Merge branch 'bitnami:main' into stabalize

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: 🐞 Bug

.github/ISSUE_TEMPLATE/config.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: "\U0001F680 Feature request"

.github/dependabot.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 version: 2

.github/workflows/assign-asset-label.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Assign asset label'

.github/workflows/cd-pipeline.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[CI/CD] CD Pipeline'
@@ -21,7 +21,7 @@ jobs:
       chart: ${{ steps.get-chart.outputs.chart }}
       result: ${{ steps.get-chart.outputs.result }}
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           path: charts
           fetch-depth: 2 # to be able to obtain files changed in the latest commit
@@ -71,7 +71,7 @@ jobs:
       CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
       VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         name: Checkout Repository
         with:
           path: charts
@@ -82,8 +82,9 @@ jobs:
           config: charts/.vib/
         env:
           VIB_ENV_S3_URL: s3://${{ secrets.AWS_S3_BUCKET }}/bitnami
-          VIB_ENV_S3_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          VIB_ENV_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          VIB_ENV_S3_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }}
+          VIB_ENV_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }}
+          VIB_ENV_S3_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }}
   update-index:
     runs-on: ubuntu-latest
     needs:
@@ -94,7 +95,7 @@ jobs:
         with:
           path: ~/artifacts
       # If we perform a checkout of the main branch, we will find conflicts with the submodules
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           ref: 'index'
           path: index
@@ -107,10 +108,13 @@ jobs:
       - id: update-index
         name: Fetch chart and update index
         env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }}
+          AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }}
           AWS_DEFAULT_REGION: us-east-1
         run: |
+          # Configure AWS account
+          export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_ASSUME_ROLE_ARN} --role-session-name GitHubCharts --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text))
           # Extract chart release metadata from the publish report file
           vib_publish_report_file=$(find ~/artifacts -name "report.json" -print -quit)
           chart_name=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.name' $vib_publish_report_file)
@@ -128,15 +132,24 @@ jobs:
           is_index_updated=0
           while [[ $attempts -lt $max_attempts && $is_index_updated -eq 0 ]]; do
             attempts=$((attempts + 1))
+
+            # Pull changes from remote
             git fetch origin index
-            git reset --hard origin/index
+            current_commit_id=$(git rev-parse origin/index)
+            git reset --hard $(git commit-tree origin/index^{tree} -m "Update index.yaml")
 
             # Rebuild index
             helm repo index --url https://charts.bitnami.com/bitnami --merge bitnami/index.yaml ../download
+            # Compare size of files
+            if [[ $(stat -c%s bitnami/index.yaml) -gt $(stat -c%s ../download/index.yaml) ]]; then
+              echo "New index.yaml file is shorter than the current one"
+              exit 1
+            fi
             cp ../download/index.yaml bitnami/index.yaml
+
             # Push changes
-            git add bitnami/index.yaml && git commit -m "${chart_name}-${chart_version}: Update index.yaml" -s
-            git push && is_index_updated=1 || echo "Failed to push during attempt $attempts"
+            git add bitnami/index.yaml && git commit --signoff --amend --no-edit
+            git push origin index --force-with-lease=index:${current_commit_id} && is_index_updated=1 || echo "Failed to push during attempt $attempts"
           done
 
           if [[ $is_index_updated -ne 1 ]]; then
@@ -154,7 +167,7 @@ jobs:
     steps:
       - name: Notify in Slack channel
         if: ${{ needs.update-index.result != 'success' }}
-        uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e
         with:
           channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }}
           payload: |

