diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 60eca6bce..141f57fab 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -30,4 +30,4 @@ runs: - name: Install UDS CLI shell: bash # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - run: brew install defenseunicorns/tap/uds@0.9.2 + run: brew install defenseunicorns/tap/uds@0.10.4 diff --git a/.github/bundles/infra-bundle/uds-bundle.yaml b/.github/bundles/infra-bundle/uds-bundle.yaml index 8fd9b7257..35efb7b8b 100644 --- a/.github/bundles/infra-bundle/uds-bundle.yaml +++ b/.github/bundles/infra-bundle/uds-bundle.yaml @@ -10,7 +10,7 @@ packages: - name: init repository: ghcr.io/defenseunicorns/packages/init # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - ref: v0.33.1 + ref: v0.33.2 - name: core path: ../../../build/ diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index a14aeda43..5b268d7b6 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -27,10 +27,10 @@ jobs: uses: ./.github/actions/setup - name: Login to GHCR - run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 + run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress - name: Login to registry1 - run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 + run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress - name: (Snapshot) Get snapshot version using git commit short sha and date if: ${{ inputs.snapshot }} @@ -50,15 +50,23 @@ jobs: - name: Create Packages and Bundles run: | ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package --no-progress --set FLAVOR=${{ matrix.flavor }} + uds zarf tools clear-cache ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml k3d-standard-bundle --no-progress + uds zarf tools clear-cache ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml slim-dev-package --no-progress --set FLAVOR=${{ matrix.flavor }} + uds zarf tools clear-cache ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml k3d-slim-dev-bundle --no-progress + uds zarf tools clear-cache if [ "${{ matrix.flavor }}" != "registry1" ]; then ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml standard-package --no-progress --set FLAVOR=${{ matrix.flavor }} + uds zarf tools clear-cache ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml k3d-standard-bundle --no-progress + uds zarf tools clear-cache ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml slim-dev-package --no-progress --set FLAVOR=${{ matrix.flavor }} + uds zarf tools clear-cache ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml k3d-slim-dev-bundle --no-progress + uds zarf tools clear-cache fi # Standard Package by default tests what's in the Istio Package @@ -79,11 +87,11 @@ jobs: - name: Publish Standard Package if: ${{ !inputs.snapshot }} - run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} + run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --no-progress - name: Publish Upstream Flavored Bundles if: ${{ !inputs.snapshot && matrix.flavor != 'registry1' }} - run: uds run -f tasks/publish.yaml bundles + run: uds run -f tasks/publish.yaml bundles --no-progress - name: Publish Exemption CRD Package if: ${{ matrix.flavor == 'upstream' }} @@ -91,11 +99,11 @@ jobs: - name: (Snapshot) Publish Standard Package if: ${{ inputs.snapshot }} - run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}" + run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}" --no-progress - name: (Snapshot) Publish Upstream Flavored Bundles if: ${{ inputs.snapshot && matrix.flavor != 'registry1' }} - run: uds run -f tasks/publish.yaml bundles --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}" + run: uds run -f tasks/publish.yaml bundles --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}" --no-progress - name: Save logs if: always() diff --git a/.github/workflows/pull-request-conditionals.yaml b/.github/workflows/pull-request-conditionals.yaml index ccf8c0edd..d72f8699c 100644 --- a/.github/workflows/pull-request-conditionals.yaml +++ b/.github/workflows/pull-request-conditionals.yaml @@ -36,9 +36,9 @@ jobs: - name: Install UDS CLI shell: bash # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - run: brew install defenseunicorns/tap/uds@0.9.2 + run: brew install defenseunicorns/tap/uds@0.10.4 - name: Run Formatting Checks - run: uds run lint-check + run: uds run lint-check --no-progress # This job checks if there are changes in specific paths source packages. check-paths: diff --git a/.github/workflows/slim-dev-test.yaml b/.github/workflows/slim-dev-test.yaml index cce0b767a..819ed3515 100644 --- a/.github/workflows/slim-dev-test.yaml +++ b/.github/workflows/slim-dev-test.yaml @@ -41,7 +41,7 @@ jobs: - name: Environment setup uses: ./.github/actions/setup - name: Deploy Slim Dev Bundle - run: uds run slim-dev + run: uds run slim-dev --no-progress - name: Debug Output if: ${{ always() }} uses: ./.github/actions/debug-output diff --git a/.github/workflows/test-eks.yaml b/.github/workflows/test-eks.yaml index ea723e93d..1a988b3f2 100644 --- a/.github/workflows/test-eks.yaml +++ b/.github/workflows/test-eks.yaml @@ -41,7 +41,7 @@ jobs: uses: ./.github/actions/setup - name: Install eksctl - run: uds run -f tasks/iac.yaml install-eksctl + run: uds run -f tasks/iac.yaml install-eksctl --no-progress - name: Setup Terraform uses: hashicorp/setup-terraform@v3 @@ -49,17 +49,17 @@ jobs: terraform_version: "1.5.7" - name: Create UDS Core Package - run: ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package + run: ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package --no-progress - name: Create Core Bundle run: uds create .github/bundles/infra-bundle --confirm - name: Create Cluster - run: uds run -f tasks/iac.yaml create-cluster + run: uds run -f tasks/iac.yaml create-cluster --no-progress timeout-minutes: 60 - name: Create IAC - run: uds run -f tasks/iac.yaml create-iac + run: uds run -f tasks/iac.yaml create-iac --no-progress timeout-minutes: 20 - name: Deploy Core Bundle @@ -76,12 +76,12 @@ jobs: - name: Remove IAC if: always() - run: uds run -f tasks/iac.yaml destroy-iac + run: uds run -f tasks/iac.yaml destroy-iac --no-progress timeout-minutes: 10 continue-on-error: true - name: Teardown EKS cluster if: always() - run: uds run -f tasks/iac.yaml destroy-cluster + run: uds run -f tasks/iac.yaml destroy-cluster --no-progress timeout-minutes: 30 continue-on-error: true diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7f233978b..a2c7b08ee 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -51,22 +51,22 @@ jobs: uses: ./.github/actions/setup - name: Login to GHCR - run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 + run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress - name: Login to registry1 - run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 + run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress - name: Test a single source package if: ${{ inputs.package != 'all' && inputs.test_type == 'install' }} - run: uds run test-single-package --set FLAVOR=${{ inputs.flavor }} + run: uds run test-single-package --set FLAVOR=${{ inputs.flavor }} --no-progress - name: Test UDS Core Install if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }} - run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }} + run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }} --no-progress - name: Test UDS Core Upgrade if: ${{ inputs.package == 'all' && inputs.test_type == 'upgrade' }} - run: uds run test-uds-core-upgrade --set FLAVOR=${{ inputs.flavor }} + run: uds run test-uds-core-upgrade --set FLAVOR=${{ inputs.flavor }} --no-progress - name: Debug Output if: ${{ always() }} diff --git a/.vscode/settings.json b/.vscode/settings.json index da5e9a3cd..51a172b8f 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -9,18 +9,18 @@ }, "yaml.schemas": { // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/uds.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [ "uds-bundle.yaml" ], // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/tasks.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [ "tasks.yaml", "tasks/**/*.yaml", "src/**/validate.yaml" ], // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/zarf.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/zarf.schema.json": [ "zarf.yaml" ] }, diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml index 005bff7d2..59962acb5 100644 --- a/bundles/k3d-slim-dev/uds-bundle.yaml +++ b/bundles/k3d-slim-dev/uds-bundle.yaml @@ -31,7 +31,7 @@ packages: - name: init repository: ghcr.io/defenseunicorns/packages/init # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - ref: v0.33.1 + ref: v0.33.2 - name: core-slim-dev path: ../../build/ diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index e3e7111de..2efea9d50 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -31,7 +31,7 @@ packages: - name: init repository: ghcr.io/defenseunicorns/packages/init # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - ref: v0.33.1 + ref: v0.33.2 - name: core path: ../../build/ diff --git a/docs/UDS_CORE_GROUPS.md b/docs/UDS_CORE_GROUPS.md new file mode 100644 index 000000000..34c2579a2 --- /dev/null +++ b/docs/UDS_CORE_GROUPS.md @@ -0,0 +1,37 @@ +# UDS-CORE Groups + +UDS Core deploys Keycloak which has some preconfigured groups that applications inherit from SSO and IDP configurations. + +## Applications +### Grafana +Grafana [maps the groups](https://github.com/defenseunicorns/uds-core/blob/49cb11a058a9209cee7019fa552b8c0b2ef73368/src/grafana/values/values.yaml#L37) from Keycloak to it's internal `Admin` and `Viewer` groups. + +| Keycloak Group | Mapped Grafana Group | +|----------------|----------------------| +| `Admin` | `Admin` | +| `Auditor` | `Viewer` | + +If a user doesn't belong to either of these Keycloak groups the user will be unauthorized when accessing Grafana. + +### Neuvector +Neuvector [maps the groups](https://github.com/defenseunicorns/uds-core/blob/main/src/neuvector/chart/templates/uds-package.yaml#L31-L35) from Keycloak to it's internal `admin` and `reader` groups. + +| Keycloak Group | Mapped Neuvector Group | +|----------------|------------------------| +| `Admin` | `admin` | +| `Auditor` | `reader` | + +## Keycloak +> [!IMPORTANT] +> All groups are under the Uds Core parent group. Frequently a group will be referred to as Uds Core/Admin or Uds Core/Auditor. In the Keycloak UI this requires an additional click to get down to the sub groups. + +### Identity Providers ( IDP ) + +UDS Core ships with a [templated](https://github.com/defenseunicorns/uds-identity-config/blob/main/src/realm.json#L1712-L1813) Google SAML IDP, more documentation to configure the `realmInitEnv` values in [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#customizing-realm). + +Configuring your own IDP can be achieved via: +* Custom uds-identity-config with a templated realm.json + +* Keycloak Admin UI and click ops + +* Custom [realm.json](https://github.com/defenseunicorns/uds-identity-config/blob/main/src/realm.json#L1712-L1813) for direct import in Keycloak diff --git a/packages/slim-dev/zarf.yaml b/packages/slim-dev/zarf.yaml index 21a0db8fe..7945b5104 100644 --- a/packages/slim-dev/zarf.yaml +++ b/packages/slim-dev/zarf.yaml @@ -23,23 +23,24 @@ components: - name: istio-admin-gateway required: true import: - path: ../standard + path: ../../src/istio - name: istio-tenant-gateway required: true import: - path: ../standard + path: ../../src/istio - name: istio-passthrough-gateway required: true import: - path: ../standard + path: ../../src/istio # Pepr the world - name: pepr-uds-core required: true import: - path: ../standard + path: ../../dist + name: module - name: pre-core-exemptions required: true @@ -50,4 +51,4 @@ components: - name: keycloak required: true import: - path: ../standard + path: ../../src/keycloak diff --git a/renovate.json b/renovate.json index 14928c01d..dc2e634fc 100644 --- a/renovate.json +++ b/renovate.json @@ -1,121 +1,36 @@ { - "enabled": true, "extends": [ - ":dependencyDashboard", + "github>defenseunicorns/uds-common//config/renovate.json5", ":semanticCommits", ":semanticCommitTypeAll(chore)" ], - "forkProcessing": "enabled", - "$schema": "https://docs.renovatebot.com/renovate-schema.json", "branchConcurrentLimit": 0, "prConcurrentLimit": 0, "prHourlyLimit": 0, - "rebaseStalePrs": true, - "rebaseWhen": "conflicted", - "commitBodyTable": true, "separateMajorMinor": false, - "suppressNotifications": ["prIgnoreNotification"], + "hostRules": [ + { + "matchHost": "registry1.dso.mil", + "hostType": "docker", + "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted", + "encrypted": { + "username": "wcFMA/xDdHCJBTolAQ/9FXYzgNUO6MJ9crVH8W1p5U8ecnK6yamVOBmKib+9Lu4dtldIzqJBObR8Ctvq+our0VTXbhuCU0AvghJO+Rbjij+sDK3VNL93ojD2Xcd3IHeZhz4U+K2VPIRKHGPTC2mfc9pRZ076hoRqeAPWYrtU3gtNk7ZedMX75+yEuUWax5wS0gIjHnbu/R8fLTadNPbdyRaVGYembtuF8P2hMorCrjAED07UNivnaJaNb6Dj72Bticwqs2gIStoed3S8luzUJIgOOdS9J4Dq3ybkSIWg3+GJQhLyKIhZpgbRQoMbYLQ/z7obT1xX0avXnjobb5rW445R0LXLXj4MokgGo1p5cA+AhP5JEk49w2uutzD3tPZB58edH4USOk4q/9MXNdXzvU5RxOA6ScGeh1JNa+62/N4HA8UtYEudTFOcHkt3xq6h5VKc5k7JbvkCso29wqC8AR5ctBzuLspnzxhPrjm/BcfB/FMnwJE2MbtBxa8R1Z5Hd1DEfsEV57mF7dtV0SIImV+l/4bK/1xz/G9v31u/5DrfkQR6DjAvX8w4zUZE5gHKGsZoeZEFuUc5YQuwdeWEg20Qah4v6rbDfJUzXj9vbyFLMdIomPkuWkNSDzg6oMWCmeQAeL3+ykjsVdoBoJCvHvFEpw4dlrdlnQK1VXsWSX7TTDkRuYKQUKbKIBOWOCXScgFDQwu+f0mUkmFX1MrAojYgfWyZ1hlUDGcsE4pvTWJKP1lHykRM/qPUVh/YXfayh5upYh2MXT44yqMHhyNJE/KlCTp9KXsdflm3kaCAhqEC746IbvBpPjz3DTA7nwLUhDB3K2Zi9t/kIhMQCbV+wI2FgA", + "password": "wcFMA/xDdHCJBTolAQ/6A4VHieAREvIZ35w9tpdLuvCysq3951xcwBD+o5A6QNYz9K5J0X4NDp2NF5FwEeEBgh3CGF7t/jXHdvvFUSo1wnTT0N+XoU4fXta1px9rkZssPWaMmqbmQ+KWXrEo7SMYK4nXBdExtIZ/j8XvjvTZ1apAh+ySW41eAKXbeQC+5I2rjDJegH6hI7kGkQDzmSAoaDX/Nw8seccozzOj9GEGxPbtF1UYJIfG0jZObf0GowXXCtCOEd5QcQQnzILIaiN0tgZgXrQKFehMTboi8rgYLtRI3LIObUjxl7O59q7ZBCkUuyt9nYF14i9PD8IltVdPsTrGpyK/yQMFrjHWkIPGFHZC9dLyjQlhTjMFBYdye9KGfoZHnKR5pXZw7JvCho/PaP3S8y4LXPJa7YHty0wEcP1eWT0b1hapHnsyDEJ22xyCz0hVFeUnXRPj3zSqBzn4+wVPZmxcCwuLNmu28JJ76SNYAf/4hTjlc2+8WasB/C8rNA+ASf+C6SsMMp677JffWXJtfJHgtPGV+gTCBITG7D8pkCVyIdoiGDv503QDiw59YdocEHkIaRw6EzSZ5XFEHz0mbnTZ7HgRYPklsQzVvetEOmctFdZgYZZ1hjVOkWIjiuSR+hDc3IT/TdXEohZxizAZAEmmsli0Q70m2EWJo1tUqxS9soQGKGQc/crIdpHSdgFfBI3gyKZP4ehv1WzYqrWlg1syDgbNllgEJIIBxv+ZI+QMJUF8SdtleMkxE6PYvc1bzpj6nTrM1oahiK8BUKS+cTpXQr1+LneL1mQ/4rSqNQO5ooBweej3Ql0cDNzjahfYc/1AwctQOdjZRpmGUs+RaMezgF8" + } + } + ], "helm-values": { - "fileMatch": ["\\.*\\.ya?ml$"], "ignorePaths": ["src/neuvector/values"] }, - "kubernetes": { - "fileMatch": ["\\.*\\.ya?ml$"] - }, - "regexManagers":[ - { - "depNameTemplate": "defenseunicorns/uds-k3d", - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "# renovate: datasource=github-tags depName=uds-k3d versioning=(?.*?)\n.*?(ref:) (?.*)" - ], - "datasourceTemplate": "github-tags", - "extractVersionTemplate": "^v(?.*)$" - }, - { - "depNameTemplate": "defenseunicorns/uds-identity-config", - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "# renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=(?.*?)\n.*?(identity-config:)(?.*)" - ], - "datasourceTemplate": "github-tags", - "extractVersionTemplate": "^v(?.*)$" - }, - { - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "# renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?.*?)( extractVersion=(?.*?))?\n.*?(version:|ref:) (?.*)" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", - "datasourceTemplate": "github-tags" - }, - { - "fileMatch": [".*(\\.ya?ml|\\.json)$"], - "matchStrings": [ - "https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\/]+\\/[^\\/]+)\\/(?[^\\/]+)" - ], - "versioningTemplate": "semver-coerced", - "datasourceTemplate": "github-tags" - }, - { - "depNameTemplate": "defenseunicorns/uds-cli", - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "# renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?[^\n]+)\n.*?uds@(?.*)" - ], - "datasourceTemplate": "github-tags", - "extractVersionTemplate": "^v(?.*)$" - }, - { - "fileMatch": ["^tasks.ya?ml$", "^tasks/.*\\.ya?ml$", "^\\.vscode/settings\\.json$"], - "matchStrings": [ - "https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\/]+\\/[^\\/]+)\\/(?[^\\/]+)" - ], - "versioningTemplate": "semver-coerced", - "datasourceTemplate": "github-tags" - }, - { - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "- [\"]?(?[^\"\n]*):(?