Merge pull request #1087 from carvel-dev/org-change-and-update-deps

Org change and update deps for line 0.30.x
carvel-dev · Feb 2, 2023 · 0b875b1 · 0b875b1
2 parents 4aca6dd + 7510b41
commit 0b875b1
Show file tree

Hide file tree

Showing 17 changed files with 119 additions and 60 deletions.
diff --git a/.github/ISSUE_TEMPLATE/release-checklist.md b/.github/ISSUE_TEMPLATE/release-checklist.md
@@ -0,0 +1,36 @@
+---
+name: Release Checklist
+about: Checklist for release kapp-controller
+title: ''
+labels: carvel, release
+assignees: ''
+
+---
+
+## Releasing a new minor / major:
+- [ ] OSS Release
+    - [ ] [Releasing via workflow](https://github.com/carvel-dev/kapp-controller/blob/develop/docs/dev.md#release).
+    - [ ] Close any GitHub issues that have been delivered.
+    - [ ] Add a link to the release on the issue.
+    - [ ] Communicate to the kctrl maintainers, so they can update the release notes.
+    - [ ] Press the Publish Release button
+- [ ] Update the packaging repositories [kctrl]
+    - [ ] [Check if Update Homebrew](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Update-Homebrew)
+    - [ ] [Check if Update Website Installation Script](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Update-Website-Installation-Script)
+    - [ ] [Check Github Action](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Update-Github-Action)
+- [ ] Update Documentation by [generating a new docs version](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Generate-new-docs-version)
+- [ ] [Push any artifacts to a registry](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Push-OCI-Images-to-Registry)
+- [ ] [Communicate in Slack](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Communicate-in-Slack)
+- [ ] [Add to "Announcements" in Next Community Meeting Agenda](https://hackmd.io/uVpvITUuR4Cbwzkzb7MEpQ?view#Announce-in-community-meeting)
+
+## Releasing a patch version and backporting a CVE:
+- [ ] Validate which branch lines to backport the CVE to. Based on our [private confluence page](https://confluence.eng.vmware.com/x/FyIuSQ).
+- [ ] For each line, e.g `v0.30.x`, `v0.38.x`, do the following:
+    - [ ] Validate that the branch contains the latest patches, that no newer code was forgotten to be merged back in.
+    - [ ] `git checkout v0.38.x`.
+    - [ ] `git checkout -b v0.38.<next-patch-version>`.
+    - [ ] Make the necessary fixes / cherry-picks.
+    - [ ] `git push origin v0.38.<next-patch-version>`.
+    - [ ] Make a PR.
+    - [ ] Once approved, merge the changes back to the `v0.38.x` branch and `git push` the branch and delete your temporary branch used in the PR.
+    - [ ] To Release: follow the instructions FROM THE BRANCH YOU ARE UPDATING at `docs/dev.md#release` in the repository. These will contain the relevant steps at each point of time in the project's history, e.g when updating `v0.25.x` the url will look like: https://github.com/carvel-dev/kapp-controller/blob/v0.25.x/docs/dev.md#release
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,6 +1,6 @@
 <!--  Thanks for sending a pull request!  Here are some tips for you:
 
-If this is your first time, please read our contributor guidelines: https://github.com/vmware-tanzu/carvel-kapp-controller/blob/develop/CONTRIBUTING.md and developer guide https://github.com/vmware-tanzu/carvel-kapp-controller/blob/develop/docs/dev.md
+If this is your first time, please read our contributor guidelines: https://github.com/carvel-dev/kapp-controller/blob/develop/CONTRIBUTING.md and developer guide https://github.com/carvel-dev/kapp-controller/blob/develop/docs/dev.md
 -->
 
 #### What this PR does / why we need it:

diff --git a/.github/workflows/release-process.yml b/.github/workflows/release-process.yml
@@ -12,25 +12,30 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v1
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
 
       - name: Install Carvel Tools
-        uses: vmware-tanzu/carvel-setup-action@v1
+        run: ./hack/install-deps.sh
+
+      - name: Install imgpkg
+        uses: carvel-dev/setup-action@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           only: ytt, kbld
           ytt: v0.40.3
           kbld: v0.32.2
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up Go
-        uses: actions/setup-go@v2
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v3
         with:
           go-version: "1.19.5"
 
@@ -55,7 +60,7 @@ jobs:
           prerelease: true
 
       - name: Get uploaded release YAML checksum
-        uses: actions/github-script@v4
+        uses: actions/github-script@v6
         id: get-checksums-from-draft-release
         if: startsWith(github.ref, 'refs/tags/')
         with:
@@ -66,7 +71,7 @@ jobs:
             const { owner, repo } = context.repo;
             // https://docs.github.com/en/rest/reference/repos#list-releases
             // https://octokit.github.io/rest.js/v18#repos-list-releases
-            var releases = await github.repos.listReleases({
+            var releases = await github.rest.repos.listReleases({
               owner: owner,
               repo: repo
             });
@@ -78,7 +83,7 @@ jobs:
             for (const r of releases["data"]) {
               if (r.draft && `refs/tags/${r.tag_name}` == "${{ github.ref }}") {
                 for (const asset of r.assets) {
-                  var release_asset = await github.repos.getReleaseAsset({ headers: {accept: `application/octet-stream`}, accept: `application/octet-stream`, owner: owner, repo: repo, asset_id: asset.id });
+                  var release_asset = await github.rest.repos.getReleaseAsset({ headers: {accept: `application/octet-stream`}, accept: `application/octet-stream`, owner: owner, repo: repo, asset_id: asset.id });
                   const hash = crypto.createHash('sha256');
                   let http_promise = new Promise((resolve, reject) => {
                     https.get(release_asset.url, (stream) => {

diff --git a/.github/workflows/test-kctrl-gh.yml b/.github/workflows/test-kctrl-gh.yml
@@ -24,7 +24,7 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v1
     - name: Install Carvel Tools
-      uses: vmware-tanzu/carvel-setup-action@v1
+      uses: carvel-dev/setup-action@v1
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         only: ytt, kapp, kbld, vendir

diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
@@ -13,13 +13,18 @@ jobs:
         id: latest-sha
         run: |
           # Get the latest released docker image sha
-          curl -sL https://api.github.com/repos/vmware-tanzu/carvel-kapp-controller/releases/latest | jq -r '.assets[].browser_download_url' | wget -i -
+          curl -sL https://api.github.com/repos/carvel-dev/kapp-controller/releases/latest | jq -r '.assets[].browser_download_url' | wget -i -
 
           echo ::set-output name=image::$(yq eval '.spec.template.spec.containers[0].image' release.yml -N -j | jq 'select(. != null)' -r)
-          echo ::set-output name=tag::$(curl -sL https://api.github.com/repos/vmware-tanzu/carvel-kapp-controller/releases/latest | jq -r '.tag_name')
+          echo ::set-output name=tag::$(curl -sL https://api.github.com/repos/carvel-dev/kapp-controller/releases/latest | jq -r '.tag_name')
       - name: Install Trivy
         run: |
-          brew install aquasecurity/trivy/trivy
+          # https://aquasecurity.github.io/trivy/v0.18.3/installation/
+          sudo apt-get install wget apt-transport-https gnupg lsb-release
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+          sudo apt-get update
+          sudo apt-get install trivy
       - name: Run Trivy
         run: |
           trivy image ${{ steps.latest-sha.outputs.image }}
@@ -38,31 +43,31 @@ jobs:
           echo "SUMMARY=$summary" >> "$GITHUB_ENV"
       - name: Send Slack Notification
         if: success()
-        uses: slackapi/slack-github-action@v1.15.0
+        uses: slackapi/slack-github-action@v1.23.0
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
         with:
-          channel-id: G01FTP43JMQ
+          channel-id: C010XR15VHU
           slack-message: "${{ env.SUMMARY }}"
       - name: Send Failure notification
         if: failure()
-        uses: slackapi/slack-github-action@v1.15.0
+        uses: slackapi/slack-github-action@v1.23.0
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
         with:
-          channel-id: G01FTP43JMQ
+          channel-id: C010XR15VHU
           slack-message: "Trivy scan workflow [${{steps.latest-sha.outputs.tag}}] failed. Please check the latest github action run for trivy scanner."
   scan-develop-branch:
     runs-on: ubuntu-latest
     permissions:
       security-events: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.1.0
         with:
           fetch-depth: 0
       - name: Set up Go 1.x
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
         with:
           go-version: "1.19.5"
       - name: Build the kapp-controller artifacts
@@ -74,7 +79,12 @@ jobs:
           docker build -t docker.io/carvel/kapp-controller:${{ github.sha }} .
       - name: Install Trivy
         run: |
-          brew install aquasecurity/trivy/trivy
+          # https://aquasecurity.github.io/trivy/v0.18.3/installation/
+          sudo apt-get install wget apt-transport-https gnupg lsb-release
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+          sudo apt-get update
+          sudo apt-get install trivy
       - name: Read dismissed CVEs from Github
         run: |
           set -o pipefail
@@ -97,7 +107,7 @@ jobs:
           trivy image --ignore-unfixed --format sarif --output trivy-results-image.sarif "docker.io/carvel/kapp-controller:${{ github.sha }}"
           trivy image --ignore-unfixed --format json --output trivy-results-image.json "docker.io/carvel/kapp-controller:${{ github.sha }}"
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: '.'
       - name: Create Issues Summary
@@ -109,25 +119,33 @@ jobs:
           summary_image=$(jq '.Results[] | select(.Vulnerabilities) | .Vulnerabilities | group_by(.Severity) | map({Severity: .[0].Severity, Count: length}) | tostring' trivy-results-image.json | tr -d \\ | tr -d '"')
           
