Merge branch 'main' into fix-publish

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.13.1"
+  ".": "1.0.0"
 }

CHANGELOG.md

@@ -1,5 +1,36 @@
 # Changelog
 
+## [1.0.0](https://github.com/defenseunicorns/uds-common/compare/v0.13.1...v1.0.0) (2024-10-07)
+
+
+### ⚠ BREAKING CHANGES
+
+* **task:** add optional config input to create, deploy package and bundle tasks ([#262](https://github.com/defenseunicorns/uds-common/issues/262))
+* add shell linting to uds-common linting ([#258](https://github.com/defenseunicorns/uds-common/issues/258))
+* update uds common gh actions to use uds run conditionals ([#254](https://github.com/defenseunicorns/uds-common/issues/254))
+
+### Features
+
+* **task:** add optional config input to create, deploy package and bundle tasks ([#262](https://github.com/defenseunicorns/uds-common/issues/262)) ([3d3e9cb](https://github.com/defenseunicorns/uds-common/commit/3d3e9cb82e6664a4250782e6ae3a4e1112cfe5be))
+* update uds common gh actions to use uds run conditionals ([#254](https://github.com/defenseunicorns/uds-common/issues/254)) ([c9d92f0](https://github.com/defenseunicorns/uds-common/commit/c9d92f0481d147e362d359447b487ab1c1560f31))
+
+
+### Bug Fixes
+
+* update publish permissions ([#263](https://github.com/defenseunicorns/uds-common/issues/263)) ([2e57869](https://github.com/defenseunicorns/uds-common/commit/2e57869b41d1f523ca37b2a3da035a580fc7d6d0))
+
+
+### Miscellaneous
+
+* add an ADR to document workflow/job names ([#260](https://github.com/defenseunicorns/uds-common/issues/260)) ([0685c7c](https://github.com/defenseunicorns/uds-common/commit/0685c7cac904ebe5f746770f9488210498d4463d))
+* add shell linting to uds-common linting ([#258](https://github.com/defenseunicorns/uds-common/issues/258)) ([82e9137](https://github.com/defenseunicorns/uds-common/commit/82e9137642cb5dc0ba41cb33ad1ae44258549d19))
+* correct the release workflow path on README ([#265](https://github.com/defenseunicorns/uds-common/issues/265)) ([62c9a5f](https://github.com/defenseunicorns/uds-common/commit/62c9a5f0a14a8215d5d7e55e1b11d0d77003c8e1))
+* **deps:** update uds common support dependencies ([#250](https://github.com/defenseunicorns/uds-common/issues/250)) ([c828932](https://github.com/defenseunicorns/uds-common/commit/c82893264fffadfd0d84ca239a9459e6e55b9635))
+* **docs:** restructure and introduce metadata guidelines ([#266](https://github.com/defenseunicorns/uds-common/issues/266)) ([6828f10](https://github.com/defenseunicorns/uds-common/commit/6828f10932a65d5fbbaf5994e2c23ddd1cd27255))
+* refactor and improve badge verification task ([#249](https://github.com/defenseunicorns/uds-common/issues/249)) ([82e63be](https://github.com/defenseunicorns/uds-common/commit/82e63be82766a2e550a847af904b2d738c9d3478))
+* update practices around maintaining the UDS Common framework ([#253](https://github.com/defenseunicorns/uds-common/issues/253)) ([a733122](https://github.com/defenseunicorns/uds-common/commit/a7331224f153532361d32d0b02de6cbe7361ffe3))
+* update the codeowners for the repo ([#264](https://github.com/defenseunicorns/uds-common/issues/264)) ([6359020](https://github.com/defenseunicorns/uds-common/commit/6359020fa85b88f3360d0813f3da1d5e1f51134c))
+
 ## [0.13.1](https://github.com/defenseunicorns/uds-common/compare/v0.13.0...v0.13.1) (2024-09-23)
 
 

CODEOWNERS

@@ -1,7 +1,7 @@
-* @defenseunicorns/uds-core @defenseunicorns/swf @defenseunicorns/zarf @defenseunicorns/pepr @defenseunicorns/lula-dev @defenseunicorns/uds @defenseunicorns/leapfrogai @defenseunicorns/uds-marketplace
+* @defenseunicorns/uds-core @defenseunicorns/swf @defenseunicorns/leapfrogai @defenseunicorns/uds-appstore
 
 # Common Renovate Configuration (updates as soon as it hits `main`)
-/config/renovate.json5 @defenseunicorns/uds-core @defenseunicorns/swf @defenseunicorns/tech-leads
+/config/renovate.json5 @defenseunicorns/uds-platform-leads @defenseunicorns/swf-leads @defenseunicorns/tech-leads
 
 # UDS Package Practices
 /docs/made-for-uds.svg @defenseunicorns/tech-leads

README.md

@@ -4,7 +4,7 @@
 [![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-common/release.yaml)](https://github.com/defenseunicorns/uds-common/actions/workflows/release.yaml)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-common/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-common)
 
-This repo acts as a UDS Package Framework that contains common configuration, tasks and documentation useful for building downstream UDS Packages.  It defines and helps consumers implement [UDS package practices](./docs/package_integration/uds-package-practices.md) within their specific package repositories and is intended to help streamline keeping those practices up to date over time.
+This repo acts as a UDS Package Framework that contains common configuration, tasks and documentation useful for building downstream UDS Packages.  It defines and helps consumers implement [UDS package practices](./docs/uds-packages/requirements/uds-package-requirements.md) within their specific package repositories and is intended to help streamline keeping those practices up to date over time.
 
 ## Contents
 

bundle/uds-bundle.yaml

@@ -3,12 +3,12 @@ metadata:
   name: test
   description: The testing UDS bundle
   # x-release-please-start-version
-  version: 0.13.1
+  version: 1.0.0
   # x-release-please-end
 
 packages:
   - name: nginx
     path: ../
     # x-release-please-start-version
-    ref: 0.13.1
+    ref: 1.0.0
     # x-release-please-end

docs/package_integration/guide.md → docs/uds-packages/guide.md

@@ -2,7 +2,7 @@
 
 ## Introduction
 
-This guide is intended for developers integrating applications with UDS (Unicorn Delivery Service). It provides an overview of the integration process, key considerations, and resources to ensure a smooth integration.
+This guide is intended for developers integrating applications with UDS (Unicorn Delivery Service). It provides an overview of the integration process, key considerations, and resources to ensure a smooth integration. If you are familiar with UDS Package creation, [Badging Requirements](./requirements/uds-package-requirements.md) may be more relevant.
 
 Integrating a Package fundamentally means:
 1. Creating a repository `uds-package-<name>` from [uds-package-template](https://github.com/defenseunicorns/uds-package-template)

docs/uds-packages/guidelines/metadata-guidelines.md

@@ -0,0 +1,7 @@
+# Application Metadata
+
+When a uds-package [achieves a badge](../requirements/uds-package-requirements.md), it is eligible for inclusion and publishing on the Airgap App Store [apps.uds.is](https://apps.uds.is). _(soon apps.defenseunicorns.com [#170](https://github.com/defenseunicorns/uds-marketplace/issues/170))_
+
+Packages listed on the App Store include some metadata describing the package. [zarf-dev/zarf#2976](https://github.com/zarf-dev/zarf/issues/2976) introduces annotations, which will be leveraged to provide this metadata. Until released, the metadata will be stored in a separate file in the App Store repository.
+
+Instructions on creating Application Metadata can be found in [uds-appstore Contributing Guide](https://github.com/defenseunicorns/uds-appstore/blob/main/CONTRIBUTING.md#app-store-package-metadata)

docs/package_integration/uds-package-practices.md → docs/uds-packages/requirements/uds-package-requirements.md

@@ -1,10 +1,12 @@
-# UDS Package Practices
+# UDS Package Standards and Badging Requirements
 
-This document describes the standards for [<img alt="Made for UDS" src="../made-for-uds.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core) badging. It is not a comprehensive guide to creating UDS Packages and assumes familiarity with the UDS ecosystem and UDS Package Custom Resource. If you are unfamiliar with these concepts, please first refer to the [package integration guide](guide.md) providing more detailed information.
+This document describes the standards for [<img alt="Made for UDS" src="../../assets/made-for-uds.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core) badging. It is not a comprehensive guide to creating UDS Packages and assumes familiarity with the UDS ecosystem and UDS Package Custom Resource. If you are unfamiliar with these concepts, please first refer to the [package integration guide](../guide.md) providing more detailed information.
 
 Made for UDS Packages integrate with services and features of [UDS Core](https://github.com/defenseunicorns/uds-core), through the [UDS `Package` custom resource](https://github.com/defenseunicorns/uds-core/blob/main/src/pepr/operator/README.md#example-uds-package-cr). These packages can be one of three tiers:
 
-[<img alt="Gold" src="../made-for-uds-gold.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core), [<img alt="Silver" src="../made-for-uds-silver.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core), or [<img alt="bronze" src="../made-for-uds-bronze.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core).
+[<img alt="Gold" src="../../assets/made-for-uds-gold.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core)
+[<img alt="Silver" src="../../assets/made-for-uds-silver.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core)
+[<img alt="bronze" src="../../assets/made-for-uds-bronze.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core)
 
 > [!IMPORTANT]
 > Packages should aim for Gold by default and only _SETTLE_ for lesser tiers of Bronze and Silver.
@@ -23,7 +25,7 @@ _a Gold UDS Package implements best-effort 0-cve images, configuration hardening
 Gold Packages:
 
 - **Must** satisfy all the requirements of [Silver](#silver) packages
-- **Must** include OSCAL-component control mapping and responses for the application. see [OSCAL Guidelines](oscal-guidelines.md)
+- **Must** include OSCAL-component control mapping and responses for the application. see [OSCAL Guidelines](../guidelines/oscal-guidelines.md)
 - **Must** minimize the scope and number of the exemptions to only what is absolutely required by the application
   - UDS Packages **may** make use of the [UDS `Exemption` custom resource](https://github.com/defenseunicorns/uds-core/blob/main/src/pepr/operator/README.md#example-uds-exemption-cr) for exempting any Pepr policies, but in doing so they **Must** document rationale for the exemptions
 - **Must** declaratively implement any available application hardening guidelines by default (Example: [GitLab Hardening guidelines](https://docs.gitlab.com/ee/security/hardening.html))
@@ -63,8 +65,8 @@ Bronze packages:
 - **Must** be declaratively bundled in a [Zarf package](https://docs.zarf.dev/ref/create/)
 - **Must** define any external interfaces under the `expose` key in the [UDS Package Custom Resource](https://github.com/defenseunicorns/uds-core/blob/main/docs/configuration/uds-operator.md)
 - **Must** deploy and operate successfully with Istio injection enabled in the namespace.
-- **Must** implement Journey testing, covering the basic user flows and features of the application (see [Testing Guidelines](./testing-guidelines.md))
-- **Must** implement Upgrade Testing to ensure that the current development package works when deployed over the previously released one. (see [Testing Guidelines](./testing-guidelines.md))
+- **Must** implement Journey testing, covering the basic user flows and features of the application (see [Testing Guidelines](../guidelines/testing-guidelines.md))
+- **Must** implement Upgrade Testing to ensure that the current development package works when deployed over the previously released one. (see [Testing Guidelines](../guidelines/testing-guidelines.md))
 - **Must** be capable of operating within an internet-disconnected (air-gapped) environment
 - **Must** be actively maintained by the package maintainers identified in CODEOWNERS [see #CODEOWNERS section for more information](#codeowners)
 - **Must** be versioned using the UDS Package [Versioning scheme](#versioning)
@@ -74,6 +76,7 @@ Bronze packages:
 - **Must** release its package to the `ghcr.io/defenseunicorns/packages/<group>` namespace as the application's name (i.e. `ghcr.io/defenseunicorns/packages/uds/mattermost`).
 - **Must** not make the assumption that the `expose` interfaces are accessible to the bastion or pipeline deploying the package (i.e. `*.uds.dev`).
   > If web requests need to be made they should be done through a `Job` or `./uds zarf tools kubectl exec` as appropriate.
+- **Must** include application [metadata for Airgap App Store](../guidelines/metadata.md) publishing
 - **Should** lint their configurations with appropriate tooling, such as [`yamllint`](https://github.com/adrienverge/yamllint) and [`zarf dev lint`](https://docs.zarf.dev/commands/zarf_dev_lint/).
 
 ## Badging

tasks.yaml

@@ -112,5 +112,5 @@ tasks:
         task: publish:package
         with:
           # x-release-please-start-version
-          version: 0.13.1
+          version: 1.0.0
           # x-release-please-end

zarf.yaml

@@ -4,7 +4,7 @@ metadata:
   name: nginx
   description: UDS nginx package
   # x-release-please-start-version
-  version: 0.13.1
+  version: 1.0.0
   # x-release-please-end