Comparing changes

## Description `syft packages` was deprecated in favor of `syft scan` in `v0.100.0` anchore/syft#2446 anchore/syft@v0.99.0...v0.100.0 <img width="1539" alt="deprecated" src="https://github.com/defenseunicorns/zarf/assets/87675701/0bc6fa1f-8397-482e-bd7d-3e3987355b48"> ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description Take helpers out of Zarf and moves the package to https://github.com/defenseunicorns/pkg Relates to #2252 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Lucas Rodriguez <[email protected]>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/anchore/clio](https://togithub.com/anchore/clio) | require | digest | `abcb719` -> `fb5fc4c` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

## Description Adds `zarf tools yq` ## Related Issue Fixes #2384 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description switch to using the oci library at https://github.com/defenseunicorns/pkg. This would also close #2392 as we pull in an updated docker version Fixes #2251 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

…sted script injection (#2418) ## Description Our OSSF scorecard workflow flagged this as a `Critical` security risk. Unsure of whether there is a real attack vector in our specific case. Using an environment variable to capture untrusted input in workflows is a documented security hardening best practice by GitHub as well. This should also boost our OSSF scorecard score since we have a `0` on this check. <img width="969" alt="image" src="https://github.com/defenseunicorns/zarf/assets/87675701/a07c699f-3601-44f2-b181-36f91f3637f8"> `Dangerous-Workflow` check: - https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow Risk of script injections: - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections Example script injection attack: - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#example-of-a-script-injection-attack Recommended fix that this PR implements: - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable ## Type of change - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description Zarf's branch protection was switched to rulesets instead of classic branch protection (temporarily in evaluate mode). A PAT is no longer needed. See: https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Co-authored-by: razzle <[email protected]>

…ntly (#2409) ## Description remove duplicate logic for writing image layers to disk concurrently crane does this already in `WriteImage()`: https://github.com/defenseunicorns/zarf/blob/08c92e12a4a2b05d0ea5abe055c7c01ba9964051/src/internal/packager/images/pull.go#L342 https://github.com/google/go-containerregistry/blob/8dadbe76ff8c20d0e509406f04b7eade43baa6c1/pkg/v1/layout/write.go#L333-L340 ## Type of change - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Co-authored-by: Austin Abro <[email protected]>

## Description For larger packages it can take a long time to parse through the cosign lookups, having an option to not do this is nice for faster feedback cycles. ## Related Issue Fixes #N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Co-authored-by: Austin Abro <[email protected]>

## Description - This feature allows chart deployment overrides. ## Related Issue Relates to #2133 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Signed-off-by: naveensrinivasan <[email protected]> Co-authored-by: Lucas Rodriguez <[email protected]> Co-authored-by: razzle <[email protected]> Co-authored-by: Austin Abro <[email protected]>

## Description As we now use `commitlint` on PR titles, there is no need to have the checklist in the PR description for the type of change. ## Related Issue Fixes N/A ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description This PR pins the `k3s` image version used in our `k3d` action to the same version we use for the init package: https://github.com/defenseunicorns/zarf/blob/02389274c61b59385ac339d6d690a148878427f9/packages/distros/k3s/zarf.yaml#L17 This is to workaround the containerd bug that tries to use HTTPS requests to pull images from Zarf's HTTP registry: containerd/containerd#10014 Related CI failures: https://github.com/defenseunicorns/zarf/actions/runs/8621639619/job/23631060696?pr=2315 https://github.com/defenseunicorns/zarf/actions/runs/8619947296/job/23632023109?pr=2429 ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed

## Description Port docs to Starlight, restructure to delineate differences between reference material and guides. Greatly consolidates information in miscellaneous `.md` files across the repo to live within `site/src/content/docs`. Lays a pathway for future docs work, and hopefully no more large docs PRs. ## Related Issue Fixes #1429 Fixes #1460 Fixes #1532 Fixes #1134 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Signed-off-by: razzle <[email protected]> Co-authored-by: Wayne Starr <[email protected]> Co-authored-by: Lucas Rodriguez <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Mar 22, 2024

Commits on Mar 25, 2024

Commits on Mar 26, 2024

Commits on Mar 27, 2024

Commits on Mar 28, 2024

Commits on Apr 4, 2024

Commits on Apr 5, 2024

Commits on Apr 9, 2024

This comparison is taking too long to generate.