Merge branch 'master' into kopiaKanisterIntegrationPhase2

kanisterio · Apr 15, 2024 · 9ba7196 · 9ba7196
2 parents 4a6941f + adba17a
commit 9ba7196
Show file tree

Hide file tree

Showing 259 changed files with 11,154 additions and 4,209 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -41,6 +41,8 @@ updates:
     open-pull-requests-limit: 3
     schedule:
       interval: daily
+    commit-message:
+      prefix: "deps(github):"
     groups:
       github-actions:
         patterns:
@@ -49,3 +51,130 @@ updates:
       docker:
         patterns:
         - "docker/*"
+  ## Currently dependabot does not support wildcard or multiple directories
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/build"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/cassandra"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/controller"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/couchbase-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/docs-build"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/foundationdb"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kafka-adobe3Connector/image"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-elasticsearch/image"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-kubectl"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-mongodb-replicaset"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/kanister-mysql"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/license_extractor"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/mongodb"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/mongodb-atlas"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/mssql-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/postgres-kanister-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/postgresql"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/redis-tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/repo-server-controller"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
+  - package-ecosystem: "docker"
+    directory: "/docker/tools"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "deps(docker):"
diff --git a/.github/workflows/atlas-image-build.yaml b/.github/workflows/atlas-image-build.yaml
@@ -18,10 +18,10 @@ jobs:
     outputs:
       changed: ${{ steps.changed-files.outputs.any_changed }}
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           fetch-depth: 0
-      - uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2
+      - uses: tj-actions/changed-files@20576b4b9ed46d41e2d45a2256e5e2316dde6834 # v43.0.1
         name: Get changed files
         id: changed-files
         with:
@@ -36,7 +36,7 @@ jobs:
     if: needs.check-files.outputs.changed == 'true'
     steps:
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+      uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
     - name: Image metadata
       id: meta
       uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
@@ -48,13 +48,13 @@ jobs:
           {{date 'YYYY.MM.DD-HHmm'}}
           ${{ inputs.tag }}
     - name: Login to GHCR
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+      uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
       with:
         context: "{{defaultContext}}:docker/mongodb-atlas"
         push: true

diff --git a/.github/workflows/dependendy-review.yml b/.github/workflows/dependendy-review.yml
@@ -5,6 +5,7 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: 'Dependency Review'
+
 on: [pull_request]
 
 permissions:
@@ -15,6 +16,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
@@ -0,0 +1,24 @@
+
+name: 'govulncheck'
+on:
+  ## Nightly
+  schedule:
+    - cron: '42 1 * * *'
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - id: govulncheck
+        name: 'Govulncheck'
+        uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
+        continue-on-error: ${{ github.event_name == 'pull_request' }}
+        with:
+          repo-checkout: false
+          cache: false
diff --git a/.github/workflows/grype-vulnerability-scanner.yaml b/.github/workflows/grype-vulnerability-scanner.yaml
@@ -15,7 +15,7 @@ jobs:
       - name: Create repo directory before checking out latest code
         run: mkdir -p repo
       - name: Checkout the latest code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           ref: master
           path: repo
@@ -59,7 +59,7 @@ jobs:
       - name: Create repo directory before checking out latest code
         run: mkdir -p repo
       - name: Checkout the latest code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           ref: master
           path: repo

diff --git a/.github/workflows/kanister-image-build.yaml b/.github/workflows/kanister-image-build.yaml
@@ -7,6 +7,14 @@ on:
         description: 'Image tag in the format vx.x.x'
         required: true
         type: string
+      latest_tag:
+        description: 'Tag image as latest or dev_latest'
+        required: true
+        default: dev_latest
+        type: choice
+        options:
+        - latest
+        - dev_latest
 
 env:
   REGISTRY: ghcr.io
@@ -41,7 +49,7 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+      uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
     - name: Image metadata
       id: meta
       uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
@@ -52,14 +60,15 @@ jobs:
           type=sha
           {{date 'YYYY.MM.DD-HHmm'}}
           ${{ inputs.tag }}
+          ${{ inputs.latest_tag }}
     - name: Login to GHCR
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+      uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
       with:
         context: "{{defaultContext}}:docker/build"
         platforms: linux/amd64,linux/arm64

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -4,8 +4,6 @@ on:
     branches:
     - master
   pull_request:
-    branches:
-    - master
 jobs:
   ## Make sure go.mod and go.sum files are up-to-date with the code
   ## TODO: make this fail if they're not up-to-date to inform the committer to udpate them
@@ -15,7 +13,7 @@ jobs:
       gomod: ${{ steps.gomod.outputs.gomod }}
       gosum: ${{ steps.gosum.outputs.gosum }}
     steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
     - run: make go-mod-tidy
     - id: gomod
       run: |
@@ -37,7 +35,7 @@ jobs:
     runs-on: ubuntu-20.04
     needs: gomod
     steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
     ## Sync go.mod and go.sum files from gomod job
     - name: restore_gomod
       run: echo "${{needs.gomod.outputs.gomod}}" > go.mod
@@ -52,13 +50,13 @@ jobs:
       matrix:
         testSuite: [test, integration-test, helm-test]
     steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
     ## Sync go.mod and go.sum files from gomod job
     - name: restore_gomod
       run: echo "${{needs.gomod.outputs.gomod}}" > go.mod
     - name: restore_gosum
       run: echo "${{needs.gomod.outputs.gosum}}" > go.sum
-    - uses: helm/kind-action@v1.8.0
+    - uses: helm/kind-action@v1.9.0
     - run: |
         make install-csi-hostpath-driver
         make install-minio
@@ -78,7 +76,7 @@ jobs:
       matrix:
         bin: [controller, kanctl, kando]
     steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
     ## Sync go.mod and go.sum files from gomod job
     - name: restore_gomod
       run: echo "${{needs.gomod.outputs.gomod}}" > go.mod
@@ -88,7 +86,7 @@ jobs:
   docs:
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
     - run: make docs
   release:
     runs-on: ubuntu-20.04
@@ -97,14 +95,16 @@ jobs:
     permissions:
       packages: write
     steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
     - run: make go-mod-tidy
-    - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+    - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - run: sudo rm -rf /usr/share/dotnet
     - run: sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+    - run: docker image prune -af
+    - run: docker builder prune -af
     - run: make release-snapshot
     - run: ./build/push_images.sh
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -26,7 +26,7 @@ jobs:
     steps:
       -
         name: "Checkout repo"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
       -
@@ -39,7 +39,7 @@ jobs:
       -
         # Upload the results to GitHub's code scanning dashboard.
         name: "Upload to results to dashboard"
-        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
+        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
         with:
           sarif_file: results.sarif
       -

diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
@@ -19,11 +19,14 @@ jobs:
         close-pr-label: rotten
         stale-issue-label: stale
         stale-pr-label: stale
-        exempt-issue-labels: frozen
+        exempt-issue-labels:
+          - frozen
+          - accepted
         exempt-pr-labels: frozen
-        close-issue-message: This issue is closed due to inactivity. Feel free to reopen it, if it's still relevant.
-        close-pr-message: This PR is closed due to inactivity. Feel free to reopen it, if it's still relevant.
-        stale-issue-message: This issue is marked as stale due to inactivity. Add a new comment to reactivate it.
-        stale-pr-message: This PR is marked as stale due to inactivity. Add a new comment to reactivate it.
+        close-issue-message: This issue is closed due to inactivity. Feel free to reopen it, if it's still relevant. CC @kanisterio/maintainers
+        close-pr-message: This PR is closed due to inactivity. Feel free to reopen it, if it's still relevant. CC @kanisterio/maintainers
+        stale-issue-message: This issue is marked as stale due to inactivity. Add a new comment to reactivate it. CC @kanisterio/maintainers
+        stale-pr-message: This PR is marked as stale due to inactivity. Add a new comment to reactivate it. CC @kanisterio/maintainers
         remove-issue-stale-when-updated: true
         remove-pr-stale-when-updated: true
+        exempt-all-assignees: true