Commit graph

601 commits

Author SHA1 Message Date
dependabot[bot]
b1e59ed1d4
deps(github-actions): bump dependabot/fetch-metadata from 1 to 2 (#5449)
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1 to 2.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1...v2)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 11:39:14 +00:00
github-actions[bot]
92e2606383
chore(main): release 6.3.1 (#5340)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-04-04 11:04:19 +00:00
dependabot[bot]
9ad7a43a7d
deps(github-actions): bump docker/login-action from 3.0.0 to 3.1.0 (#5391)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 09:56:30 +00:00
dependabot[bot]
156d0463d7
deps(github-actions): bump akhilerm/tag-push-action from 2.1.0 to 2.2.0 (#5392)
Bumps [akhilerm/tag-push-action](https://github.com/akhilerm/tag-push-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/akhilerm/tag-push-action/releases)
- [Commits](https://github.com/akhilerm/tag-push-action/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: akhilerm/tag-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 09:56:14 +00:00
dependabot[bot]
af522a60bb
deps(github-actions): bump actions/download-artifact from 4.1.2 to 4.1.4 (#5361)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.2...v4.1.4)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-04 17:48:52 +00:00
github-actions[bot]
e0fc164bba
chore(main): release 6.3.0 (#5314)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-02-29 07:05:11 +00:00
Marco Ferrari
4a05d78ed4
fix: don't immediately exit on errors (#5336)
Don't immediately exit on errors because this will hide diagnostic
information, and linter output.

Fix #5335

ci: add docs updates to changelog
2024-02-27 14:57:36 +01:00
github-actions[bot]
25003d0370
chore(main): release 6.2.0 (#5287)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-02-20 21:33:12 +00:00
Marco Ferrari
0938895582
ci: dynamically build the test matrix (#5307)
Dynamically build the matrix of tests to run so we can have each test in
its own step without having to manually maintain the test matrix.
2024-02-20 17:36:35 +00:00
Marco Ferrari
ed27c0146d
fix: github actions debug logging (#5288)
Enable debug logging when one (or more) of the following conditions is
true:

- ACTIONS_RUNNER_DEBUG is set to true
- ACTIONS_STEPS_DEBUG is set to true
- RUNNER_DEBUG is set to 1
2024-02-20 17:27:06 +00:00
github-actions[bot]
f5150a3ce8
chore(main): release 6.1.1 (#5285)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-02-15 11:52:22 +01:00
Marco Ferrari
54514126f2
ci: configure git user and email (#5284)
Set Git user and email in the CD workflow to correctly push new tags.

Fix #5283
2024-02-15 11:14:55 +01:00
github-actions[bot]
e85bf75ff6
chore(main): release 6.1.0 (#5209)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-02-15 09:21:15 +00:00
Marco Ferrari
7a6ab115a6
ci: take package-lock into account in devcontainer (#5278)
Consider package-lock.json when building the dev-container so we can
enforce a known-working dependency chain. This caused issues in the past
when commitlint and release-please had bugs in new versions  that
impacted our build pipeline.
2024-02-13 11:53:48 +01:00
Marco Ferrari
6fd6830fb4
fix: initialize GitHub domain variable (#5216)
- Initialize GITHUB_DOMAIN as documented in the README
- Configure other URLs according to GITHUB_DOMAIN
- Automatically fetch SSH key fingerprints for GITHUB_DOMAINS
2024-02-09 18:45:44 +00:00
Marco Ferrari
fe6e29b685
feat: automatically set the default branch (#5242)
Get the default branch from the GitHub Actions event payload when
running on GitHub Actions. Default to 'master', as before, otherwise.
2024-02-08 08:41:07 +00:00
Marco Ferrari
20ded7178b
fix: don't print empty lines with default logging (#5238)
- Check if Stdout and Stderr have elements before printing them.
- Run the super-linter action in a dedicated step using default logging to
  inspect how the output looks during CI.
2024-02-05 18:24:07 +01:00
Marco Ferrari
5c67776f9d
ci: clone the repository before tagging (#5208)
Clone the repository in the release workflow otherwise we cannot create
tags.
2024-01-31 12:28:15 +01:00
github-actions[bot]
ff5037c060
chore(main): release 6.0.0 (#5027)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-01-31 10:51:31 +00:00
Marco Ferrari
bcbc45aa63
ci: ignore changelog and tests when testing action (#5206)
Align FILTER_REGEX_IGNORE configuration when testing the local action to
the one we use in Makefile
2024-01-31 11:26:01 +01:00
Marco Ferrari
ace79ca403
build: ignore changelog when linting codebase (#5205)
CHANGELOG.md is automatically generated by the release workflow.
Ignore it when linting the codebase because it might not pass textlint
validation because of lowercase terms.
2024-01-31 10:31:06 +01:00
Marco Ferrari
99e41ce451
feat: run linters in parallel (#5177) 2024-01-30 19:24:55 +00:00
Marco Ferrari
5e2c028e0f
ci: update devcontainer definition (#5132)
- Remove unneeded 'context' directive
- Update the list of extensions to install
- Configure tasks to run super-linter
- Remove redundant README
- Remove outdated launch configurations and scripts
2024-01-30 12:09:46 +01:00
dependabot[bot]
a090a4cf0e
deps(github-actions): bump peter-evans/create-issue-from-file (#5180)
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-issue-from-file/releases)
- [Commits](https://github.com/peter-evans/create-issue-from-file/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-issue-from-file
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 20:47:29 +00:00
Marco Ferrari
3a5617235c
feat!: deprecate error_on_missing_exec_bit (#5120)
Deprecate the ERROR_ON_MISSING_EXEC_BIT variable to remove a confusing
corner case, and to align the BASH_EXEC check to how super-linter
handles other linters.
2024-01-10 22:54:13 +00:00
Marco Ferrari
2d79d17e6e
ci: fix concurrency group name (#5121)
- Add missing '$' to github.event_name
- Default to github.head_ref (pull_request event) and fall back to github.ref
  (merge_group and push events)
2024-01-10 10:05:41 +01:00
Marco Ferrari
f6bc05453b
ci: add event name to concurrency group (#5097)
In order to avoid unexpected workflow cancellations due to concurrency
configuration, add the event name to the concurrency group.`
2024-01-05 23:39:54 +01:00
Marco Ferrari
cf2038d903
fix: fix GITHUB_BEFORE_SHA initalization for push (#5098) 2024-01-05 23:07:39 +01:00
Marco Ferrari
1d5ed2c386
fix: fix GITHUB_BEFORE_SHA diff on push events (#5096)
- Fix GITHUB_BEFORE_SHA initialization on push events by setting the
  correct key.
- Add an additional check against setting GITHUB_BEFORE_SHA to null.
- Run the CI workflow on push events to trigger required status checks
  when using the merge queue.
2024-01-04 22:54:47 +01:00
Marco Ferrari
3847309eca
build: remove unneeded Node dependencies (#5093)
- Remove axios, immer, ini, lodash, node-fetch that were installed to
  run Trivy reports. We can remove them because we use the Trivy action.
- Remove the Trivy workflow that was disabled anyway.
2024-01-03 16:54:06 +01:00
Marco Ferrari
11b70102c3
feat!: run linters against the workspace (#5041)
- Run jscpd, gitleaks, textlint  against the entire workspace instead of
  running them over single files, one by one.
- Implement a warning function for deprecated variables.
- Deprecate the VALIDATE_JSCPD_ALL_CODEBASE variable.
- Remove duplicate configuration files when they are the same as the
  ones we provide in TEMPLATES.
- Add a missing tests for ansible-lint.
- Move ANSIBLE_DIRECTORY configuration when running tests in
