chore(release): Release 2.18.2 (#1791)

* Release 2.18.0 (#1759)

* upgrade go mod and smoke test for alpha deploy (#1758)

* revert go mod upgarde

* add smoke test
update go mod

* enhance github pipeline

* fix breaking changes

* set creationtimestamp for crd

* fix smoke test

* rename

* remove unused env

* Allow create module for no git directory (#1751)

* pre-ready commit

* pre-ready commit 2

#1723

* pre-ready PR

#1723

* Add localfsblob instead of github metadata

#1723

* Remove the fileSystem impl and OCM SourceMeta when it's not a git target folder

#1723

* Remove pointer receiver for the 'GitSource' struct as the methods are not updating the struct

#1723

* chancges after PR comments

* Improved the codebase and adding in consideration the new requirement related to the security scan.

* fix linting newline

* Add Unit tests to "files.SearchForTargetDirByName" function

* Add support to interactive mode

* Revert Sec Scan struct

* Add a yellow warning when the target folder's not a git repo

* Add missed sec config path file check

* Add support of the relative and absolute path

* Changed 'isFileExist' to boolean instead of returning error

* Update message

* redecalred the err

* remove err.Err() when sec scan's skipped

* NewNice should init with NonInteractive

* refactor determineRepositoryURL

* make new line for Caution message

---------

Co-authored-by: Xin Ruan <[email protected]>

* Introduce flag to pass git remote (#1762)

* Introduce new flag to configure remote name of git repo

* make docs

* unit test

* Merge with main

* Unexport function

* feat: Add Custom State Check Support to Create Module Command (#1764)

* feat: Add Custom State Check Support to Create Module Command

* custom_state_check_test.go: Add Unit Tests

* Commit TWS suggestions

---------

Co-authored-by: jeremyharisch <[email protected]>

* fix: Remove CustomStateCheck flags from the Module Command (#1767)

* fix: Remove CustomStateCheck flags from the Module Command

* add help desc

* gen docs

* Extend tests with correct scenarios

* add check for required customStateChecks to validation

* bump and fix lint

---------

Co-authored-by: Benjamin Lindner <[email protected]>

* Fix repoUrl for parent-child git structure (#1770)

* fix bug

* Add unit test

* remove test

* revert changes

* Revert "revert changes"

This reverts commit 150cb24.

* fix path

* fix linting

* CR comments

* Revert "CR comments"

This reverts commit 4f636c1.

* CR comments

* Forcing an empty commit.

* remove unneeded if condition

* Do not remove `.git` if exists (#1775)

* Do not remove .git if exists

* Add one testcase

* use ociblob instead of ocilocalblob for oci v2 (#1768)

* remove compatible attribute for v2, so that v2 generate resources with ociblob instead of depricated ocilocalblob

* add e2e test

* add e2e test

* add module config test

* add module config test

* fix github action

* extend e2e test
drop gotest.tools

* fix lint

* test repoURL

* fix TEST_REPOSITORY_URL location

* gofmt

* align name

* gomod(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.6 (#1774)

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.3 to 1.7.6.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.3...v1.7.6)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* bring back default kyma version to main for main branch (#1778)

* chore(infra): Adjust GitHub Action linters (#1780)

* Configure PR Title linter to impose Conventional Commits spec

* Configure dependabot to adhere to the Conventional Commits spec

* Configure markdown files links checker

* Configure changelog groups for the goreleaser

* Updating the security scan labels according to the new fields in the security config files (#1776)

* fixes

* Add security scan labels to e2e test

* fix test

* fix test

* debug test

* debug test

* fix test

* debug test

* debug test

* debug test

* debug test

* debug test

* debug test

* debug test

* debug test

* debug test

* debug test

* debug test

* fix test

* debug test

* overwrite version

* overwrite version

* overwrite version

* debug test

* remove debugging statements

* fix

* gomod(deps): bump github.com/cyphar/filepath-securejoin (#1772)

Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](cyphar/filepath-securejoin@v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Run GH ACtion also on release branches (#1785)

* deps: Update reconciler version  (#1786)

