From 54061fa06dcba7324ebb8aa7c006df8f85fbb56b Mon Sep 17 00:00:00 2001
From: NSMBot <nsmbot@networkservicmesh.io>
Date: Tue, 21 May 2024 11:00:11 +0000
Subject: [PATCH] Sync files with networkservicemesh/cmd-template

This PR syncs files with https://github.com/networkservicemesh/cmd-template

Revision: https://github.com/networkservicemesh/cmd-template/commits/7369b5fd24fe89c8021d5dcf3f5aea3393a64805

commit 7369b5fd24fe89c8021d5dcf3f5aea3393a64805
Author: Nikita Skrynnik <93182827+NikitaSkrynnik@users.noreply.github.com>
Date:   Tue Apr 23 20:12:10 2024 +0700

    Delete check-release-branch job from release workflow (#130)

    * Delete check-release-branch job from release workflow

    Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>

    * minor fixes

    Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>

    ---------

    Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
---
 .github/workflows/ci.yaml                 | 11 ++++++++---
 .github/workflows/docker-push-ghcr.yml    |  5 -----
 .github/workflows/docker-push.yaml        |  5 -----
 .github/workflows/release.yml             | 17 +++++------------
 .github/workflows/update-deployments.yaml |  7 +------
 SECURITY.md                               |  9 +++++++++
 6 files changed, 23 insertions(+), 31 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 7558d07..cbce200 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -15,6 +15,11 @@ jobs:
   shellcheck:
     uses: networkservicemesh/.github/.github/workflows/shellcheck.yaml@main
 
+  check-env:
+    uses: networkservicemesh/.github/.github/workflows/env-check.yaml@main
+    with:
+      prefix: "NSM_"
+
   golangci-lint:
     uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main
 
@@ -24,7 +29,7 @@ jobs:
   restrictNSMDeps:
     uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main
     with:
-      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp"
+      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp, govpp, vpphelper"
 
   checkgomod:
     uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main
@@ -32,8 +37,8 @@ jobs:
   gogenerate:
     uses: networkservicemesh/.github/.github/workflows/cmd-gogenerate.yaml@main
 
-  # excludereplace:
-  #   uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
+  excludereplace:
+    uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
 
   docker-build-and-test:
     if: github.repository != 'networkservicemesh/cmd-template'
diff --git a/.github/workflows/docker-push-ghcr.yml b/.github/workflows/docker-push-ghcr.yml
index f585d2a..a0a3d7c 100644
--- a/.github/workflows/docker-push-ghcr.yml
+++ b/.github/workflows/docker-push-ghcr.yml
@@ -4,11 +4,6 @@ name: Docker push ghcr
 on:
   push:
     branches: [main]
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   push:
     if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
index 0ebd305..d498b0b 100644
--- a/.github/workflows/docker-push.yaml
+++ b/.github/workflows/docker-push.yaml
@@ -4,11 +4,6 @@ on:
   push:
     branches:
       - main
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   push:
     if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c13055e..8fcf39e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,18 +7,20 @@ on:
       - completed
     workflows:
       - "ci"
+    branches:
+      - release/*
 jobs:
   get-tag:
     name: Get tag
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }}
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     outputs:
       tag: ${{ steps.get-tag-step.outputs.tag }}
     steps:
       - name: Get tag
         run: |
           branch=${{github.event.workflow_run.head_branch}}
-          echo '::set-output name=tag::'${branch#release/}
+          echo tag=${branch#release/} >> $GITHUB_OUTPUT
         id: get-tag-step
 
   check-gomod-deps:
@@ -41,18 +43,9 @@ jobs:
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
 
-  check-branch:
-    name: Check release branch in deployments-k8s
-    needs: [get-tag, create-release]
-    uses: networkservicemesh/.github/.github/workflows/check-release-branch.yaml@main
-    with:
-      tag: ${{ needs.get-tag.outputs.tag }}
-    secrets:
-      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-
   update-deployments-k8s:
     name: Update deployments-k8s
-    needs: [get-tag, check-branch]
+    needs: [get-tag, create-release]
     if: ${{ github.repository != 'networkservicemesh/cmd-template' }}
     uses: networkservicemesh/.github/.github/workflows/release-deployments.yaml@main
     with:
diff --git a/.github/workflows/update-deployments.yaml b/.github/workflows/update-deployments.yaml
index de1d4a1..5925bed 100644
--- a/.github/workflows/update-deployments.yaml
+++ b/.github/workflows/update-deployments.yaml
@@ -4,14 +4,9 @@ on:
   push:
     branches:
       - main
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   update-deployments-k8s:
-    if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
+    if: ${{ github.repository != 'networkservicemesh/cmd-template' }}
     uses: networkservicemesh/.github/.github/workflows/update-deployments.yaml@main
     secrets:
       token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..52ed6d7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a security issue
+
+If you believe you have found a security issue in Network Service Mesh, please send a description of the issue to security@networkservicemesh.io. We will send a confirmation to acknowledge your report, and an additional email with the result of our assessment (normally within 1-2 working days).
+
+## Supported versions
+
+Note that Network Service Mesh is developed and maintained on one track, thus we encourage our users to follow our latest releases. For this reason we only investigate whether the reported issue is affecting the latest release of Network Service Mesh and provide a fix in a patch release on top of the latest release.
\ No newline at end of file