chore(deps): update all dependencies (#85)

* chore(deps): update all dependencies | datasource | package | from | to | | ----------- | ------------------------------------------------------- | ------- | ------- | | github-tags | actions/cache | v3 | v4 | | github-tags | defenseunicorns/uds-identity-config | v0.4.2 | v0.4.3 | | docker | ghcr.io/defenseunicorns/packages/metallb | 0.0.5 | 0.1.0 | | docker | ghcr.io/defenseunicorns/packages/uds/core | 0.21.0 | 0.21.1 | | docker | ghcr.io/defenseunicorns/packages/uds/dev-redis | 0.0.1 | 0.0.2 | | docker | ghcr.io/defenseunicorns/packages/uds/gitlab | 16.10.2 | 16.11.1 | | docker | ghcr.io/defenseunicorns/packages/uds/gitlab-runner | 16.10.0 | 16.11.0 | | docker | ghcr.io/defenseunicorns/packages/uds/jira | 1.17.2 | 1.19.0 | | docker | ghcr.io/defenseunicorns/uds/identity-config | 0.4.2 | 0.4.3 | | docker | gitea/gitea | 1.21.2 | 1.21.11 | | github-tags | google-github-actions/release-please-action | v3 | v4 | | docker | quay.io/karbon/ntnx-csi | v2.6.6 | v2.6.8 | | docker | registry.k8s.io/sig-storage/csi-node-driver-registrar | v2.9.1 | v2.10.1 | | docker | registry.k8s.io/sig-storage/csi-provisioner | v3.6.2 | v4.0.1 | | docker | registry.k8s.io/sig-storage/csi-resizer | v1.9.2 | v1.10.1 | | docker | registry.k8s.io/sig-storage/csi-snapshotter | v6.3.2 | v7.0.2 | | docker | registry.k8s.io/sig-storage/livenessprobe | v2.11.0 | v2.12.0 | | docker | registry.k8s.io/sig-storage/snapshot-controller | v6.3.2 | v7.0.2 | | docker | registry.k8s.io/sig-storage/snapshot-validation-webhook | v6.3.2 | v7.0.2 | * updating package dep list * backing out the metallb change * split exemptions into separate zarf files (temporary workaround for upstream bug) * adjusting gitlab netpols * overrides in the correct helm chart * Update packages/additional-manifests/pepr-policy-exemptions/tmp-csi-exemption/zarf.yaml --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: ablanchard <[email protected]> Co-authored-by: awendt <[email protected]>
defenseunicorns · May 15, 2024 · 99b3776 · 99b3776
1 parent 4c1197b
commit 99b3776
Show file tree

Hide file tree

Showing 13 changed files with 86 additions and 40 deletions.
diff --git a/.github/workflows/publish-bundle.yaml b/.github/workflows/publish-bundle.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.repository }}
@@ -23,14 +23,14 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Login to Registry1
-        uses: docker/login-action@v3
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
         with:
           registry: registry1.dso.mil
           username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
 
       - name: Init zarf cache
-        uses: actions/cache@v3
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         with:
           path: "~/.zarf-cache"
           key: zarf-cache
@@ -46,7 +46,7 @@ jobs:
           df -h
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Create Release Tag
         id: tag
-        uses: google-github-actions/release-please-action@v3
+        uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4
         with:
           command: manifest # use configs in release-please-config.json
       - id: release-flag

diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml
@@ -41,7 +41,7 @@ packages:
 
   - name: core
     repository: ghcr.io/defenseunicorns/packages/uds/core
-    ref: 0.21.0-registry1
+    ref: 0.21.1-registry1
     overrides:
       kube-prometheus-stack:
         kube-prometheus-stack:
@@ -251,10 +251,15 @@ packages:
     path: ../../build
     ref: 0.0.2
 
+  # Additional manifests needed (TODO - remove)
+  - name: additional-manifests-2
+    path: ../../build
+    ref: 0.0.2
+
   # Gitlab
   - name: gitlab-redis
     repository: ghcr.io/defenseunicorns/packages/uds/dev-redis
-    ref: 0.0.1
+    ref: 0.0.2
 
   - name: gitlab-redis-secret
     path: ../../build
@@ -270,9 +275,22 @@ packages:
 
   - name: gitlab
     repository: ghcr.io/defenseunicorns/packages/uds/gitlab
-    ref: 16.10.2-uds.0-registry1
+    ref: 16.11.1-uds.0-registry1
     overrides:
       gitlab:
+        uds-gitlab-config:
+          values:
+            - path: storage.internal
+              value: false
+            - path: postgres.internal
+              value: false
+            - path: redis
+              value: 
+                internal: true
+                selector:
+                  app.kubernetes.io/instance: redis
+                namespace: dev-redis
+                port: 6379
         gitlab:
           variables:
             - name: MIGRATIONS_RESOURCES
@@ -315,7 +333,7 @@ packages:
   # Gitlab Runner
   - name: gitlab-runner
     repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner
-    ref: 16.10.0-uds.0-registry1
+    ref: 16.11.0-uds.0-registry1
 
   # Sonarqube
   - name: sonarqube-database-secret
@@ -333,7 +351,7 @@ packages:
 
   - name: jira
     repository: ghcr.io/defenseunicorns/packages/uds/jira
-    ref: 1.17.2-uds.0-registry1
+    ref: 1.19.0-uds.0-registry1
     overrides:
       jira:
         jira:

diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md
@@ -38,14 +38,14 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
 
 | Name | Package Version (internal) | Application Version | Description |
 |----|----|----|----|
-| [Rook Ceph Zarf Init](https://github.com/defenseunicorns/uds-capability-rook-ceph/pkgs/container/uds-capability%2Frook-ceph%2Finit) | v0.33.0-0.2.7 | N/A | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
-| [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb/tree/v0.0.5) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment |
-| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.20.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
-| [Redis](https://github.com/defenseunicorns/uds-package-dependencies) | 0.0.1 | 7.0.12 | A key-value store used as a data backend for several applications in the stack |
-| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | 16.10.2-uds.0-registry1 | 16.10.2 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
-| [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 16.10.0-uds.0-registry1 | v16.8.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
+| [Nutanix CSI Driver Init](https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_6:CSI-Volume-Driver-v2_6) | v0.33.0 | v2.6.8 | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
+| [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment |
+| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.21.1 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
+| [Redis](https://github.com/defenseunicorns/uds-package-dependencies) | 0.0.2 | 7.0.12 | A key-value store used as a data backend for several applications in the stack |
+| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | 16.11.1-uds.0-registry1 | 16.11.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
+| [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 16.11.0-uds.0-registry1 | v16.11.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
 | [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.6-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images |
-| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.17.2-uds.0-registry1 | 9.12.4 | A collaboration tool used for team management and task organization |
+| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.19.0-uds.0-registry1 | 9.15.1 | A collaboration tool used for team management and task organization |
 | [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.18.0-uds.0-registry1 | 8.8.0 | A knowledge management tool used by teams to organize information |
 | [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.7.2-uds.0-registry1 | 9.7.2 | An instance of Mattermost, a self-hosted chat and collaboration platform |
 | [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.66.0-uds.1-registry1 | 3.66.0-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts |
@@ -61,8 +61,8 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
 | [Prometheus](https://prometheus.io/) | 2.51.2 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) |
 | [Grafana](https://github.com/grafana/grafana) | 10.4.2 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo |
 | [Neuvector](https://www.suse.com/neuvector/) | 5.3.2 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection |
-| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.13.1 | A tool for orchistrating backups of cluster state and storage |
+| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.13.2 | A tool for orchistrating backups of cluster state and storage |
 | [Authservice](https://github.com/istio-ecosystem/authservice) | 0.5.3 | A tool for simplifying and automating auth workflows via Istio integration |
 | [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.1 | A container metrics aggregation and exporter for kubernetes |
 | [Pepr](https://pepr.dev/) | 0.29.2 | Declarative automation for managing deployments and security policy enorcement |
-| [Keycloak](https://github.com/defenseunicorns/uds-core) | 24.0.2 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
+| [Keycloak](https://github.com/defenseunicorns/uds-core) | 24.0.4 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
diff --git a/packages/additional-manifests/pepr-policy-exemptions/README.md b/packages/additional-manifests/pepr-policy-exemptions/README.md
@@ -0,0 +1,3 @@
+Due to an upstream bug ([tracked here](https://github.com/defenseunicorns/pepr/issues/745)) in pepr, each exemption needs to be installed sequentially 1 at a time and the easiest way to do that is separate zarf files.
+
+TODO - track progress against that issue, and return the nutanix-csi-exemption to the parent additional-manifests zarf package when the issue is resolved.
diff --git a/packages/additional-manifests/pepr-policy-exemptions/tmp-csi-exemption/zarf.yaml b/packages/additional-manifests/pepr-policy-exemptions/tmp-csi-exemption/zarf.yaml
@@ -0,0 +1,17 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json
+
+# TODO -- see README above for details on when to remove
+kind: ZarfPackageConfig
+metadata:
+  name: additional-manifests-2
+  description: "Installs additional needed manifests"
+  architecture: "amd64"
+  version: "0.0.2"
+
+components:
+  - name: pepr-policy-exemptions
+    required: true
+    manifests:
+      - name: pepr-policy-exemptions
+        files:
+          - ../nutanix-csi-exemptions.yaml
diff --git a/packages/additional-manifests/zarf.yaml b/packages/additional-manifests/zarf.yaml
@@ -29,7 +29,8 @@ components:
     manifests:
       - name: pepr-policy-exemptions
         files:
-          - pepr-policy-exemptions/nutanix-csi-exemptions.yaml
+          # TODO -- see README for details
+          # - pepr-policy-exemptions/nutanix-csi-exemptions.yaml
           - pepr-policy-exemptions/metallb-exemptions.yaml
   - name: mattermost-ca-secret
     required: true

diff --git a/packages/init/zarf-config.yaml b/packages/init/zarf-config.yaml
@@ -14,4 +14,4 @@ package:
       registry_image: "library/registry"
       registry_image_tag: "2.8.3"
 
-      gitea_image: "gitea/gitea:1.21.2-rootless"
+      gitea_image: "gitea/gitea:1.21.11-rootless"
diff --git a/packages/init/zarf.yaml b/packages/init/zarf.yaml
@@ -61,16 +61,16 @@ components:
   # Push nutanix csi images to seed-registry
   - name: nutanix-csi-images-initial
     required: true
-    description: Push rook ceph images to the zarf registry
+    description: Push nutanix images to the zarf registry
     images:
-      - registry.k8s.io/sig-storage/snapshot-controller:v6.3.2
-      - registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.3.2
-      - quay.io/karbon/ntnx-csi:v2.6.6
-      - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1
-      - registry.k8s.io/sig-storage/csi-provisioner:v3.6.2
-      - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2
-      - registry.k8s.io/sig-storage/csi-resizer:v1.9.2
-      - registry.k8s.io/sig-storage/livenessprobe:v2.11.0
+      - registry.k8s.io/sig-storage/snapshot-controller:v7.0.2
+      - registry.k8s.io/sig-storage/snapshot-validation-webhook:v7.0.2
+      - quay.io/karbon/ntnx-csi:v2.6.8
+      - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
+      - registry.k8s.io/sig-storage/csi-provisioner:v4.0.1
+      - registry.k8s.io/sig-storage/csi-snapshotter:v7.0.2
+      - registry.k8s.io/sig-storage/csi-resizer:v1.10.1
+      - registry.k8s.io/sig-storage/livenessprobe:v2.12.0
 
   - name: namespaces
     required: true
@@ -123,14 +123,14 @@ components:
     required: true
     description: Push nutanix csi images to the zarf registry
     images:
-      - registry.k8s.io/sig-storage/snapshot-controller:v6.3.2
-      - registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.3.2
-      - quay.io/karbon/ntnx-csi:v2.6.6
-      - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1
-      - registry.k8s.io/sig-storage/csi-provisioner:v3.6.2
-      - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2
-      - registry.k8s.io/sig-storage/csi-resizer:v1.9.2
-      - registry.k8s.io/sig-storage/livenessprobe:v2.11.0
+      - registry.k8s.io/sig-storage/snapshot-controller:v7.0.2
+      - registry.k8s.io/sig-storage/snapshot-validation-webhook:v7.0.2
+      - quay.io/karbon/ntnx-csi:v2.6.8
+      - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
+      - registry.k8s.io/sig-storage/csi-provisioner:v4.0.1
+      - registry.k8s.io/sig-storage/csi-snapshotter:v7.0.2
+      - registry.k8s.io/sig-storage/csi-resizer:v1.10.1
+      - registry.k8s.io/sig-storage/livenessprobe:v2.12.0
       - "###ZARF_PKG_TMPL_REGISTRY_IMAGE_DOMAIN######ZARF_PKG_TMPL_REGISTRY_IMAGE###:###ZARF_PKG_TMPL_REGISTRY_IMAGE_TAG###"
 
   # Creates the pod+git mutating webhook

diff --git a/packages/keycloak-config-wrapper/init-job.yaml b/packages/keycloak-config-wrapper/init-job.yaml
@@ -14,7 +14,7 @@ spec:
       containers:
         - name: uds-config-sync
           # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver 
-          image: ghcr.io/defenseunicorns/uds/identity-config:0.4.2
+          image: ghcr.io/defenseunicorns/uds/identity-config:0.4.3
           command: 
             [
               "sh",

diff --git a/packages/keycloak-config-wrapper/zarf.yaml b/packages/keycloak-config-wrapper/zarf.yaml
@@ -18,7 +18,7 @@ components:
         target: tmp_deploy/zarf.yaml
     images:
       # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver 
-      - "ghcr.io/defenseunicorns/uds/identity-config:0.4.2"
+      - "ghcr.io/defenseunicorns/uds/identity-config:0.4.3"
     actions:
       onDeploy:
         before:

diff --git a/tasks.yaml b/tasks.yaml
@@ -14,6 +14,7 @@ tasks:
       - task: create:namespaces-package
       - task: create:object-store-packages
       - task: create:additional-manifests-package
+      - task: create:additional-manifests-package-2
       - task: create:init-package
       - task: create:bundle
 

diff --git a/tasks/create.yaml b/tasks/create.yaml
@@ -50,6 +50,12 @@ tasks:
     description: Create package create additional manifests needed.
     actions:
       - cmd: ./uds zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+
+  # TODO - remove when multiple exemptions can be applied at once
+  - name: additional-manifests-package-2
+    description: Create package create additional manifests needed.
+    actions:
+      - cmd: ./uds zarf package create ./packages/additional-manifests/pepr-policy-exemptions/tmp-csi-exemption --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: init-package
     description: Create init package with Nutanix CSI driver.