Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge upstream 0.7.3 #271

Draft
wants to merge 51 commits into
base: main
Choose a base branch
from
Draft

Merge upstream 0.7.3 #271

wants to merge 51 commits into from

Conversation

lance
Copy link
Member

@lance lance commented Jul 9, 2024

Merges upstream changes up to the 0.7.3 release.

NOTE: Do not do a squash commit when landing this PR. Please do a merge commit.

cpanato and others added 30 commits May 19, 2024 12:03
@cpanato
update scaffolind release to v0.7.1 (sigstore#1106)
3f910dd 
Signed-off-by: cpanato <[email protected]>
@dependabot
Bump actions/checkout from 4.1.5 to 4.1.6 (sigstore#1112)
73c1b82 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@44c2b7a...a5ac7e5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github/codeql-action from 2.13.4 to 3.25.5 (sigstore#1113)
28395b7 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.13.4 to 3.25.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@cdcdbb5...b7cec75)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (sigstore#1111)
c9e0d45 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.64.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.63.2...v1.64.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bobcallaway
expose database collation setting as tf variable (sigstore#1114)
4fdf325 
* expose database collation setting as tf variable

Signed-off-by: Bob Callaway <[email protected]>

* add to sigstore module too

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>
@vishal-chdhry
chore: add support for kubernetes version 1.30 (sigstore#1115)
c59aa57 
Signed-off-by: Vishal Choudhary <[email protected]>
@dependabot
Bump github/codeql-action from 3.25.5 to 3.25.6 (sigstore#1117)
074302f 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.5 to 3.25.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b7cec75...9fdb3e4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump cloud-sql-connectors/cloud-sql-proxy (sigstore#1118)
0ea393c 
Bumps [cloud-sql-connectors/cloud-sql-proxy](https://github.com/GoogleCloudPlatform/cloud-sql-proxy) from 2.11.2-alpine to 2.11.3-alpine.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/main/CHANGELOG.md)
- [Commits](GoogleCloudPlatform/cloud-sql-proxy@v2.11.2...v2.11.3)

---
updated-dependencies:
- dependency-name: cloud-sql-connectors/cloud-sql-proxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bobcallaway
add variable to expose index.html from tuf buckets (sigstore#1119)
861941d 
Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump the terraform group (sigstore#1120)
3369fe8 
Bumps the terraform group in /terraform/gcp/modules/external_secrets with 2 updates: [hashicorp/google](https://github.com/hashicorp/terraform-provider-google) and [hashicorp/helm](https://github.com/hashicorp/terraform-provider-helm).


Updates `hashicorp/google` from 5.29.1 to 5.31.1
- [Release notes](https://github.com/hashicorp/terraform-provider-google/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-google/blob/v5.31.1/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-google@v5.29.1...v5.31.1)

Updates `hashicorp/helm` from 2.13.1 to 2.13.2
- [Release notes](https://github.com/hashicorp/terraform-provider-helm/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-helm/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-helm@v2.13.1...v2.13.2)

---
updated-dependencies:
- dependency-name: hashicorp/google
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform
- dependency-name: hashicorp/helm
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: terraform
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump hashicorp/helm (sigstore#1123)
e23b7f9 
Bumps the terraform group in /terraform/gcp/modules/argocd with 1 update: [hashicorp/helm](https://github.com/hashicorp/terraform-provider-helm).


Updates `hashicorp/helm` from 2.13.1 to 2.13.2
- [Release notes](https://github.com/hashicorp/terraform-provider-helm/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-helm/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-helm@v2.13.1...v2.13.2)

---
updated-dependencies:
- dependency-name: hashicorp/helm
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: terraform
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 (sigst…
7670337 
…ore#1125)

Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.6 to 0.7.7.
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](hashicorp/go-retryablehttp@v0.7.6...v0.7.7)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (sigstore#1126)
3e96f2a 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github/codeql-action from 3.25.6 to 3.25.7 (sigstore#1129)
71934a3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9fdb3e4...f079b84)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump docker/login-action from 3.1.0 to 3.2.0 (sigstore#1128)
8635bcb 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@e92390c...0d4c9c5)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bobcallaway
Add playbook for redis memory increase alert (sigstore#1124)
a7cba01 
Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (sigstore#1130)
b29c4e7 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0.
- [Commits](golang/crypto@v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump golang.org/x/net from 0.25.0 to 0.26.0 (sigstore#1131)
1994d3e 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.25.0 to 0.26.0.
- [Commits](golang/net@v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github/codeql-action from 3.25.7 to 3.25.8 (sigstore#1133)
c248655 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f079b84...2e230e8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (sigstore#1132)
19922c0 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@5742e2a...286f3b1)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bobcallaway
upgrade metallb (sigstore#1136)
f5bd350 
* upgrade metallb

Signed-off-by: Bob Callaway <[email protected]>

* print version

Signed-off-by: Bob Callaway <[email protected]>

* change network subnet calc

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump cloud-sql-connectors/cloud-sql-proxy (sigstore#1135)
91a4186 
Bumps [cloud-sql-connectors/cloud-sql-proxy](https://github.com/GoogleCloudPlatform/cloud-sql-proxy) from 2.11.3-alpine to 2.11.4-alpine.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/main/CHANGELOG.md)
- [Commits](GoogleCloudPlatform/cloud-sql-proxy@v2.11.3...v2.11.4)

---
updated-dependencies:
- dependency-name: cloud-sql-connectors/cloud-sql-proxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (sigstore#1134)
be04a6d 
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.5.1 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/internal/v1.5.1...sdk/azcore/v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @bobcallaway
Bump github.com/google/certificate-transparency-go from 1.1.8 to 1.2.1 (
d9197cb 
sigstore#1127)

* Bump github.com/google/certificate-transparency-go from 1.1.8 to 1.2.1

Bumps [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) from 1.1.8 to 1.2.1.
- [Release notes](https://github.com/google/certificate-transparency-go/releases)
- [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md)
- [Commits](google/certificate-transparency-go@v1.1.8...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/google/certificate-transparency-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* add patch version to go.mod

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <[email protected]>
@bobcallaway
bump google provider to 5.33.0 (sigstore#1137)
3f8559c 
Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump actions/checkout from 4.1.6 to 4.1.7 (sigstore#1143)
4b66cdb 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@a5ac7e5...692973e)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bobcallaway
bump terraform to 1.8.5 (sigstore#1116)
091e5f8 
* bump terraform to 1.8.4

Signed-off-by: Bob Callaway <[email protected]>

* bump to 1.8.5

Signed-off-by: Bob Callaway <[email protected]>

* fix gh workflow to use 1.8.5

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (sigstore#1138)
34abb9d 
Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github/codeql-action from 3.25.8 to 3.25.10 (sigstore#1144)
bcd5cdc 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@2e230e8...23acc5c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @bobcallaway
Bump k8s.io/apimachinery from 0.29.3 to 0.30.2 (sigstore#1139)
41d4790 
* Bump k8s.io/apimachinery from 0.29.3 to 0.30.2

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.3 to 0.30.2.
- [Commits](kubernetes/apimachinery@v0.29.3...v0.30.2)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* bump go to 1.22

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <[email protected]>
dependabot bot and others added 19 commits June 17, 2024 18:11
@dependabot @bobcallaway
Bump k8s.io/client-go from 0.29.3 to 0.30.2 (sigstore#1142)
fb8d181 
* Bump k8s.io/client-go from 0.29.3 to 0.30.2

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.3 to 0.30.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.29.3...v0.30.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* bump go to 1.22

Signed-off-by: Bob Callaway <[email protected]>

* bump the other dep too

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <[email protected]>
@bobcallaway
add cloudsql.client role to trillian SA (sigstore#1146)
5b77732 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
update default for mysql-shard to v8.0.37 (sigstore#1147)
f0b09c0 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
declare instance name, tier for shard; comment out moved block for pr…
f70cb19 
…evious move (sigstore#1148)

Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump ko-build/setup-ko from 0.6 to 0.7 (sigstore#1149)
fbf6970 
Bumps [ko-build/setup-ko](https://github.com/ko-build/setup-ko) from 0.6 to 0.7.
- [Release notes](https://github.com/ko-build/setup-ko/releases)
- [Commits](ko-build/setup-ko@ace48d7...3aebd05)

---
updated-dependencies:
- dependency-name: ko-build/setup-ko
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bobcallaway
bump google provider for ext secrets module to match (sigstore#1151)
8381c7f 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
enable DB deletion protection across all GCP API surfaces (sigstore#1150
0c046ff 
)

* enable DB deletion protection across all GCP API surfaces

Signed-off-by: Bob Callaway <[email protected]>

* move into settings block

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
add ssl_mode given deprecation of require_ssl (sigstore#1152)
0f6854b 
Signed-off-by: Bob Callaway <[email protected]>
@dependabot
Bump github/codeql-action from 3.25.10 to 3.25.11 (sigstore#1156)
07a27af 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@23acc5c...b611370)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 (sigstore#1158)
de0567a
@dependabot
Bump the terraform group (sigstore#1157)
043f460
@dependabot
Bump hashicorp/helm (sigstore#1153)
8f7aa09
@bobcallaway
bump base disk for bastion to debian 12 (sigstore#1161)
f775933 
Signed-off-by: Bob Callaway <[email protected]>
@cmurphy
Add v1 Fulcio endpoint to prober (sigstore#1160)
ed0c480 
There is an SLO set up for the /api/v1/signingCert Fulcio endpoint[1],
but it is currently reporting "No SLO status data" because the prober
was never testing that endpoint. This lead to an outage that went
undetected by the monitoring system.

Cosign uses the legacy certificate request endpoint in its Fulcio
client[2][3]. This means that the v1 endpoint is likely the most used
and therefore an important health indicator. This change adds the v1
endpoint to the prober test, which should populate Prometheus with data
which should activate the SLO.

[1] https://github.com/sigstore/scaffolding/blob/8f7aa097e54eabcecbc671818f9eb5f0e723e54b/terraform/gcp/modules/monitoring/fulcio/slo.tf#L79-L83
[2] https://github.com/sigstore/cosign/blob/79db196e2d97e7dfc4d8201ef829d4ce906605a7/cmd/cosign/cli/fulcio/fulcio.go#L32
[3] https://github.com/sigstore/fulcio/blob/07b19da442b418ebcf072ac65a7abb25f0e3d5c8/pkg/api/client.go#L60

Signed-off-by: Colleen Murphy <[email protected]>
@cmurphy
Add alert for cloud-sql-proxy connection failures (sigstore#1162)
f13cff5 
Add an alert to report on connection errors coming from the
cloud-sql-proxy sidecars in the trillian and rekor deployments. This
should detect when the proxy service account user has lost its
permissions to access the sql instance.

Signed-off-by: Colleen Murphy <[email protected]>
@cmurphy
Allow rekor service account to post to metrics (sigstore#1163)
d8a097a 
The rekor service account was assigned the cloudsql.client to allow it
to connect to MySQL, but it was not given permission to report metrics
for doing so. Copy the permissions that the trillian logserver user has
to post to Stackdriver.

Signed-off-by: Colleen Murphy <[email protected]>
@bobcallaway
enable os patch runs nightly for bastion images (sigstore#1164)
790d02d 
* enable os patch runs nightly for bastion images

Signed-off-by: Bob Callaway <[email protected]>

* fix fmt

Signed-off-by: Bob Callaway <[email protected]>

* switch to UTC

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
enable osconfig API (sigstore#1165)
bfc40f4 
Signed-off-by: Bob Callaway <[email protected]>
@lance
Merge tag 'v0.7.3'
2ec2dd6 
v0.7.3
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 9, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lance

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@lance
Copy link
Member Author

lance commented Jul 10, 2024

/retest

@lance
fixup: toolchain 1.22.4
24fb7c2 
Signed-off-by: Lance Ball <[email protected]>
@lance
Copy link
Member Author

lance commented Jul 10, 2024

/hold for updates to cachi2

@lance lance marked this pull request as draft July 10, 2024 16:32
@lance
Copy link
Member Author

lance commented Sep 6, 2024

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/hold do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lance @cpanato @bobcallaway @vishal-chdhry @cmurphy