diff --git a/.github/workflows/zz_generated.add-team-labels.yaml b/.github/workflows/zz_generated.add-team-labels.yaml index 4a2db90..97ba2ae 100644 --- a/.github/workflows/zz_generated.add-team-labels.yaml +++ b/.github/workflows/zz_generated.add-team-labels.yaml @@ -16,7 +16,7 @@ jobs: -O artifacts/users.yaml \ https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml - name: Upload Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: users path: artifacts/users.yaml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest needs: build_user_list steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 id: download-users with: name: users diff --git a/.github/workflows/zz_generated.add-to-project-board.yaml b/.github/workflows/zz_generated.add-to-project-board.yaml index ae6b398..32176b1 100644 --- a/.github/workflows/zz_generated.add-to-project-board.yaml +++ b/.github/workflows/zz_generated.add-to-project-board.yaml @@ -18,7 +18,7 @@ jobs: -O artifacts/users.yaml \ https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml - name: Upload Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: users path: artifacts/users.yaml @@ -30,7 +30,7 @@ jobs: -O artifacts/labels.yaml \ https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/label-mapping.yaml - name: Upload Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: labels path: artifacts/labels.yaml @@ -42,7 +42,7 @@ jobs: needs: build_user_list if: github.event.action == 'assigned' steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 id: download-users with: name: users @@ -68,7 +68,7 @@ jobs: needs: build_user_list if: github.event.action == 'labeled' steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 id: download-labels with: name: labels diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml index 107f089..81e70d8 100644 --- a/.github/workflows/zz_generated.create_release.yaml +++ b/.github/workflows/zz_generated.create_release.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: Create Release on: @@ -32,11 +32,10 @@ jobs: steps: - name: Get version id: get_version + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | - title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - - ${{ github.event.head_commit.message }} - COMMIT_MESSAGE_END - )" + title=$(echo -n "${COMMIT_MESSAGE}" | head -1) # Matches strings like: # # - "Release v1.2.3" @@ -66,11 +65,10 @@ jobs: echo "path=${path}" >> $GITHUB_OUTPUT - name: Check if reference version id: ref_version + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | - title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - - ${{ github.event.head_commit.message }} - COMMIT_MESSAGE_END - )" + title=$(echo -n "${COMMIT_MESSAGE}" | head -1) if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then version=$(echo "${title}" | cut -d ' ' -f 2) fi @@ -90,12 +88,12 @@ jobs: - gather_facts steps: - name: Install architect - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "architect" - version: "6.13.0" + version: "6.14.1" - name: Install semver - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "semver" version: "3.2.0" @@ -144,6 +142,15 @@ jobs: title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" run: | gh pr create --title "${{ env.title }}" --body "" --base ${{ env.base }} --head ${{ env.branch }} --reviewer ${{ github.actor }} + - name: Enable auto-merge for PR + env: + GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}" + base: "${{ github.ref }}" + branch: "${{ github.ref }}-version-bump" + version: "${{ needs.gather_facts.outputs.version }}" + title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" + run: | + gh pr merge --auto --squash "${{ env.branch }}" || echo "::warning::Auto-merge not allowed. Please adjust the repository settings." create_release: name: Create release runs-on: ubuntu-22.04 @@ -184,13 +191,12 @@ jobs: git push "${REMOTE_REPO}" --tags - name: Create release id: create_gh_release - uses: actions/create-release@v1 + uses: ncipollo/release-action@v1 env: GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}" with: body: ${{ steps.changelog_reader.outputs.changes }} - tag_name: "v${{ needs.gather_facts.outputs.version }}" - release_name: "v${{ needs.gather_facts.outputs.version }}" + tag: "v${{ needs.gather_facts.outputs.version }}" create-release-branch: name: Create release branch @@ -200,7 +206,7 @@ jobs: if: ${{ needs.gather_facts.outputs.version }} steps: - name: Install semver - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "semver" version: "3.0.0" diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml index 8735030..d08d72e 100644 --- a/.github/workflows/zz_generated.create_release_pr.yaml +++ b/.github/workflows/zz_generated.create_release_pr.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: Create Release PR on: @@ -147,7 +147,7 @@ jobs: with: go-version: '=1.18.1' - name: Install architect - uses: giantswarm/install-binary-action@v1.1.0 + uses: giantswarm/install-binary-action@v2.0.0 with: binary: "architect" version: "6.11.0" diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml index bb1726e..057a4e7 100644 --- a/.github/workflows/zz_generated.gitleaks.yaml +++ b/.github/workflows/zz_generated.gitleaks.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # name: gitleaks diff --git a/.github/workflows/zz_generated.run_ossf_scorecard.yaml b/.github/workflows/zz_generated.run_ossf_scorecard.yaml new file mode 100644 index 0000000..bfea0f8 --- /dev/null +++ b/.github/workflows/zz_generated.run_ossf_scorecard.yaml @@ -0,0 +1,78 @@ +# DO NOT EDIT. Generated with: +# +# devctl@6.21.0 +# + +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '15 15 15 * *' + push: + branches: [ "main", "master" ] + workflow_dispatch: {} + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.3.2 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + with: + sarif_file: results.sarif diff --git a/LICENSE b/LICENSE index b7a4d40..93a6674 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016 - 2023 Giant Swarm GmbH + Copyright 2016 - 2024 Giant Swarm GmbH Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/Makefile b/Makefile index ee1829c..8835dd6 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # include Makefile.*.mk diff --git a/Makefile.gen.go.mk b/Makefile.gen.go.mk index 032af2d..5cb21c8 100644 --- a/Makefile.gen.go.mk +++ b/Makefile.gen.go.mk @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.17.0 +# devctl@6.21.0 # APPLICATION := $(shell go list -m | cut -d '/' -f 3)