Merge branch 'main' into dependabot/npm_and_yarn/d3-dag-1.1.0

weaveworks · Jan 12, 2025 · b2e94c5 · b2e94c5
2 parents b6ffd02 + ab5ecf2
commit b2e94c5
Show file tree

Hide file tree

Showing 10 changed files with 818 additions and 647 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -14,6 +14,7 @@ updates:
       eslint:
         patterns:
           - eslint
+          - "@eslint/*"
           - "@typescript-eslint/*"
       mui:
         patterns:
@@ -31,9 +32,13 @@ updates:
         exclude-patterns:
           - react-lottie-player
           - react-markdown
-          - react-router-dom
           - react-syntax-highlighter
           - react-toastify
+    ignore:
+      # ignore all updates to react-router-dom as
+      # it goes away with react router 7.
+      # will be removed entirely when update completed
+      - dependency-name: react-router-dom
   # Maintain dependencies for backend
   - package-ecosystem: "gomod"
     directory: "/"

diff --git a/.github/workflows/build-push-image.yaml b/.github/workflows/build-push-image.yaml
@@ -0,0 +1,92 @@
+name: Build and Push image
+
+on:
+  workflow_call:
+    inputs:
+      file:
+        required: true
+        type: string
+      flavor:
+        type: string
+      image:
+        required: true
+        type: string
+      platforms:
+        type: string
+      push:
+        required: true
+        type: boolean
+      ref:
+        type: string
+      tags:
+        required: true
+        type: string
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+
+jobs:
+  build-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write # for docker/build-push-action to push images
+      id-token: write # for Cosign to be able to sign images with GHA token
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref }}
+      - name: Unshallow
+        if: ${{ inputs.ref != '' }}
+        run: |
+          git fetch --prune --unshallow
+          git fetch --tags -f
+      - name: Set build-time flags
+        run: |
+          echo "LDFLAGS=$(make echo-ldflags)" >> $GITHUB_ENV
+          echo "FLUX_VERSION=$(make echo-flux-version)" >> $GITHUB_ENV
+      - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        id: meta
+        with:
+          images: ${{ inputs.image }}
+          tags: ${{ inputs.tags }}
+          flavor: ${{ inputs.flavor }}
+      - name: setup qemu
+        if: ${{ inputs.platforms != '' }}
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
+      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+      - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        id: build
+        with:
+          context: .
+          platforms: ${{ inputs.platforms }}
+          file: ${{ inputs.file }}
+          build-args: |
+            FLUX_VERSION=${{ env.FLUX_VERSION }}
+            LDFLAGS=${{ env.LDFLAGS }}
+            GIT_COMMIT=${{ github.sha }}
+          push: ${{ inputs.push }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: Install cosign
+        if: ${{ inputs.push }}
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+      - name: Keyless signing of image
+        if: ${{ inputs.push }}
+        run: |
+          echo ${{ steps.build.outputs.imageid }}
+          echo ${{ steps.build.outputs.digest }}
+          cosign sign --yes ${{ inputs.image }}@${{ steps.build.outputs.digest }}
+      - name: Verify the image signing
+        if: ${{ inputs.push }}
+        run: |
+          cosign verify ${{ inputs.image }}@${{ steps.build.outputs.digest }} \
+            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq .
diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml
@@ -44,6 +44,6 @@ jobs:
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -71,65 +71,23 @@ jobs:
 
   build-push-image:
     name: CI Build Image
-    runs-on: ubuntu-latest
-    env:
-      IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ matrix.docker-image }}
+    uses: ./.github/workflows/build-push-image.yaml
+    with:
+      file: ${{ matrix.docker-image }}.dockerfile
+      image: ghcr.io/${{ github.repository }}/${{ matrix.docker-image }}
+      push: ${{ github.event_name != 'pull_request' && github.repository == 'weaveworks/weave-gitops' }}
+      tags: |
+        type=ref,event=branch
+        type=ref,event=pr
     permissions:
-      packages: write # for docker/build-push-action to push images
+      contents: read # for actions/checkout to fetch code
       id-token: write # for Cosign to be able to sign images with GHA token
+      packages: write # for docker/build-push-action to push images
     strategy:
       matrix:
         docker-image:
           - gitops
           - gitops-server
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set build-time flags
-        run: |
-          echo "LDFLAGS=$(make echo-ldflags)" >> $GITHUB_ENV
-          echo "FLUX_VERSION=$(make echo-flux-version)" >> $GITHUB_ENV
-      - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
-        id: meta
-        with:
-          images: ${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
-      - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
-        id: build
-        with:
-          context: .
-          file: ${{ matrix.docker-image }}.dockerfile
-          build-args: |
-            FLUX_VERSION=${{ env.FLUX_VERSION }}
-            LDFLAGS=${{ env.LDFLAGS }}
-            GIT_COMMIT=${{ github.sha }}
-          push: ${{ github.event_name != 'pull_request' && github.repository == 'weaveworks/weave-gitops' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - name: Install cosign
-        if: ${{ github.event_name != 'pull_request' && github.repository == 'weaveworks/weave-gitops' }}
-        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
-      - name: Keyless signing of image
-        if: ${{ github.event_name != 'pull_request' && github.repository == 'weaveworks/weave-gitops' }}
-        run: |
-          echo ${{ steps.build.outputs.imageid }}
-          echo ${{ steps.build.outputs.digest }}
-          cosign sign --yes ${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
-      - name: Verify the image signing
-        if: ${{ github.event_name != 'pull_request' && github.repository == 'weaveworks/weave-gitops' }}
-        run: |
-          cosign verify ${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} \
-            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
-            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq .
 
   ci-upload-binary:
     name: Upload Binary - Disabled

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -8,10 +8,6 @@ on:
 permissions:
   contents: read # for actions/checkout to fetch code
 
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: weaveworks/wego-app
-
 jobs:
   tag-release:
     if: github.event.review.state == 'approved' && startsWith(github.event.pull_request.head.ref, 'releases/')
@@ -62,55 +58,22 @@ jobs:
 
   build-and-push-image:
     needs: tag-release
-    runs-on: ubuntu-latest
+    uses: ./.github/workflows/build-push-image.yaml
+    with:
+      file: gitops-server.dockerfile
+      flavor: |
+        latest=true
+      image: ghcr.io/weaveworks/wego-app
+      platforms: linux/amd64,linux/arm64
+      push: true
+      ref: ${{ github.event.pull_request.head.sha }}
+      tags: |
+        type=raw,value=${{ needs.tag-release.outputs.version }}
+        type=semver,pattern={{version}},value=${{ needs.tag-release.outputs.version }}
     permissions:
-      packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Unshallow
-        run: |
-          git fetch --prune --unshallow
-          git fetch --tags -f
-      - name: Log in to the Container registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set build-time flags
-        run: |
-          echo "LDFLAGS=$(make echo-ldflags)" >> $GITHUB_ENV
-          echo "FLUX_VERSION=$(make echo-flux-version)" >> $GITHUB_ENV
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=raw,value=${{ needs.tag-release.outputs.version }}
-            type=semver,pattern={{version}},value=${{ needs.tag-release.outputs.version }}
-          flavor: |
-            latest=true
-      - name: setup qemu
-        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
-      - name: setup docker buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
-      - name: Build and push Docker image
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          file: gitops-server.dockerfile
-          build-args: |
-            FLUX_VERSION=${{ env.FLUX_VERSION }}
-            LDFLAGS=${{ env.LDFLAGS }}
-            GIT_COMMIT=${{ github.sha }}
+      contents: read # for actions/checkout to fetch code
+      id-token: write # for Cosign to be able to sign images with GHA token
+      packages: write # for docker/build-push-action to push images
 
   goreleaser:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -50,7 +50,7 @@ jobs:
           format: sarif
           output: trivy-results.sarif
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: trivy-results.sarif
 
