v0.48.0

Features

• feat: allow warnings on validation response by @mjnagel in #1974

Approving with Warnings

When(a.ConfigMap)
  .IsCreatedOrUpdated()
  .InNamespace("pepr-demo")
  .Validate(request => {
    const warnings = [];

    // Check for deprecated fields
    if (request.Raw.data && request.Raw.data["deprecated-field"]) {
      warnings.push("Warning: The 'deprecated-field' is being used and will be removed in future versions");
    }

    // Check for missing app label
    if (!request.HasLabel("app")) {
      warnings.push("Warning: Best practice is to include an 'app' label for resource identification");
    }

    // Return approval with warnings if any were generated
    return request.Approve(warnings.length > 0 ? warnings : undefined);
  });

Denying with Warnings

When(a.ConfigMap)
  .IsCreatedOrUpdated()
  .InNamespace("pepr-demo")
  .Validate(request => {
    // Check for dangerous settings
    if (request.Raw.data && request.Raw.data["dangerous-setting"] === "true") {
      const warnings = [
        "Warning: The 'dangerous-setting' field is set to 'true'",
        "Consider using a safer configuration option"
      ];

      return request.Deny(
        "ConfigMap contains dangerous settings that are not allowed",
        422,
        warnings
      );
    }

    return request.Approve();
  });

Warnings will be included in the Kubernetes API response and can be displayed to users by kubectl and other Kubernetes clients, providing helpful feedback while still enforcing policies.

What's Changed ♻️

• fix: use consistent uuid length limit in docs by @samayer12 in #2000
• chore: example to validate action by @cmwylie19 in #2004
• chore: account for unique dockerfile by @cmwylie19 in #1996
• chore: build_version_no_exist by @cmwylie19 in #2006
• chore: shellcheck giving incorrect warning on nightlies.sh by @cmwylie19 in #2009
• chore: remove possible premature program exit from watch-processor by @samayer12 in #2010
• chore: split watch-processor tests to separate test concerns by @samayer12 in #2014
• chore: finalize example in actions docs by @cmwylie19 in #2018
• chore: reconcile and watch examples in action docs by @cmwylie19 in #2019
• chore: compliance reporting ADR by @cmwylie19 in #1824
• chore: refactor watch-processor tests for clarity by @samayer12 in #2013
• chore: make uds test use library by @cmwylie19 in #2024
• chore: removes the migrateAndSetupWatch out of store.ts for improved testability by @cmwylie19 in #2027

Dependabot 🤖

• chore: bump step-security/harden-runner from 2.11.0 to 2.11.1 by @dependabot in #2003
• chore: bump @types/node from 22.13.14 to 22.13.17 in the development-dependencies group by @dependabot in #2001
• chore: bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @dependabot in #2002
• chore: bump the development-dependencies group with 2 updates by @dependabot in #2007
• chore: bump kubernetes-fluent-client from 3.4.6 to 3.4.7 in the production-dependencies group by @dependabot in #2012
• chore: bump trufflesecurity/trufflehog from 3.88.20 to 3.88.22 by @dependabot in #2011
• chore: bump library/node from 990d0ab to 047d633 by @dependabot in #2016
• chore: bump trufflesecurity/trufflehog from 3.88.22 to 3.88.23 by @dependabot in #2015
• chore: bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot in #2021
• chore: bump fast-check from 4.0.1 to 4.1.0 in the development-dependencies group by @dependabot in #2020
• chore: bump fast-check from 4.1.0 to 4.1.1 in the development-dependencies group by @dependabot in #2026
• chore: bump library/node from 047d633 to 73da8b4 by @dependabot in #2025
• chore: bump library/node from 73da8b4 to c5bfe90 by @dependabot in #2028
• chore: bump undici from 7.7.0 to 7.8.0 in the development-dependencies group by @dependabot in #2031
• chore: bump kfc and chainguard images by @dependabot in #2030
• chore: bump @types/node from 22.14.0 to 22.14.1 in the development-dependencies group by @dependabot in #2032

Full Changelog: v0.47.0...v0.48.0