build(deps): bump the ci group with 3 updates

Bumps the ci group with 3 updates: [Azure/login](https://github.com/azure/login), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `Azure/login` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/azure/login/releases) - [Commits](Azure/login@e15b166...cb79c77) Updates `actions/upload-artifact` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@1eb3cb2...694cdab) Updates `anchore/sbom-action` from 0.15.3 to 0.15.4 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@c7f031d...41f7a6c) --- updated-dependencies: - dependency-name: Azure/login dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 2726da5)
fluxcd · Jan 30, 2024 · 384d472 · 384d472
1 parent aabdd28
commit 384d472
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 33 deletions.
diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml
@@ -17,7 +17,7 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Create backport PRs
-        uses: korthout/backport-action@addffea45a2f0b5682f1d5ba0506f45bc18bf174 # v2.3.0
+        uses: korthout/backport-action@e8161d6a0dbfa2651b7daa76cbb75bc7c925bbf3 # v2.4.1
         # xref: https://github.com/korthout/backport-action#inputs
         with:
           # Use token to allow workflows to be triggered for the created PR

diff --git a/.github/workflows/e2e-arm64.yaml b/.github/workflows/e2e-arm64.yaml
@@ -63,33 +63,6 @@ jobs:
           kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=5m
           kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
           kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
-      - name: Run monitoring tests
-        # Keep this test in sync with https://fluxcd.io/flux/guides/monitoring/
-        env:
-          KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
-        run: |
-          ./bin/flux create source git flux-monitoring \
-          --interval=30m \
-          --url=https://github.com/fluxcd/flux2 \
-          --branch=${GITHUB_REF#refs/heads/}
-          ./bin/flux create kustomization kube-prometheus-stack \
-          --interval=1h \
-          --prune \
-          --source=flux-monitoring \
-          --path="./manifests/monitoring/kube-prometheus-stack" \
-          --health-check-timeout=5m \
-          --wait
-          ./bin/flux create kustomization monitoring-config \
-          --depends-on=kube-prometheus-stack \
-          --interval=1h \
-          --prune=true \
-          --source=flux-monitoring \
-          --path="./manifests/monitoring/monitoring-config" \
-          --health-check-timeout=1m \
-          --wait
-          kubectl -n flux-system wait kustomization/kube-prometheus-stack --for=condition=ready --timeout=5m
-          kubectl -n flux-system wait kustomization/monitoring-config --for=condition=ready --timeout=5m
-          kubectl -n monitoring wait helmrelease/kube-prometheus-stack --for=condition=ready --timeout=1m
       - name: Debug failure
         if: failure()
         env:

diff --git a/.github/workflows/e2e-azure.yaml b/.github/workflows/e2e-azure.yaml
@@ -92,7 +92,7 @@ jobs:
         env:
           SOPS_VER: 3.7.1
       - name: Authenticate to Azure
-        uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.4.6
+        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.4.6
         with:
           creds: '{"clientId":"${{ secrets.AZ_ARM_CLIENT_ID }}","clientSecret":"${{ secrets.AZ_ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZ_ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZ_ARM_TENANT_ID }}"}'
       - name: Set dynamic variables in .env
@@ -123,3 +123,14 @@ jobs:
           echo $GITREPO_SSH_PUB_CONTENTS | base64 -d > ./build/ssh/key.pub
           export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
           make test-azure
+      - name: Ensure resource cleanup
+        if: ${{ always() }}
+        env:
+          ARM_CLIENT_ID: ${{ secrets.AZ_ARM_CLIENT_ID }}
+          ARM_CLIENT_SECRET: ${{ secrets.AZ_ARM_CLIENT_SECRET }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_ARM_SUBSCRIPTION_ID }}
+          ARM_TENANT_ID: ${{ secrets.AZ_ARM_TENANT_ID }}
+          TF_VAR_azuredevops_org: ${{ secrets.TF_VAR_azuredevops_org }}
+          TF_VAR_azuredevops_pat: ${{ secrets.TF_VAR_azuredevops_pat }}
+          TF_VAR_location: ${{ vars.TF_VAR_azure_location }}
+        run: source .env && make destroy-azure
diff --git a/.github/workflows/e2e-gcp.yaml b/.github/workflows/e2e-gcp.yaml
@@ -46,13 +46,13 @@ jobs:
         env:
           SOPS_VER: 3.7.1
       - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@67e9c72af6e0492df856527b474995862b7b6591 # v2.0.0
+        uses: google-github-actions/auth@5a50e581162a13f4baa8916d01180d2acbc04363 # v2.1.0
         id: 'auth'
         with:
           credentials_json: '${{ secrets.FLUX2_E2E_GOOGLE_CREDENTIALS }}'
           token_format: 'access_token'
       - name: Setup gcloud
-        uses: google-github-actions/setup-gcloud@5a5f7b85fca43e76e53463acaa9d408a03c98d3a # v2.0.1
+        uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
       - name: Setup QEMU
         uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
       - name: Setup Docker Buildx
@@ -90,3 +90,13 @@ jobs:
           echo $GITREPO_SSH_PUB_CONTENTS | base64 -d > ./build/ssh/key.pub
           export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
           make test-gcp
+      - name: Ensure resource cleanup
+        if: ${{ always() }}
+        env:
+          TF_VAR_gcp_project_id: ${{ vars.TF_VAR_gcp_project_id }}
+          TF_VAR_gcp_region: ${{ vars.TF_VAR_gcp_region }}
+          TF_VAR_gcp_zone: ${{ vars.TF_VAR_gcp_zone }}
+          TF_VAR_gcp_email: ${{ secrets.TF_VAR_gcp_email }}
+          TF_VAR_gcp_keyring: ${{ secrets.TF_VAR_gcp_keyring }}
+          TF_VAR_gcp_crypto_key: ${{ secrets.TF_VAR_gcp_crypto_key }}
+        run: source .env && make destroy-gcp
diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml
@@ -28,7 +28,7 @@ jobs:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           publish_results: true
       - name: Upload artifact
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         with:
           name: SARIF file
           path: results.sarif

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -34,7 +34,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226  # v3.0.0
       - name: Setup Syft
-        uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
+        uses: anchore/sbom-action/download-syft@24b0d5238516480139aa8bc6f92eeb7b54a9eb0a # v0.15.5
       - name: Setup Cosign
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
       - name: Setup Kustomize