Merge pull request #110 from rexagod/os-master

NO-JIRA: Merge `v2.11.0` and `v2.12.0` tags

Author: openshift-merge-bot[bot]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -18,6 +18,13 @@ If the matter is security related, please disclose it privately see https://gith
 
 **How to reproduce it (as minimally and precisely as possible)**:
 
+```bash
+# An example: https://github.com/kubernetes/kube-state-metrics/issues/2223#issuecomment-1792850276
+minikube start
+...
+go run main.go --custom-resource-state-only --custom-resource-state-config-file ksm-2223/custom-resource-config-file.yaml --kubeconfig ~/.kube/config
+```
+
 **Anything else we need to know?**:
 
 **Environment**:

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    groups:
+      k8s-dependencies:
+        patterns:
+          - "k8s.io*"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "tools"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/ci.yml

@@ -32,7 +32,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -54,7 +54,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -75,7 +75,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -96,7 +96,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -105,7 +105,7 @@ jobs:
       run: |
         make install-tools
 
-    - name: Check that all metrics are documented
+    - name: Check that all metrics are documented and templates have no delta
       run: |
         make doccheck
 
@@ -117,7 +117,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -153,7 +153,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -174,7 +174,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go
@@ -195,7 +195,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ env.GO_VERSION }}
       id: go

.github/workflows/govulncheck.yml

@@ -8,14 +8,17 @@ on:
 env:
   GO_VERSION: "^1.20"
 
+permissions:
+  contents: read
+
 jobs:
   ci-security-checks:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
         name: Checkout code
       - name: Set up Go 1.x
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Install govulncheck binary

.github/workflows/openvex.yml

@@ -0,0 +1,19 @@
+name: openvex
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+jobs:
+  vexctl:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set environment variables
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - uses: openvex/generate-vex@c59881b41451d7ccba5c3b74cd195382b8971fcd
+        # Refer: https://github.com/openvex/vexctl#operational-model
+        name: Run vexctl
+        with:
+            product: pkg:golang/k8s.io/kube-state-metrics/v2@${{ env.RELEASE_VERSION }}

.github/workflows/semantic.yml

@@ -7,8 +7,14 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+
 jobs:
   main:
+    permissions:
+      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
     name: Validate PR title for semantic commit message
     runs-on: ubuntu-latest
     steps:

.openvex/templates/README.md

@@ -0,0 +1,28 @@
+# OpenVEX Templates Directory
+
+This directory contains the OpenVEX data for this repository.
+The files stored in this directory are used as templates by
+`vexctl generate` when generating VEX data for a release or
+a specific artifact.
+
+To add new statements to publish data about a vulnerability,
+download [vexctl](https://github.com/openvex/vexctl)
+and append new statements using `vexctl add`. For example:
+
+```
+vexctl add --in-place main.openvex.json pkg:oci/test CVE-2014-1234567 fixed
+```
+
+That will add a new VEX statement expressing that the impact of
+CVE-2014-1234567 is under investigation in the test image. When
+cutting a new release, for `pkg:oci/test` the new file will be
+incorporated to the relase's VEX data.
+
+## Read more about OpenVEX
+
+To know more about generating, publishing and using VEX data
+in your project, please check out the [vexctl repository and
+documentation](https://github.com/openvex/vexctl).
+
+OpenVEX also has an [examples repository](https://github.com/openvex/examples)
+with samples and docs.

.openvex/templates/main.openvex.json

@@ -0,0 +1,8 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@id": "https://openvex.dev/docs/public/vex-2912204db7d51d98234a931d600f7cc2dd0bf24a5b5b326de138d64b30c22911",
+  "author": "vexctl (automated template)",
+  "timestamp": "2023-12-15T22:55:18.754525+05:30",
+  "version": 1,
+  "statements": []
+}