feat: Provide credentials in imagePullSecret without global access

.github/CODEOWNERS

@@ -1,3 +1,3 @@
 # Global
 
-* @chen-keinan
+* @simar7

.github/dependabot.yml

@@ -1,15 +1,31 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
+---
 version: 2
 updates:
-  - package-ecosystem: github-actions
+  - package-ecosystem: gomod
     directory: /
     schedule:
       interval: weekly
-  - package-ecosystem: gomod
+    groups:
+      k8s:
+        patterns:
+          - "*k8s*"
+      testcontainers:
+        patterns:
+          - github.com/testcontainers/*
+      common:
+        patterns:
+          - "*"
+      golang:
+        patterns:
+          - go*
+      aqua:
+        patterns:
+          - "*aquasecurity*"
+  - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: weekly
+      interval: monthly
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/build.yaml

@@ -22,9 +22,8 @@ on:
       - LICENSE
       - NOTICE
 env:
-  KIND_VERSION: v0.17.0
-  KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
-  GO_VERSION: '1.22'
+  KIND_VERSION: v0.24.0
+  KIND_IMAGE: kindest/node:v1.31.2
 permissions: {}
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -39,18 +38,16 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
       - name: Install tools
-        uses: aquaproj/aqua-installer@v3.0.1
+        uses: aquaproj/aqua-installer@v4.0.0
         with:
           aqua_version: v1.25.0
       - name: Verify Go code
-        uses: golangci/golangci-lint-action@v6.0.1
+        uses: golangci/golangci-lint-action@v8.0.0
         with:
           args: --verbose
-          version: v1.57.2
-          skip-pkg-cache: true
-          skip-build-cache: true
+          version: v2.1
       - name: Verify YAML code
         uses: ibiqlik/action-yamllint@v3
       - name: Vendor Go modules
@@ -63,20 +60,31 @@ jobs:
     name: Run tests
     runs-on: ubuntu-latest
     steps:
+      - name: Maximize build space
+        uses: AdityaGarg8/remove-unwanted-software@v5
+        with:
+          remove-android: 'true'
+          remove-dotnet: 'true'
+          remove-haskell: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+          remove-large-packages: 'true'
+          remove-cached-tools: 'true'
+          remove-swapfile: 'true'
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
       - name: Install tools
-        uses: aquaproj/aqua-installer@v3.0.1
+        uses: aquaproj/aqua-installer@v4.0.0
         with:
           aqua_version: v1.25.0
       - name: Run unit tests
         run: mage test:unit
       - name: Upload code coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           files: ./coverage.txt
   operator-envtest:
@@ -91,44 +99,49 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
       - name: Install tools
-        uses: aquaproj/aqua-installer@v3.0.1
+        uses: aquaproj/aqua-installer@v4.0.0
         with:
           aqua_version: v1.25.0
       - name: Run envtest
         run: mage test:envtest
       - name: Upload code coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           files: ./coverage.txt
   itest-trivy-operator:
     name: Run integration tests
     needs:
       - operator-envtest
     runs-on: ubuntu-latest
-    timeout-minutes: 15
+    timeout-minutes: 30
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
+
       - name: Install tools
-        uses: aquaproj/aqua-installer@v3.0.1
+        uses: aquaproj/aqua-installer@v4.0.0
         with:
           aqua_version: v1.25.0
+
       - name: Setup Kubernetes cluster (KIND)
-        uses: engineerd/setup-kind@v0.5.0
+        uses: engineerd/setup-kind@v0.6.2
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
+
       - name: Test connection to Kubernetes cluster
         run: |
           kubectl cluster-info
           kubectl wait --for=condition=Ready nodes --all --timeout=300s
           kubectl describe node
+
       - name: Run integration tests
         run: |
           kubectl create -k deploy/static
@@ -137,10 +150,12 @@ jobs:
           KUBECONFIG: /home/runner/.kube/config
           OPERATOR_NAMESPACE: trivy-system
           OPERATOR_TARGET_NAMESPACES: default
+
       - name: Upload code coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           files: ./itest/trivy-operator/coverage.txt
+
   e2e-testing:
     name: Run end to end testing
     needs:
@@ -161,12 +176,12 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
       - name: Release snapshot
         uses: goreleaser/goreleaser-action@v6
         with:
-          version: v1.7.0
-          args: release -f=goreleaser-e2e.yaml --snapshot --skip-publish --rm-dist
+          version: v2.4.8
+          args: release -f=goreleaser-e2e.yaml --snapshot --skip=publish --clean
       - name: Install kind and create cluster
         run: >
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION
@@ -188,10 +203,10 @@ jobs:
           kubectl describe node
       - name: Load operator image to cluster
         run: >
-          docker tag ghcr.io/aquasecurity/trivy-operator:${{ github.sha }}-amd64
-          ghcr.io/aquasecurity/trivy-operator:e2e
+          docker tag mirror.gcr.io/aquasec/trivy-operator:${{ github.sha }}-amd64
+          mirror.gcr.io/aquasec/trivy-operator:e2e
 
-          docker save -o trivy-operator.tar ghcr.io/aquasecurity/trivy-operator:e2e
+          docker save -o trivy-operator.tar mirror.gcr.io/aquasec/trivy-operator:e2e
 
           kind load image-archive trivy-operator.tar
       - name: Init E2E tests (Install kuttl & helm)
@@ -265,6 +280,11 @@ jobs:
         run: >
           ./bin/kuttl test --start-kind=false --config tests/e2e/config/cluster-scan.yaml
 
