Skip to content

Commit 8758ead

Browse files
committed
Merge remote-tracking branch 'upstream/main' into kube-aware-logr-logger
2 parents 0e3754a + b88f351 commit 8758ead

File tree

280 files changed

+19634
-13800
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

280 files changed

+19634
-13800
lines changed

.github/dependabot.yml

Lines changed: 14 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,18 @@
1-
# To get started with Dependabot version updates, you'll need to specify which
2-
# package ecosystems to update and where the package manifests are located.
31
# Please see the documentation for all configuration options:
42
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
5-
63
version: 2
74
updates:
8-
9-
# Maintain dependencies for GitHub Actions
10-
- package-ecosystem: "github-actions"
11-
# Workflow files stored in the
12-
# default location of `.github/workflows`
13-
directory: "/"
14-
schedule:
15-
interval: "weekly"
16-
commit-message:
17-
prefix: ":seedling:"
18-
labels:
19-
- "ok-to-test"
20-
21-
# Maintain dependencies for go
22-
- package-ecosystem: "gomod"
23-
directory: "/"
24-
schedule:
25-
interval: "weekly"
26-
commit-message:
27-
prefix: ":seedling:"
28-
# Ignore K8 packages as these are done manually
29-
ignore:
30-
- dependency-name: "k8s.io/api"
31-
- dependency-name: "k8s.io/apiextensions-apiserver"
32-
- dependency-name: "k8s.io/apimachinery"
33-
- dependency-name: "k8s.io/client-go"
34-
- dependency-name: "k8s.io/component-base"
35-
labels:
36-
- "ok-to-test"
5+
# GitHub Actions
6+
- package-ecosystem: "github-actions"
7+
# Workflow files stored in the
8+
# default location of `.github/workflows`
9+
directory: "/"
10+
schedule:
11+
interval: "weekly"
12+
groups:
13+
all-github-actions:
14+
patterns: [ "*" ]
15+
commit-message:
16+
prefix: ":seedling:"
17+
labels:
18+
- "ok-to-test"

.github/workflows/golangci-lint.yml

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,15 @@ on:
44
types: [opened, edited, synchronize, reopened]
55
branches:
66
- main
7-
- master
7+
8+
permissions:
9+
# Required: allow read access to the content for analysis.
10+
contents: read
11+
# Optional: allow read access to pull request. Use with `only-new-issues` option.
12+
pull-requests: read
13+
# Optional: Allow write access to checks to allow the action to annotate code in the PR.
14+
checks: write
15+
816
jobs:
917
golangci:
1018
name: lint
@@ -15,9 +23,17 @@ jobs:
1523
- ""
1624
- tools/setup-envtest
1725
steps:
18-
- uses: actions/checkout@v3
26+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
27+
- name: Calculate go version
28+
id: vars
29+
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
30+
- name: Set up Go
31+
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # tag=v5.1.0
32+
with:
33+
go-version: ${{ steps.vars.outputs.go_version }}
1934
- name: golangci-lint
20-
uses: golangci/golangci-lint-action@v3
35+
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # tag=v6.1.1
2136
with:
22-
version: v1.49.0
37+
version: v1.61.0
38+
args: --out-format=colored-line-number
2339
working-directory: ${{matrix.working-directory}}

.github/workflows/ossf-scorecard.yaml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
name: Scorecard supply-chain security
2+
on:
3+
# For Branch-Protection check. Only the default branch is supported. See
4+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
5+
branch_protection_rule:
6+
# To guarantee Maintained check is occasionally updated. See
7+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
8+
schedule:
9+
# Weekly on Saturdays.
10+
- cron: '30 1 * * 6'
11+
push:
12+
branches: [ "main" ]
13+
14+
# Declare default permissions as read only.
15+
permissions: read-all
16+
17+
jobs:
18+
analysis:
19+
name: Scorecard analysis
20+
runs-on: ubuntu-latest
21+
permissions:
22+
# Needed if using Code scanning alerts
23+
security-events: write
24+
# Needed for GitHub OIDC token if publish_results is true
25+
id-token: write
26+
27+
steps:
28+
- name: "Checkout code"
29+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
30+
with:
31+
persist-credentials: false
32+
33+
- name: "Run analysis"
34+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0
35+
with:
36+
results_file: results.sarif
37+
results_format: sarif
38+
# Public repositories:
39+
# - Publish results to OpenSSF REST API for easy access by consumers
40+
# - Allows the repository to include the Scorecard badge.
41+
# - See https://github.com/ossf/scorecard-action#publishing-results.
42+
publish_results: true
43+
44+
# Upload the results as artifacts.
45+
- name: "Upload artifact"
46+
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # tag=v4.4.3
47+
with:
48+
name: SARIF file
49+
path: results.sarif
50+
retention-days: 5
51+
52+
# required for Code scanning alerts
53+
- name: "Upload to code-scanning"
54+
uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # tag=v2.16.4
55+
with:
56+
sarif_file: results.sarif

