Take advantage of Chainguard maintained versions of various actions. (k…

…o-build#609)

* Take advantage of Chainguard maintained versions of various actions.

* Bump cosign version

.github/dependabot.yml

@@ -4,3 +4,7 @@ updates:
   directory: "/"
   schedule:
     interval: "weekly"
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly

.github/workflows/boilerplate.yaml

@@ -24,47 +24,9 @@ jobs:
           language: Bash
 
     steps:
-      - uses: actions/setup-go@v2
-        with:
-          go-version: 1.17.x
-
       - uses: actions/checkout@v2
 
-      - name: Install Tools
-        run: |
-          TEMP_PATH="$(mktemp -d)"
-          cd $TEMP_PATH
-
-          echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog'
-          curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1
-          echo '::endgroup::'
-
-          echo '::group:: Installing boilerplate-check ... https://github.com/mattmoor/boilerplate-check'
-          go get github.com/mattmoor/boilerplate-check/cmd/boilerplate-check
-          echo '::endgroup::'
-
-          echo "${TEMP_PATH}" >> $GITHUB_PATH
-
-      - name: ${{ matrix.language }} license boilerplate
-        shell: bash
-        env:
-          REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          cd "${GITHUB_WORKSPACE}" || exit 1
-
-          echo '::group:: Running github.com/mattmoor/boilerplate-check for ${{ matrix.language }} with reviewdog 🐶 ...'
-          # Don't fail because of boilerplate-check
-          set +o pipefail
-          boilerplate-check check \
-            --boilerplate ./hack/boilerplate/boilerplate.${{ matrix.extension }}.txt \
-            --file-extension ${{ matrix.extension }} \
-            --exclude "(vendor|third_party)/" |
-          reviewdog -efm="%A%f:%l: %m" \
-                -efm="%C%.%#" \
-                -name="${{ matrix.language }} headers" \
-                -reporter="github-pr-check" \
-                -filter-mode="diff_context" \
-                -fail-on-error="true" \
-                -level="error"
-          echo '::endgroup::'
+      - uses: chainguard-dev/actions/boilerplate@84c993eaf02da1c325854fb272a4df9184bd80fc # main
+        with:
+          extension: ${{ matrix.extension }}
+          language: ${{ matrix.language }}

.github/workflows/donotsubmit.yaml

@@ -11,32 +11,5 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Do Not Submit
-        shell: bash
-        env:
-          REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          cd "${GITHUB_WORKSPACE}" || exit 1
-
-          TEMP_PATH="$(mktemp -d)"
-          PATH="${TEMP_PATH}:$PATH"
-
-          echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog'
-          curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1
-          echo '::endgroup::'
-
-          echo '::group:: Running DO NOT SUBMIT with reviewdog 🐶 ...'
-          # Don't fail because of grep
-          set +o pipefail
-          find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' -not -path './.github/workflows/*' |
-          xargs grep -n "DO NOT SUBMIT" |
-          reviewdog -efm="%f:%l:%m" \
-                -name="DO NOT SUBMIT" \
-                -reporter="github-pr-check" \
-                -filter-mode="added" \
-                -fail-on-error="true" \
-                -level="error"
-
-          echo '::endgroup::'
+    - uses: actions/checkout@v2
+    - uses: chainguard-dev/actions/donotsubmit@84c993eaf02da1c325854fb272a4df9184bd80fc # main

.github/workflows/kind-e2e.yaml

@@ -26,46 +26,16 @@ jobs:
     - name: Install ko
       run: go install ./
 
-    - name: Configure KinD Cluster
-      run: |
-        # KinD configuration.
-        cat > kind.yaml <<EOF
-        apiVersion: kind.x-k8s.io/v1alpha4
-        kind: Cluster
-
-        # Configure registry for KinD.
-        containerdConfigPatches:
-        - |-
-          [plugins."io.containerd.grpc.v1.cri".registry.mirrors."$REGISTRY_NAME:$REGISTRY_PORT"]
-            endpoint = ["http://$REGISTRY_NAME:$REGISTRY_PORT"]
-        EOF
-
-    - uses: helm/kind-action@v1.2.0
+    - name: Setup Cluster
+      uses: chainguard-dev/actions/setup-kind@84c993eaf02da1c325854fb272a4df9184bd80fc # main
       with:
-        cluster_name: kind
-        config: kind.yaml
-
-    - name: Setup local registry
-      run: |
-        # Run a registry.
-        docker run -d --restart=always \
-          -p $REGISTRY_PORT:$REGISTRY_PORT --name $REGISTRY_NAME registry:2
-
-        # Connect the registry to the KinD network.
-        docker network connect "kind" $REGISTRY_NAME
-
-        # Make the $REGISTRY_NAME -> 127.0.0.1, to tell `ko` to publish to
-        # local reigstry, even when pushing $REGISTRY_NAME:$REGISTRY_PORT/some/image
-        sudo echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts
-
-    - name: Wait for ready nodes
-      run: |
-        kubectl wait --timeout=2m --for=condition=Ready nodes --all
+        k8s-version: v1.23.x
+        registry-authority: ${{ env.REGISTRY_NAME }}:${{ env.REGISTRY_PORT }}
 
     - name: Install Cosign
       uses: sigstore/cosign-installer@main
       with:
-        cosign-release: 'v1.3.1'
+        cosign-release: 'v1.5.1'
 
     - name: Run Smoke Test
       run: |
@@ -101,14 +71,6 @@ jobs:
           exit 1
         fi
 
-    - name: Collect logs
-      if: ${{ always() }}
-      run: |
-        mkdir -p /tmp/logs
-        kind export logs /tmp/logs
-    - name: Upload artifacts
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v2
-      with:
-        name: logs
-        path: /tmp/logs
+    - name: Collect diagnostics and upload
+      if: ${{ failure() }}
+      uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main