Merge branch 'main' into revert-2088-label_gcp_deployments

.github/actions/slack-notification/README.md

@@ -82,13 +82,13 @@ jobs:
 
 Following inputs can be used as `step.with` keys:
 
-| Name             | Type     | Required | Description                                                 |
-|------------------|----------|----------|-------------------------------------------------------------|
-| `vault-role-id`  | String   | yes      | The Vault role id.                                          |
-| `vault-secret-id`| String   | yes      | The Vault secret id.                                        |
-| `vault-url`      | String   | yes      | The Vault URL to connect to.                                |
-| `slack-channel`  | String   | no       | Slack channel id or channel name. Default: #csp-qa-alerts   |
-| `slack-message`  | String   | no       | Posting a simple plain text message.                        |
-| `slack-payload`  | String   | no       | Posting a rich message using Block Kit.                     |
-| `mask-secrets`   | String   | no       | Masking secrets in the logs. Default: 'true'                |
-| `url-encoded`    | String   | no       | URL-encoded message. Default: 'true'                        |
+| Name             | Type     | Required | Description                                                       |
+|------------------|----------|----------|-------------------------------------------------------------------|
+| `vault-role-id`  | String   | yes      | The Vault role id.                                                |
+| `vault-secret-id`| String   | yes      | The Vault secret id.                                              |
+| `vault-url`      | String   | yes      | The Vault URL to connect to.                                      |
+| `slack-channel`  | String   | no       | Slack channel id or channel name. Default: #cloud-sec-qa-alerts   |
+| `slack-message`  | String   | no       | Posting a simple plain text message.                              |
+| `slack-payload`  | String   | no       | Posting a rich message using Block Kit.                           |
+| `mask-secrets`   | String   | no       | Masking secrets in the logs. Default: 'true'                      |
+| `url-encoded`    | String   | no       | URL-encoded message. Default: 'true'                              |

.github/actions/slack-notification/action.yml

@@ -13,7 +13,7 @@ inputs:
   slack-channel:
     description: 'Slack channel'
     required: false
-    default: '#csp-qa-alerts'
+    default: '#cloud-sec-qa-alerts'
   slack-message:
     description: 'Slack message: For multiple lines, provide a URL-encoded message and set url-encoded to true'
     required: false

.github/workflows/ci.yml

@@ -30,7 +30,6 @@ jobs:
           init-tools: 'true'
 
   lint:
-    needs: [ init-hermit ]
     name: Lint
     runs-on: ubuntu-22.04
     timeout-minutes: 60
@@ -42,8 +41,16 @@ jobs:
           # If the event is push to branch use the default ref.
           # If the event is pull request (`pull_request_target` in our case) use merge commit as ref to run lint over the PR's code.
 
-      - name: Hermit Environment
-        uses: ./.github/actions/hermit
+      - name: Initialize hermit
+        shell: bash
+        run: |
+          ./bin/hermit env --raw >> "$GITHUB_ENV"
+
+      - name: Initialize poetry
+        shell: bash
+        run: |
+          pip3 install poetry
+          (cd security-policies && poetry install --no-root)
 
       - name: Pre-commit Hooks
         env:
@@ -74,7 +81,6 @@ jobs:
         run: terraform fmt -check -recursive
 
   unit-test:
-    needs: [ init-hermit ]
     name: Unit Test
     runs-on: ubuntu-22.04
     timeout-minutes: 60
@@ -86,8 +92,10 @@ jobs:
           # If the event is push to branch use the default ref.
           # If the event is pull request (`pull_request_target` in our case) use merge commit as ref to run unit tests over the PR's code.
 
-      - name: Hermit Environment
-        uses: ./.github/actions/hermit
+      - name: Initialize hermit
+        shell: bash
+        run: |
+          ./bin/hermit env --raw >> "$GITHUB_ENV"
 
       - name: Build opa bundle
         shell: bash

.pre-commit-config.yaml

@@ -26,7 +26,7 @@ repos:
 
   ## Golang hooks
   - repo: https://github.com/golangci/golangci-lint
-    rev: v1.56.1
+    rev: v1.57.2
     hooks:
       - id: golangci-lint
 
@@ -39,7 +39,7 @@ repos:
         files: ^(.ci/scripts|.github/actions|tests)/
 
   - repo: https://github.com/pycqa/pylint
-    rev: v3.0.3
+    rev: v3.1.0
     hooks:
       - id: pylint
         args: [
@@ -50,7 +50,7 @@ repos:
         exclude: security-policies.*
 
   - repo: https://github.com/psf/black
-    rev: 24.1.1
+    rev: 24.3.0
     hooks:
       - id: black
 
@@ -67,7 +67,7 @@ repos:
         files: deploy/cloudformation/.*yml
 
   - repo: https://github.com/awslabs/cfn-python-lint
-    rev: v0.85.0
+    rev: v0.86.2
     hooks:
       - id: cfn-python-lint
         files: deploy/cloudformation/.*.yml

bin/bq

@@ -1 +1 @@
-.gcloud-462.0.1.pkg
+.gcloud-471.0.0.pkg

bin/docker-credential-gcloud

@@ -1 +1 @@
-.gcloud-462.0.1.pkg
+.gcloud-471.0.0.pkg

bin/elastic-package

@@ -1 +1 @@
-.elastic-package-0.96.1.pkg
+.elastic-package-0.99.0.pkg

bin/gcloud

@@ -1 +1 @@
-.gcloud-462.0.1.pkg
+.gcloud-471.0.0.pkg

bin/gh

@@ -1 +1 @@
-.gh-2.43.1.pkg
+.gh-2.47.0.pkg

bin/git-credential-gcloud.sh

@@ -1 +1 @@
-.gcloud-462.0.1.pkg
+.gcloud-471.0.0.pkg

bin/golangci-lint

@@ -1 +1 @@
-.golangci-lint-1.56.1.pkg
+.golangci-lint-1.57.2.pkg

bin/gsutil

@@ -1 +1 @@
-.gcloud-462.0.1.pkg
+.gcloud-471.0.0.pkg

bin/just

@@ -1 +1 @@
-.just-1.23.0.pkg
+.just-1.25.2.pkg

bin/kind

@@ -1 +1 @@
-.kind-0.21.0.pkg
+.kind-0.22.0.pkg

bin/opa

@@ -1 +1 @@
-.opa-0.61.0.pkg
+.opa-0.63.0.pkg

bin/pre-commit

@@ -1 +1 @@
-.pre-commit-3.6.0.pkg
+.pre-commit-3.7.0.pkg

bin/shellcheck

@@ -1 +1 @@
-.shellcheck-0.9.0.pkg
+.shellcheck-0.10.0.pkg

bin/shfmt

@@ -1 +1 @@
-.shfmt-3.7.0.pkg
+.shfmt-3.8.0.pkg

bin/yq

@@ -1 +1 @@
-.yq-4.40.5.pkg
+.yq-4.43.1.pkg