build: v1.36.0-alpha release

[jvanz-authorizer]

Automatic bump to v1.36.0-alpha release.

Changes since last released tag: (if no tag, since HEAD^): v1.31.0...updatecli_main_release_pr

Important

REMEMBER USING SQUASH MERGE FOR THIS PR

---

Update adm-controller chart versions

Update Helm chart kubewarden-controller version

change detected: * key "$.version" updated from "5.13.0" to "5.14.0", in file "charts/kubewarden-controller/Chart.yaml"

Update Cargo.toml, Cargo.lock with new version

ran shell command "cargo set-version --package policy-server --package kwctl 1.36.0-alpha"

Update kubewarden-crds Helm chart version in Hauler manifest

change detected: * key "$.spec.charts[0].version" updated from "1.27.0" to "1.28.0", in file "charts/hauler_manifest.yaml"

Update Helm chart kubewarden-defaults version

change detected: * key "$.version" updated from "3.13.0" to "3.14.0", in file "charts/kubewarden-defaults/Chart.yaml"

Update kubewarden-controller auto-install annotation

change detected: * key "$.annotations.'catalog.cattle.io/auto-install'" updated from "kubewarden-crds=1.27.0" to "kubewarden-crds=1.28.0", in file "charts/kubewarden-controller/Chart.yaml"

