merge: resolve conflicts with main (dependency versions + TODO.md)

Author: dangrondahl

.github/workflows/binary_provenance.yml

@@ -35,7 +35,7 @@ jobs:
                 artifact: ${{fromJson(inputs.artifacts)}}
         steps:
         - name: Harden Runner
-          uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+          uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
           with:
             egress-policy: audit
 
@@ -47,7 +47,7 @@ jobs:
             path: ${{ github.workspace }}/${{inputs.dir}}
 
         - name: setup-kosli-cli
-          uses: kosli-dev/setup-cli-action@v3
+          uses: kosli-dev/setup-cli-action@v4
           with:
             version:
                 ${{ vars.KOSLI_CLI_VERSION }}

.github/workflows/claude-pr-review.yml

@@ -27,7 +27,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -80,7 +80,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/daily-cli-tests.yml

@@ -12,7 +12,7 @@ jobs:
       trail_name: ${{ steps.prep.outputs.trail_name }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -54,6 +54,38 @@ jobs:
       kosli_querying_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }}
       sonarqube_token: ${{ secrets.KOSLI_SONARQUBE_TOKEN }}
 
+  contract-tests:
+    name: Contract Tests
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: '.go-version'
+          check-latest: true
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v6
+        with:
+          role-to-assume: arn:aws:iam::772819027869:role/cli
+          aws-region: eu-central-1
+          role-duration-seconds: 2400
+          role-session-name: ${{ github.event.repository.name }}
+
+      - name: Run contract tests
+        run: make test_contract
+        env:
+          KOSLI_GITHUB_TOKEN: ${{ secrets.KOSLI_GITHUB_TOKEN }}
+
   slack-notification-on-failure:
     runs-on: ubuntu-24.04
     permissions:
@@ -63,11 +95,12 @@ jobs:
       [
         set-trail-name,
         test,
+        contract-tests,
       ]
-    if: ${{ always() && contains(join(needs.*.result, ','), 'failure') && github.ref == 'refs/heads/master' }}
+    if: ${{ always() && contains(join(needs.*.result, ','), 'failure') && github.ref == 'refs/heads/main' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/docker.yml

@@ -63,7 +63,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -120,7 +120,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -187,7 +187,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -219,7 +219,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: setup-kosli-cli
-        uses: kosli-dev/setup-cli-action@v3
+        uses: kosli-dev/setup-cli-action@v4
         with:
           version: ${{ vars.KOSLI_CLI_VERSION }}
 

.github/workflows/helm-chart.yml

@@ -1,7 +1,7 @@
 name: helm chart
 
 on:
-  workflow_dispatch:
+  workflow_dispatch: {}
   push:
     branches:
       - main
@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -41,13 +41,15 @@ jobs:
       - name: Lint
         run: make helm-lint
 
+      - name: Setup Helm Docs
+        uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4
+        with:
+          version: 'latest' # v1.14.2
+
       - name: Generate Helm Docs
         run: |
-          curl -L https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_linux_amd64.deb --output helm-docs.dep
-          sudo dpkg -i helm-docs.dep
-          rm helm-docs.dep
-          cd charts/k8s-reporter 
-          helm-docs --template-files README.md.gotmpl,_templates.gotmpl --output-file README.md 
+          cd charts/k8s-reporter
+          helm-docs --template-files README.md.gotmpl,_templates.gotmpl --output-file README.md
           helm-docs --template-files README.md.gotmpl,_templates.gotmpl --output-file ../../docs.kosli.com/content/helm/_index.md
 
       - name: Helm Package
@@ -72,11 +74,11 @@ jobs:
       - name: Upload new chart and the update index.yaml to S3
         run: |
           rm package/old-index.yaml
-          aws s3 cp --recursive package s3://kosli-helm-charts-repo/stable/k8s-reporter/ 
+          aws s3 cp --recursive package s3://kosli-helm-charts-repo/stable/k8s-reporter/
 
       - name: cleanup
         run: |
-          rm -rf package 
+          rm -rf package
 
       - name: Create branch via GitHub API
         run: |

.github/workflows/init_kosli.yml

@@ -40,7 +40,7 @@ jobs:
         steps:
 
         - name: Harden Runner
-          uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+          uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
           with:
             egress-policy: audit
 
@@ -50,7 +50,7 @@ jobs:
             ref: ${{ inputs.checkout_ref || github.sha }}
 
         - name: setup-kosli-cli
-          uses: kosli-dev/setup-cli-action@v3
+          uses: kosli-dev/setup-cli-action@v4
           with:
             version:
                 ${{ vars.KOSLI_CLI_VERSION }}

.github/workflows/install-script-tests.yml

@@ -33,7 +33,7 @@ jobs:
 
         steps:
         - name: Harden Runner
-          uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+          uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
           with:
             egress-policy: audit
 
@@ -52,7 +52,7 @@ jobs:
 
         steps:
         - name: Harden Runner
-          uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+          uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
           with:
             egress-policy: audit
 

.github/workflows/main.yml

@@ -22,7 +22,7 @@ jobs:
       report_to_kosli: ${{ steps.prep.outputs.report_to_kosli }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -133,10 +133,10 @@ jobs:
         test,
         docker
       ]
-    if: ${{ always() && contains(join(needs.*.result, ','), 'failure') && github.ref == 'refs/heads/master' }}
+    if: ${{ always() && contains(join(needs.*.result, ','), 'failure') && github.ref == 'refs/heads/main' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/never_alone_trail.yml

@@ -41,7 +41,7 @@ jobs:
         steps:
 
         - name: Harden Runner
-          uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+          uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
           with:
             egress-policy: audit
 
@@ -50,7 +50,7 @@ jobs:
             fetch-depth: 0
 
         - name: setup-kosli-cli
-          uses: kosli-dev/setup-cli-action@v3
+          uses: kosli-dev/setup-cli-action@v4
           with:
             version: ${{ vars.KOSLI_CLI_VERSION }}
 

.github/workflows/publish_branch_docs.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit