { + if !p.isConnectedToCluster() || !p.cfg.Pkg.HasImages() { return nil } diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go index 41e96e018b..79c58250c0 100644 --- a/src/pkg/packager/creator/normal.go +++ b/src/pkg/packager/creator/normal.go @@ -22,7 +22,7 @@ import ( "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/extensions/bigbang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" "github.com/zarf-dev/zarf/src/internal/packager/kustomize" @@ -137,7 +137,7 @@ func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths onCreate := component.Actions.OnCreate onFailure := func() { - if err := actions.Run(onCreate.Defaults, onCreate.OnFailure, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.OnFailure, nil); err != nil { message.Debugf("unable to run component failure action: %s", err.Error()) } } @@ -147,7 +147,7 @@ func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths return fmt.Errorf("unable to add component %q: %w", component.Name, err) } - if err := actions.Run(onCreate.Defaults, onCreate.OnSuccess, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.OnSuccess, nil); err != nil { onFailure() return fmt.Errorf("unable to run component success action: %w", err) } @@ -360,7 +360,7 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component v1alpha1.Z } onCreate := component.Actions.OnCreate - if err := actions.Run(onCreate.Defaults, onCreate.Before, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.Before, nil); err != nil { return fmt.Errorf("unable to run component before action: %w", err) } @@ -514,15 +514,15 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component v1alpha1.Z for _, url := range component.Repos { // Pull all the references if there is no `@` in the string. - gitCfg := git.NewWithSpinner(types.GitServerInfo{}, spinner) - if err := gitCfg.Pull(ctx, url, componentPaths.Repos, false); err != nil { + _, err := git.Clone(ctx, componentPaths.Repos, url, false) + if err != nil { return fmt.Errorf("unable to pull git repo %s: %w", url, err) } } spinner.Success() } - if err := actions.Run(onCreate.Defaults, onCreate.After, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.After, nil); err != nil { return fmt.Errorf("unable to run component after action: %w", err) } diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 257d8ac060..cd2f951dd2 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -26,8 +26,8 @@ import ( "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/internal/gitea" - "github.com/zarf-dev/zarf/src/internal/packager/git" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" "github.com/zarf-dev/zarf/src/internal/packager/template" @@ -195,7 +195,7 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t onDeploy := component.Actions.OnDeploy onFailure := func() { - if err := actions.Run(onDeploy.Defaults, onDeploy.OnFailure, p.variableConfig); err != nil { + if err := actions.Run(ctx, onDeploy.Defaults, onDeploy.OnFailure, p.variableConfig); err != nil { message.Debugf("unable to run component failure action: %s", err.Error()) } } @@ -223,7 +223,7 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t } } - if err := actions.Run(onDeploy.Defaults, onDeploy.OnSuccess, p.variableConfig); err != nil { + if err := actions.Run(ctx, onDeploy.Defaults, onDeploy.OnSuccess, p.variableConfig); err != nil { onFailure() return deployedComponents, fmt.Errorf("unable to run component success action: %w", err) } @@ -325,7 +325,7 @@ func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfC return charts, err } - if err = actions.Run(onDeploy.Defaults, onDeploy.Before, p.variableConfig); err != nil { + if err = actions.Run(ctx, onDeploy.Defaults, onDeploy.Before, p.variableConfig); err != nil { return charts, fmt.Errorf("unable to run component before action: %w", err) } @@ -360,7 +360,7 @@ func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfC } } - if err = actions.Run(onDeploy.Defaults, onDeploy.After, p.variableConfig); err != nil { + if err = actions.Run(ctx, onDeploy.Defaults, onDeploy.After, p.variableConfig); err != nil { return charts, fmt.Errorf("unable to run component after action: %w", err) } @@ -546,6 +546,11 @@ func (p *Packager) pushImagesToRegistry(ctx