diff --git a/.github/workflows/zz_generated.check_values_schema.yaml b/.github/workflows/zz_generated.check_values_schema.yaml index c75e5ba8..4599451b 100644 --- a/.github/workflows/zz_generated.check_values_schema.yaml +++ b/.github/workflows/zz_generated.check_values_schema.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # name: 'Values and schema' on: diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml index 21a01e9b..e0cecf4c 100644 --- a/.github/workflows/zz_generated.create_release.yaml +++ b/.github/workflows/zz_generated.create_release.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # name: Create Release on: @@ -32,11 +32,10 @@ jobs: steps: - name: Get version id: get_version + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | - title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - - ${{ github.event.head_commit.message }} - COMMIT_MESSAGE_END - )" + title=$(echo -n "${COMMIT_MESSAGE}" | head -1) # Matches strings like: # # - "Release v1.2.3" @@ -66,11 +65,10 @@ jobs: echo "path=${path}" >> $GITHUB_OUTPUT - name: Check if reference version id: ref_version + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | - title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 - - ${{ github.event.head_commit.message }} - COMMIT_MESSAGE_END - )" + title=$(echo -n "${COMMIT_MESSAGE}" | head -1) if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then version=$(echo "${title}" | cut -d ' ' -f 2) fi @@ -93,7 +91,7 @@ jobs: uses: giantswarm/install-binary-action@v1.1.0 with: binary: "architect" - version: "6.13.0" + version: "6.14.1" - name: Install semver uses: giantswarm/install-binary-action@v1.1.0 with: @@ -144,6 +142,15 @@ jobs: title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" run: | gh pr create --title "${{ env.title }}" --body "" --base ${{ env.base }} --head ${{ env.branch }} --reviewer ${{ github.actor }} + - name: Enable auto-merge for PR + env: + GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}" + base: "${{ github.ref }}" + branch: "${{ github.ref }}-version-bump" + version: "${{ needs.gather_facts.outputs.version }}" + title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}" + run: | + gh pr merge --auto --squash "${{ env.branch }}" || echo "::warning::Auto-merge not allowed. Please adjust the repository settings." create_release: name: Create release runs-on: ubuntu-22.04 diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml index 21f446f4..3147c17b 100644 --- a/.github/workflows/zz_generated.create_release_pr.yaml +++ b/.github/workflows/zz_generated.create_release_pr.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # name: Create Release PR on: diff --git a/.github/workflows/zz_generated.fix_vulnerabilities.yaml b/.github/workflows/zz_generated.fix_vulnerabilities.yaml new file mode 100644 index 00000000..73db7f14 --- /dev/null +++ b/.github/workflows/zz_generated.fix_vulnerabilities.yaml @@ -0,0 +1,107 @@ +# DO NOT EDIT. Generated with: +# +# devctl@6.20.0 +# +name: Fix Vulnerabilities +on: + schedule: + - cron: '0 10 * * *' + workflow_dispatch: + inputs: + branch: + description: "Branch on which to fix vulnerabilities" + required: true + type: string + workflow_call: + inputs: + branch: + required: true + type: string +jobs: + gather_facts: + name: Gather facts + runs-on: ubuntu-22.04 + outputs: + branch: ${{ steps.gather_facts.outputs.branch }} + skip : ${{ steps.gather_facts.outputs.skip }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch || github.event.ref }} + - name: Gather facts + id: gather_facts + run: | + head="${{ inputs.branch || github.event.ref }}" + echo "branch=${head}" >> $GITHUB_OUTPUT + + head="${head#refs/heads/}" # Strip "refs/heads/" prefix. + echo "head=${head}" >> $GITHUB_OUTPUT + + # Skip if there are no go mod files + if [[ ! -e go.mod ]] && [[ ! -e go.sum ]]; then + skip=true + echo "There are no go mod files in the repo, skipping" + else + skip=false + fi + + echo "skip=${skip}" >> $GITHUB_OUTPUT + echo "head=\"$head\" branch=\"$branch\" skip=\"$skip\"" + run_nancy_fixer: + name: Fix vulnerabilities with nancy-fixer + runs-on: ubuntu-22.04 + needs: + - gather_facts + if: ${{ needs.gather_facts.outputs.skip != 'true' }} + steps: + - name: Generate a token + id: generate_token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.HERALD_APP_ID }} + private-key: ${{ secrets.HERALD_APP_KEY }} + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ steps.generate_token.outputs.token }} + persist-credentials: false + ref: ${{ needs.gather_facts.outputs.branch }} + - name: Create new branch + id: create_branch + run: | + branch="remediate-vulnerabilities-${{ needs.gather_facts.outputs.branch }}" + echo "branch=${branch}" >> $GITHUB_OUTPUT + git checkout -b "${branch}" + git pull origin "${branch}" || true + - name: Run nancy-fixer fix + uses: docker://gsoci.azurecr.io/giantswarm/nancy-fixer:0.4.0 + - name: Set up git identity + run: | + git config --local user.email "149080493+heraldbot[bot]@users.noreply.github.com" + git config --local user.name "HeraldBot[bot]" + - name: Commit new files + id: commit_changes + run: | + git add -A + if git diff-index --quiet HEAD; then + echo "No changes found" + skip=true + else + git commit -m "Remediate Nancy findings" + skip=false + fi + echo "skip=${skip}" >> $GITHUB_OUTPUT + - name: Push changes + if: "${{ steps.commit_changes.outputs.skip != 'true' }}" + env: + remote_repo: "https://${{ github.actor }}:${{ steps.generate_token.outputs.token }}@github.com/${{ github.repository }}.git" + run: | + git push "${remote_repo}" HEAD:"${{ steps.create_branch.outputs.branch }}" + - name: Create PR + env: + GITHUB_TOKEN: "${{ steps.generate_token.outputs.token }}" + if: "${{ steps.commit_changes.outputs.skip != 'true' }}" + run: | + gh pr create --title "Remediate Nancy findings on ${{ needs.gather_facts.outputs.branch }}" --body "Fix Nancy findings on branch ${{ needs.gather_facts.outputs.branch }}" --head ${{ steps.create_branch.outputs.branch }} --base "${{ needs.gather_facts.outputs.branch }}" + gh pr merge --auto --squash diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml index f63b0228..52e93e84 100644 --- a/.github/workflows/zz_generated.gitleaks.yaml +++ b/.github/workflows/zz_generated.gitleaks.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # name: gitleaks diff --git a/.github/workflows/zz_generated.run_ossf_scorecard.yaml b/.github/workflows/zz_generated.run_ossf_scorecard.yaml index a12b02e0..804d2ac2 100644 --- a/.github/workflows/zz_generated.run_ossf_scorecard.yaml +++ b/.github/workflows/zz_generated.run_ossf_scorecard.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # # This workflow uses actions that are not certified by GitHub. They are provided diff --git a/LICENSE b/LICENSE index b7a4d404..93a66740 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016 - 2023 Giant Swarm GmbH + Copyright 2016 - 2024 Giant Swarm GmbH Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/Makefile b/Makefile index d81d0d27..793069aa 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # include Makefile.*.mk diff --git a/Makefile.gen.app.mk b/Makefile.gen.app.mk index 5c9de12a..264c6474 100644 --- a/Makefile.gen.app.mk +++ b/Makefile.gen.app.mk @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # ##@ App diff --git a/Makefile.gen.go.mk b/Makefile.gen.go.mk index 98357bd7..60f2dfc3 100644 --- a/Makefile.gen.go.mk +++ b/Makefile.gen.go.mk @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@6.18.0 +# devctl@6.20.0 # APPLICATION := $(shell go list -m | cut -d '/' -f 3)