Removing sensitive data#3324
Merged
Merged
Conversation
## Type of change **Documentation** This PR adds a new article documenting the Requests section of the Chainguard Console, which allows customers to submit and track requests for new Chainguard resources (container images, packages, and Helm charts). It also adjusts the sidebar weight of the Unique Tags article to accommodate the new page in the navigation order. ## What should this PR do? resolves chainguard-dev/internal#5685 ## Why are we making this change? The Chainguard Console recently launched a new Requests section (currently in beta) that gives customers a self-service way to request resources Chainguard doesn't yet offer. Without documentation, customers may not know this feature exists or understand how to use it effectively — including its prerequisites (verified organization membership), the request submission workflow, upvoting mechanics, and the limitations on what Chainguard can build. ## What are the acceptance criteria? - The new article renders correctly at its expected path under the chainguard-images/features/ section. - The page accurately reflects the current state of the Requests section in the Console, including the three tabs (My requests, Active builds, Community requests), the required and optional form fields, and the status values. - The beta disclaimer is clearly visible. - The sidebar ordering is correct after the weight adjustment to unique-tags/index.md. - All internal links (e.g., to verified orgs, Catalog Pricing) resolve correctly. ## How should this PR be tested? 1. [preview link](https://deploy-preview-3030--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/request-resources/) 2. Cross-reference the article against the live Requests section of the Chainguard Console to verify accuracy of UI descriptions (tabs, columns, form fields, status values). 3. Click through to the article and verify it renders without errors. --------- Signed-off-by: Mark Drake <mark@chainguard.dev>
[ x ] Check if this is a typo or other quick fix and ignore the rest :) Signed-off-by: Mark Drake <mark@chainguard.dev>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 What's new</h2> <h3>Direct Uploads</h3> <p>Adds support for uploading single files directly (unzipped). Callers can set the new <code>archive</code> parameter to <code>false</code> to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The <code>name</code> parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.</p> <h3>ESM</h3> <p>To support new versions of the <code>@actions/*</code> packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Add proxy integration test by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> <li>Upgrade the module to ESM and bump dependencies by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li> <li>Support direct file uploads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a> Support direct file uploads (<a href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a> Upgrade the module to ESM and bump dependencies (<a href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a> from actions/Link-/add-proxy-integration-tests</li> <li><a href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a> Add proxy integration test</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [chainguard-dev/actions](https://github.com/chainguard-dev/actions) and [actions/setup-go](https://github.com/actions/setup-go). Updates `step-security/harden-runner` from 2.14.2 to 2.15.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.15.0</h2> <h2>What's Changed</h2> <h3>Windows and macOS runner support</h3> <p>We are excited to announce that Harden Runner now supports <strong>Windows and macOS runners</strong>, extending runtime security beyond Linux for the first time.</p> <p>Insights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0">https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/a90bcbc6539c36a85cdfeb73f7e2f433735f215b"><code>a90bcbc</code></a> Update readme (<a href="https://redirect.github.com/step-security/harden-runner/issues/637">#637</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/f0a59d88538059e010b6ebd90b74e2740a6d05fc"><code>f0a59d8</code></a> Release v2.15.0 (<a href="https://redirect.github.com/step-security/harden-runner/issues/639">#639</a>)</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/5ef0c079ce82195b2a36a210272d6b661572d83e...a90bcbc6539c36a85cdfeb73f7e2f433735f215b">compare view</a></li> </ul> </details> <br /> Updates `chainguard-dev/actions` from 1.6.4 to 1.6.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chainguard-dev/actions/releases">chainguard-dev/actions's releases</a>.</em></p> <blockquote> <h2>v1.6.5</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /wolfi-build-pkg by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/773">chainguard-dev/actions#773</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /melange-build by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/772">chainguard-dev/actions#772</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /gofmt by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/769">chainguard-dev/actions#769</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /inky-build-pkg by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/771">chainguard-dev/actions#771</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /goimports by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/770">chainguard-dev/actions#770</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/768">chainguard-dev/actions#768</a></li> <li>build(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/774">chainguard-dev/actions#774</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/actions/compare/v1.6.4...v1.6.5">https://github.com/chainguard-dev/actions/compare/v1.6.4...v1.6.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chainguard-dev/actions/commit/71714a76c3df10b544595a2294c16649dc3472e5"><code>71714a7</code></a> build(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/774">#774</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/4993bf2bf3a792a4b5d7f15c7147edff5eeac44c"><code>4993bf2</code></a> build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/768">#768</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/24f524c087cb098a3ef0ee35c3d16c2b1c911e80"><code>24f524c</code></a> build(deps): bump chainguard-dev/actions in /goimports (<a href="https://redirect.github.com/chainguard-dev/actions/issues/770">#770</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/9b2d2409de5f266ed6f9c43cf17d2e0547bd2092"><code>9b2d240</code></a> build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /gofmt (<a href="https://redirect.github.com/chainguard-dev/actions/issues/769">#769</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/76cbd2a0c9c75daf1198a8b54d82f237a640d057"><code>76cbd2a</code></a> build(deps): bump chainguard-dev/actions in /inky-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/771">#771</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/8c80352537314f2503eb6c51dc9f95ce2ac8e72b"><code>8c80352</code></a> build(deps): bump chainguard-dev/actions in /melange-build (<a href="https://redirect.github.com/chainguard-dev/actions/issues/772">#772</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/4fd2188857a2ddc80d513c4445a99203c894f39e"><code>4fd2188</code></a> build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/773">#773</a>)</li> <li>See full diff in <a href="https://github.com/chainguard-dev/actions/compare/eab208ef2d05b13404296a5e194a6b237e8bb213...71714a76c3df10b544595a2294c16649dc3472e5">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-go` from 6.2.0 to 6.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <ul> <li>Update default Go module caching to use go.mod by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/705">actions/setup-go#705</a></li> <li>Fix golang download url to go.dev by <a href="https://github.com/178inaba"><code>@178inaba</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/469">actions/setup-go#469</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.3.0">https://github.com/actions/setup-go/compare/v6...v6.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4b73464bb391d4059bd26b0524d20df3927bd417"><code>4b73464</code></a> Fix golang download url to go.dev (<a href="https://redirect.github.com/actions/setup-go/issues/469">#469</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/a5f9b05d2d216f63e13859e0d847461041025775"><code>a5f9b05</code></a> Update default Go module caching to use go.mod (<a href="https://redirect.github.com/actions/setup-go/issues/705">#705</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-go/compare/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5...4b73464bb391d4059bd26b0524d20df3927bd417">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.2 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/setup-terraform/releases">hashicorp/setup-terraform's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>BREAKING CHANGES:</p> <ul> <li>Upgrade to Node.js 24 - setup-terraform now requires Node.js 24 (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/503">#503</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md">hashicorp/setup-terraform's changelog</a>.</em></p> <blockquote> <h2>4.0.0 (2026-02-24)</h2> <p>BREAKING CHANGES:</p> <ul> <li>Upgrade to Node.js 24 - setup-terraform now requires Node.js 24 (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/503">#503</a>)</li> </ul> <h2>3.1.2 (2024-08-19)</h2> <p>NOTES:</p> <ul> <li>This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/430">#430</a>)</li> </ul> <h2>3.1.1 (2024-05-07)</h2> <p>BUG FIXES:</p> <ul> <li>wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/395">#395</a>)</li> </ul> <h2>3.1.0 (2024-04-23)</h2> <p>ENHANCEMENTS:</p> <ul> <li>Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/409">#409</a>)</li> </ul> <h2>3.0.0 (2023-10-30)</h2> <p>NOTES:</p> <ul> <li>Updated default runtime to node20 (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/346">#346</a>)</li> <li>The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with <code>v3.0.0</code>, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/367">#367</a>)</li> </ul> <p>BUG FIXES:</p> <ul> <li>Fixed malformed stdout when wrapper is enabled (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/367">#367</a>)</li> </ul> <h1>[2.0.3] (2022-11-01)</h1> <h3>NOTES</h3> <ul> <li>Reduced occurrences of GitHub Actions warnings for setting output <a href="https://redirect.github.com/hashicorp/setup-terraform/pull/247">#247</a></li> </ul> <h1>[2.0.2] (2022-10-12)</h1> <h3>BUG FIXES</h3> <ul> <li>Update 2.0.1 release metadata by <a href="https://github.com/jpogran"><code>@jpogran</code></a> in <a href="https://redirect.github.com/hashicorp/setup-terraform/pull/253">hashicorp/setup-terraform#253</a></li> <li><code>README.md</code> updates - direct links to license and code of conduct, updated GitHub documents link by <a href="https://github.com/magnetikonline"><code>@magnetikonline</code></a> in <a href="https://redirect.github.com/hashicorp/setup-terraform/pull/244">hashicorp/setup-terraform#244</a></li> </ul> <h3>INTERNAL</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/setup-terraform/commit/5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85"><code>5e8dbf3</code></a> Update package version</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/6eb9b2a22389a3419646e3b001ce90f51666e817"><code>6eb9b2a</code></a> Update changelog</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/af062bceb50aa1363971478c491fbddca688a2fa"><code>af062bc</code></a> feat: upgrade to node 24 (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/503">#503</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/ce70bcf31a3711a1efd50b61e7216b0196b6f4f1"><code>ce70bcf</code></a> Bump <code>@actions/github</code> from 7.0.0 to 8.0.0 (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/528">#528</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/d92091bb128ffc4851aaa3d50315dd50f818161f"><code>d92091b</code></a> Bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions group (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/527">#527</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/dcc3150f6037c0405dd84cb44d1d91ebbaa96514"><code>dcc3150</code></a> Bump actions/setup-node from 6.1.0 to 6.2.0 in the github-actions group (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/525">#525</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/93d5a27adc7ac26085422db72568ae486f091042"><code>93d5a27</code></a> Bump <code>@actions/github</code> from 6.0.1 to 7.0.0 (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/523">#523</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/92e4d08fe1d24283952afa28216efa8f4ed5aeab"><code>92e4d08</code></a> Bump dessant/lock-threads in the github-actions group (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/519">#519</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/071811a16241b026a69d0c8823fc3d7c54385db5"><code>071811a</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/517">#517</a>)</li> <li><a href="https://github.com/hashicorp/setup-terraform/commit/712b43959e9be7e82c34d18450fa5ec3237af3f1"><code>712b439</code></a> Bump actions/checkout from 5.0.0 to 6.0.0 in the github-actions group (<a href="https://redirect.github.com/hashicorp/setup-terraform/issues/515">#515</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/setup-terraform/compare/b9cd54a3c349d3f38e8881555d616ced269862dd...5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
## Summary - Adds `if: github.repository == 'chainguard-dev/edu'` to all workflow jobs that were missing it - Prevents unintended runs in forks (deployments, GCS uploads, container pushes, GitHub releases, secret access) ## Workflows updated - `compile-docs.yml` - `compile-docs-on-webhook.yml` - `compile-public-docs.yml` - `compile-ai-docs-from-gcs.yaml` - `export-edu-docs-to-gcs.yaml` The remaining 6 workflows already had this condition in place. ## Test plan - [ ] Verify workflows still run normally on pushes to `main` in this repo - [ ] Confirm jobs are skipped when triggered from a fork 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…ation (#3036) Plan to add these docs after we migrate over to R2 on March 4. Signed-off-by: angela-zhang <30538317+angela-zhang@users.noreply.github.com>
## Type of change **Documentation update** Update docs for the Console's image SBOM tab to reflect current UI and functionality. ## What should this PR do? resolves chainguard-dev/internal#5689 ## Why are we making this change? The Console's SBOM tab has been updated — it now has six columns (adding Type and Subpath), a Download button with a drop-down to choose between SPDX and CycloneDX formats, and two drop-down menus instead of one. The existing docs were out of date and referenced outdated screenshots. ## What are the acceptance criteria? - The Images Directory doc accurately describes the six-column SBOM table - The Retrieve Image SBOMs doc correctly describes how to download SBOMs in both SPDX and CycloneDX formats from the Console - Screenshots reflect the current Console UI ## How should this PR be tested? 1. Navigate to the updated pages in the deploy preview * [Using the Chainguard Console](https://deploy-preview-3042--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/images-directory/) * [How to Retrieve SBOMs and attestations for Chainguard Containers](https://deploy-preview-3042--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/retrieve-image-sboms/) 2. Verify the SBOM tab description matches the current Console UI (six columns, two drop-downs, Download button with format options) 3. Confirm the new screenshot shows the nginx SBOM tab with the Download drop-down visible --------- Signed-off-by: Mark Drake <mark@chainguard.dev>
[ x ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change <!-- Please be sure to add the appropriate label to your PR. --> This PR bumps the node version used in the cloud-run.yaml workflow, as the older version does not have `ReadableStream`, which is causing errors with the terraform wrapper Signed-off-by: Mark Drake <mark@chainguard.dev>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change clarify wording ### What should this PR do? - Explains that Maven is the primary source, but other platforms are supported - Add mention of Confluent and Gradle plugins to the list of other sources ### Why are we making this change? Internal/customer feedback. [Slack thread here](https://chainguard-dev.slack.com/archives/C085187D8RE/p1767978789904909). --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
Add one FAQ for CA based on a customer ticket: [ZD-7857](https://chainguardhelp.zendesk.com/agent/tickets/7857) --------- Signed-off-by: Mark Drake <33191761+SharpRake@users.noreply.github.com> Co-authored-by: Mark Drake <33191761+SharpRake@users.noreply.github.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update the tool used for default search functionality in the docs site, and add a Kapa button below search ### What should this PR do? Disable FlexSearch, add Algolia DocSearch, move Kapa search into button below search bar ### Why are we making this change? to improve search functionality ### What are the acceptance criteria? - Basic search (not Kapa AI search) works as expected - when you search a phrase, it returns expected results - Kapa search modal appears as expected ### How should this PR be tested? In the deploy preview, search for something in the basic search functionality and verify that it returns expected results --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev> Signed-off-by: s-stumbo <100295939+s-stumbo@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Garry Ing <garry@chainguard.dev>
[ x ] Check if this is a typo or other quick fix and ignore the rest :) Signed-off-by: Mark Drake <mark@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Wording update ### What should this PR do? Make it clear that you "download" library artifacts ### Why are we making this change? Internal request ### What are the acceptance criteria? Content should be accurate Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
[] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update appearance of the floating Kapa button ### How should this PR be tested? Make sure the colors look right on light and dark mode --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
[X ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Changing Kapa modal image to square version Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
[ x ] Check if this is a typo or other quick fix and ignore the rest :) resolves chainguard-dev/internal#5729 Signed-off-by: Mark Drake <mark@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
[x] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change <!-- Please be sure to add the appropriate label to your PR. --> ### What should this PR do? <!-- Does this PR resolve an issue? Please include a reference to it. --> ### Why are we making this change? <!-- What larger problem does this PR address? --> ### What are the acceptance criteria? <!-- What should be happening for this PR to be accepted? Please list criteria. --> <!-- Do any stakeholders need to be tagged in this review? If so, please add them. --> ### How should this PR be tested? <!-- What should your reviewer do to test this PR? Please list steps. --> Signed-off-by: Alan Carson <acarson@cloudsmith.io>
[X] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update chainctl command based on internal feedback that the `./` in `./venv/` was redundant Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.3 to 1.9.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/bandit/releases">bandit's releases</a>.</em></p> <blockquote> <h2>1.9.4</h2> <h2>What's Changed</h2> <ul> <li>chore: fixed some typos in comments by <a href="https://github.com/jakob1379"><code>@jakob1379</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1351">PyCQA/bandit#1351</a></li> <li>Bump docker/login-action from 3.6.0 to 3.7.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/PyCQA/bandit/pull/1353">PyCQA/bandit#1353</a></li> <li>Bump docker/build-push-action from 6.18.0 to 6.19.