Merge branch 'hackathon/github_app' into ec-updates

.github/workflows/build.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'

.github/workflows/codeql-analysis.yml

@@ -35,10 +35,10 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'
@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+      uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+      uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -72,4 +72,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+      uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10

.github/workflows/integration-test.yml

@@ -40,10 +40,10 @@ jobs:
 
     steps:
       - name: clone
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: install go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
           # use version from go.mod file
           go-version-file: 'go.mod'
@@ -62,10 +62,10 @@ jobs:
 
     steps:
       - name: clone
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: install go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
           # use version from go.mod file
           go-version-file: 'go.mod'

.github/workflows/prerelease.yml

@@ -14,13 +14,13 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       with:
         # ensures we fetch tag history for the repository
         fetch-depth: 0
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'

.github/workflows/publish.yml

@@ -13,13 +13,13 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       with:
         # ensures we fetch tag history for the repository
         fetch-depth: 0
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'

.github/workflows/reviewdog.yml

@@ -12,18 +12,18 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'
         cache: true
         check-latest: true
 
     - name: golangci-lint
-      uses: reviewdog/action-golangci-lint@8e1117c7d327bbfb1eb7ec8dc2d895d13e6e17c3 # v2.6.0
+      uses: reviewdog/action-golangci-lint@00311c26a97213f93f2fd3a3524d66762e956ae0 # v2.6.1
       with:
         github_token: ${{ secrets.github_token }}
         golangci_lint_flags: "--config=.golangci.yml --timeout=5m"
@@ -36,18 +36,18 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'
         cache: true
         check-latest: true
 
     - name: golangci-lint
-      uses: reviewdog/action-golangci-lint@8e1117c7d327bbfb1eb7ec8dc2d895d13e6e17c3 # v2.6.0
+      uses: reviewdog/action-golangci-lint@00311c26a97213f93f2fd3a3524d66762e956ae0 # v2.6.1
       with:
         github_token: ${{ secrets.github_token }}
         golangci_lint_flags: "--config=.golangci.yml --timeout=5m"

.github/workflows/spec.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'

.github/workflows/test.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'
@@ -28,7 +28,7 @@ jobs:
         make test
 
     - name: coverage
-      uses: codecov/codecov-action@0cfda1dd0a4ad9efc75517f399d859cd1ea4ced1 # v4.0.2
+      uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         file: coverage.out

.github/workflows/validate-pr-title.yml

@@ -13,5 +13,7 @@ jobs:
 
     steps:
       - name: validate title
+        env:
+          TITLE: ${{ github.event.pull_request.title }}
         run: |
-          echo "${{ github.event.pull_request.title }}" | grep -Eq '^(feat|fix|chore|refactor|enhance|test|docs)(\(.*\)|):\s.+$' && (echo "Pass"; exit 0) || (echo "Incorrect Format. Please see https://go-vela.github.io/docs/community/contributing_guidelines/#development-workflow"; exit 1)
+          echo "$TITLE" | grep -Eq '^(feat|fix|chore|refactor|enhance|test|docs)(\(.*\)|)!?:\s.+$' && (echo "Pass"; exit 0) || (echo "Incorrect Format. Please see https://go-vela.github.io/docs/community/contributing_guidelines/#development-workflow"; exit 1)

.github/workflows/validate.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
     - name: clone
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: install go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         # use version from go.mod file
         go-version-file: 'go.mod'
@@ -36,9 +36,12 @@ jobs:
         # Check that go fmt ./... produces a zero diff; clean up any changes afterwards.
         go fmt ./... && git diff --exit-code; code=$?; git checkout -- .; (exit $code)
         # Check that go fix ./... produces a zero diff; clean up any changes afterwards.
-        go fix ./... && git diff --exit-code; code=$?; git checkout -- .; (exit $code)
+        #
+        # Renable this after https://github.com/golang/go/commit/7fd62ba821b1044e8e4077df052b0a1232672d57
+        # has been released.
+        # go fix ./... && git diff --exit-code; code=$?; git checkout -- .; (exit $code)
 
     - name: validate spec
       run: |
         sudo make spec-install
-        make spec
+        make spec

.golangci.yml

@@ -8,7 +8,10 @@
 # outputs it results from the linters it executes.
 output:
   # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: colored-line-number
+  formats:
+    - format: json
+      path: stderr
+    - format: colored-line-number
 
   # print lines of code with issue, default is true
   print-issued-lines: true
@@ -32,6 +35,18 @@ linters-settings:
     lines: 160
     statements: 70
 
+  # https://github.com/daixiang0/gci
+  # ensure import order is consistent
+  # gci write --custom-order -s standard -s default -s blank -s dot -s "prefix(github.com/go-vela)" .
+  gci:
+    custom-order: true
+    sections:
+      - standard
+      - default
+      - blank
+      - dot
+      - prefix(github.com/go-vela)
+
   # https://github.com/denis-tingaikin/go-header
   goheader:
     template: |-
@@ -43,10 +58,9 @@ linters-settings:
 
   # https://github.com/golangci/golangci-lint/blob/master/pkg/golinters/nolintlint
   nolintlint:
-    allow-leading-space: true     # allow non-"machine-readable" format (ie. with leading space) 
-    allow-unused: false           # allow nolint directives that don't address a linting issue
-    require-explanation: true     # require an explanation for nolint directives
-    require-specific: true        # require nolint directives to be specific about which linter is being skipped
+    allow-unused: false # allow nolint directives that don't address a linting issue
+    require-explanation: true # require an explanation for nolint directives
+    require-specific: true # require nolint directives to be specific about which linter is being skipped
 
 # This section provides the configuration for which linters
 # golangci will execute. Several of them were disabled by
@@ -57,46 +71,43 @@ linters:
 
   # enable a specific set of linters to run
   enable:
-    - bidichk             # checks for dangerous unicode character sequences
-    - bodyclose           # checks whether HTTP response body is closed successfully
-    - contextcheck        # check the function whether use a non-inherited context
-    - deadcode            # finds unused code
-    - dupl                # code clone detection
-    - errcheck            # checks for unchecked errors
-    - errorlint           # find misuses of errors
-    - exportloopref       # check for exported loop vars
-    - funlen              # detects long functions
-    - goconst             # finds repeated strings that could be replaced by a constant
-    - gocyclo             # computes and checks the cyclomatic complexity of functions
-    - godot               # checks if comments end in a period
-    - gofmt               # checks whether code was gofmt-ed
-    - goheader            # checks is file header matches to pattern
-    - goimports           # fixes imports and formats code in same style as gofmt
-    - gomoddirectives     # manage the use of 'replace', 'retract', and 'excludes' directives in go.mod
-    - goprintffuncname    # checks that printf-like functions are named with f at the end
-    - gosec               # inspects code for security problems
-    - gosimple            # linter that specializes in simplifying a code
-    - govet               # reports suspicious constructs, ex. Printf calls whose arguments don't align with the format string
-    - ineffassign         # detects when assignments to existing variables aren't used
-    - makezero            # finds slice declarations with non-zero initial length
-    - misspell            # finds commonly misspelled English words in comments
-    - nakedret            # finds naked returns in functions greater than a specified function length
-    - nilerr              # finds the code that returns nil even if it checks that the error is not nil
-    - noctx               # noctx finds sending http request without context.Context
-    - nolintlint          # reports ill-formed or insufficient nolint directives
-    - revive              # linter for go
-    - staticcheck         # applies static analysis checks, go vet on steroids
-    - structcheck         # finds unused struct fields
-    - stylecheck          # replacement for golint
-    - tenv                # analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
-    - typecheck           # parses and type-checks go code, like the front-end of a go compiler
-    - unconvert           # remove unnecessary type conversions
-    - unparam             # reports unused function parameters
-    - unused              # checks for unused constants, variables, functions and types
-    - varcheck            # finds unused global variables and constants
-    - whitespace          # detects leading and trailing whitespace
-    - wsl                 # forces code to use empty lines
-
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - contextcheck # check the function whether use a non-inherited context
+    - dupl # code clone detection
+    - errcheck # checks for unchecked errors
+    - errorlint # find misuses of errors
+    - exportloopref # check for exported loop vars
+    - funlen # detects long functions
+    - gci # consistent import ordering
+    - goconst # finds repeated strings that could be replaced by a constant
+    - gocyclo # computes and checks the cyclomatic complexity of functions
+    - godot # checks if comments end in a period
+    - gofmt # checks whether code was gofmt-ed
+    - goheader # checks is file header matches to pattern
+    - gomoddirectives # manage the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    - goprintffuncname # checks that printf-like functions are named with f at the end
+    - gosec # inspects code for security problems
+    - gosimple # linter that specializes in simplifying a code
+    - govet # reports suspicious constructs, ex. Printf calls whose arguments don't align with the format string
+    - ineffassign # detects when assignments to existing variables aren't used
+    - makezero # finds slice declarations with non-zero initial length
+    - misspell # finds commonly misspelled English words in comments
+    - nakedret # finds naked returns in functions greater than a specified function length
+    - nilerr # finds the code that returns nil even if it checks that the error is not nil
+    - noctx # noctx finds sending http request without context.Context
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - revive # linter for go
+    - staticcheck # applies static analysis checks, go vet on steroids
+    - stylecheck # replacement for golint
+    - tenv # analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
+    - typecheck # parses and type-checks go code, like the front-end of a go compiler
+    - unconvert # remove unnecessary type conversions
+    - unparam # reports unused function parameters
+    - unused # checks for unused constants, variables, functions and types
+    - whitespace # detects leading and trailing whitespace
+    - wsl # forces code to use empty lines
+
   # static list of linters we know golangci can run but we've
   # chosen to leave disabled for now
   # - asciicheck          - non-critical
@@ -109,21 +120,21 @@ linters:
   # - exhaustivestruct    - style preference
   # - forbidigo           - unused
   # - forcetypeassert     - unused
-  # - gci                 - use goimports
   # - gochecknoinits      - unused
   # - gochecknoglobals    - global variables allowed
-  # - gocognit            - unused complexity metric 
+  # - gocognit            - unused complexity metric
   # - gocritic            - style preference
   # - godox               - to be used in the future
   # - goerr113            - to be used in the future
+  # - goimports           - use gci
   # - golint              - archived, replaced with revive
   # - gofumpt             - use gofmt
   # - gomnd               - get too many false-positives
   # - gomodguard          - unused
   # - ifshort             - use both styles
   # - ireturn             - allow interfaces to be returned
   # - importas            - want flexibility with naming
-  # - lll                 - not too concerned about line length 
+  # - lll                 - not too concerned about line length
   # - interfacer          - archived
   # - nestif              - non-critical
   # - nilnil              - style preference
@@ -132,7 +143,7 @@ linters:
   # - paralleltest        - false-positives
   # - prealloc            - don't use
   # - predeclared         - unused
-  # - promlinter          - style preference 
+  # - promlinter          - style preference
   # - rowserrcheck        - unused
   # - scopelint           - deprecated - replaced with exportloopref
   # - sqlclosecheck       - unused

Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
-FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b as certs
+FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd as certs
 
 RUN apk add --update --no-cache ca-certificates