diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..0967099 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,10 @@ +data/ +.build/ +.tarballs/ + +!.build/linux-amd64/ +!.build/linux-arm64/ +!.build/linux-armv7/ +!.build/linux-ppc64le/ +!.build/linux-riscv64/ +!.build/linux-s390x/ diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fd7a33c..e5a39bc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,10 +1,37 @@ version: 2 updates: - - package-ecosystem: "github-actions" + - package-ecosystem: "gomod" directory: "/" schedule: interval: "monthly" - - package-ecosystem: "gomod" + groups: + aws: + patterns: + - "github.com/aws/*" + go.opentelemetry.io: + patterns: + - "go.opentelemetry.io/*" + golang.org-x: + patterns: + - "golang.org/x/*" + k8s.io: + patterns: + - "k8s.io/*" + - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "monthly" + groups: + promci: + patterns: + - "prometheus/promci*" + codeql: + patterns: + - "github/codeql-action*" + # Exclude configs synced from upstream prometheus/prometheus. + exclude-paths: + - .github/workflows/container_description.yml + - .github/workflows/golangci-lint.yml + - .github/workflows/govulncheck.yml + - .github/workflows/scorecards.yml + - .github/workflows/stale.yml diff --git a/.github/workflows/container_description.yml b/.github/workflows/container_description.yml index 3bb36cc..0e2f274 100644 --- a/.github/workflows/container_description.yml +++ b/.github/workflows/container_description.yml @@ -18,7 +18,7 @@ jobs: if: github.repository_owner == 'prometheus' || github.repository_owner == 'prometheus-community' # Don't run this workflow on forks. steps: - name: git checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Set docker hub repo name @@ -42,7 +42,7 @@ jobs: if: github.repository_owner == 'prometheus' || github.repository_owner == 'prometheus-community' # Don't run this workflow on forks. steps: - name: git checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Set quay.io org name diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index afdf02a..83241e2 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -26,22 +26,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Install Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: 1.26.x - - name: Download embedded docs snapshot - # The binary embeds the prometheus/docs snapshot via go:embed; the linter - # compiles the packages, so it must be present. - run: make docs + - name: Install snmp_exporter/generator dependencies + run: sudo apt-get update && sudo apt-get -y install libsnmp-dev + if: github.repository == 'prometheus/snmp_exporter' - name: Get golangci-lint version id: golangci-lint-version run: echo "version=$(make print-golangci-lint-version)" >> $GITHUB_OUTPUT - name: Lint - uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 + uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0 with: args: --verbose version: ${{ steps.golangci-lint-version.outputs.version }} diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index fac748c..621476d 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -20,12 +20,11 @@ jobs: runs-on: ubuntu-latest name: Run govulncheck steps: - - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - with: - persist-credentials: false - - name: Download embedded docs snapshot - # The binary embeds the prometheus/docs snapshot via go:embed. - run: make docs + - name: Install snmp_exporter/generator dependencies + id: snmp-deps + run: sudo apt-get update && sudo apt-get -y install libsnmp-dev + if: github.repository == 'prometheus/snmp_exporter' - id: govulncheck uses: golang/govulncheck-action@3fa7bd9cee2cfdf3499a8803b226e43de7b7cdb4 # master + env: + GOOS: ${{ contains(github.repository, 'windows_exporter') && 'windows' || '' }} diff --git a/.yamllint b/.yamllint index f85004d..b329f46 100644 --- a/.yamllint +++ b/.yamllint @@ -2,8 +2,7 @@ extends: default ignore: | **/node_modules - cmd/prometheus-mcp/external/docs/ - charts/ + web/api/v1/testdata/openapi_*_golden.yaml rules: braces: @@ -19,7 +18,9 @@ rules: indentation: spaces: consistent indent-sequences: consistent - key-duplicates: {} + key-duplicates: + ignore: | + config/testdata/section_key_dup.bad.yml line-length: disable truthy: check-keys: false diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..5e6f976 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,6 @@ +# Reporting a security issue + +The Prometheus security policy, including how to report vulnerabilities, can be +found here: + +[https://prometheus.io/docs/operating/security/](https://prometheus.io/docs/operating/security/)