Update Helm chart kubewarden-controller README

1 file(s) updated with "[](https://github.com/kubewarden/community/blob/main/REPOSITORIES.md#core-scope)\n[](https://github.com/kubewarden/community/blob/main/REPOSITORIES.md#stable)\n[](https://artifacthub.io/packages/search?repo=kubewarden&kind=0&verified_publisher=true&official=true&cncf=true&sort=relevance&page=1)\n[](https://www.bestpractices.dev/projects/6502)\n[](https://app.fossa.com/projects/custom%252B25850%252Fgithub.com%252Fkubewarden%252Fkubewarden-controller?ref=badge_shield)\n[](https://scorecard.dev/viewer/?uri=github.com/kubewarden/adm-controller)\n[](https://clomonitor.io/projects/cncf/kubewarden)\n\nKubewarden is a Kubernetes Dynamic Admission Controller that uses policies written\nin WebAssembly.\n\nFor more information refer to the [official Kubewarden website](https://kubewarden.io/).\n\n# Kubewarden Admission Controller - Monorepo\n\nThis repository is a monorepo containing the source code for all the different\ncomponents of the Kubewarden Admission Controller:\n\n- **adm-controller**: A Kubernetes controller that allows you to dynamically register Kubewarden admission policies and reconcile them with the Kubernetes webhooks of the cluster where it's deployed\n- **policy-server**: The runtime component that evaluates admission policies written in WebAssembly\n- **audit-scanner**: A component that scans existing resources in the cluster against registered policies\n- **kwctl**: A CLI tool for testing and managing Kubewarden policies\n\n## Documentation\n\nThe full and exhaustive documentation is available at [docs.kubewarden.io](https://docs.kubewarden.io).\n\nThe [`docs/`](./docs) folder contains README files for each component:\n\n- [Controller](./docs/controller)\n- [Policy Server](./docs/policy-server)\n- [Audit Scanner](./docs/audit-scanner)\n- [kwctl](./docs/kwctl)\n- [CRDs](./docs/crds)\n\n## Installation\n\nThe adm-controller can be deployed using a Helm chart. For instructions,\nsee https://charts.kubewarden.io.\n\nPlease refer to our [quickstart](https://docs.kubewarden.io/quick-start) for more details.\n\n# Software bill of materials & provenance\n\nAll Kubewarden components has its software bill of materials (SBOM) and build\n[Provenance](https://slsa.dev/spec/v1.0/provenance) information published every\nrelease. It follows the [SPDX](https://spdx.dev/) format and\n[SLSA](https://slsa.dev/provenance/v0.2#schema) provenance schema.\nBoth of the files are generated by [Docker\nbuildx](https://docs.docker.com/build/metadata/attestations/) during the build\nprocess and stored in the container registry together with the container image\nas well as upload in the release page.\n\nYou can find them together with the signature and certificate used to sign it\nin the [release\nassets](https://github.com/kubewarden/adm-controller/releases), and\nattached to the image as JSON-encoded documents following the [in-toto SPDX\npredicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md)\nformat. You can obtain them with\n[`crane`](https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md)\nor [`docker buildx imagetools\ninspect`](https://docs.docker.com/reference/cli/docker/buildx/imagetools/inspect).\n\nYou can verify the container image with:\n\n```shell\ncosign verify-blob --certificate-oidc-issuer=https://token.actions.githubusercontent.com \\\n --certificate-identity=\"https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>\" \\\n --bundle controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \\\n controller-attestation-amd64-provenance.intoto.jsonl\n```\n\nTo verify the attestation manifest and its layer signatures:\n\n```shell\ncosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \\\n --certificate-identity=\"https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>\" \\\n ghcr.io/kubewarden/adm-controller/controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e\n```\n\n> [!NOTE]\n> All the commands and file locations used in this section to validate the\n> controller components can be used to verify all the others Kubewarden\n> components as well.\n\nThat sha256 hash is the digest of the attestation manifest or its layers.\nTherefore, you need to find this hash in the registry using the UI or tools\nlike `crane`. For example, the following command will show you all the\nattestation manifests of the `latest` tag:\n\n```shell\ncrane manifest ghcr.io/kubewarden/adm-controller/controller:latest | jq '.manifests[] | select(.annotations[\"vnd.docker.reference.type\"]==\"attestation-manifest\")'\n{\n \"mediaType\": \"application/vnd.oci.image.manifest.v1+json\",\n \"digest\": \"sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8\",\n \"size\": 1655,\n \"annotations\": {\n \"vnd.docker.reference.digest\": \"sha256:611d499ec9a26034463f09fa4af4efe2856086252d233b38e3fc31b0b982d369\",\n \"vnd.docker.reference.type\": \"attestation-manifest\"\n },\n \"platform\": {\n \"architecture\": \"unknown\",\n \"os\": \"unknown\"\n }\n}\n{\n \"mediaType\": \"application/vnd.oci.image.manifest.v1+json\",\n \"digest\": \"sha256:e0cd736c2241407114256e09a4cdeef55eb81dcd374c5785c4e5c9362a0088a2\",\n \"size\": 1655,\n \"annotations\": {\n \"vnd.docker.reference.digest\": \"sha256:03e5db83a25ea2ac498cf81226ab8db8eb53a74a2c9102e4a1da922d5f68b70f\",\n \"vnd.docker.reference.type\": \"attestation-manifest\"\n },\n \"platform\": {\n \"architecture\": \"unknown\",\n \"os\": \"unknown\"\n }\n}\n```\n\nThen you can use the `digest` field to verify the attestation manifest and its\nlayers signatures.\n\n```shell\ncosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \\\n --certificate-identity=\"https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>\" \\\n ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8\n\ncrane manifest ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8\n{\n \"schemaVersion\": 2,\n \"mediaType\": \"application/vnd.oci.image.manifest.v1+json\",\n \"config\": {\n \"mediaType\": \"application/vnd.oci.image.config.v1+json\",\n \"digest\": \"sha256:eda788a0e94041a443eca7286a9ef7fce40aa2832263f7d76c597186f5887f6a\",\n \"size\": 463\n },\n \"layers\": [\n {\n \"mediaType\": \"application/vnd.in-toto+json\",\n \"digest\": \"sha256:563689cdee407ab514d057fe2f8f693189279e10bfe4f31f277e24dee00793ea\",\n \"size\": 94849,\n \"annotations\": {\n \"in-toto.io/predicate-type\": \"https://spdx.dev/Document\"\n }\n },\n {\n \"mediaType\": \"application/vnd.in-toto+json\",\n \"digest\": \"sha256:7ce0572628290373e17ba0bbb44a9ec3c94ba36034124931d322ca3fbfb768d9\",\n \"size\": 7363045,\n \"annotations\": {\n \"in-toto.io/predicate-type\": \"https://spdx.dev/Document\"\n }\n },\n {\n \"mediaType\": \"application/vnd.in-toto+json\",\n \"digest\": \"sha256:dacf511c5ec7fd87e8692bd08c3ced2c46f4da72e7271b82f1b3720d5b0a8877\",\n \"size\": 71331,\n \"annotations\": {\n \"in-toto.io/predicate-type\": \"https://spdx.dev/Document\"\n }\n },\n {\n \"mediaType\": \"application/vnd.in-toto+json\",\n \"digest\": \"sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d\",\n \"size\": 980,\n \"annotations\": {\n \"in-toto.io/predicate-type\": \"https://spdx.dev/Document\"\n }\n },\n {\n \"mediaType\": \"application/vnd.in-toto+json\",\n \"digest\": \"sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca\",\n \"size\": 13838,\n \"annotations\": {\n \"in-toto.io/predicate-type\": \"https://slsa.dev/provenance/v0.2\"\n }\n }\n ]\n}\n\ncosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \\\n --certificate-identity=\"https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@<TAG TO VERIFY>\" \\\n ghcr.io/kubewarden/adm-controller/controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d\n```\n\nNote that each attestation manifest (for each architecture) has its own layers.\nEach layer is a different SBOM SPDX or provenance file generated by Docker\nBuildx during the multi stage build process. You can also use `crane` to\ndownload the attestation file:\n\n```shell\ncrane blob ghcr.io/kubewarden/adm-controller/controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca\n```\n\n## Security disclosure\n\nSee [SECURITY.md](https://github.com/kubewarden/community/blob/main/SECURITY.md) on the kubewarden/community repo.\n\n# Changelog\n\nSee [GitHub Releases content](https://github.com/kubewarden/adm-controller/releases).\n": * charts/kubewarden-controller/README.md

Update Helm chart kubewarden-controller image tag

change detected: * key "$.image.tag" updated from "v1.35.0" to "v1.36.0-alpha", in file "charts/kubewarden-controller/values.yaml"

Update Helm chart policy-server version

change detected: * key "$.policyServer.image.tag" updated from "v1.35.0" to "v1.36.0-alpha", in file "charts/kubewarden-defaults/values.yaml"

Update Helm chart kubewarden-controller appVersion

change detected: * key "$.appVersion" updated from "v1.35.0" to "v1.36.0-alpha", in file "charts/kubewarden-controller/Chart.yaml"

Update Helm chart kubewarden-defaults appVersion

change detected: * key "$.appVersion" updated from "v1.35.0" to "v1.36.0-alpha", in file "charts/kubewarden-defaults/Chart.yaml"

Update kubewarden-defaults Helm chart version in Hauler manifest

change detected: * key "$.spec.charts[2].version" updated from "3.13.0" to "3.14.0", in file "charts/hauler_manifest.yaml"

Update kubewarden-defaults auto-install annotation

change detected: * key "$.annotations.'catalog.cattle.io/auto-install'" updated from "kubewarden-crds=1.27.0" to "kubewarden-crds=1.28.0", in file "charts/kubewarden-defaults/Chart.yaml"

Update Helm chart kubewarden-crds appVersion

change detected: * key "$.appVersion" updated from "v1.35.0" to "v1.36.0-alpha", in file "charts/kubewarden-crds/Chart.yaml"

Update Helm chart audit-scanner version

change detected: * key "$.auditScanner.image.tag" updated from "v1.35.0" to "v1.36.0-alpha", in file "charts/kubewarden-controller/values.yaml"

Update kubewarden-controller Helm chart version in Hauler manifest

change detected: * key "$.spec.charts[1].version" updated from "5.13.0" to "5.14.0", in file "charts/hauler_manifest.yaml"

Update Helm chart kubewarden-crds version

change detected: * key "$.version" updated from "1.27.0" to "1.28.0", in file "charts/kubewarden-crds/Chart.yaml"

GitHub Action workflow link

---

Created automatically by Updatecli Options: Most of Updatecli configuration is done via its manifest(s). If you close this pull request, Updatecli will automatically reopen it, the next time it runs. If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made. Feel free to report any issues at github.com/updatecli/updatecli. If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!