v4.4.2: Merge pull request #110 from kartverket/enable_onprem

• Fixed output in PRs
• Added onprem support for run-kubectl workflow

v4.4.1

What's Changed

• Fixes: add missing output by @omaen in #107

Full Changelog: v4.4.0...v4.4.1

v4.4.0

What's Changed

• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #104
• Bump actions/upload-artifact from 3 to 4 by @dependabot in #81
• Bump actions/download-artifact from 3 to 4 by @dependabot in #80
• Bump google-github-actions/setup-gcloud from 1 to 2 by @dependabot in #76
• Simplify run-terraform workflow by @omaen in #106

Removed

• Breaking: Removed support for gathering secrets from on-prem Vault. No action needed unless you are using vault_role input to the run-terraform workflow.
• Removed terraform check (validate and format) as separate job, and moved this to the plan job.

Full Changelog: v4.3.0...v4.4.0

v4.3.0: Merge pull request #105 from kartverket/add_octsts

Changelog:

• Add use_platform_modules for authentication with octosts on internal repos

v4.2.2 - Add run-kubectl workflow

Adds the run-kubectl workflow. Lets you run kubectl from github runners!
docs: https://skip.kartverket.no/docs/github-actions/kubectl-fra-github

v4.2.1

What's Changed

Fixes

• Fixed typo in GitHub PR comment left by auto-merge-dependabot by @eliihen

Full Changelog: v4.2.0...v4.2.1

v4.2.0 - New Dependabot auto-merge workflow

What's Changed

New features

• Add dependabot auto merge workflow by @eliihen in #99

Fixes

• Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #83
• Bump github/codeql-action from 2 to 3 by @dependabot in #78
• Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #84
• [Sikkerhet] Oppdaterer beskrivelse.yaml fra versjon 1.0 til 2.0 by @sarmil in #88
• Bump aquasecurity/trivy-action from 0.17.0 to 0.19.0 by @dependabot in #89
• Bump hashicorp/setup-terraform from 3.0.0 to 3.1.1 by @dependabot in #91
• Bump aquasecurity/trivy-action from 0.19.0 to 0.22.0 by @dependabot in #95
• Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @dependabot in #96
• Bump docker/login-action from 2.2.0 to 3.2.0 by @dependabot in #94
• Run dependabot weekly by @eliihen in #79
• Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in #97

New Contributors

• @sarmil made their first contribution in #88

Full Changelog: v4.1.0...v4.2.0

Support for Azure credentials

What's Changed

• Bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #62
• Bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 by @dependabot in #61
• Bump aquasecurity/trivy-action from 0.11.0 to 0.11.2 by @dependabot in #63
• Bump actions/checkout from 3 to 4 by @dependabot in #64
• Bump hashicorp/setup-terraform from 2.0.3 to 3.0.0 by @dependabot in #70
• [Sikkerhet] Oppretter sikkerhetsmappa med beskrivelse.yaml og legger til Security Champion i CODEOWNERS by @jorn-ola-birkeland in #68
• Bump actions/github-script from 6 to 7 by @dependabot in #73
• Bump actions/setup-node from 3 to 4 by @dependabot in #67
• Bump google-github-actions/auth from 1 to 2 by @dependabot in #74
• Bump aquasecurity/trivy-action from 0.11.2 to 0.16.0 by @dependabot in #77
• Add optional secrets for Azure integration by @evenh in #82

New Contributors

• @jorn-ola-birkeland made their first contribution in #68
• @evenh made their first contribution in #82

Full Changelog: v4.0.1...v4.1.0

v4.0.1

What's Changed

• Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 by @dependabot in #59
• Explicitly set location in get-credentials by @esphen in #60

Full Changelog: v4.0.0...v4.0.1

v4.0.0

BREAKING CHANGES

• post-build-attest is no longer a supplied workflow. We simply suggest removing every instance of this workflow from your own workflows.
• image_url is no longer a valid input for the run-terraform. This can be safely removed without adding anything else.

Features to note

• Binary Authorization - Binauth has been completely removed from all workflows, which removes the need for post-build-attest. Binauth was found to not be mature enough for our needs, and we are looking into other options for image provenance and signing.
• Customize security level - When running the workflow run-security-scans you are now able to add the new input allow_severity_level. This input takes one of the following inputs critical, high, medium, which denotes the highest level of severity that can occur on a scan while still allowing the security scan to pass without errors.
• Terraform destroy plan - When running run-terraform with the destroy: true input, you now get a plan for this destruction during the terraform plan step.
• Easier branch input - Using the deploy-on flag in run-terraform now allows for using only the branch name and not the full github reference.

(The last two features are from older versions, but have not been announced)

What's Changed

• [SKIP-906] Allow customization of RSS severity by @anderssonw in #48
• [SKIP-851] Binauth attestation redux by @anderssonw in #46
• Fixed typos in run-security-scans.yml by @lislei in #51
• Bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 by @dependabot in #52
• [SKIP-667] Image digest output by @anderssonw in #53
• Updates README to better reflect new Binauth changes by @anderssonw in #50
• Bump aquasecurity/trivy-action from 0.9.0 to 0.9.1 by @dependabot in #55
• Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 by @dependabot in #56
• [SKIP-1008] Remove binauth by @anderssonw in #57

New Contributors

• @lislei made their first contribution in #51

Full Changelog: v3.1.3...v4.0.0