.github/workflows/ci-pipeline.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[CI/CD] CI Pipeline'
@@ -100,7 +100,7 @@ jobs:
     if: needs.get-chart.outputs.result == 'ok'
     steps:
       - name: Checkout bitnami/charts
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -145,6 +145,12 @@ jobs:
               echo "error=Please ensure all *.tag params are skipped (@skip) in the bitnami/${CHART}/values.yaml file"
               exit "$exit_code"
             fi
+            # Ensuring no unprintable characters are present in values.yaml
+            ! grep --quiet "[^[:print:]]" "bitnami/${CHART}/values.yaml" || exit_code=$?
+            if [[ $exit_code -ne 0 ]]; then
+              echo "error=Please ensure there are no unprintable characters in the bitnami/${CHART}/values.yaml file"
+              exit "$exit_code"
+            fi
             echo "Updating README.md for bitnami/${CHART}"
             readme-generator --values "bitnami/${CHART}/values.yaml" --readme "bitnami/${CHART}/README.md" --schema "/tmp/schema.json"
             # Commit all changes, if any
@@ -264,7 +270,7 @@ jobs:
       )
     name: VIB Verify
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         name: Checkout Repository
         with:
           ref: ${{ github.event.pull_request.head.ref }}

.github/workflows/clossing-issues.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Close Solved issues'

.github/workflows/comments.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Comments based card movements'

.github/workflows/license-headers.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[License] Check license headers'
@@ -19,7 +19,7 @@ jobs:
       contents: read
       pull-requests: write
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         name: Checkout Repository
         with:
           ref: ${{ github.event.pull_request.head.ref }}
@@ -58,10 +58,10 @@ jobs:
           done <<< "$(echo "$files_changed" | grep -oE "^bitnami/.*\.ya?ml$" | sort | uniq || true)"
           if [[ ${#templates[@]} -gt 0 ]] || [[ ${#regular_files[@]} -gt 0 ]]; then
             if [[ ${#templates[@]} -gt 0 ]]; then
-              # There are modifications over yaml tamplates
-              export tamplates_json=$(printf "%s\n" "${templates[@]}" | jq -R . | jq -cs .)
+              # There are modifications over yaml templates
+              export templates_json=$(printf "%s\n" "${templates[@]}" | jq -R . | jq -cs .)
               # Overwrite configuration file to analyze only changed templates
-              yq -i '. | .header[0].paths=env(tamplates_json)' .licenserc.yaml
+              yq -i '. | .header[0].paths=env(templates_json)' .licenserc.yaml
             fi
             if [[ ${#regular_files[@]} -gt 0 ]]; then
               # There are modifications over yaml files

.github/workflows/markdown-linter.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[CI/CD] Markdown linter'
@@ -19,7 +19,7 @@ jobs:
       - name: Install mardownlint
         run: npm install -g [email protected]
       - name: Checkout project
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
       - name: Execute markdownlint
         env:
           DIFF_URL: "${{github.event.pull_request.diff_url}}"

.github/workflows/move-closed-issues.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Move closed issues'

.github/workflows/pr-review-hack.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 # This is a hack to run reusable workflows in the main repo context and not from the forked repository.
@@ -20,6 +20,7 @@ jobs:
     outputs:
       author: ${{ steps.get-info.outputs.author }}
       actor: ${{ steps.get-info.outputs.actor }}
+      review_state: ${{ steps.get-info.outputs.review_state }}
       labels: ${{ steps.get-info.outputs.labels }}
       resource_url: ${{ steps.get-info.outputs.resource_url }}
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
@@ -29,10 +30,11 @@ jobs:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
         run: |
           actor="${{ github.event.workflow_run.actor.login }}"
-          download_url="$(gh api "${{ github.event.workflow_run.artifacts_url }}" | jq -cr '.artifacts[] | select(.name == "pull_request_number") | .archive_download_url')"
-          curl -sSL -o pull_request_number.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $download_url
-          unzip pull_request_number.zip
-          pull_request_number=$(cat pull_request_number)
+          download_url="$(gh api "${{ github.event.workflow_run.artifacts_url }}" | jq -cr '.artifacts[] | select(.name == "pull_request_info.json") | .archive_download_url')"
+          curl -sSL -o pull_request_info.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $download_url
+          unzip pull_request_info.zip
+          pull_request_number="$(jq -cr '.issue.number' pull_request_info.json)"
+          issue_review_state="$(jq -cr '.review.state' pull_request_info.json)"
           pull_request="$(gh api "repos/${GITHUB_REPOSITORY}/pulls/${pull_request_number}")"
           author="$(echo $pull_request | jq -cr '.user.login')"
           author_association="$(echo $pull_request | jq -cr '.author_association')"
@@ -43,6 +45,7 @@ jobs:
           echo "actor=${actor}" >> $GITHUB_OUTPUT
           echo "author=${author}" >> $GITHUB_OUTPUT
           echo "author_association=${author_association}" >> $GITHUB_OUTPUT
+          echo "review_state=${issue_review_state}" >> $GITHUB_OUTPUT
           echo "labels=${labels}" >> $GITHUB_OUTPUT
           echo "resource_url=${resource_url}" >> $GITHUB_OUTPUT
   call-pr-review-comment:
@@ -55,4 +58,5 @@ jobs:
       author: ${{ needs.pr-info.outputs.author }}
       actor: ${{ needs.pr-info.outputs.actor }}
       labels: ${{ needs.pr-info.outputs.labels }}
+      review_state: ${{ needs.pr-info.outputs.review_state }}
       resource_url: ${{ needs.pr-info.outputs.resource_url }}

.github/workflows/pr-reviews-requested.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Review based card movements'

.github/workflows/pr-reviews.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] PR review comment card movements'
@@ -21,9 +21,9 @@ jobs:
     steps:
       - run: |
           echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}"
-          echo "${{ github.event.pull_request.number }}" > pull_request_number
-      - name: Upload the PR number
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+          jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json
+      - name: Upload the PR info
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
         with:
-          name: pull_request_number
-          path: ./pull_request_number
+          name: pull_request_info.json
+          path: ./pull_request_info.json

.github/workflows/reasign.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Review based card movements'

.github/workflows/retry-failed-releases.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[CI/CD] Retry release PRs'

.github/workflows/stale.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 name: '[Support] Close stale issues and PRs'

.github/workflows/triage.yml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 # This workflow is built to manage the triage support by using GH issues.

.licenserc.yaml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 ---
@@ -7,11 +7,11 @@ header:
   - comment: on-failure
     license:
       spdx-id: Apache-2.0
-      copyright-owner: VMware, Inc.
+      copyright-owner: Copyright Broadcom, Inc. All Rights Reserved.
 
       content: |
         {{- /*
-        Copyright VMware, Inc.
+        Copyright Broadcom, Inc. All Rights Reserved.
         SPDX-License-Identifier: APACHE-2.0
         */}}
 
@@ -26,10 +26,10 @@ header:
   - comment: on-failure
     license:
       spdx-id: Apache-2.0
-      copyright-owner: VMware, Inc.
+      copyright-owner: Copyright Broadcom, Inc. All Rights Reserved.
 
       content: |
-        # Copyright VMware, Inc.
+        # Copyright Broadcom, Inc. All Rights Reserved.
         # SPDX-License-Identifier: APACHE-2.0
 
     paths:

.vib/airflow/cypress/cypress/e2e/airflow.cy.js

@@ -1,5 +1,5 @@
 /*
- * Copyright VMware, Inc.
+ * Copyright Broadcom, Inc. All Rights Reserved.
  * SPDX-License-Identifier: APACHE-2.0
  */
 

.vib/airflow/cypress/cypress/support/commands.js

@@ -1,5 +1,5 @@
 /*
- * Copyright VMware, Inc.
+ * Copyright Broadcom, Inc. All Rights Reserved.
  * SPDX-License-Identifier: APACHE-2.0
  */
 

.vib/airflow/cypress/cypress/support/e2e.js

@@ -1,5 +1,5 @@
 /*
- * Copyright VMware, Inc.
+ * Copyright Broadcom, Inc. All Rights Reserved.
  * SPDX-License-Identifier: APACHE-2.0
  */
 

.vib/airflow/cypress/cypress/support/utils.js

@@ -1,5 +1,5 @@
 /*
- * Copyright VMware, Inc.
+ * Copyright Broadcom, Inc. All Rights Reserved.
  * SPDX-License-Identifier: APACHE-2.0
  */
 

.vib/airflow/goss/goss.yaml

@@ -1,4 +1,4 @@
-# Copyright VMware, Inc.
+# Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 
 command: