{{- /* Core defines the common configuration used by all webhook segments */}}
{{/* Copy just what we need to avoid expensive deepCopy */}}
{{- $whv := dict
 "revision" .Values.revision
  "injectionPath" .Values.istiodRemote.injectionPath
  "injectionURL" .Values.istiodRemote.injectionURL
  "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy
  "caBundle" .Values.istiodRemote.injectionCABundle
  "namespace" .Release.Namespace }}

    validations:
      required: true

  - type: textarea
    id: repro
    attributes:
      label: How can we reproduce it (as minimally and precisely as possible)?
    validations:
      required: true

  - type: textarea
    id: additional
    attributes:
      label: Anything else we need to know?

  - type: textarea
    id: kubeVersion
    attributes:
      label: Kubernetes version
      value: |

    PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
cni:
  logLevel: info
  ambient:
    enabled: true

  # Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni
  excludeNamespaces:

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # If this run was triggered by a pull request event, then checkout
    # the head of the pull request instead of the merge commit.

# will be created.

name: Release Branch Cherrypick
on:
  workflow_dispatch:
    inputs:
      # We use this instead of the "run on branch" argument because GitHub looks
      # on that branch for a workflow.yml file, and we'd have to cherry-pick
      # this file into those branches.
      release_branch:
        description: 'Release branch name (e.g. r2.9)'
        required: true

version: 2
updates:
# TODO(b/170636568): Enable Maven updates? Perhaps wait until we can more
# easily import the generated PRs into our internal repo.
#  - package-ecosystem: "maven"
#    directory: "/"
#    schedule:
#      interval: "daily"
#  - package-ecosystem: "maven"
#    directory: "/android"
#    schedule:
#      interval: "daily"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:

version: 2
updates:
  # Go configuration for master branch
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"
    # Limit number of open PRs to 0 so that we only get security updates
    # See https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates

      label: "Orthogonality: How does this change interact or overlap with existing features?"
      description: "Is the goal of this change a performance improvement? If so, what quantifiable improvement should we expect? How would we measure it?"
    validations:
      required: false

  - type: textarea
    id: learning-curve
    attributes:
      label: "Would this change make Go easier or harder to learn, and why?"

    PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
cni:
  logLevel: info
  ambient:
    enabled: true

  # Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni
  excludeNamespaces:

    PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
cni:
  logLevel: info
  ambient:
    enabled: true

  # Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni
  excludeNamespaces: