Merge branch 'main' into modular-observability-adr

Author: cjnolan

.github/CODEOWNERS

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2025 Intel Corporation
+# SPDX-FileCopyrightText: 2026 Intel Corporation
 #
 # SPDX-License-Identifier: Apache-2.0
 
@@ -7,10 +7,10 @@
 # someone opens a pull request.
 
 # Everything requires Platform team review by default
-* @johnoloughlin @garyloug @palade @rranjan3 @krishnajs @scottmbaker @damiankopyto @cjnolan @SushilLakra @soniabha-intc @guptagunjan @sys-orch-approve @ram-srini @shankarsrinivas1 @sunil-parida @vigneshintel
+* @johnoloughlin @garyloug @palade @rranjan3 @krishnajs @scottmbaker @damiankopyto @cjnolan @SushilLakra @soniabha-intc @guptagunjan @sys-orch-approve @ram-srini @shankarsrinivas1 @sunil-parida
 
 # CI files
-.github/ @adimoft @daveroge @shanedonohue @manilk1x @johnoloughlin @garyloug @palade @rranjan3 @krishnajs @scottmbaker @damiankopyto @cjnolan @SushilLakra @soniabha-intc @guptagunjan @sys-orch-approve @ram-srini @shankarsrinivas1 @sunil-parida @vigneshintel
+.github/ @adimoft @daveroge @shanedonohue @manilk1x @johnoloughlin @garyloug @palade @rranjan3 @krishnajs @scottmbaker @damiankopyto @cjnolan @SushilLakra @soniabha-intc @guptagunjan @sys-orch-approve @ram-srini @shankarsrinivas1 @sunil-parida
 
 # Dependabot is used to manage dependencies in this repository. It is configured to automatically open pull requests to
 # update dependencies when new versions are available. The following files are managed by Dependabot and do not require

.github/actions/deploy_kind/action.yaml

@@ -49,7 +49,7 @@ runs:
 
   - name: Setup asdf and install dependencies
     id: install-deps
-    uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+    uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
   - name: Print current git hash
     shell: bash

.github/actions/deploy_on_prem/action.yaml

@@ -31,7 +31,7 @@ runs:
 
     - name: Setup asdf and install dependencies
       id: install-deps
-      uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+      uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
     - name: Check Oras
       run: |

.github/workflows/auto-update.yml

@@ -34,7 +34,7 @@ jobs:
           persist-credentials: false
 
       - name: Update pull requests
-        uses: open-edge-platform/orch-ci/.github/actions/pr_updater@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # 2026.0.17
+        uses: open-edge-platform/orch-ci/.github/actions/pr_updater@d40dfda9598df896aa20cb1dc2c950d6444e8fa7  # 2026.0.19
         with:
           github_token: ${{ secrets.SYS_EMF_GH_TOKEN }}
 

.github/workflows/post-merge-scorecard.yml

@@ -20,7 +20,7 @@ jobs:
       id-token: write
       contents: read
 
-    uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # 2026.0.17
+    uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@d40dfda9598df896aa20cb1dc2c950d6444e8fa7  # 2026.0.19
     with:
       project_folder: "."
     secrets:

.github/workflows/test-migration.yml

@@ -53,7 +53,7 @@ jobs:
             ${{ runner.os }}-go-
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run test
         run: mage test:ChartsAvailableOnReleaseService
@@ -81,7 +81,7 @@ jobs:
             ${{ runner.os }}-go-
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Inject default commonName for nginx-ingress-pxe-boots
         run: |

.github/workflows/upgrade.yml

@@ -34,7 +34,7 @@ jobs:
 
       - name: Setup asdf and install dependencies
         id: install-deps
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Deploy Orchestrator ${{ matrix.version-tags }}
         env:

.github/workflows/virtual-integration.yml

@@ -39,7 +39,7 @@ jobs:
     if: github.event_name == 'pull_request'
     permissions:
       contents: read
-    uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # 2026.0.17
+    uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@d40dfda9598df896aa20cb1dc2c950d6444e8fa7  # 2026.0.19
     with:
       run_version_check: false
       run_build: false
@@ -65,7 +65,7 @@ jobs:
         contains(steps.check-files.outputs.changed_files, 'argocd/applications/values.yaml') ||
         contains(steps.check-files.outputs.changed_files, 'on-prem-installers') ||
         contains(steps.check-files.outputs.changed_files, 'orch-configs') ||
-        contains(steps.check-files.outputs.changed_files, 'installer/generate_cluster_yaml.sh') }}
+        contains(steps.check-files.outputs.changed_files, 'on-prem-installers/onprem/generate_cluster_yaml.sh') }}
       onboarding: ${{ contains(steps.check-files.outputs.changed_files, 'argocd/applications/templates/infra-') || contains(steps.check-files.outputs.changed_files, 'argocd/applications/values.yaml') }}
       shell: ${{ contains(steps.check-files.outputs.changed_files, '.sh') || contains(steps.check-files.outputs.changed_files, '.bash') }}
       terraform: ${{ contains(steps.check-files.outputs.changed_files, '.hcl') || contains(steps.check-files.outputs.changed_files, '.tf') || contains(steps.check-files.outputs.changed_files, '.tfvars') }}
@@ -81,7 +81,7 @@ jobs:
 
       - name: Discover Changed Files
         id: check-files
-        uses: open-edge-platform/orch-ci/discover-changed-files@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # 2026.0.8 # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/discover-changed-files@d40dfda9598df896aa20cb1dc2c950d6444e8fa7  # 2026.0.8 # zizmor: ignore[unpinned-uses]
         with:
           project_folder: "."
 
@@ -157,7 +157,7 @@ jobs:
           git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run lint
         run: mage -v lint:markdown
@@ -178,7 +178,7 @@ jobs:
           persist-credentials: false
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run lint
         working-directory: on-prem-installers
@@ -200,7 +200,7 @@ jobs:
           persist-credentials: false
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run lint
         run: mage lint:terraform
@@ -224,7 +224,7 @@ jobs:
         run: echo "ASDF_YAMLLINT_PIP_PACKAGES=pyyaml" >> $GITHUB_ENV
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]  
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b  
       - name: Run lint
         run: mage lint:yaml
 
@@ -244,7 +244,7 @@ jobs:
           persist-credentials: false
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run lint
         run: mage lint:helm
@@ -271,7 +271,7 @@ jobs:
           git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run lint
         run: mage lint:golang
@@ -304,7 +304,7 @@ jobs:
           git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Run lint
         run: |
@@ -363,7 +363,7 @@ jobs:
           git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
 
       - name: Setup asdf and install dependencies
-        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+        uses: open-edge-platform/orch-ci/.github/actions/setup-asdf@b6610539eb98ed7bd5903e6629e48c1da39d883b
 
       - name: Get version tag
         id: get_version_tag
@@ -408,39 +408,6 @@ jobs:
         with:
           registry: 080137407410.dkr.ecr.us-west-2.amazonaws.com
 
-      - name: Build Cloud Installer and release bundle artifacts
-        run: |
-          mage installer:build
-          mage installer:bundle
-
-      - name: Scan Cloud Installer Image
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # 0.34.2
-        with:
-          image-ref: 080137407410.dkr.ecr.us-west-2.amazonaws.com/edge-orch/common/orchestrator-installer-cloudfull:${{ env.versionTag }}
-          format: table
-          output: "trivy-orchestrator-installer-cloudfull.txt"
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'HIGH,CRITICAL'
-          exit-code: '0'
-
-      - name: Calculate MD5 Checksum
-        id: checksum
-        run: |
-          md5sum_value=$(md5sum "trivy-orchestrator-installer-cloudfull.txt" | cut -d " " -f 1)
-          echo "md5sum is $md5sum_value"
-          echo "md5sum_value=$md5sum_value" >> "$GITHUB_ENV"
-
-      - name: Upload Trivy Image Scan Report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
-        with:
-          name: trivy-scan-report-orchestrator-installer-cloudfull-${{ env.md5sum_value }}
-          path: trivy-orchestrator-installer-cloudfull.txt
-
-      - name: Publish Cloud Installer artifact
-        if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' )
-        run: mage publish:cloudInstaller
-
       - name: Build release manifest artifact
         if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' )
         run: |
@@ -900,7 +867,7 @@ jobs:
       id-token: write
       actions: read
     if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' )
-    uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # 2026.0.17
+    uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@d40dfda9598df896aa20cb1dc2c950d6444e8fa7  # 2026.0.19
     with:
       run_build: false
       run_version_tag: false

.tool-versions

@@ -2,8 +2,8 @@ argocd 2.10.10
 awscli 2.17.52
 docker-compose-v1 2.40.3
 ginkgo 2.23.4
-golang 1.25.7
-golangci-lint 2.8.0
+golang 1.26.1
+golangci-lint 2.11.4
 grpcurl 1.8.9
 helm 3.11.1
 helm-diff 3.6.0