#1665. Improve Package Selection

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,7 +4,6 @@ about: Create a report to help us improve
 title: ''
 labels: possible-bug
 assignees: ''
-
 ---
 
 ### Environment
@@ -25,3 +24,4 @@ Other:
 ### Severity/Priority
 
 ### Additional Context
+Add any other context or screenshots about the technical debt here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -2,19 +2,21 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: ''
+labels: 'enhancement'
 assignees: ''
-
 ---
 
 ### Is your feature request related to a problem? Please describe.
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 
 ### Describe the solution you'd like
-A clear and concise description of what you want to happen.
+
+- **Given** a state
+- **When** an action is taken
+- **Then** something happens
 
 ### Describe alternatives you've considered
-A clear and concise description of any alternative solutions or features you've considered.
+(optional) A clear and concise description of any alternative solutions or features you've considered.
 
 ### Additional context
 Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/tech_debt.md

@@ -4,14 +4,13 @@ about: Record something that should be investigated or refactored in the future.
 title: ''
 labels: 'tech-debt'
 assignees: ''
-
 ---
 
 ### Describe what should be investigated or refactored
 A clear and concise description of what should be changed/researched. Ex. This piece of the code is not DRY enough [...]
 
 ### Links to any relevant code
-https://github.com/defenseunicorns/zarf/blob/main/README.md?plain=1#L1
+(optional) i.e. - https://github.com/defenseunicorns/zarf/blob/main/README.md?plain=1#L1
 
 ### Additional context
 Add any other context or screenshots about the technical debt here.

.github/ISSUE_TEMPLATE/ux_test.md

@@ -1,16 +1,23 @@
-## Driving Questions ##
-*What are we hoping to validate?*
+---
+name: UX Test
+about: Record something that should be investigated to test User Experience
+title: ''
+labels: 'ux'
+assignees: ''
+---
 
+## Driving Questions
+What are we hoping to validate?
 
-## Testing Plan ##
-User persona:
+## Testing Plan
+User Persona:
 Sample Group:
 
 - [ ] Use Checklist for Tasks
 
-## Additional context ##
-*Screenshot or link to what needs to be tested*
+## Additional context
+Add any other context or screenshots about the UX test here.
 
-Related to issue
+Related to issue: #
 
-## Link to Test & Results ##
+## Link to Test & Results

.github/actions/golang/action.yaml

@@ -4,7 +4,7 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version: 1.19.x
         cache: true

.github/actions/install-tools/action.yaml

@@ -6,7 +6,7 @@ runs:
   steps:
     - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
 
-    - uses: anchore/sbom-action/download-syft@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1
+    - uses: anchore/sbom-action/download-syft@4d571ad1038a9cc29d676154ef265ab8f9027042 # v0.14.2
 
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
       shell: bash

.github/workflows/nightly-ecr.yml

@@ -32,7 +32,10 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Configure AWS Credentials
-        uses: ./.github/actions/aws-nightly-creds
+        uses: aws-actions/configure-aws-credentials@5727f247b64f324ec403ac56ae05e220fd02b65f # v2.1.0
+        with:
+          role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
+          aws-region: us-east-1
 
       # NOTE: The aws cli will need to be explicitly installed on self-hosted runners
       - name: Login to the ECR Registry

.github/workflows/nightly-eks.yml

@@ -40,7 +40,11 @@ jobs:
         uses: ./.github/actions/packages
 
       - name: Configure AWS Credentials
-        uses: ./.github/actions/aws-nightly-creds
+        uses: aws-actions/configure-aws-credentials@5727f247b64f324ec403ac56ae05e220fd02b65f # v2.1.0
+        with:
+          role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
+          aws-region: us-east-1
+          role-duration-seconds: 14400
 
       - name: Build the eks package
         run: ./build/zarf package create packages/distros/eks -o build --confirm

.github/workflows/release.yml

@@ -64,21 +64,28 @@ jobs:
       - name: Run Tests
         run: |
           sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64
-          sudo rm -rf zarf-sbom
-          sudo rm -rf build/zarf-package-*
           sudo chown $USER /tmp/zarf-*.log
 
       - name: Save logs
         if: always()
         uses: ./.github/actions/save-logs
 
+      - name: Cleanup files
+        run: |
+          sudo rm -rf zarf-sbom /tmp/zarf-*
+          sudo env "PATH=$PATH" CI=true make delete-packages
+          sudo build/zarf tools clear-cache
+          sudo docker system prune --all
+          go clean -cache
+          lsblk -f
+
       # Builds init packages since GoReleaser won't handle this for us
       - name: Create release time CVE report
         run: "make cve-report"
 
       # Set up AWS credentials for GoReleaser to upload backups of artifacts to S3
       - name: Set AWS Credentials
-        uses: aws-actions/configure-aws-credentials@023daa7fe5f7f817faa31fc0fc4a8d0fb6224ed0 # v1-node16
+        uses: aws-actions/configure-aws-credentials@5727f247b64f324ec403ac56ae05e220fd02b65f # v2-node16
         with:
           aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }}

.github/workflows/scan-codeql.yml

@@ -48,7 +48,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2
+        uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -59,6 +59,6 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2
+        uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/scorecard.yaml

@@ -45,6 +45,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0
+        uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
         with:
           sarif_file: results.sarif

.github/workflows/test-upgrade.yml

@@ -52,8 +52,8 @@ jobs:
         #       in a previous step. This test run will the current release to create a K3s cluster.
         # chown the logs since they were originally created as root
         run: |
-          zarf package create src/test/upgrade-test --set PODINFO_VERSION=6.3.3 --confirm
-          zarf package create src/test/upgrade-test --set PODINFO_VERSION=6.3.4 --confirm
+          zarf package create src/test/upgrade --set PODINFO_VERSION=6.3.3 --confirm
+          zarf package create src/test/upgrade --set PODINFO_VERSION=6.3.4 --confirm
           sudo env "PATH=$PATH" CI=true zarf package deploy zarf-package-test-upgrade-package-amd64-6.3.3.tar.zst --confirm
           sudo chown $USER /tmp/zarf-*.log
 
@@ -68,7 +68,6 @@ jobs:
           sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64
           sudo chown $USER /tmp/zarf-*.log
 
-
       - name: Run the upgrade tests
         # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of zarf installed
         #       in a previous step. This test run will the current release to create a K3s cluster.

.gitignore

@@ -36,3 +36,4 @@ zarf-sbom/
 *.part*
 test-*.txt
 __debug_bin
+docs-website/static/zarf.schema.json

.grype.yaml

@@ -1,11 +1,11 @@
 # Ignore file for false positives from protobuf, see the following for more information:
 #   https://github.com/anchore/grype/issues/558
 ignore:
-  # False positive from CPE confusion of svelte and svelte's extension
-  - vulnerability: CVE-2021-29261
+  # This vulnerability does not affect Zarf as we do not instantiate a rekor client
+  - vulnerability: GHSA-2h5h-59f5-c5x9
+
+  # This vulnerability does not affect Zarf as we do not instantiate a rekor client
+  - vulnerability: GHSA-frqx-jfcm-6jjr
 
   # From rouille - The Zarf injector does not expose endpoints that use multipart form data
   - vulnerability: GHSA-mc8h-8q98-g5hr
-
-  # From sigs.k8s.io/kustomize/api/krusty - This is a low vulnerability that does not impact Zarf as we do not marshall/unmarshall from protocol buffers
-  - vulnerability: GHSA-hw7c-3rfg-p46j

CONTRIBUTING.md

@@ -48,7 +48,7 @@ You can learn more about the testing of Zarf [here](docs/12-contribute-to-zarf/2
 
 ### Updating Our Documentation
 
-Our documentation is auto-generated from the `src/types` and `src/cmd` go packages.  This includes the [Zarf package jsonschema](https://github.com/defenseunicorns/zarf/blob/main/zarf.schema.json), the [Zarf schema docs](https://docs.zarf.dev/docs/user-guide/zarf-schema), the [Zarf CLI docs](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/), and our [front-end API types](https://github.com/defenseunicorns/zarf/blob/main/src/ui/lib/api-types.ts).   When an update to types or the CLI commands is made you will need to run `make docs-and-schema` locally to regenerate the schema and documentation. CI checks if this was ran, and will fail if it wasn't.
+Our documentation is auto-generated from the `src/types` and `src/cmd` go packages.  This includes the [Zarf package jsonschema](https://github.com/defenseunicorns/zarf/blob/main/zarf.schema.json), the [Zarf schema docs](https://docs.zarf.dev/docs/create-a-zarf-package/zarf-schema), the [Zarf CLI docs](https://docs.zarf.dev/docs/the-zarf-cli/), and our [front-end API types](https://github.com/defenseunicorns/zarf/blob/main/src/ui/lib/api-types.ts).   When an update to types or the CLI commands is made you will need to run `make docs-and-schema` locally to regenerate the schema and documentation. CI checks if this was ran, and will fail if it wasn't.
 
 We do this so that there is a git commit signature from a person on the commit for better traceability, rather than a non-person entity (e.g. GitHub CI token).
 