[^\"\n]*)[\"]?" - ], - "datasourceTemplate": "docker" - }, - { - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "# renovate: datasource=docker( versioning=(?.*?))?\n\\s+.+:\\s+(?[^:]+):(?.*)" - ], - "datasourceTemplate": "docker" - }, + "regexManagers": [ { - "fileMatch": ["\\.*\\.ya?ml$"], + "fileMatch": ["^src/neuvector/values/.*\\.yaml$"], "matchStrings": [ - "# renovate: image=(?.*?)\\s*image:\\s.*:(?.*)", - "# renovate: image=(?.*?)\\s*tag:\\s*(?.*)" + "registry:\\s+(?.*?)\n(.|\\s)*repository:\\s+(?.*?)\\s+tag:\\s+[\"]?(?[^\"]*)[\"]?" ], + "registryUrlTemplate": "https://{{{registryUrl}}}", "datasourceTemplate": "docker" }, - { - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "registryUrl=(?.*?)\n *chart: (?.*?)\n *version: (?.*)\n", - "- name: (?.*?)\n *url: (?.*?)\n *version: (?.*)\n", - "- name: (?.*?)\n *version: (?.*)\n *url: (?.*?)\n", - "- name: (?.*?)\n *namespace: .*\n *url: (?.*?)\n *version: (?.*)\n", - "- name: (?.*?)\n *namespace: .*\n *version: (?.*)\n *url: (?.*?)\n" - ], - "datasourceTemplate": "helm" - }, - { - "fileMatch": ["\\.*\\.ya?ml$"], - "matchStrings": [ - "# renovate: datasource=gitlab-tags depName=(?.*?)( versioning=(?.*?))?( registryUrl=(?.*?))?\\s.*?_version:\\s*(?[.*])\\s", - "# renovate: datasource=gitlab-tags depName=(?.*?)( versioning=(?.*?))?( registryUrl=(?.*?))?\\s.*?_version:\\s*['\"](?.*)['\"]\\s" - ], - "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", - "datasourceTemplate": "gitlab-tags" - }, { "fileMatch": ["^src/neuvector/values/upstream-values\\.yaml$"], "matchStrings": [ @@ -131,32 +46,6 @@ ], "depNameTemplate": "registry1.dso.mil/ironbank/neuvector/neuvector/controller", "datasourceTemplate": "docker" - }, - { - "fileMatch": ["^src/neuvector/values/.*\\.yaml$"], - "matchStrings": [ - "registry:\\s+(?.*?)\n(.|\\s)*repository:\\s+(?.*?)\\s+tag:\\s+[\"]?(?[^\"]*)[\"]?" - ], - "registryUrlTemplate": "https://{{{registryUrl}}}", - "datasourceTemplate": "docker" - }, - { - "fileMatch": ["^\\.github/workflows/commitlint\\.yaml$"], - "matchStrings": [ - "npm install --save-dev (?@?.*?)@(?.+)" - ], - "datasourceTemplate": "npm" - } - ], - "hostRules": [ - { - "matchHost": "registry1.dso.mil", - "hostType": "docker", - "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted", - "encrypted": { - "username": "wcFMA/xDdHCJBTolAQ/9FXYzgNUO6MJ9crVH8W1p5U8ecnK6yamVOBmKib+9Lu4dtldIzqJBObR8Ctvq+our0VTXbhuCU0AvghJO+Rbjij+sDK3VNL93ojD2Xcd3IHeZhz4U+K2VPIRKHGPTC2mfc9pRZ076hoRqeAPWYrtU3gtNk7ZedMX75+yEuUWax5wS0gIjHnbu/R8fLTadNPbdyRaVGYembtuF8P2hMorCrjAED07UNivnaJaNb6Dj72Bticwqs2gIStoed3S8luzUJIgOOdS9J4Dq3ybkSIWg3+GJQhLyKIhZpgbRQoMbYLQ/z7obT1xX0avXnjobb5rW445R0LXLXj4MokgGo1p5cA+AhP5JEk49w2uutzD3tPZB58edH4USOk4q/9MXNdXzvU5RxOA6ScGeh1JNa+62/N4HA8UtYEudTFOcHkt3xq6h5VKc5k7JbvkCso29wqC8AR5ctBzuLspnzxhPrjm/BcfB/FMnwJE2MbtBxa8R1Z5Hd1DEfsEV57mF7dtV0SIImV+l/4bK/1xz/G9v31u/5DrfkQR6DjAvX8w4zUZE5gHKGsZoeZEFuUc5YQuwdeWEg20Qah4v6rbDfJUzXj9vbyFLMdIomPkuWkNSDzg6oMWCmeQAeL3+ykjsVdoBoJCvHvFEpw4dlrdlnQK1VXsWSX7TTDkRuYKQUKbKIBOWOCXScgFDQwu+f0mUkmFX1MrAojYgfWyZ1hlUDGcsE4pvTWJKP1lHykRM/qPUVh/YXfayh5upYh2MXT44yqMHhyNJE/KlCTp9KXsdflm3kaCAhqEC746IbvBpPjz3DTA7nwLUhDB3K2Zi9t/kIhMQCbV+wI2FgA", - "password": "wcFMA/xDdHCJBTolAQ/6A4VHieAREvIZ35w9tpdLuvCysq3951xcwBD+o5A6QNYz9K5J0X4NDp2NF5FwEeEBgh3CGF7t/jXHdvvFUSo1wnTT0N+XoU4fXta1px9rkZssPWaMmqbmQ+KWXrEo7SMYK4nXBdExtIZ/j8XvjvTZ1apAh+ySW41eAKXbeQC+5I2rjDJegH6hI7kGkQDzmSAoaDX/Nw8seccozzOj9GEGxPbtF1UYJIfG0jZObf0GowXXCtCOEd5QcQQnzILIaiN0tgZgXrQKFehMTboi8rgYLtRI3LIObUjxl7O59q7ZBCkUuyt9nYF14i9PD8IltVdPsTrGpyK/yQMFrjHWkIPGFHZC9dLyjQlhTjMFBYdye9KGfoZHnKR5pXZw7JvCho/PaP3S8y4LXPJa7YHty0wEcP1eWT0b1hapHnsyDEJ22xyCz0hVFeUnXRPj3zSqBzn4+wVPZmxcCwuLNmu28JJ76SNYAf/4hTjlc2+8WasB/C8rNA+ASf+C6SsMMp677JffWXJtfJHgtPGV+gTCBITG7D8pkCVyIdoiGDv503QDiw59YdocEHkIaRw6EzSZ5XFEHz0mbnTZ7HgRYPklsQzVvetEOmctFdZgYZZ1hjVOkWIjiuSR+hDc3IT/TdXEohZxizAZAEmmsli0Q70m2EWJo1tUqxS9soQGKGQc/crIdpHSdgFfBI3gyKZP4ehv1WzYqrWlg1syDgbNllgEJIIBxv+ZI+QMJUF8SdtleMkxE6PYvc1bzpj6nTrM1oahiK8BUKS+cTpXQr1+LneL1mQ/4rSqNQO5ooBweej3Ql0cDNzjahfYc/1AwctQOdjZRpmGUs+RaMezgF8" - } } ], "packageRules": [ diff --git a/src/keycloak/chart/Chart.yaml b/src/keycloak/chart/Chart.yaml index d4bc34da5..c805831f7 100644 --- a/src/keycloak/chart/Chart.yaml +++ b/src/keycloak/chart/Chart.yaml @@ -1,6 +1,7 @@ apiVersion: v2 name: keycloak -version: 24.0.3 +# renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver +version: 24.0.4 description: Open Source Identity and Access Management For Modern Applications and Services keywords: - sso diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml index a544a2cbd..36f6163b5 100644 --- a/src/keycloak/chart/values.yaml +++ b/src/keycloak/chart/values.yaml @@ -2,12 +2,12 @@ image: # The Keycloak image repository repository: quay.io/keycloak/keycloak # Overrides the Keycloak image tag whose default is the chart appVersion - tag: "24.0.3" + tag: "24.0.4" # The Keycloak image pull policy pullPolicy: IfNotPresent # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver -configImage: ghcr.io/defenseunicorns/uds/identity-config:0.4.2 +configImage: ghcr.io/defenseunicorns/uds/identity-config:0.4.3 # The public domain name of the Keycloak server domain: "###ZARF_VAR_DOMAIN###" diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml index cc58fbead..848d8a94b 100644 --- a/src/keycloak/common/zarf.yaml +++ b/src/keycloak/common/zarf.yaml @@ -9,7 +9,8 @@ components: charts: - name: keycloak namespace: keycloak - version: 24.0.3 + # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver + version: 24.0.4 localPath: ../chart actions: onDeploy: diff --git a/src/keycloak/tasks.yaml b/src/keycloak/tasks.yaml index 852eebacc..ae546c678 100644 --- a/src/keycloak/tasks.yaml +++ b/src/keycloak/tasks.yaml @@ -1,5 +1,5 @@ includes: - - config: https://raw.githubusercontent.com/defenseunicorns/uds-identity-config/v0.4.2/tasks.yaml + - config: https://raw.githubusercontent.com/defenseunicorns/uds-identity-config/v0.4.3/tasks.yaml tasks: - name: validate diff --git a/src/keycloak/values/registry1-values.yaml b/src/keycloak/values/registry1-values.yaml index dd2aa398b..d4844b23c 100644 --- a/src/keycloak/values/registry1-values.yaml +++ b/src/keycloak/values/registry1-values.yaml @@ -1,6 +1,6 @@ image: repository: registry1.dso.mil/ironbank/opensource/keycloak/keycloak - tag: "24.0.3" + tag: "24.0.4" podSecurityContext: fsGroup: 2000 securityContext: diff --git a/src/keycloak/values/upstream-values.yaml b/src/keycloak/values/upstream-values.yaml index 819f5df48..b7f466007 100644 --- a/src/keycloak/values/upstream-values.yaml +++ b/src/keycloak/values/upstream-values.yaml @@ -2,4 +2,4 @@ podSecurityContext: fsGroup: 1000 image: repository: quay.io/keycloak/keycloak - tag: "24.0.3" + tag: "24.0.4" diff --git a/src/keycloak/zarf.yaml b/src/keycloak/zarf.yaml index 91cb9cb3b..7a38b6922 100644 --- a/src/keycloak/zarf.yaml +++ b/src/keycloak/zarf.yaml @@ -20,8 +20,8 @@ components: valuesFiles: - "values/upstream-values.yaml" images: - - quay.io/keycloak/keycloak:24.0.3 - - ghcr.io/defenseunicorns/uds/identity-config:0.4.2 + - quay.io/keycloak/keycloak:24.0.4 + - ghcr.io/defenseunicorns/uds/identity-config:0.4.3 - name: keycloak required: true @@ -36,5 +36,5 @@ components: valuesFiles: - "values/registry1-values.yaml" images: - - registry1.dso.mil/ironbank/opensource/keycloak/keycloak:24.0.3 - - ghcr.io/defenseunicorns/uds/identity-config:0.4.2 + - registry1.dso.mil/ironbank/opensource/keycloak/keycloak:24.0.4 + - ghcr.io/defenseunicorns/uds/identity-config:0.4.3 diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index 48b8971b2..d458e6083 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -15,7 +15,7 @@ tasks: description: "path to uds-config to use" actions: - description: "Deploy the UDS Core Standard Bundle" - cmd: UDS_CONFIG=$INPUT_CONFIG uds deploy bundles/k3d-standard/uds-bundle-k3d-core-demo-${UDS_ARCH}-${VERSION}.tar.zst --set=uds-k3d-dev.K3D_IMAGE=${K3D_IMAGE} --confirm --no-progress + cmd: UDS_CONFIG=$INPUT_CONFIG uds deploy bundles/k3d-standard/uds-bundle-k3d-core-demo-${UDS_ARCH}-${VERSION}.tar.zst --set=uds-k3d-dev.K3D_IMAGE=${K3D_IMAGE} --confirm --no-progress --no-tea - name: k3d-slim-dev-bundle inputs: @@ -24,7 +24,7 @@ tasks: description: "path to uds-config to use" actions: - description: "Deploy the UDS Core Slim Dev Only Bundle" - cmd: UDS_CONFIG=$INPUT_CONFIG uds deploy bundles/k3d-slim-dev/uds-bundle-k3d-core-slim-dev-${UDS_ARCH}-${VERSION}.tar.zst --set=uds-k3d-dev.K3D_IMAGE=${K3D_IMAGE} --confirm --no-progress + cmd: UDS_CONFIG=$INPUT_CONFIG uds deploy bundles/k3d-slim-dev/uds-bundle-k3d-core-slim-dev-${UDS_ARCH}-${VERSION}.tar.zst --set=uds-k3d-dev.K3D_IMAGE=${K3D_IMAGE} --confirm --no-progress --no-tea - name: single-package actions: diff --git a/tasks/setup.yaml b/tasks/setup.yaml index 5e13c8660..8f20e3750 100644 --- a/tasks/setup.yaml +++ b/tasks/setup.yaml @@ -11,4 +11,4 @@ tasks: - description: "Initialize the cluster with Zarf" # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - cmd: "uds zarf package deploy oci://defenseunicorns/init:v0.32.3 --confirm --no-progress" + cmd: "uds zarf package deploy oci://defenseunicorns/init:v0.33.2 --confirm --no-progress" diff --git a/tasks/test.yaml b/tasks/test.yaml index f91f6d74c..1a9ff4519 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -28,11 +28,11 @@ tasks: description: "Build and test UDS Core" actions: - task: create:standard-package - - task: create:slim-dev-package - task: create:k3d-standard-bundle - task: deploy:k3d-standard-bundle with: config: .github/bundles/exemption/uds-config.yaml + - cmd: uds zarf tools clear-cache - task: validate-packages - name: uds-core-upgrade @@ -42,4 +42,5 @@ tasks: - task: deploy:latest-package-release - task: create:standard-package - task: deploy:standard-package + - cmd: uds zarf tools clear-cache - task: validate-packages