Merge remote-tracking branch 'origin' into new-website-zarf-schema

zarf-dev · Mar 15, 2024 · ba2202c · ba2202c
2 parents 2c5bbb8 + d0bcc20
commit ba2202c
Show file tree

Hide file tree

Showing 461 changed files with 23,428 additions and 14,022 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -2,7 +2,7 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: possible-bug
+labels: 'possible-bug 🐛'
 assignees: ''
 ---
 

diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: 'enhancement'
+labels: 'enhancement ✨'
 assignees: ''
 ---
 

diff --git a/.github/ISSUE_TEMPLATE/tech_debt.md b/.github/ISSUE_TEMPLATE/tech_debt.md
@@ -2,7 +2,7 @@
 name: Tech debt
 about: Record something that should be investigated or refactored in the future.
 title: ''
-labels: 'tech-debt'
+labels: 'tech-debt 💳'
 assignees: ''
 ---
 

diff --git a/.github/actions/golang/action.yaml b/.github/actions/golang/action.yaml
@@ -4,7 +4,7 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
         go-version: 1.21.x
         cache: true
diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
@@ -4,9 +4,9 @@ description: "Install pipeline tools"
 runs:
   using: composite
   steps:
-    - uses: sigstore/cosign-installer@c85d0e205a72a294fe064f618a87dbac13084086 # v2.8.1
+    - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
 
-    - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+    - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
 
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin --tag v0.64.2"
       shell: bash

diff --git a/.github/actions/k3d/action.yaml b/.github/actions/k3d/action.yaml
@@ -7,5 +7,5 @@ runs:
     - run: "curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash"
       shell: bash
 
-    - run: k3d cluster delete && k3d cluster create
+    - run: k3d cluster delete && k3d cluster create --k3s-arg="--disable=traefik@server:0"
       shell: bash
diff --git a/.github/actions/packages/action.yaml b/.github/actions/packages/action.yaml
@@ -10,18 +10,26 @@ inputs:
     description: 'Build the example packages'
     required: false
     default: 'true'
+  os:
+    description: 'Which OS to build for'
+    required: false
+    default: 'linux'
+  shell:
+    description: 'Which shell to build in'
+    required: false
+    default: 'bash'
 
 runs:
   using: composite
   steps:
     - run: |
-        make build-cli-linux-amd ARCH=amd64
-      shell: bash
+        make build-cli-${{ inputs.os }}-amd ARCH=amd64
+      shell: ${{ inputs.shell }}
     - run: |
         make init-package ARCH=amd64
-      shell: bash
+      shell: ${{ inputs.shell }}
       if: ${{ inputs.init-package == 'true' }}
     - run: |
         make build-examples ARCH=amd64
-      shell: bash
+      shell: ${{ inputs.shell }}
       if: ${{ inputs.build-examples == 'true' }}
diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml
@@ -1,6 +1,12 @@
 name: save-logs
 description: "Save debug logs"
 
+inputs:
+  suffix:
+    description: 'Suffix to append to the debug log'
+    required: false
+    default: ''
+
 runs:
   using: composite
   steps:
@@ -9,7 +15,7 @@ runs:
         sudo chown $USER /tmp/zarf-*.log || echo ""
       shell: bash
 
-    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+    - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
       with:
-        name: debug-log
+        name: debug-log${{ inputs.suffix }}
         path: /tmp/zarf-*.log
diff --git a/.github/actions/slack/action.yaml b/.github/actions/slack/action.yaml
@@ -9,30 +9,30 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 #v1.24.0
+    - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
       with:
         payload: |
           {
-            "text": "The GitHub Action Workflow **'${{ github.workflow }}'** had a result of: `${{ job.status }}`.",
+            "text": "The GitHub Workflow *'${{ github.workflow }}'* had a result of: `${{ job.status }}`.\n\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Action Log>",
             "blocks": [
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
-                  "text": "The GitHub Action Workflow **'${{ github.workflow }}'** had a result of: `${{ job.status }}`."
+                  "text": "The GitHub Workflow *'${{ github.workflow }}'* had a result of: `${{ job.status }}`."
                 }
               },
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
-                  "text": "View Workflow Run"
+                  "text": " "
                 },
                 "accessory": {
                   "type": "button",
                   "text": {
                     "type": "plain_text",
-                    "text": "Click Me",
+                    "text": "View Action Log",
                     "emoji": true
                   },
                   "value": "click_me_workflow_run",
@@ -44,3 +44,4 @@ runs:
           }
       env:
         SLACK_WEBHOOK_URL: ${{ inputs.slack-webhook-url }}
+        SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
diff --git a/.github/workflows/auto-assign-to-project.yml b/.github/workflows/auto-assign-to-project.yml
diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repo"
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.event.inputs.branchName }}
 
@@ -37,7 +37,7 @@ jobs:
           shasum zarf-injector-arm64 >> checksums.txt
 
       - name: Set AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0
+        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }}

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,14 @@
+name: Dependency Review
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Dependency Review
+        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Setup golang
         uses: ./.github/actions/golang
@@ -29,7 +29,7 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0
+        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
           aws-region: us-east-1

diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Setup golang
         uses: ./.github/actions/golang
@@ -37,7 +37,7 @@ jobs:
         uses: ./.github/actions/packages
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0
+        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
           aws-region: us-east-1

diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml
@@ -18,7 +18,7 @@ jobs:
       packages: write
     steps:
       - name: "Checkout Repo"
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.event.inputs.branchName }}
 
@@ -35,14 +35,15 @@ jobs:
       - name: Build And Publish Application Packages
         # Create the dos-games package with the cosign signature, publish to ghcr and copy the tags to allow 'uname -m' to work
         run: |
-          zarf package create -o build -a amd64 examples/dos-games --key=awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} --confirm
-          zarf package create -o build -a arm64 examples/dos-games --key=awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} --confirm
+          zarf package create -o build -a amd64 examples/dos-games --signing-key=awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} --confirm
+          zarf package create -o build -a arm64 examples/dos-games --signing-key=awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} --confirm
 
-          zarf package publish ./build/zarf-package-dos-games-amd64-1.0.0.tar.zst oci://ghcr.io/defenseunicorns/packages
-          zarf package publish ./build/zarf-package-dos-games-arm64-1.0.0.tar.zst oci://ghcr.io/defenseunicorns/packages
+          # Publish a the signed dos-games package
+          zarf package publish ./build/zarf-package-dos-games-amd64-1.0.0.tar.zst oci://ghcr.io/defenseunicorns/packages --key=https://zarf.dev/cosign.pub
+          zarf package publish ./build/zarf-package-dos-games-arm64-1.0.0.tar.zst oci://ghcr.io/defenseunicorns/packages --key=https://zarf.dev/cosign.pub
 
-          zarf tools registry copy ghcr.io/defenseunicorns/packages/dos-games:1.0.0-amd64 ghcr.io/defenseunicorns/packages/dos-games:1.0.0-x86_64
-          zarf tools registry copy ghcr.io/defenseunicorns/packages/dos-games:1.0.0-arm64 ghcr.io/defenseunicorns/packages/dos-games:1.0.0-aarch64
+          # Publish a skeleton of the dos-games package
+          zarf package publish examples/dos-games oci://ghcr.io/defenseunicorns/packages
         env:
           AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
           AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}