From a3249c8fa1de17abe60071e5e9ae1173076f09bc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 12:56:33 -0400
Subject: [PATCH] chore(deps): update mattermost support dependencies (#135)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | minor | `v4.1.7` -> `v4.2.1` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v4.3.6` -> `v4.4.1` |
|
[defenseunicorns/uds-common](https://redirect.github.com/defenseunicorns/uds-common)
| | major | `v0.11.2` -> `v1.0.0` |
|
[defenseunicorns/uds-common](https://redirect.github.com/defenseunicorns/uds-common)
| action | major | `v0.11.2` -> `v1.0.0` |
|
[defenseunicorns/zarf](https://redirect.github.com/defenseunicorns/zarf)
| | minor | `v0.37.0` -> `v0.41.0` |
|
[docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action)
| action | minor | `v3.6.1` -> `v3.7.1` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | patch | `v3.26.0` -> `v3.26.12` |
|
[golangci/golangci-lint](https://redirect.github.com/golangci/golangci-lint)
| repository | minor | `v1.59.1` -> `v1.61.0` |
|
[mattermost/mattermost-plugin-ai](https://redirect.github.com/mattermost/mattermost-plugin-ai)
| | major | `0.9.1` -> `1.0.0` |
|
[pre-commit/pre-commit-hooks](https://redirect.github.com/pre-commit/pre-commit-hooks)
| repository | major | `v4.6.0` -> `v5.0.0` |
|
[python-jsonschema/check-jsonschema](https://redirect.github.com/python-jsonschema/check-jsonschema)
| repository | patch | `0.29.1` -> `0.29.3` |
|
[renovatebot/pre-commit-hooks](https://redirect.github.com/renovatebot/pre-commit-hooks)
| repository | minor | `38.21.2` -> `38.110.2` |
|
[step-security/harden-runner](https://redirect.github.com/step-security/harden-runner)
| action | minor | `v2.9.1` -> `v2.10.1` |
Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://redirect.github.com/renovatebot/renovate/discussions/new)
if you have any questions.
---
### Release Notes
actions/checkout (actions/checkout)
###
[`v4.2.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v421)
[Compare
Source](https://redirect.github.com/actions/checkout/compare/v4.2.0...v4.2.1)
- Check out other refs/\* by commit if provided, fall back to ref by
[@orhantoy](https://redirect.github.com/orhantoy) in
[https://github.com/actions/checkout/pull/1924](https://redirect.github.com/actions/checkout/pull/1924)
###
[`v4.2.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v420)
[Compare
Source](https://redirect.github.com/actions/checkout/compare/v4.1.7...v4.2.0)
- Add Ref and Commit outputs by
[@lucacome](https://redirect.github.com/lucacome) in
[https://github.com/actions/checkout/pull/1180](https://redirect.github.com/actions/checkout/pull/1180)
- Dependency updates by
[@dependabot-](https://redirect.github.com/dependabot-)
[https://github.com/actions/checkout/pull/1777](https://redirect.github.com/actions/checkout/pull/1777),
[https://github.com/actions/checkout/pull/1872](https://redirect.github.com/actions/checkout/pull/1872)
actions/upload-artifact (actions/upload-artifact)
###
[`v4.4.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.1)
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1)
#### What's Changed
- Add a section about hidden files by
[@joshmgross](https://redirect.github.com/joshmgross) in
[https://github.com/actions/upload-artifact/pull/607](https://redirect.github.com/actions/upload-artifact/pull/607)
- Add workflow file for publishing releases to immutable action package
by [@Jcambass](https://redirect.github.com/Jcambass) in
[https://github.com/actions/upload-artifact/pull/621](https://redirect.github.com/actions/upload-artifact/pull/621)
- Update
[@actions/artifact](https://redirect.github.com/actions/artifact)
to latest version, includes symlink and timeout fixes by
[@robherley](https://redirect.github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/625](https://redirect.github.com/actions/upload-artifact/pull/625)
#### New Contributors
- [@Jcambass](https://redirect.github.com/Jcambass) made their
first contribution in
[https://github.com/actions/upload-artifact/pull/621](https://redirect.github.com/actions/upload-artifact/pull/621)
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1
###
[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)
defenseunicorns/uds-common
(defenseunicorns/uds-common)
###
[`v1.0.0`](https://redirect.github.com/defenseunicorns/uds-common/releases/tag/v1.0.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/uds-common/compare/v0.13.1...v1.0.0)
##### ⚠ BREAKING CHANGES
- **task:** add optional config input to create, deploy package and
bundle tasks
([#262](https://redirect.github.com/defenseunicorns/uds-common/issues/262))
- add shell linting to uds-common linting
([#258](https://redirect.github.com/defenseunicorns/uds-common/issues/258))
- update uds common gh actions to use uds run conditionals
([#254](https://redirect.github.com/defenseunicorns/uds-common/issues/254))
##### Features
- **task:** add optional config input to create, deploy package and
bundle tasks
([#262](https://redirect.github.com/defenseunicorns/uds-common/issues/262))
([3d3e9cb](https://redirect.github.com/defenseunicorns/uds-common/commit/3d3e9cb82e6664a4250782e6ae3a4e1112cfe5be))
- update uds common gh actions to use uds run conditionals
([#254](https://redirect.github.com/defenseunicorns/uds-common/issues/254))
([c9d92f0](https://redirect.github.com/defenseunicorns/uds-common/commit/c9d92f0481d147e362d359447b487ab1c1560f31))
##### Bug Fixes
- update publish permissions
([#263](https://redirect.github.com/defenseunicorns/uds-common/issues/263))
([2e57869](https://redirect.github.com/defenseunicorns/uds-common/commit/2e57869b41d1f523ca37b2a3da035a580fc7d6d0))
##### Miscellaneous
- add an ADR to document workflow/job names
([#260](https://redirect.github.com/defenseunicorns/uds-common/issues/260))
([0685c7c](https://redirect.github.com/defenseunicorns/uds-common/commit/0685c7cac904ebe5f746770f9488210498d4463d))
- add shell linting to uds-common linting
([#258](https://redirect.github.com/defenseunicorns/uds-common/issues/258))
([82e9137](https://redirect.github.com/defenseunicorns/uds-common/commit/82e9137642cb5dc0ba41cb33ad1ae44258549d19))
- correct the release workflow path on README
([#265](https://redirect.github.com/defenseunicorns/uds-common/issues/265))
([62c9a5f](https://redirect.github.com/defenseunicorns/uds-common/commit/62c9a5f0a14a8215d5d7e55e1b11d0d77003c8e1))
- **deps:** update uds common support dependencies
([#250](https://redirect.github.com/defenseunicorns/uds-common/issues/250))
([c828932](https://redirect.github.com/defenseunicorns/uds-common/commit/c82893264fffadfd0d84ca239a9459e6e55b9635))
- **docs:** restructure and introduce metadata guidelines
([#266](https://redirect.github.com/defenseunicorns/uds-common/issues/266))
([6828f10](https://redirect.github.com/defenseunicorns/uds-common/commit/6828f10932a65d5fbbaf5994e2c23ddd1cd27255))
- refactor and improve badge verification task
([#249](https://redirect.github.com/defenseunicorns/uds-common/issues/249))
([82e63be](https://redirect.github.com/defenseunicorns/uds-common/commit/82e63be82766a2e550a847af904b2d738c9d3478))
- update practices around maintaining the UDS Common framework
([#253](https://redirect.github.com/defenseunicorns/uds-common/issues/253))
([a733122](https://redirect.github.com/defenseunicorns/uds-common/commit/a7331224f153532361d32d0b02de6cbe7361ffe3))
- update the codeowners for the repo
([#264](https://redirect.github.com/defenseunicorns/uds-common/issues/264))
([6359020](https://redirect.github.com/defenseunicorns/uds-common/commit/6359020fa85b88f3360d0813f3da1d5e1f51134c))
###
[`v0.13.1`](https://redirect.github.com/defenseunicorns/uds-common/releases/tag/v0.13.1)
[Compare
Source](https://redirect.github.com/defenseunicorns/uds-common/compare/v0.13.0...v0.13.1)
##### Bug Fixes
- allow dependent bundle commands to be run on upgrade tests
([#241](https://redirect.github.com/defenseunicorns/uds-common/issues/241))
([093def2](https://redirect.github.com/defenseunicorns/uds-common/commit/093def2f245709084c079aaf529a604d8ca5b6c2))
##### Miscellaneous
- **deps:** update uds common support dependencies
([#237](https://redirect.github.com/defenseunicorns/uds-common/issues/237))
([eac2f68](https://redirect.github.com/defenseunicorns/uds-common/commit/eac2f686deacb898a6383fcc73c861293db52b9c))
- modify helm matches to handle git and helm
([#238](https://redirect.github.com/defenseunicorns/uds-common/issues/238))
([803d9fe](https://redirect.github.com/defenseunicorns/uds-common/commit/803d9fed89bd890c1203c618a1e3fda1bd495cbd))
