From 49bca2c7f7e80060e5968f9204894aa51e6cbec7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 16:39:03 -0600 Subject: [PATCH] chore(deps): update sigstore support dependencies (#28) * chore(deps): update sigstore support dependencies | datasource | package | from | to | | ----------- | -------------------------- | ------ | ------ | | github-tags | actions/checkout | v4.2.1 | v4.2.2 | | github-tags | defenseunicorns/uds-common | v1.1.2 | v1.2.2 | * add zarf yaml override * add certs deps * fix certs * add job name selector * update job deletion --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr --- .github/workflows/ci-docs-shim.yaml | 2 +- .github/workflows/commitlint.yaml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/test.yaml | 8 +++++--- src/ctlog/common/zarf.yaml | 4 ++++ src/rekor/common/zarf.yaml | 3 +++ tasks.yaml | 24 ++++++++++++++---------- tasks/dependencies.yaml | 1 - 10 files changed, 31 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 8e11eb2..2ca976b 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -18,7 +18,7 @@ jobs: matrix: type: [install, upgrade] flavor: [upstream, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 with: flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 03c4917..120c353 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -15,4 +15,4 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index ee594a2..711435e 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,5 +15,5 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 34c3206..91e6b21 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -41,7 +41,7 @@ jobs: exclude: - flavor: registry1 architecture: arm64 - uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 with: flavor: ${{ matrix.flavor }} runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 1d7a6a5..09cadb9 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -32,5 +32,5 @@ jobs: security-events: write # Used to receive a badge. id-token: write - uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 secrets: inherit diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1b32d18..6859289 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -41,11 +41,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: test-flavor - uses: defenseunicorns/uds-common/.github/actions/test-flavor@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/actions/test-flavor@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 id: test-flavor + with: + check-flavor-zarf-yaml: src/ctlog/zarf.yaml outputs: upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} @@ -56,7 +58,7 @@ jobs: matrix: type: [install, upgrade] flavor: [upstream, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2 with: upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} flavor: ${{ matrix.flavor }} diff --git a/src/ctlog/common/zarf.yaml b/src/ctlog/common/zarf.yaml index 128c2ca..cef8fa2 100644 --- a/src/ctlog/common/zarf.yaml +++ b/src/ctlog/common/zarf.yaml @@ -23,6 +23,10 @@ components: - ../values/values.yaml actions: onDeploy: + before: + # delete the old jobs so that an upgrade will work + - cmd: ./zarf tools kubectl delete jobs -n ctlog-system ctlog-createctconfig || true + - cmd: ./zarf tools kubectl delete jobs -n ctlog-system ctlog-createtree || true after: - description: Validate CtLog Package maxTotalSeconds: 300 diff --git a/src/rekor/common/zarf.yaml b/src/rekor/common/zarf.yaml index 621d930..383dbbe 100644 --- a/src/rekor/common/zarf.yaml +++ b/src/rekor/common/zarf.yaml @@ -23,6 +23,9 @@ components: - ../values/values.yaml actions: onDeploy: + before: + # delete the old job so that an upgrade will work + - cmd: ./zarf tools kubectl delete jobs -n rekor-system rekor-createtree || true after: - description: Validate Rekor Package maxTotalSeconds: 300 diff --git a/tasks.yaml b/tasks.yaml index 891dd91..df545c0 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -4,16 +4,16 @@ includes: - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/publish.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/setup.yaml - - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/actions.yaml - - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/badge.yaml - - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/upgrade.yaml - - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/compliance.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/publish.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/setup.yaml + - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/actions.yaml + - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/badge.yaml + - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/upgrade.yaml + - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/compliance.yaml tasks: - name: default @@ -74,6 +74,7 @@ tasks: - name: test-install description: Test the health of a Sigstore deployment actions: + - task: dependencies:certs - task: create-dev-package - task: setup:k3d-test-cluster - task: create-deploy-test-bundle @@ -82,6 +83,7 @@ tasks: - name: test-upgrade description: Test an upgrade from the latest released package to the current branch actions: + - task: dependencies:certs - task: upgrade:create-latest-tag-bundle with: dep_commands: ./uds run dependencies:create @@ -99,6 +101,8 @@ tasks: - task: actions:determine-arch - task: create:package + - task: dependencies:certs + if: ${{ or (ne .variables.FLAVOR "upstream") (ne .variables.ARCH "arm64") }} - task: setup:k3d-test-cluster if: ${{ or (ne .variables.FLAVOR "upstream") (ne .variables.ARCH "arm64") }} - task: create-deploy-test-bundle diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml index 80ddc61..4b81afc 100644 --- a/tasks/dependencies.yaml +++ b/tasks/dependencies.yaml @@ -12,7 +12,6 @@ tasks: default: ${UDS_ARCH} actions: - cmd: ./uds zarf package create src/dev-openbao/ --confirm --no-progress --architecture=${{ .inputs.architecture }} --skip-sbom ${{ .inputs.options }} - - task: certs - name: certs description: Create the certificates needed to initialize Fulcio / TSA