Merge branch 'main' into release

.github/kind/conf/kind-config.yaml

@@ -16,3 +16,5 @@ kubeadmConfigPatches:
 nodes:
   - role: control-plane
   - role: worker
+  - role: worker
+  - role: worker

.github/scripts/update-tags.sh

@@ -20,6 +20,11 @@ if ! command -v yq &> /dev/null; then
   exit 1
 fi
 
+if ! command -v npm &> /dev/null; then
+  echo Please install npm
+  exit 1
+fi
+
 if ! command -v python3 -c 'import ruamel.yaml' &> /dev/null; then
   echo Please install python3 with the ruamel.yaml module
   exit 1
@@ -46,18 +51,21 @@ jq -r '. | keys[]' "$IMAGEJSON" | while read -r CHART; do
     REGISTRY=$(yq e ".${QUERY}.registry" "$VALUES")
     REPOSITORY=$(yq e ".${QUERY}.repository" "$VALUES")
     VERSION=$(yq e ".${QUERY}.tag" "$VALUES")
+    if [[ "$REGISTRY" != "" ]]; then
+      REGISTRY="$REGISTRY/"
+    fi
     if [[ "$FILTER" == "LATESTSHA" ]]; then
-      LATEST_VERSION="latest@"$(crane digest "${REGISTRY}/${REPOSITORY}:latest")
+      LATEST_VERSION="latest@"$(crane digest "${REGISTRY}${REPOSITORY}:latest")
     else
-      LATEST_VERSION=$(crane ls "${REGISTRY}/${REPOSITORY}" | grep "${FILTER}" | sort "${SORTFLAGS[@]}"| tail -n 1)
+      LATEST_VERSION=$(crane ls "${REGISTRY}${REPOSITORY}" | grep "${FILTER}" | sort "${SORTFLAGS[@]}" | tail -n 1)
     fi
 
     export QUERY
     export VALUES
     export LATEST_VERSION
 
     if [ "${VERSION}" != "${LATEST_VERSION}" ]; then
-      echo "New image version found: ${REGISTRY}/${REPOSITORY}:${LATEST_VERSION}"
+      echo "New image version found: ${REGISTRY}${REPOSITORY}:${LATEST_VERSION}"
       "${SCRIPTPATH}/edit-yaml.py" > /tmp/$$
       mv /tmp/$$ "${VALUES}"
     fi

.github/tests/dependencies/testcert.yaml

@@ -0,0 +1,52 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: demo-selfsigned-ca
+spec:
+  isCA: true
+  commonName: demo-selfsigned-ca
+  secretName: root-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: Issuer
+    group: cert-manager.io
+  subject:
+    countries:
+    - US
+    organizations:
+    - test
+    organizationalUnits:
+    - test
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: demo-ca
+spec:
+  ca:
+    secretName: root-secret
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: oidc
+spec:
+  dnsNames:
+    - oidc-discovery.example.org
+    - spire-server-federation.example.org
+  secretName: tls-cert
+  issuerRef:
+    name: demo-ca
+    kind: Issuer
+    group: cert-manager.io

.github/tests/images.json

@@ -39,6 +39,16 @@
       "query": "tests.bash.image",
       "filter": "LATESTSHA",
       "sort-flags": []
+    },
+    {
+      "query": "tests.toolkit.image",
+      "filter": "LATESTSHA",
+      "sort-flags": []
+    },
+    {
+      "query": "tests.busybox.image",
+      "filter": "^[0-9]\\+\\.[0-9]\\+\\.[0-9]\\+-uclibc$",
+      "sort-flags": ["-t", ".", "-k1,1n", "-k2,2n", "-k3,3n"]
     }
   ],
   "tornjak-frontend/values.yaml": [

.github/workflows/check-versions.yaml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - name: Set up Helm
         uses: azure/[email protected]
@@ -34,6 +34,8 @@ jobs:
 
       - name: Setup go
         uses: actions/[email protected]
+        with:
+          go-version: '1.21'
 
       - name: Setup crane
         uses: imjasonh/[email protected]
@@ -42,13 +44,17 @@ jobs:
         with:
           python-version: '3.9'
 
-      - name: Update image tags
-        run: |
-          go install github.com/mikefarah/yq/v4@latest
+      - name: Install ubuntu packages
+        run: sudo apt-get install wget apt-transport-https gnupg lsb-release
 
-          sudo apt-get install wget apt-transport-https gnupg lsb-release
-          sudo pip install -r .github/scripts/requirements.txt
+      - name: Install yq
+        run: go install github.com/mikefarah/yq/v4@latest
 
+      - name: Install python dependencies
+        run: pip install -r .github/scripts/requirements.txt
+
+      - name: Update image tags
+        run: |
           ./.github/scripts/update-tags.sh
           git diff
 

.github/workflows/helm-chart-ci-ignore.yaml

@@ -43,7 +43,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - id: set-matrix
         name: Collect all examples

.github/workflows/helm-chart-ci.yaml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - name: Verify Docs updated
         run: ./helm-docs.sh
@@ -94,7 +94,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
         with:
           fetch-depth: 0
 
@@ -136,7 +136,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
         with:
           fetch-depth: 0
 
@@ -184,7 +184,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - id: set-matrix
         name: Collect all examples
@@ -216,7 +216,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - name: Set up Helm
         uses: azure/[email protected]

.github/workflows/helm-release.yaml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
         with:
           fetch-depth: 0
 
@@ -29,9 +29,9 @@ jobs:
           git config user.email "[email protected]"
 
       - name: Setup cosign
-        uses: sigstore/[email protected].1
+        uses: sigstore/[email protected].2
         with:
-          cosign-release: v2.1.1
+          cosign-release: v2.2.0
 
       - name: Set up Helm
         uses: azure/[email protected]
@@ -44,7 +44,7 @@ jobs:
           CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/shellcheck.yaml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - name: Run Shellcheck
         uses: ludeeus/[email protected]

CONTRIBUTING.md

@@ -48,14 +48,14 @@ Another approach to testing the chart is by installing one of the examples in yo
 
 ## Generating documentation
 
-Any changes to Chart.yaml or values.yaml require an update of the README.md. This update can easily be generated using [helm-docs][].
+Any changes to Chart.yaml or values.yaml require an update of the README.md. This update can easily be generated using [readme-generator](https://github.com/bitnami-labs/readme-generator-for-helm).
 
 ```shell
-./helm-docs.sh charts/«chart-name»
+./helm-docs.sh
 ```
 
 ## Bumping Chart version
 
 In contrary to many other Helm repositories we do NOT require contributors to increate the Chart version. We have customized our release pipeline so we can bundle various PRs in a single release. Maintainers of the helm-charts in this repo will take care of the semantic versioning.
 
-[helm-docs]: https://github.com/norwoodj/helm-docs "Generate documentation for your Helm chart."
+[readme-generator]: https://github.com/bitnami-labs/readme-generator-for-helm "Auto generate READMEs for Helm Charts."

charts/spire/Chart.yaml

@@ -3,7 +3,7 @@ name: spire
 description: >
   A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.
 type: application
-version: 0.12.0
+version: 0.13.0
 appVersion: "1.7.2"
 keywords: ["spiffe", "spire", "spire-server", "spire-agent", "oidc", "spire-controller-manager"]
 home: https://github.com/spiffe/helm-charts/tree/main/charts/spire