+      - name: The job has failed - print the logs
+        if: ${{ failure() }}
+        run: >
+          kubectl logs -n trivy-system deployment/trivy-operator
+
       - name: Delete kind cluster
         run: |
           kind delete cluster

.github/workflows/chart-testing.yaml

@@ -14,15 +14,14 @@ on:
 env:
   KIND_VERSION: v0.17.0
   KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
-  GO_VERSION: '1.22'
 permissions: {}
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 jobs:
   chart-testing:
     name: Run chart testing
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     env:
       DOCKER_CLI_EXPERIMENTAL: enabled
     steps:
@@ -38,12 +37,13 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
       - name: Release snapshot
         uses: goreleaser/goreleaser-action@v6
         with:
-          version: v1.7.0
-          args: release -f=goreleaser-e2e.yaml --snapshot --skip-publish --rm-dist
+          version: v2.4.8
+          args: release -f=goreleaser-e2e.yaml --snapshot --skip=publish --clean
+
       - name: Install kind and create cluster
         run: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION }}/kind-linux-amd64
@@ -69,19 +69,23 @@ jobs:
           cmd: yq -i '.appVersion = "ct"' ./deploy/helm/Chart.yaml
       - name: Load operator image to cluster
         run: >
-          docker tag ghcr.io/aquasecurity/trivy-operator:${{ github.sha }}-amd64
-          ghcr.io/aquasecurity/trivy-operator:ct
+          docker tag mirror.gcr.io/aquasec/trivy-operator:${{ github.sha }}-amd64
+          mirror.gcr.io/aquasec/trivy-operator:ct
 
-          docker save -o trivy-operator.tar ghcr.io/aquasecurity/trivy-operator:ct
+          docker save -o trivy-operator.tar mirror.gcr.io/aquasec/trivy-operator:ct
 
           kind load image-archive trivy-operator.tar
+
       - name: Set up python
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
+        uses: actions/setup-python@v5.6.0
         with:
-          python-version: 3.7
+          python-version: '3.x'
+          check-latest: true
+
       - name: Setup chart-testing
         id: lint
-        uses: helm/chart-testing-action@v2.6.1
+        uses: helm/chart-testing-action@v2.7.0
+
       - name: Run chart-testing
         run: ct lint-and-install --validate-maintainers=false --charts deploy/helm
       - name: Delete kind cluster

.github/workflows/private-registries.yaml

@@ -24,15 +24,14 @@ on:
 env:
   KIND_VERSION: v0.17.0
   KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
-  GO_VERSION: '1.22'
 permissions: {}
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 jobs:
   private-registry-testing:
     name: private registry testing
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     env:
       DOCKER_CLI_EXPERIMENTAL: enabled
     steps:
@@ -48,12 +47,12 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: go.mod
       - name: Release snapshot
         uses: goreleaser/goreleaser-action@v6
         with:
-          version: v1.7.0
-          args: release -f=goreleaser-e2e.yaml --snapshot --skip-publish --rm-dist
+          version: v2.4.8
+          args: release -f=goreleaser-e2e.yaml --snapshot --skip=publish --clean
       - name: Install kind and create cluster
         run: >
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION
@@ -83,10 +82,10 @@ jobs:
             -n private
       - name: Load operator image to cluster
         run: >
-          docker tag ghcr.io/aquasecurity/trivy-operator:${{ github.sha }}-amd64
-          ghcr.io/aquasecurity/trivy-operator:e2e
+          docker tag mirror.gcr.io/aquasec/trivy-operator:${{ github.sha }}-amd64
+          mirror.gcr.io/aquasec/trivy-operator:e2e
 
-          docker save -o trivy-operator.tar ghcr.io/aquasecurity/trivy-operator:e2e
+          docker save -o trivy-operator.tar mirror.gcr.io/aquasec/trivy-operator:e2e
 
           kind load image-archive trivy-operator.tar
       - name: Init E2E tests (Install kuttl & helm)

.github/workflows/publish-docs.yaml

@@ -36,7 +36,7 @@ jobs:
           fetch-depth: 0
           ref: ${{ github.event.inputs.ref }}
           persist-credentials: true
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
+      - uses: actions/setup-python@5db1cf9a59fb97c40a68accab29236f0da7e94db
         with:
           python-version: 3.x
       - run: |

.github/workflows/publish-helm-chart.yaml

@@ -26,24 +26,31 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
       - name: Install Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
         with:
           version: v3.14.2
+
       - name: Set up python
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+        uses: actions/setup-python@v5.6.0
         with:
-          python-version: 3.7
+          python-version: '3.x'
+          check-latest: true
+
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@v2.6.1
+        uses: helm/chart-testing-action@v2.7.0
+
       - name: Setup Kubernetes cluster (KIND)
-        uses: helm/kind-action@v1.10.0 # v1.5.0
+        uses: helm/kind-action@v1.12.0 # v1.5.0
         with:
           version: ${{ env.KIND_VERSION }}
           node_image: ${{ env.KIND_IMAGE }}
+
       - name: Run chart-testing
         run: ct lint-and-install --validate-maintainers=false --charts deploy/helm
+
       - name: Install chart-releaser
         run: |
           wget https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_linux_amd64.tar.gz
@@ -76,7 +83,7 @@ jobs:
 
         # OCI registry as helm repository (helm 3.8+)
       - name: Login to GHCR
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}