{{/*
Complex logic ahead...
We have three sets of values, in order of precedence (last wins):
1. The builtin values.yaml defaults
2. The profile the user selects
3. Users input (-f or --set)

Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2).

However, we can workaround this by placing all of (1) under a specific key (.Values.defaults).

{{/*
Complex logic ahead...
We have three sets of values, in order of precedence (last wins):
1. The builtin values.yaml defaults
2. The profile the user selects
3. Users input (-f or --set)

Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2).

However, we can workaround this by placing all of (1) under a specific key (.Values.defaults).

        it just seem like a sensible behavior for the feature to have?


        Before we make significant changes to existing features in Guava, we really want to be sure
        that it's for a use case that actually comes up in the real world. We want to hear the
        real-world use case so the community can discuss and debate whether this feature is actually

    attributes:
      label: "What is the reason that you could not retract this package instead?"
      description: |
        Requesting we remove a module here only hides the generated documentation on pkg.go.dev.
        It does not affect the behaviour of proxy.golang.org or the go command.
        Instead we recommend using the retract directive which will be processed by all 3 of the above.

    validations:
      required: true

  - type: textarea
    id: repro
    attributes:
      label: How can we reproduce it (as minimally and precisely as possible)?
    validations:
      required: true

  - type: textarea
    id: additional
    attributes:
      label: Anything else we need to know?

  - type: textarea
    id: kubeVersion
    attributes:
      label: Kubernetes version
      value: |

# will be created.

name: Release Branch Cherrypick
on:
  workflow_dispatch:
    inputs:
      # We use this instead of the "run on branch" argument because GitHub looks
      # on that branch for a workflow.yml file, and we'd have to cherry-pick
      # this file into those branches.
      release_branch:
        description: 'Release branch name (e.g. r2.9)'
        required: true

version: 2
updates:
# TODO(b/170636568): Enable Maven updates? Perhaps wait until we can more
# easily import the generated PRs into our internal repo.
#  - package-ecosystem: "maven"
#    directory: "/"
#    schedule:
#      interval: "daily"
#  - package-ecosystem: "maven"
#    directory: "/android"
#    schedule:
#      interval: "daily"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:

version: 2
updates:
  # Go configuration for master branch
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"
    # Limit number of open PRs to 0 so that we only get security updates
    # See https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates

      label: "Orthogonality: How does this change interact or overlap with existing features?"
      description: "Is the goal of this change a performance improvement? If so, what quantifiable improvement should we expect? How would we measure it?"
    validations:
      required: false

  - type: textarea
    id: learning-curve
    attributes:
      label: "Would this change make Go easier or harder to learn, and why?"

    PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
cni:
  logLevel: info
  ambient:
    enabled: true

  # Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni
  excludeNamespaces: