From d2ca34cca3fa82ff4d25932c0f8322565926192d Mon Sep 17 00:00:00 2001
From: Zhenya Tikhonov <zhenya.tikhonov@codefresh.io>
Date: Mon, 15 Apr 2024 21:56:46 +0400
Subject: [PATCH 1/2] build: upgrade `dind` to 26.0.0-1.28.6

---
 charts/cf-runtime/.ci/values-ci.yaml |  4 +++-
 charts/cf-runtime/Chart.yaml         | 12 +++++-------
 charts/cf-runtime/README.md          |  8 ++++----
 charts/cf-runtime/values.yaml        |  5 +++--
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/charts/cf-runtime/.ci/values-ci.yaml b/charts/cf-runtime/.ci/values-ci.yaml
index 16430894..28753499 100644
--- a/charts/cf-runtime/.ci/values-ci.yaml
+++ b/charts/cf-runtime/.ci/values-ci.yaml
@@ -23,7 +23,7 @@ runner:
 runtime:
   dind:
     image:
-      tag: 25.0.4-1.28.5-rootless
+      tag: 26.0.0-1.28.6-rootless
     podLabels:
       key: dind
     resources:
@@ -33,6 +33,8 @@ runtime:
     limits:
         cpu: 1000m
         memory: 1024Mi
+    env:
+      DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: "true"
   engine:
     podLabels:
       key: engine
diff --git a/charts/cf-runtime/Chart.yaml b/charts/cf-runtime/Chart.yaml
index e04e3496..2730d4a0 100644
--- a/charts/cf-runtime/Chart.yaml
+++ b/charts/cf-runtime/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 description: A Helm chart for Codefresh Runner
 name: cf-runtime
-version: 6.3.19
+version: 6.3.20
 keywords:
   - codefresh
   - runner
@@ -14,15 +14,13 @@ maintainers:
     url: https://codefresh-io.github.io/
 annotations:
   # 💡 Do not forget to update this annotation:
-  artifacthub.io/containsSecurityUpdates: "false"
+  artifacthub.io/containsSecurityUpdates: "true"
   # Supported kinds: `added`, `changed`, `deprecated`, `removed`, `fixed`, `security`:
   artifacthub.io/changes: |
     - kind: changed
-      description: Upgrade engine to v1.169.9
-    - kind: changed
-      description: Upgrade cf-app-proxy to v0.0.47
-    - kind: fixed
-      description: Fix TLS for MongoDB and Redis
+      description: Upgrade dind to 26.0.0-1.28.6
+    - kind: security
+      description: Fix some CVE
 dependencies:
   - name: cf-common
     repository: oci://quay.io/codefresh/charts
diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md
index 2050f073..a4f730c5 100644
--- a/charts/cf-runtime/README.md
+++ b/charts/cf-runtime/README.md
@@ -1,6 +1,6 @@
 ## Codefresh Runner
 
-![Version: 6.3.19](https://img.shields.io/badge/Version-6.3.19-informational?style=flat-square)
+![Version: 6.3.20](https://img.shields.io/badge/Version-6.3.20-informational?style=flat-square)
 
 Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes.
 
