build(deps): bump the ci group with 2 updates #4142
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
area/ci
Bumps the ci group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go) and [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Updates `actions/setup-go` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@fac708d...93397be) Updates `slsa-framework/slsa-github-generator` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/ci-a9a55711ae
branch
from
880a857 to
7273059
Compare
stefanprodan
approved these changes
Aug 10, 2023
nrdufour
added a commit
to nrdufour/home-ops
that referenced
this pull request
Aug 25, 2023
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [fluxcd/flux2](https://github.com/fluxcd/flux2) | Kustomization | minor | `v2.0.1` -> `v2.1.0` | --- ### Release Notes <details> <summary>fluxcd/flux2 (fluxcd/flux2)</summary> ### [`v2.1.0`](https://github.com/fluxcd/flux2/releases/tag/v2.1.0) [Compare Source](fluxcd/flux2@v2.0.1...v2.1.0) #### Highlights Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience. The [Flux APIs](#api-changes) were extended with new opt-in features in a backwards-compatible manner. The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies. The Flux alerting capabilities have been extended with [Datadog](https://fluxcd.io/flux/components/notification/provider/#pagerduity) support. The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes. :heart: Big thanks to all the Flux contributors that helped us with this release! #### Deprecations Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of `caFile`, `keyFile` and `certFile` keys. For more details about the TLS changes please see the [Kubernetes TLS Secrets section](#kubernetes-tls-secrets). Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the `kube-state-metrics` CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The `gotk_reconcile_condition` metrics was deprecated in favor of the `gotk_resource_info`. For more details about the new monitoring stack please see the [Flux Prometheus metrics documentation](https://fluxcd.io/flux/monitoring/metrics) and the [flux2-monitoring-example repository](https://github.com/fluxcd/flux2-monitoring-example). #### API changes ##### GitRepository v1 The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) API was extended with the following fields: - `.spec.proxySecretRef.name` is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings. - `.spec.verify.mode` now support one of the following values `HEAD`, `Tag`, `TagAndHEAD`. ##### Kustomization v1 The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) API was extended with two apply policies `IfNotPresent` and `Ignore`. Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations: | Annotation | Default | Values | Role | |-------------------------------------|------------|----------------------------------------------------------------|-----------------| | `kustomize.toolkit.fluxcd.io/ssa` | `Override` | - `Override`<br/>- `Merge`<br/>- `IfNotPresent`<br/>- `Ignore` | Apply policy | | `kustomize.toolkit.fluxcd.io/force` | `Disabled` | - `Enabled`<br/>- `Disabled` | Recreate policy | | `kustomize.toolkit.fluxcd.io/prune` | `Enabled` | - `Enabled`<br/>- `Disabled` | Delete policy | The `IfNotPresent` policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster. This policy can be used for Kubernetes `Secrets` and `ValidatingWebhookConfigurations` managed by cert-manager, where Flux creates the resources with fields that are later on mutated by other controllers. ##### ImageUpdateAutomation v1beta1 The [ImageUpdateAutomation](https://fluxcd.io/flux/components/image/imageupdateautomations/) was extended with the following fields: - `.spec.git.push.refspec` is an optional field used to specify a Git refspec used when pushing commits upstream. - `.spec.git.push.options` is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream. ##### Kubernetes