down to one commit

zarf-dev · Jun 28, 2024 · 6ea1c63 · 6ea1c63
1 parent cac7a3a
commit 6ea1c63
Show file tree

Hide file tree

Showing 963 changed files with 55,455 additions and 66,291 deletions.
diff --git a/.commitlintrc.yaml b/.commitlintrc.yaml
@@ -0,0 +1 @@
+extends: ["@commitlint/config-conventional"]
diff --git a/CONTRIBUTING.md → .github/CONTRIBUTING.md b/CONTRIBUTING.md → .github/CONTRIBUTING.md
@@ -15,46 +15,52 @@ Specifically:
 - We perform automated testing on all changes before they get merged to `main`
 - We create immutable release artifacts
 
+### Pre-Commit Hooks and Linting
+
+We use [pre-commit](https://pre-commit.com/) to manage our pre-commit hooks. This ensures that all code is linted and formatted before it is committed. After `pre-commit` is [installed](https://pre-commit.com/#installation):
+
+```bash
+# install hooks
+pre-commit install
+
+# install golang-ci-lint
+go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+```
+
+Now every time you commit, the hooks will run and format your code, linting can be called via `make lint-go`.
+
 ### Developer Workflow
 
 :key: == Required by automation
 
 1. Look at the next due [release milestone](https://github.com/defenseunicorns/zarf/milestones) and pick an issue that you want to work on. If you don't see anything that interests you, create an issue and assign it to yourself.
-2. Drop a comment in the issue to let everyone know you're working on it and submit a Draft PR (step 4) as soon as you are able. If you have any questions as you work through the code, reach out in the [Zarf Dev Kubernetes Slack Channel](https://kubernetes.slack.com/archives/C03BP9Z3CMA).
-3. :key: Set up your Git config to GPG sign all commits. [Here's some documentation on how to set it up](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). You won't be able to merge your PR if you have any unverified commits.
-4. Create a Draft Pull Request as soon as you can, even if it is just 5 minutes after you started working on it. We lean towards working in the open as much as we can. If you're not sure what to put in the PR description, just put a link to the issue you're working on. If you're not sure what to put in the PR title, just put "WIP" (Work In Progress) and we'll help you out with the rest.
-5. :key: Automated tests will begin based on the paths you have edited in your Pull Request.
-   > ⚠️ **NOTE:** _If you are an external third-party contributor, the pipelines won't run until a [CODEOWNER](https://github.com/defenseunicorns/zarf/blob/main/CODEOWNERS) approves the pipeline run._
-6. :key: Be sure to use the [needs-adr,needs-docs,needs-tests](https://github.com/defenseunicorns/zarf/labels?q=needs) labels as appropriate for the PR. Once you have addressed all of the needs, remove the label.
-7. Once the review is complete and approved, a core member of the zarf project will merge your PR. If you are an external third-party contributor, two core members of the zarf project will be required to approve the PR.
-8. Close the issue if it is fully resolved by your PR. _Hint: You can add "Fixes #XX" to the PR description to automatically close an issue when the PR is merged._
-
-## Testing
-
-This section dives deeper into how we test Zarf
+1. Drop a comment in the issue to let everyone know you're working on it and submit a Draft PR (step 4) as soon as you are able. If you have any questions as you work through the code, reach out in the [Zarf Dev Kubernetes Slack Channel](https://kubernetes.slack.com/archives/C03BP9Z3CMA).
+1. :key: Set up your Git config to GPG sign all commits. [Here's some documentation on how to set it up](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). You won't be able to merge your PR if you have any unverified commits.
+1. Create a Draft Pull Request as soon as you can, even if it is just 5 minutes after you started working on it. We lean towards working in the open as much as we can. If you're not sure what to put in the PR description, just put a link to the issue you're working on.
 
-### (Optional) Pre-Commit Hooks and Linting
+   - :key: We follow the [conventional commits spec](https://www.conventionalcommits.org/en/v1.0.0/) with the [commitlint conventional config](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional) as extended types for PR titles.
 
-In this repo you can optionally use [pre-commit](https://pre-commit.com/) hooks for automated validation and linting, but if not CI will run these checks for you.
+1. :key: Automated tests will begin based on the paths you have edited in your Pull Request.
+   > ⚠️ **NOTE:** _If you are an external third-party contributor, the pipelines won't run until a [CODEOWNER](https://github.com/defenseunicorns/zarf/blob/main/CODEOWNERS) approves the pipeline run._
+1. :key: Be sure to use the [needs-adr,needs-docs,needs-tests](https://github.com/defenseunicorns/zarf/labels?q=needs) labels as appropriate for the PR. Once you have addressed all of the needs, remove the label.
+1. Once the review is complete and approved, a core member of the zarf project will merge your PR. If you are an external third-party contributor, two core members of the zarf project will be required to approve the PR.
+1. Close the issue if it is fully resolved by your PR. _Hint: You can add "Fixes #XX" to the PR description to automatically close an issue when the PR is merged._
 
-### Code Testing
+## Testing
 
-Our E2E tests can be found in the `/test` folder and follow the journey of someone as they would use the Zarf CLI. In CI these tests run against our currently supported cluster distros and are the primary way that Zarf code is tested.
+> A more comprehensive guide to testing can be found [here](https://docs.zarf.dev/contribute/testing).
 
-Our Unit tests can be found as `*_test.go` files inside the package that they are designed to test. These are also run in CI and are designed to test small functions with clear interfaces that would be difficult to test otherwise. As a general rule, we are limiting unit tests to the `src/pkg/*` folder.
+Our E2E tests can be found in the `src/test` folder and follow the journey of someone as they would use the Zarf CLI. In CI these tests run against our currently supported cluster distros and are the primary way that Zarf code is tested.
 
-All of our tests should be able to be run locally or in CI.
-You can learn more about the testing of Zarf [here](docs/12-contribute-to-zarf/2-testing.md).
+Our unit tests can be found as `*_test.go` files inside the package that they are designed to test. These are also run in CI and are designed to test small functions with clear interfaces that would be difficult to test otherwise.
 
 ## Documentation
 
-### Updating Our Documentation
-
-Our documentation is auto-generated from the `src/types` and `src/cmd` go packages.  This includes the [Zarf package jsonschema](https://github.com/defenseunicorns/zarf/blob/main/zarf.schema.json), the [Zarf schema docs](https://docs.zarf.dev/docs/create-a-zarf-package/zarf-schema), the [Zarf CLI docs](https://docs.zarf.dev/docs/the-zarf-cli/), and our [front-end API types](https://github.com/defenseunicorns/zarf/blob/main/src/ui/lib/api-types.ts).   When an update to types or the CLI commands is made you will need to run `make docs-and-schema` locally to regenerate the schema and documentation. CI checks if this was ran, and will fail if it wasn't.
+The CLI docs (located at `site/src/content/docs/commands`), and [`zarf.schema.json`](https://github.com/defenseunicorns/zarf/blob/main/zarf.schema.json) are autogenerated from `make docs-and-schema`. Run this make target locally to regenerate the schema and documentation each time you make a change to the CLI commands or the schema, otherwise CI will fail.
 
 We do this so that there is a git commit signature from a person on the commit for better traceability, rather than a non-person entity (e.g. GitHub CI token).
 
-### Architecture Decision Records (ADR)
+## Architecture Decision Records (ADR)
 
 We've chosen to use ADRs to document architecturally significant decisions. We primarily use the guidance found in [this article by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions) with a couple of tweaks:
 

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -2,7 +2,7 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: possible-bug
+labels: 'possible-bug 🐛'
 assignees: ''
 ---
 

diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: 'enhancement'
+labels: 'enhancement ✨'
 assignees: ''
 ---
 

diff --git a/.github/ISSUE_TEMPLATE/tech_debt.md b/.github/ISSUE_TEMPLATE/tech_debt.md
@@ -2,7 +2,7 @@
 name: Tech debt
 about: Record something that should be investigated or refactored in the future.
 title: ''
-labels: 'tech-debt'
+labels: 'tech-debt 💳'
 assignees: ''
 ---
 

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,21 @@
+# Reporting Security Issues
+
+To report a security issue or vulnerability in Zarf, please use the confidential GitHub Security Advisory ["Report a Vulnerability"](https://github.com/defenseunicorns/zarf/security/advisories) tab. The Zarf team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+### When Should I Report a Vulnerability?
+
+* You found a vulnerability in the Zarf code.
+* You found a vulnerability in one of the Zarf dependencies that affects the project that has not been patched yet.
+
+### When Should I NOT Report a Vulnerability?
+
+* You found a bug or malfunction in the Zarf code (not security related).
+* You want to add a feature to Zarf.
+
+## Supported Versions
+
+As Zarf has not yet reached v1.0.0, only the current latest minor release is supported.
+
+## Contacting Us
+
+To discuss security related issues, please email the maintainers at [email protected].
diff --git a/.github/actions/cleanup-files/action.yaml b/.github/actions/cleanup-files/action.yaml
@@ -7,7 +7,7 @@ runs:
     - run: |
         lsblk -f
 
-        sudo rm -rf zarf-sbom /tmp/zarf-* src/ui/node_modules
+        sudo rm -rf zarf-sbom /tmp/zarf-*
         sudo env "PATH=$PATH" CI=true make delete-packages
         sudo build/zarf tools clear-cache
         sudo docker system prune --all --force

diff --git a/.github/actions/golang/action.yaml b/.github/actions/golang/action.yaml
@@ -4,7 +4,7 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
-        go-version: 1.20.x
+        go-version-file: 'go.mod'
         cache: true
diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
@@ -4,11 +4,15 @@ description: "Install pipeline tools"
 runs:
   using: composite
   steps:
-    - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
+    - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
 
-    - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+    - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
 
-    - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin --tag v0.64.2"
+    - name: install grype
+      env:
+        # renovate: datasource=github-tags depName=anchore/grype versioning=semver
+        VERSION: v0.74.6
+      run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION"
       shell: bash
 
-    - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
+    - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
diff --git a/.github/actions/k3d/action.yaml b/.github/actions/k3d/action.yaml
@@ -7,5 +7,5 @@ runs:
     - run: "curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash"
       shell: bash
 
-    - run: k3d cluster delete && k3d cluster create
-      shell: bash
+    - run: k3d cluster delete && k3d cluster create --k3s-arg="--disable=traefik@server:0"
+      shell: bash
diff --git a/.github/actions/node/action.yaml b/.github/actions/node/action.yaml
diff --git a/.github/actions/packages/action.yaml b/.github/actions/packages/action.yaml
@@ -10,18 +10,26 @@ inputs:
     description: 'Build the example packages'
     required: false
     default: 'true'
+  os:
+    description: 'Which OS to build for'
+    required: false
+    default: 'linux'
+  shell:
+    description: 'Which shell to build in'
+    required: false
+    default: 'bash'
 
 runs:
   using: composite
   steps:
     - run: |
-        make build-cli-linux-amd ARCH=amd64
-      shell: bash
+        make build-cli-${{ inputs.os }}-amd ARCH=amd64
+      shell: ${{ inputs.shell }}
     - run: |
         make init-package ARCH=amd64
-      shell: bash
+      shell: ${{ inputs.shell }}
       if: ${{ inputs.init-package == 'true' }}
     - run: |
         make build-examples ARCH=amd64
-      shell: bash
+      shell: ${{ inputs.shell }}
       if: ${{ inputs.build-examples == 'true' }}
diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml
@@ -1,6 +1,12 @@
 name: save-logs
 description: "Save debug logs"
 
+inputs:
+  suffix:
+    description: 'Suffix to append to the debug log'
+    required: false
+    default: ''
+
 runs:
   using: composite
   steps:
@@ -9,7 +15,7 @@ runs:
         sudo chown $USER /tmp/zarf-*.log || echo ""
       shell: bash
 
-    - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+    - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
       with:
-        name: debug-log
+        name: debug-log${{ inputs.suffix }}
         path: /tmp/zarf-*.log
diff --git a/.github/actions/slack/action.yaml b/.github/actions/slack/action.yaml
@@ -9,30 +9,30 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 #v1.24.0
+    - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
       with:
         payload: |
           {
-            "text": "The GitHub Action Workflow **'${{ github.workflow }}'** had a result of: `${{ job.status }}`.",
+            "text": "The GitHub Workflow *'${{ github.workflow }}'* had a result of: `${{ job.status }}`.\n\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Action Log>",
             "blocks": [
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
-                  "text": "The GitHub Action Workflow **'${{ github.workflow }}'** had a result of: `${{ job.status }}`."
+                  "text": "The GitHub Workflow *'${{ github.workflow }}'* had a result of: `${{ job.status }}`."
                 }
               },
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
-                  "text": "View Workflow Run"
+                  "text": " "
                 },
                 "accessory": {
                   "type": "button",
                   "text": {
                     "type": "plain_text",
-                    "text": "Click Me",
+                    "text": "View Action Log",
                     "emoji": true
                   },
                   "value": "click_me_workflow_run",
@@ -44,3 +44,4 @@ runs:
           }
       env:
         SLACK_WEBHOOK_URL: ${{ inputs.slack-webhook-url }}
+        SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
diff --git a/.github/codeql.yaml b/.github/codeql.yaml
@@ -2,7 +2,7 @@ paths-ignore:
   - src/pkg/packager/network.go
   - src/pkg/utils/network.go
   - src/pkg/utils/credentials.go
-  - docs-website/**
+  - site/**
   - build/**
 
 query-filters:

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -8,13 +8,7 @@ Fixes #
 <!-- or -->
 Relates to #
 
-## Type of change
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Other (security config, docs update, etc)
-
 ## Checklist before merging
 
 - [ ] Test, docs, adr added or updated as needed
-- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed
+- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/.github/CONTRIBUTING.md#developer-workflow) followed
diff --git a/.github/workflows/auto-assign-to-project.yml b/.github/workflows/auto-assign-to-project.yml
diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repo"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.event.inputs.branchName }}
 
@@ -27,8 +27,9 @@ jobs:
 
       - name: "Build Rust Binary for x86_64 and arm64"
         run: |
+          cd src/injector
           make build-injector-linux
-          cd src/injector/target
+          cd target
           mkdir -p ../dist
           cp x86_64-unknown-linux-musl/release/zarf-injector ../dist/zarf-injector-amd64
           cp aarch64-unknown-linux-musl/release/zarf-injector ../dist/zarf-injector-arm64
@@ -37,7 +38,7 @@ jobs:
           shasum zarf-injector-arm64 >> checksums.txt
 
       - name: Set AWS Credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }}

diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -0,0 +1,32 @@
+name: PR Title Check
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, edited, synchronize]
+
+permissions:
+  contents: read
+
+jobs:
+  title_check:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+
+      - name: Install commitlint
+        run: npm install --save-dev @commitlint/{config-conventional,cli}
+
+      - name: Lint PR title
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: echo "$PR_TITLE" | npx commitlint