context.Context, componentImages []s // Push all of the components git repos to the configured git server. func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, repos []string) error { for _, repoURL := range repos { + repository, err := git.Open(reposPath, repoURL) + if err != nil { + return err + } + // Create an anonymous function to push the repo to the Zarf git server tryPush := func() error { namespace, name, port, err := serviceInfoFromServiceURL(p.state.GitServer.Address) @@ -561,7 +566,6 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, return err } } - tunnel, err := p.cluster.NewTunnel(namespace, cluster.SvcResource, name, "", 0, port) if err != nil { return err @@ -571,18 +575,15 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, return err } defer tunnel.Close() - gitClient := git.New(p.state.GitServer) - gitClient.Server.Address = tunnel.HTTPEndpoint() giteaClient, err := gitea.NewClient(tunnel.HTTPEndpoint(), p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) if err != nil { return err } return tunnel.Wrap(func() error { - err = gitClient.PushRepo(repoURL, reposPath) + err = repository.Push(ctx, tunnel.HTTPEndpoint(), p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) if err != nil { return err } - // Add the read-only user to this repo repoName, err := transform.GitURLtoRepoName(repoURL) if err != nil { @@ -596,8 +597,11 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, }) } - gitClient := git.New(p.state.GitServer) - return gitClient.PushRepo(repoURL, reposPath) + err = repository.Push(ctx, p.state.GitServer.Address, p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) + if err != nil { + return err + } + return nil } // Try repo push up to retry limit diff --git a/src/pkg/packager/filters/diff.go b/src/pkg/packager/filters/diff.go index 42bdc94f41..2ae56e7a45 100644 --- a/src/pkg/packager/filters/diff.go +++ b/src/pkg/packager/filters/diff.go @@ -8,7 +8,7 @@ import ( "github.com/go-git/go-git/v5/plumbing" "github.com/zarf-dev/zarf/src/api/v1alpha1" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/types" ) diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index 0476129d0a..4edcdd5b05 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -170,12 +170,12 @@ func (p *Packager) removeComponent(ctx context.Context, deployedPackage *types.D onRemove := c.Actions.OnRemove onFailure := func() { - if err := actions.Run(onRemove.Defaults, onRemove.OnFailure, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.OnFailure, nil); err != nil { message.Debugf("Unable to run the failure action: %s", err) } } - if err := actions.Run(onRemove.Defaults, onRemove.Before, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.Before, nil); err != nil { onFailure() return nil, fmt.Errorf("unable to run the before action for component (%s): %w", c.Name, err) } @@ -207,12 +207,12 @@ func (p *Packager) removeComponent(ctx context.Context, deployedPackage *types.D } } - if err := actions.Run(onRemove.Defaults, onRemove.After, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.After, nil); err != nil { onFailure() return deployedPackage, fmt.Errorf("unable to run the after action: %w", err) } - if err := actions.Run(onRemove.Defaults, onRemove.OnSuccess, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.OnSuccess, nil); err != nil { onFailure() return deployedPackage, fmt.Errorf("unable to run the success action: %w", err) } diff --git a/src/pkg/packager/sources/oci.go b/src/pkg/packager/sources/oci.go index 7961f1360f..8bf6d6d1a6 100644 --- a/src/pkg/packager/sources/oci.go +++ b/src/pkg/packager/sources/oci.go @@ -79,7 +79,7 @@ func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, f spinner.Success() - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { return pkg, nil, err } } @@ -141,7 +141,7 @@ func (s *OCISource) LoadPackageMetadata(ctx context.Context, dst *layout.Package spinner.Success() } - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { if errors.Is(err, ErrPkgSigButNoKey) && skipValidation { message.Warn("The package was signed but no public key was provided, skipping signature validation") } else { diff --git a/src/pkg/packager/sources/tarball.go b/src/pkg/packager/sources/tarball.go index 