Merge branch 'main' into dependabot/go_modules/github.com/open-policy-agent/gatekeeper/v3-3.21.1

Author: davidgamero

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5
+        uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v3.29.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5
+        uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v3.29.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5
+        uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v3.29.5

.github/workflows/integration-per-language.yml

@@ -103,15 +103,21 @@ jobs:
           helm-version: "v3.19.2"
           releaseName: "test-release"
         id: bake
+      - name: Set up buildx
+        run: |
+          docker buildx create --use --name draft-builder || docker buildx use draft-builder
+          docker buildx inspect --bootstrap
       - name: Build and Push image
         run: |
           export SHELL=/bin/bash
           eval $(minikube -p minikube docker-env)
-          docker build -f ./langtest/Dockerfile -t testapp ./langtest/
-          docker tag testapp host.minikube.internal:5001/testapp
-          echo -n "verifying images:"
-          docker images
-          docker push host.minikube.internal:5001/testapp
+          docker buildx build \
+            --cache-from=type=gha,scope=${{ inputs.language }}-helm \
+            --cache-to=type=gha,scope=${{ inputs.language }}-helm,mode=max \
+            -f ./langtest/Dockerfile \
+            -t host.minikube.internal:5001/testapp \
+            --push \
+            ./langtest/
           echo 'Curling host.minikube.internal test app images from minikube'
           minikube ssh "curl http://host.minikube.internal:5001/v2/testapp/tags/list"
       # Deploys application based on manifest files from previous step
@@ -146,14 +152,29 @@ jobs:
           kubectl get svc
           echo 'Starting minikube tunnel'
           minikube tunnel  > /dev/null 2>&1 & tunnelPID=$!
-          sleep 120
+          trap 'kill $tunnelPID' EXIT
+          echo 'Waiting for service IP'
+          for i in {1..30}; do
+            SERVICEIP=$(kubectl get svc -o jsonpath={'.items[1].status.loadBalancer.ingress[0].ip'})
+            if [ -n "$SERVICEIP" ]; then
+              break
+            fi
+            sleep 4
+          done
           kubectl get svc
-          SERVICEIP=$(kubectl get svc -o jsonpath={'.items[1].status.loadBalancer.ingress[0].ip'})
           echo "SERVICEIP: $SERVICEIP"
-          echo 'Curling service IP'
-          curl -m 3 $SERVICEIP:${{env.serviceport}}
-          sleep 5
-          kill $tunnelPID
+          if [ -z "$SERVICEIP" ]; then
+            echo 'Service IP not ready'
+            exit 1
+          fi
+          echo 'Curling service IP with retries'
+          for i in {1..20}; do
+            if curl -m 3 "http://$SERVICEIP:${{env.serviceport}}"; then
+              exit 0
+            fi
+            sleep 3
+          done
+          exit 1
       - run: |
           ./draft -v generate-workflow \
           -d ./langtest/ \
@@ -282,16 +303,22 @@ jobs:
           renderEngine: "kustomize"
           kustomizationPath: ./langtest/base
           kubectl-version: "latest"
+      - name: Set up buildx
+        run: |
+          docker buildx create --use --name draft-builder || docker buildx use draft-builder
+          docker buildx inspect --bootstrap
       - name: Build and Push Image
         continue-on-error: true
         run: |
           export SHELL=/bin/bash
           eval $(minikube -p minikube docker-env)
-          docker build -f ./langtest/Dockerfile -t testapp ./langtest/
-          docker tag testapp host.minikube.internal:5001/testapp
-          echo -n "verifying images:"
-          docker images
-          docker push host.minikube.internal:5001/testapp
+          docker buildx build \
+            --cache-from=type=gha,scope=${{ inputs.language }}-kustomize \
+            --cache-to=type=gha,scope=${{ inputs.language }}-kustomize,mode=max \
+            -f ./langtest/Dockerfile \
+            -t host.minikube.internal:5001/testapp \
+            --push \
+            ./langtest/
           echo 'Curling host.minikube.internal test app images from minikube'
           minikube ssh "curl http://host.minikube.internal:5001/v2/testapp/tags/list"
       # Deploys application based on manifest files from previous step
@@ -326,14 +353,29 @@ jobs:
           kubectl get svc
           echo 'Starting minikube tunnel'
           minikube tunnel  > /dev/null 2>&1 & tunnelPID=$!
-          sleep 120
+          trap 'kill $tunnelPID' EXIT
+          echo 'Waiting for service IP'
+          for i in {1..30}; do
+            SERVICEIP=$(kubectl get svc -o jsonpath={'.items[1].status.loadBalancer.ingress[0].ip'})
+            if [ -n "$SERVICEIP" ]; then
+              break
+            fi
+            sleep 4
+          done
           kubectl get svc
-          SERVICEIP=$(kubectl get svc -o jsonpath={'.items[1].status.loadBalancer.ingress[0].ip'})
           echo "SERVICEIP: $SERVICEIP"
-          echo 'Curling service IP'
-          curl -m 3 $SERVICEIP:${{env.serviceport}}
-          sleep 5
-          kill $tunnelPID
+          if [ -z "$SERVICEIP" ]; then
+            echo 'Service IP not ready'
+            exit 1
+          fi
+          echo 'Curling service IP with retries'
+          for i in {1..20}; do
+            if curl -m 3 "http://$SERVICEIP:${{env.serviceport}}"; then
+              exit 0
+            fi
+            sleep 3
+          done
+          exit 1
       - run: |
           ./draft -v generate-workflow \
           -d ./langtest/ \
@@ -458,16 +500,22 @@ jobs:
         uses: medyagh/setup-minikube@master
         with:
           insecure-registry: "host.minikube.internal:5001,10.0.0.0/24"
+      - name: Set up buildx
+        run: |
+          docker buildx create --use --name draft-builder || docker buildx use draft-builder
+          docker buildx inspect --bootstrap
       - name: Build and Push Image
         continue-on-error: true
         run: |
           export SHELL=/bin/bash
           eval $(minikube -p minikube docker-env)
-          docker build -f ./langtest/Dockerfile -t testapp ./langtest/
-          docker tag testapp host.minikube.internal:5001/testapp
-          echo -n "verifying images:"
-          docker images
-          docker push host.minikube.internal:5001/testapp
+          docker buildx build \
+            --cache-from=type=gha,scope=${{ inputs.language }}-manifests \
+            --cache-to=type=gha,scope=${{ inputs.language }}-manifests,mode=max \
+            -f ./langtest/Dockerfile \
+            -t host.minikube.internal:5001/testapp \
+            --push \
+            ./langtest/
           echo 'Curling host.minikube.internal test app images from minikube'
           minikube ssh "curl http://host.minikube.internal:5001/v2/testapp/tags/list"
       # Deploys application based on manifest files from previous step
@@ -497,14 +545,29 @@ jobs:
           kubectl get svc
           echo 'Starting minikube tunnel'
           minikube tunnel  > /dev/null 2>&1 & tunnelPID=$!
-          sleep 120
+          trap 'kill $tunnelPID' EXIT
+          echo 'Waiting for service IP'
+          for i in {1..30}; do
+            SERVICEIP=$(kubectl get svc -o jsonpath={'.items[1].status.loadBalancer.ingress[0].ip'})
+            if [ -n "$SERVICEIP" ]; then
+              break
+            fi
+            sleep 4
+          done
           kubectl get svc
-          SERVICEIP=$(kubectl get svc -o jsonpath={'.items[1].status.loadBalancer.ingress[0].ip'})
           echo "SERVICEIP: $SERVICEIP"
-          echo 'Curling service IP'
-          curl -m 3 $SERVICEIP:${{env.serviceport}}
-          sleep 5
-          kill $tunnelPID
+          if [ -z "$SERVICEIP" ]; then
+            echo 'Service IP not ready'
+            exit 1
+          fi
+          echo 'Curling service IP with retries'
+          for i in {1..20}; do
+            if curl -m 3 "http://$SERVICEIP:${{env.serviceport}}"; then
+              exit 0
+            fi
+            sleep 3
+          done
+          exit 1
       - run: |
           ./draft -v generate-workflow \
           -d ./langtest/ \
@@ -570,13 +633,21 @@ jobs:
       - name: start minikube
         id: minikube
         uses: medyagh/setup-minikube@master
+      - name: Set up buildx
+        run: |
+          docker buildx create --use --name draft-builder || docker buildx use draft-builder
+          docker buildx inspect --bootstrap
       - name: Build image
         run: |
           export SHELL=/bin/bash
           eval $(minikube -p minikube docker-env)
-          docker build -f ./langtest/Dockerfile -t testapp ./langtest/
-          echo -n "verifying images:"
-          docker images
+          docker buildx build \
+            --cache-from=type=gha,scope=${{ inputs.language }}-manifest-update \
+            --cache-to=type=gha,scope=${{ inputs.language }}-manifest-update,mode=max \
+            --load \
+            -f ./langtest/Dockerfile \
+            -t testapp \
+            ./langtest/
       # Deploys application based on manifest files from previous step
       - name: Deploy application
         run: kubectl apply -f ./langtest/manifests/