* Update reconciler version with Ory reconciler changes for Hydra migration

* fix go.sum

---------

Co-authored-by: Badr, Nesma <[email protected]>

* chore(dependabot): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.9.0 (#1783)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.9.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.7.0...v5.9.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(dependabot): bump istio.io/client-go (#1788)

Bumps [istio.io/client-go](https://github.com/istio/client-go) from 1.19.0-alpha.1.0.20230825174843-7a8fbe28cb5d to 1.19.0.
- [Commits](https://github.com/istio/client-go/commits/1.19.0)

---
updated-dependencies:
- dependency-name: istio.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update docs

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Xin Ruan <[email protected]>
Co-authored-by: Mohammed Mesaoudi <[email protected]>
Co-authored-by: Hukumraj Singh Deora <[email protected]>
Co-authored-by: Benjamin Lindner <[email protected]>
Co-authored-by: Nesma Badr <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Oleksandr Meteiko <[email protected]>
Co-authored-by: Tim Riffer <[email protected]>
Co-authored-by: Badr, Nesma <[email protected]>

.github/dependabot.yml

@@ -10,8 +10,7 @@ updates:
     schedule:
       interval: "daily"
     commit-message:
-      prefix: "gomod"
-      include: "scope"
+      prefix: "chore(dependabot)"
   - package-ecosystem: "docker"
     directory: "/"
     labels:
@@ -20,5 +19,4 @@ updates:
     schedule:
       interval: "daily"
     commit-message:
-      prefix: "docker"
-      include: "scope"
+      prefix: "chore(dependabot)"

.github/workflows/lint-conventional-prs.yml

@@ -0,0 +1,30 @@
+name: Lint PR Title
+run-name: ${{github.event.pull_request.title}}
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+jobs:
+  check:
+    name: Check Title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+            deps
+            chore
+            docs
+            feat
+            fix
+            test
+          requireScope: false
+          # https://regex101.com/r/YybDgS/1
+          subjectPattern: ^([A-Z].*[^.]|bump .*)$

.github/workflows/pull-cli-lint.yml → .github/workflows/lint-golangci.yml

@@ -1,7 +1,13 @@
 name: pull-cli-lint
 on:
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - main
+      - 'release-**'
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+      - '**.go'
   workflow_dispatch:
 jobs:
   golangci:

.github/workflows/lint-markdown-links.yml

@@ -0,0 +1,23 @@
+name: Lint Markdown Links
+run-name: ${{github.event.pull_request.title}}
+
+on:
+  pull_request:
+  schedule:
+    # Run every day at 5:00 AM
+    - cron: "0 5 * * *"
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: 'yes'
+          use-verbose-mode: 'no'
+          config-file: '.mlc.config.json'
+          folder-path: '.'
+          max-depth: -1
+          check-modified-files-only: 'yes'
+          base-branch: 'main'

.github/workflows/test-e2e-create-module.yml

@@ -2,9 +2,17 @@ name: TestSuite E2E - create module
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
+      - 'release-**'
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - main
+      - 'release-**'
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+      - '**.go'
 jobs:
   e2e:
     strategy:
@@ -55,7 +63,8 @@ jobs:
           --insecure \
           --kubebuilder-project \
           --version $MODULE_TEMPLATE_VERSION -v \
-          --output /tmp/kubebuilder-template.yaml
+          --output /tmp/kubebuilder-template.yaml \
+          --sec-scanners-config ./template-operator/sec-scanners-config.yaml
           echo "MODULE_TEMPLATE_PATH=/tmp/kubebuilder-template.yaml" >> "$GITHUB_ENV"
       - name: Run create module with module-config
         if: ${{ matrix.e2e-test == 'create_module_module_config' }}
@@ -69,7 +78,7 @@ jobs:
           --insecure \
           --module-config-file ./module-config.yaml \
           --version $MODULE_TEMPLATE_VERSION -v \
-          --output /tmp/module-config-template.yaml
+          --output /tmp/module-config-template.yaml 
           echo "MODULE_TEMPLATE_PATH=/tmp/module-config-template.yaml" >> "$GITHUB_ENV"
       - name: Verify module template
         run: |

.github/workflows/test-smoke.yml

@@ -2,9 +2,17 @@ name: TestSuite Smoke
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
+      - 'release-**'
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - main
+      - 'release-**'
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+      - '**.go'
 jobs:
   cli-deploy:
     name: "kyma deploy"

.goreleaser.yml

@@ -38,8 +38,24 @@ snapshot:
 changelog:
   use: github
   sort: asc
+  groups:
+    - title: Bug fixes
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: Dependencies
+      regexp: '^.*?deps(\([[:word:]]+\))??!?:.+$'
+      order: 2
+    - title: Documentation
+      regexp: '^.*?docs(\([[:word:]]+\))??!?:.+$'
+      order: 3
+    - title: Test suites
+      regexp: '^.*?test(\([[:word:]]+\))??!?:.+$'
+      order: 4
+    - title: Features
+      order: 0
   filters:
     exclude:
       - "^docs:"
       - "^test:"
-      - "^bump"
+      - '^(B|b)ump'
+      - '^.*?chore(\([[:word:]]+\))??!?:.+$'

.mlc.config.json

@@ -0,0 +1,9 @@
+{
+  "replacementPatterns": [
+    {
+      "_comment": "a replacement rule for all the in-repository references",
+      "pattern": "^/",
+      "replacement": "{{BASEURL}}/"
+    }
+  ]
+}

docs/gen-docs/kyma_deploy.md

@@ -28,7 +28,7 @@ kyma deploy [flags]
                                  	- Deploy a specific branch of the Kyma repository on kyma-project.org: "kyma deploy --source=<my-branch-name>"
                                  	- Deploy a commit (8 characters or more), for example: "kyma deploy --source=34edf09a"
                                  	- Deploy a pull request, for example "kyma deploy --source=PR-9486"
-                                 	- Deploy the local sources: "kyma deploy --source=local" (default "2.18.0")
+                                 	- Deploy the local sources: "kyma deploy --source=local" (default "2.18.1")
   -t, --timeout duration         Maximum time for the deployment. (default 20m0s)
       --tls-crt string           TLS certificate file for the domain used for installation.
       --tls-key string           TLS key file for the domain used for installation.

go.mod

@@ -19,11 +19,11 @@ require (
 	github.com/docker/docker v24.0.5+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/fatih/color v1.15.0
-	github.com/go-git/go-git/v5 v5.7.0
+	github.com/go-git/go-git/v5 v5.9.0
 	github.com/go-logr/logr v1.2.4
 	github.com/go-logr/zapr v1.2.4
 	github.com/imdario/mergo v1.0.0
-	github.com/kyma-incubator/reconciler v0.0.0-20230901101246-00dd6cde0c03
+	github.com/kyma-incubator/reconciler v0.0.0-20230927075501-a4fa93d4b07a
 	github.com/kyma-project/hydroform/function v0.0.0-20230831071441-f3501c89bace
 	github.com/kyma-project/hydroform/provision v0.0.0-20230831071441-f3501c89bace
 	github.com/kyma-project/lifecycle-manager v0.0.0-20230911065458-6926c58bcd43
@@ -39,7 +39,7 @@ require (
 	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.3
-	istio.io/client-go v1.19.0-alpha.1.0.20230825174843-7a8fbe28cb5d
+	istio.io/client-go v1.19.0
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/controller-runtime v0.15.1
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3
@@ -59,6 +59,7 @@ require (
 )
 
 require (
+	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
@@ -68,7 +69,7 @@ require (
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -103,7 +104,7 @@ require (
 	github.com/containers/ocicrypt v1.1.6 // indirect
 	github.com/containers/storage v1.45.4 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
@@ -123,7 +124,7 @@ require (
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.4.1 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
@@ -217,7 +218,7 @@ require (
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.1.1 // indirect
+	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
@@ -244,16 +245,16 @@ require (
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/crypto v0.13.0 // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/net v0.15.0 // indirect
 	golang.org/x/oauth2 v0.11.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/term v0.11.0 // indirect
-	golang.org/x/text v0.12.0 // indirect
+	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/term v0.12.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
+	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect