Merge branch 'external-secrets:main' into main

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,25 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: kind/bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. provide all relevant manifests
+2. provide the Kubernetes and ESO version
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/create_release.md

@@ -0,0 +1,30 @@
+---
+name: Create Release
+about: Release template to track the next release
+title: Release x.y
+labels: area/release
+assignees: ''
+
+---
+
+This Issue tracks the next ESO release. Please follow the guideline below. If anything is missing or unclear, please add a comment to this issue so this can be improved after the release.
+
+#### Preparation Tasks
+
+- [ ] ask in `#external-secrets-dev` if we're ready for a release cut-off or if something needs to get urgently in
+- [ ] docs: [stability & support page](https://external-secrets.io/main/introduction/stability-support/) is up to date
+  - [ ] version table
+  - [ ] Provider Stability and Support table
+  - [ ] Provider Feature Support table
+- [ ] docs: update [roadmap page](https://external-secrets.io/main/contributing/roadmap/)
+- [ ] tidy up [Project Board](https://github.com/orgs/external-secrets/projects/2)
+  - [ ] move issues to next milestone
+  - [ ] close milestone
+
+#### Release Execution
+
+- [ ] Follow the [Release Process guide](https://external-secrets.io/main/contributing/release/)
+
+#### After Release Tasks
+
+- [ ] Announce release on `#external-secrets` in Slack

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: kind/feature
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PAUL.yaml

@@ -5,6 +5,9 @@ maintainers:
 - sebagomez
 - rodrmartinez
 - IdanAdar
+- shuheiktgw
+- skarlso
+- rogertuma
 # Emeritus Approvers
 - Flydiverny
 - silasbw

.github/actions/e2e-managed/action.yml

@@ -37,23 +37,17 @@ runs:
           });
           return result;
 
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        role-to-assume: ${{ env.AWS_OIDC_ROLE_ARN }}
-        aws-region: ${{ env.AWS_REGION }}
-
     - name: Setup Go
       uses: actions/setup-go@v3
       with:
-        go-version: "1.19"
+        go-version: "1.21"
 
     - name: Find the Go Cache
       id: go
       shell: bash
       run: |
-        echo "::set-output name=build-cache::$(go env GOCACHE)"
-        echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
+        echo "build-cache=$(go env GOCACHE)" >> $GITHUB_OUTPUT
+        echo "mod-cache=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT
 
     - name: Cache the Go Build Cache
       uses: actions/cache@v3
@@ -78,6 +72,13 @@ runs:
       shell: bash
       run: find ${{ github.workspace }} | grep tf$ | xargs -n1 dirname | xargs -IXXX -n1 /bin/sh -c 'set -o errexit; cd XXX; pwd; tflint --loglevel=info .; cd - >/dev/null'
 
+    - name: Configure AWS Credentials
+      if: env.CLOUD_PROVIDER == 'aws'
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ env.AWS_OIDC_ROLE_ARN }}
+        aws-region: ${{ env.AWS_REGION }}
+
     - name: Setup TF Gcloud Provider
       shell: bash
       if: env.CLOUD_PROVIDER == 'gcp'
@@ -87,16 +88,30 @@ runs:
         mkdir -p terraform/gcp/secrets
         echo ${GCP_SM_SA_GKE_JSON} > terraform/gcp/secrets/gcloud-service-account-key.json
 
+    - name: 'Az CLI login'
+      uses: azure/login@v1
+      if: env.CLOUD_PROVIDER == 'azure'
+      with:
+        client-id: ${{ env.TFC_AZURE_CLIENT_ID }}
+        tenant-id: ${{ env.TFC_AZURE_TENANT_ID }}
+        subscription-id: ${{ env.TFC_AZURE_SUBSCRIPTION_ID }}
+
     - name: Show TF
       shell: bash
+      env:
+        ARM_CLIENT_ID: "${{ env.TFC_AZURE_CLIENT_ID }}"
+        ARM_SUBSCRIPTION_ID: "${{ env.TFC_AZURE_SUBSCRIPTION_ID }}"
+        ARM_TENANT_ID: "${{ env.TFC_AZURE_TENANT_ID }}"
       run: |-
         PROVIDER=${{env.CLOUD_PROVIDER}}
         make tf.show.${PROVIDER}
 
     - name: Apply TF
       shell: bash
       env:
-        TF_VAR_OIDC_TOKEN: "${{steps.fetch-token.outputs.result}}"
+        ARM_CLIENT_ID: "${{ env.TFC_AZURE_CLIENT_ID }}"
+        ARM_SUBSCRIPTION_ID: "${{ env.TFC_AZURE_SUBSCRIPTION_ID }}"
+        ARM_TENANT_ID: "${{ env.TFC_AZURE_TENANT_ID }}"
       run: |-
         PROVIDER=${{env.CLOUD_PROVIDER}}
         make tf.apply.${PROVIDER}
@@ -121,6 +136,12 @@ runs:
       run: |-
         aws --region $AWS_REGION eks update-kubeconfig --name $AWS_CLUSTER_NAME
 
+    - name: Get AKS credentials
+      if: env.CLOUD_PROVIDER == 'azure'
+      shell: bash
+      run: |-
+        az aks get-credentials --admin --name eso-cluster --resource-group external-secrets-operator
+
     - name: Login to Docker
       uses: docker/login-action@v2
       if: env.GHCR_USERNAME != ''
@@ -137,11 +158,15 @@ runs:
         export PATH=$PATH:$(go env GOPATH)/bin
         PROVIDER=${{env.CLOUD_PROVIDER}}
         go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.6
-        make test.e2e.managed GINKGO_LABELS="${PROVIDER}" TEST_SUITES="provider"
+        make test.e2e.managed GINKGO_LABELS="${PROVIDER} && managed" TEST_SUITES="provider"
 
     - name: Destroy TF
       shell: bash
       if: always()
+      env:
+        ARM_CLIENT_ID: "${{ env.TFC_AZURE_CLIENT_ID }}"
+        ARM_SUBSCRIPTION_ID: "${{ env.TFC_AZURE_SUBSCRIPTION_ID }}"
+        ARM_TENANT_ID: "${{ env.TFC_AZURE_TENANT_ID }}"
       run: |-
         PROVIDER=${{env.CLOUD_PROVIDER}}
         make tf.destroy.${PROVIDER}

.github/actions/e2e/action.yml

@@ -20,8 +20,8 @@ runs:
       id: go
       shell: bash
       run: |
-        echo "::set-output name=build-cache::$(go env GOCACHE)"
-        echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
+        echo "build-cache=$(go env GOCACHE)" >> $GITHUB_OUTPUT
+        echo "mod-cache=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT
 
     - name: Cache the Go Build Cache
       uses: actions/cache@v3

.github/actions/sign/action.yml

@@ -57,7 +57,7 @@ runs:
     - name: Get docker image tag
       id: container_info
       shell: bash
-      run: echo "::set-output name=digest::$(crane digest ${{ inputs.image-name }}:${{ inputs.image-tag }})"
+      run: echo "digest=$(crane digest ${{ inputs.image-name }}:${{ inputs.image-tag }})" >> $GITHUB_OUTPUT
 
     - name: Sign image
       shell: bash

.github/dependabot.yml

@@ -1,9 +1,5 @@
 version: 2
 updates:
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/"