@@ -63,10 +63,10 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           languages: go
       - name: Autobuild
-        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
diff --git a/package.json b/package.json
@@ -73,19 +73,19 @@
     "react-dom": "^18.0.0",
     "react-is": "^18.0.0",
     "react-lottie-player": "^2.1.0",
-    "react-markdown": "^8.0.7",
+    "react-markdown": "^9.0.3",
     "react-query": "^3.39.3",
     "react-router-dom": "^5.2.0",
     "react-syntax-highlighter": "^15.6.1",
     "react-toastify": "^11.0.2",
-    "remark-gfm": "^3.0.1",
+    "remark-gfm": "^4.0.0",
     "styled-components": "^6.1.14",
     "yaml": "^2.7.0"
   },
   "devDependencies": {
     "@babel/core": "^7.26.0",
     "@babel/preset-env": "^7.26.0",
-    "@eslint/js": "9.17.0",
+    "@eslint/js": "9.18.0",
     "@parcel/config-default": "^2.13.3",
     "@parcel/core": "^2.13.3",
     "@parcel/optimizer-data-url": "^2.13.3",
@@ -105,7 +105,7 @@
     "babel-jest": "^29.7.0",
     "babel-plugin-styled-components": "^2.1.4",
     "buffer": "^6.0.3",
-    "eslint": "9.17.0",
+    "eslint": "9.18.0",
     "eslint-plugin-import": "^2.31.0",
     "jest": "^29.7.0",
     "jest-environment-jsdom": "^29.7.0",
@@ -123,15 +123,15 @@
     "typescript-eslint": "^8.19.1",
     "yarn-audit-fix": "^10.1.1"
   },
-  "alias": {
-    "yaml": "yaml/browser/dist/index.js"
-  },
   "resolutions": {
     "cross-spawn": "^7.0.6",
     "commander": "^13.0.0"
   },
   "engines": {
     "node": ">=22.0"
   },
-  "packageManager": "[email protected]"
+  "packageManager": "[email protected]",
+  "@parcel/resolver-default": {
+    "packageExports": true
+  }
 }
diff --git a/website/package.json b/website/package.json
@@ -25,7 +25,7 @@
     "@fortawesome/free-solid-svg-icons": "^6.7.2",
     "@fortawesome/react-fontawesome": "^0.2.2",
     "@mdx-js/react": "^3.1.0",
-    "@types/react": "^19.0.4",
+    "@types/react": "^19.0.5",
     "file-loader": "^6.2.0",
     "raw-loader": "^4.0.2",
     "react": "^19.0.0",

diff --git a/website/yarn.lock b/website/yarn.lock
@@ -4074,12 +4074,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/react@npm:^19.0.4":
-  version: 19.0.4
-  resolution: "@types/react@npm:19.0.4"
+"@types/react@npm:^19.0.5":
+  version: 19.0.5
+  resolution: "@types/react@npm:19.0.5"
   dependencies:
     csstype: "npm:^3.0.2"
-  checksum: 10c0/96ecd1a73af57fd7b7facf5b36ec069b131c7608a98a0f1098183023bfb21c60a26a0dc09004fbe0ac70c436ef887bbec5690882cfb77c6e0c679f7e45987722
+  checksum: 10c0/6f3a25c826e8b274cf26b25ef7bd4a97aaa4d7b30a0ea529bf252c6f0387d74f44940dea55cfcac75829bee53cd4c82fdb41653b978954a08036d2812a0ae6d6
   languageName: node
   linkType: hard
 
@@ -13438,7 +13438,7 @@ __metadata:
     "@fortawesome/free-solid-svg-icons": "npm:^6.7.2"
     "@fortawesome/react-fontawesome": "npm:^0.2.2"
     "@mdx-js/react": "npm:^3.1.0"
-    "@types/react": "npm:^19.0.4"
+    "@types/react": "npm:^19.0.5"
     file-loader: "npm:^6.2.0"
     raw-loader: "npm:^4.0.2"
     react: "npm:^19.0.0"