Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3804 commits
Select commit Hold shift + click to select a range
d50bc41
Add global common labels propagation to ACME HTTP01 solver resources
lunarwhite Apr 28, 2026
1cc2c44
feat: add annotation to use parent Gateway as HTTP-01 parentRef for L…
apkatsikas May 1, 2026
829e422
chore(deps): update github/codeql-action action to v4.35.3
renovate[bot] May 1, 2026
a5a0cb9
add dns issuer secrets validation before marking it as ready
Peac36 Nov 15, 2025
6b26a7f
add more tests, fix namespace resolve in validateDNSSolvers
Peac36 Mar 21, 2026
3cc18e2
refactor extract secrets when validating dns solvers
Peac36 Mar 29, 2026
9e84cd2
Merge pull request #8255 from Peac36/fix/7826
cert-manager-prow[bot] May 3, 2026
ee2b0ae
Merge pull request #8764 from cert-manager/renovate/master-misc-githu…
cert-manager-prow[bot] May 4, 2026
949d491
chore(deps): update github/codeql-action action to v4.35.4
renovate[bot] May 7, 2026
fe9b9d3
fix(deps): update module github.com/venafi/vcert/v5 to v5.13.2
renovate[bot] May 8, 2026
9ba8d86
feat(deploy): adding helm unit tests (#8723)
hjoshi123 May 8, 2026
7908a5c
Merge pull request #8692 from erikgb/cainjector-ssa
cert-manager-prow[bot] May 8, 2026
369aa65
fix(deps): update module golang.org/x/crypto to v0.51.0
renovate[bot] May 8, 2026
d57795d
Merge pull request #8774 from cert-manager/renovate/master-golang.org…
cert-manager-prow[bot] May 8, 2026
bf1ab90
fix(deps): update cloud go deps
renovate[bot] May 8, 2026
c130f18
replacing pebble with our fork
hjoshi123 May 9, 2026
0b574fa
Merge pull request #8775 from hjoshi123/fix/replacing-pebble
cert-manager-prow[bot] May 9, 2026
b750293
Merge pull request #8768 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] May 9, 2026
fc4427e
Merge pull request #8770 from cert-manager/renovate/master-misc-githu…
cert-manager-prow[bot] May 10, 2026
9dc735c
delete now-removed bounding dirs flag
SgtCoDFish May 11, 2026
ea4dc4d
Merge pull request #8772 from cert-manager/renovate/master-misc-go-deps
cert-manager-prow[bot] May 11, 2026
f60433a
run make upgrade-klone && make generate
SgtCoDFish May 11, 2026
8d27720
fix issue reported by golangci-lint
SgtCoDFish May 11, 2026
7c3e89b
Merge pull request #8777 from SgtCoDFish/bounding-dirs-flag
cert-manager-prow[bot] May 11, 2026
4cf51bb
Add ACME identity label protection for solver extra labels
lunarwhite May 12, 2026
9d7b4ba
Document the conservative ACME challenge scheduler key
wallrj May 12, 2026
c00a900
fix(deps): update module sigs.k8s.io/controller-runtime to v0.24.1
renovate[bot] May 12, 2026
6b9c928
Merge pull request #8782 from cert-manager/renovate/master-kubernetes…
cert-manager-prow[bot] May 12, 2026
e9113ff
fix(deps): update kubernetes go patches to v0.36.1
renovate[bot] May 13, 2026
eb8a4c6
Merge pull request #8783 from cert-manager/renovate/master-kubernetes…
cert-manager-prow[bot] May 13, 2026
afa4f50
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 13, 2026
9254281
Merge pull request #8780 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 13, 2026
eb53e72
Add package documentation for ACME challenge scheduler
wallrj May 13, 2026
63c0653
Document scheduler scope for multi-tenant isolation
wallrj May 13, 2026
513ab03
fix(deps): update cloud go deps
renovate[bot] May 14, 2026
5f221e5
Merge pull request #8778 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] May 14, 2026
57f4748
Merge pull request #8761 from lunarwhite/solver-extra-label
cert-manager-prow[bot] May 14, 2026
24f6787
Initial commit
May 13, 2026
42e1155
lint fix
May 14, 2026
59b71ab
fix(deps): update module github.com/digitalocean/godo to v1.191.0
renovate[bot] May 14, 2026
23ba638
Merge pull request #8787 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] May 14, 2026
cee8ba3
acmechallenges: retry on transient ACME errors (#8760)
