Merge branch 'main' into new-website

.commitlintrc.yaml

@@ -0,0 +1 @@
+extends: ["@commitlint/config-conventional"]

.github/actions/golang/action.yaml

@@ -6,5 +6,5 @@ runs:
   steps:
     - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
-        go-version: 1.21.x
+        go-version-file: 'go.mod'
         cache: true

.github/workflows/commitlint.yml

@@ -0,0 +1,27 @@
+name: PR Title Check
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, edited, synchronize]
+
+jobs:
+  title_check:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+
+      - name: Install commitlint
+        run: npm install --save-dev @commitlint/{config-conventional,cli}
+
+      - name: Lint PR title
+        run: echo "${{ github.event.pull_request.title }}" | npx commitlint

.github/workflows/nightly-eks.yml

@@ -48,7 +48,7 @@ jobs:
 
       - name: Deploy the eks package
         run: |
-          ./build/zarf package deploy build/zarf-package-distro-eks-multi-0.0.3.tar.zst \
+          ./build/zarf package deploy build/zarf-package-distro-eks-amd64-0.0.3.tar.zst \
             --components=deploy-eks-cluster \
             --set=EKS_CLUSTER_NAME=${{ inputs.cluster_name || 'zarf-nightly-eks-e2e-test' }} \
             --set=EKS_INSTANCE_TYPE=${{ inputs.instance_type || 't3.medium' }} \
@@ -60,7 +60,7 @@ jobs:
       - name: Teardown the cluster
         if: always()
         run: |
-          ./build/zarf package deploy build/zarf-package-distro-eks-multi-0.0.3.tar.zst \
+          ./build/zarf package deploy build/zarf-package-distro-eks-amd64-0.0.3.tar.zst \
             --components=teardown-eks-cluster \
             --set=EKS_CLUSTER_NAME=${{ inputs.cluster_name || 'zarf-nightly-eks-e2e-test' }} \
             --confirm

.github/workflows/release.yml

@@ -175,11 +175,12 @@ jobs:
 
       - name: Get Brew tap repo token
         id: brew-tap-token
-        uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3.0.0
+        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
         with:
-          application_id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
-          application_private_key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
-          organization: defenseunicorns
+          app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
+          private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
+          owner: defenseunicorns
+          repositories: homebrew-tap
 
       # Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe
       - name: Run GoReleaser

.goreleaser.yaml

@@ -54,7 +54,7 @@ sboms:
 snapshot:
   name_template: "{{ incpatch .Version }}-snapshot"
 
-# Use the auto-generated changlog github provides
+# Use the auto-generated changelog github provides
 changelog:
   use: github-native
 
@@ -76,10 +76,15 @@ brews:
       owner: defenseunicorns
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
       pull_request:
         enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
 
-    commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}"
+    commit_msg_template: "build(release): upgrade {{ .ProjectName }} to {{ .Tag }}"
     homepage: "https://zarf.dev/"
     description: "DevSecOps for Air Gap"
 
@@ -90,7 +95,14 @@ brews:
       owner: defenseunicorns
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
-    commit_msg_template: "Brew formula update for {{ .ProjectName }} versioned release {{ .Tag }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+    commit_msg_template: "build(release): {{ .ProjectName }}@{{ .Tag }}"
     homepage: "https://zarf.dev/"
     description: "DevSecOps for Air Gap"
 

CONTRIBUTING.md

@@ -20,14 +20,17 @@ Specifically:
 :key: == Required by automation
 
 1. Look at the next due [release milestone](https://github.com/defenseunicorns/zarf/milestones) and pick an issue that you want to work on. If you don't see anything that interests you, create an issue and assign it to yourself.
-2. Drop a comment in the issue to let everyone know you're working on it and submit a Draft PR (step 4) as soon as you are able. If you have any questions as you work through the code, reach out in the [Zarf Dev Kubernetes Slack Channel](https://kubernetes.slack.com/archives/C03BP9Z3CMA).
-3. :key: Set up your Git config to GPG sign all commits. [Here's some documentation on how to set it up](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). You won't be able to merge your PR if you have any unverified commits.
-4. Create a Draft Pull Request as soon as you can, even if it is just 5 minutes after you started working on it. We lean towards working in the open as much as we can. If you're not sure what to put in the PR description, just put a link to the issue you're working on. If you're not sure what to put in the PR title, just put "WIP" (Work In Progress) and we'll help you out with the rest.
-5. :key: Automated tests will begin based on the paths you have edited in your Pull Request.
+1. Drop a comment in the issue to let everyone know you're working on it and submit a Draft PR (step 4) as soon as you are able. If you have any questions as you work through the code, reach out in the [Zarf Dev Kubernetes Slack Channel](https://kubernetes.slack.com/archives/C03BP9Z3CMA).
+1. :key: Set up your Git config to GPG sign all commits. [Here's some documentation on how to set it up](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). You won't be able to merge your PR if you have any unverified commits.
+1. Create a Draft Pull Request as soon as you can, even if it is just 5 minutes after you started working on it. We lean towards working in the open as much as we can. If you're not sure what to put in the PR description, just put a link to the issue you're working on.
+
+   - :key: We follow the [conventional commits spec](https://www.conventionalcommits.org/en/v1.0.0/) with the [commitlint conventional config](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional) as extended types for PR titles.
+
+1. :key: Automated tests will begin based on the paths you have edited in your Pull Request.
    > ⚠️ **NOTE:** _If you are an external third-party contributor, the pipelines won't run until a [CODEOWNER](https://github.com/defenseunicorns/zarf/blob/main/CODEOWNERS) approves the pipeline run._
-6. :key: Be sure to use the [needs-adr,needs-docs,needs-tests](https://github.com/defenseunicorns/zarf/labels?q=needs) labels as appropriate for the PR. Once you have addressed all of the needs, remove the label.
-7. Once the review is complete and approved, a core member of the zarf project will merge your PR. If you are an external third-party contributor, two core members of the zarf project will be required to approve the PR.
-8. Close the issue if it is fully resolved by your PR. _Hint: You can add "Fixes #XX" to the PR description to automatically close an issue when the PR is merged._
+1. :key: Be sure to use the [needs-adr,needs-docs,needs-tests](https://github.com/defenseunicorns/zarf/labels?q=needs) labels as appropriate for the PR. Once you have addressed all of the needs, remove the label.
+1. Once the review is complete and approved, a core member of the zarf project will merge your PR. If you are an external third-party contributor, two core members of the zarf project will be required to approve the PR.
+1. Close the issue if it is fully resolved by your PR. _Hint: You can add "Fixes #XX" to the PR description to automatically close an issue when the PR is merged._
 
 ## Testing
 

Makefile

@@ -219,10 +219,11 @@ test-docs-and-schema:
 
 # INTERNAL: used to test for new CVEs that may have been introduced
 test-cves:
-	go run main.go tools sbom packages . -o json --exclude './docs-website' --exclude './examples' | grype --fail-on low
+	go run main.go tools sbom scan . -o json --exclude './docs-website' --exclude './examples' | grype --fail-on low
 
 cve-report: ## Create a CVE report for the current project (must `brew install grype` first)
-	go run main.go tools sbom packages . -o json --exclude './docs-website' --exclude './examples' | grype -o template -t hack/.templates/grype.tmpl > build/zarf-known-cves.csv
+	@test -d ./build || mkdir ./build
+	go run main.go tools sbom scan . -o json --exclude './docs-website' --exclude './examples' | grype -o template -t hack/.templates/grype.tmpl > build/zarf-known-cves.csv
 
 lint-go: ## Run revive to lint the go code (must `brew install revive` first)
 	revive -config revive.toml -exclude src/cmd/viper.go -formatter stylish ./src/...

docs-website/static/docs/tutorials/package_deploy_wordpress_suggestions.html

@@ -50,7 +50,7 @@
 <b class="YEL">Saving log file to
 /var/folders/bk/rz1xx2sd5zn134c0_j1s2n5r0000gp/T/zarf-2023-03-23-13-18-54-4086179855.log</b>
 <b class="BOLD" style="color:#55ff55;">? </b><b class="BOLD">Choose or type the package file </b><b class="WHI">zarf-package-helm-oci-chart-arm64-0.0.1.tar.zst</b><b class=CYN>[</b><b class=CYN>tab for suggestions]</b>
-<b class=WHI>  zarf-package-distro-eks-multi.tar.zst</b>
+<b class=WHI>  zarf-package-distro-eks-amd64.tar.zst</b>
 <b class=CYN>> zarf-package-wordpress-amd64-16.0.4.tar.zst</b>
 </pre>
 </body>

docs/2-the-zarf-cli/100-cli-commands/zarf_tools.md

@@ -38,3 +38,4 @@ Collection of additional tools to make airgap easier
 * [zarf tools sbom](zarf_tools_sbom.md)	 - Generates a Software Bill of Materials (SBOM) for the given package
 * [zarf tools update-creds](zarf_tools_update-creds.md)	 - Updates the credentials for deployed Zarf services. Pass a service key to update credentials for a single service
 * [zarf tools wait-for](zarf_tools_wait-for.md)	 - Waits for a given Kubernetes resource to be ready
+* [zarf tools yq](zarf_tools_yq.md)	 - yq is a lightweight and portable command-line data file processor.

