Merge pull request #411 from giantswarm/merge-upstream

Merge latest upstream changes

.circleci/config.yml

@@ -4,42 +4,36 @@ version: 2.1
 jobs:
   build:
     machine:
-      image: "ubuntu-2004:202010-01"
+      image: "ubuntu-2204:2022.10.2"
+    environment:
+      ALL_ARCH: "amd64 arm64"
+      REGISTRY_QUAY: quay.io/giantswarm
+      REGISTRY_CHINA: registry-intl.cn-shanghai.aliyuncs.com/giantswarm
     steps:
       - checkout
       - run:
           name: Build the CAPI docker images
           command: |
-            make docker-build TAG=$CIRCLE_SHA1
+            for registry in $REGISTRY_QUAY $REGISTRY_CHINA; do
+              make docker-build-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$registry
+            done
       - run:
-          name: Login to quay
+          name: Push to quay
           command: |
             docker login --username $QUAY_USERNAME --password $QUAY_PASSWORD quay.io
-      - run:
-          name: Retag images with git tags
-          command: |
-            if [[ -n $CIRCLE_TAG ]]; then docker tag quay.io/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_SHA1 quay.io/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_TAG; fi
-            if [[ -n $CIRCLE_TAG ]]; then docker tag registry-intl.cn-shanghai.aliyuncs.com/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_SHA1 registry-intl.cn-shanghai.aliyuncs.com/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_TAG; fi
-      - run:
-          name: Push images to quay
-          command: |
-            docker push quay.io/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_SHA1
-      - run:
-          name: Push images with git tags to quay
-          command: |
-            if [[ -n $CIRCLE_TAG ]]; then docker push quay.io/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_TAG; fi
-      - run:
-          name: Login to aliyun
-          command: |
-            docker login --username $ALIYUN_USERNAME --password $ALIYUN_PASSWORD registry-intl.cn-shanghai.aliyuncs.com
-      - run:
-          name: Push images to aliyun
-          command: |
-            docker push registry-intl.cn-shanghai.aliyuncs.com/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_SHA1
-      - run:
-          name: Push images with git tags to aliyun
-          command: |
-            if [[ -n $CIRCLE_TAG ]]; then docker push registry-intl.cn-shanghai.aliyuncs.com/$CIRCLE_PROJECT_USERNAME/cluster-api-aws-controller:$CIRCLE_TAG; fi
+
+            make docker-push-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$REGISTRY_QUAY
+            if [[ -n $CIRCLE_TAG ]]; then docker tag quay.io/giantswarm/cluster-api-aws-controller:$CIRCLE_SHA1 quay.io/giantswarm/cluster-api-aws-controller:$CIRCLE_TAG && docker push quay.io/giantswarm/cluster-api-aws-controller:$CIRCLE_TAG; fi
+
+      # Waiting for https://gigantic.slack.com/archives/C3C7ZQXC1/p1674714600715149
+      # ---
+      # - run:
+      #     name: Push to aliyun
+      #     command: |
+      #       docker login --username $ALIYUN_USERNAME --password $ALIYUN_PASSWORD registry-intl.cn-shanghai.aliyuncs.com
+
+      #       make docker-push-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$REGISTRY_CHINA
+      #       if [[ -n $CIRCLE_TAG ]]; then docker tag registry-intl.cn-shanghai.aliyuncs.com/giantswarm/cluster-api-aws-controller:$CIRCLE_SHA1 registry-intl.cn-shanghai.aliyuncs.com/giantswarm/cluster-api-aws-controller:$CIRCLE_TAG && docker push registry-intl.cn-shanghai.aliyuncs.com/giantswarm/cluster-api-aws-controller:$CIRCLE_TAG; fi
 
 workflows:
   version: 2

.gitattributes

@@ -0,0 +1,2 @@
+*.sh text eol=lf
+*.yaml text eol=lf

.github/PULL_REQUEST_TEMPLATE.md

@@ -34,13 +34,3 @@ Fixes #
 - [ ] includes documentation
 - [ ] adds unit tests
 - [ ] adds or updates e2e tests
-
-**Release note**:
-<!--  Write your release note:
-1. Enter your extended release note in the below block. 
-2. If the PR requires additional action from users switching to the new release, include the string "action required".
-2. If no release note is required, just write "NONE"....however we encourage contributors to never use this as release notes are incredible useful.
--->
-```release-note
-
-```

.github/dependabot.yml

@@ -20,3 +20,8 @@ updates:
     directory: "/hack/tools"
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/release.yml

@@ -0,0 +1,21 @@
+changelog:
+  categories:
+    - title: ⚠ API Changes
+      labels:
+        - kind/api-change
+    - title: 🚀 Features
+      labels:
+        - kind/feature
+    - title: 🐛 Bug Fixes
+      labels:
+        - kind/bug
+        - kind/regression
+    - title: 📖 Documentation
+      labels:
+        - kind/documentation
+    - title: Dependencies
+      labels:
+        - area/dependency
+    - title: 🌱 Others
+      labels:
+        - "*"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,38 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '15 18 1 * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3.3.0
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/dependabot.yml

@@ -19,13 +19,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v3
       with:
-        go-version: '1.17'
+        go-version: '1.19'
       id: go
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-    - uses: actions/cache@v2
+      uses: actions/checkout@v3.3.0
+    - uses: actions/cache@v3
       name: Restore go cache
       with:
         path: |
@@ -38,7 +38,7 @@ jobs:
       run: make modules
     - name: Update generated code
       run: make generate
-    - uses: EndBug/add-and-commit@v7
+    - uses: EndBug/add-and-commit@v9
       name: Commit changes
       with:
         author_name: dependabot[bot]

.github/workflows/md-link-checker.yml

@@ -0,0 +1,14 @@
+on:
+  pull_request:
+    branches: [ main ]
+
+permissions: {}
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3.3.0
+      - uses: artyom/mdlinks@v0
+        with:
+          dir: 'docs/book'

.github/workflows/scan.yml

@@ -0,0 +1,23 @@
+name: scan-images
+
+on:
+  schedule:
+    # every Monday at 12:00AM
+    - cron: "0 12 * * 1"
+
+# Remove all permissions from GITHUB_TOKEN except metadata.
+permissions: {}
+
+jobs:
+  scan:
+    name: Trivy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3.3.0
+      - name: Setup go
+        uses: actions/setup-go@v3.5.0
+        with:
+          go-version: 1.19
+      - name: Run verify container script
+        run: make verify-container-images

.gitignore

@@ -28,6 +28,7 @@ envfile
 kind.kubeconfig
 minikube.kubeconfig
 kubeconfig
+!kubeconfig/
 
 # Example and binary output directory
 /out