Skip to content

Commit

Permalink
chore(deps): update mattermost support dependencies (#43)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://github.com/actions/checkout) | action |
major | `v3.6.0` -> `v4.1.1` |
|
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
| action | major | `v2.5.1` -> `v4.2.5` |
|
[actions/upload-artifact](https://github.com/actions/upload-artifact)
| action | minor | `v4.0.0` -> `v4.3.1` |
|
[defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common)
| | patch | `v0.3.3` -> `v0.3.9` |
|
[defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common)
| action | patch | `v0.3.3` -> `v0.3.9` |
|
[defenseunicorns/uds-common-tasks](https://github.com/defenseunicorns/uds-common-tasks)
| | patch | `v0.3.3` -> `v0.3.9` |
| [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | |
minor | `v0.29.1` -> `v0.32.6` |
| [docker/login-action](https://github.com/docker/login-action) |
action | digest | `343f7c4` -> `e92390c` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | minor | `v3.22.12` -> `v3.24.9` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | major | `v2.24.5` -> `v3.24.9` |
| [golangci/golangci-lint](https://github.com/golangci/golangci-lint)
| repository | minor | `v1.55.2` -> `v1.57.2` |
|
[google-github-actions/release-please-action](https://github.com/google-github-actions/release-please-action)
| action | minor | `v4.0.2` -> `v4.1.0` |
|
[python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema)
| repository | minor | `0.27.4` -> `0.28.0` |
|
[renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks)
| repository | minor | `37.165.5` -> `37.275.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://github.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.1`](https://github.com/actions/checkout/releases/tag/v4.1.1)

[Compare
Source](https://github.com/actions/checkout/compare/v4.1.0...v4.1.1)

##### What's Changed

- Update CODEOWNERS to Launch team by
[@&#8203;joshmgross](https://github.com/joshmgross) in
[https://github.com/actions/checkout/pull/1510](https://github.com/actions/checkout/pull/1510)
- Correct link to GitHub Docs by
[@&#8203;peterbe](https://github.com/peterbe) in
[https://github.com/actions/checkout/pull/1511](https://github.com/actions/checkout/pull/1511)
- Link to release page from what's new section by
[@&#8203;cory-miller](https://github.com/cory-miller) in
[https://github.com/actions/checkout/pull/1514](https://github.com/actions/checkout/pull/1514)

##### New Contributors

- [@&#8203;joshmgross](https://github.com/joshmgross) made their first
contribution in
[https://github.com/actions/checkout/pull/1510](https://github.com/actions/checkout/pull/1510)
- [@&#8203;peterbe](https://github.com/peterbe) made their first
contribution in
[https://github.com/actions/checkout/pull/1511](https://github.com/actions/checkout/pull/1511)

**Full Changelog**:
https://github.com/actions/checkout/compare/v4.1.0...v4.1.1

###
[`v4.1.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410)

[Compare
Source](https://github.com/actions/checkout/compare/v4.0.0...v4.1.0)

- [Add support for partial checkout
filters](https://github.com/actions/checkout/pull/1396)

###
[`v4.0.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400)

[Compare
Source](https://github.com/actions/checkout/compare/v3.6.0...v4.0.0)

- [Support fetching without the --progress
option](https://github.com/actions/checkout/pull/1067)
-   [Update to node20](https://github.com/actions/checkout/pull/1436)

</details>

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.2.5`](https://github.com/actions/dependency-review-action/releases/tag/v4.2.5):
4.2.5

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5)

#### What's Changed

- Fixed a bug where some configuration options in external files were
not being properly picked up --
[https://github.com/actions/dependency-review-action/pull/722](https://github.com/actions/dependency-review-action/pull/722)
-   Bump eslint from 8.56.0 to 8.57.0

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5

###
[`v4.2.4`](https://github.com/actions/dependency-review-action/releases/tag/v4.2.4)

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4)

#### What's Changed

Fixed a bug in the output of OpenSSF cards for GitHub Actions.

#### New Contributors

- [@&#8203;sporkmonger](https://github.com/sporkmonger) made their
first contribution in
[https://github.com/actions/dependency-review-action/pull/721](https://github.com/actions/dependency-review-action/pull/721)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4

###
[`v4.2.3`](https://github.com/actions/dependency-review-action/releases/tag/v4.2.3):
4.2.3

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3)

#### What's Changed

- Set comment as output by [@&#8203;jsoref](https://github.com/jsoref)
in
[https://github.com/actions/dependency-review-action/pull/698](https://github.com/actions/dependency-review-action/pull/698)
- Add support for calculating OpenSSF Scorecards by
[@&#8203;jhutchings1](https://github.com/jhutchings1) in
[https://github.com/actions/dependency-review-action/pull/709](https://github.com/actions/dependency-review-action/pull/709)
- Add outputs for the changes data by
[@&#8203;laughedelic](https://github.com/laughedelic) in
[https://github.com/actions/dependency-review-action/pull/707](https://github.com/actions/dependency-review-action/pull/707)

#### New Contributors

- [@&#8203;jhutchings1](https://github.com/jhutchings1) made their
first contribution in
[https://github.com/actions/dependency-review-action/pull/709](https://github.com/actions/dependency-review-action/pull/709)
- [@&#8203;laughedelic](https://github.com/laughedelic) made their
first contribution in
[https://github.com/actions/dependency-review-action/pull/707](https://github.com/actions/dependency-review-action/pull/707)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3

###
[`v4.1.3`](https://github.com/actions/dependency-review-action/releases/tag/v4.1.3):
4.1.3

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3)

Fixes a bug in 4.1.2 that would introduce comments in every pull
request, regardless of the user's configuration (see
[https://github.com/actions/dependency-review-action/issues/697](https://github.com/actions/dependency-review-action/issues/697)).

