Merge branch 'dev-v2.9' into dependabot/go_modules/tests/google.golan…

…g.org/protobuf-1.33.0

.github/CODEOWNERS

@@ -1,85 +1,109 @@
 # Global Reviewer
-.github @rancher/mapps
-docs @rancher/mapps
-scripts @rancher/mapps
-CNAME @rancher/mapps
-Makefile @rancher/mapps
-README.md @rancher/mapps
-_config.yml @rancher/mapps
-configuration.yaml @rancher/mapps
-regsync.yaml @rancher/mapps
-index.html @rancher/mapps
-
-# Elemental 
+/.github @rancher/release-team
+/docs @rancher/release-team
+/scripts @rancher/release-team
+/CNAME @rancher/release-team
+/Makefile @rancher/release-team
+/README.md @rancher/release-team
+/_config.yml @rancher/release-team
+/configuration.yaml @rancher/release-team
+/regsync.yaml @rancher/release-team
+/index.html @rancher/release-team
+
+# Elemental
 packages/elemental @rancher/elemental
-
-# Epinio 
-packages/epinio @andreas-kupries
+assets/elemental @rancher/elemental
 
 # Fleet
 packages/fleet @rancher/fleet
+assets/fleet @rancher/fleet
 
 # Harvester
 packages/harvester @rancher/harvester
+assets/harvester @rancher/harvester
 
-# Longhorn 
+# Longhorn
 packages/longhorn @rancher/longhorn
 packages/longhorn-crd @rancher/longhorn
+assets/longhorn @rancher/longhorn
+assets/longhorn-crd @rancher/longhorn
 
 # Neuvector
 packages/neuvector @rancher/neuvector
 packages/neuvector-monitor @rancher/neuvector
+assets/neuvector @rancher/neuvector
+assets/neuvector-monitor @rancher/neuvector
 
 # Rancher AKS EKS GKE
 packages/rancher-aks-operator @rancher/highlander
 packages/rancher-eks-operator @rancher/highlander
 packages/rancher-gke-operator @rancher/highlander
+assets/rancher-aks-operator @rancher/highlander
+assets/rancher-eks-operator @rancher/highlander
+assets/rancher-gke-operator @rancher/highlander
+
 
-# Rancher Alerting 
+# Rancher Alerting
 packages/rancher-alerting @rancher/observation-backup
+assets/rancher-alerting @rancher/observation-backup
 
 # Rancher Backup
 packages/rancher-backup @rancher/observation-backup
+assets/rancher-backup @rancher/observation-backup
 
-# Rancher CIS Benchmark 
+# Rancher CIS Benchmark
 packages/rancher-cis-benchmark @rancher/infracloud-team
 tests/rancher-cis-benchmark @rancher/infracloud-team
+assets/rancher-cis-benchmark @rancher/infracloud-team
 
 # Rancher CSP Adapter
 packages/rancher-csp-adapter @rancher/socket
+assets/rancher-csp-adapter @rancher/socket
 
-# Rancher OPA Gatekeeper 
+# Rancher OPA Gatekeeper
 packages/rancher-gatekeeper @rancher/mapps
+assets/rancher-gatekeeper @rancher/mapps
 
-# Rancher Istio 
+# Rancher Istio
 packages/rancher-istio @rancher/mapps
 tests/rancher-istio @rancher/mapps
+assets/rancher-istio @rancher/mapps
 
-# Rancher Logging 
+# Rancher Logging
 packages/rancher-logging @rancher/observation-backup
+assets/rancher-logging @rancher/observation-backup
 
-# Rancher Monitoring 
+# Rancher Monitoring
 packages/rancher-monitoring @rancher/observation-backup
+assets/rancher-monitoring @rancher/observation-backup
 
 # Rancher SRIOV
 packages/rancher-sriov @rancher/rke1-team
 packages/rancher-nfd @rancher/rke1-team
+assets/rancher-sriov @rancher/rke1-team
+assets/rancher-nfd @rancher/rke1-team
 
 # Rancher Provisioning CAPI
 packages/rancher-provisioning-capi @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-provisioning-capi @rancher/rancher-team-2-hostbusters-dev
 
-# Rancher VSphere  
+# Rancher VSphere
 packages/rancher-vsphere @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-vsphere-cpi @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-vsphere-csi @rancher/rancher-team-2-hostbusters-dev
 
 # Rancher Windows GSMA
 packages/rancher-windows-gsma @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-windows-gsma @rancher/rancher-team-2-hostbusters-dev
 
-# Rancher Webhook 
-packages/rancher-webhook @rancher/rancher-team-1-neo-dev
+# Rancher Webhook
+packages/rancher-webhook @rancher/rancher-squad-frameworks
+assets/rancher-webhook @rancher/rancher-squad-frameworks
 
 # System Upgrade Controller
 packages/system-upgrade-controller @rancher/rancher-team-2-hostbusters-dev
+assets/system-upgrade-controller @rancher/rancher-team-2-hostbusters-dev
 
 # UI Extension Operator
 packages/ui-plugin-operator @rancher/mapps
-
+assets/ui-plugin-operator @rancher/mapps

.github/pull_request_template.md

@@ -1,26 +1,40 @@
-## Issue: <!-- link the issue or issues this PR resolves here -->
-<!-- If your PR depends on changes from another pr link them here and describe why they are needed in your solution section. -->
+#### Pull Requests Rules
 
