From 14f97e3ebf9b38bfbd3672264c52f8f65d801a27 Mon Sep 17 00:00:00 2001
From: Sertac Ozercan <sozercan@gmail.com>
Date: Thu, 15 Dec 2022 20:59:41 +0000
Subject: [PATCH 1/3] fix tagged release test

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 0550e4ae7df..34b1859a0b3 100644
--- a/Makefile
+++ b/Makefile
@@ -160,7 +160,7 @@ e2e-build-load-externaldata-image: docker-buildx-builder
 	docker buildx build --platform="linux/amd64" -t dummy-provider:test --load -f test/externaldata/dummy-provider/Dockerfile test/externaldata/dummy-provider
 	kind load docker-image --name kind dummy-provider:test
 
-e2e-verify-release: patch-image deploy test-e2e
+e2e-verify-release: e2e-build-load-externaldata-image patch-image deploy test-e2e
 	echo -e '\n\n======= manager logs =======\n\n' && kubectl logs -n ${GATEKEEPER_NAMESPACE} -l control-plane=controller-manager
 
 e2e-helm-install:

From 962fd5b1ead556d062a9812464f1fad96c5dc432 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 16 Dec 2022 14:20:28 -0800
Subject: [PATCH 2/3] chore: bump github/codeql-action from 2.1.36 to 2.1.37
 (#2463)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 9e619feda5a..a167bf0d1c1 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -20,12 +20,12 @@ jobs:
         uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@a669cc5936cc5e1b6a362ec1ff9e410dc570d190
+        uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@a669cc5936cc5e1b6a362ec1ff9e410dc570d190
+        uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@a669cc5936cc5e1b6a362ec1ff9e410dc570d190
+        uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394

From 1677be5c80f7324548bc10693201952fd383afd5 Mon Sep 17 00:00:00 2001
From: alex <8968914+acpana@users.noreply.github.com>
Date: Fri, 16 Dec 2022 22:06:02 -0800
Subject: [PATCH 3/3] feat: log constraint annotations (#2464)

log constraint annotations

Signed-off-by: Alex Pana <8968914+acpana@users.noreply.github.com>

Signed-off-by: Alex Pana <8968914+acpana@users.noreply.github.com>
---
 pkg/audit/manager.go   |  4 ++++
 pkg/logging/logging.go | 47 +++++++++++++++++++++---------------------
 website/docs/audit.md  |  3 +++
 3 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/pkg/audit/manager.go b/pkg/audit/manager.go
index b94a0f88fef..ae43965a2be 100644
--- a/pkg/audit/manager.go
+++ b/pkg/audit/manager.go
@@ -1013,6 +1013,9 @@ func logViolation(l logr.Logger,
 	constraint *unstructured.Unstructured,
 	enforcementAction util.EnforcementAction, resourceGroupVersionKind schema.GroupVersionKind, rnamespace, rname, message string, details interface{}, rlabels map[string]string,
 ) {
+	userConstraintAnnotations := constraint.GetAnnotations()
+	delete(userConstraintAnnotations, "kubectl.kubernetes.io/last-applied-configuration")
+
 	l.Info(
 		message,
 		logging.Details, details,
@@ -1023,6 +1026,7 @@ func logViolation(l logr.Logger,
 		logging.ConstraintName, constraint.GetName(),
 		logging.ConstraintNamespace, constraint.GetNamespace(),
 		logging.ConstraintAction, enforcementAction,
+		logging.ConstraintAnnotations, userConstraintAnnotations,
 		logging.ResourceGroup, resourceGroupVersionKind.Group,
 		logging.ResourceAPIVersion, resourceGroupVersionKind.Version,
 		logging.ResourceKind, resourceGroupVersionKind.Kind,
diff --git a/pkg/logging/logging.go b/pkg/logging/logging.go
index 685ac00c379..48040680896 100644
--- a/pkg/logging/logging.go
+++ b/pkg/logging/logging.go
@@ -2,27 +2,28 @@ package logging
 
 // Log keys.
 const (
-	Process              = "process"
-	Details              = "details"
-	EventType            = "event_type"
-	TemplateName         = "template_name"
-	ConstraintNamespace  = "constraint_namespace"
-	ConstraintName       = "constraint_name"
-	ConstraintGroup      = "constraint_group"
-	ConstraintKind       = "constraint_kind"
-	ConstraintAPIVersion = "constraint_api_version"
-	ConstraintStatus     = "constraint_status"
-	ConstraintAction     = "constraint_action"
-	AuditID              = "audit_id"
-	ConstraintViolations = "constraint_violations"
-	ResourceGroup        = "resource_group"
-	ResourceKind         = "resource_kind"
-	ResourceLabels       = "resource_labels"
-	ResourceAPIVersion   = "resource_api_version"
-	ResourceNamespace    = "resource_namespace"
-	ResourceName         = "resource_name"
-	RequestUsername      = "request_username"
-	MutationApplied      = "mutation_applied"
-	Mutator              = "mutator"
-	DebugLevel           = 2 // r.log.Debug(foo) == r.log.V(logging.DebugLevel).Info(foo)
+	Process               = "process"
+	Details               = "details"
+	EventType             = "event_type"
+	TemplateName          = "template_name"
+	ConstraintNamespace   = "constraint_namespace"
+	ConstraintName        = "constraint_name"
+	ConstraintGroup       = "constraint_group"
+	ConstraintKind        = "constraint_kind"
+	ConstraintAPIVersion  = "constraint_api_version"
+	ConstraintStatus      = "constraint_status"
+	ConstraintAction      = "constraint_action"
+	ConstraintAnnotations = "constraint_annotations"
+	AuditID               = "audit_id"
+	ConstraintViolations  = "constraint_violations"
+	ResourceGroup         = "resource_group"
+	ResourceKind          = "resource_kind"
+	ResourceLabels        = "resource_labels"
+	ResourceAPIVersion    = "resource_api_version"
+	ResourceNamespace     = "resource_namespace"
+	ResourceName          = "resource_name"
+	RequestUsername       = "request_username"
+	MutationApplied       = "mutation_applied"
+	Mutator               = "mutator"
+	DebugLevel            = 2 // r.log.Debug(foo) == r.log.V(logging.DebugLevel).Info(foo)
 )
diff --git a/website/docs/audit.md b/website/docs/audit.md
index 0963996219e..12157a5ed7c 100644
--- a/website/docs/audit.md
+++ b/website/docs/audit.md
@@ -92,6 +92,9 @@ The audit pod emits JSON-formatted audit logs to stdout. The following is an exa
   "constraint_name": "container-must-have-limits",
   "constraint_namespace": "",
   "constraint_action": "deny",
+  "constraint_annotations": {
+    "test-annotation-1": "annotation_1"
+  },
   "resource_group": "",
   "resource_api_version": "v1",
   "resource_kind": "Pod",