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3

###
[`v4.1.2`](https://github.com/actions/dependency-review-action/releases/tag/v4.1.2):
4.1.2

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2)

#### What's Changed

- Expose dependency comment content by
[@&#8203;jsoref](https://github.com/jsoref) in
[https://github.com/actions/dependency-review-action/pull/696](https://github.com/actions/dependency-review-action/pull/696)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2

###
[`v4.1.1`](https://github.com/actions/dependency-review-action/releases/tag/v4.1.1):
4.1.1

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1)

#### What's Changed

- Bump `undici` to fix
[GHSA-wqq4-5wpv-mx2g](https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g)
- Bump [@&#8203;types/node](https://github.com/types/node) from
20.11.17 to 20.11.19 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/693](https://github.com/actions/dependency-review-action/pull/693)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1

###
[`v4.1.0`](https://github.com/actions/dependency-review-action/releases/tag/v4.1.0):
4.1.0

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.0.0...v4.1.0)

#### What's Changed

- Add `warn-only` by [@&#8203;tgrall](https://github.com/tgrall) in
[https://github.com/actions/dependency-review-action/pull/432](https://github.com/actions/dependency-review-action/pull/432)

Added a new configuration option (`warn-only`, boolean) that makes the
action always succeed while still displaying found vulnerabilities in
the log.

- Create stale.yaml by
[@&#8203;jonjanego](https://github.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/671](https://github.com/actions/dependency-review-action/pull/671)
- Use manual codeql config by
[@&#8203;juxtin](https://github.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/678](https://github.com/actions/dependency-review-action/pull/678)
- Multiple dependency updates (see the changelog below for more
information)

#### New Contributors

- [@&#8203;jonjanego](https://github.com/jonjanego) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/671](https://github.com/actions/dependency-review-action/pull/671)
- [@&#8203;tgrall](https://github.com/tgrall) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/432](https://github.com/actions/dependency-review-action/pull/432)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v4...v4.1.0

###
[`v4.0.0`](https://github.com/actions/dependency-review-action/releases/tag/v4.0.0)

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0)

- Update action to Node 20 by
[@&#8203;takost](https://github.com/takost) in
[https://github.com/actions/dependency-review-action/pull/639](https://github.com/actions/dependency-review-action/pull/639)
-   Dependabot updates, see the full changelog for more details.

#### New Contributors

- [@&#8203;takost](https://github.com/takost) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/639](https://github.com/actions/dependency-review-action/pull/639)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0

###
[`v3.1.5`](https://github.com/actions/dependency-review-action/releases/tag/v3.1.5):
3.1.5

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5)

#### What's Changed

- Smaller `per_page` when requesting diff by
[@&#8203;hmaurer](https://github.com/hmaurer) in
[https://github.com/actions/dependency-review-action/pull/649](https://github.com/actions/dependency-review-action/pull/649)
-   Update dependencies:
- Bump
[@&#8203;typescript-eslint/parser](https://github.com/typescript-eslint/parser)
from 6.10.0 to 6.13.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/630](https://github.com/actions/dependency-review-action/pull/630)
- Bump prettier from 3.0.3 to 3.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/629](https://github.com/actions/dependency-review-action/pull/629)
- Bump [@&#8203;types/jest](https://github.com/types/jest) from 29.5.8
to 29.5.11 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/637](https://github.com/actions/dependency-review-action/pull/637)
- Bump nodemon from 3.0.1 to 3.0.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/636](https://github.com/actions/dependency-review-action/pull/636)
- Replace pip -> pypi in PURL examples by
[@&#8203;febuiles](https://github.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/638](https://github.com/actions/dependency-review-action/pull/638)
- Bump
[@&#8203;typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/eslint-plugin)
from 6.12.0 to 6.15.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/644](https://github.com/actions/dependency-review-action/pull/644)
- Bump eslint from 8.53.0 to 8.56.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/640](https://github.com/actions/dependency-review-action/pull/640)
- Bump
[@&#8203;typescript-eslint/parser](https://github.com/typescript-eslint/parser)
from 6.13.1 to 6.16.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/645](https://github.com/actions/dependency-review-action/pull/645)
- Bump prettier from 3.1.0 to 3.1.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/646](https://github.com/actions/dependency-review-action/pull/646)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5

###
[`v3.1.4`](https://github.com/actions/dependency-review-action/releases/tag/v3.1.4):
3.1.4

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4)

#### What's Changed

- Fixed a
[bug](https://github.com/actions/dependency-review-action/issues/618)
with severity filtering when using the `allow_ghsas` option:
[https://github.com/actions/dependency-review-action/pull/623](https://github.com/actions/dependency-review-action/pull/623).

-   Updates dependencies:
- Bump [@&#8203;types/node](https://github.com/types/node) from
16.18.61 to 16.18.62 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/619](https://github.com/actions/dependency-review-action/pull/619)
        action/pull/620
- Bump
[@&#8203;typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/eslint-plugin)
from 6.11.0 to 6.12.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/625](https://github.com/actions/dependency-review-action/pull/625)
- Bump typescript from 5.2.2 to 5.3.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/624](https://github.com/actions/dependency-review-action/pull/624)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.1.4

###
[`v3.1.3`](https://github.com/actions/dependency-review-action/releases/tag/v3.1.3):
3.1.3

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3)

#### What's Changed

- Fixes purl "version must be percent-encoded" by
[@&#8203;theztefan](https://github.com/theztefan) in
[https://github.com/actions/dependency-review-action/pull/617](https://github.com/actions/dependency-review-action/pull/617)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.1.3

###
[`v3.1.2`](https://github.com/actions/dependency-review-action/releases/tag/v3.1.2):
3.1.2

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2)

#### What's Changed

- Fix a regression for setups using self-hosted runners behind HTTP
proxies:[@&#8203;febuiles](https://github.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/611](https://github.com/actions/dependency-review-action/pull/611)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.1.2

###
[`v3.1.1`](https://github.com/actions/dependency-review-action/releases/tag/v3.1.1):
3.1.1

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1)

#### What's Changed

- Update a bunch of dependencies, including major version upgrades for
`octokit`, `@actions/github` and `typescript`.

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1

###
[`v3.1.0`](https://github.com/actions/dependency-review-action/releases/tag/v3.1.0):
3.1.0

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.8...v3.1.0)

#### What's New

Added support for dependencies submitted through the [dependency
submission
API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together).
This includes two new configuration parameters:
`retry-on-snapshot-warnings` and `retry-on-snapshot-warnings-timeout`.

