Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update rhtap references (main) #132

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

chore(deps): update rhtap references (main) #132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
a0e1115
Update resources to work with image SHAs (#85)
bouskaJ Nov 10, 2023
4c07b4d
Nightly metrics (#81)
tommyd450 Nov 15, 2023
3a862c2
SECURESIGN-276 | Install helm charts with a binary CLI (#94)
Dec 1, 2023
5d26e2d
Use standart crypto library to generate certificates (#101)
osmman Dec 5, 2023
86ffe89
fix(deps): update module golang.org/x/term to v0.15.0 (#97)
renovate[bot] Dec 6, 2023
914bdbc
chore(deps): update rhtap references (#83)
red-hat-konflux[bot] Dec 6, 2023
57947b4
chore(deps): update rhtap references (#113)
red-hat-konflux[bot] Dec 12, 2023
75fed9e
chore(deps): update actions/setup-python action to v5 (#107)
renovate[bot] Jan 5, 2024
c486173
chore(deps): update actions/setup-go action to v5 (#108)
renovate[bot] Jan 5, 2024
863242c
chore(deps): update rhtap references
Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ jobs:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: 3.7

- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version: ^1

Expand Down Expand Up @@ -50,7 +50,7 @@ jobs:
with:
version: v3.12.3

- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: 3.7

Expand Down
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,6 @@ keys-cert
**ADMIN**

.idea

tas-install
pull-secret.json
26 changes: 13 additions & 13 deletions .tekton/client-server-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:82737c8d365c620295fa526d21a481d4614f657800175ddc0ccd7846c54207f8
- name: kind
value: task
resolver: bundles
Expand All @@ -64,7 +64,7 @@ spec:
- name: name
value: summary
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:243b13105967b251c1facd55159165809a9fa797215af613997ac6a16798db73
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:f65a69aaf71cbab382eff685eee522ad35068a4d91d233e76cef7d42ff15a686
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -157,7 +157,7 @@ spec:
- name: name
value: init
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:3d8f01fa59596a998d30dc700fcf7377f09d60008337290eebaeaf604512ce2b
- name: kind
value: task
resolver: bundles
Expand All @@ -174,7 +174,7 @@ spec:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478
- name: kind
value: task
resolver: bundles
Expand All @@ -199,7 +199,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:ca366af4f096e94dad40a327a09328a5e4bed4d0292a213165861e9e19bf380e
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:0b7bec23b6c08f37138a86e569835842763b3aa42f4455fd70ba3986350e07c7
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -234,7 +234,7 @@ spec:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e38365a7acbe4a6135fa72096513e24795dc7a8ed8f6be5fa0c7bf0f30484ac6
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:351af2c0e5eeb92a5d6d4083847c1559475b596cda7671f489756d5302a4c847
- name: kind
value: task
resolver: bundles
Expand All @@ -259,7 +259,7 @@ spec:
- name: name
value: source-build
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:e751a76622743cf51b35ba230768be9886535b7cf51491c2b8513979e7a577d8
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:f8c5dec871fb5347eb2fc61d44754bcc101897aecf953b374ab3e8315e1a9804
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -288,7 +288,7 @@ spec:
- name: name
value: inspect-image
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:d27c6ff7b9be6df786f489f8a5d4a8f0619d77e45f0d12e4a730157b60873c82
- name: kind
value: task
resolver: bundles
Expand All @@ -311,7 +311,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:f23d0cca3c02a78fb2b2760d0fba28a3196fa7bcc106da35f45ef95d1f8e7065
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:a299ff57d97f3924020634625dfb9bbc66547124ca23a3396e338c645f7b4a8e
- name: kind
value: task
resolver: bundles
Expand All @@ -333,7 +333,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:f6a5a24cb8faa590d4f3adc204a197fd89da1bcea365963af9ac66838c030816
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:63b42c0fc23d05e26776a0e7c4f0ab00750096ebfe1eed9a7ba96f8b27713fbf
- name: kind
value: task
resolver: bundles
Expand All @@ -350,7 +350,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:f57c69cfedf37a46dd61285b5b9b4805ff196facaad2d7cdeded496c77d31bec
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:47515cb119225bba55c593876610bd890f8efcbb66bb57fb0c0881ddd47ce558
- name: kind
value: task
resolver: bundles
Expand All @@ -375,7 +375,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:b7d194547892219c663c4414d3bbb18e0c1798353e3922e4dc2b63ef9169adb9
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:353fa2cda9855217cfcec3303973b666a10f384795630cf0eb13b874c24b0f7a
- name: kind
value: task
resolver: bundles
Expand All @@ -397,7 +397,7 @@ spec:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:0ca48e1dffde39efe97b3252386f529241d6b276fe812a88774a9f37fc45f742
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:bf49861b3bbee2129e8d1b5966fc2a7c3f259d96a5fcef5674d05c9cb21ab540
- name: kind
value: task
resolver: bundles
Expand Down
26 changes: 13 additions & 13 deletions .tekton/client-server-push.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:82737c8d365c620295fa526d21a481d4614f657800175ddc0ccd7846c54207f8
- name: kind
value: task
resolver: bundles
Expand All @@ -61,7 +61,7 @@ spec:
- name: name
value: summary
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:243b13105967b251c1facd55159165809a9fa797215af613997ac6a16798db73
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:f65a69aaf71cbab382eff685eee522ad35068a4d91d233e76cef7d42ff15a686
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -154,7 +154,7 @@ spec:
- name: name
value: init
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:3d8f01fa59596a998d30dc700fcf7377f09d60008337290eebaeaf604512ce2b
- name: kind
value: task
resolver: bundles
Expand All @@ -171,7 +171,7 @@ spec:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478
- name: kind
value: task
resolver: bundles
Expand All @@ -196,7 +196,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:ca366af4f096e94dad40a327a09328a5e4bed4d0292a213165861e9e19bf380e
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:0b7bec23b6c08f37138a86e569835842763b3aa42f4455fd70ba3986350e07c7
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -231,7 +231,7 @@ spec:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e38365a7acbe4a6135fa72096513e24795dc7a8ed8f6be5fa0c7bf0f30484ac6
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:351af2c0e5eeb92a5d6d4083847c1559475b596cda7671f489756d5302a4c847
- name: kind
value: task
resolver: bundles
Expand All @@ -256,7 +256,7 @@ spec:
- name: name
value: source-build
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:e751a76622743cf51b35ba230768be9886535b7cf51491c2b8513979e7a577d8
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:f8c5dec871fb5347eb2fc61d44754bcc101897aecf953b374ab3e8315e1a9804
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -285,7 +285,7 @@ spec:
- name: name
value: inspect-image
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:d27c6ff7b9be6df786f489f8a5d4a8f0619d77e45f0d12e4a730157b60873c82
- name: kind
value: task
resolver: bundles
Expand All @@ -308,7 +308,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:f23d0cca3c02a78fb2b2760d0fba28a3196fa7bcc106da35f45ef95d1f8e7065
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:a299ff57d97f3924020634625dfb9bbc66547124ca23a3396e338c645f7b4a8e
- name: kind
value: task
resolver: bundles
Expand All @@ -330,7 +330,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:f6a5a24cb8faa590d4f3adc204a197fd89da1bcea365963af9ac66838c030816
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:63b42c0fc23d05e26776a0e7c4f0ab00750096ebfe1eed9a7ba96f8b27713fbf
- name: kind
value: task
resolver: bundles
Expand All @@ -347,7 +347,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:f57c69cfedf37a46dd61285b5b9b4805ff196facaad2d7cdeded496c77d31bec
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:47515cb119225bba55c593876610bd890f8efcbb66bb57fb0c0881ddd47ce558
- name: kind
value: task
resolver: bundles
Expand All @@ -372,7 +372,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:b7d194547892219c663c4414d3bbb18e0c1798353e3922e4dc2b63ef9169adb9
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:353fa2cda9855217cfcec3303973b666a10f384795630cf0eb13b874c24b0f7a
- name: kind
value: task
resolver: bundles
Expand All @@ -394,7 +394,7 @@ spec:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:0ca48e1dffde39efe97b3252386f529241d6b276fe812a88774a9f37fc45f742
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:bf49861b3bbee2129e8d1b5966fc2a7c3f259d96a5fcef5674d05c9cb21ab540
- name: kind
value: task
resolver: bundles
Expand Down
2 changes: 1 addition & 1 deletion charts/trusted-artifact-signer/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,4 @@ sources:
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.22
version: 0.1.24
11 changes: 10 additions & 1 deletion charts/trusted-artifact-signer/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

A Helm chart for deploying Sigstore scaffold chart that is opinionated for OpenShift

![Version: 0.1.22](https://img.shields.io/badge/Version-0.1.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