texasich May 14, 2026
6888bc1
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 15, 2026
d6d67df
Merge pull request #8792 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 15, 2026
10039ec
Disabling client-go rate-limiting if AP&F is enabled (#8757)
hjoshi123 May 15, 2026
fbd3fee
chore(deps): update github/codeql-action action to v4.35.5
renovate[bot] May 15, 2026
ad0fd6c
Add @lunarwhite (Yuedong Wu) as a reviewer
lunarwhite May 15, 2026
808384e
Kindly cleanup folks who are already part of cm-maintainers OWNERS_AL…
lunarwhite May 15, 2026
cc0285a
Merge pull request #8796 from lunarwhite/add-reviewer
cert-manager-prow[bot] May 15, 2026
07cbe26
Merge pull request #8795 from cert-manager/renovate/master-misc-githu…
cert-manager-prow[bot] May 17, 2026
3ea6ccc
fix: close Vault response body on RawRequest error to prevent resourc…
SebTardif May 17, 2026
bec085d
chore(deps): update base images
renovate[bot] May 18, 2026
be94a80
fix(deps): update github.com/onsi deps
renovate[bot] May 18, 2026
ca7b968
Merge pull request #8801 from cert-manager/renovate/master-github.com…
cert-manager-prow[bot] May 18, 2026
20bf676
Merge pull request #8799 from SebTardif/fix/vault-rawrequest-response…
cert-manager-prow[bot] May 18, 2026
c7fb73f
Merge pull request #8800 from cert-manager/renovate/master-base-images
cert-manager-prow[bot] May 18, 2026
fd56b35
Bound DNS-over-HTTPS response read with io.LimitReader
SebTardif May 18, 2026
5142599
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 19, 2026
cb6db7a
Merge pull request #8805 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 19, 2026
b9b33b0
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 21, 2026
7d98a8d
Merge pull request #8810 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 21, 2026
d1ed104
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 22, 2026
de75f0b
fix: avoid cron timezone prefix panic
immanuwell May 22, 2026
aa916df
chore(deps): update github/codeql-action action to v4.36.0
renovate[bot] May 22, 2026
2c0f1a6
Merge pull request #8811 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 22, 2026
ece8ea0
Guard ClusterIssuer metrics collector with controller enable check
lunarwhite May 25, 2026
9034791
Add test coverage for namespace-scoped controller filtering in Enable…
lunarwhite May 25, 2026
b66470b
Comments addressed
May 22, 2026
6764589
Merge pull request #8779 from FelixPhipps/issuer-config-update-VC-50657
cert-manager-prow[bot] May 27, 2026
18c3589
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 28, 2026
e290d25
Merge pull request #8826 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 28, 2026
72cf8a8
Merge pull request #8815 from cert-manager/renovate/master-misc-githu…
cert-manager-prow[bot] May 28, 2026
d341f77
chore(deps): update module golang.org/x/net to v0.55.0 [security]
renovate[bot] May 28, 2026
c958ced
Merge pull request #8816 from cert-manager/renovate/master-go-golang.…
cert-manager-prow[bot] May 28, 2026
cf42c54
fix(deps): update module golang.org/x/crypto to v0.52.0 [security]
renovate[bot] May 28, 2026
9dcff25
Merge pull request #8814 from cert-manager/renovate/master-go-golang.…
cert-manager-prow[bot] May 28, 2026
f012e23
fix(deps): update cloud go deps
renovate[bot] May 28, 2026
ac10078
Merge pull request #8807 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] May 28, 2026
8064192
Merge pull request #8822 from lunarwhite/add-filter
cert-manager-prow[bot] May 28, 2026
2393f3a
initial commit
May 19, 2026
d7b6cfd
merged TokenCache into the Venafi struct
May 21, 2026
bbd74cb
fix per-issuer caching
May 26, 2026
912f581
removed tokenCache
May 28, 2026
4d01105
Apply suggestions from code review
FelixPhipps May 28, 2026
eff208a
updating acme to latest master
hjoshi123 May 26, 2026
ead2dd6
Merge pull request #8824 from hjoshi123/chore/update-acme-master
cert-manager-prow[bot] May 28, 2026
8998dc0
fix(deps): update k8s.io/utils digest to ff6756f
renovate[bot] May 28, 2026
97ab9d6
Merge pull request #8829 from cert-manager/renovate/master-k8s.io-uti…
cert-manager-prow[bot] May 28, 2026
530e192
fix(deps): update cloud go deps
renovate[bot] May 28, 2026
30c53db
Merge pull request #8830 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] May 28, 2026
828b64d
Fix helm-values.startupapicheck.resources description
jsoref May 28, 2026
5e2a9f2
Merge pull request #8831 from jsoref/startupapicheck-pod-desc
cert-manager-prow[bot] May 28, 2026
2ce8d2b
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot May 29, 2026
1ea4e0c
Merge pull request #8832 from cert-manager/self-upgrade-master
cert-manager-prow[bot] May 29, 2026
c48cde4
comments addressed 2
May 28, 2026
1194305
Update pkg/issuer/venafi/client/venaficlient.go
FelixPhipps May 29, 2026
77e2f5d
Merge pull request #8808 from FelixPhipps/vcert-logic-observability-V…
cert-manager-prow[bot] May 29, 2026
8bf0d0a
fix(deps): update cloud go deps
renovate[bot] May 29, 2026
c43a6bd
Support `runtimeClassName` (#8791)
jsoref May 31, 2026
b56a081
Use samplewebhook image name from tarball manifest
wallrj May 31, 2026
db36fd8
Merge pull request #8834 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 1, 2026
cc38648
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 2, 2026
76b81dd
Merge pull request #8840 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 2, 2026
76b077c
chore(deps): update dependency kubernetes-sigs/kind to v0.32.0
renovate[bot] Jun 2, 2026
6634227
Fix bug in kind images script
erikgb Jun 2, 2026
26d9f5f
fix(deps): update cloud go deps
renovate[bot] Jun 2, 2026
13ec4b5
Merge pull request #8839 from cert-manager/renovate/master-kubernetes…
cert-manager-prow[bot] Jun 2, 2026
6fe976f
Merge pull request #8836 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 3, 2026
dbf8aee
Merge pull request #8821 from wallrj/samplewebhook-ci-debug
cert-manager-prow[bot] Jun 3, 2026
7dc980b
feat(pkcs12): Support the "Modern2026" profile (#8841)
seanorama Jun 3, 2026
46c3921
Fix Venafi issuer to authenticate before pinging or signing
wallrj-cyberark Jun 3, 2026
cb9ca08
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 4, 2026
5342974
Merge pull request #8845 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 4, 2026
16da052
Fix Venafi NGTS issuer not reconciling on Secret changes
wallrj-cyberark Jun 4, 2026
5c8a455
Merge pull request #8843 from wallrj-cyberark/fix-venafi-ping-auth-order
cert-manager-prow[bot] Jun 4, 2026
c4d3719
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 5, 2026
59c5f53
Merge pull request #8850 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 5, 2026
aad9e7d
build-on-tag now requires a logging option
maelvls Jun 5, 2026
ae2ae8b
Merge pull request #8851 from maelvls/fix-logs-gcb-custom-serviceaccount
inteon Jun 5, 2026
60a1298
fix(deps): update cloud go deps
renovate[bot] Jun 5, 2026
f661ac9
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 6, 2026
c0a1ad5
Merge pull request #8852 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 6, 2026
30e61f6
Merge pull request #8842 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 6, 2026
86fc922
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 7, 2026
456baba
Merge pull request #8854 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 7, 2026
e213c0a
update base images to Debian 13 (#8849)
ltwongaa Jun 7, 2026
9e88576
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 8, 2026
5d49c5c
Merge pull request #8856 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 8, 2026
615d7b1
build-on-tag: let's store GCB logs in a bucket
maelvls Jun 8, 2026
88b9749
fix(deps): update golang.org/x deps to v0.21.0
renovate[bot] Jun 8, 2026
77182ab
