From 6625a0689f721f0b7862ffc1458de671f137f6b6 Mon Sep 17 00:00:00 2001
From: Humble Chirammal <humble.devassy@gmail.com>
Date: Fri, 24 May 2024 11:25:25 +0530
Subject: [PATCH 1/2] Promote CSINodeExpandSecret to GA

CSINodeExpandSecret is on GA since v1.29 and this mark its
GA status with external provisioner

https://kubernetes.io/blog/2023/12/15/csi-node-expand-secret-support-ga/

Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
---
 README.md                         | 2 +-
 pkg/controller/controller_test.go | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 86ec25b077..2d58d4e9d5 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ Following table reflects the head of this branch.
 | CSIMigration   | GA    | On      | [Migrating in-tree volume plugins to CSI](https://kubernetes.io/docs/concepts/storage/volumes/#csi-migration).                                                       | No |
 | CSIStorageCapacity | GA  | On  | Publish [capacity information](https://kubernetes.io/docs/concepts/storage/volumes/#storage-capacity) for the Kubernetes scheduler.                                  | No |
 | ReadWriteOncePod   | Beta | On | [Single pod access mode for PersistentVolumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).                                        | No |
-| CSINodeExpandSecret | Beta | On | [CSI Node expansion secret](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/3107-csi-nodeexpandsecret)                                  | No |
+| CSINodeExpandSecret | GA | On | [CSI Node expansion secret](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/3107-csi-nodeexpandsecret)                                  | No |
 | HonorPVReclaimPolicy| Beta | On | [Honor the PV reclaim policy](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/2644-honor-pv-reclaim-policy)                                  | No |
 | PreventVolumeModeConversion | Beta |On | [Prevent unauthorized conversion of source volume mode](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/3141-prevent-volume-mode-conversion) | `--prevent-volume-mode-conversion` (No in-tree feature gate) |
 | CrossNamespaceVolumeDataSource | Alpha |Off | [Cross-namespace volume data source](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/3294-provision-volumes-from-cross-namespace-snapshots) | `--feature-gates=CrossNamespaceVolumeDataSource=true` |
diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go
index 14c583ad51..d84ffae2ca 100644
--- a/pkg/controller/controller_test.go
+++ b/pkg/controller/controller_test.go
@@ -598,7 +598,7 @@ func fakeClaim(name, namespace, claimUID string, capacity int64, boundToVolume s
 	case "filesystem":
 		claim.Spec.VolumeMode = &volumeModeFileSystem
 	default:
-		// leave it undefined/nil to maintaint the current defaults for test cases
+		// leave it undefined/nil to maintain the current defaults for test cases
 	}
 	return &claim
 }
@@ -5637,7 +5637,7 @@ func generatePVCForProvisionFromPVC(srcNamespace, srcName, scName string, reques
 	case "filesystem":
 		provisionRequest.PVC.Spec.VolumeMode = &volumeModeFileSystem
 	default:
-		// leave it undefined/nil to maintaint the current defaults for test cases
+		// leave it undefined/nil to maintain the current defaults for test cases
 	}
 
 	return provisionRequest
@@ -5684,7 +5684,7 @@ func generatePVCForProvisionFromXnsdataSource(scName, namespace string, dataSour
 	case "filesystem":
 		provisionRequest.PVC.Spec.VolumeMode = &volumeModeFileSystem
 	default:
-		// leave it undefined/nil to maintaint the current defaults for test cases
+		// leave it undefined/nil to maintain the current defaults for test cases
 	}
 
 	return provisionRequest

From 8ae2352779f76db8d64aed1ff00478510cfca9aa Mon Sep 17 00:00:00 2001
From: Humble Chirammal <humble.devassy@gmail.com>
Date: Fri, 31 May 2024 15:44:53 +0530
Subject: [PATCH 2/2] Squashed 'release-tools/' changes from
 adb3af9df..379a1bb9b

379a1bb9b Merge pull request #255 from humblec/sidecar-md
a5667bbbb fix typo in sidecar release process
49676850e Merge pull request #254 from bells17/add-github-actions
d9bd160c2 Update skip list in codespell GitHub Action
f5aebfc9f Add GitHub Actions workflows

git-subtree-dir: release-tools
git-subtree-split: 379a1bb9b001c0d62a091a21f1a4efaf42987248
---
 .github/dependabot.yaml         | 12 ++++++++++++
 .github/workflows/codespell.yml | 15 +++++++++++++++
 .github/workflows/trivy.yaml    | 29 +++++++++++++++++++++++++++++
 SIDECAR_RELEASE_PROCESS.md      |  2 +-
 4 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 .github/dependabot.yaml
 create mode 100644 .github/workflows/codespell.yml
 create mode 100644 .github/workflows/trivy.yaml

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000000..814a34493f
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,12 @@
+version: 2
+enable-beta-ecosystems: true
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+      interval: "daily"
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+  open-pull-requests-limit: 10
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
new file mode 100644
index 0000000000..e74edcef5e
--- /dev/null
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,15 @@
+# GitHub Action to automate the identification of common misspellings in text files.
+# https://github.com/codespell-project/actions-codespell
+# https://github.com/codespell-project/codespell
+name: codespell
+on: [push, pull_request]
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: codespell-project/actions-codespell@master
+        with:
+          check_filenames: true
+          skip: "*.png,*.jpg,*.svg,*.sum,./.git,./.github/workflows/codespell.yml,./prow.sh"
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
new file mode 100644
index 0000000000..472984780a
--- /dev/null
+++ b/.github/workflows/trivy.yaml
@@ -0,0 +1,29 @@
+name: Run Trivy scanner for Go version vulnerabilities
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  trivy:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Go version
+        id: go-version
+        run: |
+          GO_VERSION=$(cat prow.sh  | grep "configvar CSI_PROW_GO_VERSION_BUILD" | awk '{print $3}' | sed 's/"//g')
+          echo "version=$GO_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Run Trivy scanner for Go version vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'golang:${{ steps.go-version.outputs.version }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'library'
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
diff --git a/SIDECAR_RELEASE_PROCESS.md b/SIDECAR_RELEASE_PROCESS.md
index 647d2342ba..aab8d6e215 100644
--- a/SIDECAR_RELEASE_PROCESS.md
+++ b/SIDECAR_RELEASE_PROCESS.md
@@ -84,7 +84,7 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
     1. Compare the generated output to the new commits for the release to check if
        any notable change missed a release note.
     1. Reword release notes as needed, ideally in the original PRs so that the
-       release notes can be regnerated. Make sure to check notes for breaking
+       release notes can be regenerated. Make sure to check notes for breaking
        changes and deprecations.
     1. If release is a new major/minor version, create a new `CHANGELOG-<major>.<minor>.md`
        file.