Merge branch 'master' into batch-reload-v2

kiwigrid · Oct 8, 2024 · 0c4b36f · 0c4b36f
2 parents be73d8a + b31ff68
commit 0c4b36f
Show file tree

Hide file tree

Showing 6 changed files with 127 additions and 21 deletions.
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -7,11 +7,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Build sidecar
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           push: false
           outputs: type=docker,dest=/tmp/k8s-sidecar.tar
@@ -20,14 +20,14 @@ jobs:
         run: |
           cp test/kubelogo.png test/server/static/
       - name: Build dummy server
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: "test/server"
           push: false
           outputs: type=docker,dest=/tmp/dummy-server.tar
           tags: "dummy-server:1.0.0"
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: images
           path: /tmp/*.tar
@@ -49,9 +49,9 @@ jobs:
           - maj_min: v1.25
             digest: sha256:9d0a62b55d4fe1e262953be8d406689b947668626a357b5f9d0cfbddbebbc727
           - maj_min: v1.26
-            digest: sha256:15ae92d507b7d4aec6e8920d358fc63d3b980493db191d7327541fbaaed1f789
+            digest: sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f
           - maj_min: v1.27
-            digest: sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f
+            digest: sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843
           - maj_min: v1.28
             digest: sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b
           - maj_min: v1.29
@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Create k8s Kind Cluster
         # make sure the k8s versions match the kind version of the action version 🤯
         uses: helm/kind-action@v1.10.0
@@ -70,7 +70,7 @@ jobs:
           cluster_name: sidecar-testing
           wait: 5m
       - name: Download artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: images
           path: /tmp
@@ -133,7 +133,7 @@ jobs:
           sleep 40
           kubectl logs sidecar-req-once-per-batch > /tmp/logs/sidecar-req-once-per-batch.log
       - name: Upload artifacts (pod logs)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: pod-logs_${{ matrix.k8s.maj_min }}
           path: /tmp/logs/*
@@ -176,7 +176,7 @@ jobs:
           kubectl cp sidecar-5xx:/tmp-5xx/similar-configmap.txt /tmp/sidecar-5xx/similar-configmap.txt
           kubectl cp sidecar-5xx:/tmp-5xx/similar-secret.txt /tmp/sidecar-5xx/similar-secret.txt
       - name: Upload artifacts (expected files from cluster)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: expected-files_${{ matrix.k8s.maj_min }}
           path: |
@@ -217,7 +217,7 @@ jobs:
           ls /tmp/sidecar/script_result
       - name: Verify sidecar-basicauth-args pod file after initial sync
         run: |
-          echo -n "allowed" | diff - /tmp/sidecar-basicauth-args/secured.txt
+          echo -n "allowed" | diff - /tmp/sidecar-basicauth-args/secured.txt          
       - name: Verify sidecar-5xx files after initial sync
         run: |
           echo -n '{"detail":"Not authenticated"}' | diff - /tmp/sidecar-5xx/secured.txt &&

diff --git a/.github/workflows/close_inactive_issues.yaml b/.github/workflows/close_inactive_issues.yaml
@@ -0,0 +1,20 @@
+name: 'Close inactive issues and PRs'
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          days-before-stale: 60
+          days-before-issue-close: 120
+          days-before-pr-close: 180
+          exempt-draft-pr: true          
+          stale-issue-label: 'stale'
+          stale-pr-label: 'stale'
+          stale-issue-message: 'This issue has been automatically marked as stale because it has not had any activity in the last 60 days. Thank you for your contributions.'
+          close-issue-message: 'This issue was closed because it has not had any activity in the last 120 days. Please reopen if you feel this is still valid.'
+          close-pr-message: "This pull request is being closed because it had no activity in the last 180 days. This is not a signal from the maintainers that the PR has no value. We appreciate the time and effort that you put into this work. If you're willing to re-open it, the maintainers will do their best to review it."
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: Release
 on:
   push:
@@ -7,23 +9,24 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: '0'
       - name: Bump version and push tag
         id: tagging
-        uses: anothrNick/github-tag-action@1.55.0
+        uses: anothrNick/github-tag-action@1.59.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEFAULT_BRANCH: master
           INITIAL_VERSION: 1.0.0
           DEFAULT_BUMP: none
           BRANCH_HISTORY: last
       - name: "Set up QEMU"
         if: steps.tagging.outputs.part
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: "Set up Docker Buildx"
         if: steps.tagging.outputs.part
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: "Login to DockerHub"
         if: steps.tagging.outputs.part
         uses: docker/login-action@v2
@@ -47,7 +50,7 @@ jobs:
       - name: "Build and push"
         if: steps.tagging.outputs.part
         id: docker_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           push: true
           platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x
@@ -61,7 +64,7 @@ jobs:
       - name: "Build Changelog"
         if: steps.tagging.outputs.part
         id: build_changelog
-        uses: mikepenz/release-changelog-builder-action@v4
+        uses: mikepenz/release-changelog-builder-action@v5
         with:
           configuration: ".github/workflows/release-notes-config.json"
         env:

diff --git a/.github/workflows/release_test.yaml b/.github/workflows/release_test.yaml
@@ -0,0 +1,83 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Release Workflow Tests
+# This workflow tests the tag and changelog action and can be used to detect (some) breaking changes.
+on:
+  workflow_dispatch:
+
+env:
+  TEST_TAG: testing
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+      - name: Bump version and push tag
+        id: tagging
+        uses: anothrNick/github-tag-action@1.59.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INITIAL_VERSION: 1.0.0
+          DEFAULT_BUMP: none
+          BRANCH_HISTORY: last
+          DRY_RUN: true
+      - name: "Set up QEMU"
+        if: steps.tagging.outputs.part
+        uses: docker/setup-qemu-action@v3
+      - name: "Set up Docker Buildx"
+        if: steps.tagging.outputs.part
+        uses: docker/setup-buildx-action@v3
+      - name: "Login to DockerHub"
+        if: steps.tagging.outputs.part
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: "Login to Quay.io"
+        if: steps.tagging.outputs.part
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_BOT_USERNAME }}
+          password: ${{ secrets.QUAY_BOT_PASSWORD }}
+      - name: "Login to ghcr.io"
+        if: steps.tagging.outputs.part
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: "Build and push"
+        if: steps.tagging.outputs.part
+        id: docker_build
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x
+          tags: |
+            docker.io/kiwigrid/k8s-sidecar:${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+            quay.io/kiwigrid/k8s-sidecar:${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+            ghcr.io/kiwigrid/k8s-sidecar:${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+      - name: "Build Changelog"
+        if: steps.tagging.outputs.part
+        id: build_changelog
+        uses: mikepenz/release-changelog-builder-action@v5
+        with:
+          configuration: ".github/workflows/release-notes-config.json"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: "Create Github Release"
+        if: steps.tagging.outputs.part
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          tag_name: ${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+          release_name: v${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+          body: ${{ steps.build_changelog.outputs.changelog }}
+          draft: true
+          prerelease: false
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
-FROM python:3.12-alpine as base
+FROM python:alpine3.20 AS base
 
-FROM base as builder
+FROM base AS builder
 WORKDIR /app
 RUN python -m venv .venv && .venv/bin/pip install --no-cache-dir -U pip setuptools
 COPY        src/ /app/

diff --git a/src/requirements.txt b/src/requirements.txt
@@ -1,4 +1,4 @@
-kubernetes==30.1.0
+kubernetes==31.0.0
 requests==2.32.3
 python-json-logger==2.0.7
 logfmter==0.0.8