Merge pull request #8861 from cert-manager/renovate/master-golang.org…
cert-manager-prow[bot] Jun 8, 2026
ddf50a1
fix(deps): update golang.org/x deps to v0.53.0
renovate[bot] Jun 8, 2026
438258c
Merge pull request #8862 from cert-manager/renovate/master-golang.org…
cert-manager-prow[bot] Jun 8, 2026
e2d5fd3
fix(deps): update cloud go deps
renovate[bot] Jun 10, 2026
783f394
chore(deps): update base images
renovate[bot] Jun 11, 2026
05f9044
Merge pull request #8864 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 11, 2026
5d3e135
fix(deps): update github.com/onsi deps to v2.30.0
renovate[bot] Jun 11, 2026
77442e9
Merge pull request #8869 from cert-manager/renovate/master-github.com…
cert-manager-prow[bot] Jun 11, 2026
d9bb4e7
replace non-breaking spaces with spaces
lotheac Jun 12, 2026
95120a8
Merge pull request #8870 from lotheac/push-ouvouvyrmkoo
cert-manager-prow[bot] Jun 12, 2026
3ef51f1
Merge pull request #8867 from cert-manager/renovate/master-base-images
cert-manager-prow[bot] Jun 12, 2026
6700481
venafi issuer: correctly classify Venafi NGTS network errors
maelvls Jun 11, 2026
e1fd486
Merge pull request #8868 from cert-manager/fix-ngts-network-error-cla…
cert-manager-prow[bot] Jun 12, 2026
09a8b0b
Merge pull request #8857 from maelvls/fix-logs-gcb-custom-serviceaccount
cert-manager-prow[bot] Jun 12, 2026
d46c907
fix(deps): update kubernetes go patches to v0.36.2
renovate[bot] Jun 12, 2026
958e319
Merge pull request #8872 from cert-manager/renovate/master-kubernetes…
cert-manager-prow[bot] Jun 12, 2026
a21735e
Fix kind image switch
erikgb Jun 13, 2026
950538a
Merge pull request #8874 from erikgb/k8s-kind-1-36-fix
cert-manager-prow[bot] Jun 13, 2026
f52b2e2
Try fixing Renovate for release branches
erikgb Jun 14, 2026
101c253
fix(deps): update github.com/onsi deps
renovate[bot] Jun 14, 2026
4c8ebab
Merge pull request #8879 from cert-manager/renovate/master-github.com…
cert-manager-prow[bot] Jun 15, 2026
f52ac2a
Merge pull request #8781 from wallrj/wallrj/docs/acme-challenge-sched…
cert-manager-prow[bot] Jun 15, 2026
f368f56
Merge pull request #8878 from erikgb/better-release-branch-renovate
cert-manager-prow[bot] Jun 15, 2026
20e2036
BOT: run 'make upgrade-klone' and 'make generate'
cert-manager-bot Jun 15, 2026
fc5f570
Merge pull request #8873 from cert-manager/self-upgrade-master
cert-manager-prow[bot] Jun 15, 2026
802bd77
chore(deps): update makefile modules to 7835ffe
renovate[bot] Jun 16, 2026
64a2ddf
Merge pull request #8881 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 16, 2026
cd0c67f
fix(deps): update cloud go deps
renovate[bot] Jun 16, 2026
969de20
Skip ACME self-check when waitInsteadOfSelfCheck is set
wallrj Jun 8, 2026
919de80
Merge pull request #8858 from wallrj/1292-wait-instead-of-self-check
cert-manager-prow[bot] Jun 16, 2026
f94f120
Merge pull request #8803 from SebTardif/fix-doh-unbounded-read
cert-manager-prow[bot] Jun 16, 2026
9d7df4f
Merge pull request #8882 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 16, 2026
8229d0d
fix(deps): update cloud go deps to v0.285.0
renovate[bot] Jun 16, 2026
8956a8b
adding initial implementation of ari
hjoshi123 May 2, 2026
8481d19
Merge pull request #8883 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 17, 2026
437fed6
Merge pull request #8813 from immanuwell/fix-cron-timezone-prefix-panic
cert-manager-prow[bot] Jun 17, 2026
0c946dc
chore(deps): update makefile modules to 92aeb18
renovate[bot] Jun 18, 2026
b659677
Merge pull request #8888 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 18, 2026
2d1b5c2
docs: fix broken appendix anchor in gatewayapi-listenerset design
s3onghyun Jun 18, 2026
7f07b1c
Merge pull request #8889 from s3onghyun/docs-listenerset-anchor
cert-manager-prow[bot] Jun 18, 2026
587ab73
chore(deps): update makefile modules to 5d90d75
renovate[bot] Jun 18, 2026
4bf02dc
Merge pull request #8890 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 18, 2026
6e0362c
chore(deps): update makefile modules to 3968a05
renovate[bot] Jun 18, 2026
b0307b9
chore(deps): update misc github actions to v7
renovate[bot] Jun 18, 2026
59beb99
Merge pull request #8897 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 18, 2026
1fe38ad
Merge pull request #8898 from cert-manager/renovate/master-major-misc…
cert-manager-prow[bot] Jun 18, 2026
808670f
Disable makefile-modules upgrades on release branches
erikgb Jun 18, 2026
c4508a8
Make "Base Images" Renovate group consistent
erikgb Jun 18, 2026
faf0dec
Merge pull request #8902 from erikgb/fix-base-image-group
cert-manager-prow[bot] Jun 19, 2026
a7e955b
Merge pull request #8901 from erikgb/disable-makefile-modules-release…
cert-manager-prow[bot] Jun 19, 2026
7637598
Fix various Renovate issues for release branches
erikgb Jun 19, 2026
fd3d831
Merge pull request #8913 from erikgb/fix-renovate-release-branches
cert-manager-prow[bot] Jun 19, 2026
1578087
Fix PR title for release branch PRs
erikgb Jun 19, 2026
15561ea
Merge pull request #8916 from erikgb/release-branch-pr-title
cert-manager-prow[bot] Jun 19, 2026
65cc1d0
Revert "Fix PR title for release branch PRs"
erikgb Jun 19, 2026
6c92537
Merge pull request #8917 from cert-manager/revert-8916-release-branch…
cert-manager-prow[bot] Jun 19, 2026
0568440
chore(deps): update makefile modules to 6c59e94
renovate[bot] Jun 19, 2026
dbc027e
Merge pull request #8920 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 19, 2026
422cce8
Clarify gosec suppressions in ACME reachability test
erikgb Jun 20, 2026
f9431aa
chore(deps): update makefile modules to 2439727
renovate[bot] Jun 22, 2026
d386e1a
Fix nolintlint violations
erikgb Jun 22, 2026
e268774
Merge pull request #8928 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 22, 2026
4e38677
Reject '..' path segments in Vault Issuer path fields
wallrj-cyberark Jun 23, 2026
2f5e83d
Remove default tokenrequest RBAC from Helm chart
wallrj-cyberark Jun 23, 2026
ca9c6bd
Fix Renovate config for release branches
erikgb Jun 23, 2026
3c5fd49
Merge pull request #8932 from erikgb/fix-renovate-release
cert-manager-prow[bot] Jun 23, 2026
f08a12f
fix(deps): update github.com/onsi deps
renovate[bot] Jun 23, 2026
8b18b62
Merge pull request #8934 from cert-manager/renovate/master-github.com…
cert-manager-prow[bot] Jun 23, 2026
76a1e8d
Merge pull request #8930 from wallrj-cyberark/vault-path-hardening
cert-manager-prow[bot] Jun 24, 2026
378cab4
adding e2e tests
hjoshi123 Jun 11, 2026
720a7b9
Fix e2e Pebble setup when _bin/downloaded is absent
wallrj Jun 25, 2026
535439f
chore(deps): update makefile modules to 5a6dfa5
renovate[bot] Jun 25, 2026
7079f59
Merge pull request #8936 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 25, 2026
e9bdbda
Merge pull request #8924 from erikgb/acme-test-reachability-gosec
cert-manager-prow[bot] Jun 25, 2026
b648da9
Merge pull request #8931 from wallrj-cyberark/revert-default-tokenreq…
cert-manager-prow[bot] Jun 25, 2026
3668573
Merge pull request #8798 from hjoshi123/feat/ari-integration
cert-manager-prow[bot] Jun 25, 2026
94c4131
fix: validation for certificates was failing for long durations due t…
ThatsMrTalbot Jun 25, 2026
4f55450
Cleanup Helm metrics path and port
erikgb Jun 27, 2026
2451bf6
feature: process annotation `cert-manager.io/alt-names` (#8927)
jabbrwcky Jun 27, 2026
555e6f3
Merge pull request #8947 from ThatsMrTalbot/fix/fix-overflow-in-cert-…
cert-manager-prow[bot] Jun 27, 2026
3fd5a9e
fix(deps): update module software.sslmate.com/src/go-pkcs12 to v0.7.2…
renovate[bot] Jun 27, 2026
25016bc
fix(deps): update module github.com/onsi/gomega to v1.42.1
renovate[bot] Jun 27, 2026
6401b21
fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v7
renovate[bot] Jun 27, 2026