## Overview

Expand Down Expand Up @@ -117,6 +117,15 @@ Kubernetes: `>= 1.19.0-0`
| configs.fulcio.server.secret.public_key_file | file containing signer public key | string | `""` |
| configs.fulcio.server.secret.root_cert | fulcio root certificate authority (CA) | string | `""` |
| configs.fulcio.server.secret.root_cert_file | file containing fulcio root certificate authority (CA) | string | `""` |
| configs.sigstore_monitoring.namespace | | string | `"sigstore-monitoring"` |
| configs.sigstore_monitoring.namespace_create | | bool | `true` |
| configs.segment_backup_job.image.registry | | string | `"quay.io"` |
| configs.segment_backup_job.image.pullPolicy | | string | `"IfNotPresent"` |
| configs.segment_backup_job.image.registry | | string | `"quay.io"` |
| configs.segment_backup_job.image.repository | | string | `"redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/segment-backup-job"` |
| configs.segment_backup_job.image.version | | string | `"sha256:d5b5f7942e898a056d2268083e2d4a45f763bce5697c0e9788d5aa0ec382cc44"` |
| configs.segment_backup_job.name | | string | `"nightlyMetricsCollection"` |
| configs.segment_backup_job.namespace | | string | `"sigstore-monitoring"` |
| configs.rekor.clusterMonitoring.enabled | | bool | `true` |
| configs.rekor.clusterMonitoring.endpoints[0].interval | | string | `"30s"` |
| configs.rekor.clusterMonitoring.endpoints[0].port | | string | `"2112-tcp"` |
Expand Down
11 changes: 11 additions & 0 deletions charts/trusted-artifact-signer/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,14 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Create the image path for the passed in image field
*/}}
{{- define "image" -}}
{{- if eq (substr 0 7 .version) "sha256:" -}}
{{- printf "%s/%s@%s" .registry .repository .version -}}
{{- else -}}
{{- printf "%s/%s:%s" .registry .repository .version -}}
{{- end -}}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/trusted-artifact-signer/templates/clientserver-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
serviceAccountName: {{ .Values.configs.clientserver.name }}
containers:
- name: tas-clients
image: "{{ .Values.configs.clientserver.image.registry }}/{{ .Values.configs.clientserver.image.repository }}:{{ .Values.configs.clientserver.image.version }}"
image: "{{ template "image" .Values.configs.clientserver.image }}"
#image: quay.io/sallyom/tas-clients:httpd
imagePullPolicy: IfNotPresent
ports:
Expand Down
2 changes: 1 addition & 1 deletion charts/trusted-artifact-signer/templates/cosign-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
{{- end }}
containers:
- name: {{ .Values.configs.cosign_deploy.name }}
image: "{{ .Values.configs.cosign_deploy.image.registry }}/{{ .Values.configs.cosign_deploy.image.repository }}:{{ .Values.configs.cosign_deploy.image.version }}"
image: "{{ template "image" .Values.configs.cosign_deploy.image }}"
env:
- name: OPENSHIFT_APPS_SUBDOMAIN
value: {{ .Values.global.appsSubdomain }}
Expand Down
37 changes: 37 additions & 0 deletions charts/trusted-artifact-signer/templates/segment-backup-cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ .Values.configs.segment_backup_job.name }}
namespace: {{ .Values.configs.segment_backup_job.namespace }}
spec:
schedule: "0 0 * * *"
concurrencyPolicy: "Replace"
startingDeadlineSeconds: 200
suspend: false
successfulJobsHistoryLimit: 7
failedJobsHistoryLimit: 3
jobTemplate:
spec:
template:
metadata:
name: {{ .Values.configs.segment_backup_job.name }}
labels:
parent: "segment-backup-job"
spec:
restartPolicy: OnFailure
serviceAccountName: segment-backup-job
containers:
- name: {{ .Values.configs.segment_backup_job.name }}
# image: "{{ .Values.configs.segment_backup_job.image.registry }}/{{ .Values.configs.segment_backup_job.image.repository }}/{{ .Values.configs.segment_backup_job.image.version }}"
image: "{{ .Values.configs.segment_backup_job.image.registry }}/{{ .Values.configs.segment_backup_job.image.repository }}@{{ .Values.configs.segment_backup_job.image.version }}"
command: ["/bin/bash", "/opt/app-root/src/script.sh"]
env:
- name: RUN_TYPE
value: "nightly"
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
19 changes: 19 additions & 0 deletions charts/trusted-artifact-signer/templates/segment-backup-job-clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: segment-backup-job
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- apiGroups:
- "route.openshift.io"
resources:
- routes
verbs:
- get
- list
Loading