Merge branch 'main' into dependabot/github_actions/actions/upload-pages-artifact-4

Author: BjoernKarma

.github/workflows/ci.yaml

@@ -33,7 +33,7 @@ jobs:
       modules: ${{ steps.detect-changes.outputs.modules }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v5.0.0 # [email protected]
+        uses: actions/checkout@v5 # [email protected]
         with:
           fetch-depth: 0
       - name: Detect Changes

.github/workflows/dependabot-tidy.yaml

@@ -0,0 +1,80 @@
+# Copyright 2025 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Dependabot Tidy
+
+on:
+  pull_request:
+    paths:
+      - '**/go.mod'
+      - '**/go.sum'
+  workflow_dispatch:
+
+jobs:
+  tidy:
+    name: Run go mod tidy
+    if: github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.head_ref }}
+          fetch-depth: 0
+      
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 'stable'
+          check-latest: true
+      
+      - name: Run go mod tidy on all modules
+        run: |
+          echo "Identified modules:"
+          MODULES=$(find . -name 'go.mod' -exec dirname {} \; | sort)
+          echo "$MODULES"
+          echo "\nRunning go mod tidy on all modules..."
+          echo "$MODULES" | while read -r module_dir; do
+            if [ -n "$module_dir" ]; then
+              echo "Processing: $module_dir"
+              (cd "$module_dir" && go mod tidy)
+            fi
+          done
+      
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if [[ -n "$(git status --porcelain)" ]]; then
+            echo "changes=true" >> $GITHUB_OUTPUT
+            echo "Changes detected after running go mod tidy:"
+            git diff --name-only
+          else
+            echo "changes=false" >> $GITHUB_OUTPUT
+            echo "No changes detected after running go mod tidy"
+          fi
+      
+      - name: Commit and push changes
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add .
+          git commit -m "chore: run go mod tidy for modules updated by dependabot"
+          git push
+      
+      - name: Add comment to PR
+        if: steps.check_changes.outputs.changes == 'true'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '✅ `go mod tidy` has been run for all Go modules and changes have been committed to this PR.'
+            })

.github/workflows/docs-build.yaml

@@ -14,7 +14,7 @@ jobs:
     name: Build Docusaurus
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - uses: actions/setup-node@v4

.github/workflows/docs-deploy.yaml

@@ -16,7 +16,7 @@ jobs:
     name: Build Docusaurus
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - uses: actions/setup-node@v4

.github/workflows/helm-release.yaml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/ort.yaml

@@ -20,7 +20,7 @@ jobs:
       - name: Use HTTPS for Git cloning
         run: git config --global url.https://github.com/.insteadOf ssh://[email protected]/
       - name: Checkout project
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v5
       - name: Prepare ORT config
         # This allows us to customize the default ORT config available at
         # https://github.com/oss-review-toolkit/ort-config

.github/workflows/release.yaml

@@ -24,7 +24,7 @@ jobs:
           app_id: ${{ secrets.BOT_APP_ID }}
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
       - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           token: ${{ steps.generate_token.outputs.token }}

.github/workflows/reusable-go-ci.yaml

@@ -262,7 +262,7 @@ jobs:
             ${{ runner.os }}-go-${{ inputs.module }}-
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # pinv3.29.11
+        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # pinv3.30.3
         with:
           languages: go
           build-mode: manual # Set to manual as we provide a build step
@@ -283,7 +283,7 @@ jobs:
           fi
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # pinv3.29.11
+        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # pinv3.30.3
         with:
           category: "/language:go"
 
@@ -359,7 +359,7 @@ jobs:
     steps:
       # No checkout or Go setup needed if only running Trivy on a remote image
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/[email protected].0
+        uses: aquasecurity/[email protected].1
         with:
           image-ref: ${{ inputs.container_registry }}/${{ inputs.github_repository }}/${{ inputs.module }}@${{ needs.build.outputs.image_digest }}
           exit-code: "1"

CHANGELOG.md

@@ -1,3 +1,10 @@
+## [0.12.1](https://github.com/telekom/controlplane/compare/v0.12.0...v0.12.1) (2025-09-08)
+
+
+### Bug Fixes
+
+* **rover-ctl:** correctly map security object for oauth2 and basicauth ([#158](https://github.com/telekom/controlplane/issues/158)) ([68b4dee](https://github.com/telekom/controlplane/commit/68b4dee5e62aba889bd5f80013b0e4bea060a725))
+
 # [0.12.0](https://github.com/telekom/controlplane/compare/v0.11.0...v0.12.0) (2025-09-05)
 
 

admin/api/v1/zone_types.go

@@ -77,9 +77,20 @@ type ZoneSpec struct {
 }
 
 type Links struct {
-	GatewayUrl        string `json:"gatewayUrl"`
-	GatewayIssuer     string `json:"gatewayIssuer"`
-	StargateLmsIssuer string `json:"stargateLmsIssuer"`
+	// Url is the base URL of the default gateway of this zone
+	// +kubebuilder:validation:Format=uri
+	Url string `json:"gatewayUrl"`
+	// Issuer is the expected issuer of downstream tokens for this zone
+	// +kubebuilder:validation:Format=uri
+	Issuer string `json:"gatewayIssuer"`
+	// TeamIssuer is the expected issuer of downstream tokens for Team APIs in this zone
+	// +kubebuilder:validation:Format=uri
+	// +optional
+	TeamIssuer string `json:"teamApiIssuer,omitempty"`
+	// LmsIssuer is the issuer of the Last-Mile-Security tokens (upstream) for this zone
+	// +kubebuilder:validation:Format=uri
+	// +optional
+	LmsIssuer string `json:"gatewayLmsIssuer"`
 }
 
 // ZoneStatus defines the observed state of Zone