sync forked master with base master (#115)

* feat: Add acr_values support for OIDC

Signed-off-by: Engin Diri <engin.diri@mail.schwarz>

* build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14

Bumps golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Implicit Grant discovery

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump alpine from 3.15.0 to 3.15.1

Bumps alpine from 3.15.0 to 3.15.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update alpine version

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump alpine from 3.15.1 to 3.15.3

Bumps alpine from 3.15.1 to 3.15.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.70.0 to 0.74.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.70.0...v0.74.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump alpine from 3.15.3 to 3.15.4

Bumps alpine from 3.15.3 to 3.15.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: update entgo library

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* feat: update generated storage files

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* feat: use the new atlas engine for migrations

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix: define milisecond precision for postgres

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* revert: atlas and precision change

Looks like Atlas (the new migration library under Ent) cannot
handle precision properly.

An issue has been reported to Ent: https://github.com/ent/ent/issues/2454

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.2...0.2.3)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump actions/setup-go from 2 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: enable profiling endpoints

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Create setting to allow to trust the system root CAs

Previously, when rootCA was set, the trusted system root CAs were ignored. Now, allow for both being able to be configured and used

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* Remove external setting, enable injection of HTTP client to config.

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* Bump Alpine to latest version

Signed-off-by: Mattias Gees <mattias.gees@gmail.com>

* ci: new docker image build

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: wait for container images with container scan

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: update trivy scan job

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build: help dependabot detect base image versions

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: build distroless images

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: disable Docker job on push

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix: log only errors on refreshing

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* ci: only enable the necessary platforms for emulation

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.4 to 0.2.5.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.4...0.2.5)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Feature: groups in Gitea

Signed-off-by: techknowlogick <techknowlogick@gitea.io>

* revert: docker matrix build

Apparently matrix builds don't work with the docker action.

Only reference I found about the topic: https://github.com/docker/build-push-action/issues/130

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* revert: move container scan back to the container build step

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: add docker metadata action

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* Add numeric user ID support for oauth connector

Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>

* ci: use docker metadata for build input

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix unparam lint error in oauth_test

Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>

* Remove google specific hd / hosted domain claim config

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>

* chore: do not use caching for docker build

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Add support for IDPs that do not send ID tokens in the reply when using a refresh grant. Add tests for the aforementioned functionality.

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>

* Fix issues to make the linter happy

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>

* feat: add enhancement template

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Apply suggestions from code review

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* fix: Move enhancements to the docs folder

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump docker/build-push-action from 2 to 3

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/metadata-action from 3 to 4

Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/setup-qemu-action from 1 to 2

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/login-action from 1 to 2

Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/setup-buildx-action from 1 to 2

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump lint timeout to reduce the number of failed executions

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* fix: prevent cross-site scripting for the device flow

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Limit the amount of objects we attempt to GC on each cycle

If something causes the number k8s resources to increase beyond a
certain threshold, garbage collection can fail because the query to
retrieve those resources will time out, resulting in a perpetual cycle
of being unable to garbage collect resources.

In lieu of trying to get *every* object each cycle, we can limit the
number of resources retrieved per GC cycle to some reasonable number.

Signed-off-by: Michael Kelly <mkelly@arista.com>

* build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.5 to 0.3.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.5...0.3.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump alpine from 3.15.4 to 3.16.0

Bumps alpine from 3.15.4 to 3.16.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Go mod update 1.17

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4

Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.2 to 3.5.4.
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.5.2...v3.5.4)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.46.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/prometheus/client_golang

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3

Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: github.com/felixge/httpsnoop
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.74.0 to 0.81.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.74.0...v0.81.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/grpc in /api/v2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.46.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: upgrade Go to 1.18

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: upgrade linter

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump google.golang.org/protobuf in /api/v2

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: fix lint violations

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15

Bumps golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: release note configuration

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* Add the comment about groups request notification

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes https://github.com/dexidp/dex/issues/2537

Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>

* Updating test cases

Fixes https://github.com/dexidp/dex/issues/2537

Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>

* build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15

Bumps golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.81.0...v0.82.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): update grpc

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: update gitignore

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* s/getUrl/getURL

golang prefers URL not Url

Signed-off-by: Michael Kelly <mkelly@arista.com>

* Tweaks based on review comments

Signed-off-by: Michael Kelly <mkelly@arista.com>

* Fix formatting

Signed-off-by: Michael Kelly <mkelly@arista.com>

* build(deps): bump helm/kind-action from 1.2.0 to 1.3.0

Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump mheap/github-action-required-labels from 1 to 2

Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 1 to 2.
- [Release notes](https://github.com/mheap/github-action-required-labels/releases)
- [Commits](https://github.com/mheap/github-action-required-labels/compare/v1...v2)

---
updated-dependencies:
- dependency-name: mheap/github-action-required-labels
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.82.0 to 0.86.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.82.0 to 0.86.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.82.0...v0.86.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump aquasecurity/trivy-action from 0.4.0 to 0.5.1

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.4.0 to 0.5.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.4.0...0.5.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Add expiry.refreshToken settings to config.yaml.dist

Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>

* Use GitLab's refresh_token during Refresh. (#2352)

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.0 (#2602)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.5.1 to 0.6.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.5.1...0.6.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump alpine from 3.16.0 to 3.16.1 (#2598)

Bumps alpine from 3.16.0 to 3.16.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15 (#2592)

Bumps golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add domainHint parameter to Microsoft Connector (#2586)

Signed-off-by: Joe Knight <josephtknight@users.noreply.github.com>

* grpc-client: Do not crash on empty response (#2584)

Signed-off-by: Björn Busse <bj.rn@baerlin.eu>

* build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#2599)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add PKCE support to device code flow (#2575)

Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* add config to explicitly set scopes for microsoft connector (#2582)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.4 (#2606)

Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.2 to 3.4.4.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.2...v3.4.4)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/api from 0.86.0 to 0.89.0 (#2605)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.86.0 to 0.89.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.86.0...v0.89.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump aquasecurity/trivy-action from 0.6.0 to 0.6.1 (#2604)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.6.0...0.6.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add HMAC protection on /approval endpoint

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump alpine from 3.16.1 to 3.16.2

Bumps alpine from 3.16.1 to 3.16.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/prometheus/client_golang (#2623)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.2...v1.13.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* updated gomplate version and added ppc64le support

Signed-off-by: mayurwaghmode <waghmodemayur17@gmail.com>

* build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.1 to 0.7.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.6.1...0.7.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.89.0 to 0.93.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.89.0...v0.93.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.11 to 1.14.15.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.11...v1.14.15)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.7.0...0.7.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Fallback when group claim is a string instead of an array of strings (#2639)

Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
Co-authored-by: Michiel van Pouderoijen <michiel@pouderoijen.nl>

* build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 (#2637)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.93.0 to 0.94.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.93.0...v0.94.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /api/v2

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.0...v1.28.1)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Bump ent to 0.11.2 (#2640)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* chore: Bump Go 1.19 (#2641)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* feat(connector/authproxy): support multiple groups (#2643)

Signed-off-by: Marcelo Clavel <mclavel00@gmail.com>

* build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 (#2646)

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.49.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.49.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build: bump Go version to 1.19 in Nix

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15

Bumps golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.94.0 to 0.95.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.94.0...v0.95.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Implement Application Default Credentials for the google connector (#2530)

Signed-off-by: Trung <trung.hoang@pricehubble.com>

* chore: update alpine version in Go image

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 (#2651)

Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.5 to 1.10.7.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.5...v1.10.7)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc in /api/v2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.49.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.49.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Reduce HTTP client creations in the Keystone connector (#2659)

Signed-off-by: erwinvaneyk <erwinvaneyk@gmail.com>

* build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 (#2677)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.95.0 to 0.97.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.95.0...v0.97.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5

Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.4 to 3.5.5.
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.5.4...v3.5.5)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump helm/kind-action from 1.3.0 to 1.4.0

Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* address review comments

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.97.0 to 0.98.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.97.0...v0.98.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: check for no serviceAccountFilePath and no email (#2679)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix: supply HMACKey in test case (#2683)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3

Bumps [entgo.io/ent](https://github.com/ent/ent) from 0.11.2 to 0.11.3.
- [Release notes](https://github.com/ent/ent/releases)
- [Commits](https://github.com/ent/ent/compare/v0.11.2...v0.11.3)

---
updated-dependencies:
- dependency-name: entgo.io/ent
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): update golang.org/x packages

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* Add Argo CD to list of Dex adopters

Signed-off-by: Jann Fischer <jfischer@redhat.com>

* fix: refresh token only once for all concurrent requests

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Revert "fix: check for no serviceAccountFilePath and no email (#2679)"

This reverts commit 49477729ce24448c2895ec8c98f2c61c646de884.

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix(connector/google): make admin email optional for default creds

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16

Bumps golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(connector/google): only initialize admin service if necessary

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix: Update gomplate version to 3.11.3 fix CVE-2022-27665 (#2705)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2708)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#2715)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/api from 0.98.0 to 0.101.0 (#2720)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.98.0 to 0.101.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.98.0...v0.101.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 (#2721)

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.15 to 1.14.16.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.15...v1.14.16)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 (#2723)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.1 to 0.8.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.7.1...0.8.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2718)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16 (#2724)

Bumps golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* TLS configure for OIDC connector (#1632)

Signed-off-by: Rui Yang <ruiya@vmware.com>

* Add icon for gitea (#2733)

Signed-off-by: Pablo Ovelleiro Corral <mail@pablo.tools>

Signed-off-by: Engin Diri <engin.diri@mail.schwarz>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Signed-off-by: Daniel Haus <dhaus@redhat.com>
Signed-off-by: Mattias Gees <mattias.gees@gmail.com>
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>
Signed-off-by: Anthony Brandelli <abrandel@cisco.com>
Signed-off-by: Michael Kelly <mkelly@arista.com>
Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>
Signed-off-by: Joe Knight <josephtknight@users.noreply.github.com>
Signed-off-by: Björn Busse <bj.rn@baerlin.eu>
Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: mayurwaghmode <waghmodemayur17@gmail.com>
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
Signed-off-by: Marcelo Clavel <mclavel00@gmail.com>
Signed-off-by: Trung <trung.hoang@pricehubble.com>
Signed-off-by: erwinvaneyk <erwinvaneyk@gmail.com>
Signed-off-by: Jann Fischer <jfischer@redhat.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
Signed-off-by: Pablo Ovelleiro Corral <mail@pablo.tools>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Engin Diri <engin.diri@mail.schwarz>
Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com>
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Co-authored-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Co-authored-by: Daniel Haus <dhaus@redhat.com>
Co-authored-by: Mattias Gees <mattias.gees@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Shuanglei Tao <tsl0922@gmail.com>
Co-authored-by: Anthony Brandelli <abrandel@cisco.com>
Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>
Co-authored-by: Michael Kelly <mkelly@arista.com>
Co-authored-by: Shivansh Vij <shivanshvij@loopholelabs.io>
Co-authored-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: Chance Zibolski <chance.zibolski@gmail.com>
Co-authored-by: Joe Knight <knightjp@mail.uc.edu>
Co-authored-by: Björn Busse <bj.rn@baerlin.eu>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Co-authored-by: mayurwaghmode <waghmodemayur17@gmail.com>
Co-authored-by: Joost Buskermolen <joostbuskermolen@hotmail.com>
Co-authored-by: Michiel van Pouderoijen <michiel@pouderoijen.nl>
Co-authored-by: Marcelo Clavel <mclavel00@gmail.com>
Co-authored-by: Hoang Quoc Trung <quoctrunghoang1998@gmail.com>
Co-authored-by: Erwin van Eyk <erwinvaneyk@gmail.com>
Co-authored-by: Jann Fischer <jfischer@redhat.com>
Co-authored-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Pablo Ovelleiro Corral <github@pablo.tools>

.envrc

@@ -0,0 +1,6 @@
+if ! has nix_direnv_version || ! nix_direnv_version 1.5.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/1.5.0/direnvrc" "sha256-carKk9aUFHMuHt+IWh74hFj58nY4K3uywpZbwXX0BTI="
+fi
+use flake
+
+dotenv_if_exists

.github/ISSUE_TEMPLATE/config.yml

@@ -11,3 +11,7 @@ contact_links:
   - name: 💬 Slack channel
     url: https://cloud-native.slack.com/messages/dexidp
     about: Please ask and answer questions here
+
+  - name: 💡 Dex Enhancement Proposal
+    url: https://github.com/dexidp/dex/tree/master/enhancements/README.md
+    about: Open a proposal for significant architectural change

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -1,4 +1,4 @@
-name: 🚀 Feature request
+name: 🎉 Feature request
 description: Suggest an idea for Dex
 body:
 - type: markdown

.github/release.yml

@@ -0,0 +1,30 @@
+changelog:
+  exclude:
+    labels:
+      - release-note/ignore
+  categories:
+    - title: Exciting New Features 🎉
+      labels:
+        - kind/feature
+        - release-note/new-feature
+    - title: Enhancements 🚀
+      labels:
+        - kind/enhancement
+        - release-note/enhancement
+    - title: Bug Fixes 🐛
+      labels:
+        - kind/bug
+        - release-note/bug-fix
+    - title: Breaking Changes 🛠
+      labels:
+        - release-note/breaking-change
+    - title: Deprecations ❌
+      labels:
+        - release-note/deprecation
+    - title: Dependency Updates ⬆️
+      labels:
+        - area/dependencies
+        - release-note/dependency-update
+    - title: Other Changes
+      labels:
+        - "*"

.github/workflows/artifacts.yaml

@@ -0,0 +1,97 @@
+name: Artifacts
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+  pull_request:
+
+jobs:
+  container-images:
+    name: Container images
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        variant:
+          - alpine
+          - distroless
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Gather metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/dexidp/dex
+            dexidp/dex
+          flavor: |
+            latest = false
+          tags: |
+            type=ref,event=branch,enable=${{ matrix.variant == 'alpine' }}
+            type=ref,event=pr,enable=${{ matrix.variant == 'alpine' }}
+            type=semver,pattern={{raw}},enable=${{ matrix.variant == 'alpine' }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && matrix.variant == 'alpine' }}
+            type=ref,event=branch,suffix=-${{ matrix.variant }}
+            type=ref,event=pr,suffix=-${{ matrix.variant }}
+            type=semver,pattern={{raw}},suffix=-${{ matrix.variant }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }},suffix=-${{ matrix.variant }}
+          labels: |
+            org.opencontainers.image.documentation=https://dexidp.io/docs/
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ github.token }}
+        if: github.event_name == 'push'
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+        if: github.event_name == 'push'
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
+          # cache-from: type=gha
+          # cache-to: type=gha,mode=max
+          push: ${{ github.event_name == 'push' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          build-args: |
+            BASE_IMAGE=${{ matrix.variant }}
+            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
+            COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+            BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.8.0
+        with:
+          image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
+          format: "sarif"
+          output: "trivy-results.sarif"
+        if: github.event_name == 'push'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
+        if: github.event_name == 'push'

.github/workflows/checks.yaml

@@ -0,0 +1,18 @@
+name: PR Checks
+
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  release-label:
+    name: Release note label
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check minimum labels
+        uses: mheap/github-action-required-labels@v2
+        with:
+          mode: minimum
+          count: 1
+          labels: "release-note/ignore, kind/feature, release-note/new-feature, kind/enhancement, release-note/enhancement, kind/bug, release-note/bug-fix, release-note/breaking-change, release-note/deprecation, area/dependencies, release-note/dependency-update"

.github/workflows/ci.yaml

@@ -62,22 +62,25 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Start services
         run: docker-compose -f docker-compose.test.yaml up -d
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@v1.4.0
         with:
           version: v0.11.1
           node_image: kindest/node:v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729
 
+      - name: Download tool dependencies
+        run: make deps
+
       - name: Test
         run: make testall
         env:

.github/workflows/codeql-analysis.yaml

@@ -35,11 +35,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/docker.yaml

@@ -1,11 +1,11 @@
 name: Docker
 
 on:
-  push:
-    branches:
-      - master
-    tags:
-      - v[0-9]+.[0-9]+.[0-9]+
+  # push:
+  #   branches:
+  #     - master
+  #   tags:
+  #     - v[0-9]+.[0-9]+.[0-9]+
   pull_request:
 
 jobs:
@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Calculate Docker image tags
         id: tags
@@ -44,38 +44,40 @@ jobs:
           echo ::set-output name=build_date::$(git show -s --format=%cI)
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
         with:
           platforms: all
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
         with:
           install: true
           version: latest
           # TODO: Remove driver-opts once fix is released docker/buildx#386
           driver-opts: image=moby/buildkit:master
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ github.token }}
         if: github.event_name == 'push'
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
         if: github.event_name == 'push'
 
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
+          # cache-from: type=gha
+          # cache-to: type=gha,mode=max
           push: ${{ github.event_name == 'push' }}
           tags: ${{ steps.tags.outputs.tags }}
           build-args: |
@@ -92,3 +94,18 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
             org.opencontainers.image.documentation=https://dexidp.io/docs/
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.8.0
+        with:
+          image-ref: "ghcr.io/dexidp/dex:${{ steps.tags.outputs.version }}"
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+        if: github.event_name == 'push'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
+        if: github.event_name == 'push'

.gitignore

@@ -1,4 +1,7 @@
+/.direnv/
 /.idea/
 /bin/
+/config.yaml
 /docker-compose.override.yaml
+/var/
 /vendor/

.golangci.yml

@@ -1,5 +1,5 @@
 run:
-    timeout: 2m
+    timeout: 4m
 
 linters-settings:
     depguard:
@@ -45,13 +45,15 @@ linters:
         - structcheck
         - stylecheck
         - tparallel
-        - typecheck
         - unconvert
         - unparam
         - unused
         - varcheck
         - whitespace
 
+        # Disable temporarily until everything works with Go 1.18
+        # - typecheck
+
         # TODO: fix linter errors before enabling
         # - exhaustivestruct
         # - gochecknoglobals

ADOPTERS.md

@@ -2,6 +2,7 @@
 
 This is a list of production adopters of Dex (in alphabetical order):
 
+- [Argo CD](https://argoproj.github.io/cd) integrates Dex to provide convenient Single Sign On capabilities to its web UI and CLI
 - [Aspect](https://www.aspect.com/) uses Dex for authenticating users across their Kubernetes infrastructure (using Kubernetes OIDC support).
 - [Banzai Cloud](https://banzaicloud.com) is using Dex for authenticating to its Pipeline control plane and also to authenticate users against provisioned Kubernetes clusters (via Kubernetes OIDC support).
 - [Chef](https://chef.io) uses Dex for authenticating users in [Chef Automate](https://automate.chef.io/). The code is Open Source, available at [`github.com/chef/automate`](https://github.com/chef/automate).
@@ -12,3 +13,4 @@ This is a list of production adopters of Dex (in alphabetical order):
 - [Kyma](https://kyma-project.io) is using Dex to authenticate access to Kubernetes API server (even for managed Kubernetes like Google Kubernetes Engine or Azure Kubernetes Service) and for protecting web UI of [Kyma Console](https://github.com/kyma-project/console) and other UIs integrated in Kyma ([Grafana](https://github.com/grafana/grafana), [Loki](https://github.com/grafana/loki), and [Jaeger](https://github.com/jaegertracing/jaeger)). Kyma is an open-source project ([`github.com/kyma-project`](https://github.com/kyma-project/kyma)) designed natively on Kubernetes, that allows you to extend and customize your applications in a quick and modern way, using serverless computing or microservice architecture. 
 - [Pusher](https://pusher.com) uses Dex for authenticating users across their Kubernetes infrastructure (using Kubernetes OIDC support) in conjunction with the [OAuth2 Proxy](https://github.com/pusher/oauth2_proxy) for protecting web UIs.
 - [Pydio](https://pydio.com/) Pydio Cells is an open source sync & share platform written in Go. Cells is using Dex as an OIDC service for authentication and authorizations. Check out [Pydio Cells repository](https://github.com/pydio/cells) for more information and/or to contribute.
+- [sigstore](https://sigstore.dev) uses Dex for authentication in their public Fulcio instance, which is a certificate authority for code signing certificates bound to OIDC-based identities.