  buildFileList, where similar configs are.
- Simplify ansible-lint test cases to include only what's necessary, and
  not an entire set of roles, playbooks, and inventory.
- Write instructions about major upgrades in the upgrade guide.
2023-12-24 17:56:15 +01:00
Marco Ferrari
59154bf97f
ci: enable auto-merge for dependabot pull requests (#5063)
Enabling auto-merge doesn't actually merge these PRs because we still
require approvals.
2023-12-24 17:20:13 +01:00
Marco Ferrari
fa7cb563d8
feat: automatically handle ktlint updates (#5049) 2023-12-24 14:47:34 +01:00
Marco Ferrari
9d7268fb99
feat: add support for checkov to lint iac files (#4925)
- Add support to run Checkov against infrastructure as code descriptors
  that are in a given (configurable) directory. Defaults to lint the
  whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
  issues right away with this change.
2023-12-22 13:22:15 +01:00
Marco Ferrari
641c65a8c4
ci: configure release-please dry-run and changelog (#5039)
- Implement a job to preview the release notes
- Include build, ci, and dependency updates
- Add emoji to section headings to match the existing release notes
- Add documentation about how to run release-please from the CLI
2023-12-21 15:03:14 +01:00
Marco Ferrari
0bb35c3e60
ci: update prefix for dependency updates (#5035) 2023-12-20 19:01:01 +01:00
Marco Ferrari
d8ca23519b
build: use a base image (#5033)
- Refactor Dockerfile to use a base image so that we can reuse the cache
  for the standard image and not just the base image.
- Simplify the cd workflow to take into account the Production
  environment only for latest images.
2023-12-20 17:45:35 +01:00
Marco Ferrari
43dc36860c
ci: fix build cache in the cd workflow (#5032) 2023-12-20 16:39:19 +01:00
Marco Ferrari
238caec66e
ci: set current version to 5.7.2 (#5031)
- Set the current version to 5.7.2 in release-please manifest
- Enable cache load in cd workflow
2023-12-20 16:33:53 +01:00
Marco Ferrari
9c7046864f
ci: fix release workflow (#5030)
- Don't run the Release job with a matrix because we don't want to run
  release-please and the git tag steps more than once.
- Don't get release metadata if release-please didn't create the release
  yet.
- Populate the container image build cache.
- Set the starting version and commit for release-please.
2023-12-20 15:55:53 +01:00
Marco Ferrari
93b5ede1e8
ci: configure release-please (#5016)
- Configure release-please to automatically create pull requests and
  releases.
- Run release-please and tag update in the CD workflow.
- Update Git tags pointing to latest, major.minor, and major versions as
  part of the CD workflow.
- Remove workflows (draft-release, release) that are not necessary
  anymore, and related configuration files.
- Handle automatic updates to README.md, action.yml, and action.yaml
- Mount .github to /tmp/lint/.github so super-linter finds config files,
  and the GitHub Actions to lint.
2023-12-20 14:58:25 +01:00
Marco Ferrari
117318f55c
ci: don't validate dependabot commits (#5026)
Dependabot doesn't allow configuring the max commit message line length
until https://github.com/dependabot/dependabot-core/issues/2445 is
resolved, so we cannot validate Dependabot commits at this time.
2023-12-20 09:12:02 +01:00
Marco Ferrari
9db632f0e1
ci: configure commitlint (#5014)
- Check if the PR contains a single commit, and fail otherwise.
- Enable commitlint to check if commits adhere to the
  conventialcommits.org spec.
- Update the the pull request template to point to the conventional
  commit spec.
- Update the dependabot configuration to add the "build(...)" prefix to
  commits.
2023-12-19 19:37:16 +01:00
Marco Ferrari
2d303aab53
Don't update the deployment if we didn't start it (#4995) 2023-12-19 11:10:53 +01:00
dependabot[bot]
54d4ca17ed
Bump github/codeql-action from 2 to 3 (#5013)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:19:50 +00:00
Marco Ferrari
22b8624f61
Simplify container image build (#4962) 2023-12-15 11:59:36 +01:00
Marco Ferrari
22564fb65c
Switch to tflint image because tflint-bundle is deprecated (#4990)
* Switch to tflint image because tflint-bundle is deprecated

* Fix version string

* Don't copy plugins

* Don't copy plugins

* Set terraform log vars globally

* Fix tflint error
2023-12-15 09:29:34 +00:00
Marco Ferrari
e6cf8d3845
Move tests to the test directory (#4985)
* Move tests to the test directory

* Fix linting errors

* Add states back

* Add xml back
2023-12-15 08:50:35 +00:00
Marco Ferrari
e73e1bfdc3
Populate the cache with the latest image (#4988)
* Pull the latest image and print info

* Pull latest from registry to populate the cache

* Don't pull image
2023-12-15 08:22:13 +00:00
Marco Ferrari
ac4b767bd7
Reduce duplication in CI and CD workflows (#4982)
* Reduce duplication in CI and CD workflows

* Fix indentation in README

* Load token from file

* Fix instructions

* Ignore test leftovers
2023-12-12 18:53:48 +00:00