           summary=$( echo -e "Binary Image Summary:\n$summary_binary\nDocker Image Summary:\n$summary_image")
+
+          # Escape '%', '\n' and '\r' to support multiline strings with set-output
+          # https://github.com/orgs/community/discussions/26288
+          summary="${summary//'%'/'%25'}"
+          summary="${summary//$'\n'/'%0A'}"
+          summary="${summary//$'\r'/'%0D'}"
+
           if [[ -n $summary_binary || -n $summary_image ]]
           then
+            echo "Summary: $summary"
             echo "::set-output name=summary::$summary"
           else
-            echo "No new Issues where found"
+            echo "No new Issues were found"
           fi
       - name: Send Slack Notification if Scan Ran Successfully
         if: steps.cve-summary.outputs.summary != ''
-        uses: slackapi/slack-github-action@v1.16.0
+        uses: slackapi/slack-github-action@v1.23.0
         with:
-          slack-message: "New CVEs found! Check https://github.com/vmware-tanzu/carvel-kapp-controller/security/code-scanning for details \n ${{ steps.cve-summary.outputs.summary }}"
-          channel-id: G01FTP43JMQ
+          slack-message: "New CVEs found! Check https://github.com/carvel-dev/kapp-controller/security/code-scanning for details \n ${{ steps.cve-summary.outputs.summary }}"
+          channel-id: C010XR15VHU
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
       - name: Send Failure notification
         if: failure()
-        uses: slackapi/slack-github-action@v1.15.0
+        uses: slackapi/slack-github-action@v1.23.0
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
         with:
-          channel-id: G01FTP43JMQ
+          channel-id: C010XR15VHU
           slack-message: "Trivy scan workflow failed. Check: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}."
diff --git a/.github/workflows/upgrade-testing.yml b/.github/workflows/upgrade-testing.yml
@@ -37,6 +37,6 @@ jobs:
           minikube start --driver=docker
           eval $(minikube docker-env --shell=bash)
 
-          kapp deploy -a kc -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml -y
+          kapp deploy -a kc -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml -y
 
           ./hack/deploy.sh
diff --git a/Dockerfile b/Dockerfile
@@ -32,8 +32,8 @@ RUN curl -sLo /helm https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz && \
   echo "f3bec3c7c55f6a9eb9e6586b8c503f370af92fe987fcbf741f37707606d70296  /helm" | sha256sum -c - && \
   mkdir /helm-v2-unpacked && tar -C /helm-v2-unpacked -xzvf /helm
 
-RUN curl -sLo /helm https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz && \
-  echo "2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347  /helm" | sha256sum -c - && \
+RUN curl -sLo /helm https://get.helm.sh/helm-v3.10.3-linux-amd64.tar.gz && \
+  echo "950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2  /helm" | sha256sum -c - && \
   mkdir /helm-unpacked && tar -C /helm-unpacked -xzvf /helm
 
 # sops

diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -1,2 +1,2 @@
 # kapp-controller Governance
-kapp-controller governance can be found within the main [Carvel GitHub repo](https://github.com/vmware-tanzu/carvel) within the [GOVERNANCE.md](https://github.com/vmware-tanzu/carvel/blob/develop/GOVERNANCE.md) file.
+kapp-controller governance can be found within the main [Carvel GitHub repo](https://github.com/carvel-dev/carvel) within the [GOVERNANCE.md](https://github.com/carvel-dev/carvel/blob/develop/GOVERNANCE.md) file.
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
@@ -1,2 +1,2 @@
 # kapp-controller Maintainers
-Maintainers for kapp-controller can be found within the main [Carvel GitHub repo](https://github.com/vmware-tanzu/carvel) within the [MAINTAINERS.md](https://github.com/vmware-tanzu/carvel/blob/develop/MAINTAINERS.md) file.
+Maintainers for kapp-controller can be found within the main [Carvel GitHub repo](https://github.com/carvel-dev/carvel) within the [MAINTAINERS.md](https://github.com/carvel-dev/carvel/blob/develop/MAINTAINERS.md) file.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Kubernetes native continuous delivery and package management experience through
 
 <p>
 <a href="https://carvel.dev/kapp-controller/docs/latest">Documentation</a> ·
-<a href="https://app.zenhub.com/workspaces/carvel-backlog-6013063a24147d0011410709/board?repos=220090417">Backlog</a> ·
+<a href="https://github.com/orgs/carvel-dev/projects/1/views/1?filterQuery=repo%3A%22carvel-dev%2Fkapp-controller%22">Backlog</a> ·
 <a href="https://kubernetes.slack.com/archives/CH8KCCKA5">Slack</a> ·
 <a href="https://twitter.com/carvel_dev">Twitter</a>
 </p>
@@ -31,7 +31,7 @@ Kubernetes native continuous delivery and package management experience through
 
 Check out our [contributing guidelines](CONTRIBUTING.md).
 
