Merge branch 'main' into renovate/all-minor-patch

README.md

@@ -14,10 +14,23 @@
 
 Zarf eliminates the [complexity of air gap software delivery](https://www.itopstimes.com/contain/air-gap-kubernetes-considerations-for-running-cloud-native-applications-without-the-cloud/) for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.
 
+## Why Use Zarf 
+
+- 💸 **Free and Open-Source.** Zarf will always be free to use and maintained by the open-source community.
+- ⭐️ **Zero Dependencies.** As a statically compiled binary, the Zarf CLI has zero dependencies to run on any machine. 
+- 🔓 **No Vendor Lock.** There is no proprietary software that locks you into using Zarf. If you want to remove it, you still can use your helm charts to deploy your software manually.
+- 💻 **OS Agnostic.** Zarf supports numerous operating systems. A full matrix of supported OSes, architectures and featuresets is coming soon.
+- 📦 **Highly Distributable.** Integrate and deploy software from multiple secure development environments including edge, embedded systems, secure cloud, data centers, and even local environments.
+- 🚀 **Develop Connected, Deploy Disconnected.** Teams can build and configure individual applications or entire DevSecOps environments while connected to the internet. Once created, they can be packaged and shipped to a disconnected environment to be deployed.
+- 💿 **Single File Deployments.** Zarf allows you to package the parts of the internet your app needs into a single compressed file to be installed without connectivity.
+- ♻️ **Declarative Deployments.** Zarf packages define the precise state for your application enabling it to be deployed the same way every time.
+- 🦖 **Inherit Legacy Code.** Zarf packages can wrap legacy code and projects - allowing them to be deployed to modern DevSecOps environments.
+
 ## 📦 Out of the Box Features
 
 - Automate Kubernetes deployments in disconnected environments
 - Automate [Software Bill of Materials (SBOM)](https://docs.zarf.dev/docs/deploy-a-zarf-package/package-sboms) generation
+- Build and [publish packages as OCI image artifacts](./5-zarf-tutorials/7-publish-and-deploy.md)
 - Provide a [web dashboard](https://docs.zarf.dev/docs/deploy-a-zarf-package/view-sboms) for viewing SBOM output
 - Create and verify package signatures with [cosign](https://github.com/sigstore/cosign)
 - [Publish](https://docs.zarf.dev/docs/the-zarf-cli/cli-commands/zarf_package_publish), [pull](https://docs.zarf.dev/docs/the-zarf-cli/cli-commands/zarf_package_pull), and [deploy](https://docs.zarf.dev/docs/the-zarf-cli/cli-commands/zarf_package_deploy) packages from an [OCI registry](https://opencontainers.org/)

docs/0-zarf-overview.md

@@ -118,13 +118,14 @@ In the more complex use case, your package consists of updates for many apps/sys
 ## Why Use Zarf?
 
 - 💸 **Free and Open-Source.** Zarf will always be free to use and maintained by the open-source community.
+- ⭐️ **Zero Dependencies.** As a statically compiled binary, the Zarf CLI has zero dependencies to run on any machine. 
 - 🔓 **No Vendor Lock.** There is no proprietary software that locks you into using Zarf. If you want to remove it, you still can use your helm charts to deploy your software manually.
 - 💻 **OS Agnostic.** Zarf supports numerous operating systems. A full matrix of supported OSes, architectures and featuresets is coming soon.
 - 📦 **Highly Distributable.** Integrate and deploy software from multiple secure development environments including edge, embedded systems, secure cloud, data centers, and even local environments.
-- 🚀 **Develop Connected Deploy Disconnected.** Teams can build and configure individual applications or entire DevSecOps environments while connected to the internet. Once created, they can be packaged and shipped to a disconnected environment to be deployed.
+- 🚀 **Develop Connected, Deploy Disconnected.** Teams can build and configure individual applications or entire DevSecOps environments while connected to the internet. Once created, they can be packaged and shipped to a disconnected environment to be deployed.
 - 💿 **Single File Deployments.** Zarf allows you to package the parts of the internet your app needs into a single compressed file to be installed without connectivity.
-- ♻️ **Declarative Deployments.**
-- 🦖 **Inherit Legacy Code.**
+- ♻️ **Declarative Deployments.** Zarf packages define the precise state for your application enabling it to be deployed the same way every time.
+- 🦖 **Inherit Legacy Code.** Zarf packages can wrap legacy code and projects - allowing them to be deployed to modern DevSecOps environments.
 
 ## Features
 
@@ -134,6 +135,7 @@ In the more complex use case, your package consists of updates for many apps/sys
 
 - Automate Kubernetes deployments in disconnected environments
 - Automate [Software Bill of Materials (SBOM)](./3-create-a-zarf-package/6-package-sboms.md) generation
+- Build and [publish packages as OCI image artifacts](./5-zarf-tutorials/7-publish-and-deploy.md)
 - Provide a [web dashboard](./4-deploy-a-zarf-package/4-view-sboms.md) for viewing SBOM output
 - Create and verify package signatures with [cosign](https://github.com/sigstore/cosign)
 - [Publish](./2-the-zarf-cli/100-cli-commands/zarf_package_publish.md), [pull](./2-the-zarf-cli/100-cli-commands/zarf_package_pull.md), and [deploy](./2-the-zarf-cli/100-cli-commands/zarf_package_deploy.md) packages from an [OCI registry](https://opencontainers.org/)

src/internal/packager/template/template.go

@@ -36,17 +36,20 @@ func Generate(cfg *types.PackagerConfig) (*Values, error) {
 
 	regInfo := cfg.State.RegistryInfo
 
-	pushUser, err := utils.GetHtpasswdString(regInfo.PushUsername, regInfo.PushPassword)
-	if err != nil {
-		return nil, fmt.Errorf("error generating htpasswd string: %w", err)
-	}
+	// Only calculate this for internal registries to allow longer external passwords
+	if regInfo.InternalRegistry {
+		pushUser, err := utils.GetHtpasswdString(regInfo.PushUsername, regInfo.PushPassword)
+		if err != nil {
+			return nil, fmt.Errorf("error generating htpasswd string: %w", err)
+		}
 
-	pullUser, err := utils.GetHtpasswdString(regInfo.PullUsername, regInfo.PullPassword)
-	if err != nil {
-		return nil, fmt.Errorf("error generating htpasswd string: %w", err)
-	}
+		pullUser, err := utils.GetHtpasswdString(regInfo.PullUsername, regInfo.PullPassword)
+		if err != nil {
+			return nil, fmt.Errorf("error generating htpasswd string: %w", err)
+		}
 
-	generated.htpasswd = fmt.Sprintf("%s\\n%s", pushUser, pullUser)
+		generated.htpasswd = fmt.Sprintf("%s\\n%s", pushUser, pullUser)
+	}
 
 	generated.registry = regInfo.Address