upgrade to latest dependencies (#5258)

bumping knative.dev/hack 9b76387...b3c9790:
  > b3c9790 Notarize Mac binaries (# 231)
  > 0198902 Format go code (# 226)
  > 7dff557 Update community files (# 233)
  > 6887217 Update community files (# 232)

Signed-off-by: Knative Automation <automation@knative.team>

Signed-off-by: Knative Automation <automation@knative.team>

go.mod

@@ -28,7 +28,7 @@ require (
 	gopkg.in/go-playground/webhooks.v3 v3.13.0
 	gopkg.in/yaml.v2 v2.3.0
 	honnef.co/go/tools v0.0.1-2020.1.5 // indirect
-	knative.dev/hack v0.0.0-20220923094413-9b7638704a22
+	knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5
 )
 
 replace go.opencensus.io => go.opencensus.io v0.20.2

go.sum

@@ -538,8 +538,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.5 h1:nI5egYTGJakVyOryqLs1cQO5dO0ksin5XXs2pspk75k=
 honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-knative.dev/hack v0.0.0-20220923094413-9b7638704a22 h1:Pty/0SZvsBxYRh3DXqjd/DcjuXE0m3+69pDl2wbfj00=
-knative.dev/hack v0.0.0-20220923094413-9b7638704a22/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
+knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5 h1:iVRcbOZrI6XBc/JZh/IJZ56858QdoEV3DSbjy7XbKBg=
+knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

vendor/knative.dev/hack/release.sh

@@ -104,6 +104,9 @@ ARTIFACTS_TO_PUBLISH=""
 FROM_NIGHTLY_RELEASE=""
 FROM_NIGHTLY_RELEASE_GCS=""
 SIGNING_IDENTITY=""
+APPLE_CODESIGN_KEY=""
+APPLE_NOTARY_API_KEY=""
+APPLE_CODESIGN_PASSWORD_FILE=""
 export KO_DOCKER_REPO="gcr.io/knative-nightly"
 # Build stripped binary to reduce size
 export GOFLAGS="-ldflags=-s -ldflags=-w"
@@ -314,6 +317,21 @@ function sign_release() {
   if [ -z "${SIGN_IMAGES:-}" ]; then # Temporary Feature Gate
     return 0
   fi
+
+  # Notarizing mac binaries needs to be done before cosign as it changes the checksum values
+  # of the darwin binaries
+ if [ -n "${APPLE_CODESIGN_KEY}" ] && [ -n "${APPLE_CODESIGN_PASSWORD}" ] && [ -n "${APPLE_NOTARY_API_KEY}" ]; then
+    FILES=$(find -- * -type f -name "*darwin*")
+    for file in $FILES; do
+      rcodesign sign "${file}" --p12-file="${APPLE_CODESIGN_KEY}" \
+        --code-signature-flags=runtime \
+        --p12-password-file="${APPLE_CODESIGN_PASSWORD_FILE}"
+    done
+    zip files.zip "$FILES"
+    rcodesign notary-submit files.zip --api-key-path="${APPLE_NOTARY_API_KEY}" --wait
+    sha256sum "${ARTIFACTS_TO_PUBLISH//checksums.txt/}" > checksums.txt
+  fi
+
   ## Sign the images with cosign
   ## For now, check if ko has created imagerefs.txt file. In the future, missing image refs will break
   ## the release for all jobs that publish images.
@@ -438,6 +456,15 @@ function parse_flags() {
             [[ $1 =~ ^v[0-9]+-[0-9a-f]+$ ]] || abort "nightly tag must be 'vYYYYMMDD-commithash'"
             FROM_NIGHTLY_RELEASE=$1
             ;;
+          --apple-codesign-key)
+            APPLE_CODESIGN_KEY=$1
+            ;;
+          --apple-codesign-password-file)
+            APPLE_CODESIGN_PASSWORD_FILE=$1
+            ;;
+          --apple-notary-api-key)
+            APPLE_NOTARY_API_KEY=$1
+            ;;
           *) abort "unknown option ${parameter}" ;;
         esac
     esac

vendor/modules.txt

@@ -286,7 +286,7 @@ gopkg.in/go-playground/webhooks.v3/github
 gopkg.in/yaml.v2
 # honnef.co/go/tools v0.0.1-2020.1.5
 ## explicit
-# knative.dev/hack v0.0.0-20220923094413-9b7638704a22
+# knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5
 ## explicit
 knative.dev/hack
 # go.opencensus.io => go.opencensus.io v0.20.2