#### What's Changed

- Fix(docs): Correct action input name by
[@&#8203;oerd](https://github.com/oerd) in
[https://github.com/actions/dependency-review-action/pull/551](https://github.com/actions/dependency-review-action/pull/551)

#### New Contributors

- [@&#8203;oerd](https://github.com/oerd) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/551](https://github.com/actions/dependency-review-action/pull/551)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.1.0

###
[`v3.0.8`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.8):
3.0.8

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.7...v3.0.8)

#### What's Changed

Added `on-failure` option to `comment-summary-in-pr` setting by
[@&#8203;sgmurphy](https://github.com/sgmurphy) in
[https://github.com/actions/dependency-review-action/pull/540](https://github.com/actions/dependency-review-action/pull/540)

Previous configuration files using `true`/`false` for
`comment-summary-in-pr` will be mapped automatically to the new values,
but we encourage you to update to `always`/`on-failure`/`never`.

#### New Contributors

- [@&#8203;sgmurphy](https://github.com/sgmurphy) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/540](https://github.com/actions/dependency-review-action/pull/540)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.8

###
[`v3.0.7`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.7):
3.0.7

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.6...v3.0.7)

#### What's Changed

- Make GHES support / setup more clear by
[@&#8203;rajbos](https://github.com/rajbos) in
[https://github.com/actions/dependency-review-action/pull/534](https://github.com/actions/dependency-review-action/pull/534)
- Add an option to deny packages or groups of packages by
[@&#8203;adrienpessu](https://github.com/adrienpessu) in
[https://github.com/actions/dependency-review-action/pull/544](https://github.com/actions/dependency-review-action/pull/544)

#### New Contributors

- [@&#8203;rajbos](https://github.com/rajbos) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/534](https://github.com/actions/dependency-review-action/pull/534)
- [@&#8203;adrienpessu](https://github.com/adrienpessu) made their
first contribution in
[https://github.com/actions/dependency-review-action/pull/544](https://github.com/actions/dependency-review-action/pull/544)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.7

###
[`v3.0.6`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.6):
3.0.6

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.5...v3.0.6)

Fixes a bug introduced in 3.0.5 where we raised PURL errors when
Dependency Graph returns an empty `package_url`.

###
[`v3.0.5`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.5):
3.0.5

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.4...v3.0.5)

#### What's Changed

Thanks to [@&#8203;theztefan](https://github.com/theztefan), we now
have a new `allow-dependencies-licenses` option that takes a list of
dependencies that will be excluded from license checks. See the
[configuration
options](https://github.com/actions/dependency-review-action#configuration-options)
for more information on how to use it.

- Exclude dependencies from license checks by
[@&#8203;theztefan](https://github.com/theztefan) in
[https://github.com/actions/dependency-review-action/pull/423](https://github.com/actions/dependency-review-action/pull/423)
- Documentation examples by
[@&#8203;theztefan](https://github.com/theztefan) in
[https://github.com/actions/dependency-review-action/pull/423](https://github.com/actions/dependency-review-action/pull/423)
- Show snapshot warnings in the summary by
[@&#8203;juxtin](https://github.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/439](https://github.com/actions/dependency-review-action/pull/439)
- Fix default values for fail-on-severity by
[@&#8203;febuiles](https://github.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/451](https://github.com/actions/dependency-review-action/pull/451)
-   Updated dependencies.

#### New Contributors

- [@&#8203;juxtin](https://github.com/juxtin) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/439](https://github.com/actions/dependency-review-action/pull/439)
- [@&#8203;theztefan](https://github.com/theztefan) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/423](https://github.com/actions/dependency-review-action/pull/423)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.5

###
[`v3.0.4`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.4):
3.0.4

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.3...v3.0.4)

#### What's New?

The Action can now publish a comment in the pull request if the
`comment-summary-in-pr` option is set. More information can be found in
the
[README](https://github.com/actions/dependency-review-action#configuration-options).

#### New Contributors

- [@&#8203;davelosert](https://github.com/davelosert) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/393](https://github.com/actions/dependency-review-action/pull/393)

#### Changelog

- Write Summary as comment to the pull request by
[@&#8203;davelosert](https://github.com/davelosert) in
[https://github.com/actions/dependency-review-action/pull/393](https://github.com/actions/dependency-review-action/pull/393)
- Adjust summary format by
[@&#8203;davelosert](https://github.com/davelosert) in
[https://github.com/actions/dependency-review-action/pull/416](https://github.com/actions/dependency-review-action/pull/416)
-   Security updates.

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.4

###
[`v3.0.3`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.3):
3.0.3

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.2...v3.0.3)

#### What's Changed

- Use cache in check-dist.yml by
[@&#8203;jongwooo](https://github.com/jongwooo) in
[https://github.com/actions/dependency-review-action/pull/359](https://github.com/actions/dependency-review-action/pull/359)
- Fix Dependency Review API response error handling by
[@&#8203;felickz](https://github.com/felickz) in
[https://github.com/actions/dependency-review-action/pull/370](https://github.com/actions/dependency-review-action/pull/370)
-   Security updates

#### New Contributors

- [@&#8203;jongwooo](https://github.com/jongwooo) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/359](https://github.com/actions/dependency-review-action/pull/359)
- [@&#8203;felickz](https://github.com/felickz) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/370](https://github.com/actions/dependency-review-action/pull/370)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.3

###
[`v3.0.2`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.2):
3.0.2

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.1...v3.0.2)

This release fixes spelling errors
[https://github.com/actions/dependency-review-action/pull/348](https://github.com/actions/dependency-review-action/pull/348)
and upgrades dependencies to fix known vulnerabilities

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.2

###
[`v3.0.1`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.1):
3.0.1

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v3.0.0...v3.0.1)

This release contains the following bugfixes:

- Fixing API URL for GHES:
[https://github.com/actions/dependency-review-action/pull/331](https://github.com/actions/dependency-review-action/pull/331)
- Improve list handling for external config files:
[https://github.com/actions/dependency-review-action/pull/330](https://github.com/actions/dependency-review-action/pull/330)

**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v3...v3.0.1

###
[`v3.0.0`](https://github.com/actions/dependency-review-action/releases/tag/v3.0.0):
3.0.0

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v2.5.1...v3.0.0)

#### Breaking Changes

By default the action now expects [SPDX-compliant
licenses](https://spdx.org/licenses/) everywhere. If you were previously
using license names in the allow or deny lists make sure they're valid!

#### What's Changed

##### Support for external configuration files

You can now specify a [configuration file external to your
repository](https://github.com/actions/dependency-review-action/#configuration-file).
This allows organizations to have a single configuration file for all
their repos.

##### Broader license support

We've added support for a much broader set of project licenses by using
GitHub's [Licenses API](https://docs.github.com/en/rest/licenses).

##### SPDX Compliance

All of our license-related code now expects [SPDX-compliant licenses or
expressions](https://spdx.org/licenses/). This allows us to standardize
on a license naming scheme that already supports `OR`/`AND` expressions.

##### Disable individual checks

You can now use the boolean options `license-check` and
`vulnerability-check` to disable either one of the checks. More
information in [our configuration
options](https://github.com/actions/dependency-review-action/#configuration-options).

#### Thanks

Contributors for this release include:

-   [@&#8203;cnagadya](https://github.com/cnagadya)
-   [@&#8203;courtneycl](https://github.com/courtneycl)
-   [@&#8203;ericcornelissen](https://github.com/ericcornelissen)
-   [@&#8203;elireisman](https://github.com/elireisman)
-   [@&#8203;hmaurer](https://github.com/hmaurer)

Thanks everyone!
**Full Changelog**:
https://github.com/actions/dependency-review-action/compare/v2...v3.0.0

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.1`](https://github.com/actions/upload-artifact/releases/tag/v4.3.1)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.3.0...v4.3.1)

- Bump
[@&#8203;actions/artifacts](https://github.com/actions/artifacts) to
latest version to include [updated GHES host
check](https://github.com/actions/toolkit/pull/1648)

###
[`v4.3.0`](https://github.com/actions/upload-artifact/releases/tag/v4.3.0)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.2.0...v4.3.0)

##### What's Changed

- Reorganize upload code in prep for merge logic & add more tests by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/504](https://github.com/actions/upload-artifact/pull/504)
- Add sub-action to merge artifacts by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/505](https://github.com/actions/upload-artifact/pull/505)

**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.3.0

###
[`v4.2.0`](https://github.com/actions/upload-artifact/releases/tag/v4.2.0)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.1.0...v4.2.0)

##### What's Changed

- Ability to overwrite an Artifact by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/501](https://github.com/actions/upload-artifact/pull/501)

**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.2.0

###
[`v4.1.0`](https://github.com/actions/upload-artifact/releases/tag/v4.1.0)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.0.0...v4.1.0)

#### What's Changed

- Add migrations docs by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/482](https://github.com/actions/upload-artifact/pull/482)
- Update README.md by
[@&#8203;samuelwine](https://github.com/samuelwine) in
[https://github.com/actions/upload-artifact/pull/492](https://github.com/actions/upload-artifact/pull/492)
- Support artifact-url output by
[@&#8203;konradpabjan](https://github.com/konradpabjan) in
[https://github.com/actions/upload-artifact/pull/496](https://github.com/actions/upload-artifact/pull/496)
- Update readme to reflect new 500 artifact per job limit by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/497](https://github.com/actions/upload-artifact/pull/497)

#### New Contributors

- [@&#8203;samuelwine](https://github.com/samuelwine) made their first
contribution in
[https://github.com/actions/upload-artifact/pull/492](https://github.com/actions/upload-artifact/pull/492)

**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.1.0

</details>

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.3.9`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.9)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.8...v0.3.9)

##### Miscellaneous

- fix missing keys in setup actions
([#&#8203;93](https://github.com/defenseunicorns/uds-common/issues/93))
([39d7395](https://github.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a))

###
[`v0.3.8`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.8)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.7...v0.3.8)

##### Miscellaneous

- add upgrade tests to common
([#&#8203;91](https://github.com/defenseunicorns/uds-common/issues/91))
([bb2e590](https://github.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d))
- **deps:** update dependency defenseunicorns/uds-cli to v0.10.1
([#&#8203;84](https://github.com/defenseunicorns/uds-common/issues/84))
([6b455b7](https://github.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7))
- **deps:** update dependency defenseunicorns/uds-core to v0.17.0
([#&#8203;83](https://github.com/defenseunicorns/uds-common/issues/83))
([b8d8181](https://github.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c))
- **deps:** update uds common package dependencies to v6.6.1
([#&#8203;92](https://github.com/defenseunicorns/uds-common/issues/92))
([862b635](https://github.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3))
- update registry login to happen in the common env setup action
([#&#8203;88](https://github.com/defenseunicorns/uds-common/issues/88))
([b7bce88](https://github.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae))

###
[`v0.3.7`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.7)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.6...v0.3.7)

##### Miscellaneous

- remove schedule on renovate
([#&#8203;85](https://github.com/defenseunicorns/uds-common/issues/85))
([fda7e57](https://github.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27))
- update k3d-core-istio-dev to k3d-core-slim-dev
([#&#8203;86](https://github.com/defenseunicorns/uds-common/issues/86))
([aa0e6da](https://github.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493))

###
[`v0.3.6`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.6)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.5...v0.3.6)

##### Miscellaneous

- hotfix the spoof containing a dash in the input and add a publish step
([#&#8203;81](https://github.com/defenseunicorns/uds-common/issues/81))
([f9c7aac](https://github.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39))

###
[`v0.3.5`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.5)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.4...v0.3.5)

##### Miscellaneous

- fix spoof to not include a dash
([#&#8203;79](https://github.com/defenseunicorns/uds-common/issues/79))
([5d1738b](https://github.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb))

###
[`v0.3.4`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.4)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.3...v0.3.4)

##### Miscellaneous

- add the ability to spoof to common
([#&#8203;77](https://github.com/defenseunicorns/uds-common/issues/77))
([49634e1](https://github.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38))
- **deps:** update dependency defenseunicorns/uds-core to v0.16.1
([#&#8203;72](https://github.com/defenseunicorns/uds-common/issues/72))
([32d1ad6](https://github.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855))

