{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":191437603,"defaultBranch":"master","name":"gatekeeper-library","ownerLogin":"open-policy-agent","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2019-06-11T19:34:50.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/16468693?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726506672.0","currentOid":""},"activityList":{"items":[{"before":"5d0e585bf16de96c7bdae85cdd834534964c3b95","after":null,"ref":"refs/heads/dependabot/github_actions/all-ff7ff010fc","pushedAt":"2024-09-16T17:11:12.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"7a9e47d11ebf99a153afaf1b35ad72de14958ae9","after":"42e49558067ddb461b65fb5e1db9708ead63e16c","ref":"refs/heads/master","pushedAt":"2024-09-16T17:11:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"apeabody","name":"Andrew Peabody","path":"/apeabody","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/14035345?s=80&v=4"},"commit":{"message":"chore: bump the all group with 2 updates (#598)\n\nBumps the all group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `step-security/harden-runner` from 2.9.1 to 2.10.1\r\n- [Release notes](https://github.com/step-security/harden-runner/releases)\r\n- [Commits](https://github.com/step-security/harden-runner/compare/5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde...91182cccc01eb5e619899d80e4e971d6181294a7)\r\n\r\nUpdates `github/codeql-action` from 3.26.6 to 3.26.7\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...8214744c546c1e5c8f03dde8fab3a7353211988d)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: step-security/harden-runner\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-minor\r\n  dependency-group: all\r\n- dependency-name: github/codeql-action\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-patch\r\n  dependency-group: all\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore: bump the all group with 2 updates (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2528946515\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/598\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/598/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/598\">#598</a>)"}},{"before":null,"after":"5d0e585bf16de96c7bdae85cdd834534964c3b95","ref":"refs/heads/dependabot/github_actions/all-ff7ff010fc","pushedAt":"2024-09-16T16:38:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore: bump the all group with 2 updates\n\nBumps the all group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.9.1 to 2.10.1\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde...91182cccc01eb5e619899d80e4e971d6181294a7)\n\nUpdates `github/codeql-action` from 3.26.6 to 3.26.7\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...8214744c546c1e5c8f03dde8fab3a7353211988d)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: all\n- dependency-name: github/codeql-action\n  dependency-type: direct:production\n  update-type: version-update:semver-patch\n  dependency-group: all\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore: bump the all group with 2 updates"}},{"before":null,"after":"7762fe2018d9b900473cb76d3f95465f87dd0ab0","ref":"refs/heads/dependabot/docker/build/gomplate/golang-4a3c2bc","pushedAt":"2024-09-09T16:04:48.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore: bump golang from `613a108` to `4a3c2bc` in /build/gomplate\n\nBumps golang from `613a108` to `4a3c2bc`.\n\n---\nupdated-dependencies:\n- dependency-name: golang\n  dependency-type: direct:production\n  update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore: bump golang from <code>613a108</code> to <code>4a3c2bc</code> in /build/gomplate"}},{"before":"b614cd397842a65121049d6c16a647d4602c2877","after":"de167e08b85ae6c66d2c280309fd5b665840421b","ref":"refs/heads/gh-pages","pushedAt":"2024-09-07T00:22:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 7a9e47d11ebf99a153afaf1b35ad72de14958ae9","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/7a9e47d11ebf99a153afaf1b35ad72de14958ae9/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/7a9e47d11ebf99a153afaf1b35ad72de14958ae9\"><tt>7a9e47d</tt></a>"}},{"before":"799d77bd46a6a016bb00c5a83011cf7004b76d7c","after":"7a9e47d11ebf99a153afaf1b35ad72de14958ae9","ref":"refs/heads/master","pushedAt":"2024-09-07T00:21:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"julianKatz","name":"Julian Katz","path":"/julianKatz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3010007?s=80&v=4"},"commit":{"message":"chore(k8spspcapabilities): double newlines can cause yamllint breakage (#596)\n\nThe default value for newlines in the yamllint linter (a commonly used\r\ntool for linting yaml) is 2.  See\r\nhttps://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.empty_lines\r\nfor more info.\r\n\r\nThis PR removes some unnecessary newlines in a rego file that trigger\r\nthis linter rule.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>","shortMessageHtmlLink":"chore(k8spspcapabilities): double newlines can cause yamllint breakage ("}},{"before":"172586ca89a75232fb0cb8e8382cf6c4e9c27d0b","after":"b614cd397842a65121049d6c16a647d4602c2877","ref":"refs/heads/gh-pages","pushedAt":"2024-09-04T21:04:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 799d77bd46a6a016bb00c5a83011cf7004b76d7c","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/799d77bd46a6a016bb00c5a83011cf7004b76d7c/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/799d77bd46a6a016bb00c5a83011cf7004b76d7c\"><tt>799d77b</tt></a>"}},{"before":"598df7473390c862e4cf36785b4fc9e6115130da","after":"799d77bd46a6a016bb00c5a83011cf7004b76d7c","ref":"refs/heads/master","pushedAt":"2024-09-04T21:02:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"julianKatz","name":"Julian Katz","path":"/julianKatz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3010007?s=80&v=4"},"commit":{"message":"fix(k8sPSPHostFilesystem): null-check on volumes (#595)\n\nA K8sNativeValidation implementation of this template was added in #547.\r\n\r\nWhen testing it, I found that a Pod lacking the `volumes` field would\r\nyield a null-pointer style error on the CEL expression:\r\n\r\n```\r\nunexpected number of violations: got 1 violations but want none: got messages [expression '(has(request.operation) && request.operation == \"UPDATE\") || size(variables.badHostPaths) == 0' resulted in error: composited variable \"badHostPaths\" fails to evaluate: composited variable \"volumes\" fails to evaluate: no such key: volumes]\r\n```\r\n\r\nThis PR adds a `has(` check to prevent that null pointer, and adds a\r\nsuite test case that fails without the code change.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>","shortMessageHtmlLink":"fix(k8sPSPHostFilesystem): null-check on volumes (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2506199511\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/595\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/595/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/595\">#595</a>)"}},{"before":"14a383ab2acde30ef0e3883212d8435248faa1c5","after":"172586ca89a75232fb0cb8e8382cf6c4e9c27d0b","ref":"refs/heads/gh-pages","pushedAt":"2024-09-04T02:59:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 598df7473390c862e4cf36785b4fc9e6115130da","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/598df7473390c862e4cf36785b4fc9e6115130da/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/598df7473390c862e4cf36785b4fc9e6115130da\"><tt>598df74</tt></a>"}},{"before":"d59972f3a9cc09feb046758155c84653df3fc46f","after":"598df7473390c862e4cf36785b4fc9e6115130da","ref":"refs/heads/master","pushedAt":"2024-09-04T02:58:47.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"feat: Update apparmor: add CEL, support securityContext (#533)\n\n* feat: Update apparmor: add CEL, support securityContext\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* Test no profile\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* fix securitycontext path root for pod in rego\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* update minor version\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* remove metadata var\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* Fix Rego lint\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* Treat each container type separately\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\nCo-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>","shortMessageHtmlLink":"feat: Update apparmor: add CEL, support securityContext (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2316556577\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/533\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/533/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/533\">#533</a>)"}},{"before":"1611b5d9c0e9c50256fbb3b4f1186a5b58e2b489","after":"14a383ab2acde30ef0e3883212d8435248faa1c5","ref":"refs/heads/gh-pages","pushedAt":"2024-09-04T02:13:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: d59972f3a9cc09feb046758155c84653df3fc46f","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/d59972f3a9cc09feb046758155c84653df3fc46f/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/d59972f3a9cc09feb046758155c84653df3fc46f\"><tt>d59972f</tt></a>"}},{"before":"7983a1d1706746efe27813555fd7a05938f53482","after":"d59972f3a9cc09feb046758155c84653df3fc46f","ref":"refs/heads/master","pushedAt":"2024-09-04T02:12:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"Add CEL to K8sPSPCapabilities template (#535)\n\n* Add CEL to K8sPSPCapabilities template\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n* bump minor version\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Max Smythe <smythe@google.com>\r\nCo-authored-by: Jaydipkumar Arvindbhai Gabani <gabanijaydip@gmail.com>\r\nCo-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>","shortMessageHtmlLink":"Add CEL to K8sPSPCapabilities template (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322230675\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/535\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/535/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/535\">#535</a>)"}},{"before":"403b4b5cd7d60418b3327824ea994bdbacda6f82","after":"1611b5d9c0e9c50256fbb3b4f1186a5b58e2b489","ref":"refs/heads/gh-pages","pushedAt":"2024-09-04T01:54:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 7983a1d1706746efe27813555fd7a05938f53482","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/7983a1d1706746efe27813555fd7a05938f53482/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/7983a1d1706746efe27813555fd7a05938f53482\"><tt>7983a1d</tt></a>"}},{"before":"d4e06d7711c97ec983b9942e26902e8cdb0c255f","after":"403b4b5cd7d60418b3327824ea994bdbacda6f82","ref":"refs/heads/gh-pages","pushedAt":"2024-09-04T01:53:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: cd8f2ecab7402e9635a50c29476a7822324c599a","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/cd8f2ecab7402e9635a50c29476a7822324c599a/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/cd8f2ecab7402e9635a50c29476a7822324c599a\"><tt>cd8f2ec</tt></a>"}},{"before":"cd8f2ecab7402e9635a50c29476a7822324c599a","after":"7983a1d1706746efe27813555fd7a05938f53482","ref":"refs/heads/master","pushedAt":"2024-09-04T01:52:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"chore: adding CEL for psp-host-filesystem (#547)\n\n* chore: adding CEL for psp-host-filesystem\r\n\r\nSigned-off-by: Jaydip Gabani <gabanijaydip@gmail.com>\r\n\r\n* updating cel, updating labels on example\r\n\r\nSigned-off-by: Jaydip Gabani <gabanijaydip@gmail.com>\r\n\r\n* removing blank lines\r\n\r\nSigned-off-by: Jaydip Gabani <gabanijaydip@gmail.com>\r\n\r\n* fixing CEL error\r\n\r\nSigned-off-by: Jaydip Gabani <gabanijaydip@gmail.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Jaydip Gabani <gabanijaydip@gmail.com>\r\nCo-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>","shortMessageHtmlLink":"chore: adding CEL for psp-host-filesystem (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2336875653\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/547\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/547/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/547\">#547</a>)"}},{"before":"1e140b9884cd6c5ed3d3036e0c2d1ce3b6bef918","after":"d4e06d7711c97ec983b9942e26902e8cdb0c255f","ref":"refs/heads/gh-pages","pushedAt":"2024-09-04T01:52:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 8b37aeed632c1ed6f6c1d781bd0795dcf9a60598","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/8b37aeed632c1ed6f6c1d781bd0795dcf9a60598/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/8b37aeed632c1ed6f6c1d781bd0795dcf9a60598\"><tt>8b37aee</tt></a>"}},{"before":"8b37aeed632c1ed6f6c1d781bd0795dcf9a60598","after":"cd8f2ecab7402e9635a50c29476a7822324c599a","ref":"refs/heads/master","pushedAt":"2024-09-04T01:52:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"fix(k8spspprivilegedcontainer): exemptImages CEL bug (#591)\n\nI recently found (#584) that some K8sNativeValidation implementations of\r\ncertain templates that iterate over and exempt containers by image had a\r\nbug preventing the exemption logic from working.\r\n\r\nI've fixed that bug here by mapping from container struct to\r\ncontainer.image string. I've also added a suite test to verify this.\r\nThat case fails without the change to the CEL logic.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>\r\nCo-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>","shortMessageHtmlLink":"fix(k8spspprivilegedcontainer): exemptImages CEL bug (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2498285448\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/591\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/591/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/591\">#591</a>)"}},{"before":"033906e30c07168907e3b4fec5848e1fa4178ff5","after":"8b37aeed632c1ed6f6c1d781bd0795dcf9a60598","ref":"refs/heads/master","pushedAt":"2024-09-04T01:51:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"fix(k8spsphostnetworkingports): exemptImages CEL bug (#590)\n\nI recently found (#584) that some K8sNativeValidation implementations of\r\ncertain templates that iterate over and exempt containers by image had a\r\nbug preventing the exemption logic from working.\r\n\r\nI've fixed that bug here by mapping from container struct to\r\ncontainer.image string. I've also added a suite test to verify this.\r\nThat case fails without the change to the CEL logic.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>","shortMessageHtmlLink":"fix(k8spsphostnetworkingports): exemptImages CEL bug (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2498250445\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/590\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/590/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/590\">#590</a>)"}},{"before":"91ec2fa3fa0b8690c6747c1981ca47cca8498ce3","after":null,"ref":"refs/heads/dependabot/github_actions/all-6f7028051e","pushedAt":"2024-09-03T16:04:44.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"525a0050e47678a5500660d205742d7ed070e8e8","after":"033906e30c07168907e3b4fec5848e1fa4178ff5","ref":"refs/heads/master","pushedAt":"2024-09-03T16:04:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"apeabody","name":"Andrew Peabody","path":"/apeabody","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/14035345?s=80&v=4"},"commit":{"message":"chore: bump the all group with 2 updates (#594)\n\nBumps the all group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).\r\n\r\n\r\nUpdates `github/codeql-action` from 3.26.5 to 3.26.6\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93)\r\n\r\nUpdates `actions/upload-artifact` from 4.3.6 to 4.4.0\r\n- [Release notes](https://github.com/actions/upload-artifact/releases)\r\n- [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: github/codeql-action\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-patch\r\n  dependency-group: all\r\n- dependency-name: actions/upload-artifact\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-minor\r\n  dependency-group: all\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore: bump the all group with 2 updates (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2501300283\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/594\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/594/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/594\">#594</a>)"}},{"before":null,"after":"91ec2fa3fa0b8690c6747c1981ca47cca8498ce3","ref":"refs/heads/dependabot/github_actions/all-6f7028051e","pushedAt":"2024-09-02T16:22:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore: bump the all group with 2 updates\n\nBumps the all group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).\n\n\nUpdates `github/codeql-action` from 3.26.5 to 3.26.6\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93)\n\nUpdates `actions/upload-artifact` from 4.3.6 to 4.4.0\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874)\n\n---\nupdated-dependencies:\n- dependency-name: github/codeql-action\n  dependency-type: direct:production\n  update-type: version-update:semver-patch\n  dependency-group: all\n- dependency-name: actions/upload-artifact\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: all\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore: bump the all group with 2 updates"}},{"before":"82571fa0445e628566e8b7e8dea1dfdd31519931","after":"1e140b9884cd6c5ed3d3036e0c2d1ce3b6bef918","ref":"refs/heads/gh-pages","pushedAt":"2024-08-30T20:33:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 525a0050e47678a5500660d205742d7ed070e8e8","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/525a0050e47678a5500660d205742d7ed070e8e8/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/525a0050e47678a5500660d205742d7ed070e8e8\"><tt>525a005</tt></a>"}},{"before":"4f6d2f54c2e628db232730af1eac93733ea982d6","after":"525a0050e47678a5500660d205742d7ed070e8e8","ref":"refs/heads/master","pushedAt":"2024-08-30T20:32:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"apeabody","name":"Andrew Peabody","path":"/apeabody","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/14035345?s=80&v=4"},"commit":{"message":"fix(k8spsphostnetworkingports): CEL fixes for hostNetwork variable and (#589)\n\nmessage\r\n\r\nMy updates to the suite.yaml file yielded an expected failure due to an\r\nincorrect CEL expression:\r\n\r\n```\r\n        unexpected number of violations: got 1 violations but want none: got messages [failed expression: (has(request.operation) && request.operation == \"UPDATE\") ||\r\n(!has(variables.params.hostNetwork) || !variables.params.hostNetwork ? (has(variables.anyObject.spec.hostNetwork) && !variables.anyObject.spec.hostNetwork) : true)]\r\n```\r\n\r\nBy contrast, a run of `gator verify -v .\r\n--enable-k8s-native-validation=false` yielded a fully passing\r\nsuite.yaml.\r\n\r\nThis expression was actually failing due to its `messageExpression`, as\r\nnon-primitive types cannot be combined with strings as in some\r\ninterpreted languages (like rego).  Unfortunately the compiler does not\r\nindicate that the messageExpression is the source of the problem.\r\n\r\nOnce the message was fixed, I resolved the incorrect violation\r\nexpression to fix the bug in the handling of params.hostNetwork.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>","shortMessageHtmlLink":"fix(k8spsphostnetworkingports): CEL fixes for hostNetwork variable and ("}},{"before":"e5e119cfc8a8260c335dd490465fe99760335786","after":"82571fa0445e628566e8b7e8dea1dfdd31519931","ref":"refs/heads/gh-pages","pushedAt":"2024-08-30T20:11:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 4f6d2f54c2e628db232730af1eac93733ea982d6","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/4f6d2f54c2e628db232730af1eac93733ea982d6/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/4f6d2f54c2e628db232730af1eac93733ea982d6\"><tt>4f6d2f5</tt></a>"}},{"before":"888da7b46eca34eb7b66b771fdd3172f07a9fc38","after":"4f6d2f54c2e628db232730af1eac93733ea982d6","ref":"refs/heads/master","pushedAt":"2024-08-30T20:10:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"julianKatz","name":"Julian Katz","path":"/julianKatz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3010007?s=80&v=4"},"commit":{"message":"fix(k8spspprocmount): fix exemptImages support (#588)\n\nI recently found (#584) that some K8sNativeValidation implementations of\r\ncertain templates that iterate over and exempt containers by image had a\r\nbug preventing the exemption logic from working.\r\n\r\nI've fixed that bug here by mapping from `container` struct to\r\n`container.image` string.  I've also added a suite test to verify this.\r\nThat case fails without the change to the CEL logic.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>","shortMessageHtmlLink":"fix(k8spspprocmount): fix exemptImages support (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2493059288\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/588\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/588/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/588\">#588</a>)"}},{"before":"f2f7feacf0a11dc13d321ac5cdffa41506b8a09c","after":null,"ref":"refs/heads/dependabot/docker/build/gomplate/golang-1.23","pushedAt":"2024-08-29T22:26:16.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"9cf3312cc0902b8c3cf940b72a3f198011d37d0a","after":"888da7b46eca34eb7b66b771fdd3172f07a9fc38","ref":"refs/heads/master","pushedAt":"2024-08-29T22:26:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"chore: bump golang from 1.22 to 1.23 in /build/gomplate (#576)\n\nBumps golang from 1.22 to 1.23.\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: golang\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-minor\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>\r\nCo-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>","shortMessageHtmlLink":"chore: bump golang from 1.22 to 1.23 in /build/gomplate (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2473731368\" data-permission-text=\"Title is private\" data-url=\"https://github.com/open-policy-agent/gatekeeper-library/issues/576\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/open-policy-agent/gatekeeper-library/pull/576/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/pull/576\">#576</a>)"}},{"before":"75db448215b363a4d8539c6e600481e6b7dc6f46","after":"f2f7feacf0a11dc13d321ac5cdffa41506b8a09c","ref":"refs/heads/dependabot/docker/build/gomplate/golang-1.23","pushedAt":"2024-08-29T22:26:02.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"sozercan","name":"Sertaç Özercan","path":"/sozercan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/852750?s=80&v=4"},"commit":{"message":"Merge branch 'master' into dependabot/docker/build/gomplate/golang-1.23","shortMessageHtmlLink":"Merge branch 'master' into dependabot/docker/build/gomplate/golang-1.23"}},{"before":"912b439d301414e1860c458866c7497623de85d9","after":"e5e119cfc8a8260c335dd490465fe99760335786","ref":"refs/heads/gh-pages","pushedAt":"2024-08-29T21:22:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"deploy: 9cf3312cc0902b8c3cf940b72a3f198011d37d0a","shortMessageHtmlLink":"deploy: <a class=\"commit-link\" data-hovercard-type=\"commit\" data-hovercard-url=\"https://github.com/open-policy-agent/gatekeeper-library/commit/9cf3312cc0902b8c3cf940b72a3f198011d37d0a/hovercard\" href=\"https://github.com/open-policy-agent/gatekeeper-library/commit/9cf3312cc0902b8c3cf940b72a3f198011d37d0a\"><tt>9cf3312</tt></a>"}},{"before":"3acd611596720a1e23c71208f00f3458c3566928","after":"9cf3312cc0902b8c3cf940b72a3f198011d37d0a","ref":"refs/heads/master","pushedAt":"2024-08-29T21:21:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"julianKatz","name":"Julian Katz","path":"/julianKatz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3010007?s=80&v=4"},"commit":{"message":"fix(k8spspreadonlyrootfilesystem): CEL support wildcard in exemptImages (#584)\n\nDespite it being non-sensical to put a `*` in exemptImages (functionally\r\ndisabling the policy), this is supported in the existing rego\r\nimplementation of the template.\r\n\r\nThus, not doing it in the CEL implementation is an inconsistency and a\r\nbreaking change.\r\n\r\nThis PR upholds the contract by adding support for `*` as an\r\nexemptImage.\r\n\r\nSigned-off-by: juliankatz <juliankatz@google.com>\r\nCo-authored-by: Andrew Peabody <andrewpeabody@google.com>","shortMessageHtmlLink":"fix(k8spspreadonlyrootfilesystem): CEL support wildcard in exemptImag…"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xNlQxNzoxMToxMi4wMDAwMDBazwAAAAS3sMP3","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xNlQxNzoxMToxMi4wMDAwMDBazwAAAAS3sMP3","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOC0yOVQyMToyMTo0Mi4wMDAwMDBazwAAAASoEJAA"}},"title":"Activity · open-policy-agent/gatekeeper-library"}