Merge branch 'main' into fix-injector-mutating-webhook

hashicorp · May 10, 2024 · 617dcd8 · 617dcd8
2 parents b51b573 + 4dffaa4
commit 617dcd8
Show file tree

Hide file tree

Showing 131 changed files with 3,739 additions and 543 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 contact_links:
   - name: Ask a question
     url: https://discuss.hashicorp.com/c/vault

diff --git a/.github/actions/setup-test-tools/action.yaml b/.github/actions/setup-test-tools/action.yaml
@@ -0,0 +1,24 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+name: Setup common testing tools
+description: Install bats and python-yq
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+      with:
+        node-version: '16'
+    - run: sudo npm install -g bats@${BATS_VERSION}
+      shell: bash
+      env:
+        BATS_VERSION: '1.11.0'
+    - run: bats -v
+      shell: bash
+    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+      with:
+        python-version: '3.10'
+    - run: pip install yq
+      shell: bash
+permissions:
+  contents: read
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/acceptance.yaml b/.github/workflows/acceptance.yaml
@@ -1,26 +1,24 @@
 name: Acceptance Tests
-
 on: [push, workflow_dispatch]
-
 jobs:
   kind:
     strategy:
       fail-fast: false
       matrix:
-        kind-k8s-version: [1.16.15, 1.20.15, 1.21.12, 1.22.9, 1.23.6, 1.24.1]
+        kind-k8s-version: [1.25.16, 1.26.14, 1.27.11, 1.28.7, 1.29.2]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup test tools
-        uses: ./.github/workflows/setup-test-tools
-
+        uses: ./.github/actions/setup-test-tools
       - name: Create K8s Kind Cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
         with:
           config: test/kind/config.yaml
           node_image: kindest/node:v${{ matrix.kind-k8s-version }}
-          version: v0.14.0
-
+          version: v0.22.0
       - run: bats --tap --timing ./test/acceptance
         env:
           VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
+permissions:
+  contents: read
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -0,0 +1,14 @@
+# If the repository is public, be sure to change to GitHub hosted runners
+name: Lint GitHub Actions Workflows
+on:
+  push:
+    paths:
+      - .github/workflows/**.yml
+  pull_request:
+    paths:
+      - .github/workflows/**.yml
+permissions:
+  contents: read
+jobs:
+  actionlint:
+    uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main
diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml
@@ -1,72 +1,17 @@
+name: Jira Sync
 on:
   issues:
     types: [opened, closed, deleted, reopened]
   pull_request_target:
     types: [opened, closed, reopened]
   issue_comment: # Also triggers when commenting on a PR from the conversation view
     types: [created]
-
-name: Jira Sync
-
 jobs:
   sync:
-    runs-on: ubuntu-latest
-    name: Jira sync
-    steps:
-    - name: Login
-      uses: atlassian/gajira-login@v2.0.0
-      env:
-        JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
-        JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
-        JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
-
-    - name: Preprocess
-      if: github.event.action == 'opened' || github.event.action == 'created'
-      id: preprocess
-      run: |
-        if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
-          echo "::set-output name=type::PR"
-        else
-          echo "::set-output name=type::ISS"
-        fi
-
-    - name: Create ticket
-      if: github.event.action == 'opened'
-      uses: tomhjp/gh-action-jira-create@v0.2.0
-      with:
-        project: VAULT
-        issuetype: "GH Issue"
-        summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}"
-        description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
-        # customfield_10089 is Issue Link custom field
-        # customfield_10091 is team custom field
-        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "foundations"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
-
-    - name: Search
-      if: github.event.action != 'opened'
-      id: search
-      uses: tomhjp/gh-action-jira-search@v0.2.1
-      with:
-        # cf[10089] is Issue Link custom field
-        jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
-
-    - name: Sync comment
-      if: github.event.action == 'created' && steps.search.outputs.issue
-      uses: tomhjp/gh-action-jira-comment@v0.2.0
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
-
-    - name: Close ticket
-      if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue
-      uses: atlassian/gajira-transition@v2.0.1
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: Closed
-
-    - name: Reopen ticket
-      if: github.event.action == 'reopened' && steps.search.outputs.issue
-      uses: atlassian/gajira-transition@v2.0.1
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: "Pending Triage"
+    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
+    secrets:
+      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
+      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
+      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
+    with:
+      teams-array: '["ecosystem", "foundations-eco"]'
diff --git a/.github/workflows/setup-test-tools/action.yaml b/.github/workflows/setup-test-tools/action.yaml
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -1,25 +1,24 @@
 name: Tests
-
 on: [push, workflow_dispatch]
-
 jobs:
   bats-unit-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/workflows/setup-test-tools
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: ./.github/actions/setup-test-tools
       - run: bats --tap --timing ./test/unit
-
   chart-verifier:
     runs-on: ubuntu-latest
     env:
-      CHART_VERIFIER_VERSION: '1.2.1'
+      CHART_VERIFIER_VERSION: '1.13.3'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup test tools
-        uses: ./.github/workflows/setup-test-tools
-      - uses: actions/setup-go@v2
+        uses: ./.github/actions/setup-test-tools
+      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
-          go-version: '1.17.4'
-      - run: go install github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}
+          go-version: '1.22.2'
+      - run: go install "github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}"
       - run: bats --tap --timing ./test/chart
+permissions:
+  contents: read
diff --git a/.github/workflows/update-helm-charts-index.yml b/.github/workflows/update-helm-charts-index.yml
@@ -0,0 +1,40 @@
+name: update-helm-charts-index
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+permissions:
+  contents: read
+
+jobs:
+  update-helm-charts-index:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: verify Chart version matches tag version
+        run: |-
+          export TAG=${{ github.ref_name }}
+          git_tag="${TAG#v}"
+          chart_tag=$(yq -r '.version' Chart.yaml)
+          if [ "${git_tag}" != "${chart_tag}" ]; then
+            echo "chart version (${chart_tag}) did not match git version (${git_tag})"
+            exit 1
+          fi
+      - name: update helm-charts index
+        id: update
+        env:
+          GH_TOKEN: ${{ secrets.HELM_CHARTS_GITHUB_TOKEN }}
+        run: |-
+          gh workflow run publish-charts.yml \
+            --repo hashicorp/helm-charts \
+            --ref main \
+            -f SOURCE_TAG="${{ github.ref_name }}" \
+            -f SOURCE_REPO="${{ github.repository }}"
+      - uses: hashicorp/actions-slack-status@v1
+        if: ${{always()}}
+        with:
+          success-message: "vault-helm charts index update triggered successfully. View the run <https://github.com/hashicorp/helm-charts/actions/workflows/publish-charts.yml|here>."
+          failure-message: "vault-helm charts index update trigger failed."
+          status: ${{job.status}}
+          slack-webhook-url: ${{secrets.SLACK_WEBHOOK_URL}}
diff --git a/.gitignore b/.gitignore
@@ -11,3 +11,4 @@ vaul-helm-dev-creds.json
 ./test/acceptance/values.yaml
 ./test/acceptance/values.yml
 .idea
+scratch/