From 506b0c0f53cde26bf3eaeed3ae6920cf656ff101 Mon Sep 17 00:00:00 2001 From: Thomas Vitale Date: Wed, 19 Jul 2023 17:54:44 +0200 Subject: [PATCH] Update dependencies (#8) * Update dependencies --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- Makefile | 6 ++- README.md | 7 ++-- .../git-write-config-and-pr-task.yml | 6 +-- .../config-writer/git-write-config-task.yml | 4 +- ...fig-task.yml => oci-write-config-task.yml} | 12 +++--- package/config/kbld-config.yml | 12 ++++++ .../config/scanning/grype-scan-image-task.yml | 4 +- .../scanning/grype-scan-source-task.yml | 6 +-- .../config/scanning/trivy-scan-image-task.yml | 4 +- .../scanning/trivy-scan-source-task.yml | 6 +-- .../config/testing/golang-test-pipeline.yml | 4 +- .../testing/java-gradle-test-pipeline.yml | 38 ------------------- .../testing/java-maven-test-pipeline.yml | 38 ------------------- package/config/testing/java-test-pipeline.yml | 2 +- test/integration/kuttl-test.yml | 4 +- test/setup/dependencies/tekton-pipelines.yml | 2 +- test/setup/kind/v1.25/kind-config.yml | 4 +- test/setup/kind/v1.26/kind-config.yml | 4 +- .../kind/{v1.24 => v1.27}/kind-config.yml | 4 +- 21 files changed, 55 insertions(+), 116 deletions(-) rename package/config/config-writer/{image-write-config-task.yml => oci-write-config-task.yml} (88%) create mode 100644 package/config/kbld-config.yml delete mode 100644 package/config/testing/java-gradle-test-pipeline.yml delete mode 100644 package/config/testing/java-maven-test-pipeline.yml rename test/setup/kind/{v1.24 => v1.27}/kind-config.yml (61%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8d3e8f7..b4f7f4a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,6 +18,6 @@ jobs: registry-server: ghcr.io registry-username: ${{ github.actor }} image: ${{ github.repository }} - version: 0.1.1 + version: 0.2.0 secrets: pull-request-token: ${{ secrets.GH_ORG_PAT }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f8cf6f0..f178585 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: name: Integration Tests strategy: matrix: - k8s_version: [v1.24, v1.25, v1.26] + k8s_version: [v1.25, v1.26, v1.27] permissions: contents: read uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main diff --git a/Makefile b/Makefile index 2e71539..64002b0 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -K8S_VERSION=v1.26 +K8S_VERSION=v1.27 # Build package configuration build: package @@ -26,6 +26,10 @@ ytt: schema: ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > schema-openapi.yml +# Use kbld to resolve the OCI images referenced within the manifests +kbld: + rm -f package/.imgpkg/images.yml && mkdir -p package/.imgpkg && kbld --file package/config --imgpkg-lock-output package/.imgpkg/images.yml 1>> /dev/null + # Check the ytt-annotated Kubernetes configuration and its validation test-config: ytt -f package/config | kubeconform -ignore-missing-schemas -summary diff --git a/README.md b/README.md index 03562ea..b5b4656 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![Test Workflow](https://github.com/kadras-io/tekton-catalog/actions/workflows/test.yml/badge.svg) ![Release Workflow](https://github.com/kadras-io/tekton-catalog/actions/workflows/release.yml/badge.svg) -[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v0.1/levels) +[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v1.0/levels) [![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Follow us on Twitter](https://img.shields.io/static/v1?label=Twitter&message=Follow&color=1DA1F2)](https://twitter.com/kadrasIO) @@ -12,7 +12,7 @@ A Carvel package providing a set of Tekton pipelines and tasks used by the Kadra ### Prerequisites -* Kubernetes 1.24+ +* Kubernetes 1.25+ * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI. * Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`. @@ -30,10 +30,9 @@ Tekton Catalog requires the [Tekton Pipelines](https://github.com/kadras-io/pack Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster: ```shell - kubectl create namespace kadras-packages kctrl package repository add -r kadras-packages \ --url ghcr.io/kadras-io/kadras-packages \ - -n kadras-packages + -n kadras-packages --create-namespace ```
Installation without package repository diff --git a/package/config/config-writer/git-write-config-and-pr-task.yml b/package/config/config-writer/git-write-config-and-pr-task.yml index 500ef68..c7baf0a 100644 --- a/package/config/config-writer/git-write-config-and-pr-task.yml +++ b/package/config/config-writer/git-write-config-and-pr-task.yml @@ -66,7 +66,7 @@ spec: mountPath: /workspaces/repo-dir steps: - name: prepare-config-files - image: paketobuildpacks/build-jammy-base:0.1.48 + image: paketobuildpacks/build-jammy-base workingDir: /tekton/home securityContext: runAsNonRoot: true @@ -79,7 +79,7 @@ spec: eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key) && mv \(.key) $(workspaces.config-dir.path)/"')" - name: git-commit-and-push - image: cgr.dev/chainguard/git:2.40 + image: cgr.dev/chainguard/git securityContext: runAsNonRoot: true script: | @@ -125,7 +125,7 @@ spec: echo "$commit_branch" > /workspaces/repo-dir/commit_branch - name: open-pr - image: ghcr.io/jenkins-x/jx-scm:0.2.21 + image: ghcr.io/jenkins-x/jx-scm workingDir: /tekton/home script: | #!/usr/bin/env sh diff --git a/package/config/config-writer/git-write-config-task.yml b/package/config/config-writer/git-write-config-task.yml index a76d137..5e0b462 100644 --- a/package/config/config-writer/git-write-config-task.yml +++ b/package/config/config-writer/git-write-config-task.yml @@ -39,7 +39,7 @@ spec: mountPath: /workspace/config-dir steps: - name: prepare-config-files - image: paketobuildpacks/build-jammy-base:0.1.48 + image: paketobuildpacks/build-jammy-base workingDir: /tekton/home securityContext: runAsNonRoot: true @@ -52,7 +52,7 @@ spec: eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key) && mv \(.key) $(workspaces.config-dir.path)/"')" - name: git-commit-and-push - image: cgr.dev/chainguard/git:2.40 + image: cgr.dev/chainguard/git securityContext: runAsNonRoot: true script: | diff --git a/package/config/config-writer/image-write-config-task.yml b/package/config/config-writer/oci-write-config-task.yml similarity index 88% rename from package/config/config-writer/image-write-config-task.yml rename to package/config/config-writer/oci-write-config-task.yml index 8205911..c9d0dcd 100644 --- a/package/config/config-writer/image-write-config-task.yml +++ b/package/config/config-writer/oci-write-config-task.yml @@ -2,11 +2,11 @@ apiVersion: tekton.dev/v1 kind: Task metadata: - name: image-write-config + name: oci-write-config spec: description: |- Consumes application deployment configuration files as a Base64-encoded JSON and - pushes them to an OCI registry as an image bundle (imgpkg format). + pushes them to an OCI registry as an OCI bundle (imgpkg artifact type). params: - name: bundle description: The fully qualified name of the OCI repository where to push the configuration files. @@ -23,7 +23,7 @@ spec: mountPath: /workspace/config-dir steps: - name: prepare-config-files - image: paketobuildpacks/build-jammy-base:0.1.48 + image: paketobuildpacks/build-jammy-base workingDir: /tekton/home securityContext: runAsNonRoot: true @@ -35,8 +35,8 @@ spec: echo '$(params.files)' | base64 -d > files.json eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key) && mv \(.key) $(workspaces.config-dir.path)/"')" - - name: publish-config-bundle - image: paketobuildpacks/build-jammy-base:0.1.48 + - name: publish-oci-bundle + image: paketobuildpacks/build-jammy-base workingDir: /tekton/home securityContext: runAsNonRoot: true @@ -50,7 +50,7 @@ spec: curl -L https://carvel.dev/install.sh | K14SIO_INSTALL_BIN_DIR=local-bin bash export PATH=$PWD/local-bin/:$PATH - # Initialize bundle + # Initialize OCI bundle mkdir -p .imgpkg echo "--- apiVersion: imgpkg.carvel.dev/v1alpha1 diff --git a/package/config/kbld-config.yml b/package/config/kbld-config.yml new file mode 100644 index 0000000..f8e1d58 --- /dev/null +++ b/package/config/kbld-config.yml @@ -0,0 +1,12 @@ +--- +apiVersion: kbld.k14s.io/v1alpha1 +kind: Config + +#! Search rules specify custom strategies for kbld to identify references for container images. +#! See more about the search rules: https://carvel.dev/kbld/docs/latest/config/#search-rules. +searchRules: + + # Resolves the image references from the Tekton tasks. + - keyMatcher: + name: image + path: [spec, steps, {allIndexes: true}] diff --git a/package/config/scanning/grype-scan-image-task.yml b/package/config/scanning/grype-scan-image-task.yml index 2fbf7b9..a23d7b3 100644 --- a/package/config/scanning/grype-scan-image-task.yml +++ b/package/config/scanning/grype-scan-image-task.yml @@ -8,7 +8,7 @@ metadata: apps.kadras.io/scanner: grype apps.kadras.io/target: image spec: - description: Scans a given OCI image with Grype. + description: Scans a given OCI image for vulnerabilities with Grype. params: - name: image - name: grype-args @@ -16,5 +16,5 @@ spec: - "--only-fixed" steps: - name: scan - image: anchore/grype:v0.61.0 + image: anchore/grype args: ["$(params.image)", "$(params.grype-args[*])"] diff --git a/package/config/scanning/grype-scan-source-task.yml b/package/config/scanning/grype-scan-source-task.yml index 9d98ada..129db99 100644 --- a/package/config/scanning/grype-scan-source-task.yml +++ b/package/config/scanning/grype-scan-source-task.yml @@ -8,7 +8,7 @@ metadata: apps.kadras.io/scanner: grype apps.kadras.io/target: source spec: - description: Scans a given application source code directory with Grype. + description: Scans a given application source code directory for vulnerabilities with Grype. params: - name: source-url - name: source-revision @@ -21,7 +21,7 @@ spec: mountPath: /workspace/source-dir steps: - name: prepare - image: paketobuildpacks/build-jammy-base:0.1.48 + image: paketobuildpacks/build-jammy-base workingDir: /tekton/home securityContext: runAsNonRoot: true @@ -31,6 +31,6 @@ spec: cd $(params.source-subpath) mv * $(workspaces.source-dir.path) - name: scan - image: anchore/grype:v0.61.0 + image: anchore/grype workingDir: $(workspaces.source-dir.path) args: ["dir:.", "$(params.grype-args[*])"] diff --git a/package/config/scanning/trivy-scan-image-task.yml b/package/config/scanning/trivy-scan-image-task.yml index b9a9b63..b1c9618 100644 --- a/package/config/scanning/trivy-scan-image-task.yml +++ b/package/config/scanning/trivy-scan-image-task.yml @@ -8,7 +8,7 @@ metadata: apps.kadras.io/scanner: trivy apps.kadras.io/target: image spec: - description: Scans a given OCI image with Trivy. + description: Scans a given OCI image for vulnerabilities with Trivy. params: - name: image - name: trivy-args @@ -16,5 +16,5 @@ spec: - "--ignore-unfixed" steps: - name: scan - image: aquasec/trivy:0.39.0 + image: aquasec/trivy args: ["image", "$(params.trivy-args[*])", "$(params.image)"] diff --git a/package/config/scanning/trivy-scan-source-task.yml b/package/config/scanning/trivy-scan-source-task.yml index ca9e1ca..06fcf79 100644 --- a/package/config/scanning/trivy-scan-source-task.yml +++ b/package/config/scanning/trivy-scan-source-task.yml @@ -8,7 +8,7 @@ metadata: apps.kadras.io/scanner: trivy apps.kadras.io/target: source spec: - description: Scans a given application source code directory with Trivy. + description: Scans a given application source code directory for vulnerabilities with Trivy. params: - name: source-url - name: source-revision @@ -21,7 +21,7 @@ spec: mountPath: /workspace/source-dir steps: - name: prepare - image: paketobuildpacks/build-jammy-base:0.1.48 + image: paketobuildpacks/build-jammy-base workingDir: /tekton/home securityContext: runAsNonRoot: true @@ -31,6 +31,6 @@ spec: cd $(params.source-subpath) mv * $(workspaces.source-dir.path) - name: scan - image: aquasec/trivy:0.39.0 + image: aquasec/trivy workingDir: $(workspaces.source-dir.path) args: ["fs", "$(params.trivy-args[*])", "."] diff --git a/package/config/testing/golang-test-pipeline.yml b/package/config/testing/golang-test-pipeline.yml index af2acab..ba7ff3f 100644 --- a/package/config/testing/golang-test-pipeline.yml +++ b/package/config/testing/golang-test-pipeline.yml @@ -7,7 +7,7 @@ metadata: apps.kadras.io/pipeline: test apps.kadras.io/language: golang spec: - description: Runs tests for a GO application. + description: Runs tests for a Go application. params: - name: source-url - name: source-revision @@ -28,7 +28,7 @@ spec: - name: source-subpath steps: - name: test - image: cgr.dev/chainguard/go:1.20 + image: cgr.dev/chainguard/go securityContext: runAsNonRoot: true script: |- diff --git a/package/config/testing/java-gradle-test-pipeline.yml b/package/config/testing/java-gradle-test-pipeline.yml deleted file mode 100644 index 3877995..0000000 --- a/package/config/testing/java-gradle-test-pipeline.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: java-gradle-test-pipeline - labels: - apps.kadras.io/pipeline: test - apps.kadras.io/language: java-gradle -spec: - description: Runs tests for a Java application using Gradle. - params: - - name: source-url - - name: source-revision - - name: source-subpath - tasks: - - name: test - params: - - name: source-url - value: $(params.source-url) - - name: source-revision - value: $(params.source-revision) - - name: source-subpath - value: $(params.source-subpath) - taskSpec: - params: - - name: source-url - - name: source-revision - - name: source-subpath - steps: - - name: test - image: cgr.dev/chainguard/jdk:openjdk-17 - securityContext: - runAsNonRoot: true - script: |- - wget -qO- $(params.source-url) | tar xvz -m - cd $(params.source-subpath) - chmod +x ./gradlew - ./gradlew test --no-daemon diff --git a/package/config/testing/java-maven-test-pipeline.yml b/package/config/testing/java-maven-test-pipeline.yml deleted file mode 100644 index 9044446..0000000 --- a/package/config/testing/java-maven-test-pipeline.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: java-maven-test-pipeline - labels: - apps.kadras.io/pipeline: test - apps.kadras.io/language: java-maven -spec: - description: Runs tests for a Java application using Maven. - params: - - name: source-url - - name: source-revision - - name: source-subpath - tasks: - - name: test - params: - - name: source-url - value: $(params.source-url) - - name: source-revision - value: $(params.source-revision) - - name: source-subpath - value: $(params.source-subpath) - taskSpec: - params: - - name: source-url - - name: source-revision - - name: source-subpath - steps: - - name: test - image: cgr.dev/chainguard/jdk:openjdk-17 - securityContext: - runAsNonRoot: true - script: |- - wget -qO- $(params.source-url) | tar xvz -m - cd $(params.source-subpath) - chmod +x ./mvnw - ./mvnw test diff --git a/package/config/testing/java-test-pipeline.yml b/package/config/testing/java-test-pipeline.yml index 85587a8..fbec454 100644 --- a/package/config/testing/java-test-pipeline.yml +++ b/package/config/testing/java-test-pipeline.yml @@ -28,7 +28,7 @@ spec: - name: source-subpath steps: - name: test - image: cgr.dev/chainguard/jdk:openjdk-17 + image: cgr.dev/chainguard/jdk securityContext: runAsNonRoot: true script: |- diff --git a/test/integration/kuttl-test.yml b/test/integration/kuttl-test.yml index 03ceac8..e597969 100644 --- a/test/integration/kuttl-test.yml +++ b/test/integration/kuttl-test.yml @@ -17,8 +17,8 @@ commands: - script: | kubectl config set-context --current --namespace=tests && \ kapp deploy -a tekton-pipelines-package -y \ - -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.46.0+kadras.2/package.yml \ - -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.46.0+kadras.2/metadata.yml + -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.49.0/package.yml \ + -f https://github.com/kadras-io/package-for-tekton-pipelines/releases/download/v0.49.0/metadata.yml - script: | kubectl config set-context --current --namespace=tests && \ kapp deploy -a dependencies -y -f ./test/setup/dependencies diff --git a/test/setup/dependencies/tekton-pipelines.yml b/test/setup/dependencies/tekton-pipelines.yml index accb768..cdb3342 100644 --- a/test/setup/dependencies/tekton-pipelines.yml +++ b/test/setup/dependencies/tekton-pipelines.yml @@ -12,4 +12,4 @@ spec: packageRef: refName: tekton-pipelines.packages.kadras.io versionSelection: - constraints: 0.46.0+kadras.2 + constraints: 0.49.0 diff --git a/test/setup/kind/v1.25/kind-config.yml b/test/setup/kind/v1.25/kind-config.yml index 18a17bd..61248f9 100644 --- a/test/setup/kind/v1.25/kind-config.yml +++ b/test/setup/kind/v1.25/kind-config.yml @@ -3,6 +3,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.25.8 + image: kindest/node:v1.25.11 - role: worker - image: kindest/node:v1.25.8 + image: kindest/node:v1.25.11 diff --git a/test/setup/kind/v1.26/kind-config.yml b/test/setup/kind/v1.26/kind-config.yml index 254a0ab..10ec400 100644 --- a/test/setup/kind/v1.26/kind-config.yml +++ b/test/setup/kind/v1.26/kind-config.yml @@ -3,6 +3,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.26.3 + image: kindest/node:v1.26.6 - role: worker - image: kindest/node:v1.26.3 + image: kindest/node:v1.26.6 diff --git a/test/setup/kind/v1.24/kind-config.yml b/test/setup/kind/v1.27/kind-config.yml similarity index 61% rename from test/setup/kind/v1.24/kind-config.yml rename to test/setup/kind/v1.27/kind-config.yml index 580e675..4cc978d 100644 --- a/test/setup/kind/v1.24/kind-config.yml +++ b/test/setup/kind/v1.27/kind-config.yml @@ -3,6 +3,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.24.12 + image: kindest/node:v1.27.3 - role: worker - image: kindest/node:v1.24.12 + image: kindest/node:v1.27.3