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/PyCQA/bandit/pull/1357">PyCQA/bandit#1357</a></li> <li>Fix B613 crash when reading from stdin by <a href="https://github.com/worksbyfriday"><code>@worksbyfriday</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1361">PyCQA/bandit#1361</a></li> <li>Include filename in nosec 'no failed test' warning by <a href="https://github.com/worksbyfriday"><code>@worksbyfriday</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1363">PyCQA/bandit#1363</a></li> <li>Fix B615 false positive when revision is set via variable by <a href="https://github.com/worksbyfriday"><code>@worksbyfriday</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1358">PyCQA/bandit#1358</a></li> <li>Lower version guard in check_ast_node to Python 3.12 by <a href="https://github.com/rcgray"><code>@rcgray</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1355">PyCQA/bandit#1355</a></li> <li>Fix B106 reporting wrong line number on multiline function calls by <a href="https://github.com/worksbyfriday"><code>@worksbyfriday</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1360">PyCQA/bandit#1360</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jakob1379"><code>@jakob1379</code></a> made their first contribution in <a href="https://redirect.github.com/PyCQA/bandit/pull/1351">PyCQA/bandit#1351</a></li> <li><a href="https://github.com/worksbyfriday"><code>@worksbyfriday</code></a> made their first contribution in <a href="https://redirect.github.com/PyCQA/bandit/pull/1361">PyCQA/bandit#1361</a></li> <li><a href="https://github.com/rcgray"><code>@rcgray</code></a> made their first contribution in <a href="https://redirect.github.com/PyCQA/bandit/pull/1355">PyCQA/bandit#1355</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4">https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/bandit/commit/92ae8b82fb422a639f0ed8d99e96cea769594e08"><code>92ae8b8</code></a> Fix B106 reporting wrong line number on multiline function calls (<a href="https://redirect.github.com/PyCQA/bandit/issues/1360">#1360</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/c8c8a55c3307333b8eb46cb2ef46d49b1fad6546"><code>c8c8a55</code></a> Lower version guard in check_ast_node to Python 3.12 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1355">#1355</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/8f2f9284fca830ca017b2e2cc3ddc2a7b74b7040"><code>8f2f928</code></a> Fix B615 false positive when revision is set via variable (<a href="https://redirect.github.com/PyCQA/bandit/issues/1358">#1358</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/e27493f71c114e0e5dfc0a475d225d7f9f4a7e2b"><code>e27493f</code></a> Include filename in nosec 'no failed test' warning (<a href="https://redirect.github.com/PyCQA/bandit/issues/1363">#1363</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/b69b336450301d424e5ba04c9a58e8d41b7169b6"><code>b69b336</code></a> Fix B613 crash when reading from stdin (<a href="https://redirect.github.com/PyCQA/bandit/issues/1361">#1361</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/e418b798abcc3f2b00c07fd6315da8fe9aeead00"><code>e418b79</code></a> Bump docker/build-push-action from 6.18.0 to 6.19.2 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1357">#1357</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/ff646fd7e0e34fb350196fc58448fad17178c27a"><code>ff646fd</code></a> Bump docker/login-action from 3.6.0 to 3.7.0 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1353">#1353</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/c0def6c7ebab60f98c28ba759d488f4fbe6dae89"><code>c0def6c</code></a> chore: fixed some typos in comments (<a href="https://redirect.github.com/PyCQA/bandit/issues/1351">#1351</a>)</li> <li>See full diff in <a href="https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This fixes chainguard-dev/internal#5730 and chainguard-dev/internal#5731, the latter of which became an issue because it was super-outdated and the new small section being added to the Private APK Repos page links to it. I couldn't in good conscience link a new section to an outdated page. This PR: - Adds a section called **Using Private APK Repositories with Bazel rules for apko** to the **Chainguard's Private APK Repositories** page that uses a parallel construction to the existing section it follows and links to the Bazel page for more detail. - Rewrites most of the **Bazel Rules for apko** page as the existing page uses Bazel 6 and a number of deprecated features. It now uses Bazel 9, which was released earlier this week. I tested everything on the page extensively using the Chainguard Container for Bazel 9 on my local system. Please read for sanity, but the build and details are correct (and mostly discovered while figuring all this out). DocsTeam reviewers: Please check me on my headings. I used gerunds for headings that cover multiple sections of procedural steps and imperatives for individual steps. Is this what we use? I can't remember, but it seemed reasonable while I was in the writing flow. Now that we're reviewing, please help me get it right.
| Before | After | | -------- | ------- | | <img width="269" height="225" alt="Screenshot 2026-03-12 at 2 52 31 PM" src="https://github.com/user-attachments/assets/0729df98-ec4c-4903-a15b-a4fa6c9c3d01" /> | <img width="266" height="206" alt="Screenshot 2026-03-12 at 2 52 58 PM" src="https://github.com/user-attachments/assets/e9b7edea-5b50-4bb1-a8f0-f739e5404a8f" /> |
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change <!-- Please be sure to add the appropriate label to your PR. --> Add a note to address the different domain required for Azure Government Cloud customers. ### What should this PR do? <!-- Does this PR resolve an issue? Please include a reference to it. --> Update custom-idps/idp-providers/ms-entra-id/index.md with additional language. ### Why are we making this change? <!-- What larger problem does this PR address? --> Customer obsession ### What are the acceptance criteria? <!-- What should be happening for this PR to be accepted? Please list criteria. --> <!-- Do any stakeholders need to be tagged in this review? If so, please add them. --> Proper wording and placement? ### How should this PR be tested? <!-- What should your reviewer do to test this PR? Please list steps. --> I validated the domain already in my IdP setup, so the information is being added is valid. Someone else can test too if they have a .us domain.
Fixes [#5699](chainguard-dev/internal#5699)
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update to existing Chainguard Repo docs ### What should this PR do? Add info about configurable cooldown and pull-through cache ### Why are we making this change? Product update ### What are the acceptance criteria? Content should be clear and accurate, and should appear on pages where we talk about the cooldown ### How should this PR be tested? Review the deploy preview --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update to Libraries overview ### What should this PR do? Add content on build criteria, licensing and scope availability, version support ### Why are we making this change? Requested in this thread: https://chainguard-dev.slack.com/archives/C0962EGMS3F/p1777559146860869?thread_ts=1777405982.409859&cid=C0962EGMS3F Issue documented here: https://github.com/orgs/chainguard-dev/projects/166/views/14?pane=issue&itemId=182364463&issue=chainguard-dev%7Cinternal%7C5824 ### What are the acceptance criteria? Content should be clear and accurate and appear in the expected location ### How should this PR be tested? Review the deploy preview --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Remove page from public docs ### What should this PR do? Remove the "Updating bash on macOS" page, which is public/findable but not visible in the site menu ### Why are we making this change? It is a remnant of Enforce docs and is no longer relevant. Described in issue here: https://github.com/orgs/chainguard-dev/projects/166/views/14?pane=issue&itemId=175432058&issue=chainguard-dev%7Cinternal%7C5790 There is a PR open to move this content to the mono repo: chainguard-dev/mono#38700 ### How should this PR be tested? In deploy preview, the page should not be accessible Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update to JS build config docs ### What should this PR do? Adds info about clearing the caches, from Angela's draft: https://docs.google.com/document/d/13kMq9F1mUooOoLsIXN_EuAs51J8TLshw4D0-uZTK7p0/edit?tab=t.0#heading=h.pqhjvgw1gl4l ### Why are we making this change? Reduce friction in the user experience ### What are the acceptance criteria? Content should be clear and accurate and appear in expected location ### How should this PR be tested? Review deploy preview --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
## Type of change Adds a list of notifications categories ### What should this PR do? Fixes chainguard-dev/internal#5837 ### Why are we making this change? As a response to customer questions and to prevent customer questions ### What are the acceptance criteria? Did I get all three (the third has two subs)? Everything spelled correctly? Clear? ### How should this PR be tested? Check the [preview build](https://deploy-preview-3303--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/use-chainguard-notifications/#notification-categories) for formatting.
) ## Summary - Adds an explicit statement in the intro that the Chainguard GPOS SRG profile applies to all Chainguard Containers, including both FIPS and non-FIPS images - Clarifies in the Getting Started section that `wolfi-base:latest` is a non-FIPS example and any Chainguard Container can be substituted - Updates the Learn More section to open with a note that OpenSCAP validation works for both FIPS and non-FIPS images No commands or technical content changed — this was purely a framing gap. Closes chainguard-dev/internal#5820 ## Test plan - [ ] Verify page renders correctly at `/chainguard/chainguard-images/features/image-stigs/` - [ ] Confirm the three new/updated callouts read clearly and don't conflict with existing content 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update to the global config pages for JS, Java, and Python ### What should this PR do? Explain how to validate that Artifactory is successfully proxying Chainguard ### Why are we making this change? Requested here: chainguard-dev/internal#5807 ### What are the acceptance criteria? Content should be clear and accurate, and appear in the expected locations ### How should this PR be tested? Review the deploy preview. Test the steps described to validate Artifactory. --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update to JS global config docs ### What should this PR do? Add guidance for setting up GAR as a repo manager ### Why are we making this change? Customer reported issue. Thread here: https://chainguard-dev.slack.com/archives/C085187D8RE/p1777996617471599 ### What are the acceptance criteria? Content should be clear and accurate ### How should this PR be tested? View deploy preview --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev> Signed-off-by: s-stumbo <100295939+s-stumbo@users.noreply.github.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update to existing pages ### What should this PR do? Add that the cooldown applies globally to chainguard-built and upstream packages for JS libraries ### Why are we making this change? New functionality released ### What are the acceptance criteria? Content should be clear and accurate, and appear in the expected location ### How should this PR be tested? Review the deploy preview Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
…crets (#3304) ## Summary - Replaces hardcoded Artifactory tokens in `/etc/apk/repositories` with Docker build secrets (`--mount=type=secret`), preventing tokens from being stored in image layers or appearing in `docker history` - Combines repository configuration, package installation, and cleanup into a single `RUN` instruction so credentials never persist in a layer - Updates `docker build` commands to pass tokens via `--secret id=...,env=...` and non-sensitive config via `--build-arg` - Applies the same pattern to both the private APK (`cg-private`) and public repo (`cg-chainguard`, `cg-extras`) Dockerfiles Fixes: chainguard-dev/internal#5839 ## Test plan - [ ] Verify Dockerfiles render correctly in the [site preview](https://deploy-preview-3304--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/artifactory/artifactory-packages-pull-through/#testing-pull-through-from-private-apk-repository) - [ ] Confirm the `<<'EOF'` heredoc syntax is accurate (single-quoted to prevent shell expansion) - [ ] Spot-check that `--secret id=...,env=...` and `--mount=type=secret` syntax is correct for current Docker Buildx - [ ] Review for tone and style consistency with surrounding content 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
[ ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change Update existing Library Verification page ### What should this PR do? Update the command for verifying pnpm stores ### Why are we making this change? [Feedback](https://chainguard-dev.slack.com/archives/C085187D8RE/p1778206497044769) that the command doesn't work as-is for pnpm; you need to add `--store-dir` and point to that ### What are the acceptance criteria? Content should be clear and accurate ### How should this PR be tested? Review the deploy preview --------- Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
Adding info directly from customer success to help prevent support calls/tickets.
Platform docs autocommit Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: cpanato <4115580+cpanato@users.noreply.github.com>
This PR adds a page for Learning Labs April 2026 and updates the listing page to include the new one. It also adds the slides in the download folder.
[ X ] Check if this is a typo or other quick fix and ignore the rest :) ## Type of change <!-- Please be sure to add the appropriate label to your PR. --> ### What should this PR do? <!-- Does this PR resolve an issue? Please include a reference to it. --> ### Why are we making this change? <!-- What larger problem does this PR address? --> ### What are the acceptance criteria? <!-- What should be happening for this PR to be accepted? Please list criteria. --> <!-- Do any stakeholders need to be tagged in this review? If so, please add them. --> ### How should this PR be tested? <!-- What should your reviewer do to test this PR? Please list steps. --> Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Let's see if we can switch our EDU site to use Chainguard Libraries for our dependencies! To test, see if the site works.
reverting previous commit
We are enabling users to sign up for Chainguard as customers themselves and are calling it "self-serve". Because it will eventually cover many (all?) of our products, I have put the new page at the top of the product section of the documentation. There will eventually be a need for images in the page, which requires that the page be in a directory, so that's how that happened. This is rudimentary at the moment as the only way this can be done is via some new `chainctl` commands. This is also a pretty urgent request, so it isn't yet refined. This is truly the traditional open source MVP that will evolve and improve over time. Fixes chainguard-dev/internal#5842 but there will certainly be a newer issue created next week once Matthew meets with people working on the project and we move forward. This is baby step number one.
✅ Deploy Preview for ornate-narwhal-088216 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
zizmor found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
Member
|
No review or approval? How do you know you did not nuke a bunch of stuff .. the diff is huge. |
Collaborator
Author
|
I'm following GitHub support's directions. They have confirmed that this removed the offending commit from view and they are finalizing the cleaning on their side. |
Collaborator
Author
|
I agree that it looks (and felt) terrifying. |
Member
Totally agree .... good news is that sync on my fork and clone was fine. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Per https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository
This PR is the result of the
git push --force --mirror origincommand from the linked page.