@@ -1013,10 +1013,10 @@ Go to [https://<YOUR_ONPREM_DOMAIN_HERE>/admin/runtime-environments/system](http
 | runtime.accounts | list | `[]` | (for On-Premise only) Assign accounts to runtime (list of account ids) |
 | runtime.agent | bool | `true` | (for On-Premise only) Enable agent |
 | runtime.description | string | `""` | Runtime description |
-| runtime.dind | object | `{"affinity":{},"env":{},"image":{"registry":"quay.io","repository":"codefresh/dind","tag":"25.0.4-1.28.5"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"pvcs":{"dind":{"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). |
+| runtime.dind | object | `{"affinity":{},"env":{"DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE":"true"},"image":{"registry":"quay.io","repository":"codefresh/dind","tag":"26.0.0-1.28.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"pvcs":{"dind":{"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). |
 | runtime.dind.affinity | object | `{}` | Set affinity |
-| runtime.dind.env | object | `{}` | Set additional env vars. |
-| runtime.dind.image | object | `{"registry":"quay.io","repository":"codefresh/dind","tag":"25.0.4-1.28.5"}` | Set dind image. |
+| runtime.dind.env | object | `{"DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE":"true"}` | Set additional env vars. |
+| runtime.dind.image | object | `{"registry":"quay.io","repository":"codefresh/dind","tag":"26.0.0-1.28.6"}` | Set dind image. |
 | runtime.dind.nodeSelector | object | `{}` | Set node selector. |
 | runtime.dind.podAnnotations | object | `{}` | Set pod annotations. |
 | runtime.dind.podLabels | object | `{}` | Set pod labels. |
diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml
index 2a50395d..cdde4142 100644
--- a/charts/cf-runtime/values.yaml
+++ b/charts/cf-runtime/values.yaml
@@ -431,7 +431,7 @@ runtime:
     image:
       registry: quay.io
       repository: codefresh/dind
-      tag: 25.0.4-1.28.5  # use `latest-rootless/rootless/25.0.4-1.28.5-rootless` tags for rootless-dind
+      tag: 26.0.0-1.28.6  # use `latest-rootless/rootless/26.0.0-1.28.6-rootless` tags for rootless-dind
     # -- Set dind resources.
     resources:
       requests: null
@@ -455,7 +455,8 @@ runtime:
         reuseVolumeSelector: codefresh-app,io.codefresh.accountName
         reuseVolumeSortOrder: pipeline_id
     # -- Set additional env vars.
-    env: {}
+    env:
+      DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: "true"
     # -- Set pod annotations.
     podAnnotations: {}
     # -- Set pod labels.

From f685b9df30d2efb53b470bf1a3b1e4b6215a638d Mon Sep 17 00:00:00 2001
From: Zhenya Tikhonov <zhenya.tikhonov@codefresh.io>
Date: Mon, 15 Apr 2024 22:42:15 +0400
Subject: [PATCH 2/2] test: fix tests

---
 .../tests/private-registry/private_registry_test.yaml           | 2 ++
 charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml        | 1 +
 charts/cf-runtime/tests/runtime/runtime_test.yaml               | 1 +
 3 files changed, 4 insertions(+)

diff --git a/charts/cf-runtime/tests/private-registry/private_registry_test.yaml b/charts/cf-runtime/tests/private-registry/private_registry_test.yaml
index 3882b661..dc1fadd0 100644
--- a/charts/cf-runtime/tests/private-registry/private_registry_test.yaml
+++ b/charts/cf-runtime/tests/private-registry/private_registry_test.yaml
@@ -67,6 +67,8 @@ tests:
               type: DindKubernetesPod
               dindImage: "somedomain.io/codefresh/dind:tagoverride"
               userAccess: true
+              envVars:
+                DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: "true"
               cluster:
                 namespace: codefresh
                 serviceAccount: codefresh-engine
diff --git a/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml b/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml
index c5e89b01..dbfdea07 100644
--- a/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml
+++ b/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml
@@ -94,6 +94,7 @@ tests:
               userAccess: true
               envVars:
                 ALICE: BOB
+                DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: "true"
               cluster:
                 namespace: codefresh
                 serviceAccount: service-account-override
diff --git a/charts/cf-runtime/tests/runtime/runtime_test.yaml b/charts/cf-runtime/tests/runtime/runtime_test.yaml
index dcb83fb9..87fbc552 100644
--- a/charts/cf-runtime/tests/runtime/runtime_test.yaml
+++ b/charts/cf-runtime/tests/runtime/runtime_test.yaml
@@ -104,6 +104,7 @@ tests:
               userAccess: true
               envVars:
                 ALICE: BOB
+                DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: "true"
               cluster:
                 namespace: codefresh
                 serviceAccount: service-account-override