.github/workflows/pr-dependabot.yaml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
name: PR dependabot go modules fix
2+
3+
# This action runs on PRs opened by dependabot and updates modules.
4+
on:
5+
pull_request:
6+
branches:
7+
- dependabot/**
8+
push:
9+
branches:
10+
- dependabot/**
11+
workflow_dispatch:
12+
13+
permissions:
14+
contents: write # Allow to update the PR.
15+
16+
jobs:
17+
build:
18+
name: Build
19+
runs-on: ubuntu-latest
20+
steps:
21+
- name: Check out code
22+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
23+
- name: Calculate go version
24+
id: vars
25+
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
26+
- name: Set up Go
27+
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # tag=v5.1.0
28+
with:
29+
go-version: ${{ steps.vars.outputs.go_version }}
30+
- name: Update all modules
31+
run: make modules
32+
- uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # tag=v9.1.4
33+
name: Commit changes
34+
with:
35+
author_name: dependabot[bot]
36+
author_email: 49699333+dependabot[bot]@users.noreply.github.com
37+
default_author: github_actor
38+
message: 'Update generated code'
Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
name: PR approve GH Workflows
2+
3+
on:
4+
pull_request_target:
5+
types:
6+
- edited
7+
- labeled
8+
- reopened
9+
- synchronize
10+
11+
permissions: {}
12+
13+
jobs:
14+
approve:
15+
name: Approve ok-to-test
16+
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
17+
runs-on: ubuntu-latest
18+
permissions:
19+
actions: write
20+
steps:
21+
- name: Update PR
22+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
23+
continue-on-error: true
24+
with:
25+
github-token: ${{ secrets.GITHUB_TOKEN }}
26+
script: |
27+
const result = await github.rest.actions.listWorkflowRunsForRepo({
28+
owner: context.repo.owner,
29+
repo: context.repo.repo,
30+
event: "pull_request",
31+
status: "action_required",
32+
head_sha: context.payload.pull_request.head.sha,
33+
per_page: 100
34+
});
35+
36+
for (var run of result.data.workflow_runs) {
37+
await github.rest.actions.approveWorkflowRun({
38+
owner: context.repo.owner,
39+
repo: context.repo.repo,
40+
run_id: run.id
41+
});
42+
}

.github/workflows/release.yaml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
name: Upload binaries to release
2+
3+
on:
4+
push:
5+
# Sequence of patterns matched against refs/tags
6+
tags:
7+
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
8+
9+
permissions:
10+
contents: write
11+
12+
jobs:
13+
build:
14+
name: Upload binaries to release
15+
runs-on: ubuntu-latest
16+
steps:
17+
- name: Check out code
18+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
19+
- name: Calculate go version
20+
id: vars
21+
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
22+
- name: Set up Go
23+
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # tag=v5.1.0
24+
with:
25+
go-version: ${{ steps.vars.outputs.go_version }}
26+
- name: Generate release binaries
27+
run: |
28+
make release
29+
- name: Release
30+
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # tag=v2.1.0
31+
with:
32+
draft: false
33+
files: tools/setup-envtest/out/*

.github/workflows/verify.yml

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,18 @@
1+
name: PR title verifier
2+
13
on:
24
pull_request_target:
3-
types: [opened, edited, reopened, synchronize]
5+
types: [opened, edited, synchronize, reopened]
46

57
jobs:
68
verify:
79
runs-on: ubuntu-latest
8-
name: verify PR contents
10+
911
steps:
10-
- name: Verifier action
11-
id: verifier
12-
uses: kubernetes-sigs/[email protected]
13-
with:
14-
github_token: ${{ secrets.GITHUB_TOKEN }}
12+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
13+
14+
- name: Check if PR title is valid
15+
env:
16+
PR_TITLE: ${{ github.event.pull_request.title }}
17+
run: |
18+
./hack/verify-pr-title.sh "${PR_TITLE}"

.gitignore

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,8 @@
2323
# Tools binaries.
2424
hack/tools/bin
2525

26+
# Release artifacts
27+
tools/setup-envtest/out
28+
2629
junit-report.xml
27-
/artifacts
30+
/artifacts

0 commit comments

Comments
 (0)