###
[`v0.13.0`](https://redirect.github.com/defenseunicorns/uds-common/releases/tag/v0.13.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/uds-common/compare/v0.12.0...v0.13.0)
##### Features
- add action for assisting with badge verification and migrate to nginx
([#191](https://redirect.github.com/defenseunicorns/uds-common/issues/191))
([79a5edf](https://redirect.github.com/defenseunicorns/uds-common/commit/79a5edfe7f5d9a4d1611289dbadf643c07850081))
- add options support to setup to set vars and other flags on uds-core
([#235](https://redirect.github.com/defenseunicorns/uds-common/issues/235))
([4336357](https://redirect.github.com/defenseunicorns/uds-common/commit/433635708b47c3f420990582a6a813a710d44423))
##### Bug Fixes
- mandate yamllint at least 1.30.0 to guarantee features in use
([#224](https://redirect.github.com/defenseunicorns/uds-common/issues/224))
([61929ac](https://redirect.github.com/defenseunicorns/uds-common/commit/61929ac82c3e4b635a5e1673975ab29964001ce4))
##### Miscellaneous
- add uds-marketplace to codeowners
([#225](https://redirect.github.com/defenseunicorns/uds-common/issues/225))
([ff9a8d9](https://redirect.github.com/defenseunicorns/uds-common/commit/ff9a8d943f4e7e926d243dabecfe0c585e946ba0))
- **deps:** update uds common nginx package
([#223](https://redirect.github.com/defenseunicorns/uds-common/issues/223))
([688197c](https://redirect.github.com/defenseunicorns/uds-common/commit/688197cfcfdf2e14c222f82c59d27904fd1753bb))
- **deps:** update uds common support dependencies
([#216](https://redirect.github.com/defenseunicorns/uds-common/issues/216))
([a597644](https://redirect.github.com/defenseunicorns/uds-common/commit/a597644480afb2e8c1685ca067a7e838c6f14570))
- **deps:** update uds common support dependencies
([#221](https://redirect.github.com/defenseunicorns/uds-common/issues/221))
([bd6459f](https://redirect.github.com/defenseunicorns/uds-common/commit/bd6459f057c236a6ca28e8fc6ec9af2821be9c00))
- **deps:** update uds common support dependencies
([#228](https://redirect.github.com/defenseunicorns/uds-common/issues/228))
([b34e017](https://redirect.github.com/defenseunicorns/uds-common/commit/b34e01747bc81b098b63cdf2a820dd644a7c6725))
- **deps:** update uds common support dependencies
([#236](https://redirect.github.com/defenseunicorns/uds-common/issues/236))
([ba37ec2](https://redirect.github.com/defenseunicorns/uds-common/commit/ba37ec2db2d56afd2b7e63c00bd19eebd1dd8ddc))
- **renovate:** prefer opentofu registry for providers
([#230](https://redirect.github.com/defenseunicorns/uds-common/issues/230))
([443fd0f](https://redirect.github.com/defenseunicorns/uds-common/commit/443fd0f1401ea496d5f39b43383d910f9f737871))
###
[`v0.12.0`](https://redirect.github.com/defenseunicorns/uds-common/releases/tag/v0.12.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/uds-common/compare/v0.11.2...v0.12.0)
##### ⚠ BREAKING CHANGES
- changed latest-package behavior
([#206](https://redirect.github.com/defenseunicorns/uds-common/issues/206))
> \[!NOTE]
> As part of this change please migrate to using the [test-deploy
callable
workflow](https://redirect.github.com/defenseunicorns/uds-common/blob/d48167a5f999dc5ffd91e6b5878ab158e55f1a6c/.github/workflows/test-deploy.yaml)
##### Features
- changed latest-package behavior
([#206](https://redirect.github.com/defenseunicorns/uds-common/issues/206))
([eb0253c](https://redirect.github.com/defenseunicorns/uds-common/commit/eb0253c3174ec6553b00c52022aa0818049a8036))
##### Bug Fixes
- upgrade version tests
([#215](https://redirect.github.com/defenseunicorns/uds-common/issues/215))
([d48167a](https://redirect.github.com/defenseunicorns/uds-common/commit/d48167a5f999dc5ffd91e6b5878ab158e55f1a6c))
##### Miscellaneous
- **deps:** update uds common support dependencies
([#210](https://redirect.github.com/defenseunicorns/uds-common/issues/210))
([822dac4](https://redirect.github.com/defenseunicorns/uds-common/commit/822dac4452e6815aadcf09f487406ff258756a0c))
- **deps:** update uds common support dependencies
([#213](https://redirect.github.com/defenseunicorns/uds-common/issues/213))
([7eb8a12](https://redirect.github.com/defenseunicorns/uds-common/commit/7eb8a123684bca1c3a7490f5d35ae7ae4598db60))
defenseunicorns/zarf (defenseunicorns/zarf)
###
[`v0.41.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.41.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.40.1...v0.41.0)
#### What's Changed
- chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3013](https://redirect.github.com/zarf-dev/zarf/pull/3013)
- chore(deps): bump actions/setup-node from 4.0.3 to 4.0.4 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3014](https://redirect.github.com/zarf-dev/zarf/pull/3014)
- chore: workflow to check that go mod tidy is run by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2963](https://redirect.github.com/zarf-dev/zarf/pull/2963)
- fix: health checks issue when crds don't exist prior to package
deploys by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3011](https://redirect.github.com/zarf-dev/zarf/pull/3011)
- refactor: remove by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/3008](https://redirect.github.com/zarf-dev/zarf/pull/3008)
- fix: modify the wait condition according to return values from earlier
method call by [@soltysh](https://redirect.github.com/soltysh) in
[https://github.com/zarf-dev/zarf/pull/3020](https://redirect.github.com/zarf-dev/zarf/pull/3020)
- refactor: packager inspect command by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2990](https://redirect.github.com/zarf-dev/zarf/pull/2990)
- refactor: update syft to v1 by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3021](https://redirect.github.com/zarf-dev/zarf/pull/3021)
- chore(deps): bump k8s.io/component-base from 0.30.3 to 0.31.1 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2995](https://redirect.github.com/zarf-dev/zarf/pull/2995)
- chore(deps): bump github.com/agnivade/levenshtein from 1.1.1 to 1.2.0
by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3027](https://redirect.github.com/zarf-dev/zarf/pull/3027)
- chore(deps): bump k8s.io/kubectl from 0.30.3 to 0.31.1 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3028](https://redirect.github.com/zarf-dev/zarf/pull/3028)
- chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3025](https://redirect.github.com/zarf-dev/zarf/pull/3025)
- fix: nightly by removing logline no longer printed by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/3038](https://redirect.github.com/zarf-dev/zarf/pull/3038)
- feat: pass context to helm install & upgrade by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3031](https://redirect.github.com/zarf-dev/zarf/pull/3031)
- chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3035](https://redirect.github.com/zarf-dev/zarf/pull/3035)
- test: fix external git flake by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3039](https://redirect.github.com/zarf-dev/zarf/pull/3039)
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.5.0 to 1.6.1
by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3034](https://redirect.github.com/zarf-dev/zarf/pull/3034)
- chore: resolve cosign cves by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3029](https://redirect.github.com/zarf-dev/zarf/pull/3029)
- fix: nightly ecr test by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/3041](https://redirect.github.com/zarf-dev/zarf/pull/3041)
- chore(deps): bump helm.sh/helm/v3 from 3.15.3 to 3.16.1 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3026](https://redirect.github.com/zarf-dev/zarf/pull/3026)
- chore(deps): bump github.com/prometheus/client_golang from 1.18.0 to
1.20.4 by [@dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3007](https://redirect.github.com/zarf-dev/zarf/pull/3007)
- chore: cleanup errchecking in tests by
[@mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/3040](https://redirect.github.com/zarf-dev/zarf/pull/3040)
- chore(deps): bump github.com/gofrs/flock from 0.8.1 to 0.12.1 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3033](https://redirect.github.com/zarf-dev/zarf/pull/3033)
- chore(deps): bump
github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.8 to
1.8.9 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3049](https://redirect.github.com/zarf-dev/zarf/pull/3049)
- chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3047](https://redirect.github.com/zarf-dev/zarf/pull/3047)
- chore(deps): bump github.com/fluxcd/helm-controller/api from 1.0.1 to
1.1.0 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3045](https://redirect.github.com/zarf-dev/zarf/pull/3045)
- chore(deps): bump github.com/defenseunicorns/pkg/oci from 1.0.1 to
