From 487cd027b5465928e306254999ad2c73ecfa09ab Mon Sep 17 00:00:00 2001
From: knative-automation <automation@knative.team>
Date: Mon, 3 Oct 2022 10:06:22 -0400
Subject: [PATCH] upgrade to latest dependencies (#5258)

bumping knative.dev/hack 9b76387...b3c9790:
  > b3c9790 Notarize Mac binaries (# 231)
  > 0198902 Format go code (# 226)
  > 7dff557 Update community files (# 233)
  > 6887217 Update community files (# 232)

Signed-off-by: Knative Automation <automation@knative.team>

Signed-off-by: Knative Automation <automation@knative.team>
---
 go.mod                             |  2 +-
 go.sum                             |  4 ++--
 vendor/knative.dev/hack/release.sh | 27 +++++++++++++++++++++++++++
 vendor/modules.txt                 |  2 +-
 4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index bee6d7dfb..5ff074759 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	gopkg.in/go-playground/webhooks.v3 v3.13.0
 	gopkg.in/yaml.v2 v2.3.0
 	honnef.co/go/tools v0.0.1-2020.1.5 // indirect
-	knative.dev/hack v0.0.0-20220923094413-9b7638704a22
+	knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5
 )
 
 replace go.opencensus.io => go.opencensus.io v0.20.2
diff --git a/go.sum b/go.sum
index 4204ff169..21b10eeae 100644
--- a/go.sum
+++ b/go.sum
@@ -538,8 +538,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.5 h1:nI5egYTGJakVyOryqLs1cQO5dO0ksin5XXs2pspk75k=
 honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-knative.dev/hack v0.0.0-20220923094413-9b7638704a22 h1:Pty/0SZvsBxYRh3DXqjd/DcjuXE0m3+69pDl2wbfj00=
-knative.dev/hack v0.0.0-20220923094413-9b7638704a22/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
+knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5 h1:iVRcbOZrI6XBc/JZh/IJZ56858QdoEV3DSbjy7XbKBg=
+knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/vendor/knative.dev/hack/release.sh b/vendor/knative.dev/hack/release.sh
index 6e0b7c58e..a32a8e519 100644
--- a/vendor/knative.dev/hack/release.sh
+++ b/vendor/knative.dev/hack/release.sh
@@ -104,6 +104,9 @@ ARTIFACTS_TO_PUBLISH=""
 FROM_NIGHTLY_RELEASE=""
 FROM_NIGHTLY_RELEASE_GCS=""
 SIGNING_IDENTITY=""
+APPLE_CODESIGN_KEY=""
+APPLE_NOTARY_API_KEY=""
+APPLE_CODESIGN_PASSWORD_FILE=""
 export KO_DOCKER_REPO="gcr.io/knative-nightly"
 # Build stripped binary to reduce size
 export GOFLAGS="-ldflags=-s -ldflags=-w"
@@ -314,6 +317,21 @@ function sign_release() {
   if [ -z "${SIGN_IMAGES:-}" ]; then # Temporary Feature Gate
     return 0
   fi
+
+  # Notarizing mac binaries needs to be done before cosign as it changes the checksum values
+  # of the darwin binaries
+ if [ -n "${APPLE_CODESIGN_KEY}" ] && [ -n "${APPLE_CODESIGN_PASSWORD}" ] && [ -n "${APPLE_NOTARY_API_KEY}" ]; then
+    FILES=$(find -- * -type f -name "*darwin*")
+    for file in $FILES; do
+      rcodesign sign "${file}" --p12-file="${APPLE_CODESIGN_KEY}" \
+        --code-signature-flags=runtime \
+        --p12-password-file="${APPLE_CODESIGN_PASSWORD_FILE}"
+    done
+    zip files.zip "$FILES"
+    rcodesign notary-submit files.zip --api-key-path="${APPLE_NOTARY_API_KEY}" --wait
+    sha256sum "${ARTIFACTS_TO_PUBLISH//checksums.txt/}" > checksums.txt
+  fi
+
   ## Sign the images with cosign
   ## For now, check if ko has created imagerefs.txt file. In the future, missing image refs will break
   ## the release for all jobs that publish images.
@@ -438,6 +456,15 @@ function parse_flags() {
             [[ $1 =~ ^v[0-9]+-[0-9a-f]+$ ]] || abort "nightly tag must be 'vYYYYMMDD-commithash'"
             FROM_NIGHTLY_RELEASE=$1
             ;;
+          --apple-codesign-key)
+            APPLE_CODESIGN_KEY=$1
+            ;;
+          --apple-codesign-password-file)
+            APPLE_CODESIGN_PASSWORD_FILE=$1
+            ;;
+          --apple-notary-api-key)
+            APPLE_NOTARY_API_KEY=$1
+            ;;
           *) abort "unknown option ${parameter}" ;;
         esac
     esac
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 52227b0ef..0f0996b07 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -286,7 +286,7 @@ gopkg.in/go-playground/webhooks.v3/github
 gopkg.in/yaml.v2
 # honnef.co/go/tools v0.0.1-2020.1.5
 ## explicit
-# knative.dev/hack v0.0.0-20220923094413-9b7638704a22
+# knative.dev/hack v0.0.0-20221003111221-b3c97904d3b5
 ## explicit
 knative.dev/hack
 # go.opencensus.io => go.opencensus.io v0.20.2