TLS Secrets All the Flux APIs that accept TLS data have been modified to adopt Secrets of type `kubernetes.io/tls`. This includes: - **HelmRepository**: The field `.spec.secretRef` has been deprecated in favor of a new field [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference). - **OCIRepository**: Support for the `caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/ocirepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`. - **ImageRepository**: Support for the`caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/imagerepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`. - **GitRepository**: CA certificate can now be provided in the Secret specified in `.spec.secretRef` using the `ca.crt` key, which takes precedence over the `caFile` key. #### Upgrade procedure Upgrade Flux from `v2.0.x` to `v2.1.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action). To upgrade Flux from `v0.x` to `v2.1.0` please follow the [Flux GA upgrade procedure](https://github.com/fluxcd/flux2/releases/tag/v2.0.0#upgrade). #### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | |--------------------|------------------| | `v1.25` | `>= 1.25.0` | | `v1.26` | `>= 1.26.0` | | `v1.27` | `>= 1.27.1` | | `v1.28` | `>= 1.28.0` | Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions. #### New Documentation - [Flux installation](https://fluxcd.io/flux/installation/) - [Flux bootstrap](https://fluxcd.io/flux/installation/bootstrap/) - [Flux configuration](https://fluxcd.io/flux/installation/configuration/) - [Flux Prometheus metrics](https://fluxcd.io/flux/monitoring/metrics/) - [Flux custom Prometheus metrics](https://fluxcd.io/flux/monitoring/custom-metrics/) - [Flux logs](https://fluxcd.io/flux/monitoring/logs/) - [Flux events](https://fluxcd.io/flux/monitoring/events/) #### Components changelog - source-controller [v1.1.0](https://github.com/fluxcd/source-controller/blob/v1.1.0/CHANGELOG.md) - kustomize-controller [v1.1.0](https://github.com/fluxcd/kustomize-controller/blob/v1.1.0/CHANGELOG.md) - notification-controller [v1.1.0](https://github.com/fluxcd/notification-controller/blob/v1.1.0/CHANGELOG.md) - helm-controller [v0.36.0](https://github.com/fluxcd/helm-controller/blob/v0.36.0/CHANGELOG.md) - image-reflector-controller [v0.30.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.30.0/CHANGELOG.md) - image-automation-controller [v0.36.0](https://github.com/fluxcd/image-automation-controller/blob/v0.36.0/CHANGELOG.md) #### CLI Changelog - PR [#​4189](fluxcd/flux2#4189) - [@​hiddeco](https://github.com/hiddeco) - Update dependencies - PR [#​4186](fluxcd/flux2#4186) - [@​fluxcdbot](https://github.com/fluxcdbot) - Update toolkit components - PR [#​4183](fluxcd/flux2#4183) - [@​somtochiama](https://github.com/somtochiama) - Fix autocompletion for helm chart - PR [#​4182](fluxcd/flux2#4182) - [@​hiddeco](https://github.com/hiddeco) - manifestgen/install: use clean default HTTP client - PR [#​4181](fluxcd/flux2#4181) - [@​hiddeco](https://github.com/hiddeco) - cmd/events: handle error value - PR [#​4180](fluxcd/flux2#4180) - [@​stefanprodan](https://github.com/stefanprodan) - Fix controller version info - PR [#​4177](fluxcd/flux2#4177) - [@​stefanprodan](https://github.com/stefanprodan) - Set min value for the `--ssh-rsa-bits` flag - PR [#​4176](fluxcd/flux2#4176) - [@​hiddeco](https://github.com/hiddeco) - ci: disable fail-fast for ARM end-to-end - PR [#​4175](fluxcd/flux2#4175) - [@​hiddeco](https://github.com/hiddeco) - build: update securejoin dependency - PR [#​4169](fluxcd/flux2#4169) - [@​darkowlzz](https://github.com/darkowlzz) - Add monitoring configuration deprecation notice - PR [#​4167](fluxcd/flux2#4167) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#​4166](fluxcd/flux2#4166) - [@​stefanprodan](https://github.com/stefanprodan) - e2e: Add Kubernetes v1.28.0 to conformance tests - PR [#​4151](fluxcd/flux2#4151) - [@​hiddeco](https://github.com/hiddeco) - ci: enable security-and-quality CodeQL query - PR [#​4147](fluxcd/flux2#4147) - [@​aryan9600](https://github.com/aryan9600) - Adopt Kubernetes style TLS Secrets and add relevant flags - PR [#​4142](fluxcd/flux2#4142) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#​4140](fluxcd/flux2#4140) - [@​somtochiama](https://github.com/somtochiama) - Disable azure e2e test - PR [#​4134](fluxcd/flux2#4134) - [@​sestegra](https://github.com/sestegra) - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard - PR [#​4131](fluxcd/flux2#4131) - [@​mraerino](https://github.com/mraerino) - Fix selection of kustomization resource from multi doc yaml - PR [#​4126](fluxcd/flux2#4126) - [@​stefanprodan](https://github.com/stefanprodan) - Set Kubernetes min version to 1.25 - PR [#​4077](fluxcd/flux2#4077) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#​4068](fluxcd/flux2#4068) - [@​stefanprodan](https://github.com/stefanprodan) - Update dependencies - PR [#​4065](fluxcd/flux2#4065) - [@​hiddeco](https://github.com/hiddeco) - action: support `openssl` and `sha256sum` - PR [#​4062](fluxcd/flux2#4062) - [@​souleb](https://github.com/souleb) - diff: Take into account the server-side inventory for local Flux Kustomizations - PR [#​4061](fluxcd/flux2#4061) - [@​hiddeco](https://github.com/hiddeco) - action: re-allow configuration of non-default token - PR [#​4057](fluxcd/flux2#4057) - [@​fluxcdbot](https://github.com/fluxcdbot) - Update toolkit components - PR [#​4052](fluxcd/flux2#4052) - [@​stefanprodan](https://github.com/stefanprodan) - docs: Link to the Flux GitHub Action documentation - PR [#​4051](fluxcd/flux2#4051) - [@​hiddeco](https://github.com/hiddeco) - action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum - PR [#​4046](fluxcd/flux2#4046) - [@​stefanprodan](https://github.com/stefanprodan) - ci: backport: set write permissions - PR [#​4043](fluxcd/flux2#4043) - [@​stefanprodan](https://github.com/stefanprodan) - ci: release: extract the image tag from GITHUB_REF - PR [#​4041](fluxcd/flux2#4041) - [@​hiddeco](https://github.com/hiddeco) - ci: release: disable interpretation backslash esc </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Reviewed-on: https://git.home/nrdufour/home-ops/pulls/58 Co-authored-by: Renovate <renovate@ptinem.io> Co-committed-by: Renovate <renovate@ptinem.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the ci group with 2 updates: actions/setup-go and slsa-framework/slsa-github-generator.
Updates
actions/setup-gofrom 4.0.1 to 4.1.0Release notes
Sourced from actions/setup-go's releases.
Commits
93397beFix Install on Windows is very slow (#393)27eec5bMerge pull request #396 from actions/dependabot/npm_and_yarn/semver-6.3.1ecfc77aMerge pull request #397 from actions/dependabot/npm_and_yarn/word-wrap-1.2.41b80a11Bump word-wrap from 1.2.3 to 1.2.4b1c3434Fix licensing for Semver 6.3.10bb97b1Rebuild after updating Semver4220624Bump semver from 6.3.0 to 6.3.1db8764cBump tough-cookie and@azure/ms-rest-js(#392)08b314aMerge pull request #383 from akv-platform/issue-3684e0b6c7Limit to Linux onlyUpdates
slsa-framework/slsa-github-generatorfrom 1.7.0 to 1.8.0Release notes
Sourced from slsa-framework/slsa-github-generator's releases.
Changelog
Sourced from slsa-framework/slsa-github-generator's changelog.
Commits
cdeb3a9chore: Release v1.8.0 (#2532)7a4f66bchore: Release v1.8.0-rc.2 (#2513)7e5baecdocs: Fix BYOB link (#2518)20d9e9fdocs: Improve selection of builder (#2512)c3ae3e3feat: Keep ref in sync for Maven Actions (#2510)cb9cea2chore: Add Kris to codeowners (#2517)9c94c20chore: ref v1.8.0 instead of main (#2509)a594a20chore: Make maven publisher an action (#2482)c683687chore(deps): update github-actions (#2493)459c873chore: Make gradle publisher an action (#2497)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually