From 20c58c6185a9c441bb6434a93d520d0993dbaa09 Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Tue, 19 Mar 2024 09:35:27 +0200 Subject: [PATCH 1/6] rm attack track before release Signed-off-by: YiscahLevySilas1 --- ...ternal-wl-with-cluster-takeover-roles.json | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 attack-tracks/external-wl-with-cluster-takeover-roles.json diff --git a/attack-tracks/external-wl-with-cluster-takeover-roles.json b/attack-tracks/external-wl-with-cluster-takeover-roles.json deleted file mode 100644 index d12d0a139..000000000 --- a/attack-tracks/external-wl-with-cluster-takeover-roles.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "apiVersion": "regolibrary.kubescape/v1alpha1", - "kind": "AttackTrack", - "metadata": { - "name": "external-workload-with-cluster-takeover-roles" - }, - "spec": { - "version": "1.0", - "data": { - "name": "Initial Access", - "description": "An attacker can access the Kubernetes environment.", - "subSteps": [ - { - "name": "Cluster Access", - "description": "An attacker has access to sensitive information and can leverage them by creating pods in the cluster." - } - ] - } - } -} \ No newline at end of file From 9c52252306a043822fb2d5a7f98e8b36d61c8e52 Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Tue, 19 Mar 2024 12:03:30 +0200 Subject: [PATCH 2/6] add release v2, disable automatic latest release Signed-off-by: YiscahLevySilas1 --- .github/workflows/create-release-v2.yaml | 183 ++++++++++++++++++ .../workflows/create-release-without-st.yaml | 128 ------------ .github/workflows/create-release.yaml | 6 +- 3 files changed, 184 insertions(+), 133 deletions(-) create mode 100644 .github/workflows/create-release-v2.yaml delete mode 100644 .github/workflows/create-release-without-st.yaml diff --git a/.github/workflows/create-release-v2.yaml b/.github/workflows/create-release-v2.yaml new file mode 100644 index 000000000..5cfae7f80 --- /dev/null +++ b/.github/workflows/create-release-v2.yaml @@ -0,0 +1,183 @@ +name: 'Create and Publish Tags with Testing and Artifact Handling' + +on: + push: + tags: + - 'v*.*.*-rc.*' + + +env: + REGO_ARTIFACT_KEY_NAME: rego_artifact + REGO_ARTIFACT_PATH: release + +jobs: + test_pr_checks: + permissions: + pull-requests: write + uses: kubescape/workflows/.github/workflows/go-basic-tests.yaml@main + with: + GO_VERSION: '1.21' + BUILD_PATH: github.com/kubescape/regolibrary/gitregostore/... + secrets: inherit + + build-and-rego-test: + needs: [test_pr_checks] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + name: Checkout repo content + + - name: Set up Go 1.21 + uses: actions/setup-go@v2 + with: + go-version: 1.21 + + - name: Test Regos (Golang OPA hot rule compilation) + working-directory: testrunner + run: | + sudo apt update && sudo apt install -y cmake + GOPATH=$(go env GOPATH) make + + - name: Setup Python 3.10.6 + uses: actions/setup-python@v2 + with: + python-version: 3.10.6 + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + pip install requests + + - name: Update frameworks subsections (generating subsections ids) + run: python ./scripts/generate_subsections_ids.py + + - name: Validate control-ID duplications + run: python ./scripts/validations.py + + - name: Generate RegoLibrary artifacts (run export script) + run: python ./scripts/export.py + + - name: Strip Metadata Files Extensions + run: | + cd release + find . -type f \( -name '*.json' -o -name '*.csv' \) | while read f; do mv "$f" "${f%.*}"; done + + - run: ls -laR + + - name: Set outputs + id: set_outputs + run: | + echo "REGO_ARTIFACT_KEY_NAME=${{ env.REGO_ARTIFACT_KEY_NAME }}" >> $GITHUB_OUTPUT + echo "REGO_ARTIFACT_PATH=${{ env.REGO_ARTIFACT_PATH }}" >> $GITHUB_OUTPUT + + - name: Upload artifact + uses: actions/upload-artifact@v2 + with: + name: ${{ env.REGO_ARTIFACT_KEY_NAME }} + path: ${{ env.REGO_ARTIFACT_PATH }}/ + if-no-files-found: error + + # test kubescape e2e flow with tested artifacts + ks-and-rego-test: + uses: kubescape/workflows/.github/workflows/kubescape-cli-e2e-tests.yaml@main + needs: [build-and-rego-test] + if: ${{ (always() && (contains(needs.*.result, 'success')) && !(contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }} + with: + DOWNLOAD_ARTIFACT_KEY_NAME: ${{ needs.build-and-rego-test.outputs.REGO_ARTIFACT_KEY_NAME }} + BINARY_TESTS: '[ "scan_nsa", + "scan_mitre", + "scan_with_exceptions", + "scan_repository", + "scan_local_file", + "scan_local_glob_files", + "scan_nsa_and_submit_to_backend", + "scan_mitre_and_submit_to_backend", + "scan_local_repository_and_submit_to_backend", + "scan_repository_from_url_and_submit_to_backend", + "host_scanner", + "scan_local_list_of_files", + "scan_compliance_score" + ]' + DOWNLOAD_ARTIFACT_PATH: ${{ needs.build-and-rego-test.outputs.REGO_ARTIFACT_PATH }} + secrets: inherit + + # start release process + create-new-tag-and-release: + needs: [ks-and-rego-test] + if: ${{ (always() && (contains(needs.*.result, 'success')) && !(contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }} + name: create release and upload assets + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + name: Checkout repository + + - name: 'Generate Release Tag' + id: generate_tag + uses: kubescape/workflows/.github/actions/tag-action@main + with: + ORIGINAL_TAG: ${{ github.ref_name }} + SUB_STRING: "-rc." + + # Create and push the full version tag (e.g., v2.0.1) + - name: Create and Push Full Tag + uses: rickstaa/action-create-tag@v1 + with: + tag: ${{ steps.generate_tag.outputs.NEW_TAG }} + force_push_tag: false + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate Short Tag + id: short_tag + run: | + SHORT_TAG=$(echo "${{ steps.generate_tag.outputs.NEW_TAG }}" | grep -oP '^v\d+') + echo "Short tag: $SHORT_TAG" + echo "SHORT_TAG=$SHORT_TAG" >> $GITHUB_ENV + + - name: Force Push Short Tag + uses: rickstaa/action-create-tag@v1 + with: + tag: ${{ env.SHORT_TAG }} + force_push_tag: true + github_token: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2 + id: download-artifact + with: + name: ${{ env.REGO_ARTIFACT_KEY_NAME }} + path: ${{ env.REGO_ARTIFACT_PATH }} + + - name: Create or Update Release and Upload Assets + uses: softprops/action-gh-release@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + tag_name: ${{ env.SHORT_TAG }} + name: ${{ env.SHORT_TAG }} + body: "Automated release for ${{ env.SHORT_TAG}}" + files: ${{ env.REGO_ARTIFACT_PATH }}/* + draft: false + fail_on_unmatched_files: true + prerelease: false + make_latest: "false" + + # Update regolibrary documentation with latest controls and rules. + update-documentation: + needs: [release] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # ratchet:actions/checkout@v3.5.2 + name: checkout repo content + - name: setup python + uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # ratchet:actions/setup-python@v4.6.0 + with: + python-version: 3.8 + - name: install dependencies + run: | + python -m pip install --upgrade pip + pip install requests + - name: execute upload script + env: + README_API_KEY: ${{ secrets.README_API_KEY }} + run: |- + python ./scripts/upload-readme.py + - name: execute docs generator script + run: python ./scripts/mk-generator.py # Script to generate controls library documentation diff --git a/.github/workflows/create-release-without-st.yaml b/.github/workflows/create-release-without-st.yaml deleted file mode 100644 index c8e1f65f1..000000000 --- a/.github/workflows/create-release-without-st.yaml +++ /dev/null @@ -1,128 +0,0 @@ -name: create release without system tests -on: - workflow_dispatch: - inputs: - TAG: - description: 'Tag name' - required: true - type: string - -env: - REGO_ARTIFACT_KEY_NAME: rego_artifact - REGO_ARTIFACT_PATH: release - -jobs: - # build regolibrary artifacts / test rego dependencies / test rego unit-tests - build-and-rego-test: - name: Build and test rego artifacts - runs-on: ubuntu-latest - outputs: - NEW_TAG: ${{ steps.tag-calculator.outputs.NEW_TAG }} - REGO_ARTIFACT_KEY_NAME: ${{ steps.set_outputs.outputs.REGO_ARTIFACT_KEY_NAME }} - REGO_ARTIFACT_PATH: ${{ steps.set_outputs.outputs.REGO_ARTIFACT_PATH }} - steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f - name: checkout repo content - with: - token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - - - id: tag-calculator - uses: kubescape/workflows/.github/actions/tag-action@main - with: - ORIGINAL_TAG: ${{ inputs.TAG }} - SUB_STRING: "-rc" - - # Test using Golang OPA hot rule compilation - - name: Set up Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 - with: - go-version: '1.21' - - - name: setup python - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa - with: - python-version: 3.10.6 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install requests - - # generating subsections ids - - name: Update frameworks subsections - run: python ./scripts/generate_subsections_ids.py - - # validate control-ID duplications - - run: python ./scripts/validations.py - - # run export script to generate regolibrary artifacts - - run: python ./scripts/export.py - - # removing release artifacts file extensions - - name: Strip Metadata Files Extensions - run: | - cd release - find -type f -name '*.json' | while read f; do mv "$f" "${f%.json}"; done - find -type f -name '*.csv' | while read f; do mv "$f" "${f%.csv}"; done - - - run: ls -laR - - - name: Set outputs - id: set_outputs - run: | - echo "REGO_ARTIFACT_KEY_NAME=${{ env.REGO_ARTIFACT_KEY_NAME }}" >> $GITHUB_OUTPUT - echo "REGO_ARTIFACT_PATH=${{ env.REGO_ARTIFACT_PATH }}" >> $GITHUB_OUTPUT - - - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1 - name: Upload artifact - with: - name: ${{ env.REGO_ARTIFACT_KEY_NAME }} - path: ${{ env.REGO_ARTIFACT_PATH }}/ - if-no-files-found: error - - # start release process - release: - if: ${{ (always() && (contains(needs.*.result, 'success')) && !(contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }} - name: create release and upload assets - needs: [build-and-rego-test] - runs-on: ubuntu-latest - steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2 - id: download-artifact - with: - name: ${{ env.REGO_ARTIFACT_KEY_NAME }} - path: ${{ env.REGO_ARTIFACT_PATH }} - - - name: Create Release and upload assets - id: create_release_upload_assets - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 - with: - token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - name: Release ${{ needs.build-and-rego-test.outputs.NEW_TAG }} - tag_name: ${{ needs.build-and-rego-test.outputs.NEW_TAG }} - draft: false - fail_on_unmatched_files: true - prerelease: false - files: '${{ env.REGO_ARTIFACT_PATH }}/*' - - # Update regolibrary documentation with latest controls and rules. - update-documentation: - needs: [release] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # ratchet:actions/checkout@v3.5.2 - name: checkout repo content - - name: setup python - uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # ratchet:actions/setup-python@v4.6.0 - with: - python-version: 3.8 - - name: install dependencies - run: | - python -m pip install --upgrade pip - pip install requests - - name: execute upload script - env: - README_API_KEY: ${{ secrets.README_API_KEY }} - run: |- - python ./scripts/upload-readme.py - - name: execute docs generator script - run: python ./scripts/mk-generator.py # Script to generate controls library documentation \ No newline at end of file diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml index 6a3eca62f..087ec2233 100644 --- a/.github/workflows/create-release.yaml +++ b/.github/workflows/create-release.yaml @@ -6,11 +6,7 @@ on: description: 'Tag name' required: true type: string - - push: - tags: - - 'v*.*.*-rc.*' - + env: REGO_ARTIFACT_KEY_NAME: rego_artifact REGO_ARTIFACT_PATH: release From 14ba9f8b58f746a1d65ddfe944838bba0a9f2334 Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Tue, 19 Mar 2024 13:32:04 +0200 Subject: [PATCH 3/6] rm attack track before release Signed-off-by: YiscahLevySilas1 --- controls/C-0256-exposuretointernet.json | 6 ------ controls/C-0267-workloadwithclustertakeoverroles.json | 11 +---------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/controls/C-0256-exposuretointernet.json b/controls/C-0256-exposuretointernet.json index 0abb72f5b..8c9776554 100644 --- a/controls/C-0256-exposuretointernet.json +++ b/controls/C-0256-exposuretointernet.json @@ -17,12 +17,6 @@ "Initial Access" ] }, - { - "attackTrack": "external-workload-with-cluster-takeover-roles", - "categories": [ - "Initial Access" - ] - }, { "attackTrack": "external-database-without-authentication", "categories": [ diff --git a/controls/C-0267-workloadwithclustertakeoverroles.json b/controls/C-0267-workloadwithclustertakeoverroles.json index e048787a9..708016d0c 100644 --- a/controls/C-0267-workloadwithclustertakeoverroles.json +++ b/controls/C-0267-workloadwithclustertakeoverroles.json @@ -4,16 +4,7 @@ "controlTypeTags": [ "security" ], - "attackTracks": [ - { - "attackTrack": "external-workload-with-cluster-takeover-roles", - "categories": [ - "Cluster Access" - ], - "displayRelatedResources": true, - "clickableResourceKind": "ServiceAccount" - } - ] + "attackTracks": [] }, "description": "Cluster takeover roles include workload creation or update and secret access. They can easily lead to super privileges in the cluster. If an attacker can exploit this workload then the attacker can take over the cluster using the RBAC privileges this workload is assigned to.", "remediation": "You should apply least privilege principle. Make sure each service account has only the permissions that are absolutely necessary.", From 8e7e6a0ce759f681e0a008ed86f62b168a05eb46 Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Wed, 20 Mar 2024 08:46:23 +0200 Subject: [PATCH 4/6] add workflow_dispatch Signed-off-by: YiscahLevySilas1 --- .github/workflows/create-release-v2.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/create-release-v2.yaml b/.github/workflows/create-release-v2.yaml index 5cfae7f80..a059ed611 100644 --- a/.github/workflows/create-release-v2.yaml +++ b/.github/workflows/create-release-v2.yaml @@ -1,6 +1,13 @@ name: 'Create and Publish Tags with Testing and Artifact Handling' on: + workflow_dispatch: + inputs: + TAG: + description: 'Tag name' + required: true + type: string + push: tags: - 'v*.*.*-rc.*' From cd516e4cceb1b9770324f50288e906c12db3f36f Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Wed, 20 Mar 2024 08:49:36 +0200 Subject: [PATCH 5/6] remove old release workflow Signed-off-by: YiscahLevySilas1 --- .github/workflows/create-release.yaml | 170 -------------------------- 1 file changed, 170 deletions(-) delete mode 100644 .github/workflows/create-release.yaml diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml deleted file mode 100644 index 087ec2233..000000000 --- a/.github/workflows/create-release.yaml +++ /dev/null @@ -1,170 +0,0 @@ -name: create release -on: - workflow_dispatch: - inputs: - TAG: - description: 'Tag name' - required: true - type: string - -env: - REGO_ARTIFACT_KEY_NAME: rego_artifact - REGO_ARTIFACT_PATH: release - -jobs: - # main job of testing and building the env. - test_pr_checks: - permissions: - pull-requests: write - uses: kubescape/workflows/.github/workflows/go-basic-tests.yaml@main - with: - GO_VERSION: '1.21' - BUILD_PATH: github.com/kubescape/regolibrary/gitregostore/... - secrets: inherit - - # build regolibrary artifacts / test rego dependencies / test rego unit-tests - build-and-rego-test: - needs: [test_pr_checks] - name: Build and test rego artifacts - runs-on: ubuntu-latest - outputs: - NEW_TAG: ${{ steps.tag-calculator.outputs.NEW_TAG }} - REGO_ARTIFACT_KEY_NAME: ${{ steps.set_outputs.outputs.REGO_ARTIFACT_KEY_NAME }} - REGO_ARTIFACT_PATH: ${{ steps.set_outputs.outputs.REGO_ARTIFACT_PATH }} - steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f - name: checkout repo content - with: - token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - - - id: tag-calculator - uses: kubescape/workflows/.github/actions/tag-action@main - with: - ORIGINAL_TAG: ${{ inputs.TAG }} - SUB_STRING: "-rc" - - # Test using Golang OPA hot rule compilation - - name: Set up Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 - with: - go-version: '1.21' - - - name: Test Regoes - working-directory: testrunner - run: | - apt update && apt install -y cmake - GOPATH=$(go env GOPATH) make - - - name: setup python - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa - with: - python-version: 3.10.6 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install requests - - # generating subsections ids - - name: Update frameworks subsections - run: python ./scripts/generate_subsections_ids.py - - # validate control-ID duplications - - run: python ./scripts/validations.py - - # run export script to generate regolibrary artifacts - - run: python ./scripts/export.py - - # removing release artifacts file extensions - - name: Strip Metadata Files Extensions - run: | - cd release - find -type f -name '*.json' | while read f; do mv "$f" "${f%.json}"; done - find -type f -name '*.csv' | while read f; do mv "$f" "${f%.csv}"; done - - - run: ls -laR - - - name: Set outputs - id: set_outputs - run: | - echo "REGO_ARTIFACT_KEY_NAME=${{ env.REGO_ARTIFACT_KEY_NAME }}" >> $GITHUB_OUTPUT - echo "REGO_ARTIFACT_PATH=${{ env.REGO_ARTIFACT_PATH }}" >> $GITHUB_OUTPUT - - - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1 - name: Upload artifact - with: - name: ${{ env.REGO_ARTIFACT_KEY_NAME }} - path: ${{ env.REGO_ARTIFACT_PATH }}/ - if-no-files-found: error - - # test kubescape e2e flow with tested artifacts - ks-and-rego-test: - uses: kubescape/workflows/.github/workflows/kubescape-cli-e2e-tests.yaml@main - needs: [build-and-rego-test] - if: ${{ (always() && (contains(needs.*.result, 'success')) && !(contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }} - with: - DOWNLOAD_ARTIFACT_KEY_NAME: ${{ needs.build-and-rego-test.outputs.REGO_ARTIFACT_KEY_NAME }} - BINARY_TESTS: '[ "scan_nsa", - "scan_mitre", - "scan_with_exceptions", - "scan_repository", - "scan_local_file", - "scan_local_glob_files", - "scan_nsa_and_submit_to_backend", - "scan_mitre_and_submit_to_backend", - "scan_local_repository_and_submit_to_backend", - "scan_repository_from_url_and_submit_to_backend", - "host_scanner", - "scan_local_list_of_files", - "scan_compliance_score" - ]' - DOWNLOAD_ARTIFACT_PATH: ${{ needs.build-and-rego-test.outputs.REGO_ARTIFACT_PATH }} - secrets: inherit - - # start release process - release: - needs: [ks-and-rego-test] - if: ${{ (always() && (contains(needs.*.result, 'success')) && !(contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }} - name: create release and upload assets - runs-on: ubuntu-latest - steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2 - id: download-artifact - with: - name: ${{ env.REGO_ARTIFACT_KEY_NAME }} - path: ${{ env.REGO_ARTIFACT_PATH }} - - - name: Create Release and upload assets - id: create_release_upload_assets - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 - with: - token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - name: Release ${{ needs.build-and-rego-test.outputs.NEW_TAG }} - tag_name: ${{ needs.build-and-rego-test.outputs.NEW_TAG }} - body: ${{ github.event.pull_request.body }} - draft: false - fail_on_unmatched_files: true - prerelease: false - files: '${{ env.REGO_ARTIFACT_PATH }}/*' - - # Update regolibrary documentation with latest controls and rules. - update-documentation: - needs: [release] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # ratchet:actions/checkout@v3.5.2 - name: checkout repo content - - name: setup python - uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # ratchet:actions/setup-python@v4.6.0 - with: - python-version: 3.8 - - name: install dependencies - run: | - python -m pip install --upgrade pip - pip install requests - - name: execute upload script - env: - README_API_KEY: ${{ secrets.README_API_KEY }} - run: |- - python ./scripts/upload-readme.py - - name: execute docs generator script - run: python ./scripts/mk-generator.py # Script to generate controls library documentation From 1d84ac7186ea8fc4c181e246a18d6809d2f2066b Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Wed, 20 Mar 2024 14:48:40 +0200 Subject: [PATCH 6/6] expand condition to match releases that aren't latest Signed-off-by: YiscahLevySilas1 --- gitregostore/datastructures.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitregostore/datastructures.go b/gitregostore/datastructures.go index 49b21983c..9f24d57a9 100644 --- a/gitregostore/datastructures.go +++ b/gitregostore/datastructures.go @@ -56,7 +56,7 @@ func newGitRegoStore(baseUrl string, owner string, repository string, path strin watch = true } - if strings.Contains(tag, "latest") || strings.Contains(tag, "download") { + if strings.Contains(tag, "latest") || strings.Contains(tag, "download") || strings.Contains(path, "releases") { // TODO - This condition was added to avoid dependency on updating productions configs on deployment. // Once production configs are updated (branch set to ""), this condition can be removed. if strings.ToLower(branch) == "master" {