3e643b0
Merge pull request #8950 from cert-manager/renovate/master-github.com…
cert-manager-prow[bot] Jun 27, 2026
f43c2ae
Merge pull request #8949 from cert-manager/renovate/master-go-softwar…
cert-manager-prow[bot] Jun 27, 2026
9653125
Merge pull request #8955 from cert-manager/renovate/master-github.com…
cert-manager-prow[bot] Jun 27, 2026
0eea546
fix(deps): update k8s.io/utils digest to be93311
renovate[bot] Jun 28, 2026
6f4033d
chore(deps): update makefile modules to fb0281c
renovate[bot] Jun 28, 2026
2f784a4
Merge pull request #8951 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 28, 2026
0c70620
fix(deps): update cloud go deps
renovate[bot] Jun 28, 2026
fc998e5
chore(deps): update makefile modules to 72b0d34
renovate[bot] Jun 28, 2026
4091bde
Merge pull request #8956 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 28, 2026
db5b254
Renew webhook serving certificate after system suspend
wallrj-cyberark Jun 29, 2026
a15ae50
Harden ACME Challenge and Order RBAC (GHSA-8rvj-mm4h-c258)
wallrj-cyberark Jun 29, 2026
485ccc8
Harden ACME Challenge and Order validation (GHSA-8rvj-mm4h-c258)
wallrj-cyberark Jun 29, 2026
4003160
chore(deps): update makefile modules to c9f456a
renovate[bot] Jun 29, 2026
292b2c9
Merge pull request #8948 from wallrj-cyberark/GHSA-8rvj-mm4h-c258
cert-manager-prow[bot] Jun 29, 2026
f92fb19
Merge pull request #8959 from cert-manager/renovate/master-makefile-m…
cert-manager-prow[bot] Jun 29, 2026
4f6ca30
Revert "Harden ACME Challenge and Order validation (GHSA-8rvj-mm4h-c2…
wallrj-cyberark Jun 29, 2026
93c4855
Merge pull request #8464 from Peac36/fix/5861
cert-manager-prow[bot] Jun 29, 2026
3ce7883
Merge pull request #8952 from erikgb/cleanup-metrics-ports-paths
cert-manager-prow[bot] Jun 29, 2026
935817b
Merge pull request #8961 from cert-manager/revert-8948-GHSA-8rvj-mm4h…
cert-manager-prow[bot] Jun 29, 2026
01d44b8
Merge pull request #8954 from cert-manager/renovate/master-k8s.io-uti…
cert-manager-prow[bot] Jun 29, 2026
574631a
Merge pull request #8958 from wallrj-cyberark/GHSA-8rvj-mm4h-c258-rbac
cert-manager-prow[bot] Jun 29, 2026
6c4900c
Merge pull request #8933 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 29, 2026
2f4a024
Merge pull request #8938 from wallrj/fix-pebble-download-dir
cert-manager-prow[bot] Jun 29, 2026
4cec655
fix(deps): update module github.com/aws/smithy-go to v1.27.3
renovate[bot] Jun 30, 2026
3ba4868
vcert: upgrade lib so that the ngts API defaults to the correct api.s…
maelvls Jun 18, 2026
356461a
Merge pull request #8891 from maelvls/upgrade-vcert
cert-manager-prow[bot] Jun 30, 2026
c6b8e1e
chore(deps): update module sigs.k8s.io/gateway-api to v1.6.0
renovate[bot] Jun 30, 2026
e90f177
fix(deps): update module sigs.k8s.io/gateway-api to v1.6.0
renovate[bot] Jun 30, 2026
5839ec7
Merge pull request #8964 from cert-manager/renovate/master-cloud-go-deps
cert-manager-prow[bot] Jun 30, 2026
daa45e8
Merge pull request #8965 from cert-manager/renovate/master-sigs.k8s.i…
cert-manager-prow[bot] Jun 30, 2026
7f7ba03
Drop stale nolint directive and improve FIXME comment after gateway-a…
wallrj-cyberark Jun 30, 2026
32aa49b
Merge pull request #8966 from cert-manager/renovate/master-kubernetes…
cert-manager-prow[bot] Jun 30, 2026
24baa42
adding check for race condition of get v/s list in trigger ctrl
hjoshi123 Jun 29, 2026
21c067f
Merge pull request #8962 from hjoshi123/fix/cert-owner-secret-race-co…
cert-manager-prow[bot] Jun 30, 2026
d661bf6
Add configurable max backoff for certificate request retries
lunarwhite May 4, 2026
35e46aa
Respect configured max backoff in trigger controller
lunarwhite Jun 18, 2026
ae67234
Merge pull request #8893 from lunarwhite/max-backoff-duration
cert-manager-prow[bot] Jun 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 0 additions & 2 deletions .bazelignore

This file was deleted.

7 changes: 0 additions & 7 deletions .bazelrc

This file was deleted.

9 changes: 9 additions & 0 deletions .clomonitor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# License scanning information
licenseScanning:
# URL with the repository's license scanning results
#
# CLOMonitor can extract license scanning results from FOSSA and Snyk badges
# in the repository README.md file automatically. If your repository uses a
# different scanning solution, this url can be set to pass the corresponding
# check.
url: https://github.com/cert-manager/cert-manager/blob/master/LICENSES
6 changes: 3 additions & 3 deletions .github/ISSUE_TEMPLATE/bug.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ about: Report a bug to help us improve cert-manager
<!--
Bugs should be filed for issues encountered whilst operating cert-manager.
You should first attempt to resolve your issues through the community support
channels, e.g. Slack, in order to rule out individual configuration errors.
channels, e.g., Slack, in order to rule out individual configuration errors.
Please provide as much detail as possible.
-->

Expand All @@ -30,10 +30,10 @@ gain an understanding of the problem.-->

**Anything else we need to know?**:

**Environment details:**:
**Environment details**:
- Kubernetes version:
- Cloud-provider/provisioner:
- cert-manager version:
- Install method: e.g. helm/static manifests
- Install method: e.g., helm/static manifests

/kind bug
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/feature-request.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ about: Suggest an idea to improve cert-manager
- Kubernetes version:
- Cloud-provider/provisioner:
- cert-manager version:
- Install method: e.g. helm/static manifests
- Install method: e.g., helm/static manifests


/kind feature
7 changes: 6 additions & 1 deletion .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,14 @@ Thanks for opening a pull request! Here are some tips to get everything merged s

### Kind

<!--
The kind(s) listed after "kind" after this comment will be used by a bot to add labels when the PR is opened.
If omitted at PR creation, someone will need to make a new comment with them later (editing the description after the fact will not trigger the bot).
-->
/kind
<!--

Pick a kind which best describes your PR from the following list:
Pick the kind(s) which best describe your PR from the following list:

<cleanup | bug | feature | documentation | design | flake>

Expand Down
91 changes: 91 additions & 0 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
{
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
extends: [
'github>cert-manager/makefile-modules:renovate-config.json5'
],
baseBranchPatterns: [
'master',
'release-1.20',
'release-1.19',
],
addLabels: [
'kind/cleanup',
'release-note-none',
],
customManagers: [
{
customType: 'regex',
managerFilePatterns: [
'make/base_images.mk',
],
matchStrings: [
'(?<depName>gcr\\.io\/[^@]+)@(?<currentDigest>sha256:[a-f0-9]{64})',
],
datasourceTemplate: 'docker',
// this tag must match the tag used in hack/latest-base-images.sh
currentValueTemplate: 'nonroot'
},
{
customType: 'regex',
managerFilePatterns: [
'hack/latest-kind-images.sh',
'make/02_mod.mk',
],
matchStrings: [
"#\\s*renovate:\\s*datasource=(?<datasource>\\S+)\\s+packageName=(?<packageName>\\S+)\\s*\\n(?<varName>[A-Za-z0-9_]+)\\s*(?::=|\\?=|=)\\s*(?<currentValue>\\S+)"
]
},
],
packageRules: [
{
description: 'Ungroup all updates on release branches',
matchBaseBranches: [
'/^release-.*/',
],
groupName: null,
},
{
groupName: 'Base Images',
matchManagers: [
'custom.regex',
],
matchFileNames: [
'make/base_images.mk',
],
addLabels: [
'skip-review', // Adding label to allow PRs to automerge
],
},
{
groupName: null,
matchManagers: [
'custom.regex',
],
matchPackageNames: [
'kubernetes-sigs/kind',
],
postUpgradeTasks: {
commands: [
'hack/latest-kind-images.sh',
],
},
},
{
description: 'Ignore updates in general on release branches',
matchBaseBranches: [
'/^release-.*/',
],
enabled: false,
},
{
description: 'Enable base image updates on release branches',
matchBaseBranches: [
'/^release-.*/',
],
matchFileNames: [
'make/base_images.mk',
],
enabled: true,
},
],
}
37 changes: 37 additions & 0 deletions .github/workflows/govulncheck.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead.

