From 1d2c09e3549392ff39cd7f35065ffcfe291d7fbf Mon Sep 17 00:00:00 2001 From: ArchitectBot <61872893+architectbot@users.noreply.github.com> Date: Wed, 13 Mar 2024 11:39:10 +0100 Subject: [PATCH] Align files (#237) Co-authored-by: github-actions --- .../zz_generated.add-team-labels.yaml | 4 +- .../zz_generated.add-to-project-board.yaml | 8 +- .../zz_generated.check_values_schema.yaml | 2 +- .../zz_generated.create_release.yaml | 38 +++++---- .../zz_generated.create_release_pr.yaml | 4 +- .github/workflows/zz_generated.gitleaks.yaml | 2 +- .../zz_generated.run_ossf_scorecard.yaml | 78 +++++++++++++++++++ CODEOWNERS | 3 - LICENSE | 2 +- Makefile | 2 +- Makefile.gen.app.mk | 2 +- 11 files changed, 113 insertions(+), 32 deletions(-) create mode 100644 .github/workflows/zz_generated.run_ossf_scorecard.yaml diff --git a/.github/workflows/zz_generated.add-team-labels.yaml b/.github/workflows/zz_generated.add-team-labels.yaml index 4a2db906..97ba2aed 100644 --- a/.github/workflows/zz_generated.add-team-labels.yaml +++ b/.github/workflows/zz_generated.add-team-labels.yaml @@ -16,7 +16,7 @@ jobs: -O artifacts/users.yaml \ https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml - name: Upload Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: users path: artifacts/users.yaml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest needs: build_user_list steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 id: download-users with: name: users diff --git a/.github/workflows/zz_generated.add-to-project-board.yaml b/.github/workflows/zz_generated.add-to-project-board.yaml index ae6b3986..32176b15 100644 --- a/.github/workflows/zz_generated.add-to-project-board.yaml +++ b/.github/workflows/zz_generated.add-to-project-board.yaml @@ -18,7 +18,7 @@ jobs: -O artifacts/users.yaml \ https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml - name: Upload Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: users path: artifacts/users.yaml @@ -30,7 +30,7 @@ jobs: -O artifacts/labels.yaml \ https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/label-mapping.yaml - name: Upload Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: labels path: artifacts/labels.yaml @@ -42,7 +42,7 @@ jobs: needs: build_user_list if: github.event.action == 'assigned' steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 id: download-users with: name: users @@ -68,7 +68,7 @@ jobs: needs: build_user_list if: github.event.action == 'labeled' steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 id: download-labels with: name: labels diff --git a/.github/workflows/zz_generated.check_values_schema.yaml b/.github/workflows/zz_generated.check_values_schema.yaml index 612717b5..32b4dae4 100644 --- a/.github/workflows/zz_generated.check_values_schema.yaml +++ b/.github/workflows/zz_generated.check_values_schema.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: 'Values and schema' on: diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml index 107f0894..81e70d89 100644 --- a/.github/workflows/zz_generated.create_release.yaml +++ b/.github/workflows/zz_generated.create_release.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: Create Release on: @@ -32,11 +32,10 @@ jobs: steps: - name: Get version id: get_version + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | - title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - - ${{ github.event.head_commit.message }} - COMMIT_MESSAGE_END - )" + title=$(echo -n "${COMMIT_MESSAGE}" | head -1) # Matches strings like: # # - "Release v1.2.3" @@ -66,11 +65,10 @@ jobs: echo "path=${path}" >> $GITHUB_OUTPUT - name: Check if reference version id: ref_version + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | - title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - - ${{ github.event.head_commit.message }} - COMMIT_MESSAGE_END - )" + title=$(echo -n "${COMMIT_MESSAGE}" | head -1) if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then version=$(echo "${title}" | cut -d ' ' -f 2) fi @@ -90,12 +88,12 @@ jobs: - gather_facts steps: - name: Install architect - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "architect" - version: "6.13.0" + version: "6.14.1" - name: Install semver - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "semver" version: "3.2.0" @@ -144,6 +142,15 @@ jobs: title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" run: | gh pr create --title "${{ env.title }}" --body "" --base ${{ env.base }} --head ${{ env.branch }} --reviewer ${{ github.actor }} + - name: Enable auto-merge for PR + env: + GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}" + base: "${{ github.ref }}" + branch: "${{ github.ref }}-version-bump" + version: "${{ needs.gather_facts.outputs.version }}" + title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" + run: | + gh pr merge --auto --squash "${{ env.branch }}" || echo "::warning::Auto-merge not allowed. Please adjust the repository settings." create_release: name: Create release runs-on: ubuntu-22.04 @@ -184,13 +191,12 @@ jobs: git push "${REMOTE_REPO}" --tags - name: Create release id: create_gh_release - uses: actions/create-release@v1 + uses: ncipollo/release-action@v1 env: GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}" with: body: ${{ steps.changelog_reader.outputs.changes }} - tag_name: "v${{ needs.gather_facts.outputs.version }}" - release_name: "v${{ needs.gather_facts.outputs.version }}" + tag: "v${{ needs.gather_facts.outputs.version }}" create-release-branch: name: Create release branch @@ -200,7 +206,7 @@ jobs: if: ${{ needs.gather_facts.outputs.version }} steps: - name: Install semver - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "semver" version: "3.0.0" diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml index 8735030c..d08d72ed 100644 --- a/.github/workflows/zz_generated.create_release_pr.yaml +++ b/.github/workflows/zz_generated.create_release_pr.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: Create Release PR on: @@ -147,7 +147,7 @@ jobs: with: go-version: '=1.18.1' - name: Install architect - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "architect" version: "6.11.0" diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml index bb1726e7..057a4e7a 100644 --- a/.github/workflows/zz_generated.gitleaks.yaml +++ b/.github/workflows/zz_generated.gitleaks.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: gitleaks diff --git a/.github/workflows/zz_generated.run_ossf_scorecard.yaml b/.github/workflows/zz_generated.run_ossf_scorecard.yaml new file mode 100644 index 00000000..bfea0f8a --- /dev/null +++ b/.github/workflows/zz_generated.run_ossf_scorecard.yaml @@ -0,0 +1,78 @@ +# DO NOT EDIT. Generated with: +# +# devctl@6.21.0 +# + +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '15 15 15 * *' + push: + branches: [ "main", "master" ] + workflow_dispatch: {} + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.3.2 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + with: + sarif_file: results.sarif diff --git a/CODEOWNERS b/CODEOWNERS index 8f85dbcf..7d17ff26 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,6 +1,3 @@ * @giantswarm/team-team -# For auto-generated PRs (see `.github/workflows/render-rfcs-pr.yaml`) -/content/docs/rfcs @giantswarm/sig-docs - /content/docs/support-and-ops/support/ @giantswarm/chapter-se diff --git a/LICENSE b/LICENSE index b7a4d404..93a66740 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016 - 2023 Giant Swarm GmbH + Copyright 2016 - 2024 Giant Swarm GmbH Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/Makefile b/Makefile index ee1829c4..8835dd63 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # include Makefile.*.mk diff --git a/Makefile.gen.app.mk b/Makefile.gen.app.mk index 590e85a3..9909aa1a 100644 --- a/Makefile.gen.app.mk +++ b/Makefile.gen.app.mk @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # ##@ App