docs/2-the-zarf-cli/100-cli-commands/zarf_tools_yq.md

@@ -0,0 +1,81 @@
+# zarf tools yq
+<!-- Auto-generated by hack/gen-cli-docs.sh -->
+
+yq is a lightweight and portable command-line data file processor.
+
+## Synopsis
+
+yq is a portable command-line data file processor (https://github.com/mikefarah/yq/) 
+See https://mikefarah.gitbook.io/yq/ for detailed documentation and examples.
+
+```
+zarf tools yq [flags]
+```
+
+## Examples
+
+```
+
+# yq defaults to 'eval' command if no command is specified. See "zarf tools yq eval --help" for more examples.
+
+# read the "stuff" node from "myfile.yml"
+zarf tools yq '.stuff' < myfile.yml
+
+# update myfile.yml in place
+zarf tools yq -i '.stuff = "foo"' myfile.yml
+
+# print contents of sample.json as idiomatic YAML
+zarf tools yq -P sample.json
+
+```
+
+## Options
+
+```
+  -C, --colors                        force print with colors
+      --csv-auto-parse                parse CSV YAML/JSON values (default true)
+      --csv-separator char            CSV Separator character (default ,)
+  -e, --exit-status                   set exit status if there are no matches or null or false is returned
+      --expression string             forcibly set the expression argument. Useful when yq argument detection thinks your expression is a file.
+      --from-file string              Load expression from specified file.
+  -f, --front-matter string           (extract|process) first input as yaml front-matter. Extract will pull out the yaml content, process will run the expression against the yaml content, leaving the remaining data intact
+      --header-preprocess             Slurp any header comments and separators before processing expression. (default true)
+  -h, --help                          help for yq
+  -I, --indent int                    sets indent level for output (default 2)
+  -i, --inplace                       update the file in place of first file given.
+  -p, --input-format string           [auto|a|yaml|y|json|j|props|p|csv|c|tsv|t|xml|x|base64|uri|toml|lua|l] parse format for input. (default "auto")
+      --lua-globals                   output keys as top-level global variables
+      --lua-prefix string             prefix (default "return ")
+      --lua-suffix string             suffix (default ";\n")
+      --lua-unquoted                  output unquoted string keys (e.g. {foo="bar"})
+  -M, --no-colors                     force print with no colors
+  -N, --no-doc                        Don't print document separators (---)
+  -0, --nul-output                    Use NUL char to separate values. If unwrap scalar is also set, fail if unwrapped scalar contains NUL char.
+  -n, --null-input                    Don't read input, simply evaluate the expression given. Useful for creating docs from scratch.
+  -o, --output-format string          [auto|a|yaml|y|json|j|props|p|csv|c|tsv|t|xml|x|base64|uri|toml|shell|s|lua|l] output format type. (default "auto")
+  -P, --prettyPrint                   pretty print, shorthand for '... style = ""'
+      --properties-array-brackets     use [x] in array paths (e.g. for SpringBoot)
+      --properties-separator string   separator to use between keys and values (default " = ")
+  -s, --split-exp string              print each result (or doc) into a file named (exp). [exp] argument must return a string. You can use $index in the expression as the result counter.
+      --split-exp-file string         Use a file to specify the split-exp expression.
+      --string-interpolation          Toggles strings interpolation of \(exp) (default true)
+      --tsv-auto-parse                parse TSV YAML/JSON values (default true)
+  -r, --unwrapScalar                  unwrap scalar, print the value with no quotes, colors or comments. Defaults to true for yaml (default true)
+  -v, --verbose                       verbose mode
+  -V, --version                       Print version information and quit
+      --xml-attribute-prefix string   prefix for xml attributes (default "+@")
+      --xml-content-name string       name for xml content (if no attribute name is present). (default "+content")
+      --xml-directive-name string     name for xml directives (e.g. <!DOCTYPE thing cat>) (default "+directive")
+      --xml-keep-namespace            enables keeping namespace after parsing attributes (default true)
+      --xml-proc-inst-prefix string   prefix for xml processing instructions (e.g. <?xml version="1"?>) (default "+p_")
+      --xml-raw-token                 enables using RawToken method instead Token. Commonly disables namespace translations. See https://pkg.go.dev/encoding/xml#Decoder.RawToken for details. (default true)
+      --xml-skip-directives           skip over directives (e.g. <!DOCTYPE thing cat>)
+      --xml-skip-proc-inst            skip over process instructions (e.g. <?xml version="1"?>)
+      --xml-strict-mode               enables strict parsing of XML. See https://pkg.go.dev/encoding/xml for more details.
+```
+
+## SEE ALSO
+
+* [zarf tools](zarf_tools.md)	 - Collection of additional tools to make airgap easier
+* [zarf tools yq eval](zarf_tools_yq_eval.md)	 - (default) Apply the expression to each document in each yaml file in sequence
+* [zarf tools yq eval-all](zarf_tools_yq_eval-all.md)	 - Loads _all_ yaml documents of _all_ yaml files and runs expression once