-## Problem
-<!-- Describe the root cause of the issue you are resolving. This may include what behavior is observed and why it is not desirable. If this is a new feature describe why we need this feature and how it will be used. -->
-## Solution
-<!-- Describe what you changed to fix the issue. Relate your changes back to the original issue / feature and explain how this addresses the issue. -->
+- `Never remove an already released chart!`
+    - This does not apply to RC's because they are not released.
+- Each Pull Request should only modify one chart with its dependencies.
+
+- Pull request title:
+    ```
+    [dev-v2.X] <chart> <version> <action>
+    ```
+    - `<action>`: 1 of (bump; remove; UnRC)
+
+---
 
-## Testing
-<!-- Note: Confirm if the repro steps in the GitHub issue are valid, if not, please update the issue with accurate repro steps. -->
+##### Checkpoints for Chart Bumps
 
-## Engineering Testing
-### Manual Testing
-<!-- Describe what manual testing you did (if no testing was done, explain why). -->
+`release.yaml`:
+- [ ] Each chart version in release.yaml DOES NOT modify an already released chart. If so, stop and modify the versions so that it releases a net-new chart.
+- [ ] Each chart version in release.yaml IS exactly 1 more patch or minor version than the last released chart version. If not, stop and modify the versions so that it releases a net-new chart.
 
-### Automated Testing
-<!--If you added/updated unit/integration/validation tests, describe what cases they cover and do not cover. -->
+`Chart.yaml and index.yaml`:
+- [ ] The `index.yaml` file has an entry for your new chart version.
+- [ ] The `index.yaml` entries for each chart matches the `Chart.yaml` for each chart.
+- [ ] Each chart has ALL required annotations
+  - kube-version annotation
+  - rancher-version annotation
+  - permits-os annotation (indicates Windows and/or Linux)
 
-## QA Testing Considerations
-<!-- Highlight areas or (additional) cases that QA should test w.r.t a fresh install as well as the upgrade scenarios -->
+---
 
-### Regressions Considerations
-<!-- Dedicated section to specifically call out any areas that with higher chance of regressions caused by this change, include estimation of probability of regressions -->
+Fill the following only if required by your manager.
+
+##### Issue: <!-- link the issue or issues this PR resolves here -->
+<!-- If your PR depends on changes from another pr link them here and describe why they are needed in your solution section. -->
+
+##### Solution
+<!-- Describe what you changed to fix the issue. Relate your changes back to the original issue / feature and explain how this addresses the issue. -->
 
-## Backporting considerations
-<!-- Does this change need to be backported to other versions? If so, which versions should it be backported to? -->
+##### QA Testing Considerations
+<!-- Highlight areas or (additional) cases that QA should test w.r.t a fresh install as well as the upgrade scenarios -->

.github/workflows/build.yaml

@@ -0,0 +1,113 @@
+name: Build
+
+on:
+  pull_request:
+    branches:
+      - dev-v*
+      - release-v*
+
+jobs:
+  build:
+    name: Validate
+    runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
+    container: registry.suse.com/bci/bci-base:latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Install Dependencies
+        continue-on-error: false
+        env:
+          GH_VERSION: 2.63.2
+          YQ_VERSION: "v4.44.2"
+        run: |
+          echo "installing docker, jq, git, make, go, awk and patch through zypper"
+          zypper --non-interactive install docker jq git make go awk patch
+          echo "installing gh"
+          mkdir -p /tmp/gh
+          curl -fsL https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz | tar xvzf - --strip-components=1 -C /tmp/gh
+          mv /tmp/gh/bin/gh /usr/bin/gh
+          chmod +x /usr/bin/gh
+
+          echo "installing yq"
+          curl -fsL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq
+          chmod +x /usr/bin/yq
+          echo "yq version:"
+          yq --version
+
+      - name: Load Secrets from Vault
+        continue-on-error: true
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME;
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD;
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
+
+      - name: Create App Token
+        continue-on-error: true
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ env.APP_ID }}
+          private-key: ${{ env.PRIVATE_KEY }}
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Git Checkout PR and into new branch
+        continue-on-error: false
+        run: |
+          echo "git global configuration"
+          git config --global --add safe.directory "$PWD"
+          echo $PATH >> $GITHUB_PATH
+          echo "fetch the pull request"
+          git fetch origin pull/${{ github.event.pull_request.number }}/head:pr-${{ github.event.pull_request.number }}
+          echo "checkout the PR"
+          git checkout pr-${{ github.event.pull_request.number }}
+          echo "checkout into a new branch for safety"
+          git checkout -b staging-pr-workflow
+
+      - name: Pull scripts
+        continue-on-error: false
+        run: make pull-scripts
+
+      - name: Check release.yaml format with yq
+        continue-on-error: false
+        run: make check-release-yaml
+
+      - name: Release PR Validation Chekpoints
+        continue-on-error: false
+        if: contains(github.base_ref, 'release-v')
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        run: make validate-release-charts BRANCH=${{ github.event.pull_request.base.ref }} GH_TOKEN=${{ env.GH_TOKEN }} PR_NUMBER=${{ github.event.pull_request.number }}
+
+      - name: Validate index.yaml Vs assets/ dir
+        continue-on-error: false
+        run: |
+          echo "github.base_ref: ${{ github.base_ref }}"
+          if [[ "${{ github.base_ref }}" == *release-v* ]]; then
+            echo "Validating remote release branch"
+            make validate remote=true
+          else
+            echo "Validating local branch"
+            make validate
+          fi
+
+      - name: Check Images
+        continue-on-error: false
+        env:
+          DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
+        run: make check-images
+
+      - name: Check RC's
+        continue-on-error: false
+        if: contains(github.base_ref, 'release-v')
+        run: make check-rc
+
+      - name: Run Hull tests
+        if: contains(github.base_ref, 'dev-v')
+        run: cd tests && go test -v ./...