Tags: octo-sts/app
Tags
Add org filter to webhook. (#476) We need to test out behavior in the webhook, but we're not 100% confident it's working as intended as is. This adds a configurable filter to enable selective responses to certain orgs. For now, have the default deployment only look at octo-sts and chainguard-dev orgs.
Bump google.golang.org/api from 0.189.0 to 0.190.0 (#431) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.189.0 to 0.190.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's releases</a>.</em></p> <blockquote> <h2>v0.190.0</h2> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.189.0...v0.190.0">0.190.0</a> (2024-08-01)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2693">#2693</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/cbc19e75465de8084d9e34b2b3ccc0ba8d905e3d">cbc19e7</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2698">#2698</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ddc4e0b0adb8c4fe22edb4a821e4f2c716d5a327">ddc4e0b</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2699">#2699</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/d07fd26bf7d8b4a5848207b35d4214976bceeac0">d07fd26</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2700">#2700</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/a8b0821bdcc9a5e76db236bfce38823ab36002de">a8b0821</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2703">#2703</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/7b03cff8f79b0bb0d82f6f0b2e16120e10019852">7b03cff</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2706">#2706</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/05a4fc520d64a219002772f36377929b010ff53b">05a4fc5</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2715">#2715</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/164a8d6aedb86f34a366d792a213fed754197e8a">164a8d6</a>)</li> <li>Move storage, bigquery, and compute to new auth lib (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2695">#2695</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/66ace6c95689fd06cb467069d8ec0f5ddb8ac695">66ace6c</a>)</li> </ul> <h3>Reverts</h3> <ul> <li>Move storage, bigquery, and compute to new auth lib (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2695">#2695</a>)" (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2704">#2704</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/aa62c85a8c8cce5d0ed963b7d9b74e6a739fd072">aa62c85</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.189.0...v0.190.0">0.190.0</a> (2024-08-01)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2693">#2693</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/cbc19e75465de8084d9e34b2b3ccc0ba8d905e3d">cbc19e7</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2698">#2698</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ddc4e0b0adb8c4fe22edb4a821e4f2c716d5a327">ddc4e0b</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2699">#2699</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/d07fd26bf7d8b4a5848207b35d4214976bceeac0">d07fd26</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2700">#2700</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/a8b0821bdcc9a5e76db236bfce38823ab36002de">a8b0821</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2703">#2703</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/7b03cff8f79b0bb0d82f6f0b2e16120e10019852">7b03cff</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2706">#2706</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/05a4fc520d64a219002772f36377929b010ff53b">05a4fc5</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2715">#2715</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/164a8d6aedb86f34a366d792a213fed754197e8a">164a8d6</a>)</li> <li>Move storage, bigquery, and compute to new auth lib (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2695">#2695</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/66ace6c95689fd06cb467069d8ec0f5ddb8ac695">66ace6c</a>)</li> </ul> <h3>Reverts</h3> <ul> <li>Move storage, bigquery, and compute to new auth lib (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2695">#2695</a>)" (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2704">#2704</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/aa62c85a8c8cce5d0ed963b7d9b74e6a739fd072">aa62c85</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/google-api-go-client/commit/88dca19518980ee6eb52da31c0460ea16674222e"><code>88dca19</code></a> chore(main): release 0.190.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2694">#2694</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/1f2d6d3d2eff4c38ca67895c7da5fec7d57d4726"><code>1f2d6d3</code></a> chore: bump cloud.google.com/go/[email protected] (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2716">#2716</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/164a8d6aedb86f34a366d792a213fed754197e8a"><code>164a8d6</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2715">#2715</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/05a4fc520d64a219002772f36377929b010ff53b"><code>05a4fc5</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2706">#2706</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/c8041b0bbc04ccd852bdb437badd4c0ef29ed4ee"><code>c8041b0</code></a> chore(all): update all (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2702">#2702</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/aa62c85a8c8cce5d0ed963b7d9b74e6a739fd072"><code>aa62c85</code></a> revert: move storage, bigquery, and compute to new auth lib (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2695">#2695</a>)" (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2704">#2704</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/7b03cff8f79b0bb0d82f6f0b2e16120e10019852"><code>7b03cff</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2703">#2703</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/a8b0821bdcc9a5e76db236bfce38823ab36002de"><code>a8b0821</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2700">#2700</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/1e4c0244c48527bd75637c7a2776234b9519f484"><code>1e4c024</code></a> chore(all): update module github.com/google/s2a-go to v0.1.8 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2697">#2697</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/d07fd26bf7d8b4a5848207b35d4214976bceeac0"><code>d07fd26</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2699">#2699</a>)</li> <li>Additional commits viewable in <a href="https://github.com/googleapis/google-api-go-client/compare/v0.189.0...v0.190.