From 1f6b3b614cc0f333c47e08de36f30e8c73110fb1 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 22 Mar 2022 01:24:00 -0400 Subject: [PATCH 01/13] Publish to GitHub registry on push to main in forks Signed-off-by: Tiger Kaovilai --- .github/workflows/push.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 20da9f459f..199875395e 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -13,6 +13,8 @@ jobs: build: name: Build runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Set up Go @@ -58,13 +60,30 @@ jobs: # Use the JSON key in secret to login gcr.io - uses: 'docker/login-action@v1' + id: gcr-login with: registry: 'gcr.io' # or REGION.docker.pkg.dev username: '_json_key' password: '${{ secrets.GCR_SA_KEY }}' + continue-on-error: true # Push image to GCR to facilitate some environments that have rate limitation to docker hub, e.g. vSphere. - name: Publish container image to GCR - if: github.repository == 'vmware-tanzu/velero' + if: github.repository == 'vmware-tanzu/velero' && steps.gcr-login.outcome == 'success' run: | REGISTRY=gcr.io/velero-gcp ./hack/docker-push.sh + + - name: Login to GitHub registry if it's a fork + if: github.event_name != 'pull_request' && github.repository != 'vmware-tanzu/velero' + id: ghcr-login + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish container image to GitHub registry if it's a fork + if: github.event_name != 'pull_request' && github.repository != 'vmware-tanzu/velero' && steps.ghcr-login.outcome == 'success' + run: | + REGISTRY=ghcr.io/${{ github.actor }} ./hack/docker-push.sh + From cb8995d58fabd95e85881741e49ca6a52b95d88e Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 14 Oct 2022 02:45:09 -0400 Subject: [PATCH 02/13] Create sync-fork.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/sync-fork.yml | 40 +++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/sync-fork.yml diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml new file mode 100644 index 0000000000..ec7bb1caad --- /dev/null +++ b/.github/workflows/sync-fork.yml @@ -0,0 +1,40 @@ + +name: Sync Fork + +on: + schedule: + - cron: '*/30 * * * *' # every 30 minutes + workflow_dispatch: # on button click + +jobs: + sync: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - owner: vmware-tanzu + base: main + head: main + - owner: vmware-tanzu + base: release-1.9 + head: release-1.9 + - owner: openshift + base: konveyor-dev + head: konveyor-dev + - owner: openshift + base: konveyor-1.9 + head: konveyor-1.9 + - owner: openshift + base: oadp-1.1 + head: oadp-1.1 + - owner: openshift + base: oadp-1.0 + head: oadp-1.0 + fail-fast: false + steps: + - uses: tgymnich/fork-sync@v1.6.3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + owner: ${{ matrix.owner }} + base: ${{ matrix.base }} + head: ${{ matrix.head }} From 2e7afc24873e45ca47c9621168e53321b4df48df Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 14 Oct 2022 16:14:50 -0400 Subject: [PATCH 03/13] Update sync-fork.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/sync-fork.yml | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml index ec7bb1caad..30c5bab485 100644 --- a/.github/workflows/sync-fork.yml +++ b/.github/workflows/sync-fork.yml @@ -12,29 +12,22 @@ jobs: strategy: matrix: include: - - owner: vmware-tanzu - base: main - head: main - - owner: vmware-tanzu - base: release-1.9 - head: release-1.9 - - owner: openshift - base: konveyor-dev - head: konveyor-dev - - owner: openshift - base: konveyor-1.9 - head: konveyor-1.9 - - owner: openshift - base: oadp-1.1 - head: oadp-1.1 - - owner: openshift - base: oadp-1.0 - head: oadp-1.0 + - base: main + head: vmware-tanzu:main + - base: release-1.9 + head: vmware-tanzu:release-1.9 + - base: konveyor-dev + head: openshift:konveyor-dev + - base: konveyor-1.9 + head: openshift:konveyor-1.9 + - base: oadp-1.1 + head: openshift:oadp-1.1 + - base: oadp-1.0 + head: openshift:oadp-1.0 fail-fast: false steps: - uses: tgymnich/fork-sync@v1.6.3 with: token: ${{ secrets.GITHUB_TOKEN }} - owner: ${{ matrix.owner }} base: ${{ matrix.base }} head: ${{ matrix.head }} From b4318673791ac25953bbce1d565614f5cc0f0823 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 14 Oct 2022 16:22:31 -0400 Subject: [PATCH 04/13] Update sync-fork.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/sync-fork.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml index 30c5bab485..4f361f2a43 100644 --- a/.github/workflows/sync-fork.yml +++ b/.github/workflows/sync-fork.yml @@ -26,7 +26,7 @@ jobs: head: openshift:oadp-1.0 fail-fast: false steps: - - uses: tgymnich/fork-sync@v1.6.3 + - uses: kaovilai/fork-sync@v0.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ matrix.base }} From b1e640541f83f68e53291bc6b0ca0b106ddcfeee Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 14 Oct 2022 16:29:56 -0400 Subject: [PATCH 05/13] Update sync-fork.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/sync-fork.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml index 4f361f2a43..f07062a8a1 100644 --- a/.github/workflows/sync-fork.yml +++ b/.github/workflows/sync-fork.yml @@ -26,7 +26,7 @@ jobs: head: openshift:oadp-1.0 fail-fast: false steps: - - uses: kaovilai/fork-sync@v0.0.0 + - uses: kaovilai/fork-sync@v0.0.01 with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ matrix.base }} From 7decb43c47784f25deff9707eaa66df4fcc53b31 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 14 Oct 2022 16:34:11 -0400 Subject: [PATCH 06/13] Update sync-fork.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/sync-fork.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml index f07062a8a1..6269f56546 100644 --- a/.github/workflows/sync-fork.yml +++ b/.github/workflows/sync-fork.yml @@ -26,7 +26,7 @@ jobs: head: openshift:oadp-1.0 fail-fast: false steps: - - uses: kaovilai/fork-sync@v0.0.01 + - uses: kaovilai/fork-sync@v0.0.02 with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ matrix.base }} From bff332ef968dac6ca993bcc3e71a7d405f5677a3 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 14 Oct 2022 16:41:37 -0400 Subject: [PATCH 07/13] Update sync-fork.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/sync-fork.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml index 6269f56546..cf502ff612 100644 --- a/.github/workflows/sync-fork.yml +++ b/.github/workflows/sync-fork.yml @@ -26,7 +26,7 @@ jobs: head: openshift:oadp-1.0 fail-fast: false steps: - - uses: kaovilai/fork-sync@v0.0.02 + - uses: kaovilai/fork-sync@v0.0.03 with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ matrix.base }} From 1289269bc51419458c9d84c724435af95d432ae0 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 18 Oct 2022 17:21:23 -0400 Subject: [PATCH 08/13] Create dependabot.yml Signed-off-by: Tiger Kaovilai --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..2d73486df1 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + + +version: 2 +updates: + - package-ecosystem: "" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From def9034761beb0a588b4100de4840067e085d6ca Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 18 Oct 2022 17:22:40 -0400 Subject: [PATCH 09/13] Update dependabot.yml Signed-off-by: Tiger Kaovilai --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2d73486df1..bc50d548fd 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,7 @@ version: 2 updates: - - package-ecosystem: "" # See documentation for possible values + - package-ecosystem: "gomod" # See documentation for possible values directory: "/" # Location of package manifests schedule: interval: "weekly" From 898451db7dbf97dc1423c169bf6a85390b3a0fbc Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 18 Oct 2022 17:23:07 -0400 Subject: [PATCH 10/13] Create codeql.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/codeql.yml | 74 ++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..eeb5ee6545 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,74 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '28 10 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go', 'javascript', 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From 799dd34073b3f4e290f885b6bf78c3ce16f0f9ff Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 18 Oct 2022 17:24:41 -0400 Subject: [PATCH 11/13] Update codeql.yml Signed-off-by: Tiger Kaovilai --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index eeb5ee6545..ae1dd58663 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go', 'javascript', 'python' ] + language: [ 'go', 'javascript' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support From b3d3e8497014b1a35b4ce83d5ba9d3f79c9f433a Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 18 Oct 2022 17:27:34 -0400 Subject: [PATCH 12/13] Update auto-assignees.yml Signed-off-by: Tiger Kaovilai --- .github/auto-assignees.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/auto-assignees.yml b/.github/auto-assignees.yml index 8f5a75a578..332725705f 100644 --- a/.github/auto-assignees.yml +++ b/.github/auto-assignees.yml @@ -9,17 +9,10 @@ reviewers: groups: maintainers: - - dsu-igeek - - sseago - - reasonerjt - - ywk253100 - - blackpiglet - - qiuming-best - - shubham-pampattiwar - - Lyndon-Li + - kaovilai tech-writer: - - a-mccarthy + - kaovilai files: 'site/**': From 15aacec22237cf8ca0dffc74a72f126840bcf171 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 5 Feb 2023 21:42:38 +0000 Subject: [PATCH 13/13] fix: hack/build-image/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-CURL-3065656 - https://snyk.io/vuln/SNYK-DEBIAN11-GIT-2949145 - https://snyk.io/vuln/SNYK-DEBIAN11-GIT-3051727 - https://snyk.io/vuln/SNYK-DEBIAN11-GIT-3232722 - https://snyk.io/vuln/SNYK-DEBIAN11-GIT-3232724 --- hack/build-image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/build-image/Dockerfile b/hack/build-image/Dockerfile index b3c5e42a04..7463723b06 100644 --- a/hack/build-image/Dockerfile +++ b/hack/build-image/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.18 +FROM golang:1.20 ARG GOPROXY