Skip to content

Commit

Permalink
Merge branch 'validate-pol-issue' of github.com:anushkamittal2001/kyv…
Browse files Browse the repository at this point in the history
…erno into validate-pol-issue
  • Loading branch information
anushkamittal20 committed Jul 30, 2024
2 parents d6c2390 + 454dda4 commit 1124793
Show file tree
Hide file tree
Showing 664 changed files with 3,120 additions and 783 deletions.
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/bug-cli.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ body:
- 1.12.2
- 1.12.3
- 1.12.4
- 1.12.5
validations:
required: true
- type: textarea
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/bug-other.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ body:
- 1.12.2
- 1.12.3
- 1.12.4
- 1.12.5
validations:
required: true
- type: textarea
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/bug-webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ body:
- 1.12.2
- 1.12.3
- 1.12.4
- 1.12.5
validations:
required: true
- type: dropdown
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/clean-stale-branches.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Cleanup Stale Branches
uses: cbrgm/cleanup-stale-branches-action@d0f8b6440d1a5eb71cec3ebe376d83a74b901ca0 # v1.1.18
uses: cbrgm/cleanup-stale-branches-action@03d7d18e1a5ca5663846c6399e0614941d4985c3 # v1.1.19
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/conformance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -646,7 +646,7 @@ jobs:
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
# create cluster
- name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@bfc40f4d3aa430f28cec9c68b628df983601810e
uses: sigstore/scaffolding/actions/setup@634364a897dff805b1a26ab18abaefe379616785
with:
version: main
k8s-version: ${{ matrix.k8s-version.version }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/devcontainer-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
- name: Build devcontainer image
run: docker build .devcontainer
- name: Trivy Scan Image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with:
scan-type: 'fs'
ignore-unfixed: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
- uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: 3.7
- name: Set up chart-testing
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: Setup python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: 3.7
- name: Set up chart-testing
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/images-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
- name: ko build
run: VERSION=${{ github.ref_name }} make ko-build-all
- name: Trivy Scan Image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with:
scan-type: 'fs'
ignore-unfixed: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/images-publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
uses: ./.github/actions/setup-build-env
timeout-minutes: 30
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with:
scan-type: 'fs'
ignore-unfixed: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: golangci-lint
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v3.7.1
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v3.7.1
with:
version: v1.54.2
skip-cache: true
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
uses: ./.github/actions/setup-build-env
timeout-minutes: 30
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with:
scan-type: 'fs'
ignore-unfixed: true
Expand Down Expand Up @@ -300,7 +300,7 @@ jobs:
file_glob: true
tag: ${{ github.ref }}
- name: Login to GHCR
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/report-on-vulnerabilities.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
echo "releasebranch2=$releasebranch2" >> $GITHUB_OUTPUT
- name: Scan for vulnerabilities in latest image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0)
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0)

with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
Expand All @@ -40,7 +40,7 @@ jobs:
output: scan1.json

- name: Scan for vulnerabilities in latest-1 image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0)
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0)
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch1 }}
format: json
Expand All @@ -49,7 +49,7 @@ jobs:
output: scan2.json

- name: Scan for vulnerabilities in latest-2 image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0)
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0)
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch2 }}
format: json
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
with:
persist-credentials: false
- name: Run analysis
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -40,6 +40,6 @@ jobs:
path: results.sarif
retention-days: 5
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
with:
sarif_file: results.sarif
12 changes: 6 additions & 6 deletions .nancy-ignore
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# golang/k8s.io/apiserver@v0.29.2
CVE-2020-8561 until=2024-06-30
# golang/github.com/notaryproject/notation-go@v1.1.0
CVE-2024-23332 until=2024-06-30
# golang/github.com/hashicorp/vault/api@v1.12.2
CVE-2024-2660 until=2024-06-30
# golang/k8s.io/apiserver@v0.30.1
CVE-2020-8561 until=2024-12-30
# golang/github.com/notaryproject/notation-go@v1.1.1
CVE-2024-23332 until=2024-12-30
# golang/github.com/hashicorp/vault/api@v1.14.0
CVE-2024-2660 until=2024-12-30
36 changes: 3 additions & 33 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -1,36 +1,6 @@
# Kyverno Community Code of Conduct v1.0
# Code of Conduct

## Contributor Code of Conduct
[Kyverno and its sub-projects](https://github.com/kyverno#projects) follow the Code of Conduct published and maintained at https://github.com/kyverno/community/blob/main/CODE_OF_CONDUCT.md.


As contributors and maintainers of this project, and in the interest of fostering
an open and welcoming community, we pledge to respect all people who contribute
through reporting issues, posting feature requests, updating documentation,
submitting pull requests or patches, and other activities.

We are committed to making participation in this project a harassment-free experience for
everyone, regardless of level of experience, gender, gender identity and expression,
sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
religion, or nationality.

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery
* Personal attacks
* Trolling or insulting/derogatory comments
* Public or private harassment
* Publishing other's private information, such as physical or electronic addresses, without explicit permission
* Other unethical or unprofessional conduct.

Project maintainers have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are not
aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers
commit themselves to fairly and consistently applying these principles to every aspect
of managing this project. Project maintainers who do not follow or enforce the Code of
Conduct may be permanently removed from the project team.

This code of conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community.

Instances of abusive, harassing, or otherwise unacceptable behavior in Kubernetes may be reported by contacting the project maintainer(s).

This Code of Conduct is adapted from the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md) and the [Contributor Covenant](https://www.contributor-covenant.org/), [version 1.2.0](https://www.contributor-covenant.org/version/1/2/0/code-of-conduct/).
137 changes: 11 additions & 126 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,46 +1,24 @@
# Contributing Guidelines for Kyverno
# Contributor Guidelines for Kyverno

We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out!
[Kyverno and its sub-projects](https://github.com/kyverno#projects) follow the contributor guidelines published at: https://github.com/kyverno/community/blob/main/CODE_OF_CONDUCT.md.

Before you contribute, please take a moment to review and agree to abide by our community [Code of Conduct](/CODE_OF_CONDUCT.md).
Please review the general guidelines before proceeding further to the project specific information below.

- [Contributing Guidelines for Kyverno](#contributing-guidelines-for-kyverno)
- [Engage with us](#engage-with-us)
- [Ways you can contribute](#ways-you-can-contribute)
- [1. Report issues](#1-report-issues)
- [2. Fix or Improve Documentation](#2-fix-or-improve-documentation)
- [3. Submit Pull Requests](#3-submit-pull-requests)
- [How to Create a PR](#how-to-create-a-pr)
- [Developer Certificate of Origin (DCO) Sign off](#developer-certificate-of-origin-dco-sign-off)
- [Release Processes](#release-processes)
### Fix or Improve Kyverno Documentation

## Engage with us

The Kyverno website has the most updated information on [how to engage with the Kyverno community](https://kyverno.io/community/) including its maintainers and contributors. There are three classes of contributors possible: Contributor, Code Owner, and Maintainer. Please see the [Contributing section on the website](https://kyverno.io/community/#contributing) for the requirements and privileges afforded to each.

Join our community meetings to learn more about Kyverno and engage with other contributors.

## Ways you can contribute

### 1. Report issues

Issues to Kyverno help improve the project in multiple ways including the following:

- Report potential bugs
- Request a feature
- Request a sample policy
The [Kyverno website](https://kyverno.io), like the main Kyverno codebase, is stored in its own [git repo](https://github.com/kyverno/website). To get started with contributions to the documentation, [follow the guide](https://github.com/kyverno/website#contributing) on that repository.

### 2. Fix or Improve Documentation
### Developer Guides

The [Kyverno website](https://kyverno.io), like the main Kyverno codebase, is stored in its own [git repo](https://github.com/kyverno/website). To get started with contributions to the documentation, [follow the guide](https://github.com/kyverno/website#contributing) on that repository.
To learn about the code base and developer processes, refer to the [development guide](/DEVELOPMENT.md).

### 3. Submit Pull Requests
### Good First Issues

[Pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) (PRs) allow you to contribute back the changes you've made on your side enabling others in the community to benefit from your hard work. They are the main source by which all changes are made to this project and are a standard piece of GitHub operational flows.
Maintainers identify issues that are ideal for new contributors with a `good first issue` label.

New contributors may easily view all [open issues labeled as good first issues](https://github.com/kyverno/kyverno/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) allowing you to get started in an approachable manner.
View all Kyverno [good first issues](https://github.com/kyverno/kyverno/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).

Once you wish to get started contributing to the code base, please refer to our [development guide](/DEVELOPMENT.md) for a how-to.
### Pull Request Guidelines

In the process of submitting your PRs, please read and abide by the template provided to ensure the maintainers are able to understand your changes and quickly come up to speed. There are some important pieces that are required outside the code itself. Some of these are up to you, others are up to the maintainers.

Expand All @@ -49,99 +27,6 @@ In the process of submitting your PRs, please read and abide by the template pro
3. Test your change with the [Kyverno CLI](https://kyverno.io/docs/kyverno-cli/) and provide a test manifest in the proper format. If your feature/fix does not work with the CLI, a separate issue requesting CLI support must be made. For changes which can be tested as an end user, we require conformance/e2e tests by using the `chainsaw` tool. See [here](https://github.com/kyverno/kyverno/tree/main/test/conformance/chainsaw/README.md) for a specific guide on how and when to write these tests.
4. Indicate which release this PR is triaged for (maintainers). This step is important especially for the documentation maintainers in order to understand when and where the necessary changes should be made.

#### How to Create a PR

Head over to the project repository on GitHub and click the **"Fork"** button. With the forked copy, you can try new ideas and implement changes to the project.

1. **Clone the repository to your device:**

Get the link of your forked repository, paste it in your device terminal and clone it using the command.

```sh
git clone https://hostname/YOUR-USERNAME/YOUR-REPOSITORY
```

2. **Create a branch:**

Create a new brach and navigate to the branch using this command.

```sh
git checkout -b <new-branch>
```

Great, it's time to start hacking! You can now go ahead to make all the changes you want.

3. **Stage, Commit, and Push changes:**

Now that we have implemented the required changes, use the command below to stage the changes and commit them.

```sh
git add .
```

```sh
git commit -s -m "Commit message"
```

The `-s` signifies that you have signed off the commit.

Go ahead and push your changes to GitHub using this command.

```sh
git push
```

#### Cherry-pick PRs to release branches

Add repository as remote

```sh
git remote add <name> https://github.com/kyverno/kyverno
```
Then fetch the branches of remote:

```sh
git fetch <name>
```

You will notice that there are a number of branches related to Kyverno's releases such as release-1.7. You can always view the list of remote branches by using the command below:

```sh
$ git branch -r
...
origin/release-1.5
origin/release-1.6
origin/release-1.7
```

Checkout one of the release branch and cherry-pick the PRs you want to merge into the release branch:

```sh
$ git checkout release-1.7

git cherry-pick <commit-hash> -s

git push --set-upstream origin release-1.7
```

Once the commit has been cherry-picked, the author will need to open a PR merging to the release branch, release-1.7 for example.

#### Developer Certificate of Origin (DCO) Sign off

For contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project, we are requiring everyone to acknowledge this by signing their work which indicates you agree to the DCO found [here](https://developercertificate.org/).

To sign your work, just add a line like this at the end of your commit message:

```sh
Signed-off-by: Random J Developer <random@developer.example.org>
```

This can easily be done with the `-s` command line option to append this automatically to your commit message.

```sh
git commit -s -m 'This is my commit message'
```

## Release Processes

Review the Kyverno release process at: https://kyverno.io/docs/releases/
Loading

0 comments on commit 1124793

Please sign in to comment.