Commit Graph

108 Commits (85405928a7a1c2bfb82737ebfde1a29d43ba62bb)

Author SHA1 Message Date
dependabot[bot] 86e542e524
build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](9e9de2292d...204a51a57a)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 107894eccf
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8f4b7f8486...8e5e7e5ab8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 1435c71d9c
build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](c3667d9942...9e9de2292d)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 403ea39825
build(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](448520c4f1...422cb34a0f)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 8240d19fbd
build(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.3 to 0.13.4.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](07978da4bd...448520c4f1)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] a30f77f8a4
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](24cb908017...8f4b7f8486)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
Hidde Beydals ce405b6060
build: update `actions/setup-go` in workflows
- Update `actions/setup-go` to v4.0.0 in workflows.
- Remove separate caching steps in favor of built-in caching feature
  in action (since >=v3.0.0).

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2 years ago
dependabot[bot] 1071f04e93
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](ac59398561...24cb908017)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] e1fca7f062
build(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f03ac48505...4b4e9c3e2d)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
Hidde Beydals db67d2c4df
build: update release workflow
- sigstore/cosign-installer to v3.0.1
- Put (exact) version comment behind all action references, while taking note
  this is an absolute insane way to manage versions.

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2 years ago
Hidde Beydals 18760acaa8
Update Go to 1.20
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2 years ago
Hidde Beydals bca26ebf0a build: convert ::set-output to $GITHUB_OUTPUT
Signed-off-by: Hidde Beydals <hello@hidde.co>
2 years ago
Hidde Beydals 0f7b903ace Update `push artifact`'s `--revision` to RFC-0005
Signed-off-by: Hidde Beydals <hello@hidde.co>
2 years ago
dependabot[bot] e93b3d8d75
build(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](15c905b16b...f03ac48505)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 0cd0bf3b58
build(deps): bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](9754a253a8...f82d6c1c34)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 65481c223e
build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.2.1 to 2.4.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](8c0edbc76e...15c905b16b)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 18924d29a7
Bump anchore/sbom-action from 0.13.1 to 0.13.3
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.1 to 0.13.3.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](06e109483e...07978da4bd)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] f22222f71d
Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](8f67e590f2...9754a253a8)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 1d80ff2b09
Bump actions/checkout from 3.2.0 to 3.3.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](755da8c3cf...ac59398561)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
Paulo Gomes 131c05d9c7
build: Revert sigstore/cosign-installer to v2.8.1
Dependabot should stick to tagged versions if the existing hash relates
to the tag made in the comment.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2 years ago
dependabot[bot] c605f9a44f
Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](b508e2e3ef...8f67e590f2)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 0014bc4c43
Bump actions/checkout from 3.1.0 to 3.2.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](93ea575cb5...755da8c3cf)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] bd284ab28b
Bump actions/setup-go from 3.4.0 to 3.5.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](d0a58c1c4d...6edd4406fa)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] d5e5a26f5c
Update sigstore/cosign-installer requirement to b6757d8360bb6b9803c38b68e8cb7442baaf7eb5
Updates the requirements on [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) to permit the latest version.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](b6757d8360)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 2c35880cbf
Bump actions/setup-go from 3.3.1 to 3.4.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](c4a742cab1...d0a58c1c4d)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
Paulo Gomes d0e6fcad3f
build: Pin GitHub Actions
The main benefit of pinning GitHub actions is the determinism it brings
in terms of what version of a given action will be executed. This is
a step towards having hermetic builds.

Once pinned to a commit, dependabot will automatically issue PRs to update
to newer versions.

Pinned versions is the only security metric from OpenSSF scorecard that
this repository currently have a zero score.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2 years ago
Stefan Prodan bb1078d610
ci: Refactor GitHub workflows
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2 years ago
Eddie Knight 73692df272 Additional workflow permissions tweaks
Signed-off-by: Eddie Knight <knight@linux.com>
2 years ago
Eddie Knight 939a75115c Adjusted workflow permissions
Signed-off-by: Eddie Knight <knight@linux.com>
2 years ago
Stefan Prodan 348408e16e
Build with Go 1.19
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2 years ago
Stefan Prodan 0b9e3d24ef
Update GitHub actions
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Stefan Prodan b795e612f7
Update Go to v1.18
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Stefan Prodan e44a58cba0
ci: Fix release notes generator
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Stefan Prodan a402461f9c
Sign the release artifacts checksums and images
- add the Flux manifests and API schemas to checksums
- sign the checksum.txt with Cosign and GitHub OIDC
- sign the flux-cli container images with Cosign and GitHub OIDC

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Stefan Prodan 11296cd94f
Publish Flux Software Bill of Materials (SBOM) in SPDX format
- generate SBOM for Flux Go modules with Syft
- publish the SBOM SPDX JSON files to GitHub releases with GoReleaser

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Aurel Canciu f3d143e5ee
Update Go to v1.17
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
3 years ago
Hidde Beydals bb04ca36b2 Pin `crdjsonschema` action to commit
Pinned to commit before https://github.com/fluxcd/pkg/pull/189 due to
introduction faulty behavior.

Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
Hidde Beydals fc94b1af7a Revert "Merge pull request #2107 from chanwit/json_schemas"
This reverts commit 75a18b4548, reversing
changes made to e72214e266.

Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
Chanwit Kaewkasi 716b41e91b publish json schemas as a single URL
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>

This change publishes the auto-generated JSON schemas as a single URL,
so that it is consumable by a tool like VS Code.

The CRD generator creates 2 files, a tar.gz for Kubeval,
and another one is a JSON file. The JSON file is a combination of
all schemas, put under the "oneOf" operator.
3 years ago
Michael Bridgen 9d9fff5796 Update Makefile target in release workflow
There's another location which uses the "manifests directory" target
directly, but isn't run when testing a PR: the release workflow.

Signed-off-by: Michael Bridgen <michael@weave.works>
3 years ago
Stefan Prodan 68046067c5
Generate OpenAPI schema in CI
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Hidde Beydals d0403038ed Enable QEMU and Docker Buildx in release action
Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Hidde Beydals ba6da23323 Make manifests dir `bundle.sh` configurable
There was an assumption in this script that it is always executed in Git
repository/directory, this is however not always true, for example when
one downloads the `.tar.gz` that is made available for every release
by GitHub (and used in one of our AUR packages).

This commit changes this, and makes the first argument of `bundle.sh`
configurable, so a custom manifests directory can always be defined
_without_ relying on Git.

Omitting it, or passing an empty string, will still fall back to the
previous behavior of using `git rev-parse --show-toplevel`.

Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Hidde Beydals 2b7a0f3fd4 Improve build process embedded manifests
This commit changes the way the build of manifests is triggered by
making smarter use of the capabilities of Make. The result should be
that the manifests are only regenerated if:

1. There is no `cmd/flux/manifests/` directory.
2. There have been made changes to the YAML files in the `manifests/`
   directory that are newer than the files in `cmd/flux/manifests/`.

Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Stefan Prodan 6003d11156
Embed the install manifests in flux binary
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 2fe55bcdde
Update Go to v1.16
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Hidde Beydals 1b5db157b1 Align formatting and extensions workflows
Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Aurel Canciu 093a91c7fc
Fix syntax error introduced earlier
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
4 years ago
Stefan Prodan 32e949598e
Publish install manifest to GitHub releases
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Aurel Canciu 5eecf03af6
Add AUR_BOT_SSH_PRIVATE_KEY env var for goreleaser
The AUR_BOT_SSH_PRIVATE_KEY environment variable needs to be set in
goreleaser so publishing the packages to AUR can work.

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
4 years ago
stefanprodan a5a5908fb5 Use GitHub actions from fluxcd/pkg@main 4 years ago
stefanprodan 4ab67aaf90 Update Go to v1.15 4 years ago
stefanprodan ca1f84d22b Publish Homebrew formula 4 years ago
stefanprodan 31d4b62bf3 Include author in changelog
Replace kustomize action with fluxcd/pkg/actions
4 years ago
stefanprodan 422724bd2d Publish manifests as release assets 5 years ago
stefanprodan 83843bf373 Restore release notes 5 years ago
stefanprodan d6d29ea8f4 Init release notes 5 years ago
stefanprodan 70072f300a Add release workflow to CI 5 years ago