Update dependencies (#8)

* Update dependencies
ThomasVitale · Jul 19, 2023 · 506b0c0 · 506b0c0
1 parent ed49c5d
commit 506b0c0
Show file tree

Hide file tree

Showing 21 changed files with 55 additions and 116 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,6 +18,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 0.1.1
+      version: 0.2.0
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ jobs:
     name: Integration Tests
     strategy:
       matrix:
-        k8s_version: [v1.24, v1.25, v1.26]
+        k8s_version: [v1.25, v1.26, v1.27]
     permissions:
       contents: read
     uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-K8S_VERSION=v1.26
+K8S_VERSION=v1.27
 
 # Build package configuration
 build: package
@@ -26,6 +26,10 @@ ytt:
 schema:
 	ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > schema-openapi.yml
 
+# Use kbld to resolve the OCI images referenced within the manifests
+kbld:
+	rm -f package/.imgpkg/images.yml && mkdir -p package/.imgpkg && kbld --file package/config --imgpkg-lock-output package/.imgpkg/images.yml 1>> /dev/null
+
 # Check the ytt-annotated Kubernetes configuration and its validation
 test-config:
 	ytt -f package/config | kubeconform -ignore-missing-schemas -summary

diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 ![Test Workflow](https://github.com/kadras-io/tekton-catalog/actions/workflows/test.yml/badge.svg)
 ![Release Workflow](https://github.com/kadras-io/tekton-catalog/actions/workflows/release.yml/badge.svg)
-[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v0.1/levels)
+[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v1.0/levels)
 [![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Follow us on Twitter](https://img.shields.io/static/v1?label=Twitter&message=Follow&color=1DA1F2)](https://twitter.com/kadrasIO)
 
@@ -12,7 +12,7 @@ A Carvel package providing a set of Tekton pipelines and tasks used by the Kadra
 
 ### Prerequisites
 
-* Kubernetes 1.24+
+* Kubernetes 1.25+
 * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.
 * Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.
 
@@ -30,10 +30,9 @@ Tekton Catalog requires the [Tekton Pipelines](https://github.com/kadras-io/pack
 Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster:
 
   ```shell
-  kubectl create namespace kadras-packages
   kctrl package repository add -r kadras-packages \
     --url ghcr.io/kadras-io/kadras-packages \
-    -n kadras-packages
+    -n kadras-packages --create-namespace
   ```
 
 <details><summary>Installation without package repository</summary>

diff --git a/package/config/config-writer/git-write-config-and-pr-task.yml b/package/config/config-writer/git-write-config-and-pr-task.yml
@@ -66,7 +66,7 @@ spec:
       mountPath: /workspaces/repo-dir
   steps:
     - name: prepare-config-files
-      image: paketobuildpacks/build-jammy-base:0.1.48
+      image: paketobuildpacks/build-jammy-base
       workingDir: /tekton/home
       securityContext:
         runAsNonRoot: true
@@ -79,7 +79,7 @@ spec:
         eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key) && mv \(.key) $(workspaces.config-dir.path)/"')"
 
     - name: git-commit-and-push
-      image: cgr.dev/chainguard/git:2.40
+      image: cgr.dev/chainguard/git
       securityContext:
         runAsNonRoot: true
       script: |
@@ -125,7 +125,7 @@ spec:
         echo "$commit_branch" > /workspaces/repo-dir/commit_branch
 
     - name: open-pr
-      image: ghcr.io/jenkins-x/jx-scm:0.2.21
+      image: ghcr.io/jenkins-x/jx-scm
       workingDir: /tekton/home
       script: |
         #!/usr/bin/env sh

diff --git a/package/config/config-writer/git-write-config-task.yml b/package/config/config-writer/git-write-config-task.yml
@@ -39,7 +39,7 @@ spec:
       mountPath: /workspace/config-dir
   steps:
     - name: prepare-config-files
-      image: paketobuildpacks/build-jammy-base:0.1.48
+      image: paketobuildpacks/build-jammy-base
       workingDir: /tekton/home
       securityContext:
         runAsNonRoot: true
@@ -52,7 +52,7 @@ spec:
         eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key) && mv \(.key) $(workspaces.config-dir.path)/"')"
 