4de1c58006..db1b2ed01a 100644 --- a/src/pkg/packager/sources/tarball.go +++ b/src/pkg/packager/sources/tarball.go @@ -34,7 +34,7 @@ type TarballSource struct { } // LoadPackage loads a package from a tarball. -func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { +func (s *TarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { spinner := message.NewProgressSpinner("Loading package from %q", s.PackageSource) defer spinner.Stop() @@ -107,7 +107,7 @@ func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, spinner.Success() - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { return pkg, nil, err } } @@ -139,7 +139,7 @@ func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, } // LoadPackageMetadata loads a package's metadata from a tarball. -func (s *TarballSource) LoadPackageMetadata(_ context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { +func (s *TarballSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { if s.Shasum != "" { if err := helpers.SHAsMatch(s.PackageSource, s.Shasum); err != nil { return pkg, nil, err @@ -185,7 +185,7 @@ func (s *TarballSource) LoadPackageMetadata(_ context.Context, dst *layout.Packa spinner.Success() } - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { if errors.Is(err, ErrPkgSigButNoKey) && skipValidation { message.Warn("The package was signed but no public key was provided, skipping signature validation") } else { diff --git a/src/pkg/packager/sources/validate.go b/src/pkg/packager/sources/validate.go index 427d05708a..1c7914ea69 100644 --- a/src/pkg/packager/sources/validate.go +++ b/src/pkg/packager/sources/validate.go @@ -6,6 +6,7 @@ package sources import ( "bufio" + "context" "errors" "fmt" "io/fs" @@ -28,7 +29,7 @@ var ( ) // ValidatePackageSignature validates the signature of a package -func ValidatePackageSignature(paths *layout.PackagePaths, publicKeyPath string) error { +func ValidatePackageSignature(ctx context.Context, paths *layout.PackagePaths, publicKeyPath string) error { // If the insecure flag was provided ignore the signature validation if config.CommonOptions.Insecure { return nil @@ -52,7 +53,7 @@ func ValidatePackageSignature(paths *layout.PackagePaths, publicKeyPath string) } // Validate the signature with the key we were provided - if err := utils.CosignVerifyBlob(paths.ZarfYAML, paths.Signature, publicKeyPath); err != nil { + if err := utils.CosignVerifyBlob(ctx, paths.ZarfYAML, paths.Signature, publicKeyPath); err != nil { return fmt.Errorf("package signature did not match the provided key: %w", err) } diff --git a/src/pkg/utils/cosign.go b/src/pkg/utils/cosign.go index ae8e553cda..eb16d6159f 100644 --- a/src/pkg/utils/cosign.go +++ b/src/pkg/utils/cosign.go @@ -179,7 +179,7 @@ func Sget(ctx context.Context, image, key string, out io.Writer) error { } // CosignVerifyBlob verifies the zarf.yaml.sig was signed with the key provided by the flag -func CosignVerifyBlob(blobRef string, sigRef string, keyPath string) error { +func CosignVerifyBlob(ctx context.Context, blobRef string, sigRef string, keyPath string) error { keyOptions := options.KeyOpts{KeyRef: keyPath} cmd := &verify.VerifyBlobCmd{ KeyOpts: keyOptions, @@ -188,7 +188,7 @@ func CosignVerifyBlob(blobRef string, sigRef string, keyPath string) error { Offline: true, IgnoreTlog: true, } - err := cmd.Exec(context.TODO(), blobRef) + err := cmd.Exec(ctx, blobRef) if err == nil { message.Successf("Package signature validated!") } diff --git a/src/pkg/utils/exec/exec.go b/src/pkg/utils/exec/exec.go index a3957edd31..4ac90b6a92 100644 --- a/src/pkg/utils/exec/exec.go +++ b/src/pkg/utils/exec/exec.go @@ -42,12 +42,12 @@ func PrintCfg() Config { // Cmd executes a given command with given config. func Cmd(command string, args ...string) (string, string, error) { - return CmdWithContext(context.TODO(), Config{}, command, args...) + return CmdWithContext(context.Background(), Config{}, command, args...) } // CmdWithPrint executes a given command with given config and prints the command. func CmdWithPrint(command string, args ...string) error { - _, _, err := CmdWithContext(context.TODO(), PrintCfg(), command, args...) + _, _, err := CmdWithContext(context.Background(), PrintCfg(), command, args...) return err }