Merge branch 'main' into ch-jaime

Author: FloorD

.github/workflows/codeql.yml

@@ -0,0 +1,105 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "main", "production" ]
+  pull_request:
+    branches: [ "main", "production" ]
+  schedule:
+    - cron: '35 12 * * 3'
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: actions
+          build-mode: none
+        - language: javascript-typescript
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        config: |
+          paths-ignore:
+            - assets/documentation/
+
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/hugo_build.yml

@@ -9,13 +9,16 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
+permissions: read-all
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
   build:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: write
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it

assets/pdf/20250702 - PUG NL - Migrating PostgreSQL to Kubernetes.pdf

@@ -34,17 +34,17 @@ certainly at KubeCon Europe this April there was a high concentration of them
 in host city London! These days, Floor gets to work with the project's 
 maintainers directly.
 
-My contributions to the project are mostly in communication and community. 
+"My contributions to the project are mostly in communication and community. 
 I talk to end-users and write about their use case, I find events for us to 
-speak at, and I interview people for this series!
+speak at, and I interview people for this series!"
 
 One question we like to ask is: if you had all the time/skills/money in the 
 world, what would you most like to change about CloudNativePG? Floor's answer 
 is this: "I'd like to onboard more contributors to the project and make sure 
 they feel enabled to take on more impactful roles. And also just for everyone 
 to get a chance to meet the other members. I'm trying with the idea of 
 organizing a contributor summit around PGDay Napoli in September, since so 
-many of our maintainers are based in Italy anyway.
+many of our maintainers are based in Italy anyway."
 
 What first got Floor into technology was her blog. To bend the WordPress beast 
 to her will, she had to learn just enough PHP to copy and paste code snippets 

assets/pdf/20250703 - Dutch Cloud Native Days Utrecht - Bartolini - The Past, Present, and Future of Postgres in Kubernetes.pdf

@@ -0,0 +1,59 @@
+---
+title: "Contributor Spotlight: Ying Zhu"
+date: 2025-07-01
+draft: false
+image:
+    url: ying.jpeg
+    attribution:
+author: fdrees
+tags:
+ - minecraft
+ - lfx
+ - mentorship
+ - kubernetes
+ - postgresql
+ - open-source
+ - spotlight
+summary: "In a mini-series on this blog we highlight the work of the community.
+  Today we meet Ying Zhu, student at Carnegie Mellon University, and CNCF 
+  mentee." 
+---
+
+Building and maintaining an open source project takes a village. In a
+mini-series on this blog we would like to highlight the work of our
+maintainers, component owners, and members of the larger community.
+
+This week the spotlight shines on Ying Zhu ([EdwinaZhu on GitHub](https://github.com/EdwinaZhu)), student at Carnegie 
+Mellon University, graduating next year (if all goes well, of course). In June
+2024 Ying graduated from Nanjing University a Bachelor of Science (Computer 
+Science).
+
+Ying joined the CloudNativePG project as a mentee through the [LFX program](https://cloudnative-pg.io/blog/lfx-cncf-mentorship/). 
+LFX Mentorship is a Cloud Native Computing Foundation mentorship platform that 
+spans across the CNCF projects. More than 190 mentees have been accepted since 
+the programs started in 2019, participating in 96 mentorship programs. Ying will 
+be working with [Gabriele Bartolini](https://github.com/gbartolini), [Leonardo Cecchi](https://github.com/leonardoce), [Marco Nenciarini](https://github.com/mnencia), 
+and [Armando Ruocco](https://github.com/armru). When browsing CNCF projects to contribute to, 
+CloudNativePG's focus on Postgres and Kubernetes immediately caught her interest 
+since she's already involved in those communities.
+
+She's currently working on implementing declarative support for managing 
+PostgreSQL Foreign Data Wrappers (FDWs) through the Database custom resource. 
+"First I'm focused on learning and understanding the system deeply. It's still 
+in progress, but I'm learning a lot and enjoying every step!"
+
+Ying is especially interested in areas like extensibility, observability, and 
+making it easier for users to declaratively manage PostgreSQL features. We're 
+looking forward to more contributions to the project in those areas by Ying!
+
+What first got Ying in technology was playing Minecraft. "I was the leader of 
+the Minecraft club during my undergraduate years. It was so much fun to program 
+mods and set up multiplayer servers for others to enjoy. This led me to pursue 
+a path in programming technology."
+
+After graduation, Ying would love to work as an infrastructure engineer,
+on scalable and reliable systems. And keep contributing to open-source tools that 
+power modern cloud-native applications, as that's her passion!
+
+If you want to get in touch with Ying, you can find her in the 
+CloudNativePG channels on the CNCF Slack workspace, or on [LinkedIn](https://www.linkedin.com/in/yingzhu03/). You can follow the CloudNativePG project on [Bluesky](https://cloudnativepg.bsky.social) and [Mastodon](https://mastodon.social/@CloudNativePG) too!