</details>

<details>
<summary>defenseunicorns/uds-common-tasks
(defenseunicorns/uds-common-tasks)</summary>

###
[`v0.3.9`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.9)

[Compare
Source](https://github.com/defenseunicorns/uds-common-tasks/compare/v0.3.8...v0.3.9)

##### Miscellaneous

- fix missing keys in setup actions
([#&#8203;93](https://github.com/defenseunicorns/uds-common/issues/93))
([39d7395](https://github.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a))

###
[`v0.3.8`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.8)

[Compare
Source](https://github.com/defenseunicorns/uds-common-tasks/compare/v0.3.7...v0.3.8)

##### Miscellaneous

- add upgrade tests to common
([#&#8203;91](https://github.com/defenseunicorns/uds-common/issues/91))
([bb2e590](https://github.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d))
- **deps:** update dependency defenseunicorns/uds-cli to v0.10.1
([#&#8203;84](https://github.com/defenseunicorns/uds-common/issues/84))
([6b455b7](https://github.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7))
- **deps:** update dependency defenseunicorns/uds-core to v0.17.0
([#&#8203;83](https://github.com/defenseunicorns/uds-common/issues/83))
([b8d8181](https://github.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c))
- **deps:** update uds common package dependencies to v6.6.1
([#&#8203;92](https://github.com/defenseunicorns/uds-common/issues/92))
([862b635](https://github.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3))
- update registry login to happen in the common env setup action
([#&#8203;88](https://github.com/defenseunicorns/uds-common/issues/88))
([b7bce88](https://github.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae))

###
[`v0.3.7`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.7)

[Compare
Source](https://github.com/defenseunicorns/uds-common-tasks/compare/v0.3.6...v0.3.7)

##### Miscellaneous

- remove schedule on renovate
([#&#8203;85](https://github.com/defenseunicorns/uds-common/issues/85))
([fda7e57](https://github.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27))
- update k3d-core-istio-dev to k3d-core-slim-dev
([#&#8203;86](https://github.com/defenseunicorns/uds-common/issues/86))
([aa0e6da](https://github.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493))

###
[`v0.3.6`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.6)

[Compare
Source](https://github.com/defenseunicorns/uds-common-tasks/compare/v0.3.5...v0.3.6)

##### Miscellaneous

- hotfix the spoof containing a dash in the input and add a publish step
([#&#8203;81](https://github.com/defenseunicorns/uds-common/issues/81))
([f9c7aac](https://github.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39))

###
[`v0.3.5`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.5)

[Compare
Source](https://github.com/defenseunicorns/uds-common-tasks/compare/v0.3.4...v0.3.5)

##### Miscellaneous

- fix spoof to not include a dash
([#&#8203;79](https://github.com/defenseunicorns/uds-common/issues/79))
([5d1738b](https://github.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb))

###
[`v0.3.4`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.4)

[Compare
Source](https://github.com/defenseunicorns/uds-common-tasks/compare/v0.3.3...v0.3.4)

##### Miscellaneous

- add the ability to spoof to common
([#&#8203;77](https://github.com/defenseunicorns/uds-common/issues/77))
([49634e1](https://github.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38))
- **deps:** update dependency defenseunicorns/uds-core to v0.16.1
([#&#8203;72](https://github.com/defenseunicorns/uds-common/issues/72))
([32d1ad6](https://github.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855))

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

###
[`v0.32.6`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32.6)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6)

##### \[0.32.6] - 2024-03-22

> trying out some different release note generators, formatting may vary
for a few releases while we figure out what works best
~[@&#8203;Noxsios](https://github.com/Noxsios)

##### 🚀 Features

- \[**ALPHA**] feat: package generation ALPHA by
[@&#8203;andrewg-xyz](https://github.com/andrewg-xyz) in
[#&#8203;2269](https://github.com/defenseunicorns/zarf/pull/2269)
- *(lib)* feat(lib): configurable log file location by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2380](https://github.com/defenseunicorns/zarf/pull/2380)
- \[**BREAKING**] feat!: filter package components with strategy
interface by [@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2321](https://github.com/defenseunicorns/zarf/pull/2321)

##### 🐛 Bug Fixes

- fix: refactor create stages into separate lib by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2223](https://github.com/defenseunicorns/zarf/pull/2223)
- fix: handle registry caBundle as a multiline string by
[@&#8203;AbrohamLincoln](https://github.com/AbrohamLincoln) in
[#&#8203;2381](https://github.com/defenseunicorns/zarf/pull/2381)
- *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and
`mirror` by [@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2386](https://github.com/defenseunicorns/zarf/pull/2386)
- fix: allow absolute paths for differential packages by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2397](https://github.com/defenseunicorns/zarf/pull/2397)
- fix: hotfix skeleton publish by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2398](https://github.com/defenseunicorns/zarf/pull/2398)

##### 🚜 Refactor

- refactor: split helpers/exec libs by
[@&#8203;Racer159](https://github.com/Racer159) in
[#&#8203;2379](https://github.com/defenseunicorns/zarf/pull/2379)

##### 🧪 Testing

- test: data injection flake by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2361](https://github.com/defenseunicorns/zarf/pull/2361)

##### ⚙️ Miscellaneous Tasks

- ci: add commitlint workflow and update contributing guide by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2391](https://github.com/defenseunicorns/zarf/pull/2391)

##### 🛡️ Security

- *(release)* build: create PRs on `homebrew-tap` by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2385](https://github.com/defenseunicorns/zarf/pull/2385)

**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6

###
[`v0.32.5`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32.5)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.4...v0.32.5)

##### \[0.32.5] - 2024-03-11

> trying out some different release note generators, formatting may vary
for a few releases while we figure out what works best
~[@&#8203;Noxsios](https://github.com/Noxsios)