-First time contributing? Welcome! We are excited to support you, we have created a [list of good issues to get started](https://github.com/vmware-tanzu/carvel-kapp-controller/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22).
+First time contributing? Welcome! We are excited to support you, we have created a [list of good issues to get started](https://github.com/carvel-dev/kapp-controller/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22).
 
 Detailed instructions on how to setup and test locally can be found in our [developer guide](docs/dev.md).
 
@@ -42,4 +42,4 @@ Please join us during our online community meetings. Details can be found on our
 
 You can chat with us on Kubernetes Slack in the #carvel channel and follow us on Twitter at @carvel_dev.
 
-Check out which organizations are using and contributing to Carvel: [Adopter's list](https://github.com/vmware-tanzu/carvel/blob/master/ADOPTERS.md)
+Check out which organizations are using and contributing to Carvel: [Adopter's list](https://github.com/carvel-dev/carvel/blob/master/ADOPTERS.md)
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -1,2 +1,2 @@
 # kapp-controller Roadmap
-The roadmap details for kapp-controller can be found within the main [Carvel GitHub repo](https://github.com/vmware-tanzu/carvel) within the [ROADMAP.md](https://github.com/vmware-tanzu/carvel/blob/develop/ROADMAP.md) file.
+The roadmap details for kapp-controller can be found within the main [Carvel GitHub repo](https://github.com/carvel-dev/carvel) within the [ROADMAP.md](https://github.com/carvel-dev/carvel/blob/develop/ROADMAP.md) file.
diff --git a/config-release/values.yml b/config-release/values.yml
@@ -2,4 +2,4 @@
 ---
 push_images: true
 image_cache: false
-image_repo: ghcr.io/vmware-tanzu/carvel-kapp-controller
+image_repo: ghcr.io/carvel-dev/kapp-controller
diff --git a/docs/dev.md b/docs/dev.md
@@ -10,9 +10,9 @@ You will need the following tools to build and deploy kapp-controller:
 For linux/mac users, all the tools below can be installed by running `./hack/install-deps.sh`.
 
 For windows users, please download the binaries from the respective GitHub repositories:
-* https://github.com/vmware-tanzu/carvel-ytt
-* https://github.com/vmware-tanzu/carvel-kbld
-* https://github.com/vmware-tanzu/carvel-kapp
+* https://github.com/carvel-dev/ytt
+* https://github.com/carvel-dev/kbld
+* https://github.com/carvel-dev/kapp
 
 ### Build
 
@@ -39,8 +39,8 @@ things up.
 
 #### Non-minikube environment
 
-1. Change the [push_images property](https://github.com/vmware-tanzu/carvel-kapp-controller/blob/develop/config/values.yml#L10) to true
-2. Change the [image_repo property](https://github.com/vmware-tanzu/carvel-kapp-controller/blob/develop/config/values.yml#L12) to the location to push the kapp-controller image
+1. Change the [push_images property](https://github.com/carvel-dev/kapp-controller/blob/develop/config/values.yml#L10) to true
+2. Change the [image_repo property](https://github.com/carvel-dev/kapp-controller/blob/develop/config/values.yml#L12) to the location to push the kapp-controller image
 3. Run `./hack/deploy.sh`
 
 *Note:* As above, while iterating you may prefer to run

diff --git a/examples/README.md b/examples/README.md
@@ -7,7 +7,7 @@ Since you need to provide service account for App CRs, we've included two common
 - https://github.com/vmware-tanzu/carvel-kapp-controller/blob/master/examples/rbac/cluster-admin.yml: It creates `cluster-admin-sa` service account within `default` namespace that allows to change _any_ resource in the cluster. (Example usage: `istio-knative.yml`)
 
 ```bash
-$ kapp deploy -a default-ns-rbac -f https://raw.githubusercontent.com/vmware-tanzu/carvel-kapp-controller/develop/examples/rbac/default-ns.yml
+$ kapp deploy -a default-ns-rbac -f https://raw.githubusercontent.com/carvel-dev/kapp-controller/develop/examples/rbac/default-ns.yml
 ```
 
 Once that's done, deploy any example in this repo.