From ddafbebd38f906ff84313c38c7a59bb30da1c7d4 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Wed, 17 Jul 2024 01:14:17 +0000 Subject: [PATCH 1/2] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 24 ++++---- make/_shared/go/01_mod.mk | 35 ++++++++++++ make/_shared/kind/00_kind_image_versions.mk | 22 ++++++++ make/_shared/kind/00_mod.mk | 15 ++--- make/_shared/kind/kind-image-preload.mk | 5 ++ make/_shared/kind/kind.mk | 2 +- make/_shared/oci-build/00_mod.mk | 4 +- make/_shared/tools/00_mod.mk | 61 +++++++-------------- 8 files changed, 100 insertions(+), 68 deletions(-) create mode 100755 make/_shared/kind/00_kind_image_versions.mk diff --git a/klone.yaml b/klone.yaml index 36b2436..c7947e0 100644 --- a/klone.yaml +++ b/klone.yaml @@ -9,60 +9,60 @@ targets: - folder_name: api-docs repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/api-docs - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/boilerplate - folder_name: cert-manager repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/cert-manager - folder_name: controller-gen repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/controller-gen - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/help - folder_name: kind repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/kind - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/klone - folder_name: oci-build repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/oci-build - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: adb1dd2ffdb07aae9aea40c201633c7ae59714d8 + repo_hash: 652f41ca2a789690977902191af89b423482853f repo_path: modules/tools diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index 0e4d418..9a28ed3 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -23,6 +23,41 @@ endif go_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ golangci_lint_override := $(dir $(lastword $(MAKEFILE_LIST)))/.golangci.override.yaml +.PHONY: go-workspace +go-workspace: export GOWORK?=$(abspath go.work) +## Create a go.work file in the repository root (or GOWORK) +## +## @category Development +go-workspace: | $(NEEDS_GO) + @rm -f $(GOWORK) + $(GO) work init + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ + | while read d; do \ + target=$$(dirname $${d}); \ + $(GO) work use "$${target}"; \ + done + +.PHONY: go-tidy +## Alias for `make generate-go-mod-tidy` +## @category [shared] Generate/ Verify +go-tidy: generate-go-mod-tidy + +.PHONY: generate-go-mod-tidy +## Run `go mod tidy` on all Go modules +## @category [shared] Generate/ Verify +generate-go-mod-tidy: | $(NEEDS_GO) + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ + | while read d; do \ + target=$$(dirname $${d}); \ + echo "Running 'go mod tidy' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ + $(GO) mod tidy || exit; \ + popd >/dev/null; \ + echo ""; \ + done + +shared_generate_targets += generate-go-mod-tidy + .PHONY: generate-govulncheck ## Generate base files in the repository ## @category [shared] Generate/ Verify diff --git a/make/_shared/kind/00_kind_image_versions.mk b/make/_shared/kind/00_kind_image_versions.mk new file mode 100755 index 0000000..f38e1ad --- /dev/null +++ b/make/_shared/kind/00_kind_image_versions.mk @@ -0,0 +1,22 @@ +# +skip_license_check + +# This file is auto-generated by the learn_tools_shas.kind_images.sh script. +# Do not edit manually. + +kind_image_kindversion := v0.23.0 + +kind_image_kube_1.25_amd64 := docker.io/kindest/node:v1.25.16@sha256:06bd8a1c3af74cf360a524aa0c4a59922e023a1fb3526ee748609d4823f560f3 +kind_image_kube_1.25_arm64 := docker.io/kindest/node:v1.25.16@sha256:3b2127454d2e55a96e594debf450b80e87fe3273f0c7f74aa0c6be9972b8467e +kind_image_kube_1.26_amd64 := docker.io/kindest/node:v1.26.15@sha256:ad06ec62683fe300927150377e43df432da2228261bedf8eb2442fe5956d5e58 +kind_image_kube_1.26_arm64 := docker.io/kindest/node:v1.26.15@sha256:73f30c6f49b97aa178d14483dfb3ad47a1e014a53589ec02191c3fcd1df7cb71 +kind_image_kube_1.27_amd64 := docker.io/kindest/node:v1.27.13@sha256:30c5d91cab1f2915ad61f38b6279254397c433fc745b74533daa3c1e16617326 +kind_image_kube_1.27_arm64 := docker.io/kindest/node:v1.27.13@sha256:f72a6686e25f80052f37b177215a0a353ed23718d8ee2739cc17cfdb4b8feffb +kind_image_kube_1.28_amd64 := docker.io/kindest/node:v1.28.9@sha256:9ba4d311e7861d27b210e5960e5ce921a7c53d3c67e0545fd8a1cb9a76dfa2cb +kind_image_kube_1.28_arm64 := docker.io/kindest/node:v1.28.9@sha256:2bbf55860a6d38e25e5db113a1035f2286c87fb4f7b1594cfc3643a17b59351f +kind_image_kube_1.29_amd64 := docker.io/kindest/node:v1.29.4@sha256:ea40a6bd365a17f71fd3883a1d34a0791d7d6b0eb75832c6d85b6f2326827f1e +kind_image_kube_1.29_arm64 := docker.io/kindest/node:v1.29.4@sha256:e63a7f74e80b746328fbaa70be406639d0c31c8c8cf0a3d57efdd23c64fe4bba +kind_image_kube_1.30_amd64 := docker.io/kindest/node:v1.30.0@sha256:2af5d1b382926abcd6336312d652cd045b7cc47475844a608669c71b1fefcfbc +kind_image_kube_1.30_arm64 := docker.io/kindest/node:v1.30.0@sha256:5e4ce6f9033bdb9ce81a7fd699c8e67cfcacfab57076058e3e6f33c32036b42b + +kind_image_latest_amd64 := $(kind_image_kube_1.30_amd64) +kind_image_latest_arm64 := $(kind_image_kube_1.30_arm64) diff --git a/make/_shared/kind/00_mod.mk b/make/_shared/kind/00_mod.mk index 576d33e..a448915 100644 --- a/make/_shared/kind/00_mod.mk +++ b/make/_shared/kind/00_mod.mk @@ -12,17 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +include $(dir $(lastword $(MAKEFILE_LIST)))/00_kind_image_versions.mk + images_amd64 ?= images_arm64 ?= -kind_k8s_version := v1.29.4 - -# Goto https://github.com/kubernetes-sigs/kind/releases/tag/ and find the -# multi-arch digest for the image you want to use. Then use crane to get the platform -# specific digest. For example (digest is the multi-arch digest from the release page): -# digest="sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245" -# crane digest --platform=linux/amd64 docker.io/kindest/node@$digest -# crane digest --platform=linux/arm64 docker.io/kindest/node@$digest - -images_amd64 += docker.io/kindest/node:$(kind_k8s_version)@sha256:ea40a6bd365a17f71fd3883a1d34a0791d7d6b0eb75832c6d85b6f2326827f1e -images_arm64 += docker.io/kindest/node:$(kind_k8s_version)@sha256:e63a7f74e80b746328fbaa70be406639d0c31c8c8cf0a3d57efdd23c64fe4bba +images_amd64 += $(kind_image_latest_amd64) +images_arm64 += $(kind_image_latest_arm64) diff --git a/make/_shared/kind/kind-image-preload.mk b/make/_shared/kind/kind-image-preload.mk index a157ad2..e95c9ee 100644 --- a/make/_shared/kind/kind-image-preload.mk +++ b/make/_shared/kind/kind-image-preload.mk @@ -32,6 +32,11 @@ images_files := $(foreach image,$(images),$(subst :,+,$(image))) images_tar_dir := $(bin_dir)/downloaded/containers/$(HOST_ARCH) images_tars := $(images_files:%=$(images_tar_dir)/%.tar) +# Download the images as tarballs. We must use the tag because the digest +# will change after we docker import the image. The tag is the only way to +# reference the image after it has been imported. Before downloading the +# image, we check that the provided digest matches the digest of the image +# that we are about to pull. $(images_tars): $(images_tar_dir)/%.tar: | $(NEEDS_CRANE) @$(eval image=$(subst +,:,$*)) @$(eval image_without_digest=$(shell cut -d@ -f1 <<<"$(image)")) diff --git a/make/_shared/kind/kind.mk b/make/_shared/kind/kind.mk index c573420..4f0a894 100644 --- a/make/_shared/kind/kind.mk +++ b/make/_shared/kind/kind.mk @@ -39,7 +39,7 @@ $(bin_dir)/scratch/cluster-check: FORCE | $(NEEDS_KIND) $(bin_dir)/scratch $(eval export KUBECONFIG=$(absolute_kubeconfig)) kind_post_create_hook ?= -$(kind_kubeconfig): $(kind_cluster_config) $(bin_dir)/scratch/cluster-check | images-preload $(bin_dir)/scratch $(NEEDS_KIND) $(NEEDS_KUBECTL) +$(kind_kubeconfig): $(kind_cluster_config) $(bin_dir)/scratch/cluster-check | images-preload $(bin_dir)/scratch $(NEEDS_KIND) $(NEEDS_KUBECTL) $(NEEDS_CTR) @[ -f "$(bin_dir)/scratch/cluster-check" ] && ( \ $(KIND) delete cluster --name $(kind_cluster_name); \ $(CTR) load -i $(docker.io/kindest/node.TAR); \ diff --git a/make/_shared/oci-build/00_mod.mk b/make/_shared/oci-build/00_mod.mk index 11a09ed..b7e2b0b 100644 --- a/make/_shared/oci-build/00_mod.mk +++ b/make/_shared/oci-build/00_mod.mk @@ -16,11 +16,11 @@ oci_platforms ?= linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le # Use distroless as minimal base image to package the manager binary # To get latest SHA run "crane digest quay.io/jetstack/base-static:latest" -base_image_static := quay.io/jetstack/base-static@sha256:23631cd1be9a63515cb5975e783284b209f7f9a449c02bb117f2a15413e13bfa +base_image_static := quay.io/jetstack/base-static@sha256:262e3020adb3b09ddbf9cd8fe672330451a556c8e7024142fa205c8876c3fd75 # Use custom apko-built image as minimal base image to package the manager binary # To get latest SHA run "crane digest quay.io/jetstack/base-static-csi:latest" -base_image_csi-static := quay.io/jetstack/base-static-csi@sha256:95b33b948da3790ac09f112486a1e9f10e3e705cfacc159cb7b12429b874c78f +base_image_csi-static := quay.io/jetstack/base-static-csi@sha256:f776795838d73f9836b134f688b4c827fcd7ed22f46d3cefcb9f57d668388fef # Utility functions fatal_if_undefined = $(if $(findstring undefined,$(origin $1)),$(error $1 is not set)) diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 39caa7a..8d5ad2c 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -42,7 +42,13 @@ for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))), # variables: https://stackoverflow.com/questions/54726457 export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) -CTR=docker +CTR ?= docker +.PHONY: __require-ctr +ifneq ($(shell command -v $(CTR) >/dev/null || echo notfound),) +__require-ctr: + @:$(error "$(CTR) (or set CTR to a docker-compatible tool)") +endif +NEEDS_CTR = __require-ctr tools := # https://github.com/helm/helm/releases @@ -153,7 +159,7 @@ ADDITIONAL_TOOLS ?= tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.22.4 +VENDORED_GO_VERSION := 1.22.5 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -241,8 +247,13 @@ detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_ export VENDOR_GO ?= $(detected_vendoring) ifeq ($(VENDOR_GO),) +.PHONY: __require-go +ifneq ($(shell command -v go >/dev/null || echo notfound),) +__require-go: + @:$(error "$(GO) (or run 'make vendor-go')") +endif GO := go -NEEDS_GO := # +NEEDS_GO = __require-go else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) @@ -363,10 +374,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=ba79d4526102575196273416239cca418a651e049c2b099f3159db85e7bade7d -go_linux_arm64_SHA256SUM=a8e177c354d2e4a1b61020aca3562e27ea3e8f8247eca3170e3fa1e0c2f9e771 -go_darwin_amd64_SHA256SUM=c95967f50aa4ace34af0c236cbdb49a9a3e80ee2ad09d85775cb4462a5c19ed3 -go_darwin_arm64_SHA256SUM=242b78dc4c8f3d5435d28a0d2cec9b4c1aa999b601fb8aa59fb4e5a1364bf827 +go_linux_amd64_SHA256SUM=904b924d435eaea086515bc63235b192ea441bd8c9b198c507e85009e6e4c7f0 +go_linux_arm64_SHA256SUM=8d21325bfcf431be3660527c1a39d3d9ad71535fabdf5041c826e44e31642b5a +go_darwin_amd64_SHA256SUM=95d9933cdcf45f211243c42c7705c37353cccd99f27eb4d8e2d1bf2f4165cb50 +go_darwin_arm64_SHA256SUM=4cd1bcb05be03cecb77bccd765785d5ff69d79adf4dd49790471d00c06b41133 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @@ -604,10 +615,7 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOW missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ - && (command -v rsync >/dev/null || echo rsync) \ - && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ - || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ - && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) + && (command -v rsync >/dev/null || echo rsync)) ifneq ($(missing),) $(error Missing required tools: $(missing)) endif @@ -616,34 +624,3 @@ endif ## Download and setup all tools ## @category [shared] Tools tools: $(tools_paths) - -self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk - -# see https://stackoverflow.com/a/53408233 -sed_inplace := sed -i'' -ifeq ($(HOST_OS),darwin) - sed_inplace := sed -i '' -endif - -# This target is used to learn the sha256sum of the tools. It is used only -# in the makefile-modules repo, and should not be used in any other repo. -.PHONY: tools-learn-sha -tools-learn-sha: | $(bin_dir) - rm -rf ./$(bin_dir)/ - mkdir -p ./$(bin_dir)/scratch/ - $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_tools_file) - echo -n "" > "$(LEARN_FILE)" - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go - - while read p; do \ - $(sed_inplace) "$$p" $(self_file); \ - done <"$(LEARN_FILE)" From efef41db7190df53746026163da051b0633269ab Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 17 Jul 2024 12:23:10 +0200 Subject: [PATCH 2/2] run 'make upgrade-klone' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/workflows/govulncheck.yaml | 7 ++++-- .github/workflows/make-self-upgrade.yaml | 17 ++++++++++---- klone.yaml | 22 +++++++++---------- .../base/.github/workflows/govulncheck.yaml | 7 ++++-- make/_shared/help/help.sh | 8 +++---- make/_shared/kind/00_kind_image_versions.mk | 2 +- .../.github/workflows/make-self-upgrade.yaml | 17 ++++++++++---- 7 files changed, 52 insertions(+), 28 deletions(-) diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 405e8de..bba5726 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index 93beedf..2c6feca 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); } diff --git a/klone.yaml b/klone.yaml index c7947e0..a6ce016 100644 --- a/klone.yaml +++ b/klone.yaml @@ -14,55 +14,55 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/boilerplate - folder_name: cert-manager repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/cert-manager - folder_name: controller-gen repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/controller-gen - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/help - folder_name: kind repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/kind - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/klone - folder_name: oci-build repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/oci-build - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 652f41ca2a789690977902191af89b423482853f + repo_hash: 52d325f8aced0b9b6fae6fbe3d2bd2644fddcc93 repo_path: modules/tools diff --git a/make/_shared/go/base/.github/workflows/govulncheck.yaml b/make/_shared/go/base/.github/workflows/govulncheck.yaml index 405e8de..bba5726 100644 --- a/make/_shared/go/base/.github/workflows/govulncheck.yaml +++ b/make/_shared/go/base/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh index d9c831f..400aab3 100755 --- a/make/_shared/help/help.sh +++ b/make/_shared/help/help.sh @@ -71,10 +71,10 @@ done <<< "$raw_expansions" ## 3. Sort and print the extracted line items -RULE_COLOR="$(tput setaf 6)" -CATEGORY_COLOR="$(tput setaf 3)" -CLEAR_STYLE="$(tput sgr0)" -PURPLE=$(tput setaf 125) +RULE_COLOR="$(TERM=xterm tput setaf 6)" +CATEGORY_COLOR="$(TERM=xterm tput setaf 3)" +CLEAR_STYLE="$(TERM=xterm tput sgr0)" +PURPLE=$(TERM=xterm tput setaf 125) extracted_lines=$(echo -e "$extracted_lines" | LC_ALL=C sort -r) current_category="" diff --git a/make/_shared/kind/00_kind_image_versions.mk b/make/_shared/kind/00_kind_image_versions.mk index f38e1ad..6188f6a 100755 --- a/make/_shared/kind/00_kind_image_versions.mk +++ b/make/_shared/kind/00_kind_image_versions.mk @@ -1,4 +1,4 @@ -# +skip_license_check +# +skip_license_check # This file is auto-generated by the learn_tools_shas.kind_images.sh script. # Do not edit manually. diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index 93beedf..2c6feca 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); }