From e56bef3a97a2d6ecb5d11c883638892203d7b3c1 Mon Sep 17 00:00:00 2001
From: NSMBot <nsmbot@networkservicmesh.io>
Date: Mon, 1 Apr 2024 11:01:30 +0000
Subject: [PATCH] Sync files with networkservicemesh/cmd-template

This PR syncs files with https://github.com/networkservicemesh/cmd-template

Revision: https://github.com/networkservicemesh/cmd-template/commits/6ff9c6645e2779730e2fa0e738c4e687cef95930

commit 6ff9c6645e2779730e2fa0e738c4e687cef95930
Author: Nikita Skrynnik <93182827+NikitaSkrynnik@users.noreply.github.com>
Date:   Mon Apr 1 17:05:29 2024 +0700

    run release workflow only when CI is completed for release branches (#128)

    Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
---
 .github/workflows/ci.yaml              | 6 +++---
 .github/workflows/docker-push-ghcr.yml | 5 -----
 .github/workflows/docker-push.yaml     | 5 -----
 .github/workflows/release.yml          | 6 ++++--
 SECURITY.md                            | 9 +++++++++
 5 files changed, 16 insertions(+), 15 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 7558d07..fb87d16 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -24,7 +24,7 @@ jobs:
   restrictNSMDeps:
     uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main
     with:
-      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp"
+      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp, govpp, vpphelper"
 
   checkgomod:
     uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main
@@ -32,8 +32,8 @@ jobs:
   gogenerate:
     uses: networkservicemesh/.github/.github/workflows/cmd-gogenerate.yaml@main
 
-  # excludereplace:
-  #   uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
+  excludereplace:
+    uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
 
   docker-build-and-test:
     if: github.repository != 'networkservicemesh/cmd-template'
diff --git a/.github/workflows/docker-push-ghcr.yml b/.github/workflows/docker-push-ghcr.yml
index f585d2a..a0a3d7c 100644
--- a/.github/workflows/docker-push-ghcr.yml
+++ b/.github/workflows/docker-push-ghcr.yml
@@ -4,11 +4,6 @@ name: Docker push ghcr
 on:
   push:
     branches: [main]
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   push:
     if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
index 0ebd305..d498b0b 100644
--- a/.github/workflows/docker-push.yaml
+++ b/.github/workflows/docker-push.yaml
@@ -4,11 +4,6 @@ on:
   push:
     branches:
       - main
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   push:
     if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c13055e..e595978 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,18 +7,20 @@ on:
       - completed
     workflows:
       - "ci"
+    branches:
+      - release/*
 jobs:
   get-tag:
     name: Get tag
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }}
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     outputs:
       tag: ${{ steps.get-tag-step.outputs.tag }}
     steps:
       - name: Get tag
         run: |
           branch=${{github.event.workflow_run.head_branch}}
-          echo '::set-output name=tag::'${branch#release/}
+          echo tag=${branch#release/} >> $GITHUB_OUTPUT
         id: get-tag-step
 
   check-gomod-deps:
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..52ed6d7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a security issue
+
+If you believe you have found a security issue in Network Service Mesh, please send a description of the issue to security@networkservicemesh.io. We will send a confirmation to acknowledge your report, and an additional email with the result of our assessment (normally within 1-2 working days).
+
+## Supported versions
+
+Note that Network Service Mesh is developed and maintained on one track, thus we encourage our users to follow our latest releases. For this reason we only investigate whether the reported issue is affecting the latest release of Network Service Mesh and provide a fix in a patch release on top of the latest release.
\ No newline at end of file