1.0.2 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3048](https://redirect.github.com/zarf-dev/zarf/pull/3048)
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.3.0
to 1.4.1 by [@dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3050](https://redirect.github.com/zarf-dev/zarf/pull/3050)
- refactor: layout by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/3022](https://redirect.github.com/zarf-dev/zarf/pull/3022)
- chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure
from 1.8.8 to 1.8.9 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3057](https://redirect.github.com/zarf-dev/zarf/pull/3057)
- chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3058](https://redirect.github.com/zarf-dev/zarf/pull/3058)
- feat!: remove big bang extension by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3059](https://redirect.github.com/zarf-dev/zarf/pull/3059)
- chore: directly handle ignored errs and nolint intentionally ignored
errs by [@mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/2993](https://redirect.github.com/zarf-dev/zarf/pull/2993)
- chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp
from 1.8.8 to 1.8.9 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3062](https://redirect.github.com/zarf-dev/zarf/pull/3062)
- chore(deps): bump sigs.k8s.io/cli-utils from 0.36.0 to 0.37.2 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3055](https://redirect.github.com/zarf-dev/zarf/pull/3055)
- chore: update flux example, tests, and docs to address upstream fix by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3052](https://redirect.github.com/zarf-dev/zarf/pull/3052)
- chore(deps): bump github.com/distribution/distribution/v3 from
3.0.0-alpha.1 to 3.0.0-beta.1 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3054](https://redirect.github.com/zarf-dev/zarf/pull/3054)
- docs: remove docs for deprecated Zarf UI by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3060](https://redirect.github.com/zarf-dev/zarf/pull/3060)
- feat: add linter (2949) by
[@mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/3053](https://redirect.github.com/zarf-dev/zarf/pull/3053)
#### New Contributors
- [@soltysh](https://redirect.github.com/soltysh) made their
first contribution in
[https://github.com/zarf-dev/zarf/pull/3020](https://redirect.github.com/zarf-dev/zarf/pull/3020)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.40.1...v0.41.0
###
[`v0.40.1`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.40.1)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.40.0...v0.40.1)
##### What's Changed
- chore(deps): bump actions/create-github-app-token from 1.10.3 to
1.10.4 by [@dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/2968](https://redirect.github.com/zarf-dev/zarf/pull/2968)
- fix: imported helm overrides by
[@rjferguson21](https://redirect.github.com/rjferguson21) in
[https://github.com/zarf-dev/zarf/pull/2967](https://redirect.github.com/zarf-dev/zarf/pull/2967)
- chore: only show config file if there is one by
[@catsby](https://redirect.github.com/catsby) in
[https://github.com/zarf-dev/zarf/pull/2985](https://redirect.github.com/zarf-dev/zarf/pull/2985)
- refactor: trim named returns in pkg
[#2950](https://redirect.github.com/defenseunicorns/zarf/issues/2950)
by [@mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/2979](https://redirect.github.com/zarf-dev/zarf/pull/2979)
- chore: finish removing named returns outside of package and extensions
[#2950](https://redirect.github.com/defenseunicorns/zarf/issues/2950)
by [@mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/2987](https://redirect.github.com/zarf-dev/zarf/pull/2987)
- chore: ensure we return zeroed value when returning errors by
[@mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/2988](https://redirect.github.com/zarf-dev/zarf/pull/2988)
- chore(deps): bump actions/create-github-app-token from 1.10.4 to
1.11.0 by [@dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/2991](https://redirect.github.com/zarf-dev/zarf/pull/2991)
- refactor: break --insecure into separate flags by
[@joonas](https://redirect.github.com/joonas) in
[https://github.com/zarf-dev/zarf/pull/2936](https://redirect.github.com/zarf-dev/zarf/pull/2936)
- ci: stop codeql on merge queue by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2934](https://redirect.github.com/zarf-dev/zarf/pull/2934)
- fix: add shasum flag and test for https pull by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2998](https://redirect.github.com/zarf-dev/zarf/pull/2998)
- chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2997](https://redirect.github.com/zarf-dev/zarf/pull/2997)
- refactor: pull command by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2989](https://redirect.github.com/zarf-dev/zarf/pull/2989)
- docs: update dos-games refs by
[@jasonwashburn](https://redirect.github.com/jasonwashburn) in
[https://github.com/zarf-dev/zarf/pull/3004](https://redirect.github.com/zarf-dev/zarf/pull/3004)
- refactor: lint by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/3000](https://redirect.github.com/zarf-dev/zarf/pull/3000)
- refactor: mirror-resources by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2975](https://redirect.github.com/zarf-dev/zarf/pull/2975)
- fix: gittributes to ignore image file endings by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/3012](https://redirect.github.com/zarf-dev/zarf/pull/3012)
##### New Contributors
- [@rjferguson21](https://redirect.github.com/rjferguson21) made
their first contribution in
[https://github.com/zarf-dev/zarf/pull/2967](https://redirect.github.com/zarf-dev/zarf/pull/2967)
- [@catsby](https://redirect.github.com/catsby) made their first
contribution in
[https://github.com/zarf-dev/zarf/pull/2985](https://redirect.github.com/zarf-dev/zarf/pull/2985)
- [@mkcp](https://redirect.github.com/mkcp) made their first
contribution in
[https://github.com/zarf-dev/zarf/pull/2979](https://redirect.github.com/zarf-dev/zarf/pull/2979)
- [@joonas](https://redirect.github.com/joonas) made their first
contribution in
[https://github.com/zarf-dev/zarf/pull/2936](https://redirect.github.com/zarf-dev/zarf/pull/2936)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.1
###
[`v0.40.0`](https://redirect.github.com/defenseunicorns/zarf/compare/v0.39.0...v0.40.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.39.0...v0.40.0)
###
[`v0.39.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.39.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.38.3...v0.39.0)
#### What's Changed
- chore: update dos games release by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2921](https://redirect.github.com/zarf-dev/zarf/pull/2921)
- ci: id-token write application packages by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2923](https://redirect.github.com/zarf-dev/zarf/pull/2923)
- docs: update dos games example by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2924](https://redirect.github.com/zarf-dev/zarf/pull/2924)
- chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2927](https://redirect.github.com/zarf-dev/zarf/pull/2927)
- chore: schema adr by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2600](https://redirect.github.com/zarf-dev/zarf/pull/2600)
- fix: remove use of pkg/errors by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2937](https://redirect.github.com/zarf-dev/zarf/pull/2937)
- refactor: remove use of named returns in packager by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2940](https://redirect.github.com/zarf-dev/zarf/pull/2940)
- chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2948](https://redirect.github.com/zarf-dev/zarf/pull/2948)
- refactor: remove printing available Helm charts and versions when the
Chart is not found by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2944](https://redirect.github.com/zarf-dev/zarf/pull/2944)
- refactor: remove connect strings from packager property by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2941](https://redirect.github.com/zarf-dev/zarf/pull/2941)
- fix(ci): test-imports workflow breaks when called from a fork by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2946](https://redirect.github.com/zarf-dev/zarf/pull/2946)
- feat: add health checks by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2678](https://redirect.github.com/zarf-dev/zarf/pull/2678)
- refactor: move finding table printing to CLI by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2960](https://redirect.github.com/zarf-dev/zarf/pull/2960)
- docs: update docs item in update Q2 roadmap by
[@eknowles](https://redirect.github.com/eknowles) in
