Merge branch 'master' into dependabot/docker/test/image/golang-1.23-b…

…ullseye
open-policy-agent · Sep 4, 2024 · b199b4c · b199b4c
2 parents 80a651a + 7429d70
commit b199b4c
Show file tree

Hide file tree

Showing 122 changed files with 5,554 additions and 188 deletions.
diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml
@@ -17,7 +17,7 @@ jobs:
  pull-requests: write
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/check-manifest.yaml b/.github/workflows/check-manifest.yaml
@@ -32,7 +32,7 @@ jobs:
  timeout-minutes: 10
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -17,20 +17,20 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
  - name: Checkout repository
  uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
  - name: Initialize CodeQL
- uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a
+ uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6
  with:
  languages: go
 
  - name: Autobuild
- uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a
+ uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a
+ uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6
diff --git a/.github/workflows/dapr-pubsub.yaml b/.github/workflows/dapr-pubsub.yaml
@@ -20,7 +20,7 @@ jobs:
  DAPR_VERSION: ["1.12"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -60,7 +60,7 @@ jobs:
  kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-publish.json
 
  - name: Upload artifacts
- uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
  if: ${{ always() }}
  with:
  name: pubsub-logs

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml
@@ -25,7 +25,7 @@ jobs:
  contents: read
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -33,7 +33,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/patch-docs.yaml b/.github/workflows/patch-docs.yaml
@@ -13,7 +13,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml
@@ -19,7 +19,7 @@ jobs:
  timeout-minutes: 30
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml
@@ -18,7 +18,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -27,7 +27,7 @@ jobs:
  docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base"
 
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml
@@ -32,7 +32,7 @@ jobs:
  timeout-minutes: 15
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -48,7 +48,7 @@ jobs:
  timeout-minutes: 15
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -31,7 +31,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -63,14 +63,14 @@ jobs:
  # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
  # format to the repository Actions tab.
  - name: "Upload artifact"
- uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
  with:
  name: SARIF file
  path: results.sarif
  retention-days: 5
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+ uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
  with:
  sarif_file: results.sarif
diff --git a/.github/workflows/test-gator.yaml b/.github/workflows/test-gator.yaml
@@ -36,7 +36,7 @@ jobs:
  KUBERNETES_VERSION: ["1.27.13", "1.28.9", "1.29.4", "1.30.0"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml
@@ -32,7 +32,7 @@ jobs:
  timeout-minutes: 20
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/upgrade.yaml b/.github/workflows/upgrade.yaml
@@ -26,7 +26,7 @@ jobs:
  HELM_VERSION: ["3.14.1"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -98,7 +98,7 @@ jobs:
  kubectl logs -n gatekeeper-system -l run=dummy-provider --tail=-1 > logs-${{ matrix.HELM_VERSION }}-dummy-provider-post-upgrade.json
 
  - name: Upload artifacts
- uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
  if: ${{ always() }}
  with:
  name: logs

diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml
@@ -25,7 +25,7 @@ jobs:
  working-directory: website
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -36,7 +36,7 @@ jobs:
  KUBERNETES_VERSION: ["1.27.13", "1.28.9", "1.29.4", "1.30.0"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -80,7 +80,7 @@ jobs:
  kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json
 
  - name: Upload artifacts
- uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
  if: ${{ always() }}
  with:
  name: logs-${{ matrix.KUBERNETES_VERSION }}
@@ -98,7 +98,7 @@ jobs:
  GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -150,7 +150,7 @@ jobs:
  kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l run=dummy-provider --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-dummy-provider.json
 
  - name: Upload artifacts
- uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
  if: ${{ always() }}
  with:
  name: helm-logs-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}
@@ -164,7 +164,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+ uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
  with:
  egress-policy: audit
 
@@ -207,7 +207,7 @@ jobs:
  kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-generatorexpansion-audit.json
 
  - name: Upload artifacts
- uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
  if: ${{ always() }}
  with:
  name: generatorexpansion-logs

diff --git a/Makefile b/Makefile
@@ -16,7 +16,7 @@ LOG_LEVEL ?= "INFO"
 GENERATE_VAP ?= false
 GENERATE_VAPBINDING ?= false
 
-VERSION := v3.17.0-beta.0
+VERSION := v3.18.0-beta.0
 
 KIND_VERSION ?= 0.17.0
 KIND_CLUSTER_FILE ?= test/bats/tests/kindcluster.yml

diff --git a/charts/gatekeeper/Chart.yaml b/charts/gatekeeper/Chart.yaml
@@ -4,8 +4,8 @@ name: gatekeeper
 icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg
 keywords:
  - open policy agent
-version: 3.17.0-beta.0
+version: 3.18.0-beta.0
 home: https://github.com/open-policy-agent/gatekeeper
 sources:
  - https://github.com/open-policy-agent/gatekeeper.git
-appVersion: v3.17.0-beta.0
+appVersion: v3.18.0-beta.0