##### 🚀 Features

- feat: add missing vendored tool version commands by
[@&#8203;eddiezane](https://github.com/eddiezane) in
[#&#8203;2232](https://github.com/defenseunicorns/zarf/pull/2232)
- feat: add `--why` flag for `zarf dev find-images` by
[@&#8203;waveywaves](https://github.com/waveywaves) in
[#&#8203;2309](https://github.com/defenseunicorns/zarf/pull/2309)
- feat: set variables on find images by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2282](https://github.com/defenseunicorns/zarf/pull/2282)
- feat: add configurable backoff and retries for Zarf operations by
[@&#8203;Racer159](https://github.com/Racer159) in
[#&#8203;2345](https://github.com/defenseunicorns/zarf/pull/2345)

##### 🐛 Bug Fixes

- *(deps)*: update github.com/anchore/clio digest to
[`abcb719`](https://github.com/defenseunicorns/zarf/commit/abcb719) by
[@&#8203;renovate](https://github.com/renovate)\[bot] in
[#&#8203;2347](https://github.com/defenseunicorns/zarf/pull/2347)
- *(ci)*: change ECR image to docker.io image by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2353](https://github.com/defenseunicorns/zarf/pull/2353)
- fix: added OCI Image Index mediaType by
[@&#8203;mdaizcorbe](https://github.com/mdaizcorbe) in
[#&#8203;2352](https://github.com/defenseunicorns/zarf/pull/2352)
- fix: package publish progress bar frozen at zero by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2367](https://github.com/defenseunicorns/zarf/pull/2367)
- *(release)* hotfix `publish` not respecting source package
architecture by [@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2376](https://github.com/defenseunicorns/zarf/pull/2376)

##### 📚 Documentation

- chore: fix spelling by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2333](https://github.com/defenseunicorns/zarf/pull/2333)
- docs: formatting and grammar by
[@&#8203;beholdenkey](https://github.com/beholdenkey) in
[#&#8203;2350](https://github.com/defenseunicorns/zarf/pull/2350)

##### ⚙️ Miscellaneous Tasks

- chore: sorted go imports by
[@&#8203;naveensrinivasan](https://github.com/naveensrinivasan) in
[#&#8203;2349](https://github.com/defenseunicorns/zarf/pull/2349)
- chore: fix bb test by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2340](https://github.com/defenseunicorns/zarf/pull/2340)
- chore: update CODEOWNERS with
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) by
[@&#8203;Racer159](https://github.com/Racer159) in
[#&#8203;2354](https://github.com/defenseunicorns/zarf/pull/2354)
- chore: refactor and purify the OCI library within Zarf by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2235](https://github.com/defenseunicorns/zarf/pull/2235)
- chore: default to temp zarf cache in e2e tests by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2355](https://github.com/defenseunicorns/zarf/pull/2355)

##### 🛡️ Security

- chore: configure agent server to avoid slowloris attack by
[@&#8203;naveensrinivasan](https://github.com/naveensrinivasan) in
[#&#8203;2342](https://github.com/defenseunicorns/zarf/pull/2342)
- chore: fix implicit memory aliasing in for loop by
[@&#8203;naveensrinivasan](https://github.com/naveensrinivasan) in
[#&#8203;2341](https://github.com/defenseunicorns/zarf/pull/2341)
- *(release)*: update release workflow to use token from gh app by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2368](https://github.com/defenseunicorns/zarf/pull/2368)
- *(release)*: use release environment secrets by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2374](https://github.com/defenseunicorns/zarf/pull/2374)

##### First Time Contributors

- [@&#8203;eddiezane](https://github.com/eddiezane) made their first
contribution in
[#&#8203;2232](https://github.com/defenseunicorns/zarf/issues/2232)
- [@&#8203;beholdenkey](https://github.com/beholdenkey) made their
first contribution in
[#&#8203;2350](https://github.com/defenseunicorns/zarf/issues/2350)
- [@&#8203;mdaizcorbe](https://github.com/mdaizcorbe) made their first
contribution in
[#&#8203;2352](https://github.com/defenseunicorns/zarf/issues/2352)

**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.4...v0.32.5

###
[`v0.32.4`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32.4)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.3...v0.32.4)

##### What's Changed

##### Fixes

- Improve `cmd` failure messaging when no timeout or retries are given
by [@&#8203;docandrew](https://github.com/docandrew) in
[https://github.com/defenseunicorns/zarf/pull/2301](https://github.com/defenseunicorns/zarf/pull/2301)
- Revert init package storageclass checks for git server and seed
registry by [@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2311](https://github.com/defenseunicorns/zarf/pull/2311)
- Fix multi-part tarballs being mismatched sizes by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2314](https://github.com/defenseunicorns/zarf/pull/2314)
- Change text template detection to check first *and* last 512 bytes by
[@&#8203;WeaponX314](https://github.com/WeaponX314) in
[https://github.com/defenseunicorns/zarf/pull/2310](https://github.com/defenseunicorns/zarf/pull/2310)
- Improve `zarf tools registry prune` messaging by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2323](https://github.com/defenseunicorns/zarf/pull/2323)
- Add http request header timeout to mitigate stalling image push by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2319](https://github.com/defenseunicorns/zarf/pull/2319)
- Allow host+subpath as the source registry for `--registry-override` in
package create by [@&#8203;waveywaves](https://github.com/waveywaves)
in
[https://github.com/defenseunicorns/zarf/pull/2306](https://github.com/defenseunicorns/zarf/pull/2306)

##### Dependencies

- Update github.com/anchore/clio digest to
[`cb94e40`](https://github.com/defenseunicorns/zarf/commit/cb94e40) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2294](https://github.com/defenseunicorns/zarf/pull/2294),
[https://github.com/defenseunicorns/zarf/pull/2297](https://github.com/defenseunicorns/zarf/pull/2297)
and
[https://github.com/defenseunicorns/zarf/pull/2300](https://github.com/defenseunicorns/zarf/pull/2300)
- **\[security]** Update module helm.sh/helm/v3 to v3.14.2 by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2307](https://github.com/defenseunicorns/zarf/pull/2307)
and
[https://github.com/defenseunicorns/zarf/pull/2329](https://github.com/defenseunicorns/zarf/pull/2329)
- Update actions/checkout action to v4 by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2317](https://github.com/defenseunicorns/zarf/pull/2317)
- Update actions/dependency-review-action action to v4 by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2318](https://github.com/defenseunicorns/zarf/pull/2318)

##### Docs

- Update [Zarf roadmap](https://docs.zarf.dev/docs/roadmap) per 2024
goals by [@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2305](https://github.com/defenseunicorns/zarf/pull/2305)

##### Development

- Included Dependency Review action for PR reviews by
[@&#8203;naveensrinivasan](https://github.com/naveensrinivasan) in
[https://github.com/defenseunicorns/zarf/pull/2298](https://github.com/defenseunicorns/zarf/pull/2298)
- Resolve CodeQL linting issues across Zarf by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2322](https://github.com/defenseunicorns/zarf/pull/2322)

##### New Contributors

- [@&#8203;docandrew](https://github.com/docandrew) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2301](https://github.com/defenseunicorns/zarf/pull/2301)
- [@&#8203;naveensrinivasan](https://github.com/naveensrinivasan) made
their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2298](https://github.com/defenseunicorns/zarf/pull/2298)
- [@&#8203;waveywaves](https://github.com/waveywaves) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2306](https://github.com/defenseunicorns/zarf/pull/2306)

**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.3...v0.32.4

###
[`v0.32.3`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32.3)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.2...v0.32.3)

##### What's Changed

##### Fixes

- Properly handle panic that could occur during checksum validation by
[@&#8203;mjnagel](https://github.com/mjnagel) in
[https://github.com/defenseunicorns/zarf/pull/2262](https://github.com/defenseunicorns/zarf/pull/2262)
- Add the `--key` flag to the init cmd to properly allow for signed init
packages by [@&#8203;dgershman](https://github.com/dgershman) in
[https://github.com/defenseunicorns/zarf/pull/2259](https://github.com/defenseunicorns/zarf/pull/2259)
- Restore destroy script functionality during `zarf destroy` by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2274](https://github.com/defenseunicorns/zarf/pull/2274)
- Fix symlink inclusion within component resources by
[@&#8203;dgershman](https://github.com/dgershman) in
[https://github.com/defenseunicorns/zarf/pull/2256](https://github.com/defenseunicorns/zarf/pull/2256)
- Use memory friendly file split logic for partial packages by
[@&#8203;daniel-palmer-gu](https://github.com/daniel-palmer-gu) in
[https://github.com/defenseunicorns/zarf/pull/2264](https://github.com/defenseunicorns/zarf/pull/2264)
- Fix reproducible tarball creation on Windows systems by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2293](https://github.com/defenseunicorns/zarf/pull/2293)

##### Docs

- Make branding more consistent and add community meetup references to
docs by [@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2258](https://github.com/defenseunicorns/zarf/pull/2258)

##### Dependencies

- Update github.com/anchore/clio digest by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2277](https://github.com/defenseunicorns/zarf/pull/2277)
and
[https://github.com/defenseunicorns/zarf/pull/2283](https://github.com/defenseunicorns/zarf/pull/2283)
- Update all non-major dependencies (including Gitea v1.21.5, Syft
v0.100.0, K9s v0.31.7 and Crane v0.19.0) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2187](https://github.com/defenseunicorns/zarf/pull/2187)

##### Development

- Add a more robust chart search regexManager by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2278](https://github.com/defenseunicorns/zarf/pull/2278)
and
[https://github.com/defenseunicorns/zarf/pull/2284](https://github.com/defenseunicorns/zarf/pull/2284)
- Partial refactor of injector logic in `k8s`, and `cluster` packages by
[@&#8203;chrishorton](https://github.com/chrishorton) in
[https://github.com/defenseunicorns/zarf/pull/2271](https://github.com/defenseunicorns/zarf/pull/2271)

##### New Contributors

- [@&#8203;daniel-palmer-gu](https://github.com/daniel-palmer-gu) made
their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2264](https://github.com/defenseunicorns/zarf/pull/2264)

**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.2...v0.32.3

###
[`v0.32.2`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32.2)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.1...v0.32.2)

#### What's Changed

#### Features

- Support authenticated Helm repositories that have been configured with
`helm repo add` by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2196](https://github.com/defenseunicorns/zarf/pull/2196)
- Verify that the specified storage class exists during `zarf init` by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2180](https://github.com/defenseunicorns/zarf/pull/2180)
- Check for available node resources before building injector pod by
[@&#8203;chrishorton](https://github.com/chrishorton) in
[https://github.com/defenseunicorns/zarf/pull/2220](https://github.com/defenseunicorns/zarf/pull/2220)
- Officially support yaml extensions within the `zarf.yaml` using `x-`
keys by [@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2217](https://github.com/defenseunicorns/zarf/pull/2217)

#### Fixes

- Fix the inclusion of helm sub commands when rendering `zarf tools
help` by [@&#8203;jbrewer3](https://github.com/jbrewer3) in
[https://github.com/defenseunicorns/zarf/pull/2216](https://github.com/defenseunicorns/zarf/pull/2216)

#### Docs

- Fix typos in the extension `README.md` by
[@&#8203;mjnagel](https://github.com/mjnagel) in
[https://github.com/defenseunicorns/zarf/pull/2227](https://github.com/defenseunicorns/zarf/pull/2227)
- Fix a small grammatical error in the base `README.md` by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[https://github.com/defenseunicorns/zarf/pull/2219](https://github.com/defenseunicorns/zarf/pull/2219)

#### Dependencies

- Update github.com/anchore/clio digest to
[`89e2fe8`](https://github.com/defenseunicorns/zarf/commit/89e2fe8) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2214](https://github.com/defenseunicorns/zarf/pull/2214)
- Update github.com/anchore/clio digest to
[`a5e93b6`](https://github.com/defenseunicorns/zarf/commit/a5e93b6) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2229](https://github.com/defenseunicorns/zarf/pull/2229)
- Update github.com/anchore/stereoscope digest to
[`eb656fc`](https://github.com/defenseunicorns/zarf/commit/eb656fc) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2230](https://github.com/defenseunicorns/zarf/pull/2230)

#### Development

- Remove workflow for automatically adding issues to the zarf project by
[@&#8203;YrrepNoj](https://github.com/YrrepNoj) in
[https://github.com/defenseunicorns/zarf/pull/2239](https://github.com/defenseunicorns/zarf/pull/2239)
- Delete unnecessary waitgroup from concurrencyTools by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2244](https://github.com/defenseunicorns/zarf/pull/2244)
- Update `NewOrasRemote` to take `ocispec.Platform` as an argument by
[@&#8203;decleaver](https://github.com/decleaver) in
[https://github.com/defenseunicorns/zarf/pull/2241](https://github.com/defenseunicorns/zarf/pull/2241)

#### New Contributors

- [@&#8203;jbrewer3](https://github.com/jbrewer3) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2216](https://github.com/defenseunicorns/zarf/pull/2216)
- [@&#8203;chrishorton](https://github.com/chrishorton) made their
first contribution in
[https://github.com/defenseunicorns/zarf/pull/2220](https://github.com/defenseunicorns/zarf/pull/2220)

**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.1...v0.32.2

###
[`v0.32.1`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <me@racer159.com>
  • Loading branch information
renovate[bot] and Racer159 authored Mar 29, 2024
1 parent 97adf52 commit 0946c88
Show file tree
Hide file tree
Showing 11 changed files with 39 additions and 63 deletions.
19 changes: 2 additions & 17 deletions .github/workflows/ci-docs-shim.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,8 @@ name: CI Docs Shim

on:
pull_request:
paths:
- "**.md"
- "**.jpg"
- "**.png"
- "**.gif"
- "**.svg"
- "adr/**"
- "docs/**"
- ".gitignore"
- "renovate.json"
- ".release-please-config.json"
- "release-please-config.json"
- "oscal-component.yaml"
- "CODEOWNERS"
- "LICENSE"
- "CONTRIBUTING.md"
- "SECURITY.md"
branches: [main]
types: [milestoned, opened, synchronize]

jobs:
run-test:
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,17 @@ jobs:
steps:

- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@a56a03b370b87b26fde6d680755f818cfda0372b # v2.24.5
uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@a56a03b370b87b26fde6d680755f818cfda0372b # v2.24.5
uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@a56a03b370b87b26fde6d680755f818cfda0372b # v2.24.5
uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/commitlint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ on:
jobs:
validate:
name: Validate
uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
4 changes: 2 additions & 2 deletions .github/workflows/dependencyreview.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ jobs:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5
7 changes: 4 additions & 3 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,11 @@ jobs:
fetch-depth: 0

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
with:
username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
ghToken: ${{ secrets.GITHUB_TOKEN }}

- name: Install lint deps
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with:
sarif_file: results.sarif
18 changes: 6 additions & 12 deletions .github/workflows/tag-and-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
steps:
- name: Create release tag
id: tag
uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4.0.2
uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4.1.0
- id: release-flag
run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT

Expand All @@ -39,23 +39,17 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
with:
username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}

- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
with:
registry: ghcr.io
username: dummy
password: ${{ secrets.GITHUB_TOKEN }}
registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
ghToken: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Package
run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}

- name: Save logs
if: always()
uses: defenseunicorns/uds-common/.github/actions/save-logs@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/actions/save-logs@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
with:
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
11 changes: 6 additions & 5 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,19 +46,20 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
with:
username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
ghToken: ${{ secrets.GITHUB_TOKEN }}

- name: Test
uses: defenseunicorns/uds-common/.github/actions/test@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/actions/test@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
with:
flavor: ${{ matrix.flavor }}
type: ${{ matrix.type }}

- name: Save logs
if: always()
uses: defenseunicorns/uds-common/.github/actions/save-logs@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
uses: defenseunicorns/uds-common/.github/actions/save-logs@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
with:
suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
8 changes: 4 additions & 4 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ repos:
hooks:
- id: fix-smartquotes
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.27.4
rev: 0.28.0
hooks:
- id: check-jsonschema
name: "Validate Zarf Configs Against Schema"
Expand All @@ -40,14 +40,14 @@ repos:
args:
[
"--schemafile",
"https://raw.githubusercontent.com/defenseunicorns/zarf/v0.29.1/zarf.schema.json",
"https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.6/zarf.schema.json",
"--no-cache"
]
- repo: https://github.com/golangci/golangci-lint
rev: v1.55.2
rev: v1.57.2
hooks:
- id: golangci-lint
- repo: https://github.com/renovatebot/pre-commit-hooks
rev: 37.165.5
rev: 37.275.0
hooks:
- id: renovate-config-validator
19 changes: 7 additions & 12 deletions tasks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ includes:
- cleanup: ./tasks/cleanup.yaml
- dependencies: ./tasks/dependencies.yaml
- test: ./tasks/test.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/create.yaml
- lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/lint.yaml
- pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/pull.yaml
- deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/deploy.yaml
- setup: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.3.3/tasks/setup.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.9/tasks/create.yaml
- lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.9/tasks/lint.yaml
- pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.9/tasks/pull.yaml
- deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.9/tasks/deploy.yaml
- setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.9/tasks/setup.yaml

tasks:
- name: default
Expand Down Expand Up @@ -34,13 +34,8 @@ tasks:
description: Create UDS Mattermost bundle based on the latest release
actions:
- task: pull:latest-package-release
# TODO (@WSTARR): This is currently needed to get around the chicken+egg condition when release please updates the version in GH
- description: Get the current Zarf package name
cmd: cat zarf.yaml | yq .metadata.version
setVariables:
- name: CURRENT_VERSION
- description: Move the latest to the current (needed to make this work on release-please PRs)
cmd: test -f zarf-package-mattermost-${UDS_ARCH}-${CURRENT_VERSION}.tar.zst || mv zarf-package-mattermost-${UDS_ARCH}-*.tar.zst zarf-package-mattermost-${UDS_ARCH}-${CURRENT_VERSION}.tar.zst
with:
spoof_release: "true"
- task: dependencies:create
- task: create:test-bundle

Expand Down
2 changes: 1 addition & 1 deletion tasks/publish.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
includes:
- publish: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.3.3/tasks/publish.yaml
- publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.9/tasks/publish.yaml

tasks:
- name: package
Expand Down

0 comments on commit 0946c88

Please sign in to comment.