[https://github.com/zarf-dev/zarf/pull/2958](https://redirect.github.com/zarf-dev/zarf/pull/2958)
- chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2957](https://redirect.github.com/zarf-dev/zarf/pull/2957)
- fix: progress bar image name flashes on push by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2965](https://redirect.github.com/zarf-dev/zarf/pull/2965)
#### New Contributors
- [@eknowles](https://redirect.github.com/eknowles) made their
first contribution in
[https://github.com/zarf-dev/zarf/pull/2958](https://redirect.github.com/zarf-dev/zarf/pull/2958)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.38.3...v0.39.0
###
[`v0.38.3`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.38.3)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.38.2...v0.38.3)
#### What's Changed
- fix: linter warnings in new Golang CI version by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2883](https://redirect.github.com/zarf-dev/zarf/pull/2883)
- chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2871](https://redirect.github.com/zarf-dev/zarf/pull/2871)
- chore(deps): bump github/codeql-action from 3.26.0 to 3.26.1 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2881](https://redirect.github.com/zarf-dev/zarf/pull/2881)
- test: move oci compose tests that don't need cluster by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2878](https://redirect.github.com/zarf-dev/zarf/pull/2878)
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.44.2 to 4.44.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2870](https://redirect.github.com/zarf-dev/zarf/pull/2870)
- refactor: findImages to return errors immediately by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2851](https://redirect.github.com/zarf-dev/zarf/pull/2851)
- test: add workflow to make sure importing Zarf works by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2874](https://redirect.github.com/zarf-dev/zarf/pull/2874)
- refactor: remove unnecessary retry logic from data injection by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2867](https://redirect.github.com/zarf-dev/zarf/pull/2867)
- docs: explain no wait & helm hooks interaction by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2895](https://redirect.github.com/zarf-dev/zarf/pull/2895)
- refactor: store managed secrets and add tests by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2892](https://redirect.github.com/zarf-dev/zarf/pull/2892)
- chore(deps): bump github/codeql-action from 3.26.1 to 3.26.2 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2888](https://redirect.github.com/zarf-dev/zarf/pull/2888)
- chore(deps): bump actions/setup-go from 5.0.0 to 5.0.2 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2901](https://redirect.github.com/zarf-dev/zarf/pull/2901)
- fix: update injector by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2910](https://redirect.github.com/zarf-dev/zarf/pull/2910)
- chore(deps): bump github/codeql-action from 3.26.2 to 3.26.4 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2916](https://redirect.github.com/zarf-dev/zarf/pull/2916)
- fix: update creds not breaking when internal git server not deployed
by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2904](https://redirect.github.com/zarf-dev/zarf/pull/2904)
- feat: better error message on helm fail by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2914](https://redirect.github.com/zarf-dev/zarf/pull/2914)
- ci: increase lint timeout by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2919](https://redirect.github.com/zarf-dev/zarf/pull/2919)
- fix: evaulate templates on schema check by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2911](https://redirect.github.com/zarf-dev/zarf/pull/2911)
- chore: update workflow to use new key by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2920](https://redirect.github.com/zarf-dev/zarf/pull/2920)
- ci: permission at job level by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2922](https://redirect.github.com/zarf-dev/zarf/pull/2922)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.38.2...v0.38.3
###
[`v0.38.2`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.38.2)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.38.1...v0.38.2)
#### What's Changed
- chore(deps): bump github.com/google/go-containerregistry from 0.20.1
to 0.20.2 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2863](https://redirect.github.com/zarf-dev/zarf/pull/2863)
- chore(deps): bump k8s.io/kubectl from 0.30.0 to 0.30.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2862](https://redirect.github.com/zarf-dev/zarf/pull/2862)
- ci: add renamed github workflow jobs to the shim workflow by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2858](https://redirect.github.com/zarf-dev/zarf/pull/2858)
- test: docker exec to in memory registry by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2869](https://redirect.github.com/zarf-dev/zarf/pull/2869)
- fix: replace helpers.Retry with go-retry and adjust delay by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2856](https://redirect.github.com/zarf-dev/zarf/pull/2856)
- feat: introduce beta schema by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2859](https://redirect.github.com/zarf-dev/zarf/pull/2859)
- refactor: move validate to lint by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2839](https://redirect.github.com/zarf-dev/zarf/pull/2839)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.38.0...v0.38.2
###
[`v0.38.1`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.38.1)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.38.0...v0.38.1)
#### What's Changed
- refactor: utilize invopop comment feature by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2781](https://redirect.github.com/zarf-dev/zarf/pull/2781)
- fix: detect invalid helm release names by
[@jamestexas](https://redirect.github.com/jamestexas) in
[https://github.com/zarf-dev/zarf/pull/2784](https://redirect.github.com/zarf-dev/zarf/pull/2784)
- refactor: move gitea code to separate package by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2785](https://redirect.github.com/zarf-dev/zarf/pull/2785)
- fix: add dependabot and disable renovate features by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2789](https://redirect.github.com/zarf-dev/zarf/pull/2789)
- chore(deps): bump github/codeql-action from 3.24.0 to 3.25.15 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2792](https://redirect.github.com/zarf-dev/zarf/pull/2792)
- chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.4 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2791](https://redirect.github.com/zarf-dev/zarf/pull/2791)
- chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2793](https://redirect.github.com/zarf-dev/zarf/pull/2793)
- chore(deps): bump docker/login-action from 3.0.0 to 3.3.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2794](https://redirect.github.com/zarf-dev/zarf/pull/2794)
- chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2795](https://redirect.github.com/zarf-dev/zarf/pull/2795)
- chore(deps): bump k8s.io/component-base from 0.30.0 to 0.30.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2798](https://redirect.github.com/zarf-dev/zarf/pull/2798)
- ci: remove unneeded cve checking by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2802](https://redirect.github.com/zarf-dev/zarf/pull/2802)
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.43.1 to 4.44.2 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2799](https://redirect.github.com/zarf-dev/zarf/pull/2799)
- chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2808](https://redirect.github.com/zarf-dev/zarf/pull/2808)
- chore(deps): bump actions/create-github-app-token from 1.9.0 to 1.10.3
by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2809](https://redirect.github.com/zarf-dev/zarf/pull/2809)
- chore(deps): bump actions/download-artifact from 4.1.2 to 4.1.8 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2810](https://redirect.github.com/zarf-dev/zarf/pull/2810)
- chore(deps): bump actions/checkout from 4.1.1 to 4.1.7 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2807](https://redirect.github.com/zarf-dev/zarf/pull/2807)
- chore(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2813](https://redirect.github.com/zarf-dev/zarf/pull/2813)
- chore(deps): bump github.com/goccy/go-yaml from 1.11.3 to 1.12.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2811](https://redirect.github.com/zarf-dev/zarf/pull/2811)
- chore(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to
4.0.2 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2806](https://redirect.github.com/zarf-dev/zarf/pull/2806)
- fix: resolve CVE-2024-41110 by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2815](https://redirect.github.com/zarf-dev/zarf/pull/2815)
- refactor: git package by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2790](https://redirect.github.com/zarf-dev/zarf/pull/2790)
- ci: better named gh jobs by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2816](https://redirect.github.com/zarf-dev/zarf/pull/2816)
- chore(deps): bump actions/dependency-review-action from 4.1.3 to 4.3.4
by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2822](https://redirect.github.com/zarf-dev/zarf/pull/2822)
- chore(deps): bump actions/setup-node from 4.0.2 to 4.0.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2821](https://redirect.github.com/zarf-dev/zarf/pull/2821)
- chore: move context.TODO to context.Background() (4) by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2749](https://redirect.github.com/zarf-dev/zarf/pull/2749)
- chore(deps): bump
github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to
1.8.7 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2800](https://redirect.github.com/zarf-dev/zarf/pull/2800)
- chore: turn down codecov by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2823](https://redirect.github.com/zarf-dev/zarf/pull/2823)
- chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp
from 1.8.1 to 1.8.7 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2812](https://redirect.github.com/zarf-dev/zarf/pull/2812)
- refactor: move and test HasImages by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2831](https://redirect.github.com/zarf-dev/zarf/pull/2831)
- fix: disk pressure flakes by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2832](https://redirect.github.com/zarf-dev/zarf/pull/2832)
- chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2834](https://redirect.github.com/zarf-dev/zarf/pull/2834)
- refactor: change isInternal variables to functions by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2768](https://redirect.github.com/zarf-dev/zarf/pull/2768)
- chore: update obsolete versions by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2830](https://redirect.github.com/zarf-dev/zarf/pull/2830)
- refactor: init zarf state by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2833](https://redirect.github.com/zarf-dev/zarf/pull/2833)
- fix: ignore config file not found errors by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2838](https://redirect.github.com/zarf-dev/zarf/pull/2838)
- fix: override tunnel details with user-provided settings by
[@chaospuppy](https://redirect.github.com/chaospuppy) in
[https://github.com/zarf-dev/zarf/pull/2841](https://redirect.github.com/zarf-dev/zarf/pull/2841)
- refactor: move package generation to a local variable by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2835](https://redirect.github.com/zarf-dev/zarf/pull/2835)
- feat: move ZarfPackageConfig to it's own api-versioned package by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2801](https://redirect.github.com/zarf-dev/zarf/pull/2801)
- refactor: replace debug logs with returning errors by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2777](https://redirect.github.com/zarf-dev/zarf/pull/2777)
- refactor: proxy and add tests by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2843](https://redirect.github.com/zarf-dev/zarf/pull/2843)
- chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2848](https://redirect.github.com/zarf-dev/zarf/pull/2848)
- chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2847](https://redirect.github.com/zarf-dev/zarf/pull/2847)
- test: add tests for FindImages by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2850](https://redirect.github.com/zarf-dev/zarf/pull/2850)
- test: unit test index sha by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2844](https://redirect.github.com/zarf-dev/zarf/pull/2844)
- chore(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2828](https://redirect.github.com/zarf-dev/zarf/pull/2828)
- chore: update dos games by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2845](https://redirect.github.com/zarf-dev/zarf/pull/2845)
- chore(deps): bump sigs.k8s.io/kustomize/api from 0.16.0 to 0.17.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2826](https://redirect.github.com/zarf-dev/zarf/pull/2826)
- chore(deps): bump github.com/pterm/pterm from 0.12.78 to 0.12.79 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2854](https://redirect.github.com/zarf-dev/zarf/pull/2854)
- fix: install grype during release by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2857](https://redirect.github.com/zarf-dev/zarf/pull/2857)
#### New Contributors
- [@jamestexas](https://redirect.github.com/jamestexas) made
their first contribution in
[https://github.com/zarf-dev/zarf/pull/2784](https://redirect.github.com/zarf-dev/zarf/pull/2784)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.37.0...v0.38.1
###
[`v0.38.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.38.0)
[Compare
Source](https://redirect.github.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0)
#### What's Changed
- refactor: utilize invopop comment feature by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2781](https://redirect.github.com/zarf-dev/zarf/pull/2781)
- fix: detect invalid helm release names by
[@jamestexas](https://redirect.github.com/jamestexas) in
[https://github.com/zarf-dev/zarf/pull/2784](https://redirect.github.com/zarf-dev/zarf/pull/2784)
- refactor: move gitea code to separate package by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2785](https://redirect.github.com/zarf-dev/zarf/pull/2785)
- fix: add dependabot and disable renovate features by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2789](https://redirect.github.com/zarf-dev/zarf/pull/2789)
- chore(deps): bump github/codeql-action from 3.24.0 to 3.25.15 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2792](https://redirect.github.com/zarf-dev/zarf/pull/2792)
- chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.4 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2791](https://redirect.github.com/zarf-dev/zarf/pull/2791)
- chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2793](https://redirect.github.com/zarf-dev/zarf/pull/2793)
- chore(deps): bump docker/login-action from 3.0.0 to 3.3.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2794](https://redirect.github.com/zarf-dev/zarf/pull/2794)
- chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2795](https://redirect.github.com/zarf-dev/zarf/pull/2795)
- chore(deps): bump k8s.io/component-base from 0.30.0 to 0.30.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2798](https://redirect.github.com/zarf-dev/zarf/pull/2798)
- ci: remove unneeded cve checking by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2802](https://redirect.github.com/zarf-dev/zarf/pull/2802)
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.43.1 to 4.44.2 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2799](https://redirect.github.com/zarf-dev/zarf/pull/2799)
- chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2808](https://redirect.github.com/zarf-dev/zarf/pull/2808)
- chore(deps): bump actions/create-github-app-token from 1.9.0 to 1.10.3
by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2809](https://redirect.github.com/zarf-dev/zarf/pull/2809)
- chore(deps): bump actions/download-artifact from 4.1.2 to 4.1.8 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2810](https://redirect.github.com/zarf-dev/zarf/pull/2810)
- chore(deps): bump actions/checkout from 4.1.1 to 4.1.7 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2807](https://redirect.github.com/zarf-dev/zarf/pull/2807)
- chore(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2813](https://redirect.github.com/zarf-dev/zarf/pull/2813)
- chore(deps): bump github.com/goccy/go-yaml from 1.11.3 to 1.12.0 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2811](https://redirect.github.com/zarf-dev/zarf/pull/2811)
- chore(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to
4.0.2 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2806](https://redirect.github.com/zarf-dev/zarf/pull/2806)
- fix: resolve CVE-2024-41110 by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2815](https://redirect.github.com/zarf-dev/zarf/pull/2815)
- refactor: git package by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2790](https://redirect.github.com/zarf-dev/zarf/pull/2790)
- ci: better named gh jobs by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2816](https://redirect.github.com/zarf-dev/zarf/pull/2816)
- chore(deps): bump actions/dependency-review-action from 4.1.3 to 4.3.4
by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2822](https://redirect.github.com/zarf-dev/zarf/pull/2822)
- chore(deps): bump actions/setup-node from 4.0.2 to 4.0.3 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2821](https://redirect.github.com/zarf-dev/zarf/pull/2821)
- chore: move context.TODO to context.Background() (4) by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2749](https://redirect.github.com/zarf-dev/zarf/pull/2749)
- chore(deps): bump
github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to
1.8.7 by [@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2800](https://redirect.github.com/zarf-dev/zarf/pull/2800)
- chore: turn down codecov by
[@schristoff](https://redirect.github.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2823](https://redirect.github.com/zarf-dev/zarf/pull/2823)
- chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp
from 1.8.1 to 1.8.7 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2812](https://redirect.github.com/zarf-dev/zarf/pull/2812)
- refactor: move and test HasImages by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2831](https://redirect.github.com/zarf-dev/zarf/pull/2831)
- fix: disk pressure flakes by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2832](https://redirect.github.com/zarf-dev/zarf/pull/2832)
- chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/2834](https://redirect.github.com/zarf-dev/zarf/pull/2834)
- refactor: change isInternal variables to functions by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2768](https://redirect.github.com/zarf-dev/zarf/pull/2768)
- chore: update obsolete versions by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2830](https://redirect.github.com/zarf-dev/zarf/pull/2830)
- refactor: init zarf state by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2833](https://redirect.github.com/zarf-dev/zarf/pull/2833)
- fix: ignore config file not found errors by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2838](https://redirect.github.com/zarf-dev/zarf/pull/2838)
- fix: override tunnel details with user-provided settings by
[@chaospuppy](https://redirect.github.com/chaospuppy) in
[https://github.com/zarf-dev/zarf/pull/2841](https://redirect.github.com/zarf-dev/zarf/pull/2841)
- refactor: move package generation to a local variable by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2835](https://redirect.github.com/zarf-dev/zarf/pull/2835)
- feat: move ZarfPackageConfig to it's own api-versioned package by
[@AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2801](https://redirect.github.com/zarf-dev/zarf/pull/2801)
- refactor: replace debug logs with returning errors by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2777](https://redirect.github.com/zarf-dev/zarf/pull/2777)
- refactor: proxy and add tests by
[@phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2843](https://redirect.github.com/zarf-dev/zarf/pull/2843)
- chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by
[@̴
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com>
Co-authored-by: Wayne Starr
---
.github/workflows/ci-docs-shim.yaml | 16 ++--
.github/workflows/codeql.yaml | 45 ----------
.github/workflows/commitlint.yaml | 3 +-
.github/workflows/dependencyreview.yaml | 27 ------
.github/workflows/lint.yaml | 35 ++------
.github/workflows/release.yaml | 46 +++++++++++
.github/workflows/scorecard.yaml | 35 +-------
.github/workflows/tag-and-release.yaml | 79 ------------------
.github/workflows/test.yaml | 105 +++++++++---------------
.pre-commit-config.yaml | 54 ------------
plugins/Dockerfile | 2 +-
plugins/entrypoint.sh | 2 +-
tasks.yaml | 78 ++++++++++--------
tasks/dependencies.yaml | 5 +-
tasks/publish.yaml | 18 +---
15 files changed, 155 insertions(+), 395 deletions(-)
delete mode 100644 .github/workflows/codeql.yaml
delete mode 100644 .github/workflows/dependencyreview.yaml
create mode 100644 .github/workflows/release.yaml
delete mode 100644 .github/workflows/tag-and-release.yaml
delete mode 100644 .pre-commit-config.yaml
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
index 0c62b88c..3089d2b8 100644
--- a/.github/workflows/ci-docs-shim.yaml
+++ b/.github/workflows/ci-docs-shim.yaml
@@ -6,15 +6,13 @@ on:
types: [milestoned, opened, synchronize]
jobs:
- run-test:
- name: ${{ matrix.type }} ${{ matrix.flavor }}
- runs-on: "ubuntu-latest"
- timeout-minutes: 20
+ validate:
strategy:
matrix:
- flavor: [upstream, registry1]
type: [install, upgrade]
- steps:
- - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
- run: |
- echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."
+ flavor: [upstream, registry1, unicorn]
+ uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
+ with:
+ flavor: ${{ matrix.flavor }}
+ type: ${{ matrix.type }}
+ secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
deleted file mode 100644
index 210ba8d6..00000000
--- a/.github/workflows/codeql.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: "CodeQL"
-
-on:
- push:
- branches: ["main"]
- pull_request:
- # The branches below must be a subset of the branches above
- branches: ["main"]
- schedule:
- - cron: "0 0 * * 1"
-
-permissions:
- contents: read
-
-jobs:
- analyze:
- name: Analyze
- runs-on: ubuntu-latest
- permissions:
- actions: read
- contents: read
- security-events: write
-
- strategy:
- fail-fast: false
- matrix:
- language: ["javascript"]
-
- steps:
-
- - name: Checkout repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
- with:
- languages: ${{ matrix.language }}
- - name: Autobuild
- uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
- with:
- category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index 1ecdf000..16072c85 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -7,5 +7,4 @@ on:
jobs:
validate:
- name: Validate
- uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
+ uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
diff --git a/.github/workflows/dependencyreview.yaml b/.github/workflows/dependencyreview.yaml
deleted file mode 100644
index bf2dcfba..00000000
--- a/.github/workflows/dependencyreview.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# Dependency Review Action
-#
-# This Action will scan dependency manifest files that change as part of a Pull Request,
-# surfacing known-vulnerable versions of the packages declared or updated in the PR.
-# Once installed, if the workflow run is marked as required,
-# PRs introducing known-vulnerable packages will be blocked from merging.
-#
-# Source repository: https://github.com/actions/dependency-review-action
-name: 'Dependency Review'
-on: [pull_request]
-
-permissions:
- contents: read
-
-jobs:
- dependency-review:
- runs-on: ubuntu-latest
- steps:
- - name: Harden Runner
- uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
- with:
- egress-policy: audit
-
- - name: 'Checkout Repository'
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- - name: 'Dependency Review'
- uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index b81add5f..1af44b29 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -1,37 +1,12 @@
-name: Scan
+name: Lint
on:
# This workflow is triggered on pull requests to the main branch.
pull_request:
- branches: [main]
- types: [milestoned, opened, synchronize]
+ # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
+ types: [milestoned, opened, reopened, synchronize]
jobs:
validate:
- runs-on: ubuntu-latest
- name: Lint
- permissions:
- contents: read # Allows reading the repo contents
- id-token: write
-
- steps:
- - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- with:
- fetch-depth: 0
-
- - name: Environment setup
- uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
- with:
- registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
- registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
- ghToken: ${{ secrets.GITHUB_TOKEN }}
- chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
-
- - name: Install lint deps
- run: |
- uds run lint:deps
-
- - name: Lint the repository
- run: |
- uds run lint:yaml
+ uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
+ secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..ead8a14a
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,46 @@
+name: Release
+
+on:
+ push:
+ branches:
+ - main
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+ contents: read # Allows reading the content of the repository.
+ packages: read # Allows reading the content of the repository's packages.
+ id-token: write
+
+jobs:
+ tag-new-version:
+ permissions: write-all
+ runs-on: ubuntu-latest
+ outputs:
+ release_created: ${{ steps.release-flag.outputs.release_created }}
+ steps:
+ - name: Create Release Tag
+ id: tag
+ uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
+ - id: release-flag
+ run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT"
+
+ publish:
+ permissions:
+ contents: read # Allows reading the content of the repository.
+ packages: write # Allows reading the content of the repository's packages.
+ id-token: write
+ needs: tag-new-version
+ if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
+ strategy:
+ matrix:
+ flavor: [upstream, registry1, unicorn]
+ architecture: [amd64, arm64]
+ exclude:
+ - flavor: registry1
+ architecture: arm64
+ uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
+ with:
+ flavor: ${{ matrix.flavor }}
+ runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'uds-swf-ubuntu-big-boy-4-core' }}
+ reports-path: "tests/.playwright/reports/"
+ secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index 5a7e596e..a177f87f 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -11,40 +11,11 @@ on:
permissions: read-all
jobs:
- analysis:
- name: Scorecards analysis
- runs-on: ubuntu-latest
+ validate:
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write
-
- steps:
- - name: "Checkout code"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- with:
- persist-credentials: false
-
- - name: "Run analysis"
- uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
- with:
- results_file: results.sarif
- results_format: sarif
- repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
- publish_results: true
-
- # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
- # format to the repository Actions tab.
- - name: "Upload artifact"
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
- with:
- name: SARIF file
- path: results.sarif
- retention-days: 5
-
- # Upload the results to GitHub's code scanning dashboard.
- - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
- with:
- sarif_file: results.sarif
+ uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
+ secrets: inherit
diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
deleted file mode 100644
index a3bfd78a..00000000
--- a/.github/workflows/tag-and-release.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
-name: Publish UDS Package Mattermost
-
-on:
- push:
- branches:
- - main
-
-permissions:
- contents: read
-
-jobs:
- tag-new-version:
- name: Tag New Version
- permissions: write-all
- runs-on: ubuntu-latest
- outputs:
- release_created: ${{ steps.release-flag.outputs.release_created }}
- steps:
- - name: Create release tag
- id: tag
- uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
- - id: release-flag
- run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
-
- publish-package:
- needs: tag-new-version
- if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
- runs-on: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'uds-swf-ubuntu-big-boy-4-core' }}
- strategy:
- matrix:
- flavor: [upstream, unicorn, registry1]
- architecture: [amd64, arm64]
- exclude:
- - flavor: registry1
- architecture: arm64
- name: Publish ${{ matrix.flavor }} ${{ matrix.architecture }}
-
- permissions:
- contents: read
- packages: write
- id-token: write
-
- steps:
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
- - name: Environment setup
- uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
- with:
- registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
- registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
- ghToken: ${{ secrets.GITHUB_TOKEN }}
- chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
-
- - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
-
- - name: Build Package
- run: uds run -f tasks/publish.yaml build-package --set FLAVOR=${{ matrix.flavor }} --no-progress
-
- - name: Test Package
- if: ${{ runner.arch != 'ARM64' }}
- run: uds run -f tasks/publish.yaml test-package --set FLAVOR=${{ matrix.flavor }} --no-progress
-
- - name: Publish Package
- run: uds run -f tasks/publish.yaml publish-package --set FLAVOR=${{ matrix.flavor }} --no-progress
-
- # Only publish one version of the plugin package since it is "flavorless"
- - name: Publish Plugin Package
- if: ${{ matrix.flavor == 'upstream' }}
- run: uds run -f tasks/publish.yaml publish-plugin-package --set FLAVOR=${{ matrix.flavor }} --no-progress
-
- - name: Debug Output
- if: ${{ always() }}
- uses: defenseunicorns/uds-common/.github/actions/debug-output@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
-
- - name: Save logs
- if: always()
- uses: defenseunicorns/uds-common/.github/actions/save-logs@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
- with:
- suffix: ${{ matrix.flavor }}-${{ matrix.architecture }}-${{ github.run_id }}-${{ github.run_attempt }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 282dcbbd..e281550f 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,85 +1,62 @@
name: Test
-# This workflow is triggered on pull requests to the main branch.
on:
+ # This workflow is triggered on pull requests to the main branch.
pull_request:
- branches: [main]
- types: [milestoned, opened, synchronize]
+ # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
+ types: [milestoned, opened, reopened, synchronize]
paths-ignore:
- "**.md"
- "**.jpg"
- "**.png"
- "**.gif"
- "**.svg"
- - "adr/**"
- - "docs/**"
- - ".gitignore"
- - "renovate.json"
- - ".release-please-config.json"
- - "release-please-config.json"
- - "oscal-component.yaml"
- - "CODEOWNERS"
- - "LICENSE"
- - "CONTRIBUTING.md"
- - "SECURITY.md"
+ - adr/**
+ - docs/**
+ - .gitignore
+ - renovate.json
+ - .release-please-config.json
+ - release-please-config.json
+ - CODEOWNERS
+ - LICENSE
+ - CONTRIBUTING.md
+ - SECURITY.md
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+ contents: read # Allows reading the content of the repository.
+ packages: read # Allows reading the content of the repository's packages.
+ id-token: write
# Abort prior jobs in the same workflow / PR
concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true
-permissions:
- contents: read
- id-token: write
-
jobs:
- run-test:
- name: ${{ matrix.type }} ${{ matrix.flavor }}
- runs-on: 'uds-swf-ubuntu-big-boy-4-core'
- timeout-minutes: 20
- strategy:
- matrix:
- flavor: [upstream, unicorn, registry1]
- type: [install, upgrade]
- # do not run upgrade tests for unicorn
- # TODO @WSTARR: remove after first unicorn release
- exclude:
- - flavor: unicorn
- type: upgrade
-
+ check-flavor:
+ runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
- - name: Environment setup
- uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
- with:
- registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
- registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
- ghToken: ${{ secrets.GITHUB_TOKEN }}
- chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
-
- - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
-
- - name: Test
- uses: defenseunicorns/uds-common/.github/actions/test@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
- with:
- flavor: ${{ matrix.flavor }}
- type: ${{ matrix.type }}
-
- - name: Debug Output
- if: ${{ always() }}
- uses: defenseunicorns/uds-common/.github/actions/debug-output@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- - name: Save logs
- if: always()
- uses: defenseunicorns/uds-common/.github/actions/save-logs@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
- with:
- suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
+ - name: test-flavor
+ uses: defenseunicorns/uds-common/.github/actions/test-flavor@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
+ id: test-flavor
+ outputs:
+ upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
- - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
- if: always()
- with:
- name: playwright-report-${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
- path: tests/.playwright/reports/
- retention-days: 30
+ validate:
+ needs: check-flavor
+ strategy:
+ fail-fast: false
+ matrix:
+ type: [install, upgrade]
+ flavor: [upstream, unicorn, registry1]
+ uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
+ with:
+ upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}
+ flavor: ${{ matrix.flavor }}
+ type: ${{ matrix.type }}
+ reports-path: "tests/.playwright/reports/"
+ secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
deleted file mode 100644
index 5344be12..00000000
--- a/.pre-commit-config.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-repos:
- - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.6.0
- hooks:
- - id: check-added-large-files
- args: ["--maxkb=1024"]
- - id: check-merge-conflict
- - id: detect-aws-credentials
- args:
- - "--allow-missing-credentials"
- - id: detect-private-key
- exclude: |
- (?x)^(
- kustomizations/bigbang/environment-bb/values-bigbang.enc.yaml
- )$
- - id: end-of-file-fixer
- exclude: "^kustomizations/bigbang/vendor/.*$"
- - id: fix-byte-order-marker
- - id: trailing-whitespace
- exclude: "^kustomizations/bigbang/vendor/.*$"
- args: [--markdown-linebreak-ext=md]
- - id: check-yaml
- exclude: |
- (?x)^(
- chart/templates/uds-package.yaml|
- chart/templates/mattermost-postgres.yaml
- )$
- args:
- - "--allow-multiple-documents"
- - repo: https://github.com/sirosen/fix-smartquotes
- rev: 0.2.0
- hooks:
- - id: fix-smartquotes
- - repo: https://github.com/python-jsonschema/check-jsonschema
- rev: 0.29.1
- hooks:
- - id: check-jsonschema
- name: "Validate Zarf Configs Against Schema"
- files: "zarf.yaml"
- types: [yaml]
- args:
- [
- "--schemafile",
- "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.37.0/zarf.schema.json",
- "--no-cache"
- ]
- - repo: https://github.com/golangci/golangci-lint
- rev: v1.59.1
- hooks:
- - id: golangci-lint
- - repo: https://github.com/renovatebot/pre-commit-hooks
- rev: 38.21.2
- hooks:
- - id: renovate-config-validator
diff --git a/plugins/Dockerfile b/plugins/Dockerfile
index 0de2de3f..6e3c25cb 100644
--- a/plugins/Dockerfile
+++ b/plugins/Dockerfile
@@ -1,7 +1,7 @@
FROM cgr.dev/chainguard/busybox:latest
# renovate: datasource=github-tags depName=mattermost/mattermost-plugin-ai versioning=semver
-ENV MATTERMOST_AI_PLUGIN_VERSION=0.9.1
+ENV MATTERMOST_AI_PLUGIN_VERSION=1.0.0
# renovate: datasource=github-tags depName=mattermost/mattermost-plugin-gitlab versioning=semver
ENV MATTERMOST_GITLAB_PLUGIN_VERSION=1.9.1
diff --git a/plugins/entrypoint.sh b/plugins/entrypoint.sh
index 93238efc..19923ca2 100755
--- a/plugins/entrypoint.sh
+++ b/plugins/entrypoint.sh
@@ -10,7 +10,7 @@ for plugin_tar in ${PLUGINS_TAR};
do
plugin_tar="/extra-plugins/${plugin_tar##*/}"
echo "extracting $plugin_tar ..."
- tar -xf $plugin_tar
+ tar -xf "$plugin_tar"
done
echo "finished loading plugins"
diff --git a/tasks.yaml b/tasks.yaml
index a3fe4e16..5832e23b 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -2,21 +2,26 @@ includes:
- cleanup: ./tasks/cleanup.yaml
- dependencies: ./tasks/dependencies.yaml
- test: ./tasks/test.yaml
- - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/create.yaml
- - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/lint.yaml
- - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/pull.yaml
- - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/deploy.yaml
- - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/setup.yaml
+ - publish: ./tasks/publish.yaml
+ - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/create.yaml
+ - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/lint.yaml
+ - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/pull.yaml
+ - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/deploy.yaml
+ - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/setup.yaml
+ - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/actions.yaml
+ - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/badge.yaml
+ - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/upgrade.yaml
+ - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/compliance.yaml
tasks:
- name: default
description: Setup k3d cluster, deploy Mattermost
actions:
- - task: create-mm-test-bundle
+ - task: create-dev-package
- task: setup:k3d-test-cluster
- - task: deploy:test-bundle
+ - task: create-deploy-test-bundle
- - name: create-mm-package
+ - name: create-dev-package
description: Create the Mattermost package
actions:
- task: create:package
@@ -27,50 +32,53 @@ tasks:
path: ./plugins
options: "--skip-sbom --flavor ''"
- - name: create-mm-test-bundle
- description: Create a local UDS Mattermost bundle
- actions:
- - task: create-mm-package
- - task: dependencies:create
- - task: create:test-bundle
-
- - name: create-mm-latest-release-bundle
- description: Create UDS Mattermost bundle based on the latest release
+ - name: create-deploy-test-bundle
+ description: Test and validate cluster is deployed with Mattermost
actions:
- - task: create:package
- with:
- path: ./plugins
- options: "--skip-sbom --flavor ''"
- - task: pull:latest-package-release
- with:
- spoof_release: "true"
- task: dependencies:create
- task: create:test-bundle
+ - task: deploy:test-bundle
+ - task: setup:create-doug-user
+ - task: test:all
- name: dev
description: Create and deploy the bundle on an existing cluster (for iteration/dev speed)
actions:
- - task: create-mm-test-bundle
+ - task: create-dev-package
+ - task: create:test-bundle
- task: deploy:test-bundle
-# CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
+# CI will execute the following (via uds-common/.github/workflows/callable-[test|publish].yaml) so they need to be here with these names
- name: test-package
description: Test deploying the current branch to a new cluster
actions:
- - task: create-mm-test-bundle
+ - task: create-dev-package
- task: setup:k3d-test-cluster
- - task: deploy:test-bundle
- - task: setup:create-doug-user
- - task: test:all
+ - task: create-deploy-test-bundle
+ - task: compliance:validate
- name: test-upgrade
description: Test an upgrade from the latest released package to the current branch
actions:
- - task: create-mm-latest-release-bundle
+ - task: upgrade:create-latest-tag-bundle
+ with:
+ # TODO: (@ZMILLER) remove zarf package create on next release
+ dep_commands: "./uds run dependencies:create && ./uds zarf package create plugins/ --confirm --no-progress"
- task: setup:k3d-test-cluster
- task: deploy:test-bundle
- - task: setup:create-doug-user
- - task: create-mm-test-bundle
- - task: deploy:test-bundle
- - task: test:all
+ - task: compliance:validate
+ - task: create-dev-package
+ - task: create-deploy-test-bundle
+ - task: compliance:validate
+ - task: compliance:evaluate
+
+ - name: publish-package
+ description: Build and publish the packages
+ actions:
+ - task: actions:determine-arch
+ - task: publish:build-package
+ - task: create-deploy-test-bundle
+ if: ${{ and (ne .variables.FLAVOR "upstream") (ne .variables.ARCH "arm64") }}
+ - task: publish:publish-package
+ - task: publish:publish-plugin-package
diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml
index f10ef64f..3c1dd5dc 100644
--- a/tasks/dependencies.yaml
+++ b/tasks/dependencies.yaml
@@ -2,5 +2,6 @@ tasks:
- name: create
description: Create the Dependency Zarf Package
actions:
- - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH}
- - cmd: uds zarf package create src/namespace/ --confirm --no-progress --architecture=${UDS_ARCH}
+ - cmd: ./uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture="${UDS_ARCH}"
+ - cmd: ./uds zarf package create src/namespace/ --confirm --no-progress --architecture="${UDS_ARCH}"
+ - cmd: ./uds zarf package create plugins/ --confirm --no-progress
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
index a44670ca..a36a78ea 100644
--- a/tasks/publish.yaml
+++ b/tasks/publish.yaml
@@ -1,10 +1,10 @@
includes:
- dependencies: ./dependencies.yaml
- test: ./test.yaml
- - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/create.yaml
- - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/deploy.yaml
- - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/publish.yaml
- - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/setup.yaml
+ - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/create.yaml
+ - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/deploy.yaml
+ - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/publish.yaml
+ - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/setup.yaml
tasks:
- name: build-package
@@ -16,16 +16,6 @@ tasks:
path: ./plugins
options: "--flavor ''"
- - name: test-package
- description: Test the package
- actions:
- - task: dependencies:create
- - task: create:test-bundle
- - task: setup:k3d-test-cluster
- - task: deploy:test-bundle
- - task: setup:create-doug-user
- - task: test:all
-
- name: publish-package
description: Publish the packages
actions: