Merge upstream 0.7.3 #271

lance · 2024-07-09T16:09:59Z

Merges upstream changes up to the 0.7.3 release.

NOTE: Do not do a squash commit when landing this PR. Please do a merge commit.

Signed-off-by: cpanato <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@44c2b7a...a5ac7e5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.13.4 to 3.25.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@cdcdbb5...b7cec75) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.64.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.63.2...v1.64.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* expose database collation setting as tf variable Signed-off-by: Bob Callaway <[email protected]> * add to sigstore module too Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>

Signed-off-by: Vishal Choudhary <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.5 to 3.25.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7cec75...9fdb3e4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [cloud-sql-connectors/cloud-sql-proxy](https://github.com/GoogleCloudPlatform/cloud-sql-proxy) from 2.11.2-alpine to 2.11.3-alpine. - [Release notes](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/releases) - [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/main/CHANGELOG.md) - [Commits](GoogleCloudPlatform/cloud-sql-proxy@v2.11.2...v2.11.3) --- updated-dependencies: - dependency-name: cloud-sql-connectors/cloud-sql-proxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <[email protected]>

Bumps the terraform group in /terraform/gcp/modules/external_secrets with 2 updates: [hashicorp/google](https://github.com/hashicorp/terraform-provider-google) and [hashicorp/helm](https://github.com/hashicorp/terraform-provider-helm). Updates `hashicorp/google` from 5.29.1 to 5.31.1 - [Release notes](https://github.com/hashicorp/terraform-provider-google/releases) - [Changelog](https://github.com/hashicorp/terraform-provider-google/blob/v5.31.1/CHANGELOG.md) - [Commits](hashicorp/terraform-provider-google@v5.29.1...v5.31.1) Updates `hashicorp/helm` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/hashicorp/terraform-provider-helm/releases) - [Changelog](https://github.com/hashicorp/terraform-provider-helm/blob/main/CHANGELOG.md) - [Commits](hashicorp/terraform-provider-helm@v2.13.1...v2.13.2) --- updated-dependencies: - dependency-name: hashicorp/google dependency-type: direct:production update-type: version-update:semver-minor dependency-group: terraform - dependency-name: hashicorp/helm dependency-type: direct:production update-type: version-update:semver-patch dependency-group: terraform ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the terraform group in /terraform/gcp/modules/argocd with 1 update: [hashicorp/helm](https://github.com/hashicorp/terraform-provider-helm). Updates `hashicorp/helm` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/hashicorp/terraform-provider-helm/releases) - [Changelog](https://github.com/hashicorp/terraform-provider-helm/blob/main/CHANGELOG.md) - [Commits](hashicorp/terraform-provider-helm@v2.13.1...v2.13.2) --- updated-dependencies: - dependency-name: hashicorp/helm dependency-type: direct:production update-type: version-update:semver-patch dependency-group: terraform ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ore#1125) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.6 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.6...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@9fdb3e4...f079b84) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/login-action](https://github.com/docker/login-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@e92390c...0d4c9c5) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <[email protected]>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0. - [Commits](golang/crypto@v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.25.0 to 0.26.0. - [Commits](golang/net@v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.7 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f079b84...2e230e8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 5.1.0 to 6.0.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@5742e2a...286f3b1) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* upgrade metallb Signed-off-by: Bob Callaway <[email protected]> * print version Signed-off-by: Bob Callaway <[email protected]> * change network subnet calc Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>

Bumps [cloud-sql-connectors/cloud-sql-proxy](https://github.com/GoogleCloudPlatform/cloud-sql-proxy) from 2.11.3-alpine to 2.11.4-alpine. - [Release notes](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/releases) - [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/main/CHANGELOG.md) - [Commits](GoogleCloudPlatform/cloud-sql-proxy@v2.11.3...v2.11.4) --- updated-dependencies: - dependency-name: cloud-sql-connectors/cloud-sql-proxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](Azure/azure-sdk-for-go@sdk/internal/v1.5.1...sdk/azcore/v1.6.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

sigstore#1127) * Bump github.com/google/certificate-transparency-go from 1.1.8 to 1.2.1 Bumps [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) from 1.1.8 to 1.2.1. - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](google/certificate-transparency-go@v1.1.8...v1.2.1) --- updated-dependencies: - dependency-name: github.com/google/certificate-transparency-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * add patch version to go.mod Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Bob Callaway <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bob Callaway <[email protected]>

Signed-off-by: Bob Callaway <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@a5ac7e5...692973e) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* bump terraform to 1.8.4 Signed-off-by: Bob Callaway <[email protected]> * bump to 1.8.5 Signed-off-by: Bob Callaway <[email protected]> * fix gh workflow to use 1.8.5 Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>

Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@2e230e8...23acc5c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump k8s.io/apimachinery from 0.29.3 to 0.30.2 Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.3 to 0.30.2. - [Commits](kubernetes/apimachinery@v0.29.3...v0.30.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * bump go to 1.22 Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Bob Callaway <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bob Callaway <[email protected]>

* Bump k8s.io/client-go from 0.29.3 to 0.30.2 Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.3 to 0.30.2. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.29.3...v0.30.2) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * bump go to 1.22 Signed-off-by: Bob Callaway <[email protected]> * bump the other dep too Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Bob Callaway <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bob Callaway <[email protected]>

Signed-off-by: Bob Callaway <[email protected]>

…evious move (sigstore#1148) Signed-off-by: Bob Callaway <[email protected]>

Bumps [ko-build/setup-ko](https://github.com/ko-build/setup-ko) from 0.6 to 0.7. - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](ko-build/setup-ko@ace48d7...3aebd05) --- updated-dependencies: - dependency-name: ko-build/setup-ko dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <[email protected]>

) * enable DB deletion protection across all GCP API surfaces Signed-off-by: Bob Callaway <[email protected]> * move into settings block Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>

Signed-off-by: Bob Callaway <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.25.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@23acc5c...b611370) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <[email protected]>

There is an SLO set up for the /api/v1/signingCert Fulcio endpoint[1], but it is currently reporting "No SLO status data" because the prober was never testing that endpoint. This lead to an outage that went undetected by the monitoring system. Cosign uses the legacy certificate request endpoint in its Fulcio client[2][3]. This means that the v1 endpoint is likely the most used and therefore an important health indicator. This change adds the v1 endpoint to the prober test, which should populate Prometheus with data which should activate the SLO. [1] https://github.com/sigstore/scaffolding/blob/8f7aa097e54eabcecbc671818f9eb5f0e723e54b/terraform/gcp/modules/monitoring/fulcio/slo.tf#L79-L83 [2] https://github.com/sigstore/cosign/blob/79db196e2d97e7dfc4d8201ef829d4ce906605a7/cmd/cosign/cli/fulcio/fulcio.go#L32 [3] https://github.com/sigstore/fulcio/blob/07b19da442b418ebcf072ac65a7abb25f0e3d5c8/pkg/api/client.go#L60 Signed-off-by: Colleen Murphy <[email protected]>

Add an alert to report on connection errors coming from the cloud-sql-proxy sidecars in the trillian and rekor deployments. This should detect when the proxy service account user has lost its permissions to access the sql instance. Signed-off-by: Colleen Murphy <[email protected]>

The rekor service account was assigned the cloudsql.client to allow it to connect to MySQL, but it was not given permission to report metrics for doing so. Copy the permissions that the trillian logserver user has to post to Stackdriver. Signed-off-by: Colleen Murphy <[email protected]>

* enable os patch runs nightly for bastion images Signed-off-by: Bob Callaway <[email protected]> * fix fmt Signed-off-by: Bob Callaway <[email protected]> * switch to UTC Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>

Signed-off-by: Bob Callaway <[email protected]>

v0.7.3

openshift-ci · 2024-07-09T16:10:04Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lance

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Signed-off-by: Lance Ball <[email protected]>

lance · 2024-07-10T14:36:19Z

/retest

Signed-off-by: Lance Ball <[email protected]>

lance · 2024-07-10T16:31:55Z

/hold for updates to cachi2

cpanato and others added 30 commits May 19, 2024 12:03

update scaffolind release to v0.7.1 (sigstore#1106)

3f910dd

Signed-off-by: cpanato <[email protected]>

chore: add support for kubernetes version 1.30 (sigstore#1115)

c59aa57

Signed-off-by: Vishal Choudhary <[email protected]>

add variable to expose index.html from tuf buckets (sigstore#1119)

861941d

Signed-off-by: Bob Callaway <[email protected]>

Add playbook for redis memory increase alert (sigstore#1124)

a7cba01

Signed-off-by: Bob Callaway <[email protected]>

bump google provider to 5.33.0 (sigstore#1137)

3f8559c

Signed-off-by: Bob Callaway <[email protected]>

dependabot bot and others added 19 commits June 17, 2024 18:11

add cloudsql.client role to trillian SA (sigstore#1146)

5b77732

Signed-off-by: Bob Callaway <[email protected]>

update default for mysql-shard to v8.0.37 (sigstore#1147)

f0b09c0

Signed-off-by: Bob Callaway <[email protected]>

declare instance name, tier for shard; comment out moved block for pr…

f70cb19

…evious move (sigstore#1148) Signed-off-by: Bob Callaway <[email protected]>

bump google provider for ext secrets module to match (sigstore#1151)

8381c7f

Signed-off-by: Bob Callaway <[email protected]>

add ssl_mode given deprecation of require_ssl (sigstore#1152)

0f6854b

Signed-off-by: Bob Callaway <[email protected]>

Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 (sigstore#1158)

de0567a

Bump the terraform group (sigstore#1157)

043f460

Bump hashicorp/helm (sigstore#1153)

8f7aa09

bump base disk for bastion to debian 12 (sigstore#1161)

f775933

Signed-off-by: Bob Callaway <[email protected]>

enable osconfig API (sigstore#1165)

bfc40f4

Signed-off-by: Bob Callaway <[email protected]>

Merge tag 'v0.7.3'

2ec2dd6

v0.7.3

chore: update go builder images to 1.22

525639e

Signed-off-by: Lance Ball <[email protected]>

fixup: toolchain 1.22.4

24fb7c2

Signed-off-by: Lance Ball <[email protected]>

openshift-ci bot added the do-not-merge/hold label Jul 10, 2024

lance marked this pull request as draft July 10, 2024 16:32

openshift-ci bot added the do-not-merge/work-in-progress label Jul 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge upstream 0.7.3 #271

Merge upstream 0.7.3 #271

lance commented Jul 9, 2024

openshift-ci bot commented Jul 9, 2024

lance commented Jul 10, 2024

lance commented Jul 10, 2024

Merge upstream 0.7.3 #271

Are you sure you want to change the base?

Merge upstream 0.7.3 #271

Conversation

lance commented Jul 9, 2024

openshift-ci bot commented Jul 9, 2024

lance commented Jul 10, 2024

lance commented Jul 10, 2024