[bot] Update main from openshift-pipelines/manual-approval-gate to 52a6c5e8e3142f1d2c4d985a63bfc31e8da30cf4

head

@@ -0,0 +1 @@
+52a6c5e8e3142f1d2c4d985a63bfc31e8da30cf4

upstream/.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

upstream/.github/renovate.json

@@ -0,0 +1,27 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "github>konflux-ci/mintmaker//config/renovate/renovate.json"
+  ],
+  "enabledManagers": [
+    "tekton",
+    "dockerfile",
+    "rpm-lockfile"
+  ],
+  "addLabels": [
+    "approved",
+    "lgtm",
+    "konflux",
+    "mintmaker"
+  ],
+  "ignorePaths": ["upstream/**"],
+
+  "autoApprove": true,
+  "packageRules": [
+    {
+      "matchPackageNames": ["*"],
+      "automerge": true,
+      "ignorePaths": ["upstream/**"]
+    }
+  ]
+}

upstream/.github/workflows/auto-merge-upstream-manual-approval-gate.yaml

@@ -0,0 +1,28 @@
+# Generated for Konflux Application openshift-pipelines-core by openshift-pipelines/hack. DO NOT EDIT
+name: auto-merge-upstream-manual-approval-gate
+
+on:
+  workflow_dispatch: {}
+  schedule:
+  - cron: "*/30 * * * *" # At every 30 minutes
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+    - name: Checkout the current repo
+      uses: actions/checkout@v6
+    - name: auto-merge-upstream-manual-approval-gate
+      run: |
+        gh auth status
+        git config user.name openshift-pipelines-bot
+        git config user.email pipelines-extcomm@redhat.com
+        # Approve and merge pull-request with no reviews
+        for p in $(gh pr list --search "head:actions/update/sources-manual-approval-gate" --json "number" | jq ".[].number"); do
+          gh pr merge --rebase --delete-branch --auto $p
+        done
+      env:
+        GH_TOKEN: ${{ secrets.OPENSHIFT_PIPELINES_ROBOT }}
+

upstream/.github/workflows/latest.yml

@@ -0,0 +1,91 @@
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * *'
+
+name: build-test-publish
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.21
+    - uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
+    - run: go env
+    - name: go build
+      run: go build -v ./...
+    - name: go test
+      run: go test -v ./...
+
+  e2e:
+    name: e2e tests
+    runs-on: ubuntu-latest
+    needs: [ build ]
+    env:
+      KO_DOCKER_REPO: registry.local:5000/knative
+
+    steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: 1.21
+    - uses: imjasonh/setup-ko@v0.9
+    - uses: actions/checkout@v6
+    - uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
+    - name: install manual-approval-gate custom task
+      run: |
+        chmod +x test/e2e-test.sh
+        ./test/e2e-test.sh
+
+  publish:
+    name: publish latest
+    runs-on: ubuntu-latest
+    needs: [ build ]
+
+    # https://docs.github.com/en/actions/reference/authentication-in-a-workflow
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+
+    steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: 1.21
+    - uses: actions/checkout@v6
+    - uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
+    - uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - uses: imjasonh/setup-ko@v0.9
+    - run: |
+        ko publish --platform=linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 --push=${{ github.event_name != 'pull_request' }} --base-import-paths ./cmd/controller

upstream/.github/workflows/release.yml

@@ -0,0 +1,40 @@
+on:
+  push:
+    tags:
+      - '**'
+env:
+  GH_TOKEN: ${{ github.token }}
+
+jobs:
+  release:
+    name: manual approval gate release
+    runs-on: ubuntu-latest
+
+    # https://docs.github.com/en/actions/reference/authentication-in-a-workflow
+    permissions:
+      id-token: write
+      packages: write
+      contents: write
+      repository-projects: write
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup KO
+        uses: imjasonh/setup-ko@v0.9
+
+      - name: Manual Approval Gate Release Started...
+        run: |
+          git fetch --tags
+          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          echo "***********************************"
+          echo "Latest tag is: ${latest_tag}"
+          echo "***********************************"
+
+          chmod +x ./release.sh
+          ./release.sh "${latest_tag}"

upstream/.github/workflows/update-sources-manual-approval-gate.yaml

@@ -0,0 +1,75 @@
+# Generated for Konflux Application openshift-pipelines-core by openshift-pipelines/hack. DO NOT EDIT
+name: update-sources-manual-approval-gate
+
+on:
+  workflow_dispatch: {}
+  schedule:
+  - cron: "0 1 * * *" # At 1AM everyday
+
+jobs:
+
+  update-sources:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+    - name: Checkout the current repo
+      uses: actions/checkout@v6
+      with:
+        ref: main
+
+    - name: Clone openshift-pipelines/manual-approval-gate
+      run: |
+        rm -fR upstream
+        git clone https://github.com/openshift-pipelines/manual-approval-gate upstream
+        pushd upstream
+        git checkout -B main origin/main
+        popd
+    - name: Commit new changes
+      run: |
+
+        set -x
+
+        git config user.name openshift-pipelines-bot
+        git config user.email pipelines-extcomm@redhat.com
+        git checkout -b actions/update/sources-main
+        touch head
+        pushd upstream
+        OLD_COMMIT=$(cat ../head)
+        NEW_COMMIT=$(git rev-parse HEAD)
+        echo Previous commit: ${OLD_COMMIT}
+        git show --stat ${OLD_COMMIT}
+        echo New commit: ${NEW_COMMIT}
+        git show --stat ${NEW_COMMIT}
+        git diff --stat ${NEW_COMMIT}..${OLD_COMMIT} > /tmp/diff.txt
+        git rev-parse HEAD > ../head
+        popd
+        rm -rf upstream/.git
+        git add -f upstream head .konflux
+
+        if [[ -z $(git status --porcelain --untracked-files=no) ]]; then
+          echo "No change, exiting"
+          exit 0
+        fi
+
+        git commit -F- <<EOF
+        [bot] Update main from openshift-pipelines/manual-approval-gate to ${NEW_COMMIT}
+
+            $ git diff --stat ${NEW_COMMIT}..${OLD_COMMIT}
+        $(cat /tmp/diff.txt | sed 's/^/    /' | head -c 55555)
+
+        https://github.com/openshift-pipelines/manual-approval-gate/compare/${NEW_COMMIT}..${OLD_COMMIT}
+        EOF
+
+        git push -f origin actions/update/sources-main
+
+        if [ "$(gh pr list --base main --head actions/update/sources-main --json url --jq 'length')" = "0" ]; then
+          echo "creating PR..."
+          gh pr create -B main -H actions/update/sources-main --label=automated --label=upstream --fill
+        else
+          echo "a PR already exists, editing..."
+          gh pr edit --title "[bot] Update main from openshift-pipelines/manual-approval-gate to ${NEW_COMMIT}" --body "$(cat /tmp/diff.txt | sed 's/^/    /' | head -c 55555)"
+        fi
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

upstream/.ko.yaml

@@ -0,0 +1,4 @@
+defaultBaseImage: gcr.io/distroless/static:nonroot
+baseImageOverrides:
+  github.com/openshift-pipelines/manual-approval-gate/cmd/approver: registry.access.redhat.com/ubi8/ubi-minimal
+  github.com/openshift-pipelines/manual-approval-gate/cmd/controller: registry.access.redhat.com/ubi8/ubi-minimal

upstream/.konflux/README.md

@@ -0,0 +1,3 @@
+  # `konflux-ci` manifests  This folder contains [`konflux-ci`](konfluxci) configuration that is synced with the konflux-ci cluster.
+
+  [konfluxci]: https://konflux-ci.dev/

upstream/.konflux/dockerfiles/controller.Dockerfile

@@ -0,0 +1,41 @@
+ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:6d5a6576c83816edcc0da7ed62ba69df8f6ad3cbe659adde2891bfbec4dbf187
+
+FROM $GO_BUILDER AS builder
+
+WORKDIR /go/src/github.com/openshift-pipelines/manual-approval-gate
+COPY . .
+RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
+ENV GODEBUG="http2server=0"
+ENV GOEXPERIMENT=strictfipsruntime
+RUN git rev-parse HEAD > /tmp/HEAD
+RUN CGO_ENABLED=0 \
+    go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat /tmp/HEAD)'" -mod=vendor -tags disable_gcp,strictfipsruntime  -v -o /tmp/manual-approval-gate-controller \
+    ./cmd/controller
+
+FROM $RUNTIME
+ARG VERSION=manual-approval-gate-controller-main
+
+ENV KO_APP=/ko-app \
+    KO_DATA_PATH=/kodata
+
+COPY --from=builder /tmp/manual-approval-gate-controller ${KO_APP}/manual-approval-gate-controller
+COPY --from=builder /tmp/HEAD ${KO_DATA_PATH}/HEAD
+
+LABEL \
+    com.redhat.component="openshift-pipelines-manual-approval-gate-rhel8-container" \
+    name="openshift-pipelines/pipelines-manual-approval-gate-rhel8" \
+    version=$VERSION \
+    summary="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    maintainer="pipelines-extcomm@redhat.com" \
+    description="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    io.k8s.display-name="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    io.k8s.description="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    io.openshift.tags="pipelines,tekton,openshift"
+
+
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 65532 nonroot && useradd --no-log-init -r -u 65532 -g nonroot nonroot
+USER 65532
+
+ENTRYPOINT ["/ko-app/manual-approval-gate-controller"]

upstream/.konflux/dockerfiles/webhook.Dockerfile

@@ -0,0 +1,39 @@
+ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:6d5a6576c83816edcc0da7ed62ba69df8f6ad3cbe659adde2891bfbec4dbf187
+
+FROM $GO_BUILDER AS builder
+
+WORKDIR /go/src/github.com/openshift-pipelines/manual-approval-gate
+COPY . .
+RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
+ENV GODEBUG="http2server=0"
+ENV GOEXPERIMENT=strictfipsruntime
+RUN git rev-parse HEAD > /tmp/HEAD
+RUN CGO_ENABLED=0 \
+    go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat /tmp/HEAD)'" -mod=vendor -tags disable_gcp,strictfipsruntime  -v -o /tmp/manual-approval-gate-webhook \
+    ./cmd/webhook
+
+FROM $RUNTIME
+ARG VERSION=manual-approval-gate-webhook-main
+
+ENV KO_APP=/ko-app
+
+COPY --from=builder /tmp/manual-approval-gate-webhook ${KO_APP}/manual-approval-gate-webhook
+
+LABEL \
+    com.redhat.component="openshift-pipelines-manual-approval-gate-rhel8-container" \
+    name="openshift-pipelines/pipelines-manual-approval-gate-rhel8" \
+    version=$VERSION \
+    summary="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    maintainer="pipelines-extcomm@redhat.com" \
+    description="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    io.k8s.display-name="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    io.k8s.description="Red Hat OpenShift Pipelines Manual Approval Gate" \
+    io.openshift.tags="pipelines,tekton,openshift"
+
+
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 65532 nonroot && useradd --no-log-init -r -u 65532 -g nonroot nonroot
+USER 65532
+
+ENTRYPOINT ["/ko-app/manual-approval-gate-webhook"]

upstream/.konflux/rpms/rpms.in.yaml

@@ -0,0 +1,10 @@
+contentOrigin:
+  repofiles:
+    - ./ubi.repo
+packages: [openssl-libs-3.2.2-6.el9_5.1]
+arches:
+  # The list of architectures
+  - aarch64
+  - x86_64
+  - ppc64le
+  - s390x