diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 2a8d19bf0..863cb348a 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -1,19 +1,19 @@ categories: - - title: '⚠️ Breaking changes' + - title: "⚠️ Breaking changes" labels: - - 'kind/major' - - 'kind/breaking-change' - - title: '🚀 Features' + - "kind/major" + - "kind/breaking-change" + - title: "🚀 Features" labels: - - 'kind/enhancement' - - 'kind/feature' - - title: '🐛 Bug Fixes' + - "kind/enhancement" + - "kind/feature" + - title: "🐛 Bug Fixes" labels: - - 'kind/bug' - - title: '🧰 Maintenance' + - "kind/bug" + - title: "🧰 Maintenance" labels: - - 'kind/chore' - - 'area/dependencies' + - "kind/chore" + - "area/dependencies" exclude-labels: - duplicate @@ -23,44 +23,51 @@ exclude-labels: - kind/question - release/skip-changelog -change-template: '- $TITLE (#$NUMBER)' +change-template: "- $TITLE (#$NUMBER)" change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. -name-template: 'v$RESOLVED_VERSION' +name-template: "v$RESOLVED_VERSION" template: | $CHANGES autolabeler: - # Tag any PR with "!" in the subject as major update. In other words, breaking change - - label: 'kind/breaking-change' - title: '/.*!:.*/' - - label: 'area/dependencies' - title: 'chore(deps)' - - label: 'area/dependencies' - title: 'fix(deps)' - - label: 'area/dependencies' - title: 'build(deps)' - - label: 'kind/feature' - title: 'feat' - - label: 'kind/bug' - title: 'fix' - - label: 'kind/chore' - title: 'chore' + # Tag any PR with "!" in the subject as major update. In other words, breaking change + - label: "kind/breaking-change" + title: + - "/.*!:.*/" + - label: "area/dependencies" + title: + - "chore(deps)" + - label: "area/dependencies" + title: + - "fix(deps)" + - label: "area/dependencies" + title: + - "build(deps)" + - label: "kind/feature" + title: + - "feat" + - label: "kind/bug" + title: + - "fix" + - label: "kind/chore" + title: + - "chore" version-resolver: major: labels: - - 'kind/major' - - 'kind/breaking-change' + - "kind/major" + - "kind/breaking-change" minor: labels: - - 'kind/minor' - - 'kind/feature' - - 'kind/enhancement' + - "kind/minor" + - "kind/feature" + - "kind/enhancement" patch: labels: - - 'kind/patch' - - 'kind/fix' - - 'kind/bug' - - 'kind/chore' - - 'area/dependencies' + - "kind/patch" + - "kind/fix" + - "kind/bug" + - "kind/chore" + - "area/dependencies" default: patch diff --git a/.github/workflows/autolabeler.yml b/.github/workflows/autolabeler.yml new file mode 100644 index 000000000..719833c66 --- /dev/null +++ b/.github/workflows/autolabeler.yml @@ -0,0 +1,19 @@ +name: Autolabeler + +on: + pull_request: + # Only following types are handled by the action, but one can default to all as well + types: [opened, reopened, synchronize, edited] + +permissions: + contents: read + +jobs: + autolabeler: + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter/autolabeler@139054aeaa9adc52ab36ddf67437541f039b88e2 # v7.1.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-kwctl.yml b/.github/workflows/build-kwctl.yml index e3b7736fa..1ff795396 100644 --- a/.github/workflows/build-kwctl.yml +++ b/.github/workflows/build-kwctl.yml @@ -117,7 +117,7 @@ jobs: - name: Generate attestations if: ${{ !inputs.build_only }} - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 id: attestations with: subject-path: kwctl-linux-${{ matrix.targetarch }} @@ -134,7 +134,7 @@ jobs: - name: Upload binary if: ${{ !inputs.build_only }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-linux-${{ matrix.targetarch }} path: kwctl-linux-${{ matrix.targetarch }}.zip @@ -163,7 +163,7 @@ jobs: - name: Upload kwctl SBOM files if: ${{ !inputs.build_only }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-linux-${{ matrix.targetarch }}-sbom path: | @@ -172,7 +172,7 @@ jobs: - name: Upload kwctl air gap scripts if: ${{ !inputs.build_only && matrix.targetarch == 'x86_64' }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-airgap-scripts path: | @@ -211,7 +211,7 @@ jobs: - name: Generate attestations if: ${{ !inputs.build_only }} - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 id: attestations with: subject-path: kwctl-darwin-${{ matrix.targetarch }} @@ -228,7 +228,7 @@ jobs: - name: Upload binary if: ${{ !inputs.build_only }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-darwin-${{ matrix.targetarch }} path: kwctl-darwin-${{ matrix.targetarch }}.zip @@ -259,7 +259,7 @@ jobs: - name: Upload kwctl SBOM files if: ${{ !inputs.build_only }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-darwin-${{ matrix.targetarch }}-sbom path: | @@ -306,7 +306,7 @@ jobs: - name: Generate attestations if: ${{ !inputs.build_only }} - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 id: attestations with: subject-path: kwctl-windows-${{ matrix.targetarch }}.exe @@ -326,7 +326,7 @@ jobs: - name: Upload binary if: ${{ !inputs.build_only }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-windows-x86_64 path: kwctl-windows-x86_64.exe.zip @@ -358,7 +358,7 @@ jobs: - name: Upload kwctl SBOM files if: ${{ !inputs.build_only }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kwctl-windows-x86_64-sbom path: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 380dec3a8..e74f9e12b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -361,7 +361,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 # Disable plugin verification until the following issue is addressed https://github.com/helm-unittest/helm-unittest/issues/777 - name: Install Helm-unittest run: helm plugin install https://github.com/helm-unittest/helm-unittest --verify=false diff --git a/.github/workflows/open-release-pr.yml b/.github/workflows/open-release-pr.yml index f3b0bd99d..5a0f7d7c3 100644 --- a/.github/workflows/open-release-pr.yml +++ b/.github/workflows/open-release-pr.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2.2.2 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: generate-token with: app-id: ${{ secrets.APP_ID }} @@ -32,7 +32,7 @@ jobs: - name: Install helm # Helm and helm plugins installation required by the updatecli release action - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 - name: Install helm values schema json plugin # Disable plugin verification until helm v4 is supported diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 0f87f607b..d1b8f3c3d 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -6,10 +6,6 @@ on: # branches to consider in the event; optional, defaults to all branches: - main - # pull_request event is required only for autolabeler - pull_request: - # Only following types are handled by the action, but one can default to all as well - types: [opened, reopened, synchronize, edited] permissions: contents: read @@ -19,16 +15,9 @@ jobs: permissions: # write permission is required to create a github release contents: write - # write permission is required for autolabeler - # otherwise, read permission is required at least - pull-requests: write + pull-requests: read runs-on: ubuntu-latest steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@6a93d829887aa2e0748befe2e808c66c0ec6e4c7 # v6.4.0 - # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml - # with: - # config-name: my-config.yml - # disable-autolabeler: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: release-drafter/release-drafter@139054aeaa9adc52ab36ddf67437541f039b88e2 # v7.1.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dfd328cbc..4389398e0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -180,12 +180,12 @@ jobs: } core.setFailed(`Draft release not found`) - name: Download attestation artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: attestation-* merge-multiple: true - name: Download kwctl artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: kwctl-* merge-multiple: false @@ -277,7 +277,7 @@ jobs: needs: release runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2.2.2 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: generate-token with: app-id: ${{ secrets.APP_ID }} diff --git a/.github/workflows/update-dependencies.yaml b/.github/workflows/update-dependencies.yaml index c2a0d5be2..fd17bfee3 100644 --- a/.github/workflows/update-dependencies.yaml +++ b/.github/workflows/update-dependencies.yaml @@ -21,7 +21,7 @@ jobs: # happen" for the conditions version: v0.109.0 - - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2.2.2 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: generate-token with: app-id: ${{ secrets.APP_ID }}