     - name: git-commit-and-push
-      image: cgr.dev/chainguard/git:2.40
+      image: cgr.dev/chainguard/git
       securityContext:
         runAsNonRoot: true
       script: |

diff --git a/...config-writer/image-write-config-task.yml → ...g/config-writer/oci-write-config-task.yml b/...config-writer/image-write-config-task.yml → ...g/config-writer/oci-write-config-task.yml
@@ -2,11 +2,11 @@
 apiVersion: tekton.dev/v1
 kind: Task
 metadata:
-  name: image-write-config
+  name: oci-write-config
 spec:
   description: |-
     Consumes application deployment configuration files as a Base64-encoded JSON and
-    pushes them to an OCI registry as an image bundle (imgpkg format).
+    pushes them to an OCI registry as an OCI bundle (imgpkg artifact type).
   params:
     - name: bundle
       description: The fully qualified name of the OCI repository where to push the configuration files.
@@ -23,7 +23,7 @@ spec:
       mountPath: /workspace/config-dir
   steps:
     - name: prepare-config-files
-      image: paketobuildpacks/build-jammy-base:0.1.48
+      image: paketobuildpacks/build-jammy-base
       workingDir: /tekton/home
       securityContext:
         runAsNonRoot: true
@@ -35,8 +35,8 @@ spec:
         echo '$(params.files)' | base64 -d > files.json
         eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key) && mv \(.key) $(workspaces.config-dir.path)/"')"
     
-    - name: publish-config-bundle
-      image: paketobuildpacks/build-jammy-base:0.1.48
+    - name: publish-oci-bundle
+      image: paketobuildpacks/build-jammy-base
       workingDir: /tekton/home
       securityContext:
         runAsNonRoot: true
@@ -50,7 +50,7 @@ spec:
         curl -L https://carvel.dev/install.sh | K14SIO_INSTALL_BIN_DIR=local-bin bash
         export PATH=$PWD/local-bin/:$PATH
 
-        # Initialize bundle
+        # Initialize OCI bundle
         mkdir -p .imgpkg
         echo "---
         apiVersion: imgpkg.carvel.dev/v1alpha1

diff --git a/package/config/kbld-config.yml b/package/config/kbld-config.yml
@@ -0,0 +1,12 @@
+---
+apiVersion: kbld.k14s.io/v1alpha1
+kind: Config
+
+#! Search rules specify custom strategies for kbld to identify references for container images.
+#! See more about the search rules: https://carvel.dev/kbld/docs/latest/config/#search-rules.
+searchRules:
+
+  # Resolves the image references from the Tekton tasks.
+  - keyMatcher: 
+      name: image
+      path: [spec, steps, {allIndexes: true}]
diff --git a/package/config/scanning/grype-scan-image-task.yml b/package/config/scanning/grype-scan-image-task.yml
@@ -8,13 +8,13 @@ metadata:
     apps.kadras.io/scanner: grype
     apps.kadras.io/target: image
 spec:
-  description: Scans a given OCI image with Grype.
+  description: Scans a given OCI image for vulnerabilities with Grype.
   params:
     - name: image
     - name: grype-args
       default:
         - "--only-fixed"
   steps:
     - name: scan
-      image: anchore/grype:v0.61.0
+      image: anchore/grype
       args: ["$(params.image)", "$(params.grype-args[*])"]
diff --git a/package/config/scanning/grype-scan-source-task.yml b/package/config/scanning/grype-scan-source-task.yml
@@ -8,7 +8,7 @@ metadata:
     apps.kadras.io/scanner: grype
     apps.kadras.io/target: source
 spec:
-  description: Scans a given application source code directory with Grype.
+  description: Scans a given application source code directory for vulnerabilities with Grype.
   params:
     - name: source-url
     - name: source-revision
@@ -21,7 +21,7 @@ spec:
       mountPath: /workspace/source-dir
   steps:
     - name: prepare
-      image: paketobuildpacks/build-jammy-base:0.1.48
+      image: paketobuildpacks/build-jammy-base
       workingDir: /tekton/home
       securityContext:
         runAsNonRoot: true
@@ -31,6 +31,6 @@ spec:
         cd $(params.source-subpath)
         mv * $(workspaces.source-dir.path)
     - name: scan
-      image: anchore/grype:v0.61.0
+      image: anchore/grype
       workingDir: $(workspaces.source-dir.path)
       args: ["dir:.", "$(params.grype-args[*])"]
diff --git a/package/config/scanning/trivy-scan-image-task.yml b/package/config/scanning/trivy-scan-image-task.yml
@@ -8,13 +8,13 @@ metadata:
     apps.kadras.io/scanner: trivy
     apps.kadras.io/target: image
 spec:
-  description: Scans a given OCI image with Trivy.
+  description: Scans a given OCI image for vulnerabilities with Trivy.
   params:
     - name: image
     - name: trivy-args
       default:
         - "--ignore-unfixed"
   steps:
     - name: scan
-      image: aquasec/trivy:0.39.0
+      image: aquasec/trivy
       args: ["image", "$(params.trivy-args[*])", "$(params.image)"]
diff --git a/package/config/scanning/trivy-scan-source-task.yml b/package/config/scanning/trivy-scan-source-task.yml
@@ -8,7 +8,7 @@ metadata:
     apps.kadras.io/scanner: trivy
     apps.kadras.io/target: source
 spec:
-  description: Scans a given application source code directory with Trivy.
+  description: Scans a given application source code directory for vulnerabilities with Trivy.
   params:
     - name: source-url
     - name: source-revision
@@ -21,7 +21,7 @@ spec:
       mountPath: /workspace/source-dir
   steps:
     - name: prepare
-      image: paketobuildpacks/build-jammy-base:0.1.48
+      image: paketobuildpacks/build-jammy-base
       workingDir: /tekton/home
       securityContext:
         runAsNonRoot: true
@@ -31,6 +31,6 @@ spec:
         cd $(params.source-subpath)
         mv * $(workspaces.source-dir.path)
     - name: scan
-      image: aquasec/trivy:0.39.0
+      image: aquasec/trivy
       workingDir: $(workspaces.source-dir.path)
       args: ["fs", "$(params.trivy-args[*])", "."]
diff --git a/package/config/testing/golang-test-pipeline.yml b/package/config/testing/golang-test-pipeline.yml
@@ -7,7 +7,7 @@ metadata:
     apps.kadras.io/pipeline: test
     apps.kadras.io/language: golang
 spec:
-  description: Runs tests for a GO application.
+  description: Runs tests for a Go application.
   params:
     - name: source-url
     - name: source-revision
@@ -28,7 +28,7 @@ spec:
           - name: source-subpath
         steps:
           - name: test
-            image: cgr.dev/chainguard/go:1.20
+            image: cgr.dev/chainguard/go
             securityContext:
               runAsNonRoot: true
             script: |-

diff --git a/package/config/testing/java-gradle-test-pipeline.yml b/package/config/testing/java-gradle-test-pipeline.yml
diff --git a/package/config/testing/java-maven-test-pipeline.yml b/package/config/testing/java-maven-test-pipeline.yml
diff --git a/package/config/testing/java-test-pipeline.yml b/package/config/testing/java-test-pipeline.yml
@@ -28,7 +28,7 @@ spec:
           - name: source-subpath
         steps:
           - name: test
-            image: cgr.dev/chainguard/jdk:openjdk-17
+            image: cgr.dev/chainguard/jdk
             securityContext:
               runAsNonRoot: true
             script: |-

diff --git a/test/integration/kuttl-test.yml b/test/integration/kuttl-test.yml
@@ -17,8 +17,8 @@ commands:
   - script: |
       kubectl config set-context --current --namespace=tests && \
       kapp deploy -a tekton-pipelines-package -y \
-        -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.46.0+kadras.2/package.yml \
-        -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.46.0+kadras.2/metadata.yml
+        -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.49.0/package.yml \
+        -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.49.0/metadata.yml
   - script: |
       kubectl config set-context --current --namespace=tests && \
       kapp deploy -a dependencies -y -f ./test/setup/dependencies
diff --git a/test/setup/dependencies/tekton-pipelines.yml b/test/setup/dependencies/tekton-pipelines.yml
@@ -12,4 +12,4 @@ spec:
   packageRef:
     refName: tekton-pipelines.packages.kadras.io
     versionSelection:
-      constraints: 0.46.0+kadras.2
+      constraints: 0.49.0
diff --git a/test/setup/kind/v1.25/kind-config.yml b/test/setup/kind/v1.25/kind-config.yml
@@ -3,6 +3,6 @@ kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
 - role: control-plane
-  image: kindest/node:v1.25.8
+  image: kindest/node:v1.25.11
 - role: worker
-  image: kindest/node:v1.25.8
+  image: kindest/node:v1.25.11
diff --git a/test/setup/kind/v1.26/kind-config.yml b/test/setup/kind/v1.26/kind-config.yml
@@ -3,6 +3,6 @@ kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
 - role: control-plane
-  image: kindest/node:v1.26.3
+  image: kindest/node:v1.26.6
 - role: worker
-  image: kindest/node:v1.26.3
+  image: kindest/node:v1.26.6
diff --git a/test/setup/kind/v1.24/kind-config.yml → test/setup/kind/v1.27/kind-config.yml b/test/setup/kind/v1.24/kind-config.yml → test/setup/kind/v1.27/kind-config.yml
@@ -3,6 +3,6 @@ kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
 - role: control-plane
-  image: kindest/node:v1.24.12
+  image: kindest/node:v1.27.3
 - role: worker
-  image: kindest/node:v1.24.12
+  image: kindest/node:v1.27.3