From 6a340b9ed64e99c1c29aac82f4ac6e4f3c02fd39 Mon Sep 17 00:00:00 2001 From: Levan Machablishvili Date: Thu, 7 Nov 2024 14:15:23 -0500 Subject: [PATCH 1/3] Configure Github workflow and job level permissions --- .github/workflows/ci.yaml | 5 +++++ .github/workflows/go-test-private-action-runner.yaml | 6 ++++++ .github/workflows/go-test.yaml | 6 ++++++ .github/workflows/pr-labeler.yaml | 7 +++++++ .github/workflows/release.yaml | 5 +++++ 5 files changed, 29 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1c2cd57d0..bbce00ed9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,11 @@ on: paths: - "charts/**" +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: changed: runs-on: ubuntu-latest diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index a42811bde..dc26fd575 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/private-action-runner/**' - 'charts/private-action-runner/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 3e8e2b1c5..739a20b1b 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/datadog-operator/**' - 'charts/datadog-operator/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index f1d36ed3d..ff711a73d 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -4,10 +4,17 @@ on: branches: - main +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: label: name: Add label for PRs runs-on: ubuntu-latest + permissions: + pull-requests: write timeout-minutes: 5 steps: - uses: actions/labeler@v5 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bb531756f..e33b3d11f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,14 @@ on: paths: - 'charts/**' +permissions: {} + jobs: release: runs-on: ubuntu-latest + permissions: + # https://github.com/helm/chart-releaser-action + contents: write steps: - name: Checkout uses: actions/checkout@v3 From ab704769402a4f95d671b659a2e9a5a55c9861dc Mon Sep 17 00:00:00 2001 From: Levan Machablishvili Date: Thu, 7 Nov 2024 14:19:36 -0500 Subject: [PATCH 2/3] force CI run --- charts/datadog-operator/CHANGELOG.md | 3 +++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 ++- charts/datadog-operator/values.yaml | 2 ++ charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 1 + charts/private-action-runner/values.yaml | 2 ++ 8 files changed, 16 insertions(+), 3 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index c2e35c443..93bf9921b 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 2.2.1 +noop + ## 2.2.0 * Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 307497bbd..5cf38c57b 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.2.0 +version: 2.2.1 appVersion: 1.9.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index fe2b687ab..edbaf9899 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) +![Version: 2.2.1](https://img.shields.io/badge/Version-2.2.1-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) ## Values @@ -43,6 +43,7 @@ | metricsPort | int | `8383` | Port used for OpenMetrics endpoint | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Operator on specific nodes | +| noop | bool | `true` | | | operatorMetricsEnabled | string | `"true"` | Enable forwarding of Datadog Operator metrics and events to Datadog. | | podAnnotations | object | `{}` | Allows setting additional annotations for Datadog Operator PODs | | podLabels | object | `{}` | Allows setting additional labels for for Datadog Operator PODs | diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index d445f9f8c..672309cdb 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -196,3 +196,5 @@ clusterRole: # allowReadAllResources is required to allow the operator to view all custom resources. # If collecting CRDs in the Kubernetes Explorer this is required allowReadAllResources: false + +noop: true diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 89adc7088..5566b25fc 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.4 + +noop + ## 0.14.3 * Add GitLab private actions and fix image repository link. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 269eac221..fa0d0bcc5 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.3 +version: 0.14.4 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index af2b7bad5..a123abae8 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -44,6 +44,7 @@ helm repo update |-----|------|---------|-------------| | common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.4-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | +| noop | bool | `true` | | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index b72ae56df..084a81893 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -84,3 +84,5 @@ runners: credentialFiles: [] # see examples/values.yaml for examples on how to specify secrets # credential files provided here will be mounted in /etc/dd-action-runner/ + +noop: true From 5f9e37f11977f3fc7364ba7697451bedec565fac Mon Sep 17 00:00:00 2001 From: Levan Machablishvili Date: Thu, 7 Nov 2024 17:08:25 -0500 Subject: [PATCH 3/3] Revert "force CI run" This reverts commit ab704769402a4f95d671b659a2e9a5a55c9861dc. --- charts/datadog-operator/CHANGELOG.md | 3 --- charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 +-- charts/datadog-operator/values.yaml | 2 -- charts/private-action-runner/CHANGELOG.md | 4 ---- charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 1 - charts/private-action-runner/values.yaml | 2 -- 8 files changed, 3 insertions(+), 16 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 93bf9921b..c2e35c443 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,8 +1,5 @@ # Changelog -## 2.2.1 -noop - ## 2.2.0 * Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 5cf38c57b..307497bbd 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.2.1 +version: 2.2.0 appVersion: 1.9.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index edbaf9899..fe2b687ab 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.2.1](https://img.shields.io/badge/Version-2.2.1-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) ## Values @@ -43,7 +43,6 @@ | metricsPort | int | `8383` | Port used for OpenMetrics endpoint | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Operator on specific nodes | -| noop | bool | `true` | | | operatorMetricsEnabled | string | `"true"` | Enable forwarding of Datadog Operator metrics and events to Datadog. | | podAnnotations | object | `{}` | Allows setting additional annotations for Datadog Operator PODs | | podLabels | object | `{}` | Allows setting additional labels for for Datadog Operator PODs | diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 672309cdb..d445f9f8c 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -196,5 +196,3 @@ clusterRole: # allowReadAllResources is required to allow the operator to view all custom resources. # If collecting CRDs in the Kubernetes Explorer this is required allowReadAllResources: false - -noop: true diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 5566b25fc..89adc7088 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,9 +1,5 @@ # Datadog changelog -## 0.14.4 - -noop - ## 0.14.3 * Add GitLab private actions and fix image repository link. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index fa0d0bcc5..269eac221 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.4 +version: 0.14.3 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index a123abae8..af2b7bad5 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -44,7 +44,6 @@ helm repo update |-----|------|---------|-------------| | common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.4-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | -| noop | bool | `true` | | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 084a81893..b72ae56df 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -84,5 +84,3 @@ runners: credentialFiles: [] # see examples/values.yaml for examples on how to specify secrets # credential files provided here will be mounted in /etc/dd-action-runner/ - -noop: true