template/dockerfiles/rust/draft.yaml

@@ -17,9 +17,9 @@ variables:
     type: "string"
     kind: "containerImageVersion"
     default:
-      value: "1.83.0"
+      value: "1.88.0"
     description: "the version of rust used by the application"
-    exampleValues: ["1.83.0", "1.82.0", "1.70.0", "1.65.0", "1.60"]
+    exampleValues: ["1.88.0", "1.87.0", "1.86.0", "1.85.0", "1.83.0"]
     versions: ">=0.0.1"
   - name: "DOCKERFILENAME"
     type: "string"
@@ -28,4 +28,4 @@ variables:
       value: "Dockerfile"
       disablePrompt: true
     description: "the name of the Dockerfile"
-    versions: ">=0.0.1"
+    versions: ">=0.0.1"

test/integration/rust/helm.yaml

@@ -12,7 +12,7 @@ deployVariables:
     value: "host.minikube.internal:5001/testapp"
 languageVariables:
   - name: "VERSION"
-    value: "1.83.0"
+    value: "1.88.0"
   - name: "BUILDERVERSION"
     value: "null"
   - name: "PORT"

test/integration/rust/kustomize.yaml

@@ -12,7 +12,7 @@ deployVariables:
     value: "host.minikube.internal:5001/testapp"
 languageVariables:
   - name: "VERSION"
-    value: "1.83.0"
+    value: "1.88.0"
   - name: "BUILDERVERSION"
     value: "null"
   - name: "PORT"

test/integration/rust/manifest.yaml

@@ -12,7 +12,7 @@ deployVariables:
     value: "host.minikube.internal:5001/testapp"
 languageVariables:
   - name: "VERSION"
-    value: "1.83.0"
+    value: "1.88.0"
   - name: "BUILDERVERSION"
     value: "null"
   - name: "PORT"