Makefile

@@ -25,7 +25,7 @@ else
 	endif
 endif
 
-CLI_VERSION := $(if $(shell git describe --tags),$(shell git describe --tags),"UnknownVersion")
+CLI_VERSION ?= $(if $(shell git describe --tags),$(shell git describe --tags),"UnknownVersion")
 GIT_SHA := $(if $(shell git rev-parse HEAD),$(shell git rev-parse HEAD),"")
 BUILD_DATE := $(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
 BUILD_ARGS := -s -w -X 'github.com/defenseunicorns/zarf/src/config.CLIVersion=$(CLI_VERSION)' -X 'k8s.io/component-base/version.gitVersion=v0.0.0+zarf$(CLI_VERSION)' -X 'k8s.io/component-base/version.gitCommit=$(GIT_SHA)' -X 'k8s.io/component-base/version.buildDate=$(BUILD_DATE)'
@@ -130,21 +130,13 @@ build-examples: ## Build all of the example packages
 
 	@test -s ./build/zarf-package-variables-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/variables --set NGINX_VERSION=1.23.3 -o build -a $(ARCH) --confirm
 
-	@test -s ./build/zarf-package-data-injection-demo-$(ARCH).tar || $(ZARF_BIN) package create examples/data-injection -o build -a $(ARCH) --confirm
+	@test -s ./build/zarf-package-data-injection-$(ARCH).tar || $(ZARF_BIN) package create examples/data-injection -o build -a $(ARCH) --confirm
 
-	@test -s ./build/zarf-package-git-data-$(ARCH)-v1.0.0.tar.zst || $(ZARF_BIN) package create examples/git-data -o build -a $(ARCH) --confirm
+	@test -s ./build/zarf-package-git-data-$(ARCH)-0.0.1.tar.zst || $(ZARF_BIN) package create examples/git-data -o build -a $(ARCH) --confirm
 
-	@test -s ./build/zarf-package-test-helm-releasename-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/helm-alt-release-name -o build -a $(ARCH) --confirm
+	@test -s ./build/zarf-package-helm-charts-$(ARCH)-0.0.1.tar.zst || $(ZARF_BIN) package create examples/helm-charts -o build -a $(ARCH) --confirm
 
-	@test -s ./build/zarf-package-test-helm-local-chart-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/helm-local-chart -o build -a $(ARCH) --confirm
-
-	@test -s ./build/zarf-package-compose-example-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/composable-packages -o build -a $(ARCH) --confirm
-
-	@test -s ./build/zarf-package-flux-test-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/flux-test -o build -a $(ARCH) --confirm
-
-	@test -s ./build/zarf-package-test-helm-wait-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/helm-no-wait -o build -a $(ARCH) --confirm
-
-	@test -s ./build/zarf-package-helm-oci-chart-$(ARCH)-0.0.1.tar.zst || $(ZARF_BIN) package create examples/helm-oci-chart -o build -a $(ARCH) --confirm
+	@test -s ./build/zarf-package-podinfo-flux-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/podinfo-flux -o build -a $(ARCH) --confirm
 
 	@test -s ./build/zarf-package-yolo-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/yolo -o build -a $(ARCH) --confirm
 
@@ -159,17 +151,17 @@ test-e2e: build-examples ## Run all of the core Zarf CLI E2E tests (builds any d
 test-external: ## Run the Zarf CLI E2E tests for an external registry and cluster
 	@test -s $(ZARF_BIN) || $(MAKE) build-cli
 	@test -s ./build/zarf-init-$(ARCH)-$(CLI_VERSION).tar.zst || $(MAKE) init-package
-	@test -s ./build/zarf-package-flux-test-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/flux-test -o build -a $(ARCH) --confirm
-	cd src/test/external-test && go test -failfast -v -timeout 30m
+	@test -s ./build/zarf-package-podinfo-flux-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/podinfo-flux -o build -a $(ARCH) --confirm
+	cd src/test/external && go test -failfast -v -timeout 30m
 
 ## NOTE: Requires an existing cluster and
 .PHONY: test-upgrade
 test-upgrade: ## Run the Zarf CLI E2E tests for an external registry and cluster
 	@test -s $(ZARF_BIN) || $(MAKE) build-cli
 	[ -n "$(shell zarf version)" ] || (echo "Zarf must be installed prior to the upgrade test" && exit 1)
 	[ -n "$(shell zarf package list 2>&1 | grep test-upgrade-package)" ] || (echo "Zarf must be initialized and have the 6.3.3 upgrade-test package installed prior to the upgrade test" && exit 1)
-	@test -s "zarf-package-test-upgrade-package-amd64-6.3.4.tar.zst" || zarf package create src/test/upgrade-test/ --set PODINFO_VERSION=6.3.4 --confirm
-	cd src/test/upgrade-test && go test -failfast -v -timeout 30m
+	@test -s "zarf-package-test-upgrade-package-amd64-6.3.4.tar.zst" || zarf package create src/test/upgrade/ --set PODINFO_VERSION=6.3.4 --confirm
+	cd src/test/upgrade && go test -failfast -v -timeout 30m
 
 .PHONY: test-unit
 test-unit: ensure-ui-build-dir ## Run unit tests within the src/pkg and the bigbang extension directory