diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ef17ec10..f4f2820e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2026-04-07T14:45:56Z by kres 4e3b74d. +# Generated on 2026-04-18T04:34:01Z by kres 15ff2fd. concurrency: group: ${{ github.head_ref || github.run_id }} @@ -74,6 +74,14 @@ jobs: - name: Set secrets for job run: | sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: CI temp release tag + if: github.event_name == 'pull_request' + run: | + make ci-temp-release-tag + - name: Check dirty + if: github.event_name == 'pull_request' + run: | + make check-dirty - name: js run: | make js diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 27f99dc3..bc4ce5cb 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2026-04-07T14:45:56Z by kres 4e3b74d. +# Generated on 2026-04-18T04:34:01Z by kres 15ff2fd. concurrency: group: helm-${{ github.head_ref || github.run_id }} @@ -65,11 +65,6 @@ jobs: driver: remote endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 timeout-minutes: 10 - - name: Install Helm - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # version: v5.0.0 - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # version: v4.1.1 - name: Login to registry if: github.event_name != 'pull_request' uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # version: v4.1.0 @@ -97,10 +92,6 @@ jobs: if: github.event_name == 'pull_request' run: | make helm-docs - - name: Check dirty - if: github.event_name == 'pull_request' - run: | - make check-dirty - name: helm login if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref_name, '-') env: diff --git a/.kres.yaml b/.kres.yaml index f86003c3..889c631a 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -4,11 +4,6 @@ name: omnictl spec: disableImage: true --- -kind: golang.GoVulnCheck -spec: - ignore: - - GO-2026-4923 # not fixed yet ---- kind: auto.CommandConfig name: acompat spec: @@ -872,13 +867,39 @@ spec: - .vue skipPaths: - node_modules/ - enforceContexts: - - e2e-short - - e2e-scaling - - e2e-templates - - e2e-upgrades - - e2e-backups - - e2e-forced-removal + protectedBranches: + - name: main + enforceContexts: + - e2e-short + - e2e-scaling + - e2e-templates + - e2e-upgrades + - e2e-backups + - e2e-forced-removal + - name: release-1.5 + enforceContexts: + - e2e-short + - e2e-scaling + - e2e-templates + - e2e-upgrades + - e2e-backups + - e2e-forced-removal + - name: release-1.6 + enforceContexts: + - e2e-short + - e2e-scaling + - e2e-templates + - e2e-upgrades + - e2e-backups + - e2e-forced-removal + - name: release-1.7 + enforceContexts: + - e2e-short + - e2e-scaling + - e2e-templates + - e2e-upgrades + - e2e-backups + - e2e-forced-removal --- kind: golang.Toolchain spec: diff --git a/Makefile b/Makefile index af54fceb..c5821507 100644 --- a/Makefile +++ b/Makefile @@ -1,18 +1,19 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2026-04-16T13:44:23Z by kres b6d29bf. +# Generated on 2026-04-20T11:44:49Z by kres 4b58472-dirty. # common variables SHA := $(shell git describe --match=none --always --abbrev=8 --dirty) -TAG := $(shell git describe --tag --always --dirty --match v[0-9]\*) +TAG ?= $(shell git describe --tag --always --dirty --match v[0-9]\*) TAG_SUFFIX ?= -ABBREV_TAG := $(shell git describe --tags >/dev/null 2>/dev/null && git describe --tag --always --match v[0-9]\* --abbrev=0 || echo 'undefined') +ABBREV_TAG ?= $(shell git describe --tags >/dev/null 2>/dev/null && git describe --tag --always --match v[0-9]\* --abbrev=0 || echo 'undefined') BRANCH := $(shell git rev-parse --abbrev-ref HEAD) ARTIFACTS := _out IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX) OPERATING_SYSTEM := $(shell uname -s | tr '[:upper:]' '[:lower:]') GOARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') +CI_RELEASE_TAG := $(shell git log --oneline --format=%B -n 1 HEAD^2 -- 2>/dev/null | head -n 1 | sed -r "/^release\(.*\)/ s/^release\((.*)\):.*$$/\\1/; t; Q") WITH_DEBUG ?= false WITH_RACE ?= false REGISTRY ?= ghcr.io @@ -169,6 +170,14 @@ $(ARTIFACTS): ## Creates artifacts directory. clean: ## Cleans up all artifacts. @rm -rf $(ARTIFACTS) +.PHONY: ci-temp-release-tag +ci-temp-release-tag: ## Generates a temporary release tag for CI run. + @if [ -n "$(CI_RELEASE_TAG)" -a -n "$${GITHUB_ENV}" ]; then \ + echo Setting temporary release tag "$(CI_RELEASE_TAG)"; \ + echo "TAG=$(CI_RELEASE_TAG)" >> "$${GITHUB_ENV}"; \ + echo "ABBREV_TAG=$(CI_RELEASE_TAG)" >> "$${GITHUB_ENV}"; \ + fi + target-%: ## Builds the specified target defined in the Dockerfile. The build result will only remain in the build cache. @$(BUILD) --target=$* $(COMMON_ARGS) $(TARGET_ARGS) $(CI_ARGS) . @@ -188,7 +197,7 @@ local-%: ## Builds the specified target defined in the Dockerfile using the loc done' .PHONY: check-dirty -check-dirty: +check-dirty: generate @if test -n "`git status --porcelain`"; then echo "Source tree is dirty"; git status; git diff; exit 1 ; fi generate-frontend: ## Generate .proto definitions. @@ -215,7 +224,7 @@ $(ARTIFACTS)/frontend-js: .PHONY: frontend frontend: $(ARTIFACTS)/frontend-js ## Builds js release for frontend. -generate: ## Generate .proto definitions. +generate: helm-plugin-install ## Generate .proto definitions. @$(MAKE) local-$@ DEST=./ @TAG=$$(cat internal/version/data/tag); \ if echo "$$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$$'; then \ @@ -495,3 +504,15 @@ conformance: @docker pull $(CONFORMANCE_IMAGE) @docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce +.PHONY: renovate-local +renovate-local: ## runs renovate locally to check syntax and test configuration + @docker run --rm \ + --user $(shell id -u):$(shell id -g) \ + -v $(PWD):/src \ + -w /src \ + -e GITHUB_TOKEN \ + -e LOG_LEVEL=debug \ + -e RENOVATE_PLATFORM=local \ + -e RENOVATE_DRY_RUN=full \ + renovate/renovate +