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump chainguard-dev/common/infra from 0.6.52 to 0.6.60 in /iac in the… … all group across 1 directory (#421) Bumps the all group with 1 update in the /iac directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.52 to 0.6.60 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chainguard-dev/terraform-infra-common/releases">chainguard-dev/common/infra's releases</a>.</em></p> <blockquote> <h2>v0.6.60</h2> <h2>What's Changed</h2> <ul> <li>add missing label key for new log based metrics by <a href="https://github.com/k4leung4"><code>@k4leung4</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/470">chainguard-dev/terraform-infra-common#470</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.59...v0.6.60">https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.59...v0.6.60</a></p> <h2>v0.6.59</h2> <h2>What's Changed</h2> <ul> <li>Reduce default number of retries in cloud-event-trigger by <a href="https://github.com/tcnghia"><code>@tcnghia</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/468">chainguard-dev/terraform-infra-common#468</a></li> <li>tune spammy alerts to only alert once a day by <a href="https://github.com/k4leung4"><code>@k4leung4</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/469">chainguard-dev/terraform-infra-common#469</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.58...v0.6.59">https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.58...v0.6.59</a></p> <h2>v0.6.58</h2> <h2>What's Changed</h2> <ul> <li>remove audit-serviceaccount by <a href="https://github.com/k4leung4"><code>@k4leung4</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/465">chainguard-dev/terraform-infra-common#465</a></li> <li>bot: move spammy logs to debug by <a href="https://github.com/imjasonh"><code>@imjasonh</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/467">chainguard-dev/terraform-infra-common#467</a></li> <li>build(deps): bump gocloud.dev from 0.37.0 to 0.38.0 in the gomod group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/466">chainguard-dev/terraform-infra-common#466</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.57...v0.6.58">https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.57...v0.6.58</a></p> <h2>v0.6.57</h2> <h2>What's Changed</h2> <ul> <li>github-events: set repo name as event subject by <a href="https://github.com/imjasonh"><code>@imjasonh</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/464">chainguard-dev/terraform-infra-common#464</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.56...v0.6.57">https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.56...v0.6.57</a></p> <h2>v0.6.56</h2> <h2>What's Changed</h2> <ul> <li>Remove laser alerts by <a href="https://github.com/tcnghia"><code>@tcnghia</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/462">chainguard-dev/terraform-infra-common#462</a></li> <li>fix filter syntax for dlq alert by <a href="https://github.com/k4leung4"><code>@k4leung4</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/463">chainguard-dev/terraform-infra-common#463</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.55...v0.6.56">https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.55...v0.6.56</a></p> <h2>v0.6.55</h2> <h2>What's Changed</h2> <ul> <li>allow extra filter for dlq alert policy by <a href="https://github.com/k4leung4"><code>@k4leung4</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/461">chainguard-dev/terraform-infra-common#461</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.54...v0.6.55">https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.54...v0.6.55</a></p> <h2>v0.6.54</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace from 1.24.0 to 1.24.1 in the gomod group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/459">chainguard-dev/terraform-infra-common#459</a></li> <li>remove dlq alert per trigger, make one global alert by <a href="https://github.com/cmdpdx"><code>@cmdpdx</code></a> in <a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/pull/460">chainguard-dev/terraform-infra-common#460</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/416defc1d58a822a9afde93364c487c64f4efe57"><code>416defc</code></a> add missing label key for new log based metrics (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/470">#470</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/180098cff70944e7a29c6fa3934f025ea1037f63"><code>180098c</code></a> tune spammy alerts to only alert once a day (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/469">#469</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/5ceadb689fd403f7df95c93bddc6cb4776e1bcdd"><code>5ceadb6</code></a> Reduce default number of retries in cloud-event-trigger (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/468">#468</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/cd6989a54a6f941d2de85036c20738375d8a39aa"><code>cd6989a</code></a> build(deps): bump gocloud.dev from 0.37.0 to 0.38.0 in the gomod group (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/466">#466</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/8602222cbba173c4d82b4867a772bbd9f57d9c48"><code>8602222</code></a> bot: move spammy logs to debug (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/467">#467</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/518fa3cbc4d4f9ba9df94aff12fa9c1c10cf6cc1"><code>518fa3c</code></a> remove audit-serviceaccount (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/465">#465</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/03789aafa14fc5fd9535e502c7668018635a7dd0"><code>03789aa</code></a> github-events: set repo name as event subject (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/464">#464</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/5eed65122a75573c06e9ab41e78eb73b12c162f3"><code>5eed651</code></a> fix filter syntax for dlq alert (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/463">#463</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/7c2050515e62e93a27d69e615d9d4167e2c7012c"><code>7c20505</code></a> Remove laser alerts (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/462">#462</a>)</li> <li><a href="https://github.com/chainguard-dev/terraform-infra-common/commit/9c769986c4960be034599302aa1273f7205cab99"><code>9c76998</code></a> allow extra filter for dlq alert policy (<a href="https://redirect.github.com/chainguard-dev/terraform-infra-common/issues/461">#461</a>)</li> <li>Additional commits viewable in <a href="https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.52...v0.6.60">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Merge pull request from GHSA-75r6-6jg8-pfcq This change adds some logic to limit the size of the HTTP responses allowed when performing OIDC discovery on a new provider. Prior to this, Octo STS could have been manipulated into reading arbitrary amounts of data from the provided issuer endpoint. Signed-off-by: Matt Moore <[email protected]>