# Run govulncheck at midnight every night on the main branch,
# to alert us to recent vulnerabilities which affect the Go code in this
# project.
name: govulncheck
on:
workflow_dispatch: {}
schedule:
- cron: '0 0 * * *'

permissions:
contents: read

jobs:
govulncheck:
runs-on: ubuntu-latest

if: github.repository == 'cert-manager/cert-manager'

steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# Adding `fetch-depth: 0` makes sure tags are also fetched. We need
# the tags so `git describe` returns a valid version.
# see https://github.com/actions/checkout/issues/701 for extra info about this option
with: { fetch-depth: 0 }

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"

- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ${{ steps.go-version.outputs.result }}

- run: make verify-govulncheck
55 changes: 55 additions & 0 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '43 13 * * 6'
push:
branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
if: github.ref_name == github.event.repository.default_branch
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write

steps:
- name: "Checkout code"
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif

# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true

# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
with:
sarif_file: results.sarif
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,14 @@
/hack/build/dockerfiles/cert-manager-*_*_*
.vscode
.venv
bazel-*
/.settings/
/.project
_artifacts/
/vendor/
bin/
_bin/
.bin/
user.bazelrc
*.bak
/go.work.sum
**/go.work
.claude
96 changes: 96 additions & 0 deletions .golangci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
version: "2"
linters:
default: none
settings:
dogsled:
# Checks assignments with too many blank identifiers.
# Default: 2
max-blank-identifiers: 4
exhaustive:
default-signifies-exhaustive: true
gosec:
excludes:
- G101 # Look for hardcoded credentials
- G204 # Audit use of command execution
- G306 # Poor file permissions used when writing to a file
staticcheck:
checks: ["all", "-ST1000", "-ST1001", "-ST1003", "-ST1005", "-ST1012", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-QF1001", "-QF1003", "-QF1008"]
exclusions:
generated: lax
presets: [comments, common-false-positives, legacy, std-error-handling]
paths: [third_party, builtin$, examples$]
warn-unused: true
disable:
- nilnil
enable:
- asasalint
- asciicheck
- bidichk
- bodyclose
- canonicalheader
- contextcheck
- copyloopvar
- decorder
- dogsled
- dupword
- durationcheck
- errcheck
- errchkjson
- errname
- exhaustive
- exptostd
- forbidigo
- ginkgolinter
- gocheckcompilerdirectives
- gochecksumtype
- gocritic
- goheader
- goprintffuncname
- gosec
- gosmopolitan
- govet
- grouper
- importas
- ineffassign
- interfacebloat
- intrange
- loggercheck
- makezero
- mirror
- misspell
- modernize
- musttag
- nakedret
- nilerr
- nilnil
- noctx
- nolintlint
- nosprintfhostport
- predeclared
- promlinter
- protogetter
- reassign
- sloglint
- staticcheck
- tagalign
- testableexamples
- unconvert
- unparam
- unused
- usestdlibvars
- usetesting
- wastedassign
formatters:
enable: [gci, gofmt]
settings:
gci:
sections:
- standard # Standard section: captures all standard packages.
- default # Default section: contains all imports that could not be matched to another section type.
- localmodule # Local module section: contains all local packages. This section is not present unless explicitly enabled.
- blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled.
- dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled.
custom-order: true
exclusions:
